fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-11 23:01:41 +09:00
Code Issues Projects Releases Packages Wiki Activity
20675 commits 4 branches 212 tags 117 MiB
Commit graph

561 commits

Author SHA1 Message Date
conory
6e9e9e9171 회원 서명에도 convertHTML() 적용 2017-07-13 18:25:06 +09:00
conory
da0ad3bd39 에디터 모듈에 HTML 허용 설정 추가 
회원 모듈에도 no html 서명을 위한 옵션 추가
 2017-07-13 00:46:28 +09:00
Kijin Sung
701a6c88d8 Add triggers after updateMemberEmailAddress 2017-07-07 17:40:21 +09:00
Kijin Sung
071424e05d Add triggers before and after procMemberAuthAccount 2017-07-07 01:02:59 +09:00
Kijin Sung
0920172c1e Fix inconsistent assignment of sender address in member emails 2017-06-29 17:26:07 +09:00
Kijin Sung
0399a50965 Fix outdated comment on security key 2017-06-12 15:40:49 +09:00
Kijin Sung
4ffecbb7ee Remove outdated condition 2017-06-12 15:40:06 +09:00
bnu
007639ff84 fix #2106 모듈 접근 권한이 없을 때 게시물을 스크랩할 수 있는 문제 고침 2017-06-09 15:29:15 +09:00
bnu
9739b72bf8 fix #2091 권한이 없는 비밀글을 스크랩할 수 없도록 고침 2017-05-30 12:01:30 +09:00
Kijin Sung
32feb51236 Fix #740 when using object cache 2017-03-06 19:39:36 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
a67a78ebba Use local variable instead of class property to handle member info 
회원정보를 다룰 때 너도나도 $this->memberInfo를 덮어쓰기 때문에
이게 도대체 어디서 온 변수인지 신뢰할 수가 없음.
심지어 로그인에 실패해도 $this->memberInfo는 그대로 남아 있음.

잘못 사용할 경우 심각한 보안 문제가 발생할 수 있으므로
클래스 속성을 공유하지 않고 각 메소드에서 로컬 변수만 사용하도록 변경함.
회원정보를 반드시 서로 공유해야 하는 경우 Context::get('logged_info')를 사용함.
 2017-03-03 00:59:42 +09:00
Kijin Sung
7510cdf2e1 Fix autologin failing on third visit 2017-03-02 21:17:49 +09:00
Kijin Sung
34c11c4344 Fix use of undefined variable 2017-02-28 16:41:17 +09:00
Kijin Sung
d074e5e9b5 Increase security of autologin keys 2017-02-27 15:55:04 +09:00
Kijin Sung
f3a43d071e Fix vulnerability in procMemberDeleteSavedDocument 2017-02-25 15:08:42 +09:00
Kijin Sung
d4353fa8d2 Change default editor colorset in other modules to moono-lisa 2017-02-16 01:26:08 +09:00
Kijin Sung
48db8bf660 Fix #709 invalid update of autologin security keys 2017-02-16 00:06:29 +09:00
Kijin Sung
31623842ba Fix logout bug in admin module 2017-02-11 21:41:21 +09:00
Kijin Sung
d495ce5804 Call setSessionInfo() after login, not before 2017-02-11 20:55:40 +09:00
Kijin Sung
00850bc95d Add admin screen to choose which member menu items to display 2017-02-11 15:36:33 +09:00
Kijin Sung
4b342a2d9c Merge branch 'develop' into pr/own-comments 2017-02-11 14:28:45 +09:00
Kijin Sung
b32ae03396 Fix session variables being reset to an empty string 2017-02-11 14:15:38 +09:00
Kijin Sung
a85c3ccb01 Initial implementation of view comment screen 2017-02-10 22:17:29 +09:00
Kijin Sung
07da55ba8e Fix loophole for duplicate nickname using invisible Unicode characters 
cf. xpressengine/xe-core#2025
 2017-02-10 22:01:10 +09:00
Kijin Sung
5f7b4837dc Add more safeguards for the possibility of an empty member_srl 2017-02-10 20:59:17 +09:00
Kijin Sung
dfdbc1db85 Add session helper class and move remainder of session validation logic to Session class 2017-02-10 20:50:38 +09:00
Kijin Sung
14d464da22 Remove unnecessary xe_logged cookie 2017-02-10 20:02:21 +09:00
Kijin Sung
3be0e79abb Improve session invalidation routines 2017-02-09 00:34:01 +09:00
Kijin Sung
c7d8d84500 Add option to invalidate other sessions on password change 
Feature request in https://www.xetown.com/lakepark/345786
 2017-02-09 00:06:32 +09:00
Kijin Sung
bdb10d57c5 Miscellaneous fixes to session handling 2017-02-08 21:35:00 +09:00
Kijin Sung
07708195fb Add login management screen to simple_world skin, too 2017-02-08 20:01:16 +09:00
Kijin Sung
8afddb8b5e Implement login management screen in default member skin 2017-02-08 18:07:19 +09:00
Kijin Sung
b0b416b823 Fix autologin table structure and add user agent data 2017-02-08 17:12:46 +09:00
Kijin Sung
2af90c8e1d Implement autologin in the Session class 2017-02-08 17:08:31 +09:00
Kijin Sung
483ac84796 Merge branch 'develop' into pr/session-class 2017-02-07 22:13:08 +09:00
Kijin Sung
607e9357c2 Merge pull request #686 from kijin/pr/delete-empty-folders 
빈 폴더 자동 삭제 및 일괄 삭제
 2017-02-05 22:57:02 +09:00
Kijin Sung
f193b8380d Fix User description set to null when modify info 
xpressengine/xe-core#2009 by Xvezda
 2017-02-02 13:20:10 +09:00
Kijin Sung
3d82a21c16 Clear empty directories when deleting member info 2017-01-26 18:29:44 +09:00
Kijin Sung
5d4f8b5b47 Fix #648 respect new member's allow_message setting 2016-12-15 01:22:17 +09:00
conory
5e5c2d918a 가입이나 회원 정보 수정시 생일이 없으면 자동으로 오늘 날짜가 입력되는 문제 수정 2016-12-07 00:16:56 +09:00
Kijin Sung
40c43e8fa0 Revert "fix #1978 회원정보의 서명에서 발생할 수 있는 취약점 해결" 
This reverts commit 0765c73d04.

See: xpressengine/xe-core#1979
 2016-10-28 16:27:48 +09:00
bnu
0765c73d04 fix #1978 회원정보의 서명에서 발생할 수 있는 취약점 해결 2016-10-28 14:26:03 +09:00
Kijin Sung
92384dca1d Fix #606 apply profile image size limit to GIF as well 2016-10-22 21:35:37 +09:00
Kijin Sung
c61316b3da Fix compatibility with xe_logged cookie state 2016-10-05 16:48:40 +09:00
Kijin Sung
d07bd15b80 Integrate session class with Context class and Member module 2016-08-15 21:49:17 +09:00
Kijin Sung
9700b8f593 Display reason for temporary limits on members 2016-07-14 22:33:37 +09:00
Kijin Sung
eb895f76cd Do not rollback if an 'after' trigger returns error 2016-05-14 20:24:45 +09:00
Kijin Sung
3b8db58954 Merge branch 'develop' into pr/cache-refactor 
Conflicts:
	modules/ncenterlite/ncenterlite.controller.php
 2016-04-23 11:25:32 +09:00
conory
2e6e11b1a9 로그인 정보없이 회원메뉴가 추가되는 거 방지 2 2016-04-19 19:08:40 +09:00