Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
filtering to fetch_file_contents()
|
|
|
|
|
|
|
|
|
|
|
|
updated before or are marked for a manual update
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
|
|
|
|
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
loopback address
|
|
rewrite_relative_url: simplify handling of relative URLs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
|
|
|
|
- remove rpc/sanityCheck from CSRF-excluded calls
|
|
|
|
|
|
|
|
|
|
|
|
cache/getUrl: basename() passed filename just in case
|
|
hooks
|
|
|
|
silently stripped on save because of clean())
|
|
|
|
|