Cyb10101
c15c1dfb0b
if backend request 'op' is empty fixed
4 years ago
Andrew Dolgov
5eb0f3d640
bring back web dbupdate using new migrations system
4 years ago
Andrew Dolgov
d6629ed188
move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class
4 years ago
Andrew Dolgov
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
4 years ago
Andrew Dolgov
bf02afed45
check schema version on backend calls because session stuff does it anyway and it's already cached
4 years ago
Andrew Dolgov
afc7142250
move all $fetch globals to UrlHelper
4 years ago
Andrew Dolgov
dfff2cef7b
add basic updater for stuff in plugins.local
4 years ago
Andrew Dolgov
8d2e3c2528
drop errors.php and simplify error handling
4 years ago
Andrew Dolgov
29ada58b4a
move db-prefs shortcut functions to functions.php
4 years ago
Andrew Dolgov
12bcf826e4
don't include config.php everywhere
4 years ago
Andrew Dolgov
e4107ac952
wip: initial for config object
4 years ago
Andrew Dolgov
42173386b3
dirname(__FILE__) -> __DIR__
4 years ago
Andrew Dolgov
e4609c18ef
* add (disabled) shortcut syntax for plugin methods
...
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
4 years ago
Andrew Dolgov
9d7ba773ec
move session-related functions to their own namespace
4 years ago
Andrew Dolgov
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
4 years ago
Andrew Dolgov
91285e3868
router: add additional logging for refused requests; reject requests for methods starting with _
4 years ago
Andrew Dolgov
6af83e3881
drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed
4 years ago
Andrew Dolgov
e6624cf631
fix a few more session-related warnings
4 years ago
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
4 years ago
Andrew Dolgov
8aa1b0fed6
purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)
4 years ago
Andrew Dolgov
490df818aa
router: only allow functions without required parameters as handler methods
4 years ago
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
4 years ago
Andrew Dolgov
154417d80b
public/logout: require valid CSRF token
4 years ago
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
5 years ago
Andrew Dolgov
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
5 years ago
Andrew Dolgov
c43f3e469e
update intervals: use less broken english for a change
10 years ago
Andrew Dolgov
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
10 years ago
Andrew Dolgov
1f29443530
fix missing DB object when instantiated to import opml
12 years ago
Andrew Dolgov
1ffe3391f9
make pluginhost a singleton
12 years ago
Andrew Dolgov
eefaa2df38
remove db_connect, db_close; CLI fixes
12 years ago
Andrew Dolgov
6322ac79a0
remove $link
12 years ago
Andrew Dolgov
404e2e3603
more work on singleton-based DB
12 years ago
Andrew Dolgov
ba68b6815a
db updates, remove init_connection()
12 years ago
Andrew Dolgov
ccfa90803b
backend: add session validation check
12 years ago
Andrew Dolgov
2e35a7070b
generated feeds: support if-modified-since
12 years ago
Andrew Dolgov
1ebf3b979e
replace getmicrotime() wrapper with microtime(true) (2)
12 years ago
Andrew Dolgov
7d1a91d56c
use text/json content-type in a few more places
12 years ago
Andrew Dolgov
23419d117b
modify includes to init session before translations are applied
12 years ago
Andrew Dolgov
de612e7a38
experimental support for per-user plugins (bump schema)
12 years ago
Andrew Dolgov
19b3992b78
remove magpie, fix article filter plugins
12 years ago
Andrew Dolgov
8dcb2b4762
implement plugin routing masks, add example plugin
12 years ago
Andrew Dolgov
19c7350770
experimental new plugin system
12 years ago
Andrew Dolgov
88e8fb3a71
modify include path order ( closes #514 )
12 years ago
Andrew Dolgov
675f198a7c
rework login form
12 years ago
Andrew Dolgov
97acbaf190
login system fixes
...
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
12 years ago
Andrew Dolgov
304aadb907
remove twitter-specific code
12 years ago
Andrew Dolgov
9aceda3afc
remove hook-based plugins
12 years ago
Andrew Dolgov
369dbc19d6
rework class system to use subdirectories
...
add placeholder plugin/hook system
12 years ago
Andrew Dolgov
143d1b31a8
routing: check if created handler is a subclass of Handler
12 years ago