8e86d38804
* Integration tests: Memoize request handler as well This is useful to send HTTP requests (or their PSR-7 equivalents) through the entire application's middleware stack (instead of talking to specific controllers, which should be considered implementation detail). * Add tests for CSRF token check * Integration tests: Configure vendor path Now that this is possible, make the easy change... * Implement middleware for CSRF token verification This fixes a rather large oversight in Flarum's codebase, which was that we had no explicit CSRF protection using the traditional token approach. The JS frontend was actually sending these tokens, but the backend did not require them. * Accept CSRF token in request body as well * Refactor tests to shorten HTTP requests Multiple tests now provide JSON request bodies, and others copy cookies from previous responses, so let's provide convenient helpers for these. * Fixed issue with tmp/storage/views not existing, this caused tmpname to notice. Fixed csrf test that assumed an access token allows application access, which is actually api token. Improved return type hinting in the StartSession middleware * Using a different setting key now, so that it won't break tests whenever you re-run them once smtp is set. Fixed, badly, the test to create users etc caused by the prepareDatabase flushing all settings by default. * added custom view, now needs translation |
||
|---|---|---|
| .github | ||
| .travis | ||
| js | ||
| less | ||
| migrations | ||
| src | ||
| stubs/migrations | ||
| tests | ||
| views | ||
| .deploy.enc | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .styleci.yml | ||
| .travis.yml | ||
| CHANGELOG.md | ||
| composer.json | ||
| LICENSE | ||
| README.md | ||
About Flarum
Flarum is a delightfully simple discussion platform for your website. It's fast and easy to use, with all the features you need to run a successful community. It is designed to be:
-
Fast and simple. No clutter, no bloat, no complex dependencies. Flarum is built with PHP so it’s quick and easy to deploy. The interface is powered by Mithril, a performant JavaScript framework with a tiny footprint.
-
Beautiful and responsive. This is forum software for humans. Flarum is carefully designed to be consistent and intuitive across platforms, out-of-the-box.
-
Powerful and extensible. Customize, extend, and integrate Flarum to suit your community. Flarum’s architecture is amazingly flexible, with a powerful Extension API.
Installation
This repository contains Flarum's core code. If you want to set up a forum, visit the Flarum skeleton repository.
Contributing
Thank you for considering contributing to Flarum! Please read the Contributing guide to learn how you can help.
Security Vulnerabilities
If you discover a security vulnerability within Flarum, please send an e-mail to security@flarum.org. All security vulnerabilities will be promptly addressed.
License
Flarum is open-source software licensed under the MIT License.