Hugo Sales
d4b7e990ce
[CORE][Event] Make all events return \EventResult, enforced at container build time
2022-04-03 21:40:32 +01:00
Hugo Sales
aef1fac536
[SECURITY] Refactor security hardening code and disable unused stream wrappers
...
Ensure unwanted enviorment variables are removed from the actual
global environment rather than just the `$_ENV` superglobal variable
Disable stream wrappers, as this is an unexpected feature for most
developers and can be exploited. For instance, `phar://` can be used
to override any class and thus provide code execution (through
`__wakeup` or `__costruct`, for instance). Not a complete solution, as
`php://` can also be abused, but we can't disable it as it gets used
_somewhere_ in our dependencies
2022-04-03 18:02:54 +01:00
Hugo Sales
301421ea15
[SECURITY][EVENT] Remove deprecated uses of Symfony Guard. Add LoginSucess and LoginFailure events
2022-03-09 20:51:16 +00:00
Diogo Peralta Cordeiro
480f570238
[CORE][SECURITY][HTML] Refactor Security::sanitize to HTML::sanitize
...
Update composer dependencies, move more general deps from ActivityPub to Core
2022-01-12 17:12:58 +00:00
Hugo Sales
9109c61af5
[TOOLS][CS-FIXER] Run new PHP CS Fixer config. Notably, adds strict_types
2021-10-27 04:19:28 +01:00
Hugo Sales
b74d944ae3
[TOOLS][PHPStan] Raise PHPStan level to 3 and fix new errors
2021-09-14 13:13:45 +01:00
Hugo Sales
add8f4a52f
[TOOLS] Fix all errors found by PHPStan level 1
2021-09-14 13:13:42 +01:00
Hugo Sales
de5650e98e
[TESTS] Exclude class Security from testing, as it's a simple wrapper
2021-09-14 13:13:14 +01:00
Hugo Sales
9198797aea
[CORE] Throw more meaningfull error when method doesn't exist in Security and Entity
2021-09-14 13:13:02 +01:00
Hugo Sales
460712e15e
[GIT] Change my email to the new one in all files and bump copyright year
2021-09-14 13:06:56 +01:00
Hugo Sales
a5cf89674e
[DEPENDENCY] Add tgalopin/html-sanitizer-bundle and transitively tgalopin/html-sanitizer
2021-09-14 13:05:57 +01:00
Hugo Sales
c0da90bd3e
[COMMON][SECURITY][WRAPPER] Added security service static wrapper and Common::getUser
2021-09-14 13:05:41 +01:00