GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
20,823 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

61 Commits

Author SHA1 Message Date
Hugo Sales aef1fac536
[SECURITY] Refactor security hardening code and disable unused stream wrappers 
Ensure unwanted enviorment variables are removed from the actual
global environment rather than just the `$_ENV` superglobal variable

Disable stream wrappers, as this is an unexpected feature for most
developers and can be exploited. For instance, `phar://` can be used
to override any class and thus provide code execution (through
`__wakeup` or `__costruct`, for instance). Not a complete solution, as
`php://` can also be abused, but we can't disable it as it gets used
_somewhere_ in our dependencies
 2022-04-03 18:02:54 +01:00
Hugo Sales 483983790a
[CORE][Router] Rename \App\Core\Router\Router to \App\Core\Router and merge \App\Core\Router\RouteLoader with \App\Core\Router 2022-03-28 20:59:15 +01:00
Hugo Sales 60af9f5e9b
[CORE][Queue] Rename App\Core\Queue\Queue to App\Core\Queue 2022-03-28 20:59:15 +01:00
Hugo Sales abe35428da
[CORE][DB] Rename App\Core\DB\DB to App\Core\DB 2022-03-28 20:59:14 +01:00
Hugo Sales f540711948
[CORE][GNUsocial] Remove Session parameter, as it's no longer a service. Use session from Request 2022-03-09 20:51:42 +00:00
Hugo Sales 301421ea15
[SECURITY][EVENT] Remove deprecated uses of Symfony Guard. Add LoginSucess and LoginFailure events 2022-03-09 20:51:16 +00:00
Eliseu Amaro e70acd5c3b
[UTIL][HTML] HTML abstraction class was extended with a more specialised Heading class 
This little abstraction layer made it a bit easier to add a different title to a Note or Actor Feed Collection template, from whichever controller that uses it. Please, bear in mind, that abstract templates such as those found in Components\Collection, may act in a very 'declarative' way upon using them. This makes it difficult to dynamically choose what type of header is used without undergoing a mining operation in the likes of a pyramid of doom. Hence, this _little_ change.
 2022-02-16 18:53:08 +00:00
Diogo Peralta Cordeiro fb3e900b28
[CORE] Add CONFIG_ prefix to environment whitelist 
Fixed minor issues with Commong:config of env not being included and ported to local social yaml

Fixed some regressions introduced with [CORE] Unset sensitive information from the environment
 2022-02-11 10:05:58 +00:00
Eliseu Amaro 6a5312aca9
[CORE][GNUsocial] social.local.yaml is now updated with the proper node name 2022-01-26 18:46:31 +00:00
Diogo Peralta Cordeiro 480f570238
[CORE][SECURITY][HTML] Refactor Security::sanitize to HTML::sanitize 
Update composer dependencies, move more general deps from ActivityPub to Core
 2022-01-12 17:12:58 +00:00
Hugo Sales 6d8679d86b
[CORE] Fix resetting the config to the default values 2021-12-13 15:49:52 +00:00
Hugo Sales b1262919da
[TOOLS] Fix (most) issues found by PHPStan 2021-11-25 23:08:30 +00:00
Hugo Sales 3a5e52ee0d
[CORE][SECURITY] Move to the new authentication format, for Symfony 5.3 
Keep using (deprecated) Guard
 2021-11-24 12:46:26 +00:00
Hugo Sales b4ce77320e
[TESTS] Fix remaining tests, back to 100% passed. Some minor semantic changes 2021-11-20 21:33:25 +00:00
Hugo Sales dea9aa4dcf
[CORE][Router] Remove duplicate service for URL generation, as that is actually the same object 2021-11-11 12:38:09 +00:00
Hugo Sales cd470cbf93
[CORE] Fix loading of settings from modules 2021-11-08 16:08:03 +00:00
Hugo Sales 9109c61af5
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types 2021-10-27 04:19:28 +01:00
Hugo Sales 91fd7d1cfa
[CONFIG][CORE] Fix bug in overriding default config 2021-09-21 11:04:14 +01:00
Hugo Sales 330143e549
[ROUTER][DOCUMENTATION] Add `Router::isAbsolute`, add documentation to `Router::url` and `s/setRouter/serServices/ 2021-09-14 13:13:39 +01:00
Hugo Sales 45734d882c
[CONFIG] Make it possible to write module configuration in a config.{php,yml,yaml,xml} file and set each value as properties in the module object 2021-09-14 13:13:38 +01:00
Hugo Sales bda839be7b
[MODULES] Add InitiializeModule and CleanupModule events, similar to v2 2021-09-14 13:13:37 +01:00
Hugo Sales c71a4b06ef
[CONFIG] Make it possible to write module configuration in a config.{php,yml,yaml,xml} file and set each value as properties in the module object 2021-09-14 13:13:36 +01:00
Hugo Sales 3587b8dc1d
[CONFIG] Refactor configuration loading 2021-09-14 13:13:36 +01:00
Hugo Sales ccd5ebf8e4
[CORE] Add passowrd reset and forgot password functionality 2021-09-14 13:13:17 +01:00
Hugo Sales 769fff2448
[CORE][SECURITY][EMAIL] Move email confirmation functionality to it's own static wrapper, in preparation for adding password reset functionality 2021-09-14 13:13:17 +01:00
Hugo Sales f98ce1c3d0
[TESTS] Ignore GNUsocial class from tests, as it simply pipes objects around 2021-09-14 13:13:13 +01:00
Diogo Peralta Cordeiro 8817613016
[CORE][GNUsocial] Fix undefined property typo 2021-09-14 13:13:03 +01:00
Hugo Sales 74f477489b
[TESTS] Raise test coverage for App\Controller\Network to 100% and fixup related code 2021-09-14 13:13:02 +01:00
Hugo Sales 86400ce815
[UTIL] Provide static access to current request and utilities in Common 2021-09-14 13:13:02 +01:00
Hugo Sales 9659762726
[DB] Add table map which allows using table names rather than entities in Doctrine operations 2021-09-14 13:11:50 +01:00
Hugo Sales 299bc5b551
[TWIG] Add way to launch events from TWIG, capture service and add way to render from a string 2021-09-14 13:11:49 +01:00
Hugo Sales 460712e15e
[GIT] Change my email to the new one in all files and bump copyright year 2021-09-14 13:06:56 +01:00
Hugo Sales e949dd654a
[CONFIG] Various fixes to use new configuration format 2021-09-14 13:06:54 +01:00
Hugo Sales dd40255c4a
[CONFIG][DB] Remove config from the database, put it in yaml, so it can be baked into the container 2021-09-14 13:06:53 +01:00
Hugo Sales c0ce25c352
[MODULES] Fix module manager dev-mode rebuild 2021-09-14 13:06:52 +01:00
Hugo Sales a5cf89674e
[DEPENDENCY] Add tgalopin/html-sanitizer-bundle and transitively tgalopin/html-sanitizer 2021-09-14 13:05:57 +01:00
Hugo Sales 6f01b0cebe
[WRAPPER][HTTPClient] Static wrapper around Symfony's HTTP Client 2021-09-14 13:05:56 +01:00
Hugo Sales 213cfe5285
[COMMAND] Fix 'bin/console doctrine:database:create' by only loading defaults if we have a connection 2021-09-14 13:05:54 +01:00
Hugo Sales bd8f4bd277
[AVATAR] Fixed avatar upload, added avatar inline download and updated template and base controller 2021-09-14 13:05:51 +01:00
Hugo Sales 152828ed68
[FRAMEWORK] Avoid double initializing the framework 2021-09-14 13:05:47 +01:00
Hugo Sales 04e31d273d
[MAIL] Make mailserver a required service 2021-09-14 13:05:46 +01:00
Hugo Sales 22e292276c
[CORE][SECURITY][UX] Save previous url on /register and /logout 2021-09-14 13:05:45 +01:00
Hugo Sales 17f854b1d9
[CORE][UX] Save previous url to redirect back after registering 2021-09-14 13:05:44 +01:00
Hugo Sales 7a7f7d3ae1
[MAILER][WRAPPER] Add mailer wrapper that respects the configuration 2021-09-14 13:05:41 +01:00
Hugo Sales c0da90bd3e
[COMMON][SECURITY][WRAPPER] Added security service static wrapper and Common::getUser 2021-09-14 13:05:41 +01:00
Hugo Sales 97fd7620e7
[CORE][ROUTES] Small refactor on entrypoint and RouteLoader 2021-09-14 13:05:41 +01:00
Hugo Sales 0eba267a73
[LOGIN] Implement password checking and related systems 2021-09-14 13:05:40 +01:00
Hugo Sales 284fbe2c5b
[CORE] Refactor GNUsocial.php so it initializes itself as a service 2021-09-14 13:05:39 +01:00
Hugo Sales fffa17448f
[CORE][I18n][DEFAULTS] Remove I18nHelper 2021-09-14 13:05:38 +01:00
Hugo Sales c549bea4a9
[CACHE] Add support for multiple pools with the syntax (as an example) SOCIAL_CACHE_ADAPTER='default=redis://localhost:6379,memcached://localhost:11211;db.config=apcu://' 2021-09-14 13:05:35 +01:00