fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-12 15:21:40 +09:00
Code Issues Projects Releases Packages Wiki Activity
15795 commits 4 branches 212 tags 117 MiB
Commit graph

1639 commits

Author SHA1 Message Date
Kijin Sung
f0d52f8a91 Fix escaped XML content: cf. xpressengine/xe-core#2042 2017-04-10 10:06:34 +09:00
Kijin Sung
8147044802 Fix toBool() and add more test cases 2017-04-08 22:02:03 +09:00
Kijin Sung
f73580945d Remove unnecessary polyfill for hex2bin() 2017-04-08 21:57:34 +09:00
Kijin Sung
0777a66703 Fix incorrect detection of form method if there is an input tag with the name 'method' 2017-04-01 22:07:38 +09:00
Kijin Sung
c41ded3124 Fix #773 no refresh after redirect() when not using mod_rewrite 2017-03-24 16:33:24 +09:00
Kijin Sung
97047d1279 Add list of reserved words #763 2017-03-23 19:43:49 +09:00
Kijin Sung
b0bf971cee Fix default URL and other relative paths when invoked on the CLI 2017-03-23 18:56:46 +09:00
Kijin Sung
df59e541c9 Skip diagnostic CSRF warning if the user is not logged in 2017-03-13 16:41:57 +09:00
Kijin Sung
9a34341759 Populate CSRF token in some non-member requests as well 2017-03-13 16:41:08 +09:00
Kijin Sung
a3ef122b57 Merge branch 'develop' into pr/csrf-token 2017-03-13 16:35:24 +09:00
Kijin Sung
a2e326a419 Always set xeVid to null 2017-03-13 15:40:03 +09:00
Kijin Sung
1feb506b3c Remove vid from URL rewrite list 2017-03-13 14:54:50 +09:00
Kijin Sung
79f29b3372 Implement multidomain settings 2017-03-13 13:47:07 +09:00
Kijin Sung
a984665efc Implement default timezone for domains 2017-03-13 12:51:24 +09:00
Kijin Sung
bb11f2d000 Blacklist multidomain module and add missing explanations 2017-03-13 11:35:58 +09:00
Kijin Sung
beee2165fb Update session class to use getDefaultDomainInfo() for SSO 2017-03-13 11:35:37 +09:00
Kijin Sung
4257edf7fa Implement saving favicon, mobicon, and default image for domain 2017-03-12 22:55:57 +09:00
Kijin Sung
2e5ffa7dea Merge branch 'develop' into pr/multidomain 2017-03-08 20:12:15 +09:00
Kijin Sung
f23d52d94d Version 1.8.34 2017-03-08 19:32:18 +09:00
Kijin Sung
fc77980c39 Merge branch 'develop' into pr/multidomain 2017-03-07 15:43:25 +09:00
Kijin Sung
89255d0281 Initial implementation of CSRF token enforcement in Security class 2017-03-06 15:54:56 +09:00
Kijin Sung
b8569aa5ab Fix missing semicolon 2017-03-06 15:43:40 +09:00
Kijin Sung
11afa4db42 Add CSRF token to all dynamic forms 2017-03-06 15:37:18 +09:00
Kijin Sung
e82e3fb18c Implement isSameOrigin() to simplify origin determination 2017-03-06 15:11:45 +09:00
Kijin Sung
14300cbcc3 Insert CSRF token into every AJAX request 2017-03-06 14:47:42 +09:00
Kijin Sung
6afa7b3255 Merge branch 'develop' into pr/csrf-token 2017-03-06 14:34:35 +09:00
Kijin Sung
ef202542c1 Version 1.8.33 2017-03-06 14:11:41 +09:00
Kijin Sung
701f4b5e07 Prevent loading the autoloder more than once 2017-03-06 14:11:30 +09:00
Kijin Sung
b3fb993f73 Insert CSRF token in all AJAX requests via exec_xml(), exec_json(), exec_html() 
일단 공식적으로 지원하는 AJAX 함수 3종에 CSRF 토큰을 삽입해 본다.
추후 체크 방식을 변경하거나 보안을 더욱 강화할 경우 X-CSRF-Token 헤더와 비교할 수도 있다.
일반 폼 제출이나 임의의 AJAX 요청에도 CSRF 토큰을 삽입하는 것은 다음 커밋에...
 2017-03-06 11:51:38 +09:00
Kijin Sung
e2511a0269 Insert CSRF token using meta tag in common_layout.html 
<body> 태그의 속성이나 그 밖의 태그를 사용하지 않는 이유는
<body>가 로딩되기 전에 먼저 AJAX 요청을 시도하는 서드파티 자료가 있기 때문이다.
<head> 상단에 CSRF 토큰을 넣어야 이런 자료에서도 토큰이 누락되지 않는다.

다른 CSM나 프레임워크들도 <head> 상단에 <meta> 태그를 사용하여
CSRF 토큰을 삽입하는 사례가 많으며, csrf-token은 이런 용도로
WHATWG에 공식적으로 등록된 meta name이다.

cf. https://wiki.whatwg.org/wiki/MetaExtensions
 2017-03-06 11:46:37 +09:00
Kijin Sung
a0f2388842 Add Session::getGenericToken() for general-purpose token handling 2017-03-06 11:24:09 +09:00
Kijin Sung
387dd1f78b Fix #741 do not allow empty HTML content in document and comment 2017-03-06 10:50:06 +09:00
Kijin Sung
5bd5044126 Improve referer checks in Session::checkSSO() 2017-03-04 22:15:46 +09:00
Kijin Sung
af7309b807 Consistently use new domain system for URL::isInternalUrl() and checkCSRF() 2017-03-04 22:09:45 +09:00
Kijin Sung
8cf3d7b520 Update SSO mechanism to use new domain system 2017-03-04 22:05:16 +09:00
Kijin Sung
8d53304e71 Merge branch 'develop' into pr/multidomain 2017-03-04 16:12:31 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
210b6b4147 Merge branch 'develop' into pr/multidomain 2017-03-01 21:50:51 +09:00
MinSoo Kim
76aebe0653 Clean up description page codes... We need translators.. 2017-03-01 20:05:59 +09:00
MinSoo Kim
fe1076795d SSL 인증서에 대한 설명 강화, 추천 설정 표시 
https://github.com/rhymix/rhymix/issues/706 관련
 2017-02-28 22:22:46 +09:00
Kijin Sung
0fb30425a0 Version 1.8.32 2017-02-27 16:30:08 +09:00
Kijin Sung
ca24533ad9 Update recommended nginx configuration 2017-02-27 16:26:11 +09:00
Kijin Sung
aa879e7326 Improve HTMLFilter handling of editor component properties 2017-02-25 17:37:58 +09:00
Kijin Sung
24c29cfbdb Version 1.8.31 2017-02-25 15:35:16 +09:00
Kijin Sung
1974f21482 Version 1.8.30 2017-02-23 16:11:06 +09:00
Kijin Sung
8ad6f40abd Enable ztime() function to process Unix timestamps 2017-02-22 20:20:55 +09:00
Kijin Sung
fdf568bbb2 Update URL::isInternalURL() 2017-02-20 21:53:00 +09:00
Kijin Sung
aae4d884c1 Add homepage (CafeXE) module to blacklist 2017-02-20 21:23:31 +09:00
Kijin Sung
fbe47e0610 Remove temporary list of override domains in Session class 2017-02-18 22:57:39 +09:00
Kijin Sung
a305745aa5 Automatically insert video when iframe source is pasted into editor 2017-02-18 17:04:07 +09:00