11 Commits

Author	SHA1	Message	Date
Hugo Sales	aef1fac536	[SECURITY] Refactor security hardening code and disable unused stream wrappers ... Ensure unwanted enviorment variables are removed from the actual global environment rather than just the `$_ENV` superglobal variable Disable stream wrappers, as this is an unexpected feature for most developers and can be exploited. For instance, `phar://` can be used to override any class and thus provide code execution (through `__wakeup` or `__costruct`, for instance). Not a complete solution, as `php://` can also be abused, but we can't disable it as it gets used _somewhere_ in our dependencies	2022-04-03 18:02:54 +01:00
Hugo Sales	301421ea15	[SECURITY][EVENT] Remove deprecated uses of Symfony Guard. Add LoginSucess and LoginFailure events	2022-03-09 20:51:16 +00:00
Diogo Peralta Cordeiro	480f570238	[CORE][SECURITY][HTML] Refactor Security::sanitize to HTML::sanitize ... Update composer dependencies, move more general deps from ActivityPub to Core	2022-01-12 17:12:58 +00:00
Hugo Sales	9109c61af5	[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types	2021-10-27 04:19:28 +01:00
Hugo Sales	b74d944ae3	[TOOLS][PHPStan] Raise PHPStan level to 3 and fix new errors	2021-09-14 13:13:45 +01:00
Hugo Sales	add8f4a52f	[TOOLS] Fix all errors found by PHPStan level 1	2021-09-14 13:13:42 +01:00
Hugo Sales	de5650e98e	[TESTS] Exclude class Security from testing, as it's a simple wrapper	2021-09-14 13:13:14 +01:00
Hugo Sales	9198797aea	[CORE] Throw more meaningfull error when method doesn't exist in Security and Entity	2021-09-14 13:13:02 +01:00
Hugo Sales	460712e15e	[GIT] Change my email to the new one in all files and bump copyright year	2021-09-14 13:06:56 +01:00
Hugo Sales	a5cf89674e	[DEPENDENCY] Add tgalopin/html-sanitizer-bundle and transitively tgalopin/html-sanitizer	2021-09-14 13:05:57 +01:00
Hugo Sales	c0da90bd3e	[COMMON][SECURITY][WRAPPER] Added security service static wrapper and Common::getUser	2021-09-14 13:05:41 +01:00