Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
- read only - can't subscribe to more feeds, feed updates are skipped
- disabled - can't login
define used access levels as UserHelper constants and refactor code to
use them instead of hardcoded numbers
|
|
Getting $op is handled at the top of the file, use the same variable
at the end of the file to avoid errors about an undefined index.
|
|
|
|
|
|
db/updater class
|
|
|
|
and it's already cached
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
|
|
|
|
|
|
methods starting with _
|
|
|
|
|
|
|
|
|
|
|
|
classes instead
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
|
|
not working since php 5.4
|
|
|
|
explanation to the error object if possible
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|