4
0
Derivar 1
gnu-social/public
Hugo Sales aef1fac536
[SECURITY] Refactor security hardening code and disable unused stream wrappers
Ensure unwanted enviorment variables are removed from the actual
global environment rather than just the `$_ENV` superglobal variable

Disable stream wrappers, as this is an unexpected feature for most
developers and can be exploited. For instance, `phar://` can be used
to override any class and thus provide code execution (through
`__wakeup` or `__costruct`, for instance). Not a complete solution, as
`php://` can also be abused, but we can't disable it as it gets used
_somewhere_ in our dependencies
2022-04-03 18:02:54 +01:00
..
assets [CSS] Details inside another details (accordion widget) will represent their 'open/close feedback arrows' properly now 2022-02-28 13:09:12 +00:00
components [CSS] .section-widget class and derivatives replaced as .frame-section, since a widget implies a simple element with a specific function 2022-01-21 22:05:33 +00:00
plugins [PLUGINS][PinnedNotes] Replacing arbitary size values with common variables 2022-01-21 21:03:08 +00:00
favicon.ico [ASSETS] Import old favicon.ico 2021-09-14 13:05:25 +01:00
index.php [SECURITY] Refactor security hardening code and disable unused stream wrappers 2022-04-03 18:02:54 +01:00