Commit Graph

495 Commits

Author SHA1 Message Date
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov a922b3cc6d order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting 2020-09-11 07:48:22 +03:00
Andrew Dolgov ddf9227dc4 pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc 2020-08-13 12:23:27 +03:00
Andrew Dolgov dfa65e9374 move order_by to SQL override logic into a separate function 2020-08-13 11:52:32 +03:00
Andrew Dolgov 48be005774 instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp 2020-08-11 13:29:09 +03:00
Andrew Dolgov d01ad09800 eslint-related fixes; move a few things from global context to App 2020-06-05 07:44:57 +03:00
Andrew Dolgov 44b1f0fcc0 search: add support for label:XXX search keyword
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-04-04 14:34:08 +03:00
Andrew Dolgov 5f30061c92 properly calculate marked counters for feeds in nested categories 2020-02-20 15:54:40 +03:00
Andrew Dolgov 0e9e1ad112 getCategoryUnread: return correct unread count for labels category 2020-01-25 12:53:10 +03:00
Andrew Dolgov cdd2b6fd22 getCategoryChildrenUnread: fix typo 2020-01-25 10:00:22 +03:00
Andrew Dolgov a6ced36189 getCategoryCounters: properly calculate counters for child subcategory entries
getCategoryUnread: cleanup
2020-01-25 09:57:28 +03:00
Andrew Dolgov a64b8a7fdb getCategoryUnread: don't return unread counters for Special category because it doesn't make a lot of sense to do so 2020-01-24 15:54:01 +03:00
Andrew Dolgov 6080cca9ca scrap counter cache system; rework counters to sum() booleans instead 2020-01-24 14:25:31 +03:00
Andrew Dolgov 3b29e865b0 support night mode in feed debugger 2020-01-19 10:56:49 +03:00
Andrew Dolgov 9c0235ab66 show current unread counter on headlines toolbar if sidebar is hidden 2019-12-12 07:37:28 +03:00
Andrew Dolgov 565547f5a1 php 7.4 deprecation-related fixes 2019-12-06 07:27:22 +03:00
Andrew Dolgov 06393750c7 headline grouping:
1. block grouping for specific feeds where it doesn't make a lot of sense to do so or flat list fits better (archived, recently read)
2. block per-week grouping for feeds where feed-first grouping makes more sense (fresh, starred, published)
2019-08-30 10:16:38 +03:00
Andrew Dolgov 133c2b482b move rewrite_cached_urls to DiskCache::rewriteUrls() 2019-08-13 12:46:57 +03:00
Andrew Dolgov 088fcf8131 move more globals to more appropriate places
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 2019-06-20 08:14:06 +03:00
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov 270b39a337 queryFeedHeadlines: support start_ts when browsing by tag 2019-06-18 13:10:32 +03:00
Andrew Dolgov 905f038610 search dialog: display active query if searching already 2019-05-20 07:59:53 +03:00
Andrew Dolgov 09f520eda2 fix search query test statement stopping valid modifiers like unread: from working 2019-05-20 07:12:43 +03:00
Andrew Dolgov de713035fd when subscribing, check for valid html content type before checking if requested document has HTML doctype/start element 2019-05-16 10:07:22 +03:00
Andrew Dolgov 84d43a1b44 catchup_feed: invoke HOOK_SEARCH if necessary 2019-05-07 06:57:28 +03:00
Andrew Dolgov ccc0315ef0 better tsquery support:
1. report query syntax errors properly
2. fall back to implicit &-joining only if no joiners are detected in user query, otherwise permit full tsquery syntax
2019-04-30 14:39:08 +03:00
Andrew Dolgov 1cd9b3c866 prevent a fatal error on an invalid tsquery syntax 2019-04-29 21:15:49 +03:00
Michael Kuhn e38fcd6dea Fix button focus issues
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Andrew Dolgov c936cc3a1f use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience 2019-04-10 13:03:26 +03:00
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
Andrew Dolgov 0b74db5ad7 remove feedbrowser (other feeds) 2019-03-06 20:02:06 +03:00
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov a366da90a6 add label.inline 2019-02-22 12:13:41 +03:00
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 2019-02-21 16:21:16 +03:00
Andrew Dolgov 26e57604c0 simplify layout of search and subscribe dialogs 2019-02-21 13:22:31 +03:00
Andrew Dolgov f8836ec080 search dialog fixes
pgsql: get FTS languages list from the database
2019-02-20 15:12:37 +03:00
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 2019-02-20 14:37:59 +03:00
Andrew Dolgov 9e7bbf6809 debugger: use narrow fieldsets for checkboxes 2019-02-19 21:24:00 +03:00
Andrew Dolgov 55d2e5871a feed debugger: dojoify controls 2019-02-19 21:00:15 +03:00
Andrew Dolgov 8cd7f31bde utility css updates 2019-02-19 19:46:09 +03:00
Andrew Dolgov 8b26b8629f headlines-frame: set is-vfeed attribute if result is virtual feed 2019-01-16 21:33:59 +03:00
Andrew Dolgov 4729bdb132 queryFeedHeadlines: fix published field not returned when browsing by tag 2018-12-25 16:19:42 +03:00
Andrew Dolgov 215c9f0f88 fail better if Feeds.view() data failed encoding to JSON 2018-12-24 12:28:11 +03:00
Andrew Dolgov eda4ac2a2b add fallback colors for headline feed titles based on feed name if favicon color is not available 2018-12-12 07:57:37 +03:00
Andrew Dolgov f3c04fc5d8 sync modified scores via mutation observer 2018-12-11 10:30:32 +03:00
Andrew Dolgov 25ca144bb7 score: get correct classes for rows/score icons on the client 2018-12-11 10:00:54 +03:00
Andrew Dolgov a5813bb766 mysql: use date_format() for yyiw part in queryFeedHeadlines() 2018-12-09 20:38:02 +03:00
Michael Kuhn 3484ad2aaf Use IYYY in combination with IW
Otherwise, we could end up with a wrong date, see:
https://community.oracle.com/thread/997899
2018-12-09 18:28:15 +01:00
Andrew Dolgov fa538a6c86 implement year-week sorting window if headlines buffer is grouped by feed titles 2018-12-09 13:35:37 +03:00
Andrew Dolgov 8f5b5ae09e if not enabled, set content_preview to "" instead of null 2018-12-09 04:24:48 +03:00
Andrew Dolgov bd66a9ef28 render article on the client using headlines data 2018-12-08 09:32:14 +03:00
Andrew Dolgov 41e967136f format headlines list: normalize booleans for pdo mysql 2018-12-08 08:23:18 +03:00
Andrew Dolgov 811e1514a3 remove uuid from headlines JSON output 2018-12-07 22:14:32 +03:00
Andrew Dolgov 3b7a9219f6 viewfeed: cleanup unneeded stuff from server JSON output 2018-12-07 21:52:41 +03:00
Andrew Dolgov 76885fc5ad viewfeed: general code cleanup 2018-12-07 21:22:51 +03:00
Andrew Dolgov 8f75b06835 implement feed grouping display, remove unneeded server vgrlf passing 2018-12-07 21:11:50 +03:00
Andrew Dolgov 0b84d1d0dc viewfeed: add orig_feed object 2018-12-07 18:38:27 +03:00
Andrew Dolgov e075e6141b json-viewfeed updates 2018-12-07 18:24:56 +03:00
Andrew Dolgov 249c93a228 initial for js templates 2018-12-07 16:00:11 +03:00
Andrew Dolgov e9cf8e8e35 normalize archived articles output in headlines 2018-12-06 19:00:11 +03:00
Andrew Dolgov 26c074ed7e rework article header to use flexbox 2018-12-06 16:35:57 +03:00
Andrew Dolgov b4c2b26822 remove collapse.png 2018-12-06 15:28:11 +03:00
Andrew Dolgov 0b8cbc9156 remove some bitmaps and rework stuff using it to use iconfont instead 2018-12-06 15:22:52 +03:00
Andrew Dolgov d2d2cb7e7d rework scoring display, JS processing and icons 2018-12-06 14:23:45 +03:00
Andrew Dolgov 8b2286305e and again 2018-12-06 13:18:14 +03:00
Andrew Dolgov 1de1426114 Revert "change fresh feed icon"
This reverts commit 69da55b945.
2018-12-06 13:16:53 +03:00
Andrew Dolgov 69da55b945 change fresh feed icon 2018-12-06 13:13:25 +03:00
Andrew Dolgov c700345c96 trgm: use vector icon, replace recently read icon 2018-12-05 22:48:14 +03:00
Andrew Dolgov cad6d1d7fd various icon updates; use new icons in feed tree 2018-12-05 20:26:27 +03:00
Andrew Dolgov a0778577ac remove pub_{set,unset}.png usage in main code 2018-12-05 14:18:03 +03:00
Andrew Dolgov cbd7328cb4 minor fixes to pub/mark icons etc 2018-12-05 14:11:40 +03:00
Andrew Dolgov b65d8384c2 update headlines to use vector icons 2018-12-05 13:58:18 +03:00
Andrew Dolgov 89b213b4bb initial for material-icons 2018-12-05 10:50:50 +03:00
Andrew Dolgov edd348b16c rework not-cdm headline rows to use flex-box 2018-12-05 09:08:02 +03:00
Andrew Dolgov 88c2da72d5 combined mode: use flex-box for header/footer layout 2018-12-05 08:31:13 +03:00
Andrew Dolgov 2621180b54 in three panel mode, attach context menu to the title, instead of entire headlines row 2018-12-05 07:34:16 +03:00
Andrew Dolgov 2ab097b2e5 initial work for flat modern theme 2018-12-04 22:24:31 +03:00
Andrew Dolgov 6befff30d7 updates for flat theme (mostly disable old dijit overrides) 2018-12-04 19:03:42 +03:00
Andrew Dolgov 0b8fef8262 combined unexpanded: respect 'SHOW_CONTENT_PREVIEW' preference 2018-12-04 10:47:50 +03:00
Andrew Dolgov 27b93988e7 add placeholder loading indicator to CDM entries
restore missing "originally from" for archived articles
2018-12-03 20:05:11 +03:00
Andrew Dolgov e76d1fb995 plugins: mail, mailto: remove code from global context 2018-12-03 14:21:50 +03:00
wn_ 6100392bd5 Fix an `onclick` (`Article.editArticleTags` --> `Article.editTags`) 2018-12-02 16:02:03 -06:00
Andrew Dolgov 5ead558e43 move Utils to AppBase where it belongs 2018-12-02 22:08:18 +03:00
Andrew Dolgov ad1b6f0a86 bring back excerpts in unexpanded mode 2018-12-02 19:04:53 +03:00
Andrew Dolgov 874560db54 remove obsolete row selection functions
move getUrlParam() to Utils
2018-12-02 10:33:58 +03:00
Andrew Dolgov 0a18d0b1ed Feeds: shorten some method names
finally rename "view as rss"
2018-12-02 08:57:22 +03:00
Andrew Dolgov 6e625555c9 Headlines: shorten selectArticles 2018-12-02 08:34:08 +03:00
Andrew Dolgov 3678315bea Article, Headlines: shorten several method names 2018-12-02 08:32:13 +03:00
Andrew Dolgov cc26be0793 migrate tt-rss.js contents to App 2018-12-01 21:51:00 +03:00
Andrew Dolgov ab0fadf60d fix vfeed group title CSS in not combined mode 2018-12-01 21:08:15 +03:00
Andrew Dolgov 642c37ea61 further effocts to wrap JS stuff into objects 2018-12-01 21:01:53 +03:00
Andrew Dolgov 4bed9be57d js-ification: start on some common dialogs 2018-12-01 18:25:32 +03:00
Andrew Dolgov 97df81d8d9 even more objectification of JS 2018-12-01 17:54:16 +03:00
Andrew Dolgov d86ddbc635 further objectification of JS code 2018-12-01 17:21:26 +03:00
Andrew Dolgov 049a37aa0e WIP reshuffling of JS global context into separate logical objects 2018-12-01 17:05:35 +03:00
Andrew Dolgov 195180b64d minor refactoring: normalize some function names; cleanup; etc 2018-12-01 11:18:35 +03:00
Andrew Dolgov a2ef54cd92 toggleMark, togglePub: refactor implementation
shorten marked/published img CSS classes
2018-12-01 08:20:09 +03:00
Andrew Dolgov 5aa9c60494 bring back (debloated) version of unexpanded combined mode 2018-12-01 01:03:01 +03:00
Andrew Dolgov 2e01a1d41d css updates; night theme fixes for changed CSS classes 2018-11-30 17:42:38 +03:00
Andrew Dolgov 07fd4f8d9d minor css fixes (mostly for zoom mode) 2018-11-30 17:22:30 +03:00
Andrew Dolgov 8359ca6dad combined mode (and more) css class name updates 2018-11-30 15:48:17 +03:00
Andrew Dolgov 5f211e37a4 remove FTITLE- id 2018-11-30 14:53:58 +03:00
Andrew Dolgov 67cdf4cf12 remove some unnecessary element IDs
rework plugins/note to use xhrJson()
2018-11-30 14:39:06 +03:00
Andrew Dolgov b9585004e6 packed headlines: no point in using JSON here 2018-11-30 13:56:33 +03:00
Andrew Dolgov 7673331850 headlines: remove collapseBtn 2018-11-30 13:53:58 +03:00
Andrew Dolgov 9563e3bcd6 remove expandable CDM headlines 2018-11-30 13:51:54 +03:00
Andrew Dolgov c8c9a26f30 move to simpler CDM handling of encoded content (instead of CENCW... etc) 2018-11-30 13:26:41 +03:00
Andrew Dolgov c10a43069e debug logging system rework:
* support various logging levels per-message
 * remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
 * _debug() is kept as a compatibility shim for plugins
2018-11-30 08:34:29 +03:00
Andrew Dolgov 4508e3103d some more eslint-related stuff 2018-11-29 21:03:55 +03:00
Andrew Dolgov 3a0292303e php: remove trailing whitespaces 2018-11-03 15:08:43 +03:00
Andrew Dolgov 2aef804f4b split transparent rewriting of locally cached media URLs to execute after both sanitize() and HOOK_RENDER_ARTICLE to allow plugins work on original source URLs consistently 2018-08-20 12:12:32 +03:00
MatthieuS 5d95676ecc Call the subscription hook from the plugins even if fetch_file_contents returned no data
This allows a plug-in to override the fetch when the core fetch method fails for some feeds (eg. Tumblr feeds when requested from an EU IP).
2018-05-23 09:00:04 +00:00
Andrew Dolgov c30f5e1811 subscribe_to_feed: force-cast login and password to string 2018-01-05 06:50:37 +03:00
Andrew Dolgov 8dedacf497 remove synchronous feed refreshing on ForceUpdate 2017-12-31 07:37:49 +03:00
Andrew Dolgov bed2d6e054 force-cast some variables used in queries to integer
do not display SQL query in headlines debug mode
2017-12-17 16:24:13 +03:00
Andrew Dolgov 0f05147531 properly highlight search keywords containing forward slash 2017-12-15 08:33:59 +03:00
Andrew Dolgov ef1feb3610 subscribe dialog: add primary action 2017-12-11 18:43:53 +03:00
Andrew Dolgov 6fb5ce5e35 add some primary dialog actions; update css 2017-12-11 18:36:36 +03:00
Andrew Dolgov 5f7be9957f filter,label dlg: use default action 2017-12-11 18:23:30 +03:00
Andrew Dolgov 320a3ba529 search form: set default action 2017-12-11 18:14:45 +03:00
Andrew Dolgov 1c1fc17120 synchronous feed update: catch PDO exceptions as to not break headlines output 2017-12-10 21:10:19 +03:00
Andrew Dolgov 8f92a67e6f some (very minor) code cleanup in feeds class 2017-12-04 10:39:50 +03:00
Andrew Dolgov 003a7447c3 format_headlines_list: prevent warning on first_id changed check 2017-12-04 10:26:22 +03:00
Andrew Dolgov 7c6f7bb0aa fix some minor issues found by code analyzer 2017-12-03 23:08:04 +03:00
Andrew Dolgov fa3bcfa379 queryfeedheadlines: there's no need to quote order_by/override_order
else: feedicon cache busting etc
2017-12-03 22:49:57 +03:00
Andrew Dolgov 5f5b0de423 style feed icon and opml file upload controls 2017-12-03 22:35:12 +03:00
Andrew Dolgov 1f16f9b8ae feed debugger: only allow debugging users own feeds 2017-12-03 13:35:18 +03:00
Andrew Dolgov 09bc54c690 further stylesheet simplification related fixes 2017-12-03 13:25:34 +03:00
Andrew Dolgov 64312bfd71 feeds: remove sql_bool_to_bool() 2017-12-03 09:44:08 +03:00
Andrew Dolgov 187abfe732 main classes: remove sql_bool_to_bool() kludge 2017-12-03 09:35:59 +03:00
Andrew Dolgov aee3f0e6d9 fix typo 2017-12-01 22:07:39 +03:00
Andrew Dolgov 7fc303e6ab query feed headlines: fix limit/offset 2017-12-01 21:07:55 +03:00
Andrew Dolgov 3623ebb1a1 feeds: handle escaping 2017-12-01 20:52:30 +03:00
Andrew Dolgov c9b6ca8b70 feeds: remove escaping 2017-12-01 20:26:51 +03:00
Andrew Dolgov b5791f11c5 queryfeedheadlines: PDOize (1) 2017-12-01 20:25:13 +03:00
Andrew Dolgov 29f1908e03 feeds: right before queryfeedheadlines() 2017-12-01 20:15:25 +03:00
Andrew Dolgov cc9450c309 ccache, misc: fixes
feeds: start PDO transition
2017-12-01 19:42:02 +03:00
Gilles Grandou 81d96c0dee makes 'order by title' to sort by title and by ascending date
* this allows to chronologically browse all articles with the
  same title.
2017-10-09 22:50:03 +02:00
Andrew Dolgov 51b521c326 fix batch feed editor using wrong SQL syntax when saving feed password
remove uses of auth_pass_encrypted in several other places
2017-10-06 09:22:04 +03:00
Andrew Dolgov e50a647916 add HOOK_FORMAT_ARTICLE & HOOK_FORMAT_ARTICLE_CDM
Feeds::format_headlines_list: add some comments for cdm article closing tags
2017-05-26 23:22:00 +03:00
Andrew Dolgov e6c886bf66 wrap rssfuncs into rssutils class 2017-05-05 18:10:07 +03:00
Andrew Dolgov 7c9b5a3fe4 move label stuff to Labels class
fix some unresolved functions
2017-05-04 15:57:40 +03:00
Andrew Dolgov 0086a89740 move some label stuff to labels.php
move getfeedcategory() to Feeds
2017-05-04 15:36:36 +03:00
Andrew Dolgov 4a0da0e5bf move get_article_labels to Article 2017-05-04 15:26:21 +03:00
Andrew Dolgov 2ed0d6c433 move counter cache to a separate class
fix references to get_article_tags
2017-05-04 15:22:57 +03:00
Andrew Dolgov aeb1abedb2 move a bunch of functions into Feeds/Article namespaces
+       static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+       static function getLastArticleId() {
+       static function queryFeedHeadlines($params) {
+       static function getParentCategories($cat, $owner_uid) {
+       static function getChildCategories($cat, $owner_uid) {

move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
2017-05-04 15:13:02 +03:00
Andrew Dolgov a230bf88a9 move to Article:
+       static function purge_orphans($do_output = false) {

move to Feeds

+       static function getGlobalUnread($user_id = false) {
+       static function getCategoryTitle($cat_id) {
+       static function getLabelUnread($label_id, $owner_uid = false) {
2017-05-04 15:00:21 +03:00