Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 07:13:59 +01:00
Code Issues Packages Projects Releases Wiki Activity
2,331 Commits 1 Branch 74 Tags
0f10702cf98f28251e272f808b40a3600a9f43c0
Commit Graph

53 Commits

Author SHA1 Message Date
Matt Pass
85c9f6aed9 Create data/backups dir if not yet existing & use 2019-08-18 18:28:55 +01:00
Matt Pass
bc67286bb6 Migrate to Bcrypt hashing for new passwords 
Fall back to legacy sha1 password hashing
 2019-08-13 00:11:52 +01:00
Rafael Rotelok
51ab472142 PSR-2 Compliance, removing the closing tag ( ?> ) on php only files 
inserting a blank line on the end of php only files
 2018-06-16 00:19:49 -03:00
Matt Pass
f689908848 Extra fallback to open file 2018-05-04 17:47:51 +01:00
Matt Pass
3a10a84c48 Can pass timeout, set def of 60, else text return 2016-10-18 08:58:38 +01:00
Matt Pass
707d3a9b03 Removing php.ini 
Caused blank page issue for a few people - turning magic quotes off in
code is OK
 2016-09-05 08:56:12 +01:00
Matt Pass
749dc212d9 Need to replace \ with / in fileLoc 2016-08-25 21:28:51 +01:00
Matt Pass
67e929dc75 injClean function added 2016-08-25 17:02:56 +01:00
Matt Pass
227eefa332 Can pass text as 3rd param now for die message 2016-08-25 14:54:38 +01:00
Matt Pass
893894f97b Get data via new function 2016-08-25 14:39:19 +01:00
Matt Pass
d992173967 Function to get data via fopen or curl & used 2016-08-25 14:37:18 +01:00
Matt Pass
483ac6cd6c Fix to backup files in root - // to / in path 2016-08-19 12:47:39 +01:00
Matt Pass
313002e4a0 Need to globalise text and set the array chunk 2016-07-11 08:46:15 +01:00
Matt Pass
67e28106f9 Use premade var rather than spec in another way 2016-05-05 16:01:53 +01:00
Matt Pass
191990ffdb Change param and remove all other BOMs 2016-05-05 15:55:55 +01:00
Matt Pass
f83929584f Revert "No need to set $origContent" 
This reverts commit c967325b7d.
 2016-05-05 15:54:17 +01:00
Matt Pass
c967325b7d No need to set $origContent 2016-05-05 15:53:29 +01:00
Matt Pass
8a1fec4e18 Tweak to comment 2016-05-05 15:35:53 +01:00
Matt Pass
d686faf8a7 Replace only first BOM, include ending if needed 2016-05-05 15:35:43 +01:00
Matt Pass
6735caae36 UTF8 BOM should be replaced with a PHP_EOL 2016-04-26 09:15:55 +01:00
Matt Pass
0617f294cd No newlines at EOF and remove file_exists 
Existence of a dir is done on is_dir
 2016-03-18 14:00:18 +00:00
MicroVB INC
7017ab1c33 Update settings-common.php 2016-03-16 18:20:22 -04:00
MicroVB INC
5d6299e3c8 Fix enumeration warning when localhost missing 
Corrects the following error :

scandir(/var/www/html/ice/lib/../backups/localhost): failed to open dir: No such file or directory in /var/www/html/ice/lib/settings-common.php on line 190

(possible review required for if this is something that should be created before this method is called, or if a simple check as this patch does is all that is required.)
 2016-03-16 18:16:02 -04:00
MicroVB INC
7d8b229153 Context is now accessible inside GetVersionCount() 
globalized $context inside `GetVersionCount()` to eliminate `Notice:  Undefined variable: context in /var/www/html/ice/lib/settings-common.php on line 203`

Added check if file is readable for `.version-index`'s inside the loop within `GetVersionCount()`
 2016-03-16 12:59:59 -04:00
Matt Pass
c5996f7b23 Returns count and array now, rev scandir order 2015-10-08 09:25:11 +01:00
Matt Pass
b00ce2f7c9 Get number of versions for this file 2015-09-18 11:06:53 +01:00
Matt Pass
57bf19d69c Undo change, overwrote commit by mistake 2015-08-13 10:47:24 +01:00
Matt Pass
1237d5868a Changes to UTF-8 encoding logic 2015-08-13 08:51:38 +01:00
Matt Pass
f9418db57f Check if string is strict UTF8 and if not encode 
Handles other ISO formatted filetypes this way
 2015-07-30 19:19:55 +01:00
Matt Pass
67d44e56bb Don't set cookie_path or use strict mode 
Using cookie_path on IE has an issue and causes session, then CSRF
issues
Stop using strict_mode as causes a problem on some setups
Add notes to these and httponly re IE and PHP version
 2015-04-25 11:53:53 +01:00
Matt Pass
d320bb7172 Format tweak only 2015-04-25 10:50:00 +01:00
Andrey Grinenko
8f1cca087b session fixation fix - previous version did not let me in, because it regenerated session before even trying to start old one and check whether it is valid or not. 
I've also added session regeneration on login, which is good practice to prevent session fixation.
 2015-02-21 02:58:44 +03:00
Matt Pass
9cb89463bb Missing ] 2015-01-26 09:10:23 +00:00
Matt Pass
3a48fd9cdd $docRoot not always available 2015-01-25 14:08:19 +00:00
Matt Pass
c4bba758c7 Get path from root plus up 1 dir 2015-01-25 14:04:20 +00:00
Matt Pass
47263bdbed Redone session params 
No longer using session_start_safe() function because it caused more
usage problems than it solved. Setting a load of new params now to give
a much better setup.
 2015-01-23 08:24:20 +00:00
Martin Naumann
4a1ba5dfe3 Using reworked version from @mattpass 2014-12-01 19:44:21 +01:00
Martin Naumann
6861fa9ced Re-adding the session_cookie_params 2014-12-01 19:43:07 +01:00
Martin N.
29857e7d70 Using a custom session_start_safe 
This fixes path issues, where the session directory ends up not writeable.
 2014-12-01 16:45:49 +01:00
Martin Naumann
36b20938b7 Using httpOnly session cookie 2014-12-01 10:34:13 +01:00
Matt Pass
5ce3a9912c Bad URL on logout and die to go no further 
Location shouldn't contain the dirname of the file or a loggedOut param
(with no CSRF!) - all unnecessary and causes problems
Also add a die() after the header location to go no further.
 2014-11-26 10:02:33 +00:00
Matt Pass
505f5b35c7 Only use if we have text available & logout fix 2014-11-26 09:33:10 +00:00
Matt Pass
9ea459787e Polyfill added for array_replace_recursive 
This is natively available in PHP 5.3+
 2014-10-24 09:23:52 +01:00
Matt Pass
a029eceb9d Set session_save_path & fix logout URL 
Some hosts have a loop around issue with no session being available
after a header location redirect
After much research, I've found this is due to some hosts not having a
session save path and it needs to be set using PHP
Setting this means ICEcoder works on those few hosts
Fix to bad URL on logout
 2014-09-29 10:55:46 +01:00
Matt Pass
0d4ca6a483 Final language replacement placeholders 2014-08-21 14:29:11 +01:00
Matt Pass
8ec0d518ad Largely adjusted XSS protection 
Adjusted to match that implemented by Ashar Javed
(https://twitter.com/soaj1664ashar, demo:
http://xssplaygroundforfunandlearn.netai.net/final.html). Was
unbreakable against 78k XSS attempts, so seems very solid
 2014-06-27 11:22:32 +01:00
Matt Pass
a470daf9f5 No need for other chars to be replaced 
Impossible to output an XSS without < or > alone
 2014-05-03 14:13:48 +01:00
Matt Pass
75885aecf5 strClean now replaces javascript: 
htmlentities doesn't cover : and str_replace on : is too vague
regex is case insensitive
 2014-04-26 12:25:12 +01:00
Matt Pass
9a2881cd7b Remove comma 2014-04-24 12:10:17 +01:00
Matt Pass
c88d4f46e3 Rewrite of xssClean function to be neater 2014-04-23 07:41:30 +01:00