fanbinit/rhymix

mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-06 02:01:40 +09:00

Author	SHA1	Message	Date
Kijin Sung	e2124ed1c0	Refactor checkCSRF() to use Sec-Fetch-Site and Origin headers - 최근 브라우저에서 지원하는 헤더를 사용하여 더 정확하게 체크 - Sec-Fetch-Site, Origin 헤더를 지원하지 않는 경우 기존처럼 Referer 체크 - CSRF 토큰은 더이상 기본 방법보다 보안이 더 뛰어나다고 말하기 힘듬	2025-10-22 22:53:45 +09:00
Kijin Sung	1f688c167c	Change deprecated Codeception class name	2023-10-24 20:16:44 +09:00
Kijin Sung	f8ed6da4ed	Support both UUIDv4 and UUIDv7 in Security::getRandomUUID()	2023-10-03 19:22:04 +09:00
Kijin Sung	3b77781d15	Remove trailing whitespace in all unit tests	2023-01-30 21:48:12 +09:00
Kijin Sung	35a93f3928	Remove code that uses defuse/php-encryption (from next branch)	2022-12-25 19:45:12 +09:00
Kijin Sung	e423cba24d	Use Origin header before Referer to check CSRF OWASP에서는 Referer 헤더보다 Origin 헤더를 먼저 체크하는 것을 권장합니다. Referer가 비어 있는 경우에도 Origin 헤더에는 유용한 정보가 들어 있을 수 있기 때문입니다. https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html	2021-02-23 16:51:46 +09:00
Kijin Sung	af64ae79c1	Rename checkXEE() to checkXXE()	2018-10-18 14:21:08 +09:00
Kijin Sung	d7a3e1bc26	Fix unit tests that don't work in PHP 7.2	2017-12-09 03:00:51 +09:00
Kijin Sung	2822191271	Fix CSRF check for GET requests	2017-04-23 14:51:41 +09:00
Kijin Sung	d62756dcd5	Fix unit tests to ignore user warnings during CSRF test	2017-03-06 16:02:50 +09:00
Kijin Sung	89255d0281	Initial implementation of CSRF token enforcement in Security class	2017-03-06 15:54:56 +09:00
Kijin Sung	bc6907dccf	Update unit test for Security::checkCSRF()	2016-09-25 12:37:34 +09:00
Kijin Sung	44a34229fb	Fix failing unit test in HHVM	2016-08-02 16:48:46 +09:00
Kijin Sung	2822a1d3e1	Add unit tests for signature creation and verification routines	2016-08-02 16:35:46 +09:00
Kijin Sung	ca7a7b64ea	Use a more realistic server environment in unit tests	2016-03-16 09:13:31 +09:00
Kijin Sung	ddab5ce8d8	Fix unit tests for Security::getRandomNumber()	2016-03-13 22:11:30 +09:00
Kijin Sung	647bc7c112	Implement new Password class and related unit tests	2016-03-13 22:08:56 +09:00
Kijin Sung	90dcc4a2e8	Implement encryption, decryption, and CSPRNG in Security class	2016-03-13 20:40:23 +09:00
Kijin Sung	143b65e840	Perform tag filtering after HTMLPurifier is done with the content	2016-03-12 22:18:33 +09:00
Kijin Sung	f577b456ec	Absorb removeSrcHack() into HTMLFilter postprocessing method	2016-03-12 22:15:55 +09:00
Kijin Sung	b693c8cdad	Add unit tests for Security and URL classes	2016-03-12 19:44:05 +09:00
Kijin Sung	e405fc69ac	Update unit tests	2016-03-11 15:36:36 +09:00

22 commits