TPS
/
ORIENT
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
5,959 Commits 3 Branches 0 Tags 78 MiB
Commit Graph

55 Commits

Author SHA1 Message Date
gerchek e68319107a last change inside the server 2024-05-14 15:05:45 +05:00
merdan 3f63ad7eff mediator 2021-04-29 17:56:22 +05:00
merdan 08c85cada8 env 2021-04-15 14:44:43 +05:00
merdan 156249f5ea First Commit with installed plugins new modern theme 2021-03-05 13:12:56 +05:00
Luke Towers 444069da00 Finished implement imageWidth & imageHeight filters 2020-08-21 13:39:45 -06:00
Luke Towers ca386e2dd1 tweak to default config for resized disk 2020-08-14 15:46:06 -06:00
Luke Towers f56d1eebe8 Further work on the new resizing functionality 2020-08-06 18:18:28 -06:00
Luke Towers 5a5208bd0b Document caveat with uploaded file URL generation when installing October in a subfolder 
Fixes #5204
 2020-07-19 01:08:01 -06:00
Samuel Georges e3b42b2f10 Make cms.backendForceSecure an explicit setting 
This no longer hinges on app.debug because it creates confusion for devops engineers. This is based on three independent reports coming from app environments that use a reverse proxy. The engineer will follow the proper security instructions by disabling debug mode, which in turn creates an infinite redirect loop when opening the back-end area, only to leave them scratching their heads

Ultimately it is the web server configuration's job to handle the enforcement of HTTPS, the app no longer enforces it as a strong opinion, but we still keep the setting available as a convenient security check for standard environments that do not use a reverse proxy
 2020-01-18 18:05:26 +11:00
Samuel Georges 8da798a5cd Remove XSRF cookie 
This was a contentious change is generally a bad idea to blanket all requests with a dependant cookie. We will try something else.

Revert enableXsrfCookies setting. Fixes UX issue introduced where the token expires. This should be replaced by a CSRF policy that determines whether this is needed on the front end.
 2019-11-04 09:06:05 +11:00
Luke Towers 76db3355e6 Merge branch 'develop' of https://github.com/octobercms/october into develop 2019-10-30 08:09:07 -06:00
Luke Towers 959b85f56c Add cms.enableXsrfCookies config value (default true) to configure whether or not the XSRF cookie is automatically sent or if CSRF tokens are solely relied on. 
Related: https://github.com/octobercms/october/pull/4701#issuecomment-547773385 & https://github.com/laravel/framework/pull/24726
 2019-10-30 08:08:54 -06:00
Jan Boech cc9b48975d Typo in "Automatically run migrations on login" (#4727) 
Credit to @najbo.
 2019-10-30 16:57:47 +08:00
Samuell c21c22e1ba Add option to disable UpdateManager after backend login (#4266) 
Credit to @Samuell1. Fixes #3471.
 2019-07-19 14:50:42 -06:00
Ben Thomson a59d3b83eb Code quality clean up (#4449) 
Credit to @bennothommo
 2019-07-18 08:50:37 -06:00
Ayumi Hamasaki 884042952f Block off SW running in backend and reduce lookups (#4385) 
Credit to @ayumihamsaki. Related #4384
 2019-06-25 17:15:11 +03:00
Luke Towers 15e3bd131a
Merge pull request #4358 from octobercms/wip/file-improvements 
Use temporaryUrls for protected files if the storage driver supports them. Related: octobercms/library#406
 2019-06-02 20:49:12 -06:00
Samuel Georges 17cea816d8 enableDatabaseLayer -> databaseTemplates 2019-06-01 12:40:17 +10:00
Luke Towers ef4f1e49ee Added `temporaryUrlTTL` configuration option, switched is_a() to instanceof 2019-05-31 00:53:27 -06:00
Luke Towers a4802d5036 Minor updates to config cms.enableDatabaseLayer docs 2018-11-05 13:39:55 -06:00
Luke Towers 5dbfa133e7 Config file change and cms_themes_contents table migration 2018-11-01 21:53:16 -06:00
Lucas Thurston 85dd0b9968 Add config flag for disabling basedir restrictions for local development only (#3626) 
Fixes #3619. Credit to @lthurston
 2018-07-05 17:07:38 -04:00
Matteo 678916854e Add config to enable Twig strict_variables (#3370) 
Adds the cms.enableTwigStrictVariables config option to enable strict_variables in Twig for debugging purposes. See https://twig.symfony.com/doc/2.x/api.html#environment-options. Credit to @matteotrubini
 2018-01-26 10:59:45 -06:00
Samuel Georges 4a6e0e1e0e Implement CSRF token by default 
Implement CSRF protection on CMS for postback handling
 2017-10-30 09:00:17 +11:00
Christophe Vuagniaux e3a567cb78 Enable configuration of backend login session persistence (#2924) 
Thanks to @ChVuagniaux. Fixes #2394
 2017-06-22 14:34:16 -06:00
Samuel Georges c7eb965af8 Introduce ignorePatterns to Media Library, ignoring dot files by default 
Roll back some changes from #2692
 2017-03-20 17:42:17 +11:00
Samuel Georges b447b8e056 Merge pull request #2692 from ctf0/regex-hide 
use regex to hide files under media manger
 2017-03-19 19:28:40 +11:00
Muah bcd75c84c0 use regex to hide files under media manger 2017-02-20 13:54:30 +02:00
Samuel Georges f608b1ac78 Remove query caching config 
Refs https://github.com/octobercms/library/pull/253#issuecomment-279944594
 2017-02-15 20:57:42 +11:00
Samuel Georges d0d45f839c Disable db memory cache for tests 
Refs https://github.com/octobercms/library/pull/253
 2017-02-15 08:12:25 +11:00
Samuel Georges d19f0a1229 Add config for duplicate database query cache 
Refs https://github.com/octobercms/library/pull/253
 2017-02-11 08:18:42 +11:00
Samuel Georges dc85993584 Minor improvements 
Add navbar-default styling out of the box
 2017-02-03 05:40:24 +11:00
Samuel Georges b2301a8056 Add new config cms.forceBytecodeInvalidation 
Refs #2385
 2017-01-31 07:23:58 +11:00
Samuel Georges 6af6ebe733 Added config backendForceSecure used to force HTTPS 
Refs https://security.googleblog.com/2016/09/moving-towards-more-secure-web.html
 2016-12-17 10:16:02 +11:00
Scott Bedard a12ed5e19e Break apart run-on sentence 2016-11-30 19:11:40 -07:00
Samuel Georges b08e2c4912 Introduce deep hashing on asset combiner 
Added cms.enableAssetDeepHashing config item, disabled by default
Recompile assets
Refs #2248
Refs https://github.com/octobercms/library/pull/225
 2016-07-30 15:06:50 +10:00
Samuel Georges 5fef21e892 Minor reorg 2016-06-23 07:37:29 +10:00
Samuel Georges 4df7c6704e Introduce locale variants 
Australia
Canada
UK
 2016-04-23 13:13:52 +10:00
Samuel Georges 6c081d9265 Combine editor preferences and backend preferences 
Add backend timezone setting used for converting display dates
 2016-04-23 05:31:05 +10:00
Samuel Georges 3cac52afd4 Default is null, not false 2016-03-25 10:42:14 +11:00
Samuel Georges f1aa720086 Create a safe mode to disable code field in the CMS 
Fixes #1756
 2016-03-25 10:05:04 +11:00
Samuel Georges a6b007e55c Rejigg the config so backendUri is more prominent 2016-03-09 20:48:18 +11:00
Samuel Georges 43e4a23161 Rollback changes from 7b174e6ce8 2016-01-04 18:46:23 +11:00
Pásztor Gábor 7b174e6ce8 Add missing config file, remove php 5.4 support. 2016-01-02 15:41:27 +01:00
Samuel Georges 606892143b Added new security config option cms.enableCsrfProtection 2015-07-04 09:31:28 +10:00
Samuel Georges 06ec662131 Update Chinese (China) language - Fixes #1237 without 10 commits 2015-06-27 09:46:05 +10:00
Samuel Georges c9cf2b4352 Roll back redirection function 
This is a magical solution to a non-issue (aesthetic), it could easily be introduced by a plugin and is not a good substitute for proper web server configuration. Eg, Apache:

    ##
    ## Directory Listing attempts
    ##
    DirectorySlash Off
    RewriteOptions AllowNoSlash

    ##
    ## Redirect Trailing Slashes...
    ##
    RewriteRule ^(.*)/$ /$1 [L,R=301]
 2015-05-18 19:09:03 +10:00
Samuel Georges bb6910a068 Add internal redirects (cms.enableRedirects) 
The application will now perform redirects to prevent duplicate content and enforce the linking policy.
Fixes #665
Fixes #1023
 2015-05-16 12:19:11 +10:00
Pásztor Gábor b3dcce6d2a Updates on Brand Settings 2015-03-11 20:30:41 +01:00
Samuel Georges 54fe8452e5 uploadsPath -> cms.storage.uploads.path 2015-02-23 19:55:41 +11:00