16b89cc293
Move 'include/functions.php' require into Composer autoloader.
...
Autoloader regenerated with 'composer dump-autoload --optimize'.
2024-04-20 16:25:33 +00:00
8727fb3ba8
Clean up some unused variables.
...
This is essentially 1ccc0c8c1a
2024-01-08 22:46:13 +00:00
865ecc8796
move to psr-4 autoloader
2023-10-25 12:55:09 +03:00
350177df39
add placeholder instrumentation for public
2023-10-20 23:39:30 +03:00
d3fadc0bd0
stop calling spans scopes
2023-10-20 22:39:41 +03:00
cdd7ad020e
jaeger-client -> opentelemetry
2023-10-20 21:13:39 +03:00
f3f2e7d043
don't try to pass array to span tags
2023-04-10 18:06:14 +03:00
d7c070b22b
make phpstan happy
2023-04-09 21:29:16 +03:00
c1b3c99667
some tracer class fixes / unhardcode jaeger IP
2023-04-09 21:20:35 +03:00
8f3646a9c9
exp: jaeger tracing
2023-04-09 20:50:33 +03:00
96595ca4c5
Set user related sessions for single user mode
2022-08-31 14:52:42 -07:00
f0ad5881c0
PHPStan warning fix in 'backend.php'.
2021-11-12 04:53:53 +00:00
9e8d69739f
add two helper account access levels:
...
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
2021-11-10 20:44:51 +03:00
e44f0cb937
Fix undefined index error
...
Getting $op is handled at the top of the file, use the same variable
at the end of the file to avoid errors about an undefined index.
2021-09-07 06:38:17 -05:00
c15c1dfb0b
if backend request 'op' is empty fixed
2021-04-09 21:55:08 +02:00
5eb0f3d640
bring back web dbupdate using new migrations system
2021-03-04 09:22:24 +03:00
d6629ed188
move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class
2021-03-02 15:03:01 +03:00
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
2021-03-01 10:20:21 +03:00
bf02afed45
check schema version on backend calls because session stuff does it anyway and it's already cached
2021-02-28 17:46:36 +03:00
afc7142250
move all $fetch globals to UrlHelper
2021-02-28 10:12:57 +03:00
dfff2cef7b
add basic updater for stuff in plugins.local
2021-02-27 13:05:02 +03:00
8d2e3c2528
drop errors.php and simplify error handling
2021-02-23 22:26:07 +03:00
29ada58b4a
move db-prefs shortcut functions to functions.php
2021-02-22 23:25:14 +03:00
12bcf826e4
don't include config.php everywhere
2021-02-22 22:39:20 +03:00
e4107ac952
wip: initial for config object
2021-02-22 21:47:48 +03:00
42173386b3
dirname(__FILE__) -> __DIR__
2021-02-22 17:38:46 +03:00
e4609c18ef
* add (disabled) shortcut syntax for plugin methods
...
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
2021-02-17 21:44:21 +03:00
9d7ba773ec
move session-related functions to their own namespace
2021-02-16 17:13:16 +03:00
9f55454f63
remove the rest of db.php; rename some leftover methods in feeds
2021-02-15 16:51:35 +03:00
91285e3868
router: add additional logging for refused requests; reject requests for methods starting with _
2021-02-15 16:34:44 +03:00
6af83e3881
drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed
2021-02-12 21:43:38 +03:00
e6624cf631
fix a few more session-related warnings
2021-02-12 21:24:49 +03:00
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
8aa1b0fed6
purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)
2020-12-15 08:49:02 +03:00
490df818aa
router: only allow functions without required parameters as handler methods
2020-09-22 09:34:39 +03:00
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
154417d80b
public/logout: require valid CSRF token
2020-09-15 16:59:11 +03:00
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
63ee91c82e
backend: load invoked classes via reflection so object constructor is called after it has been verified as an IHandler implementation.
...
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
2019-12-20 14:39:38 +03:00
0697eca0e1
remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently not working since php 5.4
2019-12-06 07:34:50 +03:00
c43f3e469e
update intervals: use less broken english for a change
2015-07-15 16:39:16 +03:00
27f7b59353
add a wrapper for standard error codes returned by backend, also add explanation to the error object if possible
2015-03-30 13:02:24 +03:00
1f29443530
fix missing DB object when instantiated to import opml
2013-04-18 23:19:14 +04:00
1ffe3391f9
make pluginhost a singleton
2013-04-18 12:27:34 +04:00
eefaa2df38
remove db_connect, db_close; CLI fixes
2013-04-17 17:00:35 +04:00
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
404e2e3603
more work on singleton-based DB
2013-04-17 15:36:48 +04:00
ba68b6815a
db updates, remove init_connection()
2013-04-17 14:23:35 +04:00
ccfa90803b
backend: add session validation check
2013-04-11 21:39:54 +04:00
2e35a7070b
generated feeds: support if-modified-since
2013-04-01 21:08:32 +04:00
wn_