winter

mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00

Author	SHA1	Message	Date
Ben Thomson	48e26fedad	Allow cms.restrictBaseDir to be controlled via env variable	2022-11-11 09:42:57 +08:00
Luke Towers	c137760498	Run all config files through ArrayFile parser This will minimize changes when ConfigWriter is used to set config values through PHP.	2022-03-16 10:55:07 -06:00
Luke Towers	520190f5e0	Tweaks to be more friendly with the ArrayFile parser	2022-03-15 21:26:52 -06:00
Marc Jauvin	bb67f3ef11	Use env() settings by default in config/cms.php (#484 )	2022-03-08 09:03:09 +08:00
Luke Towers	cfa763b714	Initial rebrand commit generated from the 1.0 rebrand branch patch file	2021-03-10 15:02:53 -06:00
Luke Towers	444069da00	Finished implement imageWidth & imageHeight filters	2020-08-21 13:39:45 -06:00
Luke Towers	ca386e2dd1	tweak to default config for resized disk	2020-08-14 15:46:06 -06:00
Luke Towers	f56d1eebe8	Further work on the new resizing functionality	2020-08-06 18:18:28 -06:00
Luke Towers	5a5208bd0b	Document caveat with uploaded file URL generation when installing October in a subfolder Fixes #5204	2020-07-19 01:08:01 -06:00
Samuel Georges	e3b42b2f10	Make cms.backendForceSecure an explicit setting This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy	2020-01-18 18:05:26 +11:00
Samuel Georges	8da798a5cd	Remove XSRF cookie This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else. Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.	2019-11-04 09:06:05 +11:00
Luke Towers	76db3355e6	Merge branch 'develop' of https://github.com/octobercms/october into develop	2019-10-30 08:09:07 -06:00
Luke Towers	959b85f56c	Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726	2019-10-30 08:08:54 -06:00
Jan Boech	cc9b48975d	Typo in "Automatically run migrations on login" (#4727 ) Credit to @najbo.	2019-10-30 16:57:47 +08:00
Samuell	c21c22e1ba	Add option to disable UpdateManager after backend login (#4266 ) Credit to @Samuell1. Fixes #3471.	2019-07-19 14:50:42 -06:00
Ben Thomson	a59d3b83eb	Code quality clean up (#4449 ) Credit to @bennothommo	2019-07-18 08:50:37 -06:00
Ayumi Hamasaki	884042952f	Block off SW running in backend and reduce lookups (#4385 ) Credit to @ayumihamsaki. Related #4384	2019-06-25 17:15:11 +03:00
Luke Towers	15e3bd131a	Merge pull request #4358 from octobercms/wip/file-improvements Use temporaryUrls for protected files if the storage driver supports them. Related: octobercms/library#406	2019-06-02 20:49:12 -06:00
Samuel Georges	17cea816d8	enableDatabaseLayer -> databaseTemplates	2019-06-01 12:40:17 +10:00
Luke Towers	ef4f1e49ee	Added `temporaryUrlTTL` configuration option, switched is_a() to instanceof	2019-05-31 00:53:27 -06:00
Luke Towers	a4802d5036	Minor updates to config cms.enableDatabaseLayer docs	2018-11-05 13:39:55 -06:00
Luke Towers	5dbfa133e7	Config file change and cms_themes_contents table migration	2018-11-01 21:53:16 -06:00
Lucas Thurston	85dd0b9968	Add config flag for disabling basedir restrictions for local development only (#3626 ) Fixes #3619. Credit to @lthurston	2018-07-05 17:07:38 -04:00
Matteo	678916854e	Add config to enable Twig strict_variables (#3370 ) Adds the cms.enableTwigStrictVariables config option to enable strict_variables in Twig for debugging purposes. See https://twig.symfony.com/doc/2.x/api.html#environment-options. Credit to @matteotrubini	2018-01-26 10:59:45 -06:00
Samuel Georges	4a6e0e1e0e	Implement CSRF token by default Implement CSRF protection on CMS for postback handling	2017-10-30 09:00:17 +11:00
Christophe Vuagniaux	e3a567cb78	Enable configuration of backend login session persistence (#2924 ) Thanks to @ChVuagniaux. Fixes #2394	2017-06-22 14:34:16 -06:00
Samuel Georges	c7eb965af8	Introduce ignorePatterns to Media Library, ignoring dot files by default Roll back some changes from #2692	2017-03-20 17:42:17 +11:00
Samuel Georges	b447b8e056	Merge pull request #2692 from ctf0/regex-hide use regex to hide files under media manger	2017-03-19 19:28:40 +11:00
Muah	bcd75c84c0	use regex to hide files under media manger	2017-02-20 13:54:30 +02:00
Samuel Georges	f608b1ac78	Remove query caching config Refs https://github.com/octobercms/library/pull/253#issuecomment-279944594	2017-02-15 20:57:42 +11:00
Samuel Georges	d0d45f839c	Disable db memory cache for tests Refs https://github.com/octobercms/library/pull/253	2017-02-15 08:12:25 +11:00
Samuel Georges	d19f0a1229	Add config for duplicate database query cache Refs https://github.com/octobercms/library/pull/253	2017-02-11 08:18:42 +11:00
Samuel Georges	dc85993584	Minor improvements Add navbar-default styling out of the box	2017-02-03 05:40:24 +11:00
Samuel Georges	b2301a8056	Add new config cms.forceBytecodeInvalidation Refs #2385	2017-01-31 07:23:58 +11:00
Samuel Georges	6af6ebe733	Added config backendForceSecure used to force HTTPS Refs https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html	2016-12-17 10:16:02 +11:00
Scott Bedard	a12ed5e19e	Break apart run-on sentence	2016-11-30 19:11:40 -07:00
Samuel Georges	b08e2c4912	Introduce deep hashing on asset combiner Added cms.enableAssetDeepHashing config item, disabled by default Recompile assets Refs #2248 Refs https://github.com/octobercms/library/pull/225	2016-07-30 15:06:50 +10:00
Samuel Georges	5fef21e892	Minor reorg	2016-06-23 07:37:29 +10:00
Samuel Georges	4df7c6704e	Introduce locale variants Australia Canada UK	2016-04-23 13:13:52 +10:00
Samuel Georges	6c081d9265	Combine editor preferences and backend preferences Add backend timezone setting used for converting display dates	2016-04-23 05:31:05 +10:00
Samuel Georges	3cac52afd4	Default is null, not false	2016-03-25 10:42:14 +11:00
Samuel Georges	f1aa720086	Create a safe mode to disable code field in the CMS Fixes #1756	2016-03-25 10:05:04 +11:00
Samuel Georges	a6b007e55c	Rejigg the config so backendUri is more prominent	2016-03-09 20:48:18 +11:00
Samuel Georges	43e4a23161	Rollback changes from 7b174e6ce866deaa53a913bf3fa9851342601e26	2016-01-04 18:46:23 +11:00
Pásztor Gábor	7b174e6ce8	Add missing config file, remove php 5.4 support.	2016-01-02 15:41:27 +01:00
Samuel Georges	606892143b	Added new security config option cms.enableCsrfProtection	2015-07-04 09:31:28 +10:00
Samuel Georges	06ec662131	Update Chinese (China) language - Fixes #1237 without 10 commits	2015-06-27 09:46:05 +10:00
Samuel Georges	c9cf2b4352	Roll back redirection function This is a magical solution to a non-issue (aesthetic), it could easily be introduced by a plugin and is not a good substitute for proper web server configuration. Eg, Apache: ## ## Directory Listing attempts ## DirectorySlash Off RewriteOptions AllowNoSlash ## ## Redirect Trailing Slashes... ## RewriteRule ^(.*)/$ /$1 [L,R=301]	2015-05-18 19:09:03 +10:00
Samuel Georges	bb6910a068	Add internal redirects (cms.enableRedirects) The application will now perform redirects to prevent duplicate content and enforce the linking policy. Fixes #665 Fixes #1023	2015-05-16 12:19:11 +10:00
Pásztor Gábor	b3dcce6d2a	Updates on Brand Settings	2015-03-11 20:30:41 +01:00

1 2

56 Commits