ba2853caac
Prevent target='_blank' vulnerability on dynamic link
2017-02-12 11:01:36 +01:00
fafd32e2dc
use get_self_url_prefix() when rewriting cached images
2017-02-10 15:14:47 +03:00
dc8bd8a640
add some print_checkbox/print_button calls; rename some plugin preference pane titles
2017-02-10 14:57:25 +03:00
8cf37284e7
af_zz_imgproxy: add optional setting to proxy all remote images
...
functions: add some form helper methods
2017-02-10 14:17:18 +03:00
7818bfde0b
sanitize: properly handle cached content in archived articles
2017-02-10 12:11:09 +03:00
70c0a8c2e0
pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor.
2017-02-09 23:19:26 +03:00
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
24c7e4132d
subscribe dialog: do not report errors via alert()
...
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
2017-01-28 12:45:49 +03:00
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
3b001e4330
support rel=noopener for links
2017-01-24 18:45:25 +03:00
e934d63e0c
fetch_file_contents: rework the way shim works to prevent intermittent warnings
2017-01-24 15:11:13 +03:00
67268b0017
sanitize: allow acronym tag
2017-01-24 11:36:43 +03:00
cb3f877303
reference pubsubhubbub classes using their namespace
2017-01-23 08:20:46 +03:00
70c5b2bfcc
feed tree: only run animation for appearing unread counters to prevent clashes with aux counter updating and animations ending up in wrong state
2017-01-22 20:20:35 +03:00
a86255572a
bump VERSION_STATIC due to Dojo changes
2017-01-22 13:55:36 +03:00
fa287f6b11
Merge branch 'af-comics-gocomics-feed' into 'master'
...
Update af_comics plugin to support GoComics.
Updates the af_comics plugin to support new GoComics site, which dropped native RSS feeds.
See merge request !42
2017-01-22 11:03:45 +03:00
967f0619c7
force ngettext() count argument type to string
2017-01-22 10:18:43 +03:00
fabfb9fc2a
Added support to fetch_file_contents() to explicitly set CURLOPT_FOLLOWLOCATION.
2017-01-22 02:12:09 -05:00
becd215a75
lib: Upgrade php-subscriber from ??? to 1213f89 (2016-11-15)
...
https://github.com/pubsubhubbub/php-subscriber
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
5ddc3e274d
lib: Upgrade php-publisher from ??? to a5d6a0e (2016-11-15)
...
https://github.com/pubsubhubbub/php-publisher
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
c606bd5741
tweak the enclosure dropdown display a little bit for less-readable urls
2017-01-17 14:04:00 +03:00
f6bcb5c606
Merge branch 'subscribe-idn-feed' into 'master'
...
Subscribe to feed with Internationalized Domain Name
Currently you cannot subscribe to feeds on hosts with internationalized domain names (IDNA) within tt-rss. You need to manually convert them to punycode to subscribe to them.
This patch adds code to detect IDNA and convert them to punycode in fix_url() if possible on the system. This requires PHP IDN functions (e.g. on Debian Jessie this needs php5-intl to be installed), so a notice is added to the installer sanity check.
See merge request !37
2017-01-16 11:36:00 +03:00
17a8e61d2a
deprecate encrypted feed passwords because mcrypt is getting removed from php 7.1
...
1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
2017-01-07 14:25:46 +03:00
62958fe9dc
convert to punycode for feed on idn hostname
2017-01-02 22:50:26 +01:00
3d5d289077
set_basic_feed_info: fix typo
2016-11-30 14:09:57 +03:00
bfe1eb4e52
rssfuncs: fix warning when trying to update nonexisting feed
2016-11-30 14:03:21 +03:00
12ff230bc2
maybe we shouldn't escape entry_author twice
2016-11-25 14:04:41 +03:00
3bba9c396f
fetch_file_contents: set timeout when not using CURL
2016-10-24 16:12:18 +03:00
e3dceca66b
get_article_filters: add unicode modifier to preg_match()
2016-10-19 21:40:58 +03:00
6687cb9927
shared posts: remove link to feed in externally shared articles to prevent leaking potentially private feed urls
2016-09-21 09:39:31 +03:00
401eb0f694
Specify feed_id as an int rather than a string.
2016-08-28 20:08:37 -04:00
f1b3b3f330
Add feed_id to subscribeToFeed response when the code is 1 or 0.
...
Set the API_LEVEL to 14.
2016-08-27 10:29:25 -04:00
557d86fe42
better debugging for matched filter rules
2016-08-26 14:45:34 +03:00
e54eb40a8c
remove support for legacy mysql driver
2016-08-21 14:03:35 +03:00
1a322ff3df
import_export: better error message if upload failed
2016-08-19 18:14:22 +03:00
5cbd1fe8e4
perform housekeeping tasks for plugins loaded in user-context only
2016-08-11 15:01:01 +03:00
25a533c432
bump static version to 16.8
2016-08-10 09:15:52 +03:00
6ff51c1997
Merge branch 'more-info-article-filter' into 'master'
...
Pass the value of cache_images to plugins in HOOK_ARTICLE_FILTER.
Adds the `$cache_images` value to the `$article['feed']` array before calling HOOK_ARTICLE_FILTER. Allows plugins to know whether images will be cached in case they want to manage them in one way or another.
See merge request !32
2016-08-07 22:22:09 +03:00
babfadbfd2
Pass the value of cache_images to plugins in HOOK_ARTICLE_FILTER.
2016-08-06 14:16:39 -04:00
d8b0f06705
Remove href attribute if it executes JavaScript.
2016-08-06 14:07:30 -04:00
dae16f72c9
Only strings need 4-byte filtering.
2016-07-26 03:51:22 -04:00
64c24ecb59
add hotkey for toggling VFEED_GROUP_BY_FEED preference
2016-07-26 15:55:00 +03:00
e6905f7f87
test if mb_internal_encoding() is available in functions.php head
2016-07-07 10:02:55 +03:00
638fdf732a
update_rss_feed: log warning when attempting to update unknown feed
2016-04-29 22:10:00 +03:00
42f78188d0
sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML()
2016-04-29 21:59:34 +03:00
977cea1438
actually check for failures properly in the dbupdater
2016-04-26 20:04:24 +03:00
9e84bab449
daemon common: use proper update condition checking for secondary-selected feeds
2016-04-01 18:54:53 +03:00
c71add385d
fetch_file_contents: fix shim when invoked with 1 argument only
2016-03-31 09:48:05 +03:00
465fb16d33
remove fetch_file_contents2, use a compat shim instead
2016-03-30 13:46:32 +03:00
633fb7ffe2
amend previous
2016-03-30 13:34:26 +03:00
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
2016-03-30 13:32:49 +03:00
e3bc4591af
add a hash-based fetch_file_contents2()
2016-03-30 13:25:32 +03:00
583d5b9a98
get_version: add missing substr
2016-03-28 13:26:09 +03:00
ae397f3a91
bump version_static to 16.3
2016-03-23 22:58:33 +03:00
7843453c00
version: do not hardcode master branch
2016-03-23 19:08:38 +03:00
7c0d68f207
remove dismiss* functions
2016-03-22 10:28:34 +03:00
94d425fe4a
rewrite_relative_url: only skip urls like magnet: instead of everything with :
2016-02-20 12:06:47 +03:00
7bbe94bc93
Revert "rewrite_relative_url: do not skip urls containing :"
...
This reverts commit a547fef6ab
2016-02-20 12:02:34 +03:00
a547fef6ab
rewrite_relative_url: do not skip urls containing :
2016-02-20 11:57:37 +03:00
d43b6563ef
Merge branch 'master' of git.tt-rss.org:fox/tt-rss
2016-02-19 09:39:29 +03:00
a01bfd78c2
Remove srcset and sizes attributes from img tag if locally caching images.
2016-02-19 01:35:11 -05:00
cc43e19b44
error handler: do not log last query, truncate error message to a smaller length
2016-02-17 16:42:13 +03:00
50bda3fefb
sanitize: allow <xml:namespace> (thanks, livejournal)
2016-02-05 11:31:13 +03:00
0edf1d0dc0
update_rss_feed: disable support for http 304 for the time being
2016-02-02 14:51:02 +03:00
71b75bb7fa
fix multiple issues with archived feeds
2016-01-26 19:03:05 +03:00
0bc503ff9a
update_rss_feed: escape dumped content while debugging
2016-01-23 02:17:24 +03:00
3b44aae0f3
sanitize: allow <description>
2016-01-23 02:17:00 +03:00
c352248651
get_article_tags: while getting tags from cache check if article entry actually exists
2016-01-14 12:12:35 +03:00
312742db6e
updates: auto-disable CURL if open_basedir is enabled, notify possible issues w/ plugins
2016-01-13 18:12:31 +03:00
393fc7d6b5
update static version
2016-01-12 16:44:14 +03:00
5bdcb8fd78
remove option ALLOW_DUPLICATE_POSTS as confusing/useless
2016-01-07 22:01:35 +03:00
4f186b1f10
fix broken article processing if ALLOW_DUPLICATE_POSTS is enabled
2016-01-07 21:49:31 +03:00
9b736a20b3
do not automatically call cleanup_tags() in housekeeping tasks
2016-01-04 10:42:24 +03:00
98070db009
Update new feeds first in postgres
2015-12-31 12:54:52 +01:00
85d067e837
tag_is_valid: check numeric tags properly
2015-12-30 15:15:18 +03:00
a536f94c8d
sanitize: clear out @srcset/@sizes on images leading to http sites when running over https
2015-12-17 09:59:53 +03:00
6eed9a7463
Merge branch 'master' of git.tt-rss.org:fox/tt-rss
2015-12-07 20:07:37 +03:00
a956648502
catchup_feed: proper fix for mysql 5.7
2015-12-07 20:07:13 +03:00
33d131d699
ttrss_gc: return true
2015-12-07 15:25:31 +03:00
040aa5408a
fix previous, owner_uid not passed in daemon context
2015-12-07 15:06:32 +03:00
a8ac766132
do not discard custom set article tags when updating from source
2015-12-07 11:54:24 +03:00
24e6ff5d1c
calculate_article_hash: strip tags before hashing fields
2015-12-05 03:10:57 +03:00
bfd902bbcc
sanity_check: enforce minimum php version (5.4)
2015-12-04 19:03:57 +03:00
b8619f8db0
store formatted backtrace to sql log
2015-12-04 15:58:20 +03:00
9bd422c2e7
set_basic_feed_info: fix missing column
2015-12-03 19:21:17 +03:00
eed5467759
Revert "set_basic_feed_info: bail out if feed doesn't exist"
...
This reverts commit d77bd1a5d2
2015-12-03 19:18:50 +03:00
d77bd1a5d2
set_basic_feed_info: bail out if feed doesn't exist
2015-12-03 16:16:42 +03:00
475d762872
logger: record last query before logged error
2015-12-03 16:15:28 +03:00
fd3e5e8da4
get_article_filters: check if action.type is set
2015-12-03 15:33:47 +03:00
15c0bca0e5
catchup maybe add workaround for mysql 5.7 derived_merge
2015-12-03 15:33:36 +03:00
01bf7f8887
update sanity_config
2015-12-01 10:11:40 +03:00
b9af06802b
Revert "Fix missing SESSION_CHECK_ADDRESS in config"
...
This reverts commit 635ecdb9fa
2015-11-30 10:42:11 +01:00
19e47ad60b
queryFeedHeadlines: don't check first_id when sorting by oldest first
2015-11-21 22:20:00 +03:00
4c46702672
drop support for (obsolete, removed from recent php versions) php safe_mode setting
...
remove ugly hacks for curl + open_basedir combination breaking support for http redirects
2015-11-19 20:05:17 +03:00
6497fb65b4
fix ttrss_feeds.last_update defaulting to 0 on mysql, set to null instead
...
bump schema
2015-11-18 14:33:47 +03:00
Jérémy DECOOL
Andrew Dolgov
Andrew Dolgov
Shane Synan
Andrew Dolgov
JustAMacUser
Anders Kaseorg
Bernhard Thaler
John Brayton
Andrew Dolgov
Thomas Kramer
Heiko Adams