GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
20,841 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

20 Commits

Author SHA1 Message Date
Hugo Sales aef1fac536
[SECURITY] Refactor security hardening code and disable unused stream wrappers 
Ensure unwanted enviorment variables are removed from the actual
global environment rather than just the `$_ENV` superglobal variable

Disable stream wrappers, as this is an unexpected feature for most
developers and can be exploited. For instance, `phar://` can be used
to override any class and thus provide code execution (through
`__wakeup` or `__costruct`, for instance). Not a complete solution, as
`php://` can also be abused, but we can't disable it as it gets used
_somewhere_ in our dependencies
 2022-04-03 18:02:54 +01:00
Diogo Peralta Cordeiro fb3e900b28
[CORE] Add CONFIG_ prefix to environment whitelist 
Fixed minor issues with Commong:config of env not being included and ported to local social yaml

Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
 2022-02-11 10:05:58 +00:00
Bruno Aleixo 162b01e2c5 [CORE] Unset sensitive information from the environment 2022-01-30 16:39:43 +00:00
Hugo Sales 9109c61af5
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types 2021-10-27 04:19:28 +01:00
Diogo Peralta Cordeiro 9f553707ba
[CORE] Proxies: constant HEADER_X_FORWARDED_ALL is deprecated 
Give ENV preference over SERVER
 2021-09-14 13:13:02 +01:00
Hugo Sales 460712e15e
[GIT] Change my email to the new one in all files and bump copyright year 2021-09-14 13:06:56 +01:00
Hugo Sales b7b50f749b
[CACHE][HTTP] Configure simple HTTP cache 2021-09-14 13:05:33 +01:00
Hugo Sales 596009c924
[DOCUMENTATION] Document All The Things! 2021-09-14 13:04:33 +01:00
Hugo Sales cc72373e3d
[DOCTRINE][SCHEMADEF] Create a new metadata driver to allow us to continue using static schemaDef functions 
This has the benefit of requiring fewer code changes, as well as providing a better isolation
between GNU social and symfony, useful in case the framework needs to be changed
 2021-09-14 13:01:34 +01:00
Hugo Sales d6bb3e7caa
[DOCKER] Added preliminary docker container 2021-09-14 13:01:33 +01:00
Hugo Sales 4b31c1f48f
[V3] Big Bang 
Beginning anew, this time with a modern framework: symfony
 2021-09-14 13:01:33 +01:00
Hugo Sales 11154a0d8c
[V3] Big Crunch 
And so, just as it begins, so too must it end
One should not dwell and stall, for more is to come
 2021-09-14 13:01:23 +01:00
Alexei Sorokin 2ef944d5c4 [UTIL] Sanitise instead of validate in common_copy_args() 
And remove common_validate_utf8() which is now unused.
 2020-09-15 14:53:35 +03:00
Alexei Sorokin fde929b151 [DATABASE] Switch from PEAR DB to MDB2 2020-09-14 22:46:29 +03:00
Alexei Sorokin e7ab305335 [CORE] Use monotonic time via hrtime() where applicable 
The realtime clock is not reliable when calculating elapsed time.
 2020-01-07 19:48:13 +03:00
Alexei Sorokin 1f2f57b03b [CORE] Fix logging of very early failures 2019-09-13 12:11:43 +03:00
Miguel Dantas b41f9620fa [LIB_REFACTOR] Fix requires 2019-09-03 03:33:13 +01:00
Diogo Cordeiro 0c2c3ec862 [CORE] Plugin API now extends a new Module API 2019-08-24 01:59:33 +01:00
Diogo Cordeiro 1049080df5 [CORE] Move public resources to a /public directory 
Advantages:
* Increases security by preventing direct access to file/
* We are careful and have a defined('GNUSOCIAL') || die() to prevent
  direct access to GS files, but we may miss one or a vendor/extlib may
  not be as careful
* Improves directory structure - It's more natural to physically
  separate what is public from what are GNU social resources
 2019-08-03 17:47:25 +01:00
Diogo Cordeiro 2a06261f75 [CORE][COMPOSER] Move extlib packages with immediate composer correspondent to composer dependencies 
This adds a composer.json for all dependencies that are available
 2019-08-03 17:47:24 +01:00