fanbinit/rhymix

mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-12 07:11:42 +09:00

Author	SHA1	Message	Date
Kijin Sung	e423cba24d	Use Origin header before Referer to check CSRF OWASP에서는 Referer 헤더보다 Origin 헤더를 먼저 체크하는 것을 권장합니다. Referer가 비어 있는 경우에도 Origin 헤더에는 유용한 정보가 들어 있을 수 있기 때문입니다. https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html	2021-02-23 16:51:46 +09:00
Kijin Sung	af64ae79c1	Rename checkXEE() to checkXXE()	2018-10-18 14:21:08 +09:00
Kijin Sung	d7a3e1bc26	Fix unit tests that don't work in PHP 7.2	2017-12-09 03:00:51 +09:00
Kijin Sung	2822191271	Fix CSRF check for GET requests	2017-04-23 14:51:41 +09:00
Kijin Sung	d62756dcd5	Fix unit tests to ignore user warnings during CSRF test	2017-03-06 16:02:50 +09:00
Kijin Sung	89255d0281	Initial implementation of CSRF token enforcement in Security class	2017-03-06 15:54:56 +09:00
Kijin Sung	bc6907dccf	Update unit test for Security::checkCSRF()	2016-09-25 12:37:34 +09:00
Kijin Sung	44a34229fb	Fix failing unit test in HHVM	2016-08-02 16:48:46 +09:00
Kijin Sung	2822a1d3e1	Add unit tests for signature creation and verification routines	2016-08-02 16:35:46 +09:00
Kijin Sung	ca7a7b64ea	Use a more realistic server environment in unit tests	2016-03-16 09:13:31 +09:00
Kijin Sung	ddab5ce8d8	Fix unit tests for Security::getRandomNumber()	2016-03-13 22:11:30 +09:00
Kijin Sung	647bc7c112	Implement new Password class and related unit tests	2016-03-13 22:08:56 +09:00
Kijin Sung	90dcc4a2e8	Implement encryption, decryption, and CSPRNG in Security class	2016-03-13 20:40:23 +09:00
Kijin Sung	143b65e840	Perform tag filtering after HTMLPurifier is done with the content	2016-03-12 22:18:33 +09:00
Kijin Sung	f577b456ec	Absorb removeSrcHack() into HTMLFilter postprocessing method	2016-03-12 22:15:55 +09:00
Kijin Sung	b693c8cdad	Add unit tests for Security and URL classes	2016-03-12 19:44:05 +09:00
Kijin Sung	e405fc69ac	Update unit tests	2016-03-11 15:36:36 +09:00

17 commits