fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-06-10 17:47:13 +09:00
Code Issues Projects Releases Packages Wiki Activity
21063 commits 7 branches 212 tags 119 MiB
Commit graph

1192 commits

Author SHA1 Message Date
Lastorder
1eab5cdfab
Merge branch 'rhymix:master' into master 2026-05-12 14:16:40 +09:00
Kijin Sung
a0af01c76a Merge branch 'security/rve-2026-8' 2026-05-11 18:17:41 +09:00
Kijin Sung
aa0f3f0200 Merge branch 'security/rve-2026-7' 2026-05-11 18:17:22 +09:00
Kijin Sung
71b11c769d Fix incorrect error location when R\F\Exception is thrown from inside an event handler 2026-05-07 23:07:36 +09:00
Kijin Sung
019950c8a8 Prevent unnecessary double cookie refresh when logging in as admin 2026-04-30 23:13:05 +09:00
Kijin Sung
7f1a61fb83 Clean up session refresh handling (dedicated timer, don't refresh in non-GET request, etc.) 2026-04-30 23:00:55 +09:00
Kijin Sung
f438a91cd6 Treat samesite attribute as a string, not integer 2026-04-30 22:44:14 +09:00
Kijin Sung
9f1a3574c5 Remove SSO 2026-04-29 23:31:29 +09:00
Kijin Sung
1511693cf6 Regenerate session ID upon login and peridically RVE-2026-8 2026-04-29 23:12:02 +09:00
Kijin Sung
d609d36ac6 Add Storage::protectDirectory() to place .htaccess and index.html files in a directory 2026-04-29 17:38:56 +09:00
Kijin Sung
c66daf6507 Be more strict about skipping embedded SVG checks #2703 2026-04-26 18:18:40 +09:00
Kijin Sung
f9119c8ba3 Fix incorrect detection of ChatGPT-generated PNG as dangerous SVG #2703 2026-04-26 14:47:52 +09:00
Lastorder
dd8fc890f4
Merge branch 'rhymix:master' into master 2026-04-01 12:04:22 +09:00
Kijin Sung
b1f84365a5 Add 'command' type to R\F\Security::sanitize() 2026-03-31 21:02:33 +09:00
Kijin Sung
ba49fe7b70 Fix warnings when migrating XE config to Rhymix format 2026-03-31 19:30:09 +09:00
Kijin Sung
5c858806b2 Treat comma as a regular character when parsing search string #2687 2026-03-29 16:26:10 +09:00
Kijin Sung
7a3d759e62 Fix undefined property when XML query has <navigation> without <page_count> #2688 2026-03-22 15:17:50 +09:00
Kijin Sung
63d2582c8e Fix invalid query when search contains zero conditions #2687 2026-03-22 15:09:45 +09:00
Lastorder
25f6d02677
Merge branch 'rhymix:master' into master 2026-02-27 18:04:35 +09:00
Kijin Sung
d0d1505367 Enable secure session and cookies by default if installed or upgraded in an HTTPS site 2026-02-26 01:25:36 +09:00
Kijin Sung
bf2df84d0f Use enshrined\svgSanitize to clean SVG file content 2026-02-20 21:55:29 +09:00
Kijin Sung
a18b45f0f8 Strip namespace prefixes before checking dangerous tags in SVG 2026-02-20 21:40:37 +09:00
Lastorder
aba6016986
Merge branch 'rhymix:master' into master 2026-02-12 14:03:54 +09:00
Kijin Sung
c5d453a2df #2675 보완 및 최적화 2026-02-11 21:02:50 +09:00
Kijin Sung
5834a3c18a Fix fatal error in some environments when relative URL is passed to encodeIdna() or decodeIdna() #2675 2026-02-11 20:54:00 +09:00
Lastorder
bbd62dbea3
Merge branch 'rhymix:master' into master 2026-02-06 09:51:56 +09:00
Kijin Sung
26c59c251c Fix incorrect conversion of JS template variable containing path #2657 2026-02-05 23:05:19 +09:00
Kijin Sung
9d1738e21d Add trigger before auto-login #2665 #2666 2026-02-05 22:14:06 +09:00
Lastorder
ba8bbda74b
Merge branch 'rhymix:master' into master 2026-01-30 14:57:37 +09:00
Kijin Sung
c1942080e7 Fix incorrect identification of DaumApps webview as robot 2026-01-19 19:44:25 +09:00
Lastorder-DC
1ee8ba0ca9 server error message 2026-01-11 11:14:17 +09:00
Lastorder
91dea83b9f
Merge branch 'rhymix:master' into master 2026-01-10 18:12:14 -08:00
Lastorder
1811cfee39
Fix error title localization in Debug.php 2026-01-08 22:56:16 -08:00
Lastorder
2efe733d5f
Merge branch 'rhymix:master' into master 2026-01-08 20:28:49 -08:00
Kijin Sung
26d645da4d Fix nested JS contexts in template v2 #2646 2026-01-06 23:43:21 +09:00
Kijin Sung
8b1da6a98a Fix incorrect handling of nested context switches (CSS inside HTML inside JS) in template v2 #2646 2026-01-06 21:36:10 +09:00
Kijin Sung
d6b7cb52b8 Fix deprecations in PHP 8.5 #2639 2026-01-01 18:39:20 +09:00
Lastorder
881b0fbac1 Merge remote-tracking branch 'upstream/master' 2025-12-24 03:07:48 +00:00
Kijin Sung
620fee05cf Fix duplicate hidden input when a form includes mid or act as a <select> 2025-12-17 21:32:03 +09:00
Kijin Sung
f3ff338711 Return more information from DB::getColumnInfo() and DB::getIndexInfo() 2025-12-17 16:43:18 +09:00
Kijin Sung
0c8aa306ec Fix incorrect timestamp display when timestamp is zero #2621 2025-12-17 11:32:37 +09:00
Kijin Sung
8e5480674d Exclude functions and closures from scope conversion #2617 2025-11-29 11:50:43 +09:00
Kijin Sung
50dd010e2d Remove empty class and style attributes when compiling template v2 2025-11-29 11:07:15 +09:00
Lastorder-DC
1c8ae0d766 Merge remote-tracking branch 'upstream/master' into master 2025-10-27 23:09:27 +09:00
Kijin Sung
978aecd7a8 Support SQL expressions in the "default" attribute of XML query 2025-10-23 10:53:12 +09:00
Kijin Sung
e2124ed1c0 Refactor checkCSRF() to use Sec-Fetch-Site and Origin headers 
- 최근 브라우저에서 지원하는 헤더를 사용하여 더 정확하게 체크
- Sec-Fetch-Site, Origin 헤더를 지원하지 않는 경우 기존처럼 Referer 체크
- CSRF 토큰은 더이상 기본 방법보다 보안이 더 뛰어나다고 말하기 힘듬
 2025-10-22 22:53:45 +09:00
Lastorder
a5c3dc8ae5
Merge branch 'rhymix:master' into master 2025-10-13 20:09:50 +09:00
Kijin Sung
653ca4f697 Add "TABLE" to list of keywords to recognize in addPrefixes() 2025-09-30 22:27:36 +09:00
Kijin Sung
60552ba96b Throw error in filterValue() if an unstringable object is given 2025-09-15 00:30:00 +09:00
Kijin Sung
40067c0b53 Support generated columns #2596 2025-09-09 17:18:31 +09:00