Compare commits
9 Commits
Author | SHA1 | Date | |
---|---|---|---|
58e885e35f | |||
d6863d3f51 | |||
22e3ec2fd0 | |||
d66c244931 | |||
0e2eb5ef72 | |||
3c7011eddb | |||
cd331dc39d | |||
444f614c48 | |||
af25072b24 |
21
LICENSE
Normal file
21
LICENSE
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
MIT License
|
||||||
|
|
||||||
|
Copyright (c) 2013-2021 TechFuze
|
||||||
|
|
||||||
|
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||||
|
of this software and associated documentation files (the "Software"), to deal
|
||||||
|
in the Software without restriction, including without limitation the rights
|
||||||
|
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||||
|
copies of the Software, and to permit persons to whom the Software is
|
||||||
|
furnished to do so, subject to the following conditions:
|
||||||
|
|
||||||
|
The above copyright notice and this permission notice shall be included in all
|
||||||
|
copies or substantial portions of the Software.
|
||||||
|
|
||||||
|
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||||
|
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||||
|
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||||
|
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||||
|
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||||
|
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||||
|
SOFTWARE.
|
@ -4,21 +4,19 @@
|
|||||||
"license": ["MIT"],
|
"license": ["MIT"],
|
||||||
"authors": [
|
"authors": [
|
||||||
{
|
{
|
||||||
"name": "TechFuze",
|
"name": "Abel Hoogeveen",
|
||||||
"homepage": "https://techfuze.net"
|
"homepage": "https://i15.nl"
|
||||||
},
|
|
||||||
{
|
|
||||||
"name": "FuzeWorks Community",
|
|
||||||
"homepage": "https://techfuze.net/fuzeworks/contributors"
|
|
||||||
}
|
}
|
||||||
],
|
],
|
||||||
"require": {
|
"require": {
|
||||||
"php": ">=7.1.0",
|
"php": ">=8.1.0",
|
||||||
"fuzeworks/mvcr": "~1.2.0",
|
"fuzeworks/core": "~1.3.0",
|
||||||
"fuzeworks/core": "~1.2.0"
|
"fuzeworks/mvcr": "~1.3.0",
|
||||||
|
"fuzeworks/objectstorage": "~1.3.0"
|
||||||
},
|
},
|
||||||
"require-dev": {
|
"require-dev": {
|
||||||
"phpunit/phpunit": "^7"
|
"fuzeworks/layout": "~1.3.0",
|
||||||
|
"fuzeworks/tracycomponent": "~1.3.0"
|
||||||
},
|
},
|
||||||
"autoload": {
|
"autoload": {
|
||||||
"psr-4": {
|
"psr-4": {
|
||||||
|
@ -50,12 +50,12 @@ return [
|
|||||||
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
||||||
*/
|
*/
|
||||||
'csrf_protection' => true,
|
'csrf_protection' => true,
|
||||||
'csrf_token_name' => 'fw_csrf_token',
|
'csrf_token_name' => 'csrf_token',
|
||||||
'csrf_expire' => 7200,
|
'csrf_expire' => 7200,
|
||||||
'csrf_exclude_uris' => array(),
|
'csrf_exclude_uris' => array(),
|
||||||
|
|
||||||
// CSRF Cookie information
|
// CSRF Cookie information
|
||||||
'csrf_cookie_name' => 'fw_csrf_cookie',
|
'csrf_cookie_name' => 'csrf_cookie',
|
||||||
'csrf_cookie_prefix' => '',
|
'csrf_cookie_prefix' => '',
|
||||||
'csrf_cookie_domain' => '',
|
'csrf_cookie_domain' => '',
|
||||||
'csrf_cookie_path' => '/',
|
'csrf_cookie_path' => '/',
|
||||||
|
@ -327,7 +327,6 @@ class Input
|
|||||||
/**
|
/**
|
||||||
* Fetch the HTTP_USER_AGENT variable from the $_SERVER array
|
* Fetch the HTTP_USER_AGENT variable from the $_SERVER array
|
||||||
*
|
*
|
||||||
* @param string|array|null $index
|
|
||||||
* @param bool $xssClean
|
* @param bool $xssClean
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
@ -339,7 +338,6 @@ class Input
|
|||||||
/**
|
/**
|
||||||
* Fetch the REQUEST_METHOD variable from the $_SERVER array
|
* Fetch the REQUEST_METHOD variable from the $_SERVER array
|
||||||
*
|
*
|
||||||
* @param string|array|null $index
|
|
||||||
* @param bool $xssClean
|
* @param bool $xssClean
|
||||||
* @return mixed
|
* @return mixed
|
||||||
*/
|
*/
|
||||||
|
@ -289,13 +289,13 @@ class Output
|
|||||||
$getParams = $this->input->get();
|
$getParams = $this->input->get();
|
||||||
|
|
||||||
// Determine the identifier
|
// Determine the identifier
|
||||||
$identier = md5($uri . '|' . serialize($getParams));
|
$identifier = md5($uri . '|' . serialize($getParams));
|
||||||
|
|
||||||
// Determine the file that holds the cache
|
// Determine the file that holds the cache
|
||||||
if ($this->compressOutput)
|
if ($this->compressOutput)
|
||||||
$file = $cachePath . DS . $identier . '_gzip.fwcache';
|
$file = $cachePath . DS . $identifier . '_gzip.fwcache';
|
||||||
else
|
else
|
||||||
$file = $cachePath . DS . $identier . '.fwcache';
|
$file = $cachePath . DS . $identifier . '.fwcache';
|
||||||
|
|
||||||
|
|
||||||
// If compression is enabled, compress the output
|
// If compression is enabled, compress the output
|
||||||
@ -326,9 +326,6 @@ class Output
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Lowering permissions to read only
|
|
||||||
chmod($cachePath, 0640);
|
|
||||||
|
|
||||||
// And report back
|
// And report back
|
||||||
Logger::logInfo("Output cache has been saved.");
|
Logger::logInfo("Output cache has been saved.");
|
||||||
|
|
||||||
@ -525,4 +522,25 @@ class Output
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Set the location to redirect the user to.
|
||||||
|
*
|
||||||
|
* @param string $locationUrl Should be prepended with /
|
||||||
|
* @param bool $permanent True for 301, false for 302 redirect.
|
||||||
|
* @return void
|
||||||
|
*/
|
||||||
|
public function setLocation(string $locationUrl, bool $permanent = false)
|
||||||
|
{
|
||||||
|
// Set the status header
|
||||||
|
if ($permanent)
|
||||||
|
$this->setStatusHeader(301);
|
||||||
|
else
|
||||||
|
$this->setStatusHeader(302);
|
||||||
|
|
||||||
|
// And the location itself
|
||||||
|
$header = 'Location: ' . $locationUrl;
|
||||||
|
$this->headers[] = [$header, true];
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
@ -188,7 +188,7 @@ class Security {
|
|||||||
$this->input = Factory::getInstance()->input;
|
$this->input = Factory::getInstance()->input;
|
||||||
|
|
||||||
// Is CSRF protection enabled?
|
// Is CSRF protection enabled?
|
||||||
if ($this->config->csrf_protection)
|
if ($this->config->get('csrf_protection'))
|
||||||
{
|
{
|
||||||
// CSRF config
|
// CSRF config
|
||||||
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
|
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
|
||||||
@ -222,6 +222,10 @@ class Security {
|
|||||||
*/
|
*/
|
||||||
public function csrf_verify(): self
|
public function csrf_verify(): self
|
||||||
{
|
{
|
||||||
|
// If not enabled, do not run
|
||||||
|
if (!$this->config->get('csrf_protection'))
|
||||||
|
return $this;
|
||||||
|
|
||||||
// If it's not a POST request we will set the CSRF cookie
|
// If it's not a POST request we will set the CSRF cookie
|
||||||
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
|
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
|
||||||
return $this->csrf_set_cookie();
|
return $this->csrf_set_cookie();
|
||||||
@ -371,10 +375,8 @@ class Security {
|
|||||||
// Is the string an array?
|
// Is the string an array?
|
||||||
if (is_array($str))
|
if (is_array($str))
|
||||||
{
|
{
|
||||||
while (list($key) = each($str))
|
foreach ($str as $key => $value)
|
||||||
{
|
$str[$key] = $this->xss_clean($value);
|
||||||
$str[$key] = $this->xss_clean($str[$key]);
|
|
||||||
}
|
|
||||||
|
|
||||||
return $str;
|
return $str;
|
||||||
}
|
}
|
||||||
|
@ -60,7 +60,7 @@ class WebComponent implements iComponent
|
|||||||
*
|
*
|
||||||
* @var bool
|
* @var bool
|
||||||
*/
|
*/
|
||||||
public static $willHandleRequest = false;
|
public static bool $willHandleRequest = false;
|
||||||
|
|
||||||
public function getName(): string
|
public function getName(): string
|
||||||
{
|
{
|
||||||
@ -93,11 +93,9 @@ class WebComponent implements iComponent
|
|||||||
|
|
||||||
// If WebComponent will handle a request, add some calls to the configurator
|
// If WebComponent will handle a request, add some calls to the configurator
|
||||||
if (self::$willHandleRequest)
|
if (self::$willHandleRequest)
|
||||||
{
|
|
||||||
// Invoke methods to prepare system for HTTP calls
|
// Invoke methods to prepare system for HTTP calls
|
||||||
$configurator->call('logger', 'setLoggerTemplate', null, 'logger_http');
|
$configurator->call('logger', 'setLoggerTemplate', null, 'logger_http');
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
public function onCreateContainer(Factory $container)
|
public function onCreateContainer(Factory $container)
|
||||||
{
|
{
|
||||||
@ -124,14 +122,14 @@ class WebComponent implements iComponent
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Disable the WebComponent so it won't prepare for handling requests
|
* Disable the WebComponent, so it won't prepare for handling requests
|
||||||
*/
|
*/
|
||||||
public function disableComponent()
|
public function disableComponent()
|
||||||
{
|
{
|
||||||
self::$willHandleRequest = false;
|
self::$willHandleRequest = false;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function shutdownEventListener(Event $event)
|
public function shutdownEventListener(Event $event): Event
|
||||||
{
|
{
|
||||||
/** @var Output $output */
|
/** @var Output $output */
|
||||||
Logger::logInfo("Parsing output...");
|
Logger::logInfo("Parsing output...");
|
||||||
@ -314,7 +312,6 @@ class WebComponent implements iComponent
|
|||||||
*/
|
*/
|
||||||
public function callViewEventListener(RouterCallViewEvent $event, SecurityException $exception)
|
public function callViewEventListener(RouterCallViewEvent $event, SecurityException $exception)
|
||||||
{
|
{
|
||||||
/** @var RouterCallViewEvent $event */
|
|
||||||
// If the securityExceptionHandler method exists, cancel based on that methods output
|
// If the securityExceptionHandler method exists, cancel based on that methods output
|
||||||
if (method_exists($event->view, 'securityExceptionHandler'))
|
if (method_exists($event->view, 'securityExceptionHandler'))
|
||||||
$event->setCancelled(!$event->view->securityExceptionHandler($exception));
|
$event->setCancelled(!$event->view->securityExceptionHandler($exception));
|
||||||
@ -329,7 +326,7 @@ class WebComponent implements iComponent
|
|||||||
*
|
*
|
||||||
* Fired when FuzeWorks halts it's execution. Loads an error 500 page.
|
* Fired when FuzeWorks halts it's execution. Loads an error 500 page.
|
||||||
*
|
*
|
||||||
* @param $event
|
* @param HaltExecutionEvent $event
|
||||||
* @throws EventException
|
* @throws EventException
|
||||||
* @throws FactoryException
|
* @throws FactoryException
|
||||||
* @TODO remove FuzeWorks\Layout dependency
|
* @TODO remove FuzeWorks\Layout dependency
|
||||||
@ -388,7 +385,6 @@ class WebComponent implements iComponent
|
|||||||
$security = Factory::getInstance()->security;
|
$security = Factory::getInstance()->security;
|
||||||
$config = Factory::getInstance()->config;
|
$config = Factory::getInstance()->config;
|
||||||
|
|
||||||
/** @var LayoutLoadEvent $event */
|
|
||||||
$event->assign('csrfHash', $security->get_csrf_hash());
|
$event->assign('csrfHash', $security->get_csrf_hash());
|
||||||
$event->assign('csrfTokenName', $security->get_csrf_token_name());
|
$event->assign('csrfTokenName', $security->get_csrf_token_name());
|
||||||
$event->assign('siteURL', $config->getConfig('web')->get('base_url'));
|
$event->assign('siteURL', $config->getConfig('web')->get('base_url'));
|
||||||
|
Loading…
Reference in New Issue
Block a user