Andrew Dolgov
8a34084df1
auth_remote: rewrite header checking to be more readable
2021-01-05 10:37:30 +03:00
Andrew Dolgov
8764662138
af_redditimgur: also blacklist in-content links
2021-01-03 10:55:57 +03:00
Tony
564a24fd78
Add support for HTTP_REMOTE_USER variable for user authentication
2020-12-21 16:56:39 +00:00
Andrew Dolgov
9e62513095
af_redditimgur: also rewrite in the API handler
2020-12-20 13:12:50 +03:00
Andrew Dolgov
f25ea5355c
af_redditimgur: add option to rewrite reddit URLs to teddit.net
2020-12-20 11:28:48 +03:00
Andrew Dolgov
50d089ae59
redditimgur: blacklist github because it usually resolves to a huge profile photo of someone
2020-12-18 08:12:31 +03:00
wn
6f31372b37
Address param order deprecation warning for 'af_redditimgur'.
2020-12-12 10:28:45 -06:00
Andrew Dolgov
65254f5db4
- move sphinx plugin to a separate repo
...
- regenerate config checks without sphinx-related variables
2020-12-11 09:48:34 +03:00
Andrew Dolgov
43bd3394c3
shorten_expanded: remove loading=lazy from images if enabled
2020-12-11 09:22:30 +03:00
Andrew Dolgov
8479421da4
af_readability: allow appending to original summary instead of always
...
replacing it, some minor code cleanup
2020-11-26 13:39:47 +03:00
JustAMacUser
65b3926ae5
Ensure proxy_all setting is saved in database.
2020-10-11 01:31:30 -04:00
Andrew Dolgov
38a7a1da88
hide uninteresting errors in several DOMDocument->loadHTML() invocations
2020-10-01 13:20:07 +03:00
Andrew Dolgov
215f388992
move timestamp-related stuff to a separate class
2020-09-23 13:04:26 +03:00
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
Andrew Dolgov
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
2020-09-17 19:02:27 +03:00
Andrew Dolgov
d8619b9a84
auth_internal: cast OTP code to integer before trying to check it
2020-09-17 16:50:34 +03:00
Andrew Dolgov
a817d3794d
* use get_random_bytes() for CSRF token
...
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
Andrew Dolgov
0757ad0406
auth_internal: use type-strict comparison when checking OTP code
2020-09-17 08:46:57 +03:00
Andrew Dolgov
91e1542a82
af_proxy_http: require separate token to access imgproxy
2020-09-15 10:59:57 +03:00
Andrew Dolgov
79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
Andrew Dolgov
0758397dd8
af_redditimgur: don't add embedded blank gif image for rewritten videos
2020-09-15 06:55:22 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
Nathan Warner
f8d96543de
Created hotkeys_force_top plugin
...
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
Andrew Dolgov
9ae9302b6b
implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7
2020-05-17 08:25:51 +03:00
Andrew Dolgov
5e77d0062b
use intersection observer to unpack visible articles, remove Headlines.unpackVisible()
2020-05-13 07:28:13 +03:00
Andrew Dolgov
a802649d53
rename cdmScrollToId to cdmMoveToId
...
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
Andrew Dolgov
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
Andrew Dolgov
4e74da590e
af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding
2020-02-28 08:03:25 +03:00
Andrew Dolgov
96fa6e3002
af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters
2020-02-27 12:15:56 +03:00
Andrew Dolgov
ba7f7e72db
af_comics: mention that Far Side needs cached media
2020-02-27 11:44:18 +03:00
Andrew Dolgov
61168847ac
af_comics: escape all template urls
2020-02-27 10:25:00 +03:00
Andrew Dolgov
3b62150abd
use canonical fetch url for Far Side
2020-02-27 10:24:12 +03:00
Andrew Dolgov
db8a1f76c7
remove unnecessary debugging from previous
2020-02-27 10:20:16 +03:00
Andrew Dolgov
9b4053b1ea
af_comics: add experimental support for The Far Side
2020-02-27 10:19:09 +03:00
Andrew Dolgov
b159bbe55d
af_readability: sanitize content requested for embedding
2020-02-27 08:28:54 +03:00
Andrew Dolgov
3b635c7557
fix plugins/note javascript part broken by previous changeset
2020-02-27 07:59:57 +03:00
Andrew Dolgov
71ff485fbf
af_readability: add article button to embed content of a specific article
2020-02-27 07:57:22 +03:00
Andrew Dolgov
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
koffieanon
3a3c74dfa4
Also match images with query string (size, tokens, etc).
2020-01-04 17:22:58 +01:00
koffieanon
e89dd83f05
Spaces to tabs for consistency.
2020-01-04 17:21:05 +01:00
koffieanon
297a89c2d2
Fix bug processing found due to operator precedence.
2020-01-04 17:20:33 +01:00
Andrew Dolgov
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
2019-12-18 14:27:40 +03:00
Andrew Dolgov
219840341c
Af_Youtube_Embed: whitelist youtube iframes if enabled
2019-11-27 22:46:43 +03:00
Andrew Dolgov
ffa3f9309f
af_comics: support buni webtoon episodes
2019-11-18 19:00:08 +03:00
Andrew Dolgov
f6090655bf
2fa: check TOTP based on previous secret values (oops of the year, 2019)
2019-11-03 20:47:21 +03:00
Andrew Dolgov
812a6c9f16
auth_internal: fix indents
2019-11-01 15:25:40 +03:00
Andrew Dolgov
249130e58d
implement app password checking / management UI
2019-11-01 15:03:57 +03:00
Andrew Dolgov
68b0380118
add placeholder authentication via app passwords if service is passed
...
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov
178bcd4349
auth_internal: fix OTP seed checking
2019-11-01 10:34:31 +03:00
Andrew Dolgov
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
JustAMacUser
8459238f6c
af_comics: Use a fixed time of day when generating fake feed for GoComics. Without this the timestamp is always updated to be the time the feed is fetched, which causes the comics to keep moving to the top/bottom of the article list depending on the sort order. (Using 11:00 a.m. UTC as that should keep the date the same across the majority of time zones.)
...
Try to get the actual title for GoComics comics.
Also a little code clean up.
2019-10-06 16:19:21 -04:00
Aleksandr Beliaev
7a4d5cc724
Fix error "mb_convert_encoding(): Illegal character encoding specified"
...
modified: plugins/af_readability/init.php
2019-09-13 09:52:40 +12:00
Andrew Dolgov
e887d68f21
af_readability: require php 7.0
2019-08-21 10:05:25 +03:00
Andrew Dolgov
3e4701116d
af_readability: add missing file
2019-08-16 15:29:24 +03:00
Andrew Dolgov
10c63ed582
pluginhost: add helper methods to get private/public pluginmethod endpoint URLs
2019-08-15 20:23:45 +03:00
Andrew Dolgov
bdf29856fb
fix several leftover mentions of old (renamed) class name, duh
2019-08-15 17:12:59 +03:00
Andrew Dolgov
de5669f723
af_zz_imgproxy: rename to af_proxy_http, use priority hook loader
2019-08-15 16:27:53 +03:00
Andrew Dolgov
c34726b2b2
consistency: use DiskCache->exists() to check for present files
2019-08-14 12:52:41 +03:00
Andrew Dolgov
6914ad1f74
retire MIN_CACHE_FILE_SIZE
2019-08-14 12:44:50 +03:00
Andrew Dolgov
d2f1cbfcb1
af_zz_imgproxy: redirect to cached_url (3!!)
2019-08-14 10:10:27 +03:00
Andrew Dolgov
c6ae5fbda1
af_zz_imgproxy: redirect to cached_url if cache already exists so that urls are a bit shorter (2)
2019-08-14 10:01:05 +03:00
Andrew Dolgov
e7edaca4db
af_zz_imgproxy: redirect to cached_url if cache already exists so that urls are a bit shorter
2019-08-14 09:58:40 +03:00
Andrew Dolgov
3c075bfd21
DiskCache: more strict checking for input filenames, getUrl() is no longer static
2019-08-14 09:49:18 +03:00
Andrew Dolgov
fdb6066bf6
* HOOK_ENCLOSURE_ENTRY: pass article_id to handler
...
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13 16:40:21 +03:00
Andrew Dolgov
7602819b98
add DiskCache.send; switch af_zz_imgproxy to use DiskCache
2019-08-13 12:20:53 +03:00
Andrew Dolgov
a60297b920
remove import_export plugin (replaced with ttrss-data-migration)
2019-08-06 09:54:12 +03:00
Andrew Dolgov
088fcf8131
move more globals to more appropriate places
...
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov
967cccb7c5
af_readability: relax non-unicode hack to apply to HTML4 meta element markup
2019-06-06 15:18:47 +03:00
Andrew Dolgov
ae376bdfbf
search_sphinx: convert contructor of the sphinx API library
2019-05-01 09:33:52 +03:00
Andrew Dolgov
fda475bd93
af_readability: fix HOOK_GET_FULL_TEXT not being installed because plugin init() is called before load_data()
2019-05-01 08:12:47 +03:00
Andrew Dolgov
adc2a51695
update plugin readability-related option names
2019-04-17 08:53:33 +03:00
Andrew Dolgov
d0a9aeaf80
move readability library to af_readability/vendor out of global vendor directory
...
af_redditimgur: use HOOK_GET_FULL_TEXT instead of invoking readability directly
2019-04-17 08:51:17 +03:00
Andrew Dolgov
6955b2e02d
plugins: add HOOK_GET_FULL_TEXT which may be used to provide full text extraction to core code and other plugins, instead of trying to invoke af_readability specifically
2019-04-17 08:32:35 +03:00
Andrew Dolgov
c7ad4ad2d4
import_export: use default ts_lang if user one is unset
2019-04-11 13:38:47 +03:00
Andrew Dolgov
d32e191ad7
import_export: set tsvector_combined using DEFAULT_SEARCH_LANGUAGE on import
2019-04-10 13:18:23 +03:00
Andrew Dolgov
d7282ec292
import_export: prevent form closing before doing anything; update markup
2019-04-09 07:05:33 +03:00
Andrew Dolgov
671f4cee65
domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense)
...
af_readability: better (?) charset hack for non-unicode pages
2019-03-21 21:08:02 +03:00
Andrew Dolgov
01b2f0a24f
support "picture" tags in articles
2019-03-19 07:18:48 +03:00
Michael Kuhn
bbb8a2e873
Fix missed hotkeys in googlereaderkeys plugin
2019-03-17 17:39:20 +01:00
Rodney Stromlund
7daf009a7f
Add set_basic_feed_info hook to af_comics to fix GoComics title and url.
2019-03-12 12:16:24 -05:00
Michael Kuhn
e74f7bde22
Refactor hotkeys to use keypress instead of keydown
...
keydown returns the "raw" key in event.which. Depending on the keyboard
layout, this may not be what is wanted. For example, on a German
keyboard, Shift+7 has to be pressed to get a slash. However, event.which
will be 55, which corresponds to "7". In the keypress event, however,
event.which will be 47, which corresponds to "/".
Sadly, several important keys (such as escape and the arrow keys) do not
trigger a keypress event. Therefore, they have to be handled using a
keydown event.
This change refactors the hotkey support to make use of keypress events
whenever possible. This will make hotkeys work regardless of the user's
keyboard layout. Escape and arrow keys are still handled via keydown
events.
There should be only one change in behavior: I could not make Ctrl+/
work and therefore rebound the help dialog to "?".
2019-03-11 12:01:27 +01:00
Andrew Dolgov
19f162dbe3
css: insensitive -> text-muted
2019-03-08 10:11:57 +03:00
Andrew Dolgov
684a1368e9
toggle_sidebar: switch icon on click
2019-03-06 12:52:09 +03:00
Andrew Dolgov
2b54413599
af_redditimgur: update prefs markup
2019-03-05 19:45:48 +03:00
Andrew Dolgov
fb62f2b970
toggle_sidebar: use hamburger icon
2019-03-04 21:55:35 +03:00
Andrew Dolgov
cee76f4d49
bookmarklets: add more info link
2019-02-26 08:15:58 +03:00
Andrew Dolgov
cbd119c7a3
pref-prefs: fix markup
2019-02-25 19:11:17 +03:00
Andrew Dolgov
54c1b5c611
fill in some missing doctypes; use short doctype where it wasn't
2019-02-23 13:49:40 +03:00
Andrew Dolgov
abfd552962
plugins: update markup
2019-02-22 12:48:02 +03:00
Andrew Dolgov
335147e572
dialogs: use semantic markup instead of dlgsec stuff
...
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
Andrew Dolgov
55b032a6bd
plugins/share: update layout
2019-02-22 06:35:14 +03:00
Andrew Dolgov
4e253add8c
UI: add some more info links to relevant wiki pages; minor layout updates
2019-02-21 16:21:16 +03:00
Andrew Dolgov
fd8f8c7b3e
af_readability: construct readability object inside try-catch block
2019-02-21 06:52:15 +03:00
Andrew Dolgov
1a8770f8f4
add plugins/hotkeys_noscroll
2019-02-20 15:32:53 +03:00
Andrew Dolgov
4d9141d762
simplify dlgSec-related markup
2019-02-20 14:37:59 +03:00
Andrew Dolgov
3b057d5f02
OTP: css fixes
2019-02-19 20:17:13 +03:00
Andrew Dolgov
1d2da64572
af_redditimgur: apparently imgur has link rel='image_src' now, let's use it
2019-02-06 16:24:31 +03:00
Andrew Dolgov
a5517fe857
fetch_file_contents: decompress gzipped data
...
af_readability: remove utf8 preamble hack
2018-12-21 17:50:16 +03:00
Andrew Dolgov
0efb6e1bc2
remove pub_set.png, replace usages with iconfont
2018-12-14 17:30:41 +03:00