Andrew Dolgov
b6e1a5c91a
fix several warnings reported by phpstan
2021-02-06 17:19:07 +03:00
Andrew Dolgov
6e774a58fe
more php8 fixes mostly related to login
2021-02-06 00:12:15 +03:00
Andrew Dolgov
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
Andrew Dolgov
da0ad82c24
Archive cleanup:
...
- remove code to manually archive/unarchive articles
- remove ttrss_archived_feeds/orig_feed_id handling - the whole thing was implemented for
this data to be kept indefinitely; it doesn't make a lot of sense to deal with this stuff
now that it is expired after one month anyway (same reasons as feed browser being removed - privacy)
- remove "originally from"-related stuff because of the above
- also remove unused remaining frontend/backend code related to feed browser (rip)
2021-01-17 14:55:11 +03:00
Andrew Dolgov
3b17c45887
exclude E_USER_NOTICE from recent events icon
2020-09-29 10:03:11 +03:00
Andrew Dolgov
215f388992
move timestamp-related stuff to a separate class
2020-09-23 13:04:26 +03:00
Andrew Dolgov
05744bb474
fix updater never scheduling feeds for update if they never been updated before while having default update interval set
2020-09-22 20:33:51 +03:00
Andrew Dolgov
6811d0bde2
use self:: in some places to invoke static methods from the same class
2020-09-22 14:54:15 +03:00
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
Andrew Dolgov
05ef9aac2f
update URL pointing to version.json
2020-09-19 07:33:59 +03:00
Andrew Dolgov
afa0023c51
don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update
2020-09-17 15:40:50 +03:00
Andrew Dolgov
7e50c6c4b5
- enable CSRF support earlier
...
- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15 15:32:17 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
fdb1fc7608
get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching
2019-12-20 18:17:05 +03:00
Andrew Dolgov
f30287be65
versioning changes
...
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
2019-12-05 13:23:54 +03:00
Andrew Dolgov
3e4701116d
af_readability: add missing file
2019-08-16 15:29:24 +03:00
Andrew Dolgov
4edfb526e1
change version.json endpoint URL
2019-08-01 11:51:27 +03:00
Andrew Dolgov
3bd3324e5a
update: add option to send digests
2019-03-21 07:44:39 +03:00
Andrew Dolgov
0b74db5ad7
remove feedbrowser (other feeds)
2019-03-06 20:02:06 +03:00
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
2019-03-06 19:06:05 +03:00
Andrew Dolgov
0517b88cce
rpc, catchupfeed: return counters immediately so that frontend can figure out next unread feed correctly
2019-01-03 10:47:41 +03:00
Andrew Dolgov
5c481fb249
rpc/checkforupdates: restrict to administrative access level
2018-12-16 19:08:41 +03:00
Andrew Dolgov
957c44d177
rework git update checking to be initiated by frontend, outside of runtime info output
2018-12-16 19:05:37 +03:00
Andrew Dolgov
b66deb3240
rpc/getAllCounters: return seq
2018-12-15 13:17:51 +03:00
Andrew Dolgov
d53cdaf815
requestCounters: remove cooldown
2018-12-12 20:06:44 +03:00
Andrew Dolgov
19e24b4fe2
force cast profile id to integer when assigning to session variable
2018-12-06 07:08:54 +03:00
Colin Vidal
c217de557f
rpc: addfeed: gets login and pass only if need_auth is checked.
...
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
2018-01-14 20:55:39 +01:00
Andrew Dolgov
92175a8371
setpref: remove nl2br()
2017-12-04 08:27:25 +03:00
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
2017-12-03 23:35:38 +03:00
Andrew Dolgov
731ecac530
completeLabels: use prepare() not query()
2017-12-03 09:06:43 +03:00
Andrew Dolgov
b5bf9a0ff3
remove long forgotten stuff related to feed debugging actionbar
2017-12-02 15:12:39 +03:00
Andrew Dolgov
7039370368
pref-prefs: PDO
2017-12-02 12:01:56 +03:00
Andrew Dolgov
fbe7cb0a48
rpc: switch to PDO
2017-12-01 23:49:14 +03:00
Andrew Dolgov
5b6ea1ef91
remove pubsubhubbub: dead
2017-05-16 10:41:20 +03:00
Andrew Dolgov
e6c886bf66
wrap rssfuncs into rssutils class
2017-05-05 18:10:07 +03:00
Andrew Dolgov
65af3b2cbb
move counter stuff to a separate class
2017-05-05 11:54:31 +03:00
Andrew Dolgov
aeb1abedb2
move a bunch of functions into Feeds/Article namespaces
...
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+ static function getLastArticleId() {
+ static function queryFeedHeadlines($params) {
+ static function getParentCategories($cat, $owner_uid) {
+ static function getChildCategories($cat, $owner_uid) {
move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
2017-05-04 15:13:02 +03:00
Andrew Dolgov
a230bf88a9
move to Article:
...
+ static function purge_orphans($do_output = false) {
move to Feeds
+ static function getGlobalUnread($user_id = false) {
+ static function getCategoryTitle($cat_id) {
+ static function getLabelUnread($label_id, $owner_uid = false) {
2017-05-04 15:00:21 +03:00
Andrew Dolgov
86a8351ca2
move the following to Feeds:
...
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+ static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+ static function subscribe_to_feed($url, $cat_id = 0,
+ static function getFeedIcon($id) {
+ static function getFeedTitle($id, $cat = false) {
+ static function getCategoryUnread($cat, $owner_uid = false) {
+ static function getCategoryChildrenUnread($cat, $owner_uid = false) {
2017-05-04 14:50:56 +03:00
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov
337535416f
filter by search results while marking feed as read
2017-03-31 11:21:35 +03:00
Andrew Dolgov
270c0a00e5
improve JS error logging with additional stuff
2017-03-05 10:50:15 +03:00
Andrew Dolgov
cb3f877303
reference pubsubhubbub classes using their namespace
2017-01-23 08:20:46 +03:00
Andrew Dolgov
cfc2fe50cb
fix sql error when subscribing to a feed using feed archive
2016-07-05 11:48:36 +03:00
Andrew Dolgov
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
2016-03-30 13:32:49 +03:00
Andrew Dolgov
71b75bb7fa
fix multiple issues with archived feeds
2016-01-26 19:03:05 +03:00
Andrew Dolgov
9b736a20b3
do not automatically call cleanup_tags() in housekeeping tasks
2016-01-04 10:42:24 +03:00
Andrew Dolgov
86d07d367c
rpc, setpref: properly save settings to active profile
2015-09-26 17:31:53 +03:00
Anders Kaseorg
0e653f751e
Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
...
The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb2
turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data. This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2015-05-21 23:53:58 -04:00