mirror_php/winter
1
0
Fork 0
mirror of https://github.com/wintercms/winter.git synced 2024-06-28 05:33:29 +02:00
Code Issues Projects Releases Wiki Activity
5,146 Commits 35 Branches 172 Tags
Commit Graph

95 Commits

Author SHA1 Message Date
Marc Jauvin
6c391b5e82
Add config for throttling login attempts into Backend (#4974) 2020-03-11 10:57:19 +08:00
Luke Towers
a04494e63d Add warning message to app.locale config 2020-01-27 12:04:52 -06:00
Samuel Georges
e3b42b2f10 Make cms.backendForceSecure an explicit setting 
This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads

Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy
 2020-01-18 18:05:26 +11:00
Samuel Georges
160ae441ff Shorten default string length 
- Introduce varcharmax config item, this default eventually should be increased to 255, when MySQL 5.6 support is dropped
- Config item can be kept to retain legacy support
- Only apply to mysql driver, previously was impacting other drivers
- Source true config values, previously was sourcing hard coded "mysql" connection values
 2019-12-29 11:43:27 +11:00
Samuel Georges
bbed527ecc Supply engine as default config 
This is currently supplied by the blueprint. This commit is a proactive step to move to config instead. Consider removing from this from blueprints in later years:

$table->engine = 'InnoDB';
 2019-12-29 10:14:49 +11:00
Ayumi
56eab50260 Documented session.http_only (#4743) 
Credit to @ayumi-cloud
 2019-12-14 11:14:23 -06:00
Samuel Georges
8da798a5cd Remove XSRF cookie 
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
 2019-11-04 09:06:05 +11:00
Luke Towers
76db3355e6 Merge branch 'develop' of https://github.com/octobercms/october into develop 2019-10-30 08:09:07 -06:00
Luke Towers
959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Jan Boech
cc9b48975d Typo in "Automatically run migrations on login" (#4727) 
Credit to @najbo.
 2019-10-30 16:57:47 +08:00
Ben Thomson
6099312c0d
Disable CSRF in unit tests 2019-10-07 14:13:02 +08:00
Burak Özdemir
64d02b77cc Added Mailgun endpoint to services config (#4667) 
Fixes #3846. Credit to @ozdemirburak.
 2019-10-06 19:27:10 -06:00
morph85
811b431474 Added support for SparkPost mail configuration (#4151) 
Credit to @morph85
 2019-09-25 10:28:17 -06:00
Luke Towers
02d894f52b Fix use of Storage::url() for local disks that haven't been configured correctly. Fixes #4581 2019-09-02 12:33:36 -06:00
Ben Thomson
a67ccfe993
Allow decompiled Backend JS assets (#4549) 
This change will allow the individual JS assets that are compiled into a full compilation file to be loaded individually instead, allowing the developer to see their changes immediately. It introduces a new configuration variable, `cms.decompileBackendAssets`, that controls this functionality. By default, it is false and not tied to the debug value, requiring it to be explicitly enabled.
 2019-08-16 16:19:16 +08:00
Samuell
c21c22e1ba Add option to disable UpdateManager after backend login (#4266) 
Credit to @Samuell1. Fixes #3471.
 2019-07-19 14:50:42 -06:00
Ben Thomson
a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Ayumi Hamasaki
884042952f Block off SW running in backend and reduce lookups (#4385) 
Credit to @ayumihamsaki. Related #4384
 2019-06-25 17:15:11 +03:00
Luke Towers
15e3bd131a
Merge pull request #4358 from octobercms/wip/file-improvements 
Use temporaryUrls for protected files if the storage driver supports them. Related: octobercms/library#406
 2019-06-02 20:49:12 -06:00
Samuel Georges
e7ec0be0c1
Merge pull request #3908 from octobercms/wip/halcyon-db-datasource 
Database layer for the CMS objects
 2019-06-01 14:28:34 +10:00
Samuel Georges
17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
Luke Towers
ef4f1e49ee Added temporaryUrlTTL configuration option, switched is_a() to instanceof 2019-05-31 00:53:27 -06:00
Jim Cottrell
7fc01bb9ca Disable in-memory cache repository when running in CLI by default (#4323) 
Fixes #4057. Related https://github.com/octobercms/library/pull/401. Credit to @jimcottrell
 2019-05-07 12:34:46 -06:00
Teranode
cef21fc419 Improve documentation(#3573) 
Connection refers to both database and redis connections if either one is chosen. (also present in 5.5). Credit to @Teranode
 2019-04-19 14:44:37 -06:00
Luke Towers
630d543959 Merge branch 'develop' into wip/halcyon-db-datasource 2019-04-11 12:30:29 -06:00
Tomasz Strojny
956a234920 Add ability to specify the connection used for running tests (#4159) 
Credit to @czerwonyd
 2019-03-31 06:28:24 -06:00
Luke Towers
abc3359273
Warn about the dangers of changing app.timezone 2018-11-15 13:45:57 -06:00
Luke Towers
a4802d5036 Minor updates to config cms.enableDatabaseLayer docs 2018-11-05 13:39:55 -06:00
Luke Towers
5dbfa133e7 Config file change and cms_themes_contents table migration 2018-11-01 21:53:16 -06:00
Nathan van der Werf
80942fa2d7 Add Same-Site Cookie configuration option (#3688) 
Adds the session.same_site config key in the default session.php config file from Laravel. Credit to @nathan-van-der-werf & @Teranode
 2018-08-16 11:44:18 -06:00
pikanji
ab9dcaf09c Add cookie configuration file (#3644) 
Adds the cookie configuration file required by octobercms/library#335. Documented in octobercms/docs#3644.
 2018-07-19 22:38:45 -04:00
Lucas Thurston
85dd0b9968 Add config flag for disabling basedir restrictions for local development only (#3626) 
Fixes #3619. Credit to @lthurston
 2018-07-05 17:07:38 -04:00
whsol
15cdf6e71f Make code parser data cache key configurable (#3373) 
Credit to @whsol
 2018-06-05 10:10:35 -06:00
Jonas Søndergaard
c85f8297d2 Make in-memory request cache configurable (#3477) 
Related: octobercms/library#308, merged in 7e29489d87. Credit to @Josniii
 2018-03-28 12:34:43 -06:00
Luke Towers
b5009fde11
Typo 2018-03-27 13:23:03 -06:00
Luke Towers
9277b771e0
Removed default Laravel config value that doesn't apply 
Fixes #3473, Fixes #3459. Credit to @vevers for reporting and suggesting fix.
 2018-03-27 11:24:17 -06:00
Matteo
678916854e Add config to enable Twig strict_variables (#3370) 
Adds the cms.enableTwigStrictVariables config option to enable strict_variables in Twig for debugging purposes. See https://twig.symfony.com/doc/2.x/api.html#environment-options. Credit to @matteotrubini
 2018-01-26 10:59:45 -06:00
Luke Towers
cf01254b2b
Use utf8mb4 as the default character set 
Will properly support emojis and other multibyte characters being stored. Laravel implemented as default in 5.4: 9d01389ce3
 2018-01-26 09:44:27 -06:00
Panagiotis Koursaris
90635dd3b9 Add default ports on database config (#3308) 
Credit to @panakour
 2017-12-20 14:13:03 -06:00
Osman Zeki
fbf482a3f4 Change default environment to development (#3288) 
Fixes #3287
 2017-12-08 10:37:15 -06:00
Samuel Georges
a099e4e086 Change default mail driver to smtp 
The "mail" driver has been removed completely from the underlying libraries due to serious security concerns.
Refs #3256
 2017-11-23 11:51:56 +11:00
Samuel Georges
4a6e0e1e0e Implement CSRF token by default 
Implement CSRF protection on CMS for postback handling
 2017-10-30 09:00:17 +11:00
Szabó Gergő
33a699e587 Add new lines (#3169) 2017-10-13 08:58:46 -06:00
Samuel Georges
1db67af8e8 Merge remote-tracking branch 'remotes/origin/develop' into l55upgrade 
Conflicts:
	modules/system/lang/en/lang.php
 2017-07-11 10:48:54 +10:00
Christophe Vuagniaux
e3a567cb78 Enable configuration of backend login session persistence (#2924) 
Thanks to @ChVuagniaux. Fixes #2394
 2017-06-22 14:34:16 -06:00
Samuel Georges
84597b95ce Multitenancy 2017-05-19 22:47:26 +10:00
Samuel Georges
7e76f39e6c Add app.name config 
Various other refittings
 2017-05-16 18:50:41 +10:00
Samuel Georges
30289f03f3 Mail::pretend is gone 2017-05-12 07:18:02 +10:00
Quezler
cc17b679f1 Code dusting (#2826) 
Code cleaning according to PSR-2 w/ exemptions (mostly dust).
 2017-04-24 21:38:19 +10:00
Samuel Georges
c7eb965af8 Introduce ignorePatterns to Media Library, ignoring dot files by default 
Roll back some changes from #2692
 2017-03-20 17:42:17 +11:00