Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
1,144 Commits 1 Branch 0 Tags
Commit Graph

13 Commits

Author SHA1 Message Date
Frank Hochmuth
c745e50a43
Encodes $subject with MIME base64 2023-12-29 19:22:06 +01:00
azett
516bdc173a check for correct admin referer on delete entry (see #64) 2022-12-30 12:46:35 +01:00
azett
88494f5526 check for correct admin referer on deletefile (see #64) 2022-12-29 15:01:49 +01:00
azett
d8991285c6 added API doc; fixed code formatting 2022-12-29 14:20:31 +01:00
azett
34fb2f3e6b HttpOnly flag for session cookie to prevent possible XSS - thx @melbinkm! 2022-10-01 14:07:54 +02:00
azett
92475a3dd6 Fixed #95: Error at prev link on first / next link on last entry. 2022-06-18 11:45:01 +02:00
azett
e2a6bf1a8a Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag. Thanks for reporting! 2021-10-23 20:25:09 +02:00
azett
f265b22b0b Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn! 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
 2020-12-19 14:02:27 +01:00
real_nowhereman
0d6ef5c515 using wp cookie-safe redirect; this should be hopefully 'free' (= shouldn't have drawbacks) 2008-03-17 20:27:00 +00:00
real_nowhereman
f5bd65f529 the choice between 2 hashing algos was preventing maximum portability (if the target platform lacked the optional algorithm, while the install platform had it you couldn't login anymore): I've chosen salted md5, which is probably easier to find (well, I tested on 2 servers and they both lacked the other one: I was MAD): the salt is however very long, and once created you can edit it and reinstall again to make it even stronger 2008-02-20 17:53:09 +00:00
real_nowhereman
c0642e4f0f huge security commit, this should be an almost hassle-free hash salt: the salt is created on setup and then STORED in fp-content/config/hashsalt.conf.php 
(you can change the name of the file from defaults.php); 

as salt is based on the path on the server, if you had to move to another directory or to another server, then you wouldn't be able to login anymore and you had to reinstall, now this shouldn't be needed anymore; moreover as this is now safe in a file we can add additional security by
* concatenating the default paths+random blog id to another random number, which is not written anywhere else
* changing the contents with your very own salt string: then re-run setup and overwrite your old user: the hashsalt won't be overwritten (this needs testing)
 2008-02-10 14:20:09 +00:00
real_nowhereman
725a70f1d0 finally moved from simple md5 to salted wp_hash ; please remember to REINSTALL and OVERWRITE your old user in order to be able to login ! 2008-01-01 09:34:41 +00:00
real_nowhereman
a68630bf35 First revision of FlatPress Crescendo+1 ( 0.703+n :) ) 2007-10-30 10:30:07 +00:00