Commit Graph

26 Commits

Author SHA1 Message Date
Frederic Guillot
1c0d14bc94 Include PicoFarad into Miniflux 2015-08-28 21:34:34 -04:00
Frederic Guillot
9320a32780 Change CSP directives to allow data url 2015-08-21 18:18:08 -04:00
Mathias Kresin
94cf154691 remove referrer by default
The referrer CSP is supported by chrome and firefox 38+.

Suppressing the referrer increases the users privacy and the image proxy isn't
any longer required to cloak the referrer on websites which are using hotlinking
protection based on referrers.
2015-05-19 15:33:17 +02:00
Frederic Guillot
d189bda524 Enable Strict-Transport-Security header for HTTPS 2015-05-17 13:40:56 -04:00
Frederic Guillot
3a80fccbab Merge pull-request #330 2015-02-07 10:28:38 -05:00
Mathias Kresin
f3e9b4d9b5 improve image-proxy
- use passthrough mode for image proxy (fixes #295)
- add image proxy when rendering an article (fixes #314)
- add referrer cloaking option to feed options (fixes #319)
2015-02-06 07:11:21 +01:00
Mathias Kresin
ddcae31d48 add multiple plural support for translations
fixes #242
2015-01-30 19:45:23 +01:00
Mathias Kresin
525048bbb2 code cleanup
Add feeds only once to the feed_ids array (feed model), drop now unused select-db action.

Use $_SESSION['loggedin'] in favour of $_SESSION['user'] to reflect which information we do
expect from this session variable. Add nothing else than a flag, which indicates a logged in
user, to $_SESSION['loggedin'].

It's not necessary to know the current user name, since we do only have one user
per database. Same for the language setting. The database defines the front-end language.

Resolves bug where the password gets stored in the $_SESSION['user'] after a remember_me
login.
2015-01-28 05:24:17 +01:00
Mathias Kresin
21ac0a5fd9 fix compatibility for php < 5.5 2015-01-18 18:40:00 +01:00
Mathias Kresin
76825cb673 use radio buttons to select the login database
allows one click logins to not default databases using passwordmanagers
like keefox.
2015-01-18 13:25:38 +01:00
Frederic Guillot
e08ba7771d Change session lifetime and do not use the image proxy for https urls 2015-01-17 19:17:44 -05:00
Frederic Guillot
cd1a0115c2 Minor cleanups 2015-01-17 18:53:40 -05:00
Mathias Kresin
cfd03efc01 Fix database hijacking
Check if a requested database can be selected. Error out if not.
This prevents automatic fallbacks to the default database.

Remove the authorized information from the session if a new database
gets selected.

Factor out logout function to reuse existing code.
2015-01-17 21:14:44 +01:00
Frederic Guillot
0da3a8dfa3 Fix bug proxy (bad url encoding) + update depencies 2015-01-06 19:08:10 -05:00
Frédéric Guillot
c43d9dd773 Fix a bug for image proxy and update dependencies 2014-12-29 16:52:36 -05:00
Frédéric Guillot
7d4d4e0193 Add image proxy to avoid https mixed content warnings 2014-12-24 15:58:24 -05:00
Frédéric Guillot
e9685cf6d5 Check if the session username and database username are the same 2014-11-18 19:00:53 -05:00
Frédéric Guillot
f4efaadad1 Remove Google auth (openid is deprecated) and Persona auth (useless) 2014-11-07 20:53:50 -05:00
Frédéric Guillot
7e553f72fd Add RememberMe authentication 2014-05-26 20:47:40 -04:00
Frédéric Guillot
3840a87128 Update to the last version of PicoFeed 2014-05-20 14:20:27 -04:00
Frédéric Guillot
eab942537f Add support for multiple users/databases 2014-04-05 20:24:13 -04:00
Frédéric Guillot
b74b8dd784 Remove PicoTools 2014-03-16 21:56:43 -04:00
Frédéric Guillot
3bc7f019c5 Add timezone configuration option 2014-02-25 19:03:46 -05:00
Frédéric Guillot
49583f381f Improve files organization 2014-02-08 14:13:14 -05:00
Frédéric Guillot
4a17f614fe Improve mobile layout 2014-02-04 21:47:59 -05:00
Frédéric Guillot
4fb68b9b80 Split models and controllers in different files 2013-12-22 20:55:53 -05:00