Compare commits
No commits in common. "master" and "1.2.6" have entirely different histories.
21
LICENSE
21
LICENSE
@ -1,21 +0,0 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2013-2021 TechFuze
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
in the Software without restriction, including without limitation the rights
|
||||
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
|
||||
copies of the Software, and to permit persons to whom the Software is
|
||||
furnished to do so, subject to the following conditions:
|
||||
|
||||
The above copyright notice and this permission notice shall be included in all
|
||||
copies or substantial portions of the Software.
|
||||
|
||||
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
||||
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
||||
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
|
||||
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
||||
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
||||
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
|
||||
SOFTWARE.
|
@ -4,19 +4,21 @@
|
||||
"license": ["MIT"],
|
||||
"authors": [
|
||||
{
|
||||
"name": "Abel Hoogeveen",
|
||||
"homepage": "https://i15.nl"
|
||||
"name": "TechFuze",
|
||||
"homepage": "https://techfuze.net"
|
||||
},
|
||||
{
|
||||
"name": "FuzeWorks Community",
|
||||
"homepage": "https://techfuze.net/fuzeworks/contributors"
|
||||
}
|
||||
],
|
||||
"require": {
|
||||
"php": ">=8.1.0",
|
||||
"fuzeworks/core": "~1.3.0",
|
||||
"fuzeworks/mvcr": "~1.3.0",
|
||||
"fuzeworks/objectstorage": "~1.3.0"
|
||||
"php": ">=7.1.0",
|
||||
"fuzeworks/mvcr": "~1.2.0",
|
||||
"fuzeworks/core": "~1.2.0"
|
||||
},
|
||||
"require-dev": {
|
||||
"fuzeworks/layout": "~1.3.0",
|
||||
"fuzeworks/tracycomponent": "~1.3.0"
|
||||
"phpunit/phpunit": "^7"
|
||||
},
|
||||
"autoload": {
|
||||
"psr-4": {
|
||||
|
@ -50,12 +50,12 @@ return [
|
||||
| 'csrf_exclude_uris' = Array of URIs which ignore CSRF checks
|
||||
*/
|
||||
'csrf_protection' => true,
|
||||
'csrf_token_name' => 'csrf_token',
|
||||
'csrf_token_name' => 'fw_csrf_token',
|
||||
'csrf_expire' => 7200,
|
||||
'csrf_exclude_uris' => array(),
|
||||
|
||||
// CSRF Cookie information
|
||||
'csrf_cookie_name' => 'csrf_cookie',
|
||||
'csrf_cookie_name' => 'fw_csrf_cookie',
|
||||
'csrf_cookie_prefix' => '',
|
||||
'csrf_cookie_domain' => '',
|
||||
'csrf_cookie_path' => '/',
|
||||
|
@ -327,6 +327,7 @@ class Input
|
||||
/**
|
||||
* Fetch the HTTP_USER_AGENT variable from the $_SERVER array
|
||||
*
|
||||
* @param string|array|null $index
|
||||
* @param bool $xssClean
|
||||
* @return mixed
|
||||
*/
|
||||
@ -338,6 +339,7 @@ class Input
|
||||
/**
|
||||
* Fetch the REQUEST_METHOD variable from the $_SERVER array
|
||||
*
|
||||
* @param string|array|null $index
|
||||
* @param bool $xssClean
|
||||
* @return mixed
|
||||
*/
|
||||
|
@ -289,13 +289,13 @@ class Output
|
||||
$getParams = $this->input->get();
|
||||
|
||||
// Determine the identifier
|
||||
$identifier = md5($uri . '|' . serialize($getParams));
|
||||
$identier = md5($uri . '|' . serialize($getParams));
|
||||
|
||||
// Determine the file that holds the cache
|
||||
if ($this->compressOutput)
|
||||
$file = $cachePath . DS . $identifier . '_gzip.fwcache';
|
||||
$file = $cachePath . DS . $identier . '_gzip.fwcache';
|
||||
else
|
||||
$file = $cachePath . DS . $identifier . '.fwcache';
|
||||
$file = $cachePath . DS . $identier . '.fwcache';
|
||||
|
||||
|
||||
// If compression is enabled, compress the output
|
||||
@ -326,6 +326,9 @@ class Output
|
||||
return false;
|
||||
}
|
||||
|
||||
// Lowering permissions to read only
|
||||
chmod($cachePath, 0640);
|
||||
|
||||
// And report back
|
||||
Logger::logInfo("Output cache has been saved.");
|
||||
|
||||
@ -522,25 +525,4 @@ class Output
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Set the location to redirect the user to.
|
||||
*
|
||||
* @param string $locationUrl Should be prepended with /
|
||||
* @param bool $permanent True for 301, false for 302 redirect.
|
||||
* @return void
|
||||
*/
|
||||
public function setLocation(string $locationUrl, bool $permanent = false)
|
||||
{
|
||||
// Set the status header
|
||||
if ($permanent)
|
||||
$this->setStatusHeader(301);
|
||||
else
|
||||
$this->setStatusHeader(302);
|
||||
|
||||
// And the location itself
|
||||
$header = 'Location: ' . $locationUrl;
|
||||
$this->headers[] = [$header, true];
|
||||
}
|
||||
|
||||
}
|
@ -188,7 +188,7 @@ class Security {
|
||||
$this->input = Factory::getInstance()->input;
|
||||
|
||||
// Is CSRF protection enabled?
|
||||
if ($this->config->get('csrf_protection'))
|
||||
if ($this->config->csrf_protection)
|
||||
{
|
||||
// CSRF config
|
||||
foreach (array('csrf_expire', 'csrf_token_name', 'csrf_cookie_name') as $key)
|
||||
@ -222,10 +222,6 @@ class Security {
|
||||
*/
|
||||
public function csrf_verify(): self
|
||||
{
|
||||
// If not enabled, do not run
|
||||
if (!$this->config->get('csrf_protection'))
|
||||
return $this;
|
||||
|
||||
// If it's not a POST request we will set the CSRF cookie
|
||||
if (strtoupper($this->input->server('REQUEST_METHOD')) !== 'POST')
|
||||
return $this->csrf_set_cookie();
|
||||
@ -375,8 +371,10 @@ class Security {
|
||||
// Is the string an array?
|
||||
if (is_array($str))
|
||||
{
|
||||
foreach ($str as $key => $value)
|
||||
$str[$key] = $this->xss_clean($value);
|
||||
while (list($key) = each($str))
|
||||
{
|
||||
$str[$key] = $this->xss_clean($str[$key]);
|
||||
}
|
||||
|
||||
return $str;
|
||||
}
|
||||
|
@ -60,7 +60,7 @@ class WebComponent implements iComponent
|
||||
*
|
||||
* @var bool
|
||||
*/
|
||||
public static bool $willHandleRequest = false;
|
||||
public static $willHandleRequest = false;
|
||||
|
||||
public function getName(): string
|
||||
{
|
||||
@ -93,9 +93,11 @@ class WebComponent implements iComponent
|
||||
|
||||
// If WebComponent will handle a request, add some calls to the configurator
|
||||
if (self::$willHandleRequest)
|
||||
{
|
||||
// Invoke methods to prepare system for HTTP calls
|
||||
$configurator->call('logger', 'setLoggerTemplate', null, 'logger_http');
|
||||
}
|
||||
}
|
||||
|
||||
public function onCreateContainer(Factory $container)
|
||||
{
|
||||
@ -122,14 +124,14 @@ class WebComponent implements iComponent
|
||||
}
|
||||
|
||||
/**
|
||||
* Disable the WebComponent, so it won't prepare for handling requests
|
||||
* Disable the WebComponent so it won't prepare for handling requests
|
||||
*/
|
||||
public function disableComponent()
|
||||
{
|
||||
self::$willHandleRequest = false;
|
||||
}
|
||||
|
||||
public function shutdownEventListener(Event $event): Event
|
||||
public function shutdownEventListener(Event $event)
|
||||
{
|
||||
/** @var Output $output */
|
||||
Logger::logInfo("Parsing output...");
|
||||
@ -312,6 +314,7 @@ class WebComponent implements iComponent
|
||||
*/
|
||||
public function callViewEventListener(RouterCallViewEvent $event, SecurityException $exception)
|
||||
{
|
||||
/** @var RouterCallViewEvent $event */
|
||||
// If the securityExceptionHandler method exists, cancel based on that methods output
|
||||
if (method_exists($event->view, 'securityExceptionHandler'))
|
||||
$event->setCancelled(!$event->view->securityExceptionHandler($exception));
|
||||
@ -326,7 +329,7 @@ class WebComponent implements iComponent
|
||||
*
|
||||
* Fired when FuzeWorks halts it's execution. Loads an error 500 page.
|
||||
*
|
||||
* @param HaltExecutionEvent $event
|
||||
* @param $event
|
||||
* @throws EventException
|
||||
* @throws FactoryException
|
||||
* @TODO remove FuzeWorks\Layout dependency
|
||||
@ -385,6 +388,7 @@ class WebComponent implements iComponent
|
||||
$security = Factory::getInstance()->security;
|
||||
$config = Factory::getInstance()->config;
|
||||
|
||||
/** @var LayoutLoadEvent $event */
|
||||
$event->assign('csrfHash', $security->get_csrf_hash());
|
||||
$event->assign('csrfTokenName', $security->get_csrf_token_name());
|
||||
$event->assign('siteURL', $config->getConfig('web')->get('base_url'));
|
||||
|
Loading…
Reference in New Issue
Block a user