Andrew Dolgov
e4609c18ef
* add (disabled) shortcut syntax for plugin methods
...
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
4 years ago
Andrew Dolgov
9d7ba773ec
move session-related functions to their own namespace
4 years ago
Andrew Dolgov
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
4 years ago
Andrew Dolgov
91285e3868
router: add additional logging for refused requests; reject requests for methods starting with _
4 years ago
Andrew Dolgov
6af83e3881
drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed
4 years ago
Andrew Dolgov
e6624cf631
fix a few more session-related warnings
4 years ago
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
4 years ago
Andrew Dolgov
8aa1b0fed6
purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)
4 years ago
Andrew Dolgov
490df818aa
router: only allow functions without required parameters as handler methods
4 years ago
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
4 years ago
Andrew Dolgov
154417d80b
public/logout: require valid CSRF token
4 years ago
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
5 years ago
Andrew Dolgov
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
5 years ago
Andrew Dolgov
c43f3e469e
update intervals: use less broken english for a change
9 years ago
Andrew Dolgov
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
10 years ago
Andrew Dolgov
1f29443530
fix missing DB object when instantiated to import opml
12 years ago
Andrew Dolgov
1ffe3391f9
make pluginhost a singleton
12 years ago
Andrew Dolgov
eefaa2df38
remove db_connect, db_close; CLI fixes
12 years ago
Andrew Dolgov
6322ac79a0
remove $link
12 years ago
Andrew Dolgov
404e2e3603
more work on singleton-based DB
12 years ago
Andrew Dolgov
ba68b6815a
db updates, remove init_connection()
12 years ago
Andrew Dolgov
ccfa90803b
backend: add session validation check
12 years ago
Andrew Dolgov
2e35a7070b
generated feeds: support if-modified-since
12 years ago
Andrew Dolgov
1ebf3b979e
replace getmicrotime() wrapper with microtime(true) (2)
12 years ago
Andrew Dolgov
7d1a91d56c
use text/json content-type in a few more places
12 years ago
Andrew Dolgov
23419d117b
modify includes to init session before translations are applied
12 years ago
Andrew Dolgov
de612e7a38
experimental support for per-user plugins (bump schema)
12 years ago
Andrew Dolgov
19b3992b78
remove magpie, fix article filter plugins
12 years ago
Andrew Dolgov
8dcb2b4762
implement plugin routing masks, add example plugin
12 years ago
Andrew Dolgov
19c7350770
experimental new plugin system
12 years ago
Andrew Dolgov
88e8fb3a71
modify include path order ( closes #514 )
12 years ago
Andrew Dolgov
675f198a7c
rework login form
12 years ago
Andrew Dolgov
97acbaf190
login system fixes
...
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
12 years ago
Andrew Dolgov
304aadb907
remove twitter-specific code
12 years ago
Andrew Dolgov
9aceda3afc
remove hook-based plugins
12 years ago
Andrew Dolgov
369dbc19d6
rework class system to use subdirectories
...
add placeholder plugin/hook system
12 years ago
Andrew Dolgov
143d1b31a8
routing: check if created handler is a subclass of Handler
12 years ago
Andrew Dolgov
0d421af86f
split authentication to separate modules
12 years ago
Andrew Dolgov
545ca06789
do not perform sanity checks on each backend request
13 years ago
Andrew Dolgov
6a79e8afeb
only enable ob_gzhandler if it exists
13 years ago
Andrew Dolgov
66b042fcfe
do not generate warning on csrf_token being unassigned
13 years ago
Andrew Dolgov
7a5d9b95c4
disable csrf logging
13 years ago
Andrew Dolgov
8484ce2258
experimental CSRF protection
13 years ago
Andrew Dolgov
f03a795de7
include path fix for lighttpd
13 years ago
Andrew Dolgov
de8260cb10
move API to classes/
13 years ago
Andrew Dolgov
5f0a3741d0
add Public_Handler
...
misc code cleanup
13 years ago
Andrew Dolgov
8e17d6636e
add Pref_Filters
13 years ago
Andrew Dolgov
66665fba79
add Pref_Users class
13 years ago
Andrew Dolgov
cbe50c800d
add pref_labels class
13 years ago