Andrew Dolgov
154417d80b
public/logout: require valid CSRF token
4 years ago
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
5 years ago
Andrew Dolgov
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
5 years ago
Andrew Dolgov
c43f3e469e
update intervals: use less broken english for a change
10 years ago
Andrew Dolgov
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
10 years ago
Andrew Dolgov
1f29443530
fix missing DB object when instantiated to import opml
12 years ago
Andrew Dolgov
1ffe3391f9
make pluginhost a singleton
12 years ago
Andrew Dolgov
eefaa2df38
remove db_connect, db_close; CLI fixes
12 years ago
Andrew Dolgov
6322ac79a0
remove $link
12 years ago
Andrew Dolgov
404e2e3603
more work on singleton-based DB
12 years ago
Andrew Dolgov
ba68b6815a
db updates, remove init_connection()
12 years ago
Andrew Dolgov
ccfa90803b
backend: add session validation check
12 years ago
Andrew Dolgov
2e35a7070b
generated feeds: support if-modified-since
12 years ago
Andrew Dolgov
1ebf3b979e
replace getmicrotime() wrapper with microtime(true) (2)
12 years ago
Andrew Dolgov
7d1a91d56c
use text/json content-type in a few more places
12 years ago
Andrew Dolgov
23419d117b
modify includes to init session before translations are applied
12 years ago
Andrew Dolgov
de612e7a38
experimental support for per-user plugins (bump schema)
12 years ago
Andrew Dolgov
19b3992b78
remove magpie, fix article filter plugins
12 years ago
Andrew Dolgov
8dcb2b4762
implement plugin routing masks, add example plugin
12 years ago
Andrew Dolgov
19c7350770
experimental new plugin system
12 years ago
Andrew Dolgov
88e8fb3a71
modify include path order ( closes #514 )
12 years ago
Andrew Dolgov
675f198a7c
rework login form
12 years ago
Andrew Dolgov
97acbaf190
login system fixes
...
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
12 years ago
Andrew Dolgov
304aadb907
remove twitter-specific code
12 years ago
Andrew Dolgov
9aceda3afc
remove hook-based plugins
12 years ago
Andrew Dolgov
369dbc19d6
rework class system to use subdirectories
...
add placeholder plugin/hook system
12 years ago
Andrew Dolgov
143d1b31a8
routing: check if created handler is a subclass of Handler
12 years ago
Andrew Dolgov
0d421af86f
split authentication to separate modules
12 years ago
Andrew Dolgov
545ca06789
do not perform sanity checks on each backend request
13 years ago
Andrew Dolgov
6a79e8afeb
only enable ob_gzhandler if it exists
13 years ago
Andrew Dolgov
66b042fcfe
do not generate warning on csrf_token being unassigned
13 years ago
Andrew Dolgov
7a5d9b95c4
disable csrf logging
13 years ago
Andrew Dolgov
8484ce2258
experimental CSRF protection
13 years ago
Andrew Dolgov
f03a795de7
include path fix for lighttpd
13 years ago
Andrew Dolgov
de8260cb10
move API to classes/
13 years ago
Andrew Dolgov
5f0a3741d0
add Public_Handler
...
misc code cleanup
13 years ago
Andrew Dolgov
8e17d6636e
add Pref_Filters
13 years ago
Andrew Dolgov
66665fba79
add Pref_Users class
13 years ago
Andrew Dolgov
cbe50c800d
add pref_labels class
13 years ago
Andrew Dolgov
678dda79e3
compat fix for old-style backend methods
13 years ago
Andrew Dolgov
4f09f594c2
move help to backend class
13 years ago
Andrew Dolgov
611efae712
add catchall backend class
13 years ago
Andrew Dolgov
1395083e94
add pref_prefs class
13 years ago
Andrew Dolgov
afcfe6cad5
add pref_feeds class
13 years ago
Andrew Dolgov
3f3630529e
implement tiny-OOP routing
13 years ago
Andrew Dolgov
d51124689d
add tiny-OOP style backend RPC
13 years ago
Andrew Dolgov
f30ef1fa1b
subop -> method
13 years ago
Andrew Dolgov
107d0cf39e
overall directory tree cleanup
13 years ago
Andrew Dolgov
31303c6bbd
reduce the number of always included libraries
13 years ago