From ccfa90803bd094a4eaa8959a9bd9c2d775b7788c Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 11 Apr 2013 21:39:54 +0400 Subject: backend: add session validation check --- backend.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'backend.php') diff --git a/backend.php b/backend.php index 9eb3989e4..6ee0e081f 100644 --- a/backend.php +++ b/backend.php @@ -62,6 +62,11 @@ } if ($_SESSION["uid"]) { + if (!validate_session($link)) { + header("Content-Type: text/json"); + print json_encode(array("error" => array("code" => 6))); + return; + } load_user_plugins($link, $_SESSION["uid"]); } -- cgit v1.2.3 From ba68b6815ab31d17cda113e7990eeb07558b02a9 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Apr 2013 14:23:35 +0400 Subject: db updates, remove init_connection() --- backend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index 6ee0e081f..40e40aeb3 100644 --- a/backend.php +++ b/backend.php @@ -49,7 +49,7 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - if (!init_connection($link)) return; + if (!init_plugins($link)) return; header("Content-Type: text/json; charset=utf-8"); -- cgit v1.2.3 From 404e2e3603c852a3f82a21c14b8888005e2b3f99 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Apr 2013 15:36:34 +0400 Subject: more work on singleton-based DB --- backend.php | 1 + 1 file changed, 1 insertion(+) (limited to 'backend.php') diff --git a/backend.php b/backend.php index 40e40aeb3..b583d379e 100644 --- a/backend.php +++ b/backend.php @@ -37,6 +37,7 @@ @$csrf_token = $_REQUEST['csrf_token']; + require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "config.php"; -- cgit v1.2.3 From 6322ac79a020ab584d412d782d62b2ee77d7c6cf Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Apr 2013 16:23:15 +0400 Subject: remove $link --- backend.php | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index b583d379e..b06cca2d2 100644 --- a/backend.php +++ b/backend.php @@ -50,7 +50,7 @@ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - if (!init_plugins($link)) return; + if (!init_plugins()) return; header("Content-Type: text/json; charset=utf-8"); @@ -59,16 +59,16 @@ } if (SINGLE_USER_MODE) { - authenticate_user($link, "admin", null); + authenticate_user( "admin", null); } if ($_SESSION["uid"]) { - if (!validate_session($link)) { + if (!validate_session()) { header("Content-Type: text/json"); print json_encode(array("error" => array("code" => 6))); return; } - load_user_plugins($link, $_SESSION["uid"]); + load_user_plugins( $_SESSION["uid"]); } $purge_intervals = array( @@ -106,7 +106,7 @@ 5 => __("Power User"), 10 => __("Administrator")); - #$error = sanity_check($link); + #$error = sanity_check(); #if ($error['code'] != 0 && $op != "logout") { # print json_encode(array("error" => $error)); @@ -123,7 +123,7 @@ if ($override) { $handler = $override; } else { - $handler = new $op($link, $_REQUEST); + $handler = new $op(Db::get(), $_REQUEST); } if ($handler && implements_interface($handler, 'IHandler')) { @@ -155,5 +155,5 @@ print json_encode(array("error" => array("code" => 7))); // We close the connection to database. - db_close($link); + db_close(); ?> -- cgit v1.2.3 From eefaa2df381686f771396baae2d0ae71b345c2e7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Apr 2013 17:00:24 +0400 Subject: remove db_connect, db_close; CLI fixes --- backend.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index b06cca2d2..d3d8622d9 100644 --- a/backend.php +++ b/backend.php @@ -48,8 +48,6 @@ $script_started = microtime(true); - $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); - if (!init_plugins()) return; header("Content-Type: text/json; charset=utf-8"); @@ -154,6 +152,4 @@ header("Content-Type: text/json"); print json_encode(array("error" => array("code" => 7))); - // We close the connection to database. - db_close(); ?> -- cgit v1.2.3 From 1ffe3391f902c4baa984982f19e61a0e45de21ff Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 18 Apr 2013 12:27:34 +0400 Subject: make pluginhost a singleton --- backend.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index d3d8622d9..c69d6d98b 100644 --- a/backend.php +++ b/backend.php @@ -113,8 +113,7 @@ $op = str_replace("-", "_", $op); - global $pluginhost; - $override = $pluginhost->lookup_handler($op, $method); + $override = PluginHost::getInstance()->lookup_handler($op, $method); if (class_exists($op) || $override) { -- cgit v1.2.3 From 1f294435307ef6cbbf3f35a22af9bf92131338ed Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 18 Apr 2013 23:19:14 +0400 Subject: fix missing DB object when instantiated to import opml --- backend.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'backend.php') diff --git a/backend.php b/backend.php index c69d6d98b..84abc9730 100644 --- a/backend.php +++ b/backend.php @@ -120,7 +120,7 @@ if ($override) { $handler = $override; } else { - $handler = new $op(Db::get(), $_REQUEST); + $handler = new $op($_REQUEST); } if ($handler && implements_interface($handler, 'IHandler')) { -- cgit v1.2.3