96595ca4c5
Set user related sessions for single user mode
2022-08-31 14:52:42 -07:00
f0ad5881c0
PHPStan warning fix in 'backend.php'.
2021-11-12 04:53:53 +00:00
9e8d69739f
add two helper account access levels:
...
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
2021-11-10 20:44:51 +03:00
e44f0cb937
Fix undefined index error
...
Getting $op is handled at the top of the file, use the same variable
at the end of the file to avoid errors about an undefined index.
2021-09-07 06:38:17 -05:00
c15c1dfb0b
if backend request 'op' is empty fixed
2021-04-09 21:55:08 +02:00
5eb0f3d640
bring back web dbupdate using new migrations system
2021-03-04 09:22:24 +03:00
d6629ed188
move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class
2021-03-02 15:03:01 +03:00
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
2021-03-01 10:20:21 +03:00
bf02afed45
check schema version on backend calls because session stuff does it anyway and it's already cached
2021-02-28 17:46:36 +03:00
afc7142250
move all $fetch globals to UrlHelper
2021-02-28 10:12:57 +03:00
dfff2cef7b
add basic updater for stuff in plugins.local
2021-02-27 13:05:02 +03:00
8d2e3c2528
drop errors.php and simplify error handling
2021-02-23 22:26:07 +03:00
29ada58b4a
move db-prefs shortcut functions to functions.php
2021-02-22 23:25:14 +03:00
12bcf826e4
don't include config.php everywhere
2021-02-22 22:39:20 +03:00
e4107ac952
wip: initial for config object
2021-02-22 21:47:48 +03:00
42173386b3
dirname(__FILE__) -> __DIR__
2021-02-22 17:38:46 +03:00
e4609c18ef
* add (disabled) shortcut syntax for plugin methods
...
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
2021-02-17 21:44:21 +03:00
9d7ba773ec
move session-related functions to their own namespace
2021-02-16 17:13:16 +03:00
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
2021-02-15 16:51:35 +03:00
91285e3868
router: add additional logging for refused requests; reject requests for methods starting with _
2021-02-15 16:34:44 +03:00
6af83e3881
drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed
2021-02-12 21:43:38 +03:00
e6624cf631
fix a few more session-related warnings
2021-02-12 21:24:49 +03:00
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
8aa1b0fed6
purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)
2020-12-15 08:49:02 +03:00
490df818aa
router: only allow functions without required parameters as handler methods
2020-09-22 09:34:39 +03:00
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
154417d80b
public/logout: require valid CSRF token
2020-09-15 16:59:11 +03:00
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
2019-12-20 14:39:38 +03:00
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
2019-12-06 07:34:50 +03:00
c43f3e469e
update intervals: use less broken english for a change
2015-07-15 16:39:16 +03:00
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
2015-03-30 13:02:24 +03:00
1f29443530
fix missing DB object when instantiated to import opml
2013-04-18 23:19:14 +04:00
1ffe3391f9
make pluginhost a singleton
2013-04-18 12:27:34 +04:00
eefaa2df38
remove db_connect, db_close; CLI fixes
2013-04-17 17:00:35 +04:00
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
404e2e3603
more work on singleton-based DB
2013-04-17 15:36:48 +04:00
ba68b6815a
db updates, remove init_connection()
2013-04-17 14:23:35 +04:00
ccfa90803b
backend: add session validation check
2013-04-11 21:39:54 +04:00
2e35a7070b
generated feeds: support if-modified-since
2013-04-01 21:08:32 +04:00
1ebf3b979e
replace getmicrotime() wrapper with microtime(true) (2)
2013-02-27 22:20:14 +04:00
7d1a91d56c
use text/json content-type in a few more places
2013-01-12 16:02:37 +04:00
23419d117b
modify includes to init session before translations are applied
2013-01-05 01:28:07 +04:00
de612e7a38
experimental support for per-user plugins (bump schema)
2012-12-25 00:45:10 +04:00
19b3992b78
remove magpie, fix article filter plugins
2012-12-24 13:45:34 +04:00
8dcb2b4762
implement plugin routing masks, add example plugin
2012-12-23 23:05:51 +04:00
19c7350770
experimental new plugin system
2012-12-23 14:52:18 +04:00
88e8fb3a71
modify include path order ( closes #514 )
2012-12-09 13:41:22 +04:00
675f198a7c
rework login form
2012-09-10 20:15:45 +04:00
97acbaf190
login system fixes
...
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
2012-09-10 19:01:06 +04:00
powerivq
wn_
Andrew Dolgov
Jon Schewe
Cyb10101
Andrew Dolgov
Andrew Dolgov