fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-07 02:31:40 +09:00
Code Issues Projects Releases Packages Wiki Activity
14357 commits 3 branches 212 tags 117 MiB
Commit graph

94 commits

Author SHA1 Message Date
Kijin Sung
7ecd9230c2 Add MediaFilter class to absorb most EmbedFilter functionality 2016-03-13 09:51:15 +09:00
Kijin Sung
6f53a3f068 Check object whitelist in HTMLFilter class, not EmbedFilter class 2016-03-12 22:35:43 +09:00
Kijin Sung
be882d0c5c Do not check allowscriptaccess because HTMLPurifier does it better 2016-03-12 21:11:53 +09:00
Kijin Sung
b962409652 Use new Security and URL classes in other places 2016-03-12 17:26:41 +09:00
Kijin Sung
4594c40321 Disable useless UploadFileFilter 2016-03-11 19:55:41 +09:00
Kijin Sung
b89818e13d Update HTMLPurifier configuration and allow HTML5 2016-03-11 15:29:42 +09:00
Kijin Sung
5d5fe818f1 Remove outdated PHP HTML Parser library 2016-02-16 15:29:01 +09:00
Kijin Sung
a1e8d14b0d Move whitelist file to common location 2016-02-16 15:27:41 +09:00
Kijin Sung
e7bacf689a Update embed filter to use Simple HTML DOM Parser 2016-02-16 15:22:12 +09:00
Kijin Sung
f7aad28d2c Remove remaining references to getDBInfo() 2016-02-05 15:18:31 +09:00
Kijin Sung
b47abe8d12 Update old IpFilter class to call the new class internally 2016-02-02 09:15:07 +09:00
Kijin Sung
30246059eb Remove Crypto class (was added by @kijin but not used) 2016-01-22 15:02:33 +09:00
qw5414
349ee07f60 Add ifream whitelist to afreeca 2016-01-15 14:09:14 +09:00
Kijin Sung
5196ddaf83 Fix incorrect generation of whitelist regexp 2016-01-12 19:23:27 +09:00
Kijin Sung
2be2e8e73e Fix incorrect use of embed filter in HTMLPurifier 2016-01-12 19:13:15 +09:00
Kijin Sung
bd15128e14 embed whitelist를 별도로 캐싱하지 않고 직접 include하여 사용하도록 변경 2016-01-07 10:14:40 +09:00
Kijin Sung
ca3001141c embed whitelist 설정파일에서 XML을 제거하고 http/https를 구분하지 않도록 함 2016-01-07 09:39:55 +09:00
Kijin Sung
546606b208 Initial import of composer dependencies (--no-dev) 2016-01-06 19:21:31 +09:00
MinSoo Kim
264a5d3ef5 PHP 5.4 이상부터 의미가 없어진 변수 입력 제거 
* [매뉴얼](https://secure.php.net/en/htmlspecialchars)에서 기본값이 되었다고 설명함.
* 빼먹은 `LOCK_EX` 다시 추가.
 2016-01-02 22:59:55 +09:00
MinSoo Kim
2957f8cebe HTMLPurifier update 
약간 커스텀 된 부분 모두 반영.
File lock 부분과 htmlspecialchars 부분.
 2016-01-02 11:55:54 +09:00
conory
ef5e660bb2 #10 잘못된 변수 2015-12-22 08:32:12 +09:00
Kijin Sung
811c5dbedd Merge pull request #10 from kijin/feature/password-improvements 
Password 클래스 개선
 2015-12-21 15:32:18 +09:00
Kijin Sung
804dd3073a Support custom (user-defined) check-only algorithms in Password class 2015-12-21 13:44:46 +09:00
Kijin Sung
a22e69b7ec Merge branch 'develop' of https://github.com/xpressengine/xe-core (1.8.14) 
Conflicts:
	classes/context/Context.class.php
	modules/point/tpl/config.html
 2015-12-02 14:38:23 +09:00
YJSoft
961deaf3ea fix #1796 에디터 컴포넌트와 위젯의 스타일도 체크함 2015-11-06 17:06:40 +09:00
Kijin Sung
9dbe64e0da Merge #1650 다양하게 활용 가능한 암호화 클래스 추가 by kijin 
* pr/1650:
  Simplify IV creation routine by reusing Password class
  Add currentSessionOnly option to Crypto class
  Add Crypto class compatible with defuse/php-encryption
 2015-10-08 15:03:28 +09:00
Kijin Sung
a7ed4c56c8 Merge #1363 PHP 5 방식의 생성자 (__construct) 사용 by kijin 
* pr/1363:
  ExtraItem 클래스에도 PHP 5 방식의 생성자 (__construct) 사용
  PHP 5 방식의 생성자 (__construct) 사용

Conflicts:
	classes/context/Context.class.php
 2015-10-08 14:10:32 +09:00
Kijin Sung
fece1fbc18 Support additional check-only algorithms in Password class 2015-09-24 12:09:22 +09:00
Kijin Sung
03bc1a45e3 PHP7 and error handling improvements to random salt generator 2015-09-24 11:49:22 +09:00
Kijin Sung
b9237e8352 Simplify IV creation routine by reusing Password class 2015-07-22 21:28:22 +09:00
Kijin Sung
402276f4ff Add currentSessionOnly option to Crypto class 2015-07-17 11:37:19 +09:00
Kijin Sung
7526e76eb5 Add Crypto class compatible with defuse/php-encryption 2015-07-16 21:45:10 +09:00
Kijin Sung
deb6da04b6 PBKDF2 해시 생성시 솔트의 엔트로피 개선 2015-04-08 11:08:09 +09:00
Kijin Sung
15d3ba7ca1 PHP 5 방식의 생성자 (__construct) 사용 2015-04-01 11:30:04 +09:00
bnu
a901f052fe #1316 createTemporaryPassword()에서 특수문자를 포함하지 못하는 문제 수정 2015-03-23 17:16:02 +09:00
bnu
aaac84ec7e Merge branch 'pr/1316' into develop 2015-03-10 12:40:18 +09:00
Kijin Sung
c531e6777c Improve the temporary password generation routine 2015-03-10 11:37:09 +09:00
bnu
2e661027ab 445a414 에서 추가한 Password:: generateStrongPassword() 제거 2015-03-10 11:21:40 +09:00
bnu
6bdc099d92 Merge branch 'pr/1316' into develop 
Conflicts:
	classes/security/Password.class.php
 2015-03-10 11:20:43 +09:00
Kijin Sung
8e0b310e2a Add method to create a password that includes all character classes 2015-03-06 16:15:45 +09:00
Kijin Sung
8da6ddcfe8 Add option to create a secure salt including special chars 2015-03-06 15:03:55 +09:00
bnu
445a41411e fix #1315 인증메일 및 비밀번호 찾기에서 새 비밀번호 및 인증키 발급 개선 2015-03-06 14:20:25 +09:00
bnu
2bbe9603a2 Merge branch 'develop' into next 2015-02-09 11:22:02 +09:00
bnu
a33a4b3081 fix #1227 SECISSUE 
- XXE 취약점 문제 해결
- Drupal의 소스코드를 참고하여 `Security::detectingXEE()` 추가
  - 90e884ad0f
- blogapi 애드온 및 `Context::_setXmlRpcArgument()`에서 취약점 방어
- 제보 : 한국인터넷진흥원
 2015-02-04 17:42:28 +09:00
Kijin Sung
2df137e82b Always prefer PBKDF2 to bcrypt, for better PHP 5.2 compatibility 2014-12-10 16:10:07 +09:00
Kijin Sung
3923bf40fc Ensure full compatibility with previous versions of XE and migration tools 2014-12-10 16:10:07 +09:00
Kijin Sung
ca439d4440 Add a new class for improved password hashing 2014-12-10 16:10:07 +09:00
bnu
cc487ba0b2 #1077 embed white url 중복 제거 및 추가 
- 추가 : http://serviceapi.rmcnmv.naver.com/
- 추가 : http://videofarm.daum.net/
 2014-12-08 13:19:45 +09:00
sejin7940
3bbd4b15f4 Update embedWhiteUrl.xml 2014-09-11 13:48:17 +09:00
Jin Hu, Baek
37f57f2eca remove mncast profile 
엠앤캐스트 서비스가 종료된지 어연 5년이 지났고, 현재 엠앤캐스트 사이트 자체가 불법 스미싱 사이트로 바뀌어있는 지금, 해당 embed 패턴을 통한 공격이 들어올수 있다 판단되어 삭제.
 2014-04-07 22:08:34 +09:00