Andrew Dolgov
91285e3868
router: add additional logging for refused requests; reject requests for methods starting with _
2021-02-15 16:34:44 +03:00
Andrew Dolgov
6af83e3881
drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed
2021-02-12 21:43:38 +03:00
Andrew Dolgov
e6624cf631
fix a few more session-related warnings
2021-02-12 21:24:49 +03:00
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
Andrew Dolgov
8aa1b0fed6
purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)
2020-12-15 08:49:02 +03:00
Andrew Dolgov
490df818aa
router: only allow functions without required parameters as handler methods
2020-09-22 09:34:39 +03:00
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
Andrew Dolgov
154417d80b
public/logout: require valid CSRF token
2020-09-15 16:59:11 +03:00
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
Andrew Dolgov
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
2019-12-20 14:39:38 +03:00
Andrew Dolgov
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
2019-12-06 07:34:50 +03:00
Andrew Dolgov
c43f3e469e
update intervals: use less broken english for a change
2015-07-15 16:39:16 +03:00
Andrew Dolgov
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
2015-03-30 13:02:24 +03:00
Andrew Dolgov
1f29443530
fix missing DB object when instantiated to import opml
2013-04-18 23:19:14 +04:00
Andrew Dolgov
1ffe3391f9
make pluginhost a singleton
2013-04-18 12:27:34 +04:00
Andrew Dolgov
eefaa2df38
remove db_connect, db_close; CLI fixes
2013-04-17 17:00:35 +04:00
Andrew Dolgov
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
Andrew Dolgov
404e2e3603
more work on singleton-based DB
2013-04-17 15:36:48 +04:00
Andrew Dolgov
ba68b6815a
db updates, remove init_connection()
2013-04-17 14:23:35 +04:00
Andrew Dolgov
ccfa90803b
backend: add session validation check
2013-04-11 21:39:54 +04:00
Andrew Dolgov
2e35a7070b
generated feeds: support if-modified-since
2013-04-01 21:08:32 +04:00
Andrew Dolgov
1ebf3b979e
replace getmicrotime() wrapper with microtime(true) (2)
2013-02-27 22:20:14 +04:00
Andrew Dolgov
7d1a91d56c
use text/json content-type in a few more places
2013-01-12 16:02:37 +04:00
Andrew Dolgov
23419d117b
modify includes to init session before translations are applied
2013-01-05 01:28:07 +04:00
Andrew Dolgov
de612e7a38
experimental support for per-user plugins (bump schema)
2012-12-25 00:45:10 +04:00
Andrew Dolgov
19b3992b78
remove magpie, fix article filter plugins
2012-12-24 13:45:34 +04:00
Andrew Dolgov
8dcb2b4762
implement plugin routing masks, add example plugin
2012-12-23 23:05:51 +04:00
Andrew Dolgov
19c7350770
experimental new plugin system
2012-12-23 14:52:18 +04:00
Andrew Dolgov
88e8fb3a71
modify include path order ( closes #514 )
2012-12-09 13:41:22 +04:00
Andrew Dolgov
675f198a7c
rework login form
2012-09-10 20:15:45 +04:00
Andrew Dolgov
97acbaf190
login system fixes
...
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
2012-09-10 19:01:06 +04:00
Andrew Dolgov
304aadb907
remove twitter-specific code
2012-09-07 10:23:46 +04:00
Andrew Dolgov
9aceda3afc
remove hook-based plugins
2012-08-21 14:37:43 +04:00
Andrew Dolgov
369dbc19d6
rework class system to use subdirectories
...
add placeholder plugin/hook system
2012-08-17 14:22:33 +04:00
Andrew Dolgov
143d1b31a8
routing: check if created handler is a subclass of Handler
2012-08-16 15:43:52 +04:00
Andrew Dolgov
0d421af86f
split authentication to separate modules
2012-08-16 15:30:49 +04:00
Andrew Dolgov
545ca06789
do not perform sanity checks on each backend request
2012-07-10 15:24:04 +04:00
Andrew Dolgov
6a79e8afeb
only enable ob_gzhandler if it exists
2012-03-20 14:45:43 +04:00
Andrew Dolgov
66b042fcfe
do not generate warning on csrf_token being unassigned
2012-01-08 23:51:47 +04:00
Andrew Dolgov
7a5d9b95c4
disable csrf logging
2011-12-26 12:04:17 +04:00
Andrew Dolgov
8484ce2258
experimental CSRF protection
2011-12-26 12:02:52 +04:00
Andrew Dolgov
f03a795de7
include path fix for lighttpd
2011-12-15 18:19:38 +04:00
Andrew Dolgov
de8260cb10
move API to classes/
2011-12-13 15:40:42 +04:00
Andrew Dolgov
5f0a3741d0
add Public_Handler
...
misc code cleanup
2011-12-13 14:49:11 +04:00
Andrew Dolgov
8e17d6636e
add Pref_Filters
2011-12-13 14:09:34 +04:00
Andrew Dolgov
66665fba79
add Pref_Users class
2011-12-13 14:02:37 +04:00
Andrew Dolgov
cbe50c800d
add pref_labels class
2011-12-13 13:34:43 +04:00
Andrew Dolgov
678dda79e3
compat fix for old-style backend methods
2011-12-13 12:48:10 +04:00
Andrew Dolgov
4f09f594c2
move help to backend class
2011-12-13 11:02:43 +04:00
Andrew Dolgov
611efae712
add catchall backend class
2011-12-13 10:58:30 +04:00