Age | Commit message (Collapse) | Author | |
---|---|---|---|
2024-04-20 | Move 'include/functions.php' require into Composer autoloader. | wn_ | |
Autoloader regenerated with 'composer dump-autoload --optimize'. | |||
2024-01-08 | Clean up some unused variables. | wn_ | |
This is essentially https://gitlab.tt-rss.org/wn/tt-rss/-/commit/1ccc0c8c1af04dd9654b585c6d07e3a75d944a0c without the renames and some other things related to Psalm. | |||
2023-10-25 | move to psr-4 autoloader | Andrew Dolgov | |
2023-10-20 | add placeholder instrumentation for public | Andrew Dolgov | |
2023-10-20 | stop calling spans scopes | Andrew Dolgov | |
2023-10-20 | jaeger-client -> opentelemetry | Andrew Dolgov | |
2023-04-10 | don't try to pass array to span tags | Andrew Dolgov | |
2023-04-09 | make phpstan happy | Andrew Dolgov | |
2023-04-09 | some tracer class fixes / unhardcode jaeger IP | Andrew Dolgov | |
2023-04-09 | exp: jaeger tracing | Andrew Dolgov | |
2022-08-31 | Set user related sessions for single user mode | powerivq | |
2021-11-12 | PHPStan warning fix in 'backend.php'. | wn_ | |
2021-11-10 | add two helper account access levels: | Andrew Dolgov | |
- read only - can't subscribe to more feeds, feed updates are skipped - disabled - can't login define used access levels as UserHelper constants and refactor code to use them instead of hardcoded numbers | |||
2021-09-07 | Fix undefined index error | Jon Schewe | |
Getting $op is handled at the top of the file, use the same variable at the end of the file to avoid errors about an undefined index. | |||
2021-04-09 | if backend request 'op' is empty fixed | Cyb10101 | |
2021-03-04 | bring back web dbupdate using new migrations system | Andrew Dolgov | |
2021-03-02 | move dbupdater to db/updater; move base SCHEMA_VERSION constant inside ↵ | Andrew Dolgov | |
db/updater class | |||
2021-03-01 | move startup checks to Config, set a bunch of @deprecated annotations | Andrew Dolgov | |
2021-02-28 | check schema version on backend calls because session stuff does it anyway ↵ | Andrew Dolgov | |
and it's already cached | |||
2021-02-28 | move all $fetch globals to UrlHelper | Andrew Dolgov | |
2021-02-27 | add basic updater for stuff in plugins.local | Andrew Dolgov | |
2021-02-23 | drop errors.php and simplify error handling | Andrew Dolgov | |
2021-02-22 | move db-prefs shortcut functions to functions.php | Andrew Dolgov | |
2021-02-22 | don't include config.php everywhere | Andrew Dolgov | |
2021-02-22 | wip: initial for config object | Andrew Dolgov | |
2021-02-22 | dirname(__FILE__) -> __DIR__ | Andrew Dolgov | |
2021-02-17 | * add (disabled) shortcut syntax for plugin methods | Andrew Dolgov | |
* add controls shortcut for pluginhandler tags * add similar shortcut for frontend * allow plugins to selectively exclude their methods from CSRF checking | |||
2021-02-16 | move session-related functions to their own namespace | Andrew Dolgov | |
2021-02-15 | remove the rest of db.php; rename some leftover methods in feeds | Andrew Dolgov | |
2021-02-15 | router: add additional logging for refused requests; reject requests for ↵ | Andrew Dolgov | |
methods starting with _ | |||
2021-02-12 | drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed | Andrew Dolgov | |
2021-02-12 | fix a few more session-related warnings | Andrew Dolgov | |
2021-02-05 | initial WIP for php8; bump php version requirement to 7.0 | Andrew Dolgov | |
2020-12-15 | purge_intervals global: set '1 week old' to mean 7 days instead of 5 (???) | Andrew Dolgov | |
2020-09-22 | router: only allow functions without required parameters as handler methods | Andrew Dolgov | |
2020-09-22 | remove a lot of stuff from global context (functions.php), add a few helper ↵ | Andrew Dolgov | |
classes instead | |||
2020-09-15 | public/logout: require valid CSRF token | Andrew Dolgov | |
2020-09-15 | - backend: require CSRF token to be passed via POST | Andrew Dolgov | |
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST | |||
2019-12-20 | backend: load invoked classes via reflection so object constructor is called ↵ | Andrew Dolgov | |
after it has been verified as an IHandler implementation. this should prevent a potential router vulnerability if non-IHandler autoloader-enabled class is requested by malicious authorized user *and* invoked class object does something insecurely in its constructor. | |||
2019-12-06 | remove testing for get_magic_quotes_gpc: deprecated in php7.4, apparently ↵ | Andrew Dolgov | |
not working since php 5.4 | |||
2015-07-15 | update intervals: use less broken english for a change | Andrew Dolgov | |
2015-03-30 | add a wrapper for standard error codes returned by backend, also add ↵ | Andrew Dolgov | |
explanation to the error object if possible | |||
2013-04-18 | fix missing DB object when instantiated to import opml | Andrew Dolgov | |
2013-04-18 | make pluginhost a singleton | Andrew Dolgov | |
2013-04-17 | remove db_connect, db_close; CLI fixes | Andrew Dolgov | |
2013-04-17 | remove $link | Andrew Dolgov | |
2013-04-17 | more work on singleton-based DB | Andrew Dolgov | |
2013-04-17 | db updates, remove init_connection() | Andrew Dolgov | |
2013-04-11 | backend: add session validation check | Andrew Dolgov | |
2013-04-01 | generated feeds: support if-modified-since | Andrew Dolgov | |