Commit Graph

833 Commits (d04ac399ff284e9747e3fb55e87d05e0a5b8d85f)

Author SHA1 Message Date
Andrew Dolgov 154417d80b public/logout: require valid CSRF token 4 years ago
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov 63ee91c82e backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
5 years ago
Andrew Dolgov 0697eca0e1 remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4 5 years ago
Andrew Dolgov c43f3e469e update intervals: use less broken english for a change 10 years ago
Andrew Dolgov 27f7b59353 add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible 10 years ago
Andrew Dolgov 1f29443530 fix missing DB object when instantiated to import opml 12 years ago
Andrew Dolgov 1ffe3391f9 make pluginhost a singleton 12 years ago
Andrew Dolgov eefaa2df38 remove db_connect, db_close; CLI fixes 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov 404e2e3603 more work on singleton-based DB 12 years ago
Andrew Dolgov ba68b6815a db updates, remove init_connection() 12 years ago
Andrew Dolgov ccfa90803b backend: add session validation check 12 years ago
Andrew Dolgov 2e35a7070b generated feeds: support if-modified-since 12 years ago
Andrew Dolgov 1ebf3b979e replace getmicrotime() wrapper with microtime(true) (2) 12 years ago
Andrew Dolgov 7d1a91d56c use text/json content-type in a few more places 12 years ago
Andrew Dolgov 23419d117b modify includes to init session before translations are applied 12 years ago
Andrew Dolgov de612e7a38 experimental support for per-user plugins (bump schema) 12 years ago
Andrew Dolgov 19b3992b78 remove magpie, fix article filter plugins 12 years ago
Andrew Dolgov 8dcb2b4762 implement plugin routing masks, add example plugin 12 years ago
Andrew Dolgov 19c7350770 experimental new plugin system 12 years ago
Andrew Dolgov 88e8fb3a71 modify include path order (closes #514) 12 years ago
Andrew Dolgov 675f198a7c rework login form 12 years ago
Andrew Dolgov 97acbaf190 login system fixes
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
12 years ago
Andrew Dolgov 304aadb907 remove twitter-specific code 12 years ago
Andrew Dolgov 9aceda3afc remove hook-based plugins 12 years ago
Andrew Dolgov 369dbc19d6 rework class system to use subdirectories
add placeholder plugin/hook system
12 years ago
Andrew Dolgov 143d1b31a8 routing: check if created handler is a subclass of Handler 12 years ago
Andrew Dolgov 0d421af86f split authentication to separate modules 12 years ago
Andrew Dolgov 545ca06789 do not perform sanity checks on each backend request 13 years ago
Andrew Dolgov 6a79e8afeb only enable ob_gzhandler if it exists 13 years ago
Andrew Dolgov 66b042fcfe do not generate warning on csrf_token being unassigned 13 years ago
Andrew Dolgov 7a5d9b95c4 disable csrf logging 13 years ago
Andrew Dolgov 8484ce2258 experimental CSRF protection 13 years ago
Andrew Dolgov f03a795de7 include path fix for lighttpd 13 years ago
Andrew Dolgov de8260cb10 move API to classes/ 13 years ago
Andrew Dolgov 5f0a3741d0 add Public_Handler
misc code cleanup
13 years ago
Andrew Dolgov 8e17d6636e add Pref_Filters 13 years ago
Andrew Dolgov 66665fba79 add Pref_Users class 13 years ago
Andrew Dolgov cbe50c800d add pref_labels class 13 years ago
Andrew Dolgov 678dda79e3 compat fix for old-style backend methods 13 years ago
Andrew Dolgov 4f09f594c2 move help to backend class 13 years ago
Andrew Dolgov 611efae712 add catchall backend class 13 years ago
Andrew Dolgov 1395083e94 add pref_prefs class 13 years ago
Andrew Dolgov afcfe6cad5 add pref_feeds class 13 years ago
Andrew Dolgov 3f3630529e implement tiny-OOP routing 13 years ago
Andrew Dolgov d51124689d add tiny-OOP style backend RPC 13 years ago
Andrew Dolgov f30ef1fa1b subop -> method 13 years ago
Andrew Dolgov 107d0cf39e overall directory tree cleanup 13 years ago
Andrew Dolgov 31303c6bbd reduce the number of always included libraries 13 years ago