fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-29 08:09:58 +09:00
Code Issues Projects Releases Packages Wiki Activity
16886 commits 4 branches 212 tags 117 MiB
Commit graph

1850 commits

Author SHA1 Message Date
Kijin Sung
9735ff741b Version 1.8.39 2017-05-31 17:54:56 +09:00
Kijin Sung
e6aae8b834 Version 1.8.38 2017-05-30 13:47:26 +09:00
howtoxe
2441809743 커버이미지 선택 취소 기능 
CK에디터 파일업로드의 커버이미지 선택을 취소할 수 있도록 하는 기능
 2017-05-30 13:39:45 +09:00
Kijin Sung
5e296e54e2 Fix #813 incorrect language about canceling downvotes 2017-05-07 21:58:00 +09:00
Kijin Sung
8c797aaba1 Pass through crypto exceptions 2017-05-07 15:29:21 +09:00
Kijin Sung
2822191271 Fix CSRF check for GET requests 2017-04-23 14:51:41 +09:00
Kijin Sung
7700709c8f Version 1.8.37 2017-04-17 13:58:15 +09:00
Kijin Sung
0937da9fff Add jquerycdn to blacklist 
We cannot allow half-assed attempts to replace scripts that the
rest of the environment heavily depends on.

Similar functionality will be exposed via a more stable API
at some later time.

https://www.xetown.com/square/564456
 2017-04-16 10:16:43 +09:00
Kijin Sung
7dd418d379 Version 1.8.36 2017-04-14 16:33:07 +09:00
Kijin Sung
fb4dd4fddc Version 1.8.35 2017-04-14 15:29:34 +09:00
Kijin Sung
a400cc4b40 Remove unused file: redirect.html 
https://github.com/xpressengine/xe-core/issues/2069
 2017-04-14 15:25:22 +09:00
Kijin Sung
f0d52f8a91 Fix escaped XML content: cf. xpressengine/xe-core#2042 2017-04-10 10:06:34 +09:00
Kijin Sung
8147044802 Fix toBool() and add more test cases 2017-04-08 22:02:03 +09:00
Kijin Sung
f73580945d Remove unnecessary polyfill for hex2bin() 2017-04-08 21:57:34 +09:00
Kijin Sung
0777a66703 Fix incorrect detection of form method if there is an input tag with the name 'method' 2017-04-01 22:07:38 +09:00
Kijin Sung
c41ded3124 Fix #773 no refresh after redirect() when not using mod_rewrite 2017-03-24 16:33:24 +09:00
Kijin Sung
97047d1279 Add list of reserved words #763 2017-03-23 19:43:49 +09:00
Kijin Sung
b0bf971cee Fix default URL and other relative paths when invoked on the CLI 2017-03-23 18:56:46 +09:00
Kijin Sung
df59e541c9 Skip diagnostic CSRF warning if the user is not logged in 2017-03-13 16:41:57 +09:00
Kijin Sung
9a34341759 Populate CSRF token in some non-member requests as well 2017-03-13 16:41:08 +09:00
Kijin Sung
a3ef122b57 Merge branch 'develop' into pr/csrf-token 2017-03-13 16:35:24 +09:00
Kijin Sung
a2e326a419 Always set xeVid to null 2017-03-13 15:40:03 +09:00
Kijin Sung
1feb506b3c Remove vid from URL rewrite list 2017-03-13 14:54:50 +09:00
Kijin Sung
79f29b3372 Implement multidomain settings 2017-03-13 13:47:07 +09:00
Kijin Sung
a984665efc Implement default timezone for domains 2017-03-13 12:51:24 +09:00
Kijin Sung
bb11f2d000 Blacklist multidomain module and add missing explanations 2017-03-13 11:35:58 +09:00
Kijin Sung
beee2165fb Update session class to use getDefaultDomainInfo() for SSO 2017-03-13 11:35:37 +09:00
Kijin Sung
4257edf7fa Implement saving favicon, mobicon, and default image for domain 2017-03-12 22:55:57 +09:00
Kijin Sung
2e5ffa7dea Merge branch 'develop' into pr/multidomain 2017-03-08 20:12:15 +09:00
Kijin Sung
f23d52d94d Version 1.8.34 2017-03-08 19:32:18 +09:00
Kijin Sung
fc77980c39 Merge branch 'develop' into pr/multidomain 2017-03-07 15:43:25 +09:00
Kijin Sung
89255d0281 Initial implementation of CSRF token enforcement in Security class 2017-03-06 15:54:56 +09:00
Kijin Sung
b8569aa5ab Fix missing semicolon 2017-03-06 15:43:40 +09:00
Kijin Sung
11afa4db42 Add CSRF token to all dynamic forms 2017-03-06 15:37:18 +09:00
Kijin Sung
e82e3fb18c Implement isSameOrigin() to simplify origin determination 2017-03-06 15:11:45 +09:00
Kijin Sung
14300cbcc3 Insert CSRF token into every AJAX request 2017-03-06 14:47:42 +09:00
Kijin Sung
6afa7b3255 Merge branch 'develop' into pr/csrf-token 2017-03-06 14:34:35 +09:00
Kijin Sung
ef202542c1 Version 1.8.33 2017-03-06 14:11:41 +09:00
Kijin Sung
701f4b5e07 Prevent loading the autoloder more than once 2017-03-06 14:11:30 +09:00
Kijin Sung
b3fb993f73 Insert CSRF token in all AJAX requests via exec_xml(), exec_json(), exec_html() 
일단 공식적으로 지원하는 AJAX 함수 3종에 CSRF 토큰을 삽입해 본다.
추후 체크 방식을 변경하거나 보안을 더욱 강화할 경우 X-CSRF-Token 헤더와 비교할 수도 있다.
일반 폼 제출이나 임의의 AJAX 요청에도 CSRF 토큰을 삽입하는 것은 다음 커밋에...
 2017-03-06 11:51:38 +09:00
Kijin Sung
e2511a0269 Insert CSRF token using meta tag in common_layout.html 
<body> 태그의 속성이나 그 밖의 태그를 사용하지 않는 이유는
<body>가 로딩되기 전에 먼저 AJAX 요청을 시도하는 서드파티 자료가 있기 때문이다.
<head> 상단에 CSRF 토큰을 넣어야 이런 자료에서도 토큰이 누락되지 않는다.

다른 CSM나 프레임워크들도 <head> 상단에 <meta> 태그를 사용하여
CSRF 토큰을 삽입하는 사례가 많으며, csrf-token은 이런 용도로
WHATWG에 공식적으로 등록된 meta name이다.

cf. https://wiki.whatwg.org/wiki/MetaExtensions
 2017-03-06 11:46:37 +09:00
Kijin Sung
a0f2388842 Add Session::getGenericToken() for general-purpose token handling 2017-03-06 11:24:09 +09:00
Kijin Sung
387dd1f78b Fix #741 do not allow empty HTML content in document and comment 2017-03-06 10:50:06 +09:00
Kijin Sung
5bd5044126 Improve referer checks in Session::checkSSO() 2017-03-04 22:15:46 +09:00
Kijin Sung
af7309b807 Consistently use new domain system for URL::isInternalUrl() and checkCSRF() 2017-03-04 22:09:45 +09:00
Kijin Sung
8cf3d7b520 Update SSO mechanism to use new domain system 2017-03-04 22:05:16 +09:00
Kijin Sung
8d53304e71 Merge branch 'develop' into pr/multidomain 2017-03-04 16:12:31 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
210b6b4147 Merge branch 'develop' into pr/multidomain 2017-03-01 21:50:51 +09:00
MinSoo Kim
76aebe0653 Clean up description page codes... We need translators.. 2017-03-01 20:05:59 +09:00