Security tightening around logging, request paths, and cache handling#102
Open
AnnoyingTechnology wants to merge 9 commits into
Open
Security tightening around logging, request paths, and cache handling#102AnnoyingTechnology wants to merge 9 commits into
AnnoyingTechnology wants to merge 9 commits into
Conversation
Redact username and password before passing the login body to logFMQuery so credentials never reach QueryExecuted listeners. Bump minimum PHP to 8.2 and mark sensitive method params with #[\SensitiveParameter] to keep them out of stack traces.
Apply rawurlencode to database name, layout name, script name, and container field name before putting them in URL paths. Validate that record IDs are numeric.
Warn on plain HTTP unless allow_insecure_http is set. Add verify_ssl config option for self-signed cert setups. Apply TLS options to login, api, and disconnect requests.
Add redact_query_logs config option to mask fieldData, portalData, globalFields and script params in query logs. Existing logging behavior is preserved by default. Only include layout name in exceptions when app.debug is on.
Strip null bytes, path separators and control characters from custom upload filenames. Reject malformed file arrays before sending.
Use bounded TTL for session tokens instead of caching forever, defaults to 14 min (just under FM's 15 min session timeout). Configurable via session_token_ttl. Fix guardable-column cache key to include connection name so two connections sharing a layout name don't collide. Fix forceRefresh so it actually updates the static cache.
Member
|
This is a lot of changes in one PR and touches a lot of different areas. We can look at some of these things if you'd like to break it into smaller units, with one fix/change/feature at a time. |
Author
|
Yeah, I was aware of that doing it. If you substract the test suite foam, it's actually not that much. edit: if that's of any value (either positive or negative), it's been reviewed by both Opus 4.6 and Codex 5.4 without complaints. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
We use this package and we wanted to contribute a small security tightening pass that should benefit other users as well.
This PR focuses on reducing accidental exposure and hardening a few request-building paths without changing the
package’s overall shape.
Compatibility notes :