Compare commits
7 Commits
Author | SHA1 | Date |
---|---|---|
Abel Hoogeveen | 58e885e35f | |
Abel Hoogeveen | d6863d3f51 | |
Abel Hoogeveen | 22e3ec2fd0 | |
Abel Hoogeveen | d66c244931 | |
Abel Hoogeveen | 0e2eb5ef72 | |
Abel Hoogeveen | 3c7011eddb | |
Abel Hoogeveen | cd331dc39d |
|
@ -9,7 +9,7 @@
|
|||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=7.4.0",
|
||||
"php": ">=8.1.0",
|
||||
"fuzeworks/core": "~1.3.0",
|
||||
"fuzeworks/mvcr": "~1.3.0",
|
||||
"fuzeworks/objectstorage": "~1.3.0"
|
||||
|
|
|
@ -50,12 +50,12 @@ return [
|
|||
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
||||
*/
|
||||
'csrf_protection' => true,
|
||||
'csrf_token_name' => 'fw_csrf_token',
|
||||
'csrf_token_name' => 'csrf_token',
|
||||
'csrf_expire' => 7200,
|
||||
'csrf_exclude_uris' => array(),
|
||||
|
||||
// CSRF Cookie information
|
||||
'csrf_cookie_name' => 'fw_csrf_cookie',
|
||||
'csrf_cookie_name' => 'csrf_cookie',
|
||||
'csrf_cookie_prefix' => '',
|
||||
'csrf_cookie_domain' => '',
|
||||
'csrf_cookie_path' => '/',
|
||||
|
|
|
@ -326,9 +326,6 @@ class Output
|
|||
return false;
|
||||
}
|
||||
|
||||
// Lowering permissions to read only
|
||||
chmod($cachePath, 0640);
|
||||
|
||||
// And report back
|
||||
Logger::logInfo("Output cache has been saved.");
|
||||
|
||||
|
@ -525,4 +522,25 @@ class Output
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Set the location to redirect the user to.
|
||||
*
|
||||
* @param string $locationUrl Should be prepended with /
|
||||
* @param bool $permanent True for 301, false for 302 redirect.
|
||||
* @return void
|
||||
*/
|
||||
public function setLocation(string $locationUrl, bool $permanent = false)
|
||||
{
|
||||
// Set the status header
|
||||
if ($permanent)
|
||||
$this->setStatusHeader(301);
|
||||
else
|
||||
$this->setStatusHeader(302);
|
||||
|
||||
// And the location itself
|
||||
$header = 'Location: ' . $locationUrl;
|
||||
$this->headers[] = [$header, true];
|
||||
}
|
||||
|
||||
}
|
|
@ -188,7 +188,7 @@ class Security {
|
|||
$this->input = Factory::getInstance()->input;
|
||||
|
||||
// Is CSRF protection enabled?
|
||||
if ($this->config->csrf_protection)
|
||||
if ($this->config->get('csrf_protection'))
|
||||
{
|
||||
// CSRF config
|
||||
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
|
||||
|
@ -222,6 +222,10 @@ class Security {
|
|||
*/
|
||||
public function csrf_verify(): self
|
||||
{
|
||||
// If not enabled, do not run
|
||||
if (!$this->config->get('csrf_protection'))
|
||||
return $this;
|
||||
|
||||
// If it's not a POST request we will set the CSRF cookie
|
||||
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
|
||||
return $this->csrf_set_cookie();
|
||||
|
@ -371,10 +375,8 @@ class Security {
|
|||
// Is the string an array?
|
||||
if (is_array($str))
|
||||
{
|
||||
while (list($key) = each($str))
|
||||
{
|
||||
$str[$key] = $this->xss_clean($str[$key]);
|
||||
}
|
||||
foreach ($str as $key => $value)
|
||||
$str[$key] = $this->xss_clean($value);
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue