mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
5,029 Commits 35 Branches 172 Tags
Commit Graph

46 Commits

Author SHA1 Message Date
Samuel Georges
8da798a5cd Remove XSRF cookie 
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
 2019-11-04 09:06:05 +11:00
Luke Towers
76db3355e6 Merge branch 'develop' of https://github.com/octobercms/october into develop 2019-10-30 08:09:07 -06:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Jan Boech
cc9b48975d Typo in "Automatically run migrations on login" (#4727) 
Credit to @najbo.
 2019-10-30 16:57:47 +08:00
Samuell
c21c22e1ba Add option to disable UpdateManager after backend login (#4266) 
Credit to @Samuell1. Fixes #3471.
 2019-07-19 14:50:42 -06:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Ayumi Hamasaki
884042952f Block off SW running in backend and reduce lookups (#4385) 
Credit to @ayumihamsaki. Related #4384
 2019-06-25 17:15:11 +03:00
Luke Towers
15e3bd131a
Merge pull request #4358 from octobercms/wip/file-improvements 
Use temporaryUrls for protected files if the storage driver supports them. Related: octobercms/library#406
 2019-06-02 20:49:12 -06:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
Luke Towers
ef4f1e49ee Added temporaryUrlTTL configuration option, switched is_a() to instanceof 2019-05-31 00:53:27 -06:00
Luke Towers
a4802d5036 Minor updates to config cms.enableDatabaseLayer docs 2018-11-05 13:39:55 -06:00
Luke Towers
5dbfa133e7 Config file change and cms_themes_contents table migration 2018-11-01 21:53:16 -06:00
Lucas Thurston
85dd0b9968 Add config flag for disabling basedir restrictions for local development only (#3626) 
Fixes #3619. Credit to @lthurston
 2018-07-05 17:07:38 -04:00
Matteo
678916854e Add config to enable Twig strict_variables (#3370) 
Adds the cms.enableTwigStrictVariables config option to enable strict_variables in Twig for debugging purposes. See https://twig.symfony.com/doc/2.x/api.html#environment-options. Credit to @matteotrubini
 2018-01-26 10:59:45 -06:00
Samuel Georges
4a6e0e1e0e Implement CSRF token by default 
Implement CSRF protection on CMS for postback handling
 2017-10-30 09:00:17 +11:00
Christophe Vuagniaux
e3a567cb78 Enable configuration of backend login session persistence (#2924) 
Thanks to @ChVuagniaux. Fixes #2394
 2017-06-22 14:34:16 -06:00
Samuel Georges
c7eb965af8 Introduce ignorePatterns to Media Library, ignoring dot files by default 
Roll back some changes from #2692
 2017-03-20 17:42:17 +11:00
Samuel Georges
b447b8e056 Merge pull request #2692 from ctf0/regex-hide 
use regex to hide files under media manger
 2017-03-19 19:28:40 +11:00
Muah
bcd75c84c0 use regex to hide files under media manger 2017-02-20 13:54:30 +02:00
Samuel Georges
f608b1ac78 Remove query caching config 
Refs https://github.com/octobercms/library/pull/253#issuecomment-279944594
 2017-02-15 20:57:42 +11:00
Samuel Georges
d0d45f839c Disable db memory cache for tests 
Refs https://github.com/octobercms/library/pull/253
 2017-02-15 08:12:25 +11:00
Samuel Georges
d19f0a1229 Add config for duplicate database query cache 
Refs https://github.com/octobercms/library/pull/253
 2017-02-11 08:18:42 +11:00
Samuel Georges
dc85993584 Minor improvements 
Add navbar-default styling out of the box
 2017-02-03 05:40:24 +11:00
Samuel Georges
b2301a8056 Add new config cms.forceBytecodeInvalidation 
Refs #2385
 2017-01-31 07:23:58 +11:00
Samuel Georges
6af6ebe733 Added config backendForceSecure used to force HTTPS 
Refs https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
 2016-12-17 10:16:02 +11:00
Scott Bedard
a12ed5e19e Break apart run-on sentence 2016-11-30 19:11:40 -07:00
Samuel Georges
b08e2c4912 Introduce deep hashing on asset combiner 
Added cms.enableAssetDeepHashing config item, disabled by default
Recompile assets
Refs #2248
Refs https://github.com/octobercms/library/pull/225
 2016-07-30 15:06:50 +10:00
Samuel Georges
5fef21e892 Minor reorg 2016-06-23 07:37:29 +10:00
Samuel Georges
4df7c6704e Introduce locale variants 
Australia
Canada
UK
 2016-04-23 13:13:52 +10:00
Samuel Georges
6c081d9265 Combine editor preferences and backend preferences 
Add backend timezone setting used for converting display dates
 2016-04-23 05:31:05 +10:00
Samuel Georges
3cac52afd4 Default is null, not false 2016-03-25 10:42:14 +11:00
Samuel Georges
f1aa720086 Create a safe mode to disable code field in the CMS 
Fixes #1756
 2016-03-25 10:05:04 +11:00
Samuel Georges
a6b007e55c Rejigg the config so backendUri is more prominent 2016-03-09 20:48:18 +11:00
Samuel Georges
43e4a23161 Rollback changes from 7b174e6ce866deaa53a913bf3fa9851342601e26 2016-01-04 18:46:23 +11:00
Pásztor Gábor
7b174e6ce8 Add missing config file, remove php 5.4 support. 2016-01-02 15:41:27 +01:00
Samuel Georges
606892143b Added new security config option cms.enableCsrfProtection 2015-07-04 09:31:28 +10:00
Samuel Georges
06ec662131 Update Chinese (China) language - Fixes #1237 without 10 commits 2015-06-27 09:46:05 +10:00
Samuel Georges
c9cf2b4352 Roll back redirection function 
This is a magical solution to a non-issue (aesthetic), it could easily be introduced by a plugin and is not a good substitute for proper web server configuration. Eg, Apache:

    ##
    ## Directory Listing attempts
    ##
    DirectorySlash Off
    RewriteOptions AllowNoSlash

    ##
    ## Redirect Trailing Slashes...
    ##
    RewriteRule ^(.*)/$ /$1 [L,R=301]
 2015-05-18 19:09:03 +10:00
Samuel Georges
bb6910a068 Add internal redirects (cms.enableRedirects) 
The application will now perform redirects to prevent duplicate content and enforce the linking policy.
Fixes #665
Fixes #1023
 2015-05-16 12:19:11 +10:00
Pásztor Gábor
b3dcce6d2a Updates on Brand Settings 2015-03-11 20:30:41 +01:00
Samuel Georges
54fe8452e5 uploadsPath -> cms.storage.uploads.path 2015-02-23 19:55:41 +11:00
Samuel Georges
a9a3336d11 * Build 199 *** NB: /uploads -> /storage/app/uploads 
The /uploads directory has been moved to /storage/app/uploads to make way for CDN support. This directory should be moved on the file system and the config (cms.uploadsPath) updated.
 2015-02-19 19:12:36 +11:00
Samuel Georges
7145aac457 Prepare for CDN, config rename cms.plugins|themes|uploadsDir -> cms.plugins|themes|uploadsPath 
Deprecate data-trigger-type on triggerapi
Fixes ref to Util class
 2015-02-17 20:58:38 +11:00
Samuel Georges
47eff923e5 *** REMOVED RELATIVE LINK POLICY *** 
A relative link policy was a bad idea, Laravel/Redirects did not play nicely at all.
 2015-02-14 13:26:13 +11:00
Samuel Georges
8e1b4c2f68 Remove cms.tempDir - use temp_path() 2015-02-07 15:42:20 +11:00
Samuel Georges
ed22cc9186 Migrate bootstrap process 2015-02-04 19:31:41 +11:00