fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-08 03:01:43 +09:00
Code Issues Projects Releases Packages Wiki Activity
16268 commits 3 branches 212 tags 117 MiB
Commit graph

343 commits

Author SHA1 Message Date
Kijin Sung
e3a2c1a6aa Guard more count() calls in common framework classes 2017-12-09 02:49:01 +09:00
Kijin Sung
2158c4fa3b Remove unnecessary count() calls in MediaFilter 2017-12-09 02:32:40 +09:00
Kijin Sung
0023a9cc1a Cache opcache status to reduce function_exists() calls 2017-12-09 01:40:04 +09:00
Kijin Sung
0c62ff7561 Prevent exception on servers with flaky random_bytes() implementation 
카페24 PHP 7.0 웹호스팅 상품에서 random_bytes() 함수가 작동하지 않음
 2017-12-03 10:06:33 +09:00
Kijin Sung
d7beeb783c config파일 읽을 때 BOM문자 제거 
xpressengine/xe-core#1604
 2017-11-30 21:53:23 +09:00
Kijin Sung
b1a4d322c7 Update admin check function in Debug::displayErrorScreen() 2017-10-15 23:42:38 +09:00
Kijin Sung
1f9f449fb0 Stop treating .swf as directly downloadable file 
플래시 첨부파일을 본문에 직접 삽입하는 방식에서 다운로드만 가능한 방식에서 변경
file, importer, integration_search 등 모든 모듈에 일관성있게 적용

xpressengine/xe-core#2149
 2017-10-12 00:29:22 +09:00
Kijin Sung
1042479d5b Allow connection to Memcached and Redis via unix socket 2017-09-11 17:33:19 +09:00
Kijin Sung
744827518d Fix Reply-To for Woorimail driver 2017-08-07 23:01:29 +09:00
Kijin Sung
e1846a4b6d Use api_key and api_secret settings for Amazon SES mail driver 2017-07-04 22:17:33 +09:00
Kijin Sung
5ae15f4b66 Remove _rx_ajax_compat and _rx_csrf_token from request vars 
JSON/XMLRPC 호환성 확보와 CSRF 공격 방지를 위해 사용되는 이 변수들이
Context::getRequestVars()에 포함되어 불필요하게 여기저기 저장되거나
URL에 포함되어 나오는 문제를 방지합니다.
 2017-07-02 21:46:50 +09:00
Kijin Sung
464325c6f6 Update Markdown formatter to support footnotes and hard wraps natively 2017-06-29 23:58:20 +09:00
Kijin Sung
986f532ba5 Fix mail error messages being displayed as 'Array' only 2017-06-29 17:09:55 +09:00
Kijin Sung
c6e51cddc9 Fix fatal error when unable to connect to Woorimail server 2017-06-25 21:12:31 +09:00
Kijin Sung
227e1c53d1 Fix no Reply-To header when using Woorimail paid service 2017-06-22 16:19:28 +09:00
Kijin Sung
8c797aaba1 Pass through crypto exceptions 2017-05-07 15:29:21 +09:00
Kijin Sung
2822191271 Fix CSRF check for GET requests 2017-04-23 14:51:41 +09:00
Kijin Sung
df59e541c9 Skip diagnostic CSRF warning if the user is not logged in 2017-03-13 16:41:57 +09:00
Kijin Sung
a3ef122b57 Merge branch 'develop' into pr/csrf-token 2017-03-13 16:35:24 +09:00
Kijin Sung
a984665efc Implement default timezone for domains 2017-03-13 12:51:24 +09:00
Kijin Sung
beee2165fb Update session class to use getDefaultDomainInfo() for SSO 2017-03-13 11:35:37 +09:00
Kijin Sung
4257edf7fa Implement saving favicon, mobicon, and default image for domain 2017-03-12 22:55:57 +09:00
Kijin Sung
89255d0281 Initial implementation of CSRF token enforcement in Security class 2017-03-06 15:54:56 +09:00
Kijin Sung
a0f2388842 Add Session::getGenericToken() for general-purpose token handling 2017-03-06 11:24:09 +09:00
Kijin Sung
5bd5044126 Improve referer checks in Session::checkSSO() 2017-03-04 22:15:46 +09:00
Kijin Sung
af7309b807 Consistently use new domain system for URL::isInternalUrl() and checkCSRF() 2017-03-04 22:09:45 +09:00
Kijin Sung
8cf3d7b520 Update SSO mechanism to use new domain system 2017-03-04 22:05:16 +09:00
Kijin Sung
8d53304e71 Merge branch 'develop' into pr/multidomain 2017-03-04 16:12:31 +09:00
Kijin Sung
cf01038ce6 Refresh member info when setSessionInfo() is called 2017-03-03 01:05:13 +09:00
Kijin Sung
210b6b4147 Merge branch 'develop' into pr/multidomain 2017-03-01 21:50:51 +09:00
Kijin Sung
aa879e7326 Improve HTMLFilter handling of editor component properties 2017-02-25 17:37:58 +09:00
Kijin Sung
fdf568bbb2 Update URL::isInternalURL() 2017-02-20 21:53:00 +09:00
Kijin Sung
fbe47e0610 Remove temporary list of override domains in Session class 2017-02-18 22:57:39 +09:00
Kijin Sung
cbc0197be6 Fix data-file-srl attribute being deleted by HTMLFilter 2017-02-17 21:45:03 +09:00
Kijin Sung
5c8a41a655 Fix PHP warning 2017-02-17 21:38:03 +09:00
Kijin Sung
2582ef2100 More thoroughly delete conflicting cookies 2017-02-17 21:09:57 +09:00
Kijin Sung
64f0d5cb45 Remove Android Chrome from buggy user-agent list 2017-02-17 20:24:13 +09:00
Kijin Sung
51acad706e Remove unnecessary regex replacement 2017-02-17 20:15:56 +09:00
Kijin Sung
50410ec482 Delete conflicting wildcard cookies from subdomain 2017-02-17 19:44:01 +09:00
Kijin Sung
780034d4ee Do not explicitly set the domain for session cookies 2017-02-17 19:33:05 +09:00
Kijin Sung
cbae2c374e Use meta refresh instead of 302 redirect on new session 
Attempting to fix missing session cookie in some versions of Android webview and Chrome.
This may or may not be of any use, but why not try?

See https://bugs.chromium.org/p/chromium/issues/detail?id=150066
 2017-02-16 11:53:27 +09:00
Kijin Sung
6b0dd6c192 Standardize password hashing work factor to 10 by default 2017-02-15 11:34:39 +09:00
Kijin Sung
b43c653186 Add options to control session keys and SSL-only attribute 2017-02-14 13:37:30 +09:00
Kijin Sung
dea757cfb7 Do not refresh session keys over POST 2017-02-13 17:49:27 +09:00
Kijin Sung
a6fee16b68 Extend detection of buggy user agents that cannot handle session keys 2017-02-13 17:28:04 +09:00
Kijin Sung
9c96dc04bc Remove debugging code 2017-02-13 16:54:25 +09:00
Kijin Sung
aeb42891b0 Do not check security keys if session was started on Android webview 2017-02-13 16:53:30 +09:00
Kijin Sung
ba925150a3 Quash www subdomain to prevent duplicate sessions 2017-02-13 13:55:47 +09:00
Kijin Sung
4a4612938a Show warning when a session is discarded due to invalid keys 2017-02-12 23:12:53 +09:00
Kijin Sung
1a0e49dcfb Change method for storing and caching session validity information 2017-02-12 23:00:53 +09:00