Contrary to the previous commit removing factory calls from per-every-request functionality, the isolated functionality of EntityForm classes and their tendency to modify the form on a per-request basis necessitates that, for consistent testing, they DO use the factoryinterface instead of using a singleton class.
Explanation: Users with the "administer users" permission could previously impersonate a user with the "administer all" permission, thus granting themselves escalated permissions. This is a limited security risk, since only users with the global "administer users" permission were able to exploit it.
- Switch to "storageless sessions" middleware
- Update azuracore/azuraforms to apply necessary changes
- Switch form CSRF handling to use Session's CSRF handler
- Avoid using "magic" string in flash messages, switch to using constants.
- Replace several "add %s", "remove %s", "manage %s" strings with dedicated strings for each action
- Make API responses locale-aware and translated
- Make CLI locale-aware and translated
- Add initial support for Turkish language
Implement an upgrade of the codebase to use Slim Framework version 4, which includes the following changes:
- Updating to Slim version 4 and the corresponding AzuraCore updates.
- Making all objects PSR-7 Request/Response agnostic (and creating RequestHelper and ResponseHelper objects to interact with the PSR-7 Req/Resp objects).
- Moving to PHP-DI as a DI container and implementing its autowiring support.
* Initial renaming to a single global App\ namespace.
* Move CSRF/Flash under Session, move Session under Request
* Use new Request Station helper
* Unify App/Acl and App/Acl/StationAcl
* Alphabetize composer.json
Buster "Silver Eagle" Neece
Vaalyn
Buster "Silver Eagle" Neece