Mirrors/ICEcoder
2
0
Fork 0
mirror of https://github.com/icecoder/ICEcoder.git synced 2026-03-03 15:24:00 +01:00
Code Issues Packages Projects Releases Wiki Activity
1,816 Commits 1 Branch 74 Tags
385d4e0efd686deff1661fc87cd4097f14b436ae
Commit Graph

21 Commits

Author SHA1 Message Date
Matt Pass
9cb89463bb Missing ] 2015-01-26 09:10:23 +00:00
Matt Pass
3a48fd9cdd $docRoot not always available 2015-01-25 14:08:19 +00:00
Matt Pass
c4bba758c7 Get path from root plus up 1 dir 2015-01-25 14:04:20 +00:00
Matt Pass
47263bdbed Redone session params 
No longer using session_start_safe() function because it caused more
usage problems than it solved. Setting a load of new params now to give
a much better setup.
 2015-01-23 08:24:20 +00:00
Martin Naumann
4a1ba5dfe3 Using reworked version from @mattpass 2014-12-01 19:44:21 +01:00
Martin Naumann
6861fa9ced Re-adding the session_cookie_params 2014-12-01 19:43:07 +01:00
Martin N.
29857e7d70 Using a custom session_start_safe 
This fixes path issues, where the session directory ends up not writeable.
 2014-12-01 16:45:49 +01:00
Martin Naumann
36b20938b7 Using httpOnly session cookie 2014-12-01 10:34:13 +01:00
Matt Pass
5ce3a9912c Bad URL on logout and die to go no further 
Location shouldn't contain the dirname of the file or a loggedOut param
(with no CSRF!) - all unnecessary and causes problems
Also add a die() after the header location to go no further.
 2014-11-26 10:02:33 +00:00
Matt Pass
505f5b35c7 Only use if we have text available & logout fix 2014-11-26 09:33:10 +00:00
Matt Pass
9ea459787e Polyfill added for array_replace_recursive 
This is natively available in PHP 5.3+
 2014-10-24 09:23:52 +01:00
Matt Pass
a029eceb9d Set session_save_path & fix logout URL 
Some hosts have a loop around issue with no session being available
after a header location redirect
After much research, I've found this is due to some hosts not having a
session save path and it needs to be set using PHP
Setting this means ICEcoder works on those few hosts
Fix to bad URL on logout
 2014-09-29 10:55:46 +01:00
Matt Pass
0d4ca6a483 Final language replacement placeholders 2014-08-21 14:29:11 +01:00
Matt Pass
8ec0d518ad Largely adjusted XSS protection 
Adjusted to match that implemented by Ashar Javed
(https://twitter.com/soaj1664ashar, demo:
http://xssplaygroundforfunandlearn.netai.net/final.html). Was
unbreakable against 78k XSS attempts, so seems very solid
 2014-06-27 11:22:32 +01:00
Matt Pass
a470daf9f5 No need for other chars to be replaced 
Impossible to output an XSS without < or > alone
 2014-05-03 14:13:48 +01:00
Matt Pass
75885aecf5 strClean now replaces javascript: 
htmlentities doesn't cover : and str_replace on : is too vague
regex is case insensitive
 2014-04-26 12:25:12 +01:00
Matt Pass
9a2881cd7b Remove comma 2014-04-24 12:10:17 +01:00
Matt Pass
c88d4f46e3 Rewrite of xssClean function to be neater 2014-04-23 07:41:30 +01:00
Matt Pass
d6a7db8f3e xssClean function added 
Had 4 different contexts, the first 2 alter parts of strings, the last 2
remove those parts
 2014-04-22 08:05:40 +01:00
Matt Pass
6030e9a4ca This is now set, in headers.php 2014-04-18 17:59:27 +01:00
Matt Pass
03c0842ba2 Common settings/functions now in own file 2014-01-11 15:14:04 +00:00