remco/Atomcms-edit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
78 Commits 1 Branch 0 Tags
4b6872e5e0033ba28b16c9d9163b569169b78c6b
Commit Graph

14 Commits

Author SHA1 Message Date
root 4b6872e5e0 Low priority fixes: debug comments, Fortify cleanup, badge cost setting, profile query merge, User model fixes, VPN constructor cleanup, PayPal POST, PII removal, Dutch→English translations, duplicate rank check, CHANGELOG 2026-06-04 19:57:01 +02:00
root 1f04979ffe Remove all auto-update functionality (commands, services, widgets, blades, translations) 2026-06-03 22:54:39 +02:00
root e34300a8a1 Add /client/* to CORS paths 2026-05-26 19:15:50 +02:00
root e754858c84 Remove nonexistent PHP 8.5 constraint, restrict CORS allowed_headers 2026-05-26 17:08:31 +02:00
root 769abddeca Disable Boost browser_logs_watcher by default, remove old browser.log 2026-05-26 17:05:17 +02:00
root c0077a6039 Fix session same_site to use env, fix Article model import, remove unused traits 2026-05-26 16:59:49 +02:00
root 55b5aab458 Security fixes: remove dangerous public scripts, add .htaccess hardening, disable log-viewer by default, remove root index.php 2026-05-26 16:52:09 +02:00
root 93e6f6a273 Add (bool) type casts to all boolean env() calls across config files 2026-05-26 16:40:52 +02:00
root f5c21e36f1 Add (bool) type casts to all boolean env() calls in config/habbo.php 2026-05-26 16:37:29 +02:00
root bf3b474ee1 feat: complete configuration and database upgrade to native mariadb driver 2026-05-24 18:43:57 +02:00
root 81839c7202 chore: update doctrine/dbal to v4, activitylog to v5, sluggable to v4, roadrunner-http to v4 2026-05-23 17:20:57 +02:00
root a07d216635 fix: update axios, move env() to config, cache config/routes/events/filament 2026-05-21 16:23:56 +02:00
root 7f59024bef fix(security): patch critical security vulnerabilities 
- Remove User::$guarded = [] to prevent mass assignment attacks
- Enable SQL strict mode and disable emulated prepares (SQL injection prevention)
- Switch password hashing from bcrypt to argon2id (stronger algorithm)
- Enable session encryption to protect session data at rest
- Restrict TrustProxies to localhost only (prevent IP spoofing)
- Restrict CORS allowed_methods via env variable instead of wildcard
- Add PayPal amount mismatch detection to prevent payment manipulation
- Add double-capture prevention (idempotency check)
- Add expected_amount column to transactions table for verification
 2026-05-19 19:37:15 +02:00
root 9d73f82529 Initial commit 2026-05-09 17:32:17 +02:00