summaryrefslogtreecommitdiff
path: root/backend.php
AgeCommit message (Collapse)Author
2023-04-10don't try to pass array to span tagsAndrew Dolgov
2023-04-09make phpstan happyAndrew Dolgov
2023-04-09some tracer class fixes / unhardcode jaeger IPAndrew Dolgov
2023-04-09exp: jaeger tracingAndrew Dolgov
2022-08-31Set user related sessions for single user modepowerivq
2021-11-12PHPStan warning fix in 'backend.php'.wn_
2021-11-10add two helper account access levels:Andrew Dolgov
- read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers
2021-09-07Fix undefined index errorJon Schewe
Getting $op is handled at the top of the file, use the same variable at the end of the file to avoid errors about an undefined index.
2021-04-09if backend request 'op' is empty fixedCyb10101
2021-03-04bring back web dbupdate using new migrations systemAndrew Dolgov
2021-03-02move dbupdater to db/updater; move base SCHEMA_VERSION constant inside ↵Andrew Dolgov
db/updater class
2021-03-01move startup checks to Config, set a bunch of @deprecated annotationsAndrew Dolgov
2021-02-28check schema version on backend calls because session stuff does it anyway ↵Andrew Dolgov
and it's already cached
2021-02-28move all $fetch globals to UrlHelperAndrew Dolgov
2021-02-27add basic updater for stuff in plugins.localAndrew Dolgov
2021-02-23drop errors.php and simplify error handlingAndrew Dolgov
2021-02-22move db-prefs shortcut functions to functions.phpAndrew Dolgov
2021-02-22don't include config.php everywhereAndrew Dolgov
2021-02-22wip: initial for config objectAndrew Dolgov
2021-02-22dirname(__FILE__) -> __DIR__Andrew Dolgov
2021-02-17 * add (disabled) shortcut syntax for plugin methodsAndrew Dolgov
* add controls shortcut for pluginhandler tags * add similar shortcut for frontend * allow plugins to selectively exclude their methods from CSRF checking
2021-02-16move session-related functions to their own namespaceAndrew Dolgov
2021-02-15remove the rest of db.php; rename some leftover methods in feedsAndrew Dolgov
2021-02-15router: add additional logging for refused requests; reject requests for ↵Andrew Dolgov
methods starting with _
2021-02-12drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if neededAndrew Dolgov
2021-02-12fix a few more session-related warningsAndrew Dolgov
2021-02-05initial WIP for php8; bump php version requirement to 7.0Andrew Dolgov
2020-12-15purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???)Andrew Dolgov
2020-09-22router: only allow functions without required parameters as handler methodsAndrew Dolgov
2020-09-22remove a lot of stuff from global context (functions.php), add a few helper ↵Andrew Dolgov
classes instead
2020-09-15public/logout: require valid CSRF tokenAndrew Dolgov
2020-09-15- backend: require CSRF token to be passed via POSTAndrew Dolgov
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST
2019-12-20backend: load invoked classes via reflection so object constructor is called ↵Andrew Dolgov
after it has been verified as an IHandler implementation. this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor.
2019-12-06remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently ↵Andrew Dolgov
not working since php 5.4
2015-07-15update intervals: use less broken english for a changeAndrew Dolgov
2015-03-30add a wrapper for standard error codes returned by backend, also add ↵Andrew Dolgov
explanation to the error object if possible
2013-04-18fix missing DB object when instantiated to import opmlAndrew Dolgov
2013-04-18make pluginhost a singletonAndrew Dolgov
2013-04-17remove db_connect, db_close; CLI fixesAndrew Dolgov
2013-04-17remove $linkAndrew Dolgov
2013-04-17more work on singleton-based DBAndrew Dolgov
2013-04-17db updates, remove init_connection()Andrew Dolgov
2013-04-11backend: add session validation checkAndrew Dolgov
2013-04-01generated feeds: support if-modified-sinceAndrew Dolgov
2013-02-27replace getmicrotime() wrapper with microtime(true) (2)Andrew Dolgov
2013-01-12use text/json content-type in a few more placesAndrew Dolgov
2013-01-05modify includes to init session before translations are appliedAndrew Dolgov
2012-12-25experimental support for per-user plugins (bump schema)Andrew Dolgov
2012-12-24remove magpie, fix article filter pluginsAndrew Dolgov
2012-12-23implement plugin routing masks, add example pluginAndrew Dolgov
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-20 18:21:26 +0000