fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity
15901 commits 3 branches 212 tags 117 MiB
Commit graph

328 commits

Author SHA1 Message Date
Kijin Sung
8c797aaba1 Pass through crypto exceptions 2017-05-07 15:29:21 +09:00
Kijin Sung
2822191271 Fix CSRF check for GET requests 2017-04-23 14:51:41 +09:00
Kijin Sung
df59e541c9 Skip diagnostic CSRF warning if the user is not logged in 2017-03-13 16:41:57 +09:00
Kijin Sung
a3ef122b57 Merge branch 'develop' into pr/csrf-token 2017-03-13 16:35:24 +09:00
Kijin Sung
a984665efc Implement default timezone for domains 2017-03-13 12:51:24 +09:00
Kijin Sung
beee2165fb Update session class to use getDefaultDomainInfo() for SSO 2017-03-13 11:35:37 +09:00
Kijin Sung
4257edf7fa Implement saving favicon, mobicon, and default image for domain 2017-03-12 22:55:57 +09:00
Kijin Sung
89255d0281 Initial implementation of CSRF token enforcement in Security class 2017-03-06 15:54:56 +09:00
Kijin Sung
a0f2388842 Add Session::getGenericToken() for general-purpose token handling 2017-03-06 11:24:09 +09:00
Kijin Sung
5bd5044126 Improve referer checks in Session::checkSSO() 2017-03-04 22:15:46 +09:00
Kijin Sung
af7309b807 Consistently use new domain system for URL::isInternalUrl() and checkCSRF() 2017-03-04 22:09:45 +09:00
Kijin Sung
8cf3d7b520 Update SSO mechanism to use new domain system 2017-03-04 22:05:16 +09:00
Kijin Sung
8d53304e71 Merge branch 'develop' into pr/multidomain 2017-03-04 16:12:31 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
210b6b4147 Merge branch 'develop' into pr/multidomain 2017-03-01 21:50:51 +09:00
Kijin Sung
aa879e7326 Improve HTMLFilter handling of editor component properties 2017-02-25 17:37:58 +09:00
Kijin Sung
fdf568bbb2 Update URL::isInternalURL() 2017-02-20 21:53:00 +09:00
Kijin Sung
fbe47e0610 Remove temporary list of override domains in Session class 2017-02-18 22:57:39 +09:00
Kijin Sung
cbc0197be6 Fix data-file-srl attribute being deleted by HTMLFilter 2017-02-17 21:45:03 +09:00
Kijin Sung
5c8a41a655 Fix PHP warning 2017-02-17 21:38:03 +09:00
Kijin Sung
2582ef2100 More thoroughly delete conflicting cookies 2017-02-17 21:09:57 +09:00
Kijin Sung
64f0d5cb45 Remove Android Chrome from buggy user-agent list 2017-02-17 20:24:13 +09:00
Kijin Sung
51acad706e Remove unnecessary regex replacement 2017-02-17 20:15:56 +09:00
Kijin Sung
50410ec482 Delete conflicting wildcard cookies from subdomain 2017-02-17 19:44:01 +09:00
Kijin Sung
780034d4ee Do not explicitly set the domain for session cookies 2017-02-17 19:33:05 +09:00
Kijin Sung
cbae2c374e Use meta refresh instead of 302 redirect on new session 
Attempting to fix missing session cookie in some versions of Android webview and Chrome.
This may or may not be of any use, but why not try?

See https://bugs.chromium.org/p/chromium/issues/detail?id=150066
 2017-02-16 11:53:27 +09:00
Kijin Sung
6b0dd6c192 Standardize password hashing work factor to 10 by default 2017-02-15 11:34:39 +09:00
Kijin Sung
b43c653186 Add options to control session keys and SSL-only attribute 2017-02-14 13:37:30 +09:00
Kijin Sung
dea757cfb7 Do not refresh session keys over POST 2017-02-13 17:49:27 +09:00
Kijin Sung
a6fee16b68 Extend detection of buggy user agents that cannot handle session keys 2017-02-13 17:28:04 +09:00
Kijin Sung
9c96dc04bc Remove debugging code 2017-02-13 16:54:25 +09:00
Kijin Sung
aeb42891b0 Do not check security keys if session was started on Android webview 2017-02-13 16:53:30 +09:00
Kijin Sung
ba925150a3 Quash www subdomain to prevent duplicate sessions 2017-02-13 13:55:47 +09:00
Kijin Sung
4a4612938a Show warning when a session is discarded due to invalid keys 2017-02-12 23:12:53 +09:00
Kijin Sung
1a0e49dcfb Change method for storing and caching session validity information 2017-02-12 23:00:53 +09:00
Kijin Sung
9884bbb3b8 Fix inconsistent whitespace 2017-02-11 21:55:01 +09:00
Kijin Sung
31623842ba Fix logout bug in admin module 2017-02-11 21:41:21 +09:00
Kijin Sung
1e532c51a4 Restore member_srl if it was changed by a third-party program 2017-02-11 21:13:18 +09:00
Kijin Sung
fd02fa968c Fix #702 Punycode error on attempting to handle long URLs 2017-02-11 17:48:52 +09:00
Kijin Sung
b32ae03396 Fix session variables being reset to an empty string 2017-02-11 14:15:38 +09:00
Kijin Sung
5f7b4837dc Add more safeguards for the possibility of an empty member_srl 2017-02-10 20:59:17 +09:00
Kijin Sung
57ab94187e Remove static keyword 2017-02-10 20:53:38 +09:00
Kijin Sung
dfdbc1db85 Add session helper class and move remainder of session validation logic to Session class 2017-02-10 20:50:38 +09:00
Kijin Sung
4b26db9932 Fix unit tests, and add tests for Session::isValid() 2017-02-09 00:42:34 +09:00
Kijin Sung
3be0e79abb Improve session invalidation routines 2017-02-09 00:34:01 +09:00
Kijin Sung
c7d8d84500 Add option to invalidate other sessions on password change 
Feature request in https://www.xetown.com/lakepark/345786
 2017-02-09 00:06:32 +09:00
Kijin Sung
bdb10d57c5 Miscellaneous fixes to session handling 2017-02-08 21:35:00 +09:00
Kijin Sung
59c3fa1381 Fix unexpected cast to int 2017-02-08 18:06:26 +09:00
Kijin Sung
2af90c8e1d Implement autologin in the Session class 2017-02-08 17:08:31 +09:00
Kijin Sung
af41f36bf7 Move checkSSO() from Context class to Session class 2017-02-07 23:26:43 +09:00