Commit Graph

862 Commits

Author SHA1 Message Date
Andrew Dolgov d7c070b22b
make phpstan happy 2023-04-09 21:29:16 +03:00
Andrew Dolgov c1b3c99667
some tracer class fixes / unhardcode jaeger IP 2023-04-09 21:20:35 +03:00
Andrew Dolgov 8f3646a9c9
exp: jaeger tracing 2023-04-09 20:50:33 +03:00
powerivq 96595ca4c5 Set user related sessions for single user mode 2022-08-31 14:52:42 -07:00
wn_ f0ad5881c0 PHPStan warning fix in 'backend.php'. 2021-11-12 04:53:53 +00:00
Andrew Dolgov 9e8d69739f add two helper account access levels:
- read only - can't subscribe to more feeds, feed updates are skipped
 - disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
2021-11-10 20:44:51 +03:00
Jon Schewe e44f0cb937 Fix undefined index error
Getting $op is handled at the top of the file, use the same variable
at the end of the file to avoid errors about an undefined index.
2021-09-07 06:38:17 -05:00
Cyb10101 c15c1dfb0b if backend request 'op' is empty fixed 2021-04-09 21:55:08 +02:00
Andrew Dolgov 5eb0f3d640 bring back web dbupdate using new migrations system 2021-03-04 09:22:24 +03:00
Andrew Dolgov d6629ed188 move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class 2021-03-02 15:03:01 +03:00
Andrew Dolgov 7ef72fe0dc move startup checks to Config, set a bunch of @deprecated annotations 2021-03-01 10:20:21 +03:00
Andrew Dolgov bf02afed45 check schema version on backend calls because session stuff does it anyway and it's already cached 2021-02-28 17:46:36 +03:00
Andrew Dolgov afc7142250 move all $fetch globals to UrlHelper 2021-02-28 10:12:57 +03:00
Andrew Dolgov dfff2cef7b add basic updater for stuff in plugins.local 2021-02-27 13:05:02 +03:00
Andrew Dolgov 8d2e3c2528 drop errors.php and simplify error handling 2021-02-23 22:26:07 +03:00
Andrew Dolgov 29ada58b4a move db-prefs shortcut functions to functions.php 2021-02-22 23:25:14 +03:00
Andrew Dolgov 12bcf826e4 don't include config.php everywhere 2021-02-22 22:39:20 +03:00
Andrew Dolgov e4107ac952 wip: initial for config object 2021-02-22 21:47:48 +03:00
Andrew Dolgov 42173386b3 dirname(__FILE__) -> __DIR__ 2021-02-22 17:38:46 +03:00
Andrew Dolgov e4609c18ef * add (disabled) shortcut syntax for plugin methods
* add controls shortcut for pluginhandler tags
 * add similar shortcut for frontend
 * allow plugins to selectively exclude their methods from CSRF checking
2021-02-17 21:44:21 +03:00
Andrew Dolgov 9d7ba773ec move session-related functions to their own namespace 2021-02-16 17:13:16 +03:00
Andrew Dolgov 9f55454f63 remove the rest of db.php; rename some leftover methods in feeds 2021-02-15 16:51:35 +03:00
Andrew Dolgov 91285e3868 router: add additional logging for refused requests; reject requests for methods starting with _ 2021-02-15 16:34:44 +03:00
Andrew Dolgov 6af83e3881 drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed 2021-02-12 21:43:38 +03:00
Andrew Dolgov e6624cf631 fix a few more session-related warnings 2021-02-12 21:24:49 +03:00
Andrew Dolgov 403dca154c initial WIP for php8; bump php version requirement to 7.0 2021-02-05 23:41:32 +03:00
Andrew Dolgov 8aa1b0fed6 purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???) 2020-12-15 08:49:02 +03:00
Andrew Dolgov 490df818aa router: only allow functions without required parameters as handler methods 2020-09-22 09:34:39 +03:00
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 2020-09-22 09:04:33 +03:00
Andrew Dolgov 154417d80b public/logout: require valid CSRF token 2020-09-15 16:59:11 +03:00
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
Andrew Dolgov 63ee91c82e backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
2019-12-20 14:39:38 +03:00
Andrew Dolgov 0697eca0e1 remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4 2019-12-06 07:34:50 +03:00
Andrew Dolgov c43f3e469e update intervals: use less broken english for a change 2015-07-15 16:39:16 +03:00
Andrew Dolgov 27f7b59353 add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible 2015-03-30 13:02:24 +03:00
Andrew Dolgov 1f29443530 fix missing DB object when instantiated to import opml 2013-04-18 23:19:14 +04:00
Andrew Dolgov 1ffe3391f9 make pluginhost a singleton 2013-04-18 12:27:34 +04:00
Andrew Dolgov eefaa2df38 remove db_connect, db_close; CLI fixes 2013-04-17 17:00:35 +04:00
Andrew Dolgov 6322ac79a0 remove $link 2013-04-17 16:48:41 +04:00
Andrew Dolgov 404e2e3603 more work on singleton-based DB 2013-04-17 15:36:48 +04:00
Andrew Dolgov ba68b6815a db updates, remove init_connection() 2013-04-17 14:23:35 +04:00
Andrew Dolgov ccfa90803b backend: add session validation check 2013-04-11 21:39:54 +04:00
Andrew Dolgov 2e35a7070b generated feeds: support if-modified-since 2013-04-01 21:08:32 +04:00
Andrew Dolgov 1ebf3b979e replace getmicrotime() wrapper with microtime(true) (2) 2013-02-27 22:20:14 +04:00
Andrew Dolgov 7d1a91d56c use text/json content-type in a few more places 2013-01-12 16:02:37 +04:00
Andrew Dolgov 23419d117b modify includes to init session before translations are applied 2013-01-05 01:28:07 +04:00
Andrew Dolgov de612e7a38 experimental support for per-user plugins (bump schema) 2012-12-25 00:45:10 +04:00
Andrew Dolgov 19b3992b78 remove magpie, fix article filter plugins 2012-12-24 13:45:34 +04:00
Andrew Dolgov 8dcb2b4762 implement plugin routing masks, add example plugin 2012-12-23 23:05:51 +04:00
Andrew Dolgov 19c7350770 experimental new plugin system 2012-12-23 14:52:18 +04:00