FuzeWorks/WebComponent
FuzeWorks/WebComponent
1
0
Fork 0
Code Issues 4 Pull Requests Releases 1 Activity

Compare commits

base: FuzeWorks:master
Branches Tags
FuzeWorks:master
FuzeWorks:development
FuzeWorks:1.3.3
FuzeWorks:1.3.2
FuzeWorks:1.3.1
FuzeWorks:1.3.0
FuzeWorks:1.2.7
FuzeWorks:1.2.6
FuzeWorks:1.2.5
FuzeWorks:1.2.4
FuzeWorks:1.2.3
FuzeWorks:1.2.2
FuzeWorks:1.2.1
FuzeWorks:1.2.0
FuzeWorks:1.2.0-RC5
FuzeWorks:1.2.0-RC4
FuzeWorks:1.2.0-RC3
FuzeWorks:1.2.0-RC1
..
compare: FuzeWorks:1.2.6
Branches Tags
FuzeWorks:master
FuzeWorks:development
FuzeWorks:1.3.3
FuzeWorks:1.3.2
FuzeWorks:1.3.1
FuzeWorks:1.3.0
FuzeWorks:1.2.7
FuzeWorks:1.2.6
FuzeWorks:1.2.5
FuzeWorks:1.2.4
FuzeWorks:1.2.3
FuzeWorks:1.2.2
FuzeWorks:1.2.1
FuzeWorks:1.2.0
FuzeWorks:1.2.0-RC5
FuzeWorks:1.2.0-RC4
FuzeWorks:1.2.0-RC3
FuzeWorks:1.2.0-RC1

No commits in common. "master" and "1.2.6" have entirely different histories.
master ... 1.2.6

7 changed files with 33 additions and 66 deletions
Show Stats Expand all files Collapse all files

21
LICENSE
View File

@ -1,21 +0,0 @@
MIT License
Copyright (c) 2013-2021 TechFuze
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.

18
composer.json
View File

@ -4,19 +4,21 @@
"license": ["MIT"],
"authors": [
{
"name": "Abel Hoogeveen",
"homepage": "https://i15.nl"
"name": "TechFuze",
"homepage": "https://techfuze.net"
},
{
"name": "FuzeWorks Community",
"homepage": "https://techfuze.net/fuzeworks/contributors"
}
],
"require": {
"php": ">=8.1.0",
"fuzeworks/core": "~1.3.0",
"fuzeworks/mvcr": "~1.3.0",
"fuzeworks/objectstorage": "~1.3.0"
"php": ">=7.1.0",
"fuzeworks/mvcr": "~1.2.0",
"fuzeworks/core": "~1.2.0"
},
"require-dev": {
"fuzeworks/layout": "~1.3.0",
"fuzeworks/tracycomponent": "~1.3.0"
"phpunit/phpunit": "^7"
},
"autoload": {
"psr-4": {

4
src/Config/config.security.php
View File

@ -50,12 +50,12 @@ return [
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
*/
'csrf_protection' => true,
'csrf_token_name' => 'csrf_token',
'csrf_token_name' => 'fw_csrf_token',
'csrf_expire' => 7200,
'csrf_exclude_uris' => array(),
// CSRF Cookie information
'csrf_cookie_name' => 'csrf_cookie',
'csrf_cookie_name' => 'fw_csrf_cookie',
'csrf_cookie_prefix' => '',
'csrf_cookie_domain' => '',
'csrf_cookie_path' => '/',

2
src/FuzeWorks/Input.php
View File

@ -327,6 +327,7 @@ class Input
/**
* Fetch the HTTP_USER_AGENT variable from the $_SERVER array
*
* @param string|array|null $index
* @param bool $xssClean
* @return mixed
*/
@ -338,6 +339,7 @@ class Input
/**
* Fetch the REQUEST_METHOD variable from the $_SERVER array
*
* @param string|array|null $index
* @param bool $xssClean
* @return mixed
*/

30
src/FuzeWorks/Output.php
View File

@ -289,13 +289,13 @@ class Output
$getParams = $this->input->get();
// Determine the identifier
$identifier = md5($uri . '|' . serialize($getParams));
$identier = md5($uri . '|' . serialize($getParams));
// Determine the file that holds the cache
if ($this->compressOutput)
$file = $cachePath . DS . $identifier . '_gzip.fwcache';
$file = $cachePath . DS . $identier . '_gzip.fwcache';
else
$file = $cachePath . DS . $identifier . '.fwcache';
$file = $cachePath . DS . $identier . '.fwcache';
// If compression is enabled, compress the output
@ -326,6 +326,9 @@ class Output
return false;
}
// Lowering permissions to read only
chmod($cachePath, 0640);
// And report back
Logger::logInfo("Output cache has been saved.");
@ -522,25 +525,4 @@ class Output
}
}
/**
* Set the location to redirect the user to.
*
* @param string $locationUrl Should be prepended with /
* @param bool $permanent True for 301, false for 302 redirect.
* @return void
*/
public function setLocation(string $locationUrl, bool $permanent = false)
{
// Set the status header
if ($permanent)
$this->setStatusHeader(301);
else
$this->setStatusHeader(302);
// And the location itself
$header = 'Location: ' . $locationUrl;
$this->headers[] = [$header, true];
}
}

12
src/FuzeWorks/Security.php
View File

@ -188,7 +188,7 @@ class Security {
$this->input = Factory::getInstance()->input;
// Is CSRF protection enabled?
if ($this->config->get('csrf_protection'))
if ($this->config->csrf_protection)
{
// CSRF config
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
@ -222,10 +222,6 @@ class Security {
*/
public function csrf_verify(): self
{
// If not enabled, do not run
if (!$this->config->get('csrf_protection'))
return $this;
// If it's not a POST request we will set the CSRF cookie
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
return $this->csrf_set_cookie();
@ -375,8 +371,10 @@ class Security {
// Is the string an array?
if (is_array($str))
{
foreach ($str as $key => $value)
$str[$key] = $this->xss_clean($value);
while (list($key) = each($str))
{
$str[$key] = $this->xss_clean($str[$key]);
}
return $str;
}

12
src/FuzeWorks/WebComponent.php
View File

@ -60,7 +60,7 @@ class WebComponent implements iComponent
*
* @var bool
*/
public static bool $willHandleRequest = false;
public static $willHandleRequest = false;
public function getName(): string
{
@ -93,8 +93,10 @@ class WebComponent implements iComponent
// If WebComponent will handle a request, add some calls to the configurator
if (self::$willHandleRequest)
{
// Invoke methods to prepare system for HTTP calls
$configurator->call('logger', 'setLoggerTemplate', null, 'logger_http');
}
}
public function onCreateContainer(Factory $container)
@ -122,14 +124,14 @@ class WebComponent implements iComponent
}
/**
* Disable the WebComponent, so it won't prepare for handling requests
* Disable the WebComponent so it won't prepare for handling requests
*/
public function disableComponent()
{
self::$willHandleRequest = false;
}
public function shutdownEventListener(Event $event): Event
public function shutdownEventListener(Event $event)
{
/** @var Output $output */
Logger::logInfo("Parsing output...");
@ -312,6 +314,7 @@ class WebComponent implements iComponent
*/
public function callViewEventListener(RouterCallViewEvent $event, SecurityException $exception)
{
/** @var RouterCallViewEvent $event */
// If the securityExceptionHandler method exists, cancel based on that methods output
if (method_exists($event->view, 'securityExceptionHandler'))
$event->setCancelled(!$event->view->securityExceptionHandler($exception));
@ -326,7 +329,7 @@ class WebComponent implements iComponent
*
* Fired when FuzeWorks halts it's execution. Loads an error 500 page.
*
* @param HaltExecutionEvent $event
* @param $event
* @throws EventException
* @throws FactoryException
* @TODO remove FuzeWorks\Layout dependency
@ -385,6 +388,7 @@ class WebComponent implements iComponent
$security = Factory::getInstance()->security;
$config = Factory::getInstance()->config;
/** @var LayoutLoadEvent $event */
$event->assign('csrfHash', $security->get_csrf_hash());
$event->assign('csrfTokenName', $security->get_csrf_token_name());
$event->assign('siteURL', $config->getConfig('web')->get('base_url'));