summaryrefslogtreecommitdiffstats
path: root/client/components
diff options
context:
space:
mode:
authorLauri Ojansivu <x@xet7.org>2020-03-01 20:59:53 +0200
committerLauri Ojansivu <x@xet7.org>2020-03-01 20:59:53 +0200
commitaac7c380c8c389b0683b2bd64e2cc856993f0e30 (patch)
tree8d76eeb0202a1ae456e7d96c3ee59b83cfb77094 /client/components
parentfc35c234a78fb2137f0f78a3a6f353c46734ed72 (diff)
downloadwekan-aac7c380c8c389b0683b2bd64e2cc856993f0e30.tar.gz
wekan-aac7c380c8c389b0683b2bd64e2cc856993f0e30.tar.bz2
wekan-aac7c380c8c389b0683b2bd64e2cc856993f0e30.zip
- Fix critical and moderate security vulnerabilities reported at 2020-02-26 with
responsible disclosure by [Dejan Zelic](https://twitter.com/dejandayoff), Justin Benjamin and others at [Offensive Security](https://twitter.com/offsectraining), that follow standard 90 days before public disclosure. Thanks to xet7. - Fix webhook error that prevented some card etc deleting from web UI of board. Thanks to xet7. - Add some more Font Awesome icons. Thanks to xet7. - Remove autofocus from many form input boxes so that they would not cause warnings. Thanks to xet7.
Diffstat (limited to 'client/components')
-rw-r--r--client/components/settings/peopleBody.jade4
-rw-r--r--client/components/sidebar/sidebar.jade9
2 files changed, 8 insertions, 5 deletions
diff --git a/client/components/settings/peopleBody.jade b/client/components/settings/peopleBody.jade
index ca4bc382..fef1067e 100644
--- a/client/components/settings/peopleBody.jade
+++ b/client/components/settings/peopleBody.jade
@@ -110,7 +110,7 @@ template(name="editUserPopup")
label.hide.userId(type="text" value=user._id)
label
| {{_ 'fullname'}}
- input.js-profile-fullname(type="text" value=user.profile.fullname autofocus)
+ input.js-profile-fullname(type="text" value=user.profile.fullname)
label
| {{_ 'username'}}
span.error.hide.username-taken
@@ -159,7 +159,7 @@ template(name="newUserPopup")
//label.hide.userId(type="text" value=user._id)
label
| {{_ 'fullname'}}
- input.js-profile-fullname(type="text" value="" autofocus)
+ input.js-profile-fullname(type="text" value="")
label
| {{_ 'username'}}
span.error.hide.username-taken
diff --git a/client/components/sidebar/sidebar.jade b/client/components/sidebar/sidebar.jade
index ebcd8486..f0b0e4be 100644
--- a/client/components/sidebar/sidebar.jade
+++ b/client/components/sidebar/sidebar.jade
@@ -245,7 +245,7 @@ template(name="outgoingWebhooksPopup")
b &nbsp;
.materialCheckBox(class="{{#unless enabled}}is-checked{{/unless}}")
input.js-outgoing-webhooks-title(placeholder="{{_ 'webhook-title'}}" type="text" name="title" value=title)
- input.js-outgoing-webhooks-url(type="text" name="url" value=url autofocus)
+ input.js-outgoing-webhooks-url(type="text" name="url" value=url)
input.js-outgoing-webhooks-token(placeholder="{{_ 'webhook-token' }}" type="text" value=token name="token")
select.js-outgoing-webhooks-type(name="type")
each _type in types
@@ -257,7 +257,7 @@ template(name="outgoingWebhooksPopup")
input(type="hidden" value=_id name="id")
input.primary.wide(type="submit" value="{{_ 'save'}}")
form.integration-form
- input.js-outgoing-webhooks-title(placeholder="{{_ 'webhook-title'}}" type="text" name="title" autofocus)
+ input.js-outgoing-webhooks-title(placeholder="{{_ 'webhook-title'}}" type="text" name="title")
input.js-outgoing-webhooks-url(placeholder="{{_ 'URL' }}" type="text" name="url")
input.js-outgoing-webhooks-token(placeholder="{{_ 'webhook-token' }}" type="text" name="token")
select.js-outgoing-webhooks-type(name="type")
@@ -267,7 +267,10 @@ template(name="outgoingWebhooksPopup")
template(name="boardMenuPopup")
ul.pop-over-list
- li: a.js-custom-fields {{_ 'custom-fields'}}
+ li
+ a.js-custom-fields
+ i.fa.fa-list-alt
+ | {{_ 'custom-fields'}}
li
a.js-open-archives
i.fa.fa-archive