Commit Graph

848 Commits (c96172fa044d847fee237d966a6e75f8be5afa4d)

Author SHA1 Message Date
Andrew Dolgov 8d2e3c2528 drop errors.php and simplify error handling 4 years ago
Andrew Dolgov 29ada58b4a move db-prefs shortcut functions to functions.php 4 years ago
Andrew Dolgov 12bcf826e4 don't include config.php everywhere 4 years ago
Andrew Dolgov e4107ac952 wip: initial for config object 4 years ago
Andrew Dolgov 42173386b3 dirname(__FILE__) -> __DIR__ 4 years ago
Andrew Dolgov e4609c18ef * add (disabled) shortcut syntax for plugin methods
* add controls shortcut for pluginhandler tags
 * add similar shortcut for frontend
 * allow plugins to selectively exclude their methods from CSRF checking
4 years ago
Andrew Dolgov 9d7ba773ec move session-related functions to their own namespace 4 years ago
Andrew Dolgov 9f55454f63 remove the rest of db.php; rename some leftover methods in feeds 4 years ago
Andrew Dolgov 91285e3868 router: add additional logging for refused requests; reject requests for methods starting with _ 4 years ago
Andrew Dolgov 6af83e3881 drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed 4 years ago
Andrew Dolgov e6624cf631 fix a few more session-related warnings 4 years ago
Andrew Dolgov 403dca154c initial WIP for php8; bump php version requirement to 7.0 4 years ago
Andrew Dolgov 8aa1b0fed6 purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???) 4 years ago
Andrew Dolgov 490df818aa router: only allow functions without required parameters as handler methods 4 years ago
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 4 years ago
Andrew Dolgov 154417d80b public/logout: require valid CSRF token 4 years ago
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov 63ee91c82e backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
5 years ago
Andrew Dolgov 0697eca0e1 remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4 5 years ago
Andrew Dolgov c43f3e469e update intervals: use less broken english for a change 10 years ago
Andrew Dolgov 27f7b59353 add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible 10 years ago
Andrew Dolgov 1f29443530 fix missing DB object when instantiated to import opml 12 years ago
Andrew Dolgov 1ffe3391f9 make pluginhost a singleton 12 years ago
Andrew Dolgov eefaa2df38 remove db_connect, db_close; CLI fixes 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov 404e2e3603 more work on singleton-based DB 12 years ago
Andrew Dolgov ba68b6815a db updates, remove init_connection() 12 years ago
Andrew Dolgov ccfa90803b backend: add session validation check 12 years ago
Andrew Dolgov 2e35a7070b generated feeds: support if-modified-since 12 years ago
Andrew Dolgov 1ebf3b979e replace getmicrotime() wrapper with microtime(true) (2) 12 years ago
Andrew Dolgov 7d1a91d56c use text/json content-type in a few more places 12 years ago
Andrew Dolgov 23419d117b modify includes to init session before translations are applied 12 years ago
Andrew Dolgov de612e7a38 experimental support for per-user plugins (bump schema) 12 years ago
Andrew Dolgov 19b3992b78 remove magpie, fix article filter plugins 12 years ago
Andrew Dolgov 8dcb2b4762 implement plugin routing masks, add example plugin 12 years ago
Andrew Dolgov 19c7350770 experimental new plugin system 12 years ago
Andrew Dolgov 88e8fb3a71 modify include path order (closes #514) 12 years ago
Andrew Dolgov 675f198a7c rework login form 12 years ago
Andrew Dolgov 97acbaf190 login system fixes
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
12 years ago
Andrew Dolgov 304aadb907 remove twitter-specific code 12 years ago
Andrew Dolgov 9aceda3afc remove hook-based plugins 12 years ago
Andrew Dolgov 369dbc19d6 rework class system to use subdirectories
add placeholder plugin/hook system
12 years ago
Andrew Dolgov 143d1b31a8 routing: check if created handler is a subclass of Handler 12 years ago
Andrew Dolgov 0d421af86f split authentication to separate modules 12 years ago
Andrew Dolgov 545ca06789 do not perform sanity checks on each backend request 13 years ago
Andrew Dolgov 6a79e8afeb only enable ob_gzhandler if it exists 13 years ago
Andrew Dolgov 66b042fcfe do not generate warning on csrf_token being unassigned 13 years ago
Andrew Dolgov 7a5d9b95c4 disable csrf logging 13 years ago
Andrew Dolgov 8484ce2258 experimental CSRF protection 13 years ago
Andrew Dolgov f03a795de7 include path fix for lighttpd 13 years ago