Commit Graph

779 Commits

Author SHA1 Message Date
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov c352e872e9 core: pass found enclosures to HOOK_ARTICLE_FILTER
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
Nathan Warner f8d96543de Created hotkeys_force_top plugin
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
Andrew Dolgov 9ae9302b6b implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7 2020-05-17 08:25:51 +03:00
Andrew Dolgov 5e77d0062b use intersection observer to unpack visible articles, remove Headlines.unpackVisible() 2020-05-13 07:28:13 +03:00
Andrew Dolgov a802649d53 rename cdmScrollToId to cdmMoveToId
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov 4e74da590e af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding 2020-02-28 08:03:25 +03:00
Andrew Dolgov 96fa6e3002 af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters 2020-02-27 12:15:56 +03:00
Andrew Dolgov ba7f7e72db af_comics: mention that Far Side needs cached media 2020-02-27 11:44:18 +03:00
Andrew Dolgov 61168847ac af_comics: escape all template urls 2020-02-27 10:25:00 +03:00
Andrew Dolgov 3b62150abd use canonical fetch url for Far Side 2020-02-27 10:24:12 +03:00
Andrew Dolgov db8a1f76c7 remove unnecessary debugging from previous 2020-02-27 10:20:16 +03:00
Andrew Dolgov 9b4053b1ea af_comics: add experimental support for The Far Side 2020-02-27 10:19:09 +03:00
Andrew Dolgov b159bbe55d af_readability: sanitize content requested for embedding 2020-02-27 08:28:54 +03:00
Andrew Dolgov 3b635c7557 fix plugins/note javascript part broken by previous changeset 2020-02-27 07:59:57 +03:00
Andrew Dolgov 71ff485fbf af_readability: add article button to embed content of a specific article 2020-02-27 07:57:22 +03:00
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
koffieanon 3a3c74dfa4 Also match images with query string (size, tokens, etc). 2020-01-04 17:22:58 +01:00
koffieanon e89dd83f05 Spaces to tabs for consistency. 2020-01-04 17:21:05 +01:00
koffieanon 297a89c2d2 Fix bug processing found due to operator precedence. 2020-01-04 17:20:33 +01:00
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 2019-12-18 14:27:40 +03:00
Andrew Dolgov 219840341c Af_Youtube_Embed: whitelist youtube iframes if enabled 2019-11-27 22:46:43 +03:00
Andrew Dolgov ffa3f9309f af_comics: support buni webtoon episodes 2019-11-18 19:00:08 +03:00
Andrew Dolgov f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 2019-11-03 20:47:21 +03:00
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov 249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov 68b0380118 add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov 178bcd4349 auth_internal: fix OTP seed checking 2019-11-01 10:34:31 +03:00
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
JustAMacUser 8459238f6c af_comics: Use a fixed time of day when generating fake feed for GoComics. Without this the timestamp is always updated to be the time the feed is fetched, which causes the comics to keep moving to the top/bottom of the article list depending on the sort order. (Using 11:00 a.m. UTC as that should keep the date the same across the majority of time zones.)
Try to get the actual title for GoComics comics.

Also a little code clean up.
2019-10-06 16:19:21 -04:00
Aleksandr Beliaev 7a4d5cc724 Fix error "mb_convert_encoding(): Illegal character encoding specified"
modified:   plugins/af_readability/init.php
2019-09-13 09:52:40 +12:00
Andrew Dolgov e887d68f21 af_readability: require php 7.0 2019-08-21 10:05:25 +03:00
Andrew Dolgov 3e4701116d af_readability: add missing file 2019-08-16 15:29:24 +03:00
Andrew Dolgov 10c63ed582 pluginhost: add helper methods to get private/public pluginmethod endpoint URLs 2019-08-15 20:23:45 +03:00
Andrew Dolgov bdf29856fb fix several leftover mentions of old (renamed) class name, duh 2019-08-15 17:12:59 +03:00
Andrew Dolgov de5669f723 af_zz_imgproxy: rename to af_proxy_http, use priority hook loader 2019-08-15 16:27:53 +03:00
Andrew Dolgov c34726b2b2 consistency: use DiskCache->exists() to check for present files 2019-08-14 12:52:41 +03:00
Andrew Dolgov 6914ad1f74 retire MIN_CACHE_FILE_SIZE 2019-08-14 12:44:50 +03:00
Andrew Dolgov d2f1cbfcb1 af_zz_imgproxy: redirect to cached_url (3!!) 2019-08-14 10:10:27 +03:00
Andrew Dolgov c6ae5fbda1 af_zz_imgproxy: redirect to cached_url if cache already exists so that urls are a bit shorter (2) 2019-08-14 10:01:05 +03:00
Andrew Dolgov e7edaca4db af_zz_imgproxy: redirect to cached_url if cache already exists so that urls are a bit shorter 2019-08-14 09:58:40 +03:00
Andrew Dolgov 3c075bfd21 DiskCache: more strict checking for input filenames, getUrl() is no longer static 2019-08-14 09:49:18 +03:00
Andrew Dolgov fdb6066bf6 * HOOK_ENCLOSURE_ENTRY: pass article_id to handler
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13 16:40:21 +03:00
Andrew Dolgov 7602819b98 add DiskCache.send; switch af_zz_imgproxy to use DiskCache 2019-08-13 12:20:53 +03:00
Andrew Dolgov a60297b920 remove import_export plugin (replaced with ttrss-data-migration) 2019-08-06 09:54:12 +03:00
Andrew Dolgov 088fcf8131 move more globals to more appropriate places
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov 967cccb7c5 af_readability: relax non-unicode hack to apply to HTML4 meta element markup 2019-06-06 15:18:47 +03:00
Andrew Dolgov ae376bdfbf search_sphinx: convert contructor of the sphinx API library 2019-05-01 09:33:52 +03:00
Andrew Dolgov fda475bd93 af_readability: fix HOOK_GET_FULL_TEXT not being installed because plugin init() is called before load_data() 2019-05-01 08:12:47 +03:00
Andrew Dolgov adc2a51695 update plugin readability-related option names 2019-04-17 08:53:33 +03:00
Andrew Dolgov d0a9aeaf80 move readability library to af_readability/vendor out of global vendor directory
af_redditimgur: use HOOK_GET_FULL_TEXT instead of invoking readability directly
2019-04-17 08:51:17 +03:00
Andrew Dolgov 6955b2e02d plugins: add HOOK_GET_FULL_TEXT which may be used to provide full text extraction to core code and other plugins, instead of trying to invoke af_readability specifically 2019-04-17 08:32:35 +03:00
Andrew Dolgov c7ad4ad2d4 import_export: use default ts_lang if user one is unset 2019-04-11 13:38:47 +03:00
Andrew Dolgov d32e191ad7 import_export: set tsvector_combined using DEFAULT_SEARCH_LANGUAGE on import 2019-04-10 13:18:23 +03:00
Andrew Dolgov d7282ec292 import_export: prevent form closing before doing anything; update markup 2019-04-09 07:05:33 +03:00
Andrew Dolgov 671f4cee65 domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense)
af_readability: better (?) charset hack for non-unicode pages
2019-03-21 21:08:02 +03:00
Andrew Dolgov 01b2f0a24f support "picture" tags in articles 2019-03-19 07:18:48 +03:00
Michael Kuhn bbb8a2e873 Fix missed hotkeys in googlereaderkeys plugin 2019-03-17 17:39:20 +01:00
Rodney Stromlund 7daf009a7f Add set_basic_feed_info hook to af_comics to fix GoComics title and url. 2019-03-12 12:16:24 -05:00
Michael Kuhn e74f7bde22 Refactor hotkeys to use keypress instead of keydown
keydown returns the "raw" key in event.which. Depending on the keyboard
layout, this may not be what is wanted. For example, on a German
keyboard, Shift+7 has to be pressed to get a slash. However, event.which
will be 55, which corresponds to "7". In the keypress event, however,
event.which will be 47, which corresponds to "/".

Sadly, several important keys (such as escape and the arrow keys) do not
trigger a keypress event. Therefore, they have to be handled using a
keydown event.

This change refactors the hotkey support to make use of keypress events
whenever possible. This will make hotkeys work regardless of the user's
keyboard layout. Escape and arrow keys are still handled via keydown
events.

There should be only one change in behavior: I could not make Ctrl+/
work and therefore rebound the help dialog to "?".
2019-03-11 12:01:27 +01:00
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
Andrew Dolgov 684a1368e9 toggle_sidebar: switch icon on click 2019-03-06 12:52:09 +03:00
Andrew Dolgov 2b54413599 af_redditimgur: update prefs markup 2019-03-05 19:45:48 +03:00
Andrew Dolgov fb62f2b970 toggle_sidebar: use hamburger icon 2019-03-04 21:55:35 +03:00
Andrew Dolgov cee76f4d49 bookmarklets: add more info link 2019-02-26 08:15:58 +03:00
Andrew Dolgov cbd119c7a3 pref-prefs: fix markup 2019-02-25 19:11:17 +03:00
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov abfd552962 plugins: update markup 2019-02-22 12:48:02 +03:00
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
Andrew Dolgov 55b032a6bd plugins/share: update layout 2019-02-22 06:35:14 +03:00
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 2019-02-21 16:21:16 +03:00
Andrew Dolgov fd8f8c7b3e af_readability: construct readability object inside try-catch block 2019-02-21 06:52:15 +03:00
Andrew Dolgov 1a8770f8f4 add plugins/hotkeys_noscroll 2019-02-20 15:32:53 +03:00
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 2019-02-20 14:37:59 +03:00
Andrew Dolgov 3b057d5f02 OTP: css fixes 2019-02-19 20:17:13 +03:00
Andrew Dolgov 1d2da64572 af_redditimgur: apparently imgur has link rel='image_src' now, let's use it 2019-02-06 16:24:31 +03:00
Andrew Dolgov a5517fe857 fetch_file_contents: decompress gzipped data
af_readability: remove utf8 preamble hack
2018-12-21 17:50:16 +03:00
Andrew Dolgov 0efb6e1bc2 remove pub_set.png, replace usages with iconfont 2018-12-14 17:30:41 +03:00
Andrew Dolgov e53959322b plugins/embed_original: move to attic repo 2018-12-13 09:54:41 +03:00
Andrew Dolgov 1b4567a973 remove vf_shared pixmap 2018-12-09 16:51:44 +03:00
Andrew Dolgov e54db22998 close_button: use vector icon 2018-12-09 16:35:00 +03:00
Andrew Dolgov 607ede512f center previously centered text on single line dialog panels 2018-12-09 16:27:29 +03:00
Andrew Dolgov 4036b479f9 share plugin: fix unshare() 2018-12-09 11:48:29 +03:00
Andrew Dolgov a400a8ffc1 add PluginHost.HOOK_INIT_COMPLETE (and make no_title_counters use it) 2018-12-08 20:06:07 +03:00
Andrew Dolgov b96beeeda7 bookmarklets: show pref link-buttons properly 2018-12-08 15:55:35 +03:00
Andrew Dolgov bd66a9ef28 render article on the client using headlines data 2018-12-08 09:32:14 +03:00
Andrew Dolgov 7adf937936 shorten_expanded: use dojo button, don't break attachment dropdown, other fixes 2018-12-07 22:56:34 +03:00
Andrew Dolgov 165eea32e8 af_psql_trgm: fix parameter not being quoted properly in showrelated 2018-12-07 18:02:42 +03:00
Andrew Dolgov a68b150601 remove separate classes for various panels, unify under .panel
remove a few other unnecessary css classes/ids
2018-12-07 14:03:33 +03:00
Andrew Dolgov b68ee9adf4 af_comics: add Stonetoss 2018-12-07 12:02:38 +03:00
Andrew Dolgov 4cbc62d2a5 article note format updates 2018-12-06 20:55:51 +03:00
Andrew Dolgov 836a949407 af_psql_trgm: fix showrelated() layout 2018-12-06 12:13:59 +03:00
Andrew Dolgov bc2d40009b plugins/mail, mailto: update icons 2018-12-06 08:59:15 +03:00
Andrew Dolgov 814e49f8f7 add icons to accordion panels in preferences
fix typo in pref-prefs closing panel tag
2018-12-06 08:56:28 +03:00
Andrew Dolgov c700345c96 trgm: use vector icon, replace recently read icon 2018-12-05 22:48:14 +03:00
Andrew Dolgov 4996269d55 remove mark_button (just use hotkeys or main icon, why is this even needed?) 2018-12-05 22:36:12 +03:00
Andrew Dolgov 94bc24ff31 share by url stuff: use link icon instead of share 2018-12-05 22:33:09 +03:00
Andrew Dolgov 37205321d9 remove share.png 2018-12-05 22:28:09 +03:00
Andrew Dolgov 17d9e14dde toggle_sidebar: use icon-font 2018-12-05 22:27:17 +03:00
Andrew Dolgov 9703162f57 plugins: note,shared - move to iconfont 2018-12-05 22:19:46 +03:00
Andrew Dolgov a2e06410c2 shorten_expanded: call unpackVisible() because there might be new stuff from below if current is shortened 2018-12-05 08:13:47 +03:00
Andrew Dolgov 6befff30d7 updates for flat theme (mostly disable old dijit overrides) 2018-12-04 19:03:42 +03:00
Andrew Dolgov 31e79317b3 normalize various font sizes and families between prefs & main UI
change some dialogs layout a bit to maybe become more readable
2018-12-04 15:22:22 +03:00
Andrew Dolgov e76d1fb995 plugins: mail, mailto: remove code from global context 2018-12-03 14:21:50 +03:00
Andrew Dolgov 71fc6d45bd refactor error reporting to AppBase; keep exception_error() for now as a shim 2018-12-03 13:38:13 +03:00
Andrew Dolgov 78cc470193 remove some plugin JS code out of global context 2018-12-03 10:51:14 +03:00
Andrew Dolgov 526389b2d3 update notify_* calls to use Notify 2018-12-02 20:56:30 +03:00
Andrew Dolgov d9c5c93cef move some more stuff out of common.js
rework client-side cookie functions a bit
limit dojo cachebust based on server scripts modification time
remove param_escape()
2018-12-02 20:07:57 +03:00
Andrew Dolgov 35ded4bc84 edit phrasing of some alert()s 2018-12-02 16:30:32 +03:00
Andrew Dolgov 0a18d0b1ed Feeds: shorten some method names
finally rename "view as rss"
2018-12-02 08:57:22 +03:00
Andrew Dolgov 3678315bea Article, Headlines: shorten several method names 2018-12-02 08:32:13 +03:00
Andrew Dolgov 1e2d4410d3 move some more shared stuff to CommonDialogs, Filters, and Utils 2018-12-01 22:39:29 +03:00
Andrew Dolgov 642c37ea61 further effocts to wrap JS stuff into objects 2018-12-01 21:01:53 +03:00
Andrew Dolgov 1d82bd4f19 further objectification 2018-12-01 17:42:21 +03:00
Andrew Dolgov 049a37aa0e WIP reshuffling of JS global context into separate logical objects 2018-12-01 17:05:35 +03:00
Andrew Dolgov a2ef54cd92 toggleMark, togglePub: refactor implementation
shorten marked/published img CSS classes
2018-12-01 08:20:09 +03:00
Andrew Dolgov 3325979bf0 isCdmMode -> isCombinedMode 2018-12-01 08:04:12 +03:00
Andrew Dolgov add558e7e5 rework some styles related to three panel mode 2018-11-30 15:54:38 +03:00
Andrew Dolgov 8359ca6dad combined mode (and more) css class name updates 2018-11-30 15:48:17 +03:00
Andrew Dolgov 2f961ee830 plugins: add some xhrPost refactoring 2018-11-30 15:23:48 +03:00
Andrew Dolgov 67cdf4cf12 remove some unnecessary element IDs
rework plugins/note to use xhrJson()
2018-11-30 14:39:06 +03:00
Andrew Dolgov 9563e3bcd6 remove expandable CDM headlines 2018-11-30 13:51:54 +03:00
Andrew Dolgov da1a3c2cc5 remove ok = confirm() thing 2018-11-30 13:05:59 +03:00
Andrew Dolgov dbb4cdbe36 plugins: run eslint const/let fixes 2018-11-30 08:39:45 +03:00
Andrew Dolgov c10a43069e debug logging system rework:
* support various logging levels per-message
 * remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
 * _debug() is kept as a compatibility shim for plugins
2018-11-30 08:34:29 +03:00
Andrew Dolgov 758752684c cache_starred_articles: limit maximum amount of download attempts per-article, consider cache operation a success even if all images were too small (prevents repeated requests) 2018-11-30 07:20:13 +03:00
Andrew Dolgov ed1262d55a oops, remove useless db_escape_string() in article class (and nsfw plugin) 2018-11-29 23:04:12 +03:00
Andrew Dolgov 55bf4bc1d3 mailer: split to/from name/addresses 2018-11-22 16:36:10 +03:00
Andrew Dolgov 57932e1837 remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class 2018-11-22 14:45:14 +03:00
Andrew Dolgov 3a0292303e php: remove trailing whitespaces 2018-11-03 15:08:43 +03:00
Andrew Dolgov df0115fc7a shorten_expanded: also hide embedded attachments behind wrapper 2018-09-21 08:14:55 +03:00
Andrew Dolgov 1cf69d435d fix af_zz_vidmute for new chrome breaking muting via setAttribute 2018-09-11 11:46:10 +03:00
Andrew Dolgov 4bb651a656 af_redditimgur: check gfycat content type before embedding, add generic
catchall embedding for og:video metadata
2018-09-10 16:09:38 +03:00
Andrew Dolgov f43ce66e65 af_redditimgur: simplify handling of gfycat URLs 2018-09-09 12:45:02 +03:00
Andrew Dolgov de1b9acba1 af_comics: simplify srcset attribute handling for gocomics pseudo-feeds 2018-08-31 08:33:36 +03:00
Andrew Dolgov 83da40251f plugins: move af_lang_detect to tt-rss-attic repository 2018-08-12 18:15:04 +03:00
tschuettler 31b40448fd Update af_lang_detect plugin with changes from upstream
Reapplied downstream changes for phpmd ruleset
2018-08-02 18:00:50 +02:00
Andrew Dolgov c925f4e3fd use catchall exception handler for readability 2018-07-31 18:31:01 +03:00
Self-Perfection 1cb3084d53 Replace tumblr videos with HD versions
Alternative approach might be extracting replacement URL from "hdUrl"
field of custom property "data-crt-options", but stripping last segment
of video URL is way easier and seems equally robust.
2018-07-14 19:16:40 +03:00
Andrew Dolgov 6d95e53524 af_readability: check if sanitized content has anything before replacing
original excerpt
af_readability, af_redditimgur: check php version before using Readability
2018-06-21 08:12:11 +03:00
Andrew Dolgov acf155cf8f remove old-style readability loading 2018-06-20 22:17:10 +03:00
Andrew Dolgov add9b37ab5 auth_internal: load Base32 using proper namespace 2018-06-20 22:15:10 +03:00
Andrew Dolgov b22766fcdd Af_RedditImgur: update to use readability-php 2018-06-20 15:56:08 +03:00
Andrew Dolgov 2aaefbfa54 update autoloader to consider namespaces for third party libraries: placed and loaded from vendor/namespace/classpath.php
update readability to a newer implementation based on Readability.js (https://github.com/andreskrey/readability.php)
add vendor/Psr/Log interface required for the above
2018-06-20 14:58:09 +03:00
Andrew Dolgov 636164301f import_export: limit and offset don't play nice with generic PDO placeholders 2018-05-28 16:49:39 +03:00
Andrew Dolgov a369a6d946 import_export: update to use PDO 2018-05-28 16:43:53 +03:00
Andrew Dolgov b70c3daffe af_redditimgur updates:
1. remove special handling for imgur albums/pages because its full on cancerous json garbage now with no scrapeable layout
2. skip all urls leading to reddit.com while trying to embed content
3. implement generic last resort embedding based on meta og:image element
2018-05-26 10:25:39 +03:00
Andrew Dolgov b037ffd628 af_readability: specify http accept header 2018-05-25 14:35:33 +03:00
Andrew Dolgov 82152bdc34 Revert "plugins/import_export: use PDO"
This reverts commit 785ffca622.
2018-05-24 12:31:30 +03:00