1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 16:33:00 +00:00

Changelog: more fiddling

This commit is contained in:
Starbeamrainbowlabs 2020-07-28 20:00:49 +01:00
parent 334c3956c7
commit 8e93ea65dc
Signed by: sbrl
GPG key ID: 1BE5172E637709C2

View file

@ -34,11 +34,11 @@ Make sure you have PHP 7.3+ when you update past this point! It isn't the end of
- Don't worry, we've absorbed all the useful features (see above) - Don't worry, we've absorbed all the useful features (see above)
- NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch) - NOTE TO SELF: Don't forget to update wikimatrix.org when we next make a stable release! (if you are reading this in the release notes for a stable release, please get in touch)
- Enabled horizontal resize handle on sidebar (but it doesn't persist yet) - Enabled horizontal resize handle on sidebar (but it doesn't persist yet)
- `SameSite=Strict` is now set on all cookies in PHP 7.3+ - [security] `SameSite=Strict` is now set on all cookies in PHP 7.3+
- This prevents session-stealing attacks from third-party origins - This prevents session-stealing attacks from third-party origins
- This complies with the [new samesite cookies rules](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#SameSiteNone_requires_Secure). - This complies with the [new samesite cookies rules](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite#SameSiteNone_requires_Secure).
- A warning is generated in PHP 7.2 and below = [please upgrade](https://www.php.net/supported-versions.php) to PHP 7.3+! (#200) - A warning is generated in PHP 7.2 and below = [please upgrade](https://www.php.net/supported-versions.php) to PHP 7.3+! (#200)
- The `Secure` cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new `cookie_secure` setting) - [security] The `Secure` cookie flag is now automatically added when clients use HTTPS to prevent downgrade-based session stealing attacks (control this with the new `cookie_secure` setting)
- Standardised prefixed to (most) `error_log()` calls to aid clarity in multi-wiki environments - Standardised prefixed to (most) `error_log()` calls to aid clarity in multi-wiki environments
### Fixed ### Fixed