Conversation
* remove buildWhere with the SQL injection * remove buildWhere with the SQL injection
to escape the configured path. Also wrap error message in htmlspecialchars. Co-authored-by: Dave MacFarlane <dave.macfarlane@mcin.ca>
Co-authored-by: Dave MacFarlane <dave.macfarlane@mcin.ca>
The webpack config is incorrectly only copying one (production or dev) version of react to htdocs. This causes the login page to stop loading based on the sandbox flag, which may be trying to load one or the other. The decision to copy or not in webpack is based on a NODE_ENV environment variable which is not used or documented anywhere in LORIS, and LORIS may dynamically choose one or the other based on the configuration variable which can be changed without recompiling. Go back to copying both so that LORIS will load regardless of the sandbox flag. Fixes aces#10425 Fixes aces#10400
* [security- document_repository] Adds BackEnd per site validation to match FrontEnd. * Keeps 27 and 28 release compatibility. --------- Co-authored-by: lorisadmin <rolando.acosta@mcin.ca>
* Fix help content output * Set content-type: json to ajax help response * Remove extra line * Add file_exists check
* [security - publication] Takes loris URL from server side, not from the form POST. * Takes out the reference to the direct link from templates. --------- Co-authored-by: lorisadmin <rolando.acosta@mcin.ca>
* [media] Permissions fix * Revert "Delete modules/media directory" This reverts commit c009e9f8275db6f2777a8d3937d58e2d65e8b6f6.
* [media] Fix permissions on load * Remove ability to see all files from FileUpload * Fix download permission check and edit * CandID conversion
Co-authored-by: Dave MacFarlane <dave.macfarlane@mcin.ca>
* login redirect fix * url redirect - string and trim
Merge 27 to 28
github-actions
bot
added
Language: PHP
added 2 commits
April 8, 2026 14:10
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Push changes from the 28.0.1 release into the main loris branch.