Commit Graph

234 Commits

Author SHA1 Message Date
Andrew Dolgov 33fdde249e pass CSRF token to opml import and feed icon replace dialogs 2020-09-16 06:43:55 +03:00
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov d01ad09800 eslint-related fixes; move a few things from global context to App 2020-06-05 07:44:57 +03:00
Andrew Dolgov c8cc845d5b when removing favicon, reset its auto-refresh timer 2020-05-22 15:06:52 +03:00
Andrew Dolgov bcbc5ccc78 batchSubscribe: use validationtextarea 2020-02-28 14:03:29 +03:00
Andrew Dolgov 60288f02e8 1. feedtree: show counters for marked articles if view-mode == marked
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
2020-02-20 14:14:45 +03:00
Andrew Dolgov 6080cca9ca scrap counter cache system; rework counters to sum() booleans instead 2020-01-24 14:25:31 +03:00
Andrew Dolgov 12a542977e makefeedtree: properly calculate feed total amount in no-categories mode 2019-08-21 19:32:27 +03:00
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 2019-06-20 08:14:06 +03:00
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov 4b74491b8b feed tree: set placeholder feed unread value to -1 2019-05-06 09:32:08 +03:00
Michael Kuhn e38fcd6dea Fix button focus issues
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Michael Kuhn 4a2a90c980 Fix focus issues with hotkeys
Since making use of keypress in addition to keydown, hotkeys did not
work in certain scenarios, including clicking on the feed tree expanders
or empty spaces of the toolbar.

This issue is caused by dijit.Tree and dijit.Toolbar implementing the
_KeyNavMixin, which explicitly stops propagation of keypress events.

This change contains two main fixes plus a smaller hotfix:
1. It overrides _onContainerKeydown and _onContainerKeypress for
   fox.FeedTree (which inherits from dijit.Tree).
2. It adds fox.Toolbar, which overrides _onContainerKeydown,
   _onContainerKeypress and focus. This fixes hotkeys being swallowed
   and the first focusable child receiving focus when clicking on an
   empty space of the toolbar.
3. It adds the same handling of keydown and keypress to the prefs hotkey
   handler as is done in the main hotkey handler.
2019-04-13 22:34:57 +02:00
Andrew Dolgov ed22473272 feed editor: use DEFAULT_SEARCH_LANGUAGE as a default per-feed dropdown value 2019-04-10 13:08:32 +03:00
Andrew Dolgov 019f4578bc fix feed icon upload not working, rework form to use FormData/ajax 2019-03-14 09:08:44 +03:00
Andrew Dolgov 241d646fba batch subscribe: stop dialog from being submitted twice 2019-03-10 09:20:46 +03:00
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
Andrew Dolgov 371325a899 remove feed editor private checkbox 2019-03-06 20:07:23 +03:00
Andrew Dolgov 38e01270d8 archived feeds: expire old entries (schema bump) 2019-03-06 19:06:05 +03:00
Andrew Dolgov 1f2c769c5a editfeed: mark save button 2019-03-05 19:41:44 +03:00
fox e72243edfd Merge branch 'master' of DLange/tt-rss into master 2019-02-23 04:54:57 +00:00
Andrew Dolgov dab81ff7d0 feed editor: fix missing <section> breaking checkbox fieldsets 2019-02-22 12:19:37 +03:00
DLange a539baece2 Fix warning after icon has successfully been moved. 2019-02-22 08:53:18 +01:00
Andrew Dolgov a0636ccc90 Revert "Fix warning after icon has successfully been moved."
This reverts commit 8b73b9812d.
2019-02-22 10:50:28 +03:00
Andrew Dolgov e535a063ca Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2019-02-22 10:49:06 +03:00
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
DLange 8b73b9812d Fix warning after icon has successfully been moved. 2019-02-22 07:25:09 +01:00
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 2019-02-21 16:21:16 +03:00
Andrew Dolgov c78425b386 feed edit dialog: add interval label 2019-02-21 14:05:40 +03:00
Andrew Dolgov 1dbfbcfae1 batchSubscribe: use common markup 2019-02-21 13:57:18 +03:00
Andrew Dolgov 580f8c0883 enlarge feed title 2019-02-20 15:13:47 +03:00
Andrew Dolgov f8836ec080 search dialog fixes
pgsql: get FTS languages list from the database
2019-02-20 15:12:37 +03:00
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 2019-02-20 14:37:59 +03:00
Andrew Dolgov a68b150601 remove separate classes for various panels, unify under .panel
remove a few other unnecessary css classes/ids
2018-12-07 14:03:33 +03:00
Andrew Dolgov 0b8cbc9156 remove some bitmaps and rework stuff using it to use iconfont instead 2018-12-06 15:22:52 +03:00
Andrew Dolgov 814e49f8f7 add icons to accordion panels in preferences
fix typo in pref-prefs closing panel tag
2018-12-06 08:56:28 +03:00
Andrew Dolgov 6befff30d7 updates for flat theme (mostly disable old dijit overrides) 2018-12-04 19:03:42 +03:00
Andrew Dolgov 31e79317b3 normalize various font sizes and families between prefs & main UI
change some dialogs layout a bit to maybe become more readable
2018-12-04 15:22:22 +03:00
Andrew Dolgov 4d4034091a prefs: Prefs global -> Helpers 2018-12-03 12:46:00 +03:00
Andrew Dolgov b3bc638a9f refactor OPML export/import code to be less horrible 2018-12-03 12:26:49 +03:00
Andrew Dolgov 5ead558e43 move Utils to AppBase where it belongs 2018-12-02 22:08:18 +03:00
Andrew Dolgov eeb49d375c uploadIconHandler -> CommonDialogs 2018-12-02 20:57:51 +03:00
Andrew Dolgov d9c5c93cef move some more stuff out of common.js
rework client-side cookie functions a bit
limit dojo cachebust based on server scripts modification time
remove param_escape()
2018-12-02 20:07:57 +03:00
Andrew Dolgov b9869dbc01 prefs: remove some more stuff from global context (user management, etc) 2018-12-02 16:17:36 +03:00
Andrew Dolgov 58e54282d3 prefs: move more global functions into matching classes 2018-12-02 15:30:07 +03:00
Andrew Dolgov f26d404890 prefs: move other tree-related functions to respective trees 2018-12-02 12:03:28 +03:00
Andrew Dolgov 60cd467694 embed some pref-feed helper functions into the tree 2018-12-02 11:50:53 +03:00
Andrew Dolgov e23b6e397d prefs: store active tab for reload, remove most old table row functions 2018-12-02 11:25:32 +03:00
Andrew Dolgov 874560db54 remove obsolete row selection functions
move getUrlParam() to Utils
2018-12-02 10:33:58 +03:00
Andrew Dolgov 0a18d0b1ed Feeds: shorten some method names
finally rename "view as rss"
2018-12-02 08:57:22 +03:00
Andrew Dolgov 1e2d4410d3 move some more shared stuff to CommonDialogs, Filters, and Utils 2018-12-01 22:39:29 +03:00
Andrew Dolgov 4bed9be57d js-ification: start on some common dialogs 2018-12-01 18:25:32 +03:00
Andrew Dolgov 049a37aa0e WIP reshuffling of JS global context into separate logical objects 2018-12-01 17:05:35 +03:00
Andrew Dolgov 195180b64d minor refactoring: normalize some function names; cleanup; etc 2018-12-01 11:18:35 +03:00
Andrew Dolgov fc0a3050eb use xhrPost is even more places! 2018-11-30 09:23:51 +03:00
Andrew Dolgov c10a43069e debug logging system rework:
* support various logging levels per-message
 * remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
 * _debug() is kept as a compatibility shim for plugins
2018-11-30 08:34:29 +03:00
Andrew Dolgov 3a0292303e php: remove trailing whitespaces 2018-11-03 15:08:43 +03:00
Andrew Dolgov d4fef36237 rewrite per-feed/global strip images to strip media 2018-09-07 10:24:46 +03:00
Andrew Dolgov 069aea5989 remove FEED_CRYPT_KEY and everything related to it
always assume auth_pass_encrypted is false
2018-08-13 15:59:24 +03:00
Andrew Dolgov 0a8cdd4b9c remove firefox feed subscribe integration code (obsolete) 2018-03-14 18:15:21 +03:00
Andrew Dolgov c9a5e5aa28 feed editor: expose site_url for editing 2018-03-01 15:43:40 +03:00
Andrew Dolgov f1415df47c prefs: expand feed tree if displaying search results 2018-02-26 11:58:53 +03:00
Andrew Dolgov f6269d1bc4 add special class for feeds with disabled updates 2018-02-08 13:54:06 +03:00
Andrew Dolgov a340b29ba9 pref-feeds: disable tree autoexpand 2018-02-04 09:36:56 +03:00
Andrew Dolgov 67bf38afda savefeedorder, savefilterorder: do not use clean() on json payload 2018-02-04 09:33:28 +03:00
Andrew Dolgov 6fb5ce5e35 add some primary dialog actions; update css 2017-12-11 18:36:36 +03:00
Andrew Dolgov f70d456a5b Merge branch 'master' of git.tt-rss.org:git/tt-rss into pdo-experimental 2017-12-11 12:54:30 +03:00
dim0x69 e58a14de72 Check return value from Plugins 2017-12-11 09:41:45 +00:00
Andrew Dolgov e6532439d6 force strip_tags() on all user input unless explicitly allowed 2017-12-03 23:35:38 +03:00
Andrew Dolgov 7c6f7bb0aa fix some minor issues found by code analyzer 2017-12-03 23:08:04 +03:00
Andrew Dolgov 5f5b0de423 style feed icon and opml file upload controls 2017-12-03 22:35:12 +03:00
Andrew Dolgov 187abfe732 main classes: remove sql_bool_to_bool() kludge 2017-12-03 09:35:59 +03:00
Andrew Dolgov bf6db17b8f feeds: use PDO 2017-12-02 16:07:03 +03:00
Andrew Dolgov 2e52e4fd7a feeds: more PDo stuff 2017-12-02 15:53:32 +03:00
Andrew Dolgov 7a1872c1e0 feeds: more PDO stuff 2017-12-02 15:36:32 +03:00
Andrew Dolgov b5bf9a0ff3 remove long forgotten stuff related to feed debugging actionbar 2017-12-02 15:12:39 +03:00
Andrew Dolgov 91d679667e feeds: PDO progress 2017-12-02 15:04:11 +03:00
Andrew Dolgov bf4a79eaa9 prefs: start PDO switchover 2017-12-02 13:49:35 +03:00
dim0x69 5395526444 add HOOK_UNSUBSCRIBE_FEED 2017-11-27 11:46:46 +01:00
fox b1d1bc901f Merge branch 'checkbox-feed' of dxbi/tt-rss into master 2017-10-06 06:47:54 +00:00
Felix Eckhofer cc50affb62
Add checkbox for authentication in edit feed dialog
This makes the UI more consistent with the "add feed" dialog and
prevents overzealous password-managers from leaking the login password.
2017-10-06 08:37:37 +02:00
Andrew Dolgov 51b521c326 fix batch feed editor using wrong SQL syntax when saving feed password
remove uses of auth_pass_encrypted in several other places
2017-10-06 09:22:04 +03:00
Andrew Dolgov c053b97697 pref/feeds: start user category ordering from 1
api, getFeeds: send subcategory order_id
2017-06-26 16:29:57 +03:00
Andrew Dolgov 5b6ea1ef91 remove pubsubhubbub: dead 2017-05-16 10:41:20 +03:00
Andrew Dolgov c114a2596f move add_feed_url() to pref_feeds 2017-05-11 09:07:49 +03:00
Andrew Dolgov e6c886bf66 wrap rssfuncs into rssutils class 2017-05-05 18:10:07 +03:00
Andrew Dolgov 7c9b5a3fe4 move label stuff to Labels class
fix some unresolved functions
2017-05-04 15:57:40 +03:00
Andrew Dolgov 2ed0d6c433 move counter cache to a separate class
fix references to get_article_tags
2017-05-04 15:22:57 +03:00
Andrew Dolgov a230bf88a9 move to Article:
+       static function purge_orphans($do_output = false) {

move to Feeds

+       static function getGlobalUnread($user_id = false) {
+       static function getCategoryTitle($cat_id) {
+       static function getLabelUnread($label_id, $owner_uid = false) {
2017-05-04 15:00:21 +03:00
Andrew Dolgov 86a8351ca2 move the following to Feeds:
+       static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+       static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+       static function subscribe_to_feed($url, $cat_id = 0,
+       static function getFeedIcon($id) {
+       static function getFeedTitle($id, $cat = false) {
+       static function getCategoryUnread($cat, $owner_uid = false) {
+       static function getCategoryChildrenUnread($cat, $owner_uid = false) {
2017-05-04 14:50:56 +03:00
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
Andrew Dolgov 9c3c0ace6b rename cache images option label (rip translations) 2017-03-23 15:16:31 +03:00
Andrew Dolgov 328118d12e use print_hidden() for hidden dojo form fields 2017-02-10 14:36:21 +03:00
Andrew Dolgov 967f0619c7 force ngettext() count argument type to string 2017-01-22 10:18:43 +03:00
Andrew Dolgov 84012df5cd prefs: auto expand feed tree 2017-01-21 22:33:23 +03:00
Andrew Dolgov 17a8e61d2a deprecate encrypted feed passwords because mcrypt is getting removed from php 7.1
1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
2017-01-07 14:25:46 +03:00
Andrew Dolgov ec21abb85d update autocomplete to "new-password" 2016-05-18 12:43:56 +03:00
Andrew Dolgov fa0e0ef315 set feed editor password fields to autocomplete=off 2016-05-18 12:31:25 +03:00
Andrew Dolgov 9def554082 pref-feeds: allow searching by feed_url 2016-01-30 13:02:15 +03:00
Andrew Dolgov a5556c2471 fix item_id not being properly escaped in pref_feeds::process_category_order() (possible sql injection) 2016-01-29 17:24:59 +03:00