Age | Commit message (Collapse) | Author |
|
|
|
db/updater class
|
|
|
|
and it's already cached
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
|
|
|
|
|
|
methods starting with _
|
|
|
|
|
|
|
|
|
|
|
|
classes instead
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
after it has been verified as an IHandler implementation.
this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
|
|
not working since php 5.4
|
|
|
|
explanation to the error object if possible
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
remove old-style session checking from backend.php
move outside subscription endpoint to public.php, change subscription
bookmarklet
|
|
|
|
|
|
add placeholder plugin/hook system
|
|
|
|
|