Commit Graph

13 Commits

Author SHA1 Message Date
Damian Mooyman
db0cad4616 BUG ErrorControlChain now supports exception handling 2014-09-26 16:54:34 +12:00
Damian Mooyman
eb069e605d Remove all redundant whitespace 2014-08-19 09:17:15 +12:00
Damian Mooyman
d3c7e41419 BUG using isDev or isTest query string no longer triggers basic auth 2014-07-02 11:51:51 +12:00
Ingo Schommer
ec325a3c7f API Fix HTTPS proxy header detection
Didn't use the de facto standard HTTP_X_FORWARDED_PROTO or the less standard HTTP_FRONT_END_HTTPS.
Removed the 'X-Forwarded-Proto', since PHP should prefix/underscore all HTTP headers before it hits $_SERVER.

References:
- https://docs.djangoproject.com/en/1.4/ref/settings/#secure-proxy-ssl-header
- https://drupal.org/node/1859252
- https://drupal.org/node/313145
- http://scottwb.com/blog/2013/02/06/always-on-https-with-rails-behind-an-elb/
2014-05-22 18:34:15 +12:00
Hamish Friedlander
4a7aef0e25 FIX Double slashes in ParameterConfirmationToken 2013-08-19 11:35:34 +12:00
Hamish Friedlander
041466fe02 FIX Token redirect where in IIS a / needs adding between host & url 2013-08-05 09:15:11 +12:00
Hamish Friedlander
342058742c FIX Flush on memory exhaustion and headers sent 2013-08-02 09:41:16 +12:00
Hamish Friedlander
a1ea905ca8 FIX Nice errors and allows flush on module removal 2013-07-24 09:57:01 +12:00
Hamish Friedlander
84011aa736 FIX Only suppress fatal errors 2013-07-22 14:48:16 +12:00
Hamish Friedlander
604d9bf7dc Split Core.php into Constants.php and Core.php and adjust main.php startup
The recent flush filter fix had a problem that you couldnt set a custom
BASE_PATH in _ss_environment because that file didnt get included until
after checking the confirmation token. This patch pulls the part of Core.php
that defines BASE_PATH into a seperate file that can be included earlier
in the startup sequence so that ParameterConfirmationToken can access it.

Core.php includes Constants.php with a require_once call, so for startup
scripts that dont pull in Constants.php themselves (like cli-script.php)
no change is needed.
2013-07-22 13:52:00 +12:00
Hamish Friedlander
a312cd08e1 FIX: Ignore invalid tokens instead of throwing 403 2013-07-19 14:47:05 +12:00
Hamish Friedlander
036c36a7dd FIX: Have ParameterConfirmationToken work regardless of include path 2013-07-19 14:33:56 +12:00
Hamish Friedlander
1298d4a5bd FIX Prevent DOS by checking for env and admin on ?flush=1 (#1692) 2013-07-19 12:24:32 +12:00