Commit Graph

165 Commits

Author SHA1 Message Date
Andrew Dolgov 0881d0a00d some dbupdater improvements; fix schema 136 syntax for mysql 2019-03-06 19:42:27 +03:00
Andrew Dolgov 38e01270d8 archived feeds: expire old entries (schema bump) 2019-03-06 19:06:05 +03:00
Andrew Dolgov ef6d2b8a4e update notifications to make them more visible
cleanup some minor stuff in pref-users
2019-03-05 20:09:06 +03:00
Andrew Dolgov 5b3a73e574 login: switch to absolute redirect urls 2019-03-04 20:38:39 +03:00
Andrew Dolgov 925065b1fe Revert "login: only allow relative URLs in return="
This reverts commit c68ac04020.
2019-03-04 07:02:58 +03:00
Andrew Dolgov c68ac04020 login: only allow relative URLs in return= 2019-03-03 07:53:42 +03:00
Andrew Dolgov cc57ed3775 public/subscribe: add basic dialog to enter feed urls 2019-03-03 06:18:19 +03:00
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov d60038d48b simplify some public.php prompts; prevent from submitting forgotpass form repeatedly if check succeeds 2019-02-21 12:50:15 +03:00
Andrew Dolgov 6701497879 public.php: markup cleanup 2019-02-20 13:12:55 +03:00
Andrew Dolgov be322d6fc8 cleanup sharepopup dialog 2019-02-20 13:05:12 +03:00
Andrew Dolgov d9e20f8b16 update external subscribe dialog 2019-02-20 12:32:52 +03:00
Andrew Dolgov 5ce55faa3b installer: reduce margins; misc fixes 2019-02-19 21:23:03 +03:00
Andrew Dolgov 420e71280a dbupdater: dojoify, add some missing translations 2019-02-19 20:55:02 +03:00
Andrew Dolgov f7a4a45bde pwd reset: use dijit controls 2019-02-19 20:43:45 +03:00
Andrew Dolgov 59df261fb8 forgotpass: slightly better anti-bot protection 2019-02-19 20:25:48 +03:00
Andrew Dolgov 8cd7f31bde utility css updates 2019-02-19 19:46:09 +03:00
Andrew Dolgov c11f32ac38 center and rework some utility screens 2019-02-19 14:59:29 +03:00
Andrew Dolgov b1f9ebe46e get_article_image: ignore data: schema images, other minor fixes 2019-01-10 08:42:31 +03:00
Andrew Dolgov e70d42237a edit options after subscribe: use correct method name 2018-12-25 16:22:12 +03:00
Andrew Dolgov d0d05e4079 zoom mode: hide .attachments 2018-12-10 07:20:13 +03:00
Andrew Dolgov 6a6af964df feed template, ARTICLE_OG_IMAGE: set as optional 2018-12-09 17:18:29 +03:00
Andrew Dolgov 851f62dc4a syndicated feeds:
1. properly reset enclosure template variables if there's no enclosures
2. add ARTICLE_OG_IMAGE which sets flavor image for article using common code with article render etc
2018-12-09 17:07:17 +03:00
Andrew Dolgov b2c079893b move Article::format_article() to Handler_Public 2018-12-09 11:13:02 +03:00
Andrew Dolgov 966fe6d612 #sharepopup: update css 2018-12-09 10:56:39 +03:00
Andrew Dolgov 19e24b4fe2 force cast profile id to integer when assigning to session variable 2018-12-06 07:08:54 +03:00
Andrew Dolgov 29c890b495 login form: use dojo, remove profile hacks 2018-12-04 23:17:35 +03:00
Andrew Dolgov 79c5035920 reset password: use updated mailer parameters properly 2018-11-26 12:44:36 +03:00
Andrew Dolgov 57932e1837 remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class 2018-11-22 14:45:14 +03:00
Andrew Dolgov 253dbd4856 generate_syndicated_feed: add support for virtual feeds provided by plugins 2018-11-07 14:21:39 +03:00
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 2018-10-16 14:07:42 +03:00
Andrew Dolgov f8fc1ac543 login: check for stale session in login handler, instead of authenticate_user() 2018-10-16 11:39:12 +03:00
Andrew Dolgov f730d7bb0a another attempt to enforce session ID regeneration on login 2018-10-16 09:11:32 +03:00
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 2018-10-15 15:47:50 +03:00
Andrew Dolgov 88adf3da1b send_local_file: add application/octet-stream hack
cached_url: return original requested filename to save as
2018-08-16 12:16:51 +03:00
Andrew Dolgov e6532439d6 force strip_tags() on all user input unless explicitly allowed 2017-12-03 23:35:38 +03:00
Andrew Dolgov df5d2a0665 pluginhost: do not connect via legacy DB api until requested
log all initiated legacy database connections
2017-12-03 14:49:18 +03:00
Andrew Dolgov b51d44a5e6 further stylesheet simplification related fixes (2) 2017-12-03 13:26:26 +03:00
Andrew Dolgov 09bc54c690 further stylesheet simplification related fixes 2017-12-03 13:25:34 +03:00
Andrew Dolgov 5e68e24679 css/less updates 2017-12-03 12:50:07 +03:00
Andrew Dolgov 187abfe732 main classes: remove sql_bool_to_bool() kludge 2017-12-03 09:35:59 +03:00
Andrew Dolgov 1d92297a96 dbupdater: use PDO 2017-12-02 01:28:30 +03:00
Andrew Dolgov cb13089af1 public: use PDO headlines result (2) 2017-12-01 20:57:55 +03:00
Andrew Dolgov dc393a580b public: use PDO headlines result 2017-12-01 20:57:05 +03:00
Andrew Dolgov 1271407eea public: partial conversion to PDO, misc fixes 2017-12-01 18:57:34 +03:00
Andrew Dolgov 9dd336a2c3 generate base css files using lessc 2017-11-29 18:55:12 +03:00
Andrew Dolgov 2352c320c2 fix possible sql injection in public/forgotpass 2017-11-20 08:48:18 +03:00
Gilles Grandou 81d96c0dee makes 'order by title' to sort by title and by ascending date
* this allows to chronologically browse all articles with the
  same title.
2017-10-09 22:50:03 +02:00
Andrew Dolgov 8b73bd28d8 remove apache-specific x-sendfile stuff
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
2017-10-08 17:14:56 +03:00
Andrew Dolgov b2d42e960b replace some usages of SELF_URL_PATH with get_self_url_prefix() 2017-07-06 23:01:44 +03:00