remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
81 Commits 1 Branch 0 Tags
36887244e6b357cc496a713b838ed1468f471a4b
Commit Graph

17 Commits

Author SHA1 Message Date
root 36887244e6 Fix config/app.php missing semicolon (caused 500) 2026-06-04 20:22:51 +02:00
root 9b5c655c68 High priority fixes: PayPal env(), RadioApiKey Bearer-only, User restrict, SettingsService TTL, PHPStan config, + fix 7 broke points (forceFill) 2026-06-04 20:17:45 +02:00
root b2bb1811d0 Medium priority fixes: CORS from env, shared HasRadioSettings trait, lazy RconService, validated() fixes, LogoGenerator hardening, DB indexes, user profile consistency, radio rank N+1 fix 2026-06-04 20:05:36 +02:00
root 4b6872e5e0 Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG 2026-06-04 19:57:01 +02:00
root 1f04979ffe Remove all auto-update functionality (commands, services, widgets, blades, translations) 2026-06-03 22:54:39 +02:00
root e34300a8a1 Add /client/* to CORS paths 2026-05-26 19:15:50 +02:00
root e754858c84 Remove nonexistent PHP 8.5 constraint, restrict CORS allowed_headers 2026-05-26 17:08:31 +02:00
root 769abddeca Disable Boost browser_logs_watcher by default, remove old browser.log 2026-05-26 17:05:17 +02:00
root c0077a6039 Fix session same_site to use env, fix Article model import, remove unused traits 2026-05-26 16:59:49 +02:00
root 55b5aab458 Security fixes: remove dangerous public scripts, add .htaccess hardening, disable log-viewer by default, remove root index.php 2026-05-26 16:52:09 +02:00
root 93e6f6a273 Add (bool) type casts to all boolean env() calls across config files 2026-05-26 16:40:52 +02:00
root f5c21e36f1 Add (bool) type casts to all boolean env() calls in config/habbo.php 2026-05-26 16:37:29 +02:00
root bf3b474ee1 feat: complete configuration and database upgrade to native mariadb driver 2026-05-24 18:43:57 +02:00
root 81839c7202 chore: update doctrine/dbal to v4, activitylog to v5, sluggable to v4, roadrunner-http to v4 2026-05-23 17:20:57 +02:00
root a07d216635 fix: update axios, move env() to config, cache config/routes/events/filament 2026-05-21 16:23:56 +02:00
root 7f59024bef fix(security): patch critical security vulnerabilities 
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
 2026-05-19 19:37:15 +02:00
root 9d73f82529 Initial commit 2026-05-09 17:32:17 +02:00