Merge branch 'master' of https://github.com/gnh1201/reasonableframework

SECURITY.md

@@ -6,10 +6,7 @@ Even if you do not use a sponsor-only security module, the default security in o
 Please note that this program is for those who want better security than the default.
 
 ## Related files
-- helper/sec-fw.lnk.php
+- helper/securitytool.lnk.php
-- helper/sec-ddos.lnk.php
-- helper/sec-ws.lnk.php
-- helper/sec-scc.lnk.php
 
 ## Minimum tier
 - 4 USD/monthly (Special thanks + Up to contributors)

cli.php

@@ -12,6 +12,7 @@ define("_DEF_VSPF_", true); // compatible to VSPF
 define("_DEF_RSF_", true); // compatible to RSF
 define("APP_DEVELOPMENT", false); // set the status of development
 define("DOC_EOL", "\r\n"); // set the 'end of line' commonly
+define("SECURITY_VENDOR", false); // advanced security: set security vendor(company) code
 
 // check if current status is development
 if(APP_DEVELOPMENT == true) {

index.php

@@ -13,7 +13,7 @@ define("_DEF_VSPF_", true); // compatible to VSPF
 define("_DEF_RSF_", true); // compatible to RSF
 define("APP_DEVELOPMENT", false); // set the status of development
 define("DOC_EOL", "\r\n"); // set the 'end of line' commonly
-define("CORS_DOMAINS", false); // common security: allow origin domains
+define("CORS_DOMAIN", false); // common security: allow origin domains
 define("SECURITY_VENDOR", false); // advanced security: set security vendor(company) code
 
 // check if current status is development
@@ -23,8 +23,8 @@ if(APP_DEVELOPMENT == true) {
 }
 
 // CORS Security (https or http)
-if(CORS_DOMAINS !== false) {
+if(CORS_DOMAIN !== false) {
-    $domains = explode(",", CORS_DOMAINS);
+    $domains = explode(",", CORS_DOMAIN);
     $_origin = array_key_exists("HTTP_ORIGIN", $_SERVER) ? $_SERVER['HTTP_ORIGIN'] : "";
     $origins = array();
     if(!in_array("*", $domains)) {