Compare commits
8 Commits
| Author | SHA1 | Date |
|---|---|---|
 Abel Hoogeveen
|
58e885e35f | |
|
Abel Hoogeveen
|
d6863d3f51 | |
|
Abel Hoogeveen
|
22e3ec2fd0 | |
|
Abel Hoogeveen
|
d66c244931
|
|
|
Abel Hoogeveen
|
0e2eb5ef72
|
|
|
Abel Hoogeveen
|
3c7011eddb
|
|
|
Abel Hoogeveen
|
cd331dc39d
|
|
|
Abel Hoogeveen
|
444f614c48
|
|
|
@ -4,21 +4,19 @@
|
|||
"license": ["MIT"],
|
||||
"authors": [
|
||||
{
|
||||
"name": "TechFuze",
|
||||
"homepage": "https://techfuze.net"
|
||||
},
|
||||
{
|
||||
"name": "FuzeWorks Community",
|
||||
"homepage": "https://techfuze.net/fuzeworks/contributors"
|
||||
"name": "Abel Hoogeveen",
|
||||
"homepage": "https://i15.nl"
|
||||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=7.4.0",
|
||||
"fuzeworks/mvcr": "~1.3.1",
|
||||
"fuzeworks/core": "~1.2.6"
|
||||
"php": ">=8.1.0",
|
||||
"fuzeworks/core": "~1.3.0",
|
||||
"fuzeworks/mvcr": "~1.3.0",
|
||||
"fuzeworks/objectstorage": "~1.3.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"fuzeworks/layout": "~1.2.0"
|
||||
"fuzeworks/layout": "~1.3.0",
|
||||
"fuzeworks/tracycomponent": "~1.3.0"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
|
|
|
|||
|
|
@ -50,12 +50,12 @@ return [
|
|||
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
||||
*/
|
||||
'csrf_protection' => true,
|
||||
'csrf_token_name' => 'fw_csrf_token',
|
||||
'csrf_token_name' => 'csrf_token',
|
||||
'csrf_expire' => 7200,
|
||||
'csrf_exclude_uris' => array(),
|
||||
|
||||
// CSRF Cookie information
|
||||
'csrf_cookie_name' => 'fw_csrf_cookie',
|
||||
'csrf_cookie_name' => 'csrf_cookie',
|
||||
'csrf_cookie_prefix' => '',
|
||||
'csrf_cookie_domain' => '',
|
||||
'csrf_cookie_path' => '/',
|
||||
|
|
|
|||
|
|
@ -327,7 +327,6 @@ class Input
|
|||
/**
|
||||
* Fetch the HTTP_USER_AGENT variable from the $_SERVER array
|
||||
*
|
||||
* @param string|array|null $index
|
||||
* @param bool $xssClean
|
||||
* @return mixed
|
||||
*/
|
||||
|
|
@ -339,7 +338,6 @@ class Input
|
|||
/**
|
||||
* Fetch the REQUEST_METHOD variable from the $_SERVER array
|
||||
*
|
||||
* @param string|array|null $index
|
||||
* @param bool $xssClean
|
||||
* @return mixed
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -289,13 +289,13 @@ class Output
|
|||
$getParams = $this->input->get();
|
||||
|
||||
// Determine the identifier
|
||||
$identier = md5($uri . '|' . serialize($getParams));
|
||||
$identifier = md5($uri . '|' . serialize($getParams));
|
||||
|
||||
// Determine the file that holds the cache
|
||||
if ($this->compressOutput)
|
||||
$file = $cachePath . DS . $identier . '_gzip.fwcache';
|
||||
$file = $cachePath . DS . $identifier . '_gzip.fwcache';
|
||||
else
|
||||
$file = $cachePath . DS . $identier . '.fwcache';
|
||||
$file = $cachePath . DS . $identifier . '.fwcache';
|
||||
|
||||
|
||||
// If compression is enabled, compress the output
|
||||
|
|
@ -326,9 +326,6 @@ class Output
|
|||
return false;
|
||||
}
|
||||
|
||||
// Lowering permissions to read only
|
||||
chmod($cachePath, 0640);
|
||||
|
||||
// And report back
|
||||
Logger::logInfo("Output cache has been saved.");
|
||||
|
||||
|
|
@ -525,4 +522,25 @@ class Output
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Set the location to redirect the user to.
|
||||
*
|
||||
* @param string $locationUrl Should be prepended with /
|
||||
* @param bool $permanent True for 301, false for 302 redirect.
|
||||
* @return void
|
||||
*/
|
||||
public function setLocation(string $locationUrl, bool $permanent = false)
|
||||
{
|
||||
// Set the status header
|
||||
if ($permanent)
|
||||
$this->setStatusHeader(301);
|
||||
else
|
||||
$this->setStatusHeader(302);
|
||||
|
||||
// And the location itself
|
||||
$header = 'Location: ' . $locationUrl;
|
||||
$this->headers[] = [$header, true];
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -188,7 +188,7 @@ class Security {
|
|||
$this->input = Factory::getInstance()->input;
|
||||
|
||||
// Is CSRF protection enabled?
|
||||
if ($this->config->csrf_protection)
|
||||
if ($this->config->get('csrf_protection'))
|
||||
{
|
||||
// CSRF config
|
||||
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
|
||||
|
|
@ -222,6 +222,10 @@ class Security {
|
|||
*/
|
||||
public function csrf_verify(): self
|
||||
{
|
||||
// If not enabled, do not run
|
||||
if (!$this->config->get('csrf_protection'))
|
||||
return $this;
|
||||
|
||||
// If it's not a POST request we will set the CSRF cookie
|
||||
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
|
||||
return $this->csrf_set_cookie();
|
||||
|
|
@ -371,10 +375,8 @@ class Security {
|
|||
// Is the string an array?
|
||||
if (is_array($str))
|
||||
{
|
||||
while (list($key) = each($str))
|
||||
{
|
||||
$str[$key] = $this->xss_clean($str[$key]);
|
||||
}
|
||||
foreach ($str as $key => $value)
|
||||
$str[$key] = $this->xss_clean($value);
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -60,7 +60,7 @@ class WebComponent implements iComponent
|
|||
*
|
||||
* @var bool
|
||||
*/
|
||||
public static $willHandleRequest = false;
|
||||
public static bool $willHandleRequest = false;
|
||||
|
||||
public function getName(): string
|
||||
{
|
||||
|
|
@ -93,10 +93,8 @@ class WebComponent implements iComponent
|
|||
|
||||
// If WebComponent will handle a request, add some calls to the configurator
|
||||
if (self::$willHandleRequest)
|
||||
{
|
||||
// Invoke methods to prepare system for HTTP calls
|
||||
$configurator->call('logger', 'setLoggerTemplate', null, 'logger_http');
|
||||
}
|
||||
}
|
||||
|
||||
public function onCreateContainer(Factory $container)
|
||||
|
|
@ -124,14 +122,14 @@ class WebComponent implements iComponent
|
|||
}
|
||||
|
||||
/**
|
||||
* Disable the WebComponent so it won't prepare for handling requests
|
||||
* Disable the WebComponent, so it won't prepare for handling requests
|
||||
*/
|
||||
public function disableComponent()
|
||||
{
|
||||
self::$willHandleRequest = false;
|
||||
}
|
||||
|
||||
public function shutdownEventListener(Event $event)
|
||||
public function shutdownEventListener(Event $event): Event
|
||||
{
|
||||
/** @var Output $output */
|
||||
Logger::logInfo("Parsing output...");
|
||||
|
|
@ -314,7 +312,6 @@ class WebComponent implements iComponent
|
|||
*/
|
||||
public function callViewEventListener(RouterCallViewEvent $event, SecurityException $exception)
|
||||
{
|
||||
/** @var RouterCallViewEvent $event */
|
||||
// If the securityExceptionHandler method exists, cancel based on that methods output
|
||||
if (method_exists($event->view, 'securityExceptionHandler'))
|
||||
$event->setCancelled(!$event->view->securityExceptionHandler($exception));
|
||||
|
|
@ -329,7 +326,7 @@ class WebComponent implements iComponent
|
|||
*
|
||||
* Fired when FuzeWorks halts it's execution. Loads an error 500 page.
|
||||
*
|
||||
* @param $event
|
||||
* @param HaltExecutionEvent $event
|
||||
* @throws EventException
|
||||
* @throws FactoryException
|
||||
* @TODO remove FuzeWorks\Layout dependency
|
||||
|
|
@ -388,7 +385,6 @@ class WebComponent implements iComponent
|
|||
$security = Factory::getInstance()->security;
|
||||
$config = Factory::getInstance()->config;
|
||||
|
||||
/** @var LayoutLoadEvent $event */
|
||||
$event->assign('csrfHash', $security->get_csrf_hash());
|
||||
$event->assign('csrfTokenName', $security->get_csrf_token_name());
|
||||
$event->assign('siteURL', $config->getConfig('web')->get('base_url'));
|
||||
|
|
|
|||
Loading…
Reference in New Issue