1
0
mirror of https://github.com/e107inc/e107.git synced 2025-10-24 11:16:22 +02:00
Commit Graph

53 Commits

Author SHA1 Message Date
Cameron
412b0b2efe Reducing e_SECURITY_LEVEL to 3 with disable ValidateRemoteAddr. 2022-04-04 14:47:53 -07:00
Cameron
55980a29a8 Generated PHPDoc for all classes in e107_handlers where one was missing. toNumber() updated to always return int or float. 2022-04-04 10:54:24 -07:00
Cameron
fd42d2325f Issue #4657 - Improved handling to prevent multiple sessions running on the same user account. 2022-01-13 11:18:31 -08:00
Nick Liu
20882920a0 Fix all PHP 8.1 test failures
* `strftime()` has been replaced with a polyfill based on `DateTime`.
* Explicit type casts/assertions added where required by PHP 8.1
* `filter_var(…, FILTER_SANITIZE_STRING)` replaced with `strip_tags()`
  or HTML entity encoding of quotation marks, depending on a guess of
  what the intended "sanitization" was
* `http_build_query()` usage type mismatches fixed
* Removed usages of the `FILE_TEXT` constant
* To avoid breaking PHP 5.6 compatibility (function return types),
  `e_session_db` no longer implements `SessionHandlerInterface`.
  Instead, the alternative non-OOP invocation of
  `session_set_save_handler()` is used instead to apply the session
  handler.
* The shim for `strptime()` still calls the native function if available
  but now suppresses the deprecation warning.

* `e_db_pdo` explicitly asks for `PDO::ATTR_STRINGIFY_FETCHES` to
  maintain consistent behavior with past versions of PHP.
* `e_db_mysql` explicitly sets `mysqli_report(MYSQLI_REPORT_OFF)` to
  maintain consistent behavior with past versions of PHP.

* Removed pointless random number generator seed from `banner` plugin
* Workaround for `COUNT(*)` SQL query in
  `validatorClass::dbValidateArray()` without a proper API for avoiding
  SQL injection
2021-09-04 15:06:19 +02:00
Cameron
d8f9a96dea Issue #4520 Possible fix for session duration. (testing needed) 2021-06-18 09:44:26 -07:00
Cameron
aee77a102f Set profanity list limit to 1000. (Could reduce performance)
Fix for comment template. Prevent secureImage from buffering too many keys.
2021-02-14 07:02:09 -08:00
Cameron
72c54371cc e107::getSession()->set will now accept multi-dimensional key format. Test added. Form-handler PHP8 fix. 2021-02-08 11:59:04 -08:00
Cameron
2337b075a8 Fixes #4346 - TinyMce parser issue. Hide side-panel help icon on legacy admin theme. 2021-02-05 18:31:54 -08:00
Cameron
7279e0273e Valid login event added. Session conflict fix. Session test added. Featurebox tree() fix. 2021-01-14 10:31:51 -08:00
Cameron
7dfac0dcfa Issue #4299 - PHP8 compatibility fixes. 2020-12-25 10:23:56 -08:00
Cameron
3f8e043998 Replaced e107::getAdminLog() with e107::getLog(). e107::getAdminLog() will continue as a deprecated alias. 2020-12-22 09:36:02 -08:00
Cameron
f5153bf640 Updating of deprecated method usage. Removal of old files. Log tests added. 2020-12-18 09:39:02 -08:00
Cameron
7439d599f8 Issue #4176 - Incremental introduction of database sessions - Experimental (work in progress) 2020-06-02 13:43:21 -07:00
Nick Liu
5d982561c3 Fixes #4113 - Enable session file garbage collection 2020-04-18 14:10:02 -05:00
Nick Liu
4441d6e666 Guard e_session::setDefaultSystemConfig() to dedent function 2020-04-18 14:05:16 -05:00
Nick Liu
4321c1b944 Null coalescing for $_SERVER keys in session_handler.php
Resolves CLI-invoked E_NOTICE in:
* e_session::getValidateData()
* e_core_session::challenge()
2020-01-17 15:54:12 +01:00
Cameron
fa6852ea8e Revert session handler change. 2019-06-16 13:44:03 -07:00
Cameron
6b73f6d198 Fix for session issue. 2019-06-16 12:44:00 -07:00
Cameron
d4134c7f89 PHP 7.3 fixes. 2019-02-07 17:12:23 -08:00
Cameron
9726a70d2d Issue #3076 - session handler. 2018-03-19 11:20:35 -07:00
Cameron
968965e561 Removed session debug info 2018-03-10 19:23:06 -08:00
Cameron
15345afb89 #1517 Tracing of the 'unauthorized access' issue. 2018-03-09 17:52:14 -08:00
Cameron
f05a0fd777 Set secure cookie when SSL active. 2018-01-13 12:38:32 -08:00
Cameron
e35259afe9 Multisite navigation support (when multisite plugin installed) 2017-10-11 18:57:32 -07:00
Cameron
775060b94f Remove debug info 2017-01-12 12:15:08 -08:00
Cameron
e2bc81f654 Issue #1245, #1523 Possible fix for servers using memcache as a session handler. 2017-01-12 12:06:25 -08:00
Cameron
8af3a0780a Pref for session time added. Modification of PRFLAN_60 and PRFLAN_61 2016-12-28 15:03:06 -08:00
Cameron
465a1309af Session clear() with no key will now reset data array. Fix for nav-bar avatar alignment 2016-12-10 10:47:14 -08:00
Cameron
17382b25ac Input filter fixes. 2016-08-19 16:13:38 -07:00
Cameron
ad0bc1376d Issue #1349 MySQL class fixes and install.php corrections. 2016-02-11 20:57:30 -08:00
Cameron
84c4c8607d Issues #1254 #1208 #1211 #1245 Option to define the session.save_path (relative to e107's root directory) in e107_config.php: define('SESSION_SAVE_PATH','relative-path-to-folder');
example: define('SESSION_SAVE_PATH','../_sessions/');
Use the PHPInfo page in the admin area to check it has worked. Will only work if the path to the folder exists. session.hash_function is now set to sha512 by default when the security level is BALANCED or higher.
2015-11-30 14:30:37 -08:00
Cameron
e576370e57 Remove some references to deprecated functions/methods. 2015-02-14 23:34:15 -08:00
Cameron
8c7e7f77de Admin-UI: Improved styling options for inline editing on boolean elements. 2015-01-20 20:57:20 -08:00
Cameron
c4bfa03be1 Fixes #495, #485, #486, #487 - Browser cache issues. 2014-05-24 20:40:51 -07:00
Cameron
67f48571f4 Fix for session value-loss issue. 2013-11-05 14:15:12 -08:00
Cameron
29f74508c2 Forum quick-reply fix. 2013-06-19 19:54:29 -07:00
SteveD
865adaa99f Issue #343 partial fix - needs JS sorting properly, but should now be possible to log in using CHAP. CHAP didn't work at all for admin login. Also need to change challenge value on every page reload without losing track. 2013-06-09 20:53:44 +01:00
Cameron
73e095f14f May help session subdomain issues. 2013-06-06 12:50:43 -07:00
Cameron
5af8208c7e Enable logging by default. 2013-06-02 14:49:26 -07:00
Cameron
693b5bea75 Improved logging options and file-naming. 2013-06-01 04:36:58 -07:00
Cameron
8d94fa8b23 Possible fix for 'Anonymous' showing in logs, when admin is logged in. 2013-05-31 18:36:43 -07:00
CaMer0n
bfb687dfd5 Session quick fix. Image resizing etc. 2012-09-03 23:02:45 +00:00
CaMer0n
c7c9bfe517 Increased session to 24 hours (prevent being logged-out every hour).
Recursive chmod added to Database Tools for correcting folder and file perms.
2012-08-05 10:06:01 +00:00
CaMer0n
9937a9c0e2 Disabled session-log and IP was not being stored at signup - fixed. 2012-08-01 21:03:07 +00:00
secretr
a2dd8c47fd more session options from site preferences (not added to the preference UI yet) 2012-02-20 14:55:16 +00:00
secretr
600e3aa12f e-token check method returns now boolean; comments e-token check refined 2011-10-24 06:30:31 +00:00
CaMer0n
5afeed3353 Session Object/Array conflict - Quick Fix. 2011-05-04 21:18:04 +00:00
secretr
0c794e2fb4 cross-browser cache issues 2011-01-14 12:19:03 +00:00
secretr
51d6cb9fac EONE-134 - typo, thanks Andrew 2010-10-27 11:33:59 +00:00
secretr
cd49c6c850 New sessions related improvements/fixes; extra check in Site preferences area for cookie name - session/cookie regeneration, prevent logout; varoious redirection handler improvements plus new e107 method candidates - get/set/clear Cookies based on site preferences. 2010-10-27 11:31:18 +00:00