[RTM] Match security firewall based on request scope #677
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Toflar
approved these changes
Jan 22, 2017
|
👍 |
|
PR is updated to use the new request matchers instead of the |
aschempp
changed the title
xchs
reviewed
Jan 23, 2017
| } | ||
|
|
||
| /** | ||
| * Checks whether the request is a Contao the master request. |
There was a problem hiding this comment.
… is a Contao master request.
aschempp
changed the title
aschempp
force-pushed
the
security-matcher
branch
from
59d218f
to
cf7c49c
Compare
aschempp
force-pushed
the
security-matcher
branch
from
efe439c
to
09b548b
Compare
agoat
pushed a commit
to agoat/contao-core-bundle
that referenced
this pull request
Apr 10, 2017
* Make Symfony 3.2 the minimum requirement (see contao#630). * Set the encryption key from the kernel secret by default (see contao#660). * Stop using the deprecated QuestionHelper::setInputStream() method. * Update Dropzone to version 4. * Prefer the caret operator over the tilde operator in the composer.json file. * Add the contao.root_dir parameter (see contao#662). * Update the change log. * Stop using the contao-components/all meta package. * Update the README.md file. * Deprecate the contao:version command (see contao#668). * Update the installation path. * Auto-select the active page in the quick navigation/link module (see contao/core#8587). * Look up the form class and allow to choose the type (see contao/core#8527). * Add PHP Toolbox support (see contao#565). * Remove the arrow brackets in the book navigation template (see contao/core#8607). * Add a bottom padding to the buttons layer. * Add the contao.web_dir parameter (see contao/installation-bundle#40). * Fix the tests. * Match security firewall based on request scope (see contao#677). * Fix an issue found by Scrutinizer. * Use the contao.web_dir parameter in the Combiner (see contao#679). * Fix the tests. * Add stripRootDir() method to System class (see contao#683). * Add the contao.image.target_dir parameter (see contao#684). * The ContaoCoreExtension::overwriteImageTargetDir() is not deprecated. * Support custom backend routes (see contao#512). * Use the scope matcher instead of checking the request attribute (see contao#688). * Replace every occurrence of $contaoFramework with $framework. * Fix an issue found by Scrutinizer. * Fix deprecations in unit tests (see contao#687). * Added a DBAL field type for UUIDs (see contao#415). * Support importing form field options from a CSV field (see contao#444). * Fix the coding style and the unit tests. * Add the Doctrine field type in the config.yml file. doctrine: dbal: types: binary_string: class: "Contao\\CoreBundle\\Doctrine\\DBAL\\Types\\BinaryStringType" commented: true * Add a basic unit test for the BackendCsvImportController class. * Update the change log. * Fix rebuilding the search index (see contao#689). * Also handle „no origin“ and „empty origin“ in the CORS provider. * Remove an unused use statement. * Remove the security.yml file and update the README.md file. * Improve the e-mail extraction in the text element (thanks to Martin Auswöger). * Rename the Test namespace to Tests. * Update the composer.json file. * Update the .php_cs file. * Raise the minimum PHP version to 5.6 (see contao#701). * Support using objects in callback arrays (see contao#699). * Use try-finally blocks to close all output buffers when downloading a file (see contao#714). * Fix the coding style. * Only prefix an all numeric alias when standardizing (see contao#707). * Adjust the test namespaces. * Allow to manually pass a value to any widget (see contao#674). * Add a change log entry and fix the tests. * Disable the picker buttons if the main window does not show a picker. * Use the file manager instead of the file picker. * Use the site structure instead of the page picker. * Always show the selected nodes. * Add the menu builder.
leofeyer
added a commit
that referenced
this pull request
Aug 28, 2019
leofeyer
added a commit
that referenced
this pull request
Aug 30, 2019
Description ----------- This is a follow-up on #657, #677 and #682. It implements the new template loading by looking up the keys in `TL_CTE`, `TL_FFL` and `FE_MOD` as discussed in Mumble on August 29th. Commits ------- de3089b7 Hide mod_article_list when searching for custom mod_article templates 7b6ce852 Replace "root template" with "bundle template" 1ee232da Support passing an additional mapper array as second argument
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There is one fundamental problem in the current implementation:
TL_MODE.With this PR the firewall is no longer matching the path but only the request scope. This also means a route without request scope will no longer have a Contao firewall.
This also replaces #619 as a request matcher is the right way to detect Contao frontend or backend.
TODOs