79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
4a074111b5
user preferences: forbid < and > characters when changing passwords (were silently stripped on save because of clean())
2020-09-14 20:53:00 +03:00
da98ba662e
public/subscribe: require valid CSRF token when validating the form
2020-09-14 20:21:22 +03:00
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
a922b3cc6d
order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting
2020-09-11 07:48:22 +03:00
67f02e2aa7
properly return counters for labels with zero assigned articles
...
refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766
2020-08-29 08:41:52 +03:00
88ced02622
Silence php 7.2 error message generated in `session_set_cookie_params`.
2020-08-14 10:47:46 -05:00
ddf9227dc4
pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc
2020-08-13 12:23:27 +03:00
dfa65e9374
move order_by to SQL override logic into a separate function
2020-08-13 11:52:32 +03:00
48be005774
instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-08-11 13:29:09 +03:00
05a47e5cf4
OPML: export/import per-feed purge interval
2020-08-10 11:57:39 +03:00
c4ee0e25a1
more int/string type mismatches on getCategories
2020-08-01 16:30:10 +02:00
3da618e0ea
make sure all ints are casted (to int) on getCategories
2020-07-31 16:15:16 +02:00
68b78ecd3d
Merge branch 'bugfix/invalid-opml' of wn/tt-rss into master
2020-07-01 14:48:02 +00:00
b6372a846d
when exporting OPML via web UI, add user login to the filename
2020-07-01 10:02:24 +03:00
fa653f5a43
prefs: show disabled filters properly on mysql
2020-07-01 09:49:53 +03:00
2996a3942f
prefs: show root of filter tree as enabled so it's not grayed out
2020-07-01 09:48:27 +03:00
614d3ac1bf
Properly check if OPML file was loaded during import.
2020-06-27 15:06:08 -05:00
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
6eb94f1e13
better support for image srcset attributes as discussed in https://community.tt-rss.org/t/problem-with-img-srcset/3519
2020-06-15 11:58:59 +03:00
d01ad09800
eslint-related fixes; move a few things from global context to App
2020-06-05 07:44:57 +03:00
c8cc845d5b
when removing favicon, reset its auto-refresh timer
2020-05-22 15:06:52 +03:00
06d2c65193
calculate_article_hash: don't die() on previous, woops
2020-05-17 17:44:32 +03:00
3a142cbf58
calculate_article_hash: ignore some useless or read-only fields (i.e. GUID) when calculating hash
2020-05-17 17:42:37 +03:00
cd1f3cb8cc
* store UID in article hashed GUID separately so it could be migrated cleanly to a different instance
...
* store resulting GUID as a JSON object so it could be extended easier if needed
2020-05-17 14:01:16 +03:00
7a2e9bef77
add --opml-export to update.php
2020-05-13 12:07:31 +03:00
c275a0cd33
DiskCache: append fake file extension when sending cached files based on mime type to make saving files easier
2020-05-12 13:28:54 +03:00
3a4b9249a9
DiskCache: properly deal with srcset attributes
2020-04-29 19:29:36 +03:00
4a00f96733
remove unneeded var_dump()
2020-04-29 11:35:02 +03:00
6573541873
* add HOOK_ENCLOSURE_IMPORTED
...
* pass feed id to HOOK_FEED_PARSED
2020-04-29 11:33:39 +03:00
44b1f0fcc0
search: add support for label:XXX search keyword
...
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-04-04 14:34:08 +03:00
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
ec1b0befc7
add support for video[@src] in media cache
...
it's a valid alternative to a source[@src] child element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/video
2020-03-12 11:08:39 +01:00
cdde23b4dc
actually download <video> posters to media cache
...
video[@poster] is already supported in the rewriting logic but never
actually downloaded
2020-03-12 11:08:33 +01:00
b4287a2e98
fix url rewriting for videos with poster and src
...
if a poster attribute was present only that would have been rewritten
and the (arguably more important) src attribute would be left as-is
2020-03-12 11:08:24 +01:00
208e02c47d
PluginHost/save_data: use separate PDO connection to prevent issues with nested transactions
2020-03-10 08:14:00 +03:00
bcbc5ccc78
batchSubscribe: use validationtextarea
2020-02-28 14:03:29 +03:00
f24ece85a6
add validationtextarea control, use it for filter match editor
2020-02-28 13:53:45 +03:00
8645f36c5b
filter test dialog: pass contents via xhr POST
2020-02-28 12:16:54 +03:00
bdb1e475e7
external subscribe dialog: support dark theme
2020-02-27 13:40:32 +03:00
b2876f6c72
share anything dialog: support dark theme
2020-02-27 13:38:24 +03:00
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
5f30061c92
properly calculate marked counters for feeds in nested categories
2020-02-20 15:54:40 +03:00
60288f02e8
1. feedtree: show counters for marked articles if view-mode == marked
...
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
2020-02-20 14:14:45 +03:00
5b6d9cee29
prefs layout fixes:
...
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
2020-02-18 11:51:04 +03:00
47135160d1
getCategoryCounters: properly handle categories which don't have any stored feeds/articles
2020-01-27 15:45:04 +03:00
88d4324e32
mark primary button in the default password dialog
2020-01-25 13:08:29 +03:00
776fe4768b
default password warning: fix close button, don't crash if dialog is recreated (on feed tree reload etc)
2020-01-25 13:02:11 +03:00
0e9e1ad112
getCategoryUnread: return correct unread count for labels category
2020-01-25 12:53:10 +03:00
cdd2b6fd22
getCategoryChildrenUnread: fix typo
2020-01-25 10:00:22 +03:00
Andrew Dolgov
Rodney Stromlund
Paco Esteban
fox
wn_
lllusion3418