Andrew Dolgov
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
Andrew Dolgov
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
Andrew Dolgov
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
Andrew Dolgov
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
Andrew Dolgov
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
Shane Synan
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
Andrew Dolgov
3b001e4330
support rel=noopener for links
2017-01-24 18:45:25 +03:00
Andrew Dolgov
67268b0017
sanitize: allow acronym tag
2017-01-24 11:36:43 +03:00
Andrew Dolgov
967f0619c7
force ngettext() count argument type to string
2017-01-22 10:18:43 +03:00
Andrew Dolgov
c606bd5741
tweak the enclosure dropdown display a little bit for less-readable urls
2017-01-17 14:04:00 +03:00
Bernhard Thaler
62958fe9dc
convert to punycode for feed on idn hostname
2017-01-02 22:50:26 +01:00
Andrew Dolgov
6687cb9927
shared posts: remove link to feed in externally shared articles to prevent leaking potentially private feed urls
2016-09-21 09:39:31 +03:00
Andrew Dolgov
1a322ff3df
import_export: better error message if upload failed
2016-08-19 18:14:22 +03:00
JustAMacUser
d8b0f06705
Remove href attribute if it executes JavaScript.
2016-08-06 14:07:30 -04:00
Andrew Dolgov
64c24ecb59
add hotkey for toggling VFEED_GROUP_BY_FEED preference
2016-07-26 15:55:00 +03:00
Andrew Dolgov
42f78188d0
sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML()
2016-04-29 21:59:34 +03:00
Andrew Dolgov
465fb16d33
remove fetch_file_contents2, use a compat shim instead
2016-03-30 13:46:32 +03:00
Andrew Dolgov
633fb7ffe2
amend previous
2016-03-30 13:34:26 +03:00
Andrew Dolgov
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
2016-03-30 13:32:49 +03:00
Andrew Dolgov
7c0d68f207
remove dismiss* functions
2016-03-22 10:28:34 +03:00
Andrew Dolgov
94d425fe4a
rewrite_relative_url: only skip urls like magnet: instead of everything with :
2016-02-20 12:06:47 +03:00
Andrew Dolgov
7bbe94bc93
Revert "rewrite_relative_url: do not skip urls containing :"
...
This reverts commit a547fef6ab
.
2016-02-20 12:02:34 +03:00
Andrew Dolgov
a547fef6ab
rewrite_relative_url: do not skip urls containing :
2016-02-20 11:57:37 +03:00
JustAMacUser
a01bfd78c2
Remove srcset and sizes attributes from img tag if locally caching images.
2016-02-19 01:35:11 -05:00
Andrew Dolgov
50bda3fefb
sanitize: allow <xml:namespace> (thanks, livejournal)
2016-02-05 11:31:13 +03:00
Andrew Dolgov
71b75bb7fa
fix multiple issues with archived feeds
2016-01-26 19:03:05 +03:00
Andrew Dolgov
3b44aae0f3
sanitize: allow <description>
2016-01-23 02:17:00 +03:00
Andrew Dolgov
c352248651
get_article_tags: while getting tags from cache check if article entry actually exists
2016-01-14 12:12:35 +03:00
Andrew Dolgov
85d067e837
tag_is_valid: check numeric tags properly
2015-12-30 15:15:18 +03:00
Andrew Dolgov
a536f94c8d
sanitize: clear out @srcset/@sizes on images leading to http sites when running over https
2015-12-17 09:59:53 +03:00
Andrew Dolgov
19e47ad60b
queryFeedHeadlines: don't check first_id when sorting by oldest first
2015-11-21 22:20:00 +03:00
Andrew Dolgov
4c46702672
drop support for (obsolete, removed from recent php versions) php safe_mode setting
...
remove ugly hacks for curl + open_basedir combination breaking support for http redirects
2015-11-19 20:05:17 +03:00
Andrew Dolgov
389ae94a40
iframe_whitelisted: allow player.vimeo.com
2015-10-26 20:50:44 +03:00
Andrew Dolgov
9cc29abd41
queryFeedHeadlines: int_id was not included when browsing by tag which broke several button plugins
2015-10-08 10:08:51 +03:00
Andrew Dolgov
94b8ce6cec
queryfeedheadlines: remove disable_offsets hack
2015-09-15 12:33:58 +03:00
Andrew Dolgov
6b860bd9d2
recently read: limit query by last_read
2015-09-13 15:59:21 +03:00
JustAMacUser
08e79cb6b9
Fixed height/width image attributes for enclosures.
2015-08-23 13:08:48 -04:00
Andrew Dolgov
961cae85a4
Merge branch 'master' of git.fakecake.org:tt-rss
2015-08-17 07:55:44 +03:00
Andrew Dolgov
d5eaaa0508
curl: let's verify ssl peers
2015-08-17 07:53:50 +03:00
JustAMacUser
8493163576
Unset $retval after HOOK_FORMAT_ENCLOSURES.
...
Fixes an edge case where changing the array of enclosures with HOOK_FORMAT_ENCLOSURES might break the dropdown rendering if HOOK_RENDER_ENCLOSURE has no registered hooks.
2015-08-14 19:42:30 -04:00
Andrew Dolgov
28539f6aaf
search_to_sql: trim() input
2015-08-14 10:31:29 +03:00
Andrew Dolgov
dcbe36b2a2
fix some remaining old-style viewfeed() calls
2015-08-13 09:51:39 +03:00
Andrew Dolgov
6b0a17ad8b
viewfeed: switch to hash-based arguments
...
viewfeed: remove (obsolete) method parameter
add shortcut to debug viewfeed() query
2015-08-12 14:09:46 +03:00
Andrew Dolgov
884ae7a941
limit recently read feed to 1 day of read headlines
2015-08-12 10:02:46 +03:00
Andrew Dolgov
6ee255fba3
use join between user_entries and entries table
2015-08-11 20:04:38 +03:00
Andrew Dolgov
c1ebb6cdf7
update notice/error css classes
2015-08-11 18:37:07 +03:00
Andrew Dolgov
6810a1de42
use dijit form widget for attachments dropdown
2015-08-11 14:53:07 +03:00
Andrew Dolgov
209ebdc644
queryfeedheadlines: only use disable_offsets hack in expanded mode
2015-08-11 09:19:47 +03:00
Andrew Dolgov
e07be79a8b
first id query: add last_read for recently read feed
2015-08-10 12:20:01 +03:00