Andrew Dolgov
d1328321be
move published OPML endpoint to public.php
2021-02-21 15:16:39 +03:00
Andrew Dolgov
94560132dd
for the most part, deal with filter rules UI
2021-02-21 09:35:07 +03:00
Andrew Dolgov
5c7416458f
rpc: disable completeLabels for now
2021-02-20 13:37:21 +03:00
wn_
ce3e1756b3
Fix an undefined array key warning in 'catchupFeed'.
2021-02-19 21:46:30 +00:00
Andrew Dolgov
660a1bbe01
* switch to xhr.post() almost everywhere
...
* call App.handlerpcjson() automatically on json request (if possible)
* show net/log indicators in prefs
2021-02-19 13:44:56 +03:00
Andrew Dolgov
1adb9bb6b6
profiles: use client dialog; move related methods to pref-prefs
2021-02-18 11:54:22 +03:00
Andrew Dolgov
e9c3118ddd
don't show E_USER_DEPRECATED on the frontpage
2021-02-17 14:14:10 +03:00
Andrew Dolgov
22fc6871e8
remove backend helper and move its only function to rpc for the time being
2021-02-16 14:51:42 +03:00
Andrew Dolgov
8e79f1717d
prefs: unify naming
2021-02-15 16:07:22 +03:00
Andrew Dolgov
5704deb460
counters: unify naming
2021-02-15 16:00:54 +03:00
Andrew Dolgov
257efb43c6
article: unify naming
2021-02-15 15:52:28 +03:00
Andrew Dolgov
020f062a76
feeds: unify naming
2021-02-15 15:43:07 +03:00
Andrew Dolgov
6b006a18e7
subscribe to feed: use client dialog
2021-02-15 15:21:41 +03:00
Andrew Dolgov
82adb01307
render enclosures on the client
2021-02-15 14:10:46 +03:00
Andrew Dolgov
eec5871f5f
fail better if requested article URL is blank
2021-02-13 10:10:44 +03:00
Andrew Dolgov
ad7842c98a
RIP tag cloud: last of the vanilla popup dialog system
2021-02-12 18:43:30 +03:00
Andrew Dolgov
848bc57f29
disable themes in safe mode; rework safe mode warning/login prompt
2021-02-11 21:19:57 +03:00
Andrew Dolgov
6c8ccd2acc
front page log checker: filter out idiotic GD warning
2021-02-08 22:15:35 +03:00
Andrew Dolgov
3b52cea811
move some old-style handlers to new callback ones
2021-02-08 16:14:48 +03:00
Andrew Dolgov
b6e1a5c91a
fix several warnings reported by phpstan
2021-02-06 17:19:07 +03:00
Andrew Dolgov
6e774a58fe
more php8 fixes mostly related to login
2021-02-06 00:12:15 +03:00
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
Andrew Dolgov
da0ad82c24
Archive cleanup:
...
- remove code to manually archive/unarchive articles
- remove ttrss_archived_feeds/orig_feed_id handling - the whole thing was implemented for
this data to be kept indefinitely; it doesn't make a lot of sense to deal with this stuff
now that it is expired after one month anyway (same reasons as feed browser being removed - privacy)
- remove "originally from"-related stuff because of the above
- also remove unused remaining frontend/backend code related to feed browser (rip)
2021-01-17 14:55:11 +03:00
Andrew Dolgov
3b17c45887
exclude E_USER_NOTICE from recent events icon
2020-09-29 10:03:11 +03:00
Andrew Dolgov
215f388992
move timestamp-related stuff to a separate class
2020-09-23 13:04:26 +03:00
Andrew Dolgov
05744bb474
fix updater never scheduling feeds for update if they never been updated before while having default update interval set
2020-09-22 20:33:51 +03:00
Andrew Dolgov
6811d0bde2
use self:: in some places to invoke static methods from the same class
2020-09-22 14:54:15 +03:00
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
Andrew Dolgov
05ef9aac2f
update URL pointing to version.json
2020-09-19 07:33:59 +03:00
Andrew Dolgov
afa0023c51
don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update
2020-09-17 15:40:50 +03:00
Andrew Dolgov
7e50c6c4b5
- enable CSRF support earlier
...
- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15 15:32:17 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
fdb1fc7608
get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching
2019-12-20 18:17:05 +03:00
Andrew Dolgov
f30287be65
versioning changes
...
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
2019-12-05 13:23:54 +03:00
Andrew Dolgov
3e4701116d
af_readability: add missing file
2019-08-16 15:29:24 +03:00
Andrew Dolgov
4edfb526e1
change version.json endpoint URL
2019-08-01 11:51:27 +03:00
Andrew Dolgov
3bd3324e5a
update: add option to send digests
2019-03-21 07:44:39 +03:00
Andrew Dolgov
0b74db5ad7
remove feedbrowser (other feeds)
2019-03-06 20:02:06 +03:00
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
2019-03-06 19:06:05 +03:00
Andrew Dolgov
0517b88cce
rpc, catchupfeed: return counters immediately so that frontend can figure out next unread feed correctly
2019-01-03 10:47:41 +03:00
Andrew Dolgov
5c481fb249
rpc/checkforupdates: restrict to administrative access level
2018-12-16 19:08:41 +03:00
Andrew Dolgov
957c44d177
rework git update checking to be initiated by frontend, outside of runtime info output
2018-12-16 19:05:37 +03:00
Andrew Dolgov
b66deb3240
rpc/getAllCounters: return seq
2018-12-15 13:17:51 +03:00
Andrew Dolgov
d53cdaf815
requestCounters: remove cooldown
2018-12-12 20:06:44 +03:00
Andrew Dolgov
19e24b4fe2
force cast profile id to integer when assigning to session variable
2018-12-06 07:08:54 +03:00
Colin Vidal
c217de557f
rpc: addfeed: gets login and pass only if need_auth is checked.
...
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
2018-01-14 20:55:39 +01:00
Andrew Dolgov
92175a8371
setpref: remove nl2br()
2017-12-04 08:27:25 +03:00
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
2017-12-03 23:35:38 +03:00
Andrew Dolgov
731ecac530
completeLabels: use prepare() not query()
2017-12-03 09:06:43 +03:00
Andrew Dolgov
b5bf9a0ff3
remove long forgotten stuff related to feed debugging actionbar
2017-12-02 15:12:39 +03:00