Beanz/flatpress
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
807 Commits 1 Branch 0 Tags
Commit Graph

16 Commits

Author SHA1 Message Date
azett
d8991285c6 added API doc; fixed code formatting 2022-12-29 14:20:31 +01:00
azett
34fb2f3e6b HttpOnly flag for session cookie to prevent possible XSS - thx @melbinkm! 2022-10-01 14:07:54 +02:00
azett
e2a6bf1a8a Fixed security issue reported by huntr.dev: Session cookie missed the "secure" flag. Thanks for reporting! 2021-10-23 20:25:09 +02:00
azett
83e1644c0f Restored some changes from the last commit. Turns out, the HASHSALT_FILE is still used elsewhere ó_Ò 2020-12-19 19:25:52 +01:00
azett
f265b22b0b Fix for #59: Updated password hash algorithm from md5 to bcrypt (via password_hash() function). Thanks a lot, @axelhahn! 
In detail: Added function io_delete_file(). Removed system_hashsalt_save(). Added password hash update mechanics to user_login().
 2020-12-19 14:02:27 +01:00
azett
c1e368b222 Uploader checks for forbidden files more carefully. And: #56 fixed. Thanks again, Matthias! 2020-09-06 12:22:55 +02:00
azett
23c4c33ee1 Overhauled v0.812.2 fix for local file inclusion vulnerability. For details, see http://www.guanting.com/security/exploit/information/27269.html . 2019-12-25 19:39:07 +01:00
azett
d8de4bfb02 Replaced some more class-named constructors (and calls to them). 
Removed unused and/or commented code.
Replaced calls to deprecated each() with array_shift() (not completely done yet, still some more to fix!).
Replaced call to deprecated create_function() with real callback function.
 2018-10-03 13:53:40 +02:00
real_nowhereman
fbbe7acc4e set fp_user=null to be sure... 2011-04-03 20:24:08 +00:00
real_nowhereman
1bcdd215b1 nasty auth bug 2011-04-03 17:15:36 +00:00
real_nowhereman
af198950ca local file inclusion 2009-09-26 15:55:21 +00:00
real_nowhereman
eccfec41ee porting to PHP5-style object assignments (it should work now...) 2009-07-23 15:19:06 +00:00
real_nowhereman
744e16a9bb reverting awful mess in fp-includes 2009-07-21 16:41:35 +00:00
real_nowhereman
5e7f579ff5 future proofing, changed all object assignments to PHP5-style 2009-07-21 07:24:42 +00:00
real_nowhereman
725a70f1d0 finally moved from simple md5 to salted wp_hash ; please remember to REINSTALL and OVERWRITE your old user in order to be able to login ! 2008-01-01 09:34:41 +00:00
real_nowhereman
a68630bf35 First revision of FlatPress Crescendo+1 ( 0.703+n :) ) 2007-10-30 10:30:07 +00:00