Age | Commit message (Collapse) | Author |
|
classes instead
|
|
|
|
|
|
validate_url: treat scheme as case-insensitive
|
|
|
|
|
|
|
|
|
|
This change branches from the merged patch by Sunil Mohan Adapa's for
Debian's package.
|
|
|
|
to not use eval()
- fix typo in aforementioned patch which caused plurals to never load
- update code again to newer PHP constructor syntax
|
|
|
|
|
|
|
|
filtering to fetch_file_contents()
|
|
|
|
|
|
|
|
|
|
|
|
updated before or are marked for a manual update
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
|
|
|
|
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
loopback address
|
|
rewrite_relative_url: simplify handling of relative URLs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
|
|
|
|
- remove rpc/sanityCheck from CSRF-excluded calls
|