6811d0bde2
use self:: in some places to invoke static methods from the same class
2020-09-22 14:54:15 +03:00
b5710baf34
- don't fail on non-ascii characters when validating URLs
...
- fix IDN hostnames not being converted properly
2020-09-22 14:37:45 +03:00
ab6aa0ad3e
fix previous re: resolve_redirects
2020-09-22 09:18:24 +03:00
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
3dd4169b5f
clarify some URL validation-related error messages
2020-09-21 20:35:24 +03:00
4785f21316
update_rss_feed: log effective URL after fetching
...
validate_url: treat scheme as case-insensitive
2020-09-21 20:26:57 +03:00
05ef9aac2f
update URL pointing to version.json
2020-09-19 07:33:59 +03:00
03a337a660
add basic safe mode which doesn't load any user plugins
2020-09-18 15:48:22 +03:00
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
2020-09-17 19:02:27 +03:00
afa0023c51
don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update
2020-09-17 15:40:50 +03:00
37f41a5246
forgotpass: use type strict comparison for reset token
2020-09-17 11:49:27 +03:00
e3adacc588
fix several cases of Db class being invoked as wrong name (as DB)
2020-09-17 09:18:03 +03:00
89d53a7f49
fix typo in previous
2020-09-17 08:45:17 +03:00
1f79d614c4
fix OTP QR code not displayed because of CSRF token passed as a query
...
parameter
use type-strict comparison when validating CSRF token on the backend
2020-09-17 08:43:39 +03:00
9d3c794983
subscribe: allow pre-filling feed URL if passed via query string
2020-09-16 17:20:31 +03:00
33fdde249e
pass CSRF token to opml import and feed icon replace dialogs
2020-09-16 06:43:55 +03:00
42b5564d1e
editarticletags: load dialog via XHR
2020-09-15 18:47:19 +03:00
0706a328a4
handler: default base csrf_ignore() to false
2020-09-15 18:16:33 +03:00
0a142912d3
backend handler: require CSRF, remove obsolete code
2020-09-15 18:08:08 +03:00
154417d80b
public/logout: require valid CSRF token
2020-09-15 16:59:11 +03:00
cbcb10a272
Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection
2020-09-15 16:28:09 +03:00
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
e670ac2ee5
require CSRF token for Article/redirect
2020-09-15 15:35:50 +03:00
7e50c6c4b5
- enable CSRF support earlier
...
- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15 15:32:17 +03:00
79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
4a074111b5
user preferences: forbid < and > characters when changing passwords (were silently stripped on save because of clean())
2020-09-14 20:53:00 +03:00
da98ba662e
public/subscribe: require valid CSRF token when validating the form
2020-09-14 20:21:22 +03:00
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
a922b3cc6d
order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting
2020-09-11 07:48:22 +03:00
67f02e2aa7
properly return counters for labels with zero assigned articles
...
refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766
2020-08-29 08:41:52 +03:00
88ced02622
Silence php 7.2 error message generated in `session_set_cookie_params`.
2020-08-14 10:47:46 -05:00
ddf9227dc4
pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc
2020-08-13 12:23:27 +03:00
dfa65e9374
move order_by to SQL override logic into a separate function
2020-08-13 11:52:32 +03:00
48be005774
instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-08-11 13:29:09 +03:00
05a47e5cf4
OPML: export/import per-feed purge interval
2020-08-10 11:57:39 +03:00
c4ee0e25a1
more int/string type mismatches on getCategories
2020-08-01 16:30:10 +02:00
3da618e0ea
make sure all ints are casted (to int) on getCategories
2020-07-31 16:15:16 +02:00
68b78ecd3d
Merge branch 'bugfix/invalid-opml' of wn/tt-rss into master
2020-07-01 14:48:02 +00:00
b6372a846d
when exporting OPML via web UI, add user login to the filename
2020-07-01 10:02:24 +03:00
fa653f5a43
prefs: show disabled filters properly on mysql
2020-07-01 09:49:53 +03:00
2996a3942f
prefs: show root of filter tree as enabled so it's not grayed out
2020-07-01 09:48:27 +03:00
614d3ac1bf
Properly check if OPML file was loaded during import.
2020-06-27 15:06:08 -05:00
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
6eb94f1e13
better support for image srcset attributes as discussed in https://community.tt-rss.org/t/problem-with-img-srcset/3519
2020-06-15 11:58:59 +03:00
d01ad09800
eslint-related fixes; move a few things from global context to App
2020-06-05 07:44:57 +03:00
c8cc845d5b
when removing favicon, reset its auto-refresh timer
2020-05-22 15:06:52 +03:00
06d2c65193
calculate_article_hash: don't die() on previous, woops
2020-05-17 17:44:32 +03:00
3a142cbf58
calculate_article_hash: ignore some useless or read-only fields (i.e. GUID) when calculating hash
2020-05-17 17:42:37 +03:00
cd1f3cb8cc
* store UID in article hashed GUID separately so it could be migrated cleanly to a different instance
...
* store resulting GUID as a JSON object so it could be extended easier if needed
2020-05-17 14:01:16 +03:00
7a2e9bef77
add --opml-export to update.php
2020-05-13 12:07:31 +03:00
c275a0cd33
DiskCache: append fake file extension when sending cached files based on mime type to make saving files easier
2020-05-12 13:28:54 +03:00
3a4b9249a9
DiskCache: properly deal with srcset attributes
2020-04-29 19:29:36 +03:00
4a00f96733
remove unneeded var_dump()
2020-04-29 11:35:02 +03:00
6573541873
* add HOOK_ENCLOSURE_IMPORTED
...
* pass feed id to HOOK_FEED_PARSED
2020-04-29 11:33:39 +03:00
44b1f0fcc0
search: add support for label:XXX search keyword
...
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-04-04 14:34:08 +03:00
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
ec1b0befc7
add support for video[@src] in media cache
...
it's a valid alternative to a source[@src] child element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/video
2020-03-12 11:08:39 +01:00
cdde23b4dc
actually download <video> posters to media cache
...
video[@poster] is already supported in the rewriting logic but never
actually downloaded
2020-03-12 11:08:33 +01:00
b4287a2e98
fix url rewriting for videos with poster and src
...
if a poster attribute was present only that would have been rewritten
and the (arguably more important) src attribute would be left as-is
2020-03-12 11:08:24 +01:00
208e02c47d
PluginHost/save_data: use separate PDO connection to prevent issues with nested transactions
2020-03-10 08:14:00 +03:00
bcbc5ccc78
batchSubscribe: use validationtextarea
2020-02-28 14:03:29 +03:00
f24ece85a6
add validationtextarea control, use it for filter match editor
2020-02-28 13:53:45 +03:00
8645f36c5b
filter test dialog: pass contents via xhr POST
2020-02-28 12:16:54 +03:00
bdb1e475e7
external subscribe dialog: support dark theme
2020-02-27 13:40:32 +03:00
b2876f6c72
share anything dialog: support dark theme
2020-02-27 13:38:24 +03:00
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
5f30061c92
properly calculate marked counters for feeds in nested categories
2020-02-20 15:54:40 +03:00
60288f02e8
1. feedtree: show counters for marked articles if view-mode == marked
...
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
2020-02-20 14:14:45 +03:00
5b6d9cee29
prefs layout fixes:
...
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
2020-02-18 11:51:04 +03:00
47135160d1
getCategoryCounters: properly handle categories which don't have any stored feeds/articles
2020-01-27 15:45:04 +03:00
88d4324e32
mark primary button in the default password dialog
2020-01-25 13:08:29 +03:00
776fe4768b
default password warning: fix close button, don't crash if dialog is recreated (on feed tree reload etc)
2020-01-25 13:02:11 +03:00
0e9e1ad112
getCategoryUnread: return correct unread count for labels category
2020-01-25 12:53:10 +03:00
cdd2b6fd22
getCategoryChildrenUnread: fix typo
2020-01-25 10:00:22 +03:00
a6ced36189
getCategoryCounters: properly calculate counters for child subcategory entries
...
getCategoryUnread: cleanup
2020-01-25 09:57:28 +03:00
a64b8a7fdb
getCategoryUnread: don't return unread counters for Special category because it doesn't make a lot of sense to do so
2020-01-24 15:54:01 +03:00
2f6741e49a
getFeedCounters: pass parameter correctly to PDO
2020-01-24 14:27:24 +03:00
6080cca9ca
scrap counter cache system; rework counters to sum() booleans instead
2020-01-24 14:25:31 +03:00
3b29e865b0
support night mode in feed debugger
2020-01-19 10:56:49 +03:00
aa56bcaf44
support night mode when using share by URL
2020-01-19 10:51:08 +03:00
f47998f569
generate_syndicated_feed: use local media in generated feeds if it is available
2020-01-13 17:02:14 +03:00
b1c5ebdace
API/getVersion: don't try to use removed VERSION constant
2020-01-05 09:42:57 +03:00
fdb1fc7608
get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching
2019-12-20 18:17:05 +03:00
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
2019-12-18 14:27:40 +03:00
df464e3d0d
update app password notice
2019-12-17 14:58:31 +03:00
9c0235ab66
show current unread counter on headlines toolbar if sidebar is hidden
2019-12-12 07:37:28 +03:00
76dd74e0d9
add a hidden tweakable which forbids changing passwords
2019-12-06 17:45:22 +03:00
ac95ab4a65
user css dialog: allow saving and applying CSS without closing the dialog
2019-12-06 14:02:30 +03:00
565547f5a1
php 7.4 deprecation-related fixes
2019-12-06 07:27:22 +03:00
f30287be65
versioning changes
...
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
2019-12-05 13:23:54 +03:00
d15f0349bf
remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED)
2019-11-27 11:52:51 +03:00
e5b7b145e5
cache media: set referrer to source URL when fetching images
2019-11-25 09:48:24 +03:00
304d3a0b88
tag-related fixes
...
1. move tag sanitization to feedparser common item class
2. enforce length limit on tags when parsing
3. support multiple tags passed via one dc:subject and other such elements, parse them as a comma-separated list
4. sort resulting tag list to prevent different order between feed updates
5. remove some duplicate code related to tag validation
6. allow + symbol in tags
2019-11-20 18:56:34 +03:00
8c3efd51ec
reset domain hit quota on feed update start
2019-11-17 13:17:21 +03:00
63ce7ea705
add a plugin page warning for plugins using HOOK_FEED_FETCHED, etc
2019-11-14 07:01:45 +03:00
0d7b10469b
update_rss_feed: add specific logging for HOOK_FETCH_FEED, HOOK_FEED_FETCHED, HOOK_FEED_PARSED handlers
2019-11-14 06:39:45 +03:00
5bb8dad631
is_gzipped: don't try to strpos() over entire buffer
2019-11-12 07:11:10 +03:00
f75fb6bd75
Merge branch 'master' of git.fakecake.org:tt-rss
2019-11-01 15:40:15 +03:00
266a805bfe
line endings + remove : from headings
2019-11-01 15:40:08 +03:00
05dffcff6f
OTP stuff: update notice wording a bit
2019-11-01 15:27:24 +03:00
812a6c9f16
auth_internal: fix indents
2019-11-01 15:25:40 +03:00
249130e58d
implement app password checking / management UI
2019-11-01 15:03:57 +03:00
68b0380118
add placeholder authentication via app passwords if service is passed
...
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
88cd9e586e
add placeholder UI plumbing for app passwords
2019-11-01 12:23:11 +03:00
904ecc31e2
allow using OTP without GD
2019-11-01 10:32:58 +03:00
647c7c45eb
allow article filters to modify num_comments
2019-10-25 14:37:00 +03:00
2820f41a4b
add notification for OTP being disabled
2019-10-09 09:10:43 +03:00
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
8fd11fd53a
Add const HOOK_FEED_TREE
2019-10-07 13:46:31 +00:00
a243979aaf
Add const HOOK_FEED_TREE
2019-10-07 13:44:57 +00:00
4e05008aac
update_rss_feed: force cast initial timestamp value to integer
2019-09-30 11:41:07 +03:00
958c4dc124
Removed extra php end tag that was showing in the page title
2019-09-17 09:11:30 -05:00
b0d67cd3d0
rework previous to pass unformatted timestamp to plugin, and deal with formatting later
...
also, move timestamp-related debugging output after plugin handler
2019-09-11 14:04:59 +03:00
94a12b9674
pass formatted entry timestamp to article filters and allow them to modify it
2019-09-11 11:43:40 +03:00
06393750c7
headline grouping:
...
1. block grouping for specific feeds where it doesn't make a lot of sense to do so or flat list fits better (archived, recently read)
2. block per-week grouping for feeds where feed-first grouping makes more sense (fresh, starred, published)
2019-08-30 10:16:38 +03:00
12a542977e
makefeedtree: properly calculate feed total amount in no-categories mode
2019-08-21 19:32:27 +03:00
667836ec7c
SQL logger: log some parameters
2019-08-20 08:09:05 +03:00
3e4701116d
af_readability: add missing file
2019-08-16 15:29:24 +03:00
865c54abcb
fix get_method_url() to use correct method parameter
2019-08-15 20:27:21 +03:00
10c63ed582
pluginhost: add helper methods to get private/public pluginmethod endpoint URLs
2019-08-15 20:23:45 +03:00
e46ed1ff97
API/getHeadlines: fix order of returned feeds to be consistent with main UI
2019-08-15 19:06:38 +03:00
0e3b71c535
public/pluginhandler: log invalid requests
2019-08-15 17:17:25 +03:00
7f8946f14e
pluginhost: implement priority-based system for running hooks
2019-08-15 15:34:09 +03:00
5648b836aa
HOOK_ARTICLE_IMAGE: allow hooks to modify article content
2019-08-15 10:22:33 +03:00
75ab1f05f9
DiskCache::rewriteUrls() - remove img[@srcset]
2019-08-15 09:30:28 +03:00
9d852e052c
add HOOK_ARTICLE_IMAGE for Article::get_article_image()
2019-08-15 09:04:42 +03:00
ffb842f752
Article::get_article_image() - provide cached URLs if possible
2019-08-14 17:21:07 +03:00
150b040dad
Article::get_article_image() - set default to "" instead of "false"
2019-08-14 17:07:01 +03:00
d4df57e1a4
Article::get_article_image() - also return stream URI if possible
2019-08-14 17:04:14 +03:00
68e2b05f65
* move get_article_image to Article; implement better og:image detection (similar to android app)
...
* pass article image to API clients in headlines row object
2019-08-14 16:55:38 +03:00
c34726b2b2
consistency: use DiskCache->exists() to check for present files
2019-08-14 12:52:41 +03:00
6914ad1f74
retire MIN_CACHE_FILE_SIZE
2019-08-14 12:44:50 +03:00
84974c60a7
RSSUtils::cache_media, cache_enclosures: use DiskCache
2019-08-14 12:15:56 +03:00
39f459eb04
public/cached_url: forbid sending files with extensions
2019-08-14 10:45:46 +03:00
3c075bfd21
DiskCache: more strict checking for input filenames, getUrl() is no longer static
2019-08-14 09:49:18 +03:00
fdb6066bf6
* HOOK_ENCLOSURE_ENTRY: pass article_id to handler
...
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13 16:40:21 +03:00
bed695b127
DiskCache::expire: support .no-auto-expiry to prevent automatic cache maintenance
2019-08-13 14:18:14 +03:00
19b9b27662
expire_cached_files to DiskCache::expire()
2019-08-13 14:13:42 +03:00
133c2b482b
move rewrite_cached_urls to DiskCache::rewriteUrls()
2019-08-13 12:46:57 +03:00
b1dd38f880
add DiskCache.getUrl() and use it in a bunch of places
2019-08-13 12:39:21 +03:00
7602819b98
add DiskCache.send; switch af_zz_imgproxy to use DiskCache
2019-08-13 12:20:53 +03:00
82694bd6ce
add DiskCache.isWritable
2019-08-13 12:15:43 +03:00
86308b30ea
add classes/diskcache
2019-08-13 12:04:36 +03:00
6825aaff55
update SSL certificate wiki link
2019-08-02 08:03:20 +03:00
aa40a268f0
parser: support multiple dc:creator elements (returns as comma-separated list)
2019-08-02 06:22:42 +03:00
4edfb526e1
change version.json endpoint URL
2019-08-01 11:51:27 +03:00
e8523733b0
filter dialog: add inline regexp checker
2019-07-12 12:40:42 +03:00
86a014f23b
add placeholder Filters.filterDlgCheckRegExp
2019-07-12 10:47:18 +03:00
ea30061cce
public: fix share() returning random unshared articles if uuid is not given
2019-07-05 16:02:51 +03:00
088fcf8131
move more globals to more appropriate places
...
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov
Rodney Stromlund
Paco Esteban
fox
wn_
lllusion3418
jc