Commit Graph

130 Commits

Author SHA1 Message Date
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov 9594ea6875 add cosmetic suffixes back for cached url links 2017-03-23 18:26:43 +03:00
Andrew Dolgov dc2c4b13d4 when choosing enclosures to embed or rewrite (af_zz_imgproxy) only use content type instead of "filename"-based hacks 2017-03-23 15:22:00 +03:00
Andrew Dolgov 388d4dfa88 enable caching of media in article enclosures 2017-03-23 15:19:25 +03:00
Andrew Dolgov 48eefd8c5c allow caching of audio files 2017-03-23 15:03:22 +03:00
Andrew Dolgov 41bead9baa remove local file extensions and generalize some method names for cached media
file extensions may still be present in urls, but are ignored by the backend

MIGRATION (if you have any cached data worth keeping, not required):
in cache/images run "rename 's/\..*$//' *" i.e. strip file extensions
2017-03-23 14:55:40 +03:00
Andrew Dolgov 8519c68d93 rewrite relative urls for html5 audio source elements 2017-03-06 09:20:58 +03:00
Andrew Dolgov 1bfe1d7b31 simplify error handling
* less convoluted exception dialogs
* use window.onerror for the majority of exception catching/reporting
* remove most of now useless try/catch blocks
* report stacktrace instead of manually specified error locations
2017-03-04 14:34:44 +03:00
Andrew Dolgov 4a23031fcd rewrite_relative_url: cleanup resulting url path while rewriting 2017-02-13 15:25:21 +03:00
Andrew Dolgov 454292b295 format_article_enclosures: allow embedding .jpeg files 2017-02-12 20:24:29 +03:00
Andrew Dolgov 676c7303ca add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2) 2017-02-12 17:02:07 +03:00
Andrew Dolgov 58210301e0 add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy 2017-02-12 16:01:28 +03:00
Jérémy DECOOL ba2853caac Prevent target='_blank' vulnerability on dynamic link 2017-02-12 11:01:36 +01:00
Andrew Dolgov fafd32e2dc use get_self_url_prefix() when rewriting cached images 2017-02-10 15:14:47 +03:00
Andrew Dolgov 7818bfde0b sanitize: properly handle cached content in archived articles 2017-02-10 12:11:09 +03:00
Andrew Dolgov 70c0a8c2e0 pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor. 2017-02-09 23:19:26 +03:00
Andrew Dolgov 829d478f1b add some protection against opener attacks if external site is opened via window.open() 2017-02-08 15:07:05 +03:00
Andrew Dolgov 5edd605ae1 image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin) 2017-02-04 11:50:01 +03:00
Andrew Dolgov 0442cbb6c1 image cache: send files as content-disposition: attachment; add .png suffix to image urls 2017-02-04 11:32:24 +03:00
Andrew Dolgov 181c8285dd add compact theme with smaller font 2017-01-26 22:41:18 +03:00
Andrew Dolgov e432b8fbe2 implement cache-busting for default theme.css
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov 553ec3c351 pass article guid to hook_render_article 2017-01-25 08:50:42 +03:00
Shane Synan 311cdb27f4 sanitize: allow dfn tag
Add <dfn> tag to allowed tags list.  <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
Andrew Dolgov 3b001e4330 support rel=noopener for links 2017-01-24 18:45:25 +03:00
Andrew Dolgov 67268b0017 sanitize: allow acronym tag 2017-01-24 11:36:43 +03:00
Andrew Dolgov 967f0619c7 force ngettext() count argument type to string 2017-01-22 10:18:43 +03:00
Andrew Dolgov c606bd5741 tweak the enclosure dropdown display a little bit for less-readable urls 2017-01-17 14:04:00 +03:00
Bernhard Thaler 62958fe9dc convert to punycode for feed on idn hostname 2017-01-02 22:50:26 +01:00
Andrew Dolgov 6687cb9927 shared posts: remove link to feed in externally shared articles to prevent leaking potentially private feed urls 2016-09-21 09:39:31 +03:00
Andrew Dolgov 1a322ff3df import_export: better error message if upload failed 2016-08-19 18:14:22 +03:00
JustAMacUser d8b0f06705 Remove href attribute if it executes JavaScript. 2016-08-06 14:07:30 -04:00
Andrew Dolgov 64c24ecb59 add hotkey for toggling VFEED_GROUP_BY_FEED preference 2016-07-26 15:55:00 +03:00
Andrew Dolgov 42f78188d0 sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML() 2016-04-29 21:59:34 +03:00
Andrew Dolgov 465fb16d33 remove fetch_file_contents2, use a compat shim instead 2016-03-30 13:46:32 +03:00
Andrew Dolgov 633fb7ffe2 amend previous 2016-03-30 13:34:26 +03:00
Andrew Dolgov 79c891a8b7 set smallish timeout on update check, exclude update checking on initial load 2016-03-30 13:32:49 +03:00
Andrew Dolgov 7c0d68f207 remove dismiss* functions 2016-03-22 10:28:34 +03:00
Andrew Dolgov 94d425fe4a rewrite_relative_url: only skip urls like magnet: instead of everything with : 2016-02-20 12:06:47 +03:00
Andrew Dolgov 7bbe94bc93 Revert "rewrite_relative_url: do not skip urls containing :"
This reverts commit a547fef6ab.
2016-02-20 12:02:34 +03:00
Andrew Dolgov a547fef6ab rewrite_relative_url: do not skip urls containing : 2016-02-20 11:57:37 +03:00
JustAMacUser a01bfd78c2 Remove srcset and sizes attributes from img tag if locally caching images. 2016-02-19 01:35:11 -05:00
Andrew Dolgov 50bda3fefb sanitize: allow <xml:namespace> (thanks, livejournal) 2016-02-05 11:31:13 +03:00
Andrew Dolgov 71b75bb7fa fix multiple issues with archived feeds 2016-01-26 19:03:05 +03:00
Andrew Dolgov 3b44aae0f3 sanitize: allow <description> 2016-01-23 02:17:00 +03:00
Andrew Dolgov c352248651 get_article_tags: while getting tags from cache check if article entry actually exists 2016-01-14 12:12:35 +03:00
Andrew Dolgov 85d067e837 tag_is_valid: check numeric tags properly 2015-12-30 15:15:18 +03:00
Andrew Dolgov a536f94c8d sanitize: clear out @srcset/@sizes on images leading to http sites when running over https 2015-12-17 09:59:53 +03:00
Andrew Dolgov 19e47ad60b queryFeedHeadlines: don't check first_id when sorting by oldest first 2015-11-21 22:20:00 +03:00
Andrew Dolgov 4c46702672 drop support for (obsolete, removed from recent php versions) php safe_mode setting
remove ugly hacks for curl + open_basedir combination breaking support for http redirects
2015-11-19 20:05:17 +03:00