Commit Graph

163 Commits

Author SHA1 Message Date
ada82f07b6
Reduce multipliers in brute force protection 2020-12-07 15:31:36 +01:00
cad5b4a6f8
Add missing return statement to disable MD_JAIL::enforce on CLI usage 2020-12-06 17:06:43 +01:00
6a7f91ef1d
Use shell_exec in exec_edit 2020-12-05 20:48:51 +01:00
6db2b4cc1f
Add MD_STD::exec_edit to run edit and pipe STDERR to a php exception 2020-12-04 21:33:11 +01:00
4c5097701f
Add wrapper around levenstein that crops strings to the max allowed
length
2020-12-03 12:39:47 +01:00
886acead63
Stop using cache in MD_STD_CACHE when run from command line 2020-12-02 09:39:43 +01:00
35c0fe4723
Require cached contents in MD_STD_CACHE to be 3 chars long
An empty json array is 2 chars long
2020-12-01 00:05:59 +01:00
a38c3c6fae
Let serve_page_through_redis_cache return string 2020-11-30 22:36:17 +01:00
57da808a6a
Fix class variable comment 2020-11-30 19:19:44 +01:00
558ed729dc
Add class MD_STD_CACHE 2020-11-30 19:08:20 +01:00
14c7ffb8d4
Fix class comment 2020-11-23 14:06:03 +01:00
a16619b78e
Add option to set frame-ancestors CSP 2020-11-22 23:27:54 +01:00
90997e4eb5
Add function for sending complete CSP headers 2020-11-22 17:45:07 +01:00
c60932088d
Add missing function comment 2020-11-22 15:42:56 +01:00
258781307d
Fix reference to incorrect array part in MD_STD_SEC's brute force
protection
2020-11-22 14:18:08 +01:00
dc9d7abe14
Fix comment indentation 2020-11-19 23:32:29 +01:00
729a964d0c
Reduce general brute force deflection delay multiplier for whole tool to
1.08 (down from 1.2)
2020-11-18 00:39:59 +01:00
7120b5dc74
Add function to prevent brute force attacts 2020-11-17 23:55:50 +01:00
95537fb60e
Extend MD_JAIL with .user_ini proposals for restricting maximum inputs 2020-11-12 19:54:43 +01:00
5130477e4b
Add static function to propose security settings
Close #3, see #4
2020-11-12 00:12:11 +01:00
ae39bdf741
Disable currently unused function MD_JAIL->_apply_basedir_restrictions() 2020-11-11 17:29:03 +01:00
d7c89275e7 Merge branch 'master' of https://gitea.armuli.eu/museum-digital/MD_STD 2020-11-11 17:27:33 +01:00
2bfc7a0dcd
Add CLI output option to MD_JAIL 2020-11-11 17:25:41 +01:00
6a6f71cf10
Add class MD_JAIL for forcing coders to set time and memory limits 2020-11-11 17:20:56 +01:00
8e3d97aa7f
Move array_diff / array_values into different lines in MD_STD::scandir
This leads a significant reduction in RAM usage.
2020-11-09 14:17:54 +01:00
aa67de1e54
Add class MD_STD_SEC for basic security operations 2020-11-08 19:34:57 +01:00
50d3a20b01
Add type-safe drop-in replacement for mime_content_type() 2020-11-08 18:54:40 +01:00
cb8c786284
Add check to ensure finfo_open works in ensure_file function 2020-11-08 13:06:05 +01:00
306efa3769
Add .gitattributes, git template 2020-11-08 00:13:01 +01:00
1c86051997
Add a function to ensure a file exists, optionally checking the mime
type
2020-11-08 00:12:02 +01:00
2f68acdfc1
Make error messages for disallowed values more explicit 2020-10-24 12:46:18 +02:00
43bc39d425
Add function createTextSnippet() for shortening text to an expected
length

Close #1
2020-10-23 16:13:02 +02:00
711bd49048
Add function minizeHTMLString() 2020-10-21 21:16:18 +02:00
087b4a128e Add validation function for ISBN 2020-09-30 00:58:58 +02:00
0bfd6c3765 Add removal of duplicate spaces in input strings in MD_STD_IN 2020-09-09 00:29:13 +02:00
49ab75afe8 Add new function MD_STD_IN::sanitize_float 2020-09-05 00:19:32 +02:00
27b70a88c9 Use firefox for user agent in MD_STD::runCurl() 2020-09-04 18:09:56 +02:00
b16a6762e4 Improve sanitizers for mails, urls 2020-09-04 01:37:49 +02:00
f478728ab9 Improve sanitizing functions for mail and url 2020-09-04 01:19:00 +02:00
55db406401 Add wrappers for sanitizing URLs and mail addresses 2020-09-04 00:46:45 +02:00
6fe367ead7 Add final keyword to both classes 2020-08-29 17:22:16 +02:00
7d4a740f8f Use strict in_array() calls 2020-08-27 17:16:48 +02:00
b39f26a3f7 Specify global namespace for more calls to build-in functions 2020-08-22 23:57:37 +02:00
25b3138a26 Add type-safe wrapper around MD_STD 2020-08-22 17:00:21 +02:00
bac86627e2 Correct check against empty value in MD_STD_IN 2020-08-22 12:13:08 +02:00
566590135b Add function sanitize_id_or_zero for validating and sanitizing input
integers that may hold an ID or a 0

Example use case: Event parts in musdb.
2020-08-21 13:58:24 +02:00
bdee1e9aee Add wrapper around openssl_random_pseudo_bytes() 2020-08-20 14:56:36 +02:00
7b1dc582ed Use global namespace for generic call to \strtotime in MD_STD::strtotime 2020-08-20 14:13:49 +02:00
d4b2986809 Fix over-sanitization for texts in MD_STD_IN 2020-08-20 11:08:27 +02:00
0fece80ed0 Add functionality to restrict allowed values taken from get via
MD_STD_IN
2020-08-19 15:32:15 +02:00