Commit Graph

113 Commits

Author SHA1 Message Date
Andrew Dolgov 829d478f1b add some protection against opener attacks if external site is opened via window.open() 2017-02-08 15:07:05 +03:00
Andrew Dolgov 5edd605ae1 image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin) 2017-02-04 11:50:01 +03:00
Andrew Dolgov 0442cbb6c1 image cache: send files as content-disposition: attachment; add .png suffix to image urls 2017-02-04 11:32:24 +03:00
Andrew Dolgov 181c8285dd add compact theme with smaller font 2017-01-26 22:41:18 +03:00
Andrew Dolgov e432b8fbe2 implement cache-busting for default theme.css
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov 553ec3c351 pass article guid to hook_render_article 2017-01-25 08:50:42 +03:00
Shane Synan 311cdb27f4 sanitize: allow dfn tag
Add <dfn> tag to allowed tags list.  <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
Andrew Dolgov 3b001e4330 support rel=noopener for links 2017-01-24 18:45:25 +03:00
Andrew Dolgov 67268b0017 sanitize: allow acronym tag 2017-01-24 11:36:43 +03:00
Andrew Dolgov 967f0619c7 force ngettext() count argument type to string 2017-01-22 10:18:43 +03:00
Andrew Dolgov c606bd5741 tweak the enclosure dropdown display a little bit for less-readable urls 2017-01-17 14:04:00 +03:00
Bernhard Thaler 62958fe9dc convert to punycode for feed on idn hostname 2017-01-02 22:50:26 +01:00
Andrew Dolgov 6687cb9927 shared posts: remove link to feed in externally shared articles to prevent leaking potentially private feed urls 2016-09-21 09:39:31 +03:00
Andrew Dolgov 1a322ff3df import_export: better error message if upload failed 2016-08-19 18:14:22 +03:00
JustAMacUser d8b0f06705 Remove href attribute if it executes JavaScript. 2016-08-06 14:07:30 -04:00
Andrew Dolgov 64c24ecb59 add hotkey for toggling VFEED_GROUP_BY_FEED preference 2016-07-26 15:55:00 +03:00
Andrew Dolgov 42f78188d0 sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML() 2016-04-29 21:59:34 +03:00
Andrew Dolgov 465fb16d33 remove fetch_file_contents2, use a compat shim instead 2016-03-30 13:46:32 +03:00
Andrew Dolgov 633fb7ffe2 amend previous 2016-03-30 13:34:26 +03:00
Andrew Dolgov 79c891a8b7 set smallish timeout on update check, exclude update checking on initial load 2016-03-30 13:32:49 +03:00
Andrew Dolgov 7c0d68f207 remove dismiss* functions 2016-03-22 10:28:34 +03:00
Andrew Dolgov 94d425fe4a rewrite_relative_url: only skip urls like magnet: instead of everything with : 2016-02-20 12:06:47 +03:00
Andrew Dolgov 7bbe94bc93 Revert "rewrite_relative_url: do not skip urls containing :"
This reverts commit a547fef6ab.
2016-02-20 12:02:34 +03:00
Andrew Dolgov a547fef6ab rewrite_relative_url: do not skip urls containing : 2016-02-20 11:57:37 +03:00
JustAMacUser a01bfd78c2 Remove srcset and sizes attributes from img tag if locally caching images. 2016-02-19 01:35:11 -05:00
Andrew Dolgov 50bda3fefb sanitize: allow <xml:namespace> (thanks, livejournal) 2016-02-05 11:31:13 +03:00
Andrew Dolgov 71b75bb7fa fix multiple issues with archived feeds 2016-01-26 19:03:05 +03:00
Andrew Dolgov 3b44aae0f3 sanitize: allow <description> 2016-01-23 02:17:00 +03:00
Andrew Dolgov c352248651 get_article_tags: while getting tags from cache check if article entry actually exists 2016-01-14 12:12:35 +03:00
Andrew Dolgov 85d067e837 tag_is_valid: check numeric tags properly 2015-12-30 15:15:18 +03:00
Andrew Dolgov a536f94c8d sanitize: clear out @srcset/@sizes on images leading to http sites when running over https 2015-12-17 09:59:53 +03:00
Andrew Dolgov 19e47ad60b queryFeedHeadlines: don't check first_id when sorting by oldest first 2015-11-21 22:20:00 +03:00
Andrew Dolgov 4c46702672 drop support for (obsolete, removed from recent php versions) php safe_mode setting
remove ugly hacks for curl + open_basedir combination breaking support for http redirects
2015-11-19 20:05:17 +03:00
Andrew Dolgov 389ae94a40 iframe_whitelisted: allow player.vimeo.com 2015-10-26 20:50:44 +03:00
Andrew Dolgov 9cc29abd41 queryFeedHeadlines: int_id was not included when browsing by tag which broke several button plugins 2015-10-08 10:08:51 +03:00
Andrew Dolgov 94b8ce6cec queryfeedheadlines: remove disable_offsets hack 2015-09-15 12:33:58 +03:00
Andrew Dolgov 6b860bd9d2 recently read: limit query by last_read 2015-09-13 15:59:21 +03:00
JustAMacUser 08e79cb6b9 Fixed height/width image attributes for enclosures. 2015-08-23 13:08:48 -04:00
Andrew Dolgov 961cae85a4 Merge branch 'master' of git.fakecake.org:tt-rss 2015-08-17 07:55:44 +03:00
Andrew Dolgov d5eaaa0508 curl: let's verify ssl peers 2015-08-17 07:53:50 +03:00
JustAMacUser 8493163576 Unset $retval after HOOK_FORMAT_ENCLOSURES.
Fixes an edge case where changing the array of enclosures with HOOK_FORMAT_ENCLOSURES might break the dropdown rendering if HOOK_RENDER_ENCLOSURE has no registered hooks.
2015-08-14 19:42:30 -04:00
Andrew Dolgov 28539f6aaf search_to_sql: trim() input 2015-08-14 10:31:29 +03:00
Andrew Dolgov dcbe36b2a2 fix some remaining old-style viewfeed() calls 2015-08-13 09:51:39 +03:00
Andrew Dolgov 6b0a17ad8b viewfeed: switch to hash-based arguments
viewfeed: remove (obsolete) method parameter
add shortcut to debug viewfeed() query
2015-08-12 14:09:46 +03:00
Andrew Dolgov 884ae7a941 limit recently read feed to 1 day of read headlines 2015-08-12 10:02:46 +03:00
Andrew Dolgov 6ee255fba3 use join between user_entries and entries table 2015-08-11 20:04:38 +03:00
Andrew Dolgov c1ebb6cdf7 update notice/error css classes 2015-08-11 18:37:07 +03:00
Andrew Dolgov 6810a1de42 use dijit form widget for attachments dropdown 2015-08-11 14:53:07 +03:00
Andrew Dolgov 209ebdc644 queryfeedheadlines: only use disable_offsets hack in expanded mode 2015-08-11 09:19:47 +03:00
Andrew Dolgov e07be79a8b first id query: add last_read for recently read feed 2015-08-10 12:20:01 +03:00