Commit Graph

2199 Commits

Author SHA1 Message Date
Andrew Dolgov e9c062a189 UrlHelper::rewrite_relative():
- support invoking specifying owner URL element/attribute
 - restrict mailto/magnet/tel schemes for A href
 - allow some data: base64 image types for IMG src

Sanitizer::sanitize():

 - when checking href and src attributes, pass element tagname and attribute to rewrite_relative()
2021-06-18 11:20:57 +03:00
fox 34807bacd4 Merge pull request 'Skip all urls with schemes different from base_url in rewrite_relative' (#38) from klempin/tt-rss:fix/mailto into master
Reviewed-on: https://git.tt-rss.org/fox/tt-rss/pulls/38
2021-06-17 18:51:35 +03:00
Philip Klempin b3bedd0a94 Skip URI base on ALLOWED_RELATIVE_SCHEMES in rewrite_relative 2021-06-16 15:24:15 +02:00
Andrew Dolgov 8ed8a10965 add settings profile cloning 2021-06-16 14:24:57 +03:00
Andrew Dolgov 326850845d UrlHelper::rewrite_relative: don't try to feed NULL to with_trailing_slash() 2021-05-21 17:10:32 +03:00
Andrew Dolgov dff479af64 feeditem_atom: support xml:base for enclosures and entry content
UrlHelper::rewrite_relative: use base URL path if relative url path is not absolute (experimental)
2021-05-21 15:39:41 +03:00
Andrew Dolgov 8574532b7f add hotkeys J/K to move between unread feeds 2021-05-20 20:32:00 +03:00
Andrew Dolgov 295fc1f88a API: bump api level to 17 2021-05-18 16:55:00 +03:00
Andrew Dolgov 2adf364c2c provide base configuration object in login response to skip on initial getConfig 2021-05-18 16:54:33 +03:00
Andrew Dolgov 9f6237a1b8 Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-05-18 16:37:09 +03:00
Andrew Dolgov 57cd8acfc9 API: return custom sort types in getConfig 2021-05-18 16:36:56 +03:00
Andrew Dolgov f423874e05 checking for PDO there is rather useless 2021-05-11 19:37:31 +03:00
Andrew Dolgov b5a559a1a7 sanity check: in single user mode, only test for admin user if migrations have been completed 2021-05-11 19:36:25 +03:00
Jacek Tomasiak 0c38dc8456 Improve missing token check
Avoid "E_NOTICE (8) (classes/userhelper.php:78) Undefined index:
csrf_token" in logs.
2021-05-11 10:32:59 +02:00
Andrew Dolgov b2f888e386 include archived articles (which lack associated feed id) when browsing by tag 2021-05-07 19:15:10 +03:00
Andrew Dolgov 86300a0ca8 add urlhelper to extract youtube video id from url 2021-05-07 07:37:27 +03:00
Oliver Haucke cfd9e6b53b FIX: public.php - Undefined index: feed_title 2021-04-19 10:43:30 +02:00
Andrew Dolgov eadaaebd58 functions_enabled: trim spaces from disable_functions php ini setting 2021-04-12 11:55:19 +03:00
Andrew Dolgov a61348e2b7 pluginhost: add profile_get/profile_set helpers 2021-04-09 14:01:30 +03:00
Andrew Dolgov c0fba62fa0 Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-03-29 19:48:10 +03:00
Andrew Dolgov 0acd33abe3 OTP: generate longer secrets, also make them easier to read/copy 2021-03-29 19:26:04 +03:00
wn_ 5d5c034a90 Adjust quotation marks in search query before 'str_getcsv'.
This moves a potential first quotation mark to before the associated keyword to ensure 'str_getcsv' groups the key and value correctly.  Without this 'str_getcsv' would split on potential spaces within the quoted value.
2021-03-27 00:18:05 +00:00
Andrew Dolgov e3c51b0e6c Revert "clip max displayed counter value to 9999 because of container node width"
This reverts commit c34a4c85bd.
2021-03-23 11:51:17 +03:00
Andrew Dolgov c34a4c85bd clip max displayed counter value to 9999 because of container node width 2021-03-23 10:47:06 +03:00
Andrew Dolgov 0f6644880a yet another flex feedtree attempt 2021-03-22 16:18:59 +03:00
wn_ 711e8e70e0 Switch most of API to ORM
'updateArticle' was left as-is due to Idiorm not supporting efficient multi-row updating (i.e. it would do an UPDATE per row).
2021-03-20 14:00:53 +00:00
Andrew Dolgov 43ea36d030 prefs: allow setting email if it was previously blank 2021-03-17 19:50:04 +03:00
wn_ cd52ca80ab Minor cleanup in 'Handler_Public->getProfiles' 2021-03-17 16:37:39 +00:00
wn_ baf3ecd4cf Fix a couple of array index warnings in 'Handler_Public->forgotpass' 2021-03-17 16:30:17 +00:00
wn_ 541a07250c Switch 'Handler_Public->forgotpass' to ORM 2021-03-17 16:18:06 +00:00
wn_ f057c124d1 Switch 'Handler_Public->login' to ORM, fix 'Handler_Public->getProfiles' 2021-03-17 15:52:43 +00:00
wn_ 7ea48f7a4b Switch 'Handler_Public->rss' to ORM 2021-03-17 14:00:19 +00:00
wn_ b6ae280446 Switch 'Handler_Public->getProfiles' to ORM 2021-03-17 13:48:27 +00:00
wn_ 401b22666d Switch 'RSSUtils::update_basic_info' to ORM 2021-03-17 01:51:32 +00:00
Andrew Dolgov a0e41f41a4 add svg loading indicators 2021-03-16 21:32:44 +03:00
Andrew Dolgov 44b274b6d4 remove published opml (use CLI instead) 2021-03-16 12:27:46 +03:00
JustAMacUser 39bbbef030 Fix E_NOTICE in `add_handler()`. 2021-03-15 16:20:38 -04:00
Andrew Dolgov 13210747d8 mailer: stop warning if to_name is unset (it's optional anyway) 2021-03-15 14:45:50 +03:00
Jordan Galby 3d801b1ac5 set orm and pdo mysql charset on connection 2021-03-13 17:56:52 +01:00
Andrew Dolgov 38ab3ef11c Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-03-13 11:22:06 +03:00
Andrew Dolgov 4ddcd54e8d * limit progressfunction debugging to size quota exceeded notifications
* af_redditimgur: reparent generated iframes outside of post table
2021-03-13 11:18:59 +03:00
Philip Klempin fa22e1bc35 Add coalescing operator to otp_enabled when changing user password 2021-03-12 20:26:24 +01:00
Andrew Dolgov fcce1c443e api: don't try to pass null site_url to Article::_get_image() 2021-03-12 17:15:45 +03:00
Andrew Dolgov 580eccd3da throttle login attempts, controlled by Config::AUTH_MIN_INTERVAL 2021-03-12 09:35:01 +03:00
Andrew Dolgov b9268fcc88 schema: add ttrss_users.last_auth_attempt 2021-03-12 09:19:50 +03:00
Andrew Dolgov 76a6060ca3 get_override_links: actually return overrides 2021-03-12 07:40:34 +03:00
Andrew Dolgov f9a381ecca grid: add a header icon (and a hotkey) to toggle article span entire row 2021-03-11 08:35:02 +03:00
Andrew Dolgov 27ab16b6dc add Config::LOCAL_OVERRIDE_JS 2021-03-11 07:44:58 +03:00
Andrew Dolgov 324aef9f6f route Logger:log() to user_error() if there's no adapter 2021-03-10 21:31:57 +03:00
Andrew Dolgov b6033d0bbd grid view tweaks 2021-03-10 11:44:16 +03:00
Andrew Dolgov 0b93d8d013 add hotkey to toggle grid view 2021-03-10 10:01:22 +03:00
Andrew Dolgov ddfa39015e experimental: add preference to show combined mode headlines as a 2 column grid 2021-03-10 08:33:56 +03:00
Andrew Dolgov 2160a86092 show E_COMPILE_ERROR in event log at higher severity levels 2021-03-09 17:00:51 +03:00
Andrew Dolgov dd9d017f7d add another coalesce for rule inverse 2021-03-09 13:42:28 +03:00
Andrew Dolgov 9b321be270 get_article_filters: set coalesce values for inverse and match_any_rule 2021-03-09 09:31:52 +03:00
Andrew Dolgov 4fe2e6bbf1 app password list: fix th/td alignment 2021-03-09 09:04:13 +03:00
Andrew Dolgov bc7cb76379 describe global settings in classes/config.php 2021-03-08 20:39:11 +03:00
wn_ fed5158ec5 Default to null 'rv' for plugin update check.
Previously 'rv' was returned as an empty JS array, causing 'p.rv.git_status != 0' to evaluate to true and a misleading 'Ready to update' appearing for certain plugins.
2021-03-08 15:38:52 +00:00
Andrew Dolgov ef03f8188c api: add support for setting score (bump api level to 16) 2021-03-08 13:45:15 +03:00
Andrew Dolgov c26f58d8a5 fix some php8 warnings 2021-03-08 11:16:32 +03:00
Andrew Dolgov 46b77fc6b7 fix digest preview not working on mysql because of a quoted LIMIT argument 2021-03-08 09:10:44 +03:00
Andrew Dolgov 603cc89638 check updates one plugin at a time 2021-03-07 20:11:54 +03:00
Andrew Dolgov f4d0e7bb6d * af_redditimgur: optionally import score
* add pluginhost->set_array() to set many plugin settings at once
2021-03-07 15:21:31 +03:00
Andrew Dolgov 72c04123d4 HOOK_ARTICLE_IMAGE: stop after first provided match 2021-03-07 14:19:00 +03:00
Andrew Dolgov ac6a59914b nsfw: support API clients 2021-03-07 13:22:38 +03:00
Andrew Dolgov ffb93d72ac fix previous to actually save enabled plugins 2021-03-07 12:28:24 +03:00
Andrew Dolgov 773bad1490 prevent list of enabled plugins resetting if saved while in search results 2021-03-07 12:26:33 +03:00
Andrew Dolgov c036c27ec7 logger: use constants instead of hardcoded string literals 2021-03-07 09:05:23 +03:00
Andrew Dolgov 17650775d2 hide event log accordion pane if LOG_DESTINATION is not sql 2021-03-07 09:02:24 +03:00
Andrew Dolgov 5bb8714839 allow blank override values 2021-03-07 09:00:36 +03:00
Andrew Dolgov d6fd0d5462 add some icons, remove some words 2021-03-06 23:51:48 +03:00
ltGuillaume 825e362f0e Fix "array offset on value of type null" for $error and $old_error
I tried applying to only $error and only $old_error, but both appear to be needed.

Log entries:
E_NOTICE (8) 	classes/urlhelper.php:464 	Trying to access array offset on value of type null
1. classes/urlhelper.php(464): ttrss_error_handler(8, Trying to access array offset on value of type null, classes/urlhelper.php, 464, [)
2. classes/rssutils.php(464): fetch([{"url":"https://some.url.rss","login":"","pass":"","timeout":15,"last_modified":"Sat, 31 Aug 2019 15:22:31 GMT"})
3. update.php(235): update_rss_feed(732, 1)
2021-03-06 20:33:23 +01:00
Andrew Dolgov 68ecf52594 some small layout fixes, remove a few inline styles 2021-03-06 20:03:36 +03:00
Andrew Dolgov 473ea6255c render list of plugins on the client 2021-03-06 18:14:25 +03:00
Andrew Dolgov 217922899d set some more type hints 2021-03-06 15:23:54 +03:00
Andrew Dolgov 270f0c3132 general cleanup, set some type hints 2021-03-06 15:19:31 +03:00
Andrew Dolgov 63651bd91d fix some leftover variables 2021-03-06 15:05:49 +03:00
Andrew Dolgov e5469479c1 * don't try to update custom set feed favicons
* cleanup update_rss_feed() a bit, use ORM
2021-03-06 11:17:15 +03:00
wn_ 2e8b064236 The type hint for 'DAEMON_MAX_CHILD_RUNTIME' should be T_INT 2021-03-05 17:32:32 +00:00
Andrew Dolgov 2cd159e2ce use separate database column for OTP secrets (migrate previous format if needed) 2021-03-05 17:40:17 +03:00
Andrew Dolgov 2aed79d729 schema: add separate otp_secret column 2021-03-05 17:16:48 +03:00
Andrew Dolgov 5c1f9f31bd add a bunch of button icons 2021-03-05 15:16:41 +03:00
Andrew Dolgov fe06416f17 sessions: stop validating against hash of user agent because chromium is sending
different agent headers for whatever reason, example:

Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,
like Gecko) Chrome/88.0.4324.192 Safari/537.36

Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/88.0.4324.104 Safari/537.36

seems to be related, at least, to App.postOpenWindow() hack.
2021-03-05 12:27:23 +03:00
Andrew Dolgov 98c75a9e43 don't check for plugin updates automatically on pane open 2021-03-05 10:25:32 +03:00
Andrew Dolgov e8e6329040 rename unfairly prefixed get_enclosures() in feeditem 2021-03-05 09:35:24 +03:00
Andrew Dolgov d016f7a499 Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-03-04 19:50:32 +03:00
Andrew Dolgov 476965b161 show installed plugins in the installer list 2021-03-04 19:50:19 +03:00
Threk 9442ceb7bd Fix Undefined index when using Single User Mode 2021-03-04 18:32:18 +03:00
Andrew Dolgov f398fea414 shorten plugin list action buttons 2021-03-04 16:44:21 +03:00
Andrew Dolgov 6cf771f2bc _get_available_plugins: decode as array 2021-03-04 15:57:11 +03:00
Andrew Dolgov 04128c7870 add search to plugin installer 2021-03-04 15:52:37 +03:00
Andrew Dolgov 4fda5ccd0e fix a bunch of bookmarklets login forms not leading back 2021-03-04 13:40:54 +03:00
Andrew Dolgov 30765805fd use orm for settings profiles stuff 2021-03-04 12:30:45 +03:00
Andrew Dolgov 31b29e0a56 log applied migrations 2021-03-04 11:33:25 +03:00
Andrew Dolgov 8f8ca49e4b migrations: refuse to apply empty schema files 2021-03-04 10:13:29 +03:00
Andrew Dolgov 4ede76280b migrations: don't try to use transactions on mysql 2021-03-04 09:43:12 +03:00
Andrew Dolgov 5eb0f3d640 bring back web dbupdate using new migrations system 2021-03-04 09:22:24 +03:00
Andrew Dolgov c0fb0a5ec0 wip for db_migrations for core schema 2021-03-04 08:30:52 +03:00
Andrew Dolgov 921569e5da support loading base schema as latest version 2021-03-04 07:26:05 +03:00
Andrew Dolgov 8256ab5dd9 wip: initial for db_migrations 2021-03-03 23:38:52 +03:00
Andrew Dolgov 0cb719a404 add basic local plugin uninstaller 2021-03-03 19:35:11 +03:00
Andrew Dolgov cb7f322f09 add basic plugin installer (uses tt-rss.org) 2021-03-03 19:07:39 +03:00
Andrew Dolgov 06cb181f73 add update button for system plugins 2021-03-03 14:17:55 +03:00
Andrew Dolgov 75e659ba65 reduce Amount of Caps Used in Multiple Dialogs 2021-03-03 14:10:18 +03:00
Andrew Dolgov 0730128a97 add a send test email button to prefs/system 2021-03-03 14:00:18 +03:00
Andrew Dolgov dbda996a7a previous one was not good enough i guess 2021-03-03 11:37:58 +03:00
Andrew Dolgov 1aedd22306 config::make_self_url() strip index.php etc 2021-03-03 11:35:04 +03:00
Andrew Dolgov 50087df162 * remove _SKIP_SELF_URL_PATH_CHECKS
* simplify SELF_URL_PATH checks wrt trailing slash
2021-03-03 11:23:39 +03:00
Andrew Dolgov 6f93c45c28 use orm in some more places; prevent _get_cat_title from hitting the db for uncategorized 2021-03-02 20:07:31 +03:00
Andrew Dolgov 9ec0732942 Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-03-02 19:21:27 +03:00
Andrew Dolgov ba86c64d38 add digest preview button, also fix a bunch of bugs 2021-03-02 19:21:21 +03:00
fox c4b78ed0a6 Merge pull request 'Fix undefined array key warnings when using iOS app' (#12) from sam302psu/tt-rss:undefined-array-keys into master
Reviewed-on: https://git.tt-rss.org/fox/tt-rss/pulls/12
2021-03-02 19:00:08 +03:00
sam302psu 57fdf032e9 changed skip and limit to coalesce to 0 instead of "" 2021-03-02 18:44:13 +03:00
sam302psu 8f8142df29 Fix undefined array key warnings when using iOS app
Use coalesce operator and empty string/default value to fix undefined array key warnings filling up logs when using iOS app to access api.
2021-03-02 17:36:57 +03:00
Andrew Dolgov 386316aba1 update previous (comment) 2021-03-02 17:12:35 +03:00
Andrew Dolgov 1ab6ca57af initialize Db object early because otherwise ORM might be used unconfigured 2021-03-02 17:11:38 +03:00
Andrew Dolgov d6629ed188 move dbupdater to db/updater; move base SCHEMA_VERSION constant inside db/updater class 2021-03-02 15:03:01 +03:00
Andrew Dolgov 86b12fc06c pluginhost: remove namespace classloader, plugins should use composer instead 2021-03-02 13:38:03 +03:00
Andrew Dolgov 08ff629af5 limit user data sent to frontend 2021-03-02 13:29:54 +03:00
Andrew Dolgov d4ad483add user editor: allow toggling otp 2021-03-02 13:27:41 +03:00
Andrew Dolgov 982bd838bf use orm when setting personal data; fix some warnings in mailer class 2021-03-02 13:20:41 +03:00
Andrew Dolgov 30b94fb194 store widescreen mode setting in preferences instead of a cookie 2021-03-02 12:22:48 +03:00
Andrew Dolgov 1a7f724bfa move around some methods in base plugins class 2021-03-02 12:15:42 +03:00
Andrew Dolgov 20d0cbff77 use ORM for article _labels_of/_feeds_of 2021-03-02 12:08:54 +03:00
Andrew Dolgov f9888fc67f use separate connection for logging 2021-03-02 11:37:56 +03:00
Andrew Dolgov c4eaab8a31 feeds/_add_cat: use ORM 2021-03-02 10:24:15 +03:00
Andrew Dolgov 7cf12233d7 use ORM when subscribing feeds 2021-03-02 10:11:42 +03:00
Andrew Dolgov dae0476159 sql logger: use orm 2021-03-02 09:58:50 +03:00
Andrew Dolgov 2005a7bf4f revise behavior of Feeds::_cat_of 2021-03-02 09:36:44 +03:00
Andrew Dolgov f097ae608d article/redirect: use orm (cast id to int) 2021-03-02 09:31:57 +03:00
Andrew Dolgov 3bab5ca6b1 article/redirect: use orm 2021-03-02 09:31:23 +03:00
Andrew Dolgov f195e86be3 don't rely on exit code when checking version (again) 2021-03-02 08:33:56 +03:00
Andrew Dolgov 84d8b08d1f use orm for feed access keys 2021-03-02 08:26:37 +03:00
Andrew Dolgov 70adfd4a74 * sanitize: never rewrite relative links to our own prefix
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch
of places
2021-03-02 08:16:41 +03:00
Andrew Dolgov 6f835ded78 remove (unused) prefs/toggleAdvanced 2021-03-02 08:10:06 +03:00
Andrew Dolgov f56a4eab17 use orm for app password stuff 2021-03-02 08:08:48 +03:00
Andrew Dolgov 372e8e062c Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2021-03-02 07:35:31 +03:00
Andrew Dolgov 51ed72efab use dash instead of space when invoking git to get version 2021-03-02 07:35:20 +03:00
wn_ 03400bd8d4 Get the version as an array in RPC->checkforupdates. 2021-03-02 03:14:21 +00:00
Andrew Dolgov 031ee47a3e don't try to pass string literal NOW() to ORM as a timestamp 2021-03-01 23:07:20 +03:00
Andrew Dolgov b150e46a52 revert back load_filters-related changes 2021-03-01 22:25:41 +03:00
Andrew Dolgov cd962dfa00 delete Article getScore (seems to be unused) 2021-03-01 20:32:44 +03:00
Andrew Dolgov 56f658711f use orm for a bunch of short feed/cat queries 2021-03-01 20:25:53 +03:00
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 2021-03-01 19:32:27 +03:00
Andrew Dolgov 127a868e40 userhelper: use orm for some things 2021-03-01 19:03:21 +03:00
Andrew Dolgov f38be747d1 initial for idiorm 2021-03-01 18:36:47 +03:00
Andrew Dolgov f96abd2b52 generate_syndicated_feed: timestamp is a strtotime() expression, not an integer 2021-03-01 16:16:50 +03:00
Andrew Dolgov 6359259dbb simplify internal authentication code and bump default algo to SSHA-512 2021-03-01 15:24:18 +03:00
Andrew Dolgov 320503dd39 move version-related stuff to Config; fix conditional feed requests 2021-03-01 13:43:37 +03:00
Andrew Dolgov 20a844085f hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null) 2021-03-01 12:11:42 +03:00