miniflux-legacy

History

Mathias Kresin df4f3b2a52 Fever API: Allow to select the database Utilize apaches mod_rewrite to append a database parameter to the fever api script based on the requested URL. Basically everything after /fever/ is treated as the desired database. E.g. using https://www.miniflux.net/fever/custom.sqlite/ as server url selects this database as sync source/target. The user supplied database parameter is compared with the output of Model\Database\get_all(), which ensures that only files within the DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory Traversal vulnerabilities). I've tested it against Reeder on iOS. Note that Reeder does not allow the same user name to be used multiple times within the same domain name, even if the used URLs are different.	2014-12-26 23:01:05 +01:00
..
.htaccess	Fever API: Allow to select the database	2014-12-26 23:01:05 +01:00
index.php	Fever API: Allow to select the database	2014-12-26 23:01:05 +01:00

Mathias Kresin df4f3b2a52 Fever API: Allow to select the database

Utilize apaches mod_rewrite to append a database parameter to the fever
api script based on the requested URL. Basically everything after
/fever/ is treated as the desired database. E.g. using
https://www.miniflux.net/fever/custom.sqlite/ as server url selects this
database as sync source/target.

The user supplied database parameter is compared with the output of
Model\Database\get_all(), which ensures that only files within the
DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory
Traversal vulnerabilities).

I've tested it against Reeder on iOS. Note that Reeder does not allow
the same user name to be used multiple times within the same domain
name, even if the used URLs are different.

2014-12-26 23:01:05 +01:00

.htaccess

Fever API: Allow to select the database

2014-12-26 23:01:05 +01:00

index.php

Fever API: Allow to select the database

2014-12-26 23:01:05 +01:00