Commit Graph

898 Commits

Author SHA1 Message Date
Andrew Dolgov 8b1a2406e6 userhelper: use orm for a few more user-related things 2021-03-01 19:32:27 +03:00
Andrew Dolgov 2d1391a02b come to think of it, we don't need it at all 2021-03-01 15:50:41 +03:00
Andrew Dolgov dbad39d7a2 auth_internal: don't try to get otp_enabled on old schema 2021-03-01 15:49:44 +03:00
Andrew Dolgov 6359259dbb simplify internal authentication code and bump default algo to SSHA-512 2021-03-01 15:24:18 +03:00
Andrew Dolgov 320503dd39 move version-related stuff to Config; fix conditional feed requests 2021-03-01 13:43:37 +03:00
Andrew Dolgov 20a844085f hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null) 2021-03-01 12:11:42 +03:00
Andrew Dolgov 7ef72fe0dc move startup checks to Config, set a bunch of @deprecated annotations 2021-03-01 10:20:21 +03:00
Andrew Dolgov bada1601fc OTP form: simplify layout, use dojo controls 2021-02-28 14:18:23 +03:00
Andrew Dolgov afc7142250 move all $fetch globals to UrlHelper 2021-02-28 10:12:57 +03:00
Andrew Dolgov 78a7b3642f af_redditimgur: allow adding custom tags for NSFW posts 2021-02-27 13:50:28 +03:00
Andrew Dolgov c521e26a19 use absolute namespace for readability 2021-02-26 19:55:49 +03:00
Andrew Dolgov 3fd7856543 * switch to composer for qrcode and otp dependencies
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
2021-02-26 19:16:17 +03:00
Andrew Dolgov bc4475b669 add missing composer files 2021-02-26 17:39:57 +03:00
Andrew Dolgov cf1ede0ba8 pull latest readability-php via composer 2021-02-26 17:35:58 +03:00
Andrew Dolgov 167c9fc34e silence php8 warnings in otp secondary login form 2021-02-26 14:25:40 +03:00
Andrew Dolgov c96172fa04 use constants in get_pref()/set_pref() 2021-02-25 14:49:58 +03:00
Andrew Dolgov bd2314170d implement prefs UI based on new prefs class and a few more things 2021-02-25 12:46:13 +03:00
Andrew Dolgov 2ae0b7059f cleanup some defined-stuff 2021-02-23 09:01:27 +03:00
Andrew Dolgov cae54dad56 af_redditimgur: fix an oopsie 2021-02-23 00:27:52 +03:00
Andrew Dolgov 211f699aa0 migrate the rest into Config:: 2021-02-22 22:35:27 +03:00
Andrew Dolgov e4107ac952 wip: initial for config object 2021-02-22 21:47:48 +03:00
Andrew Dolgov 42173386b3 dirname(__FILE__) -> __DIR__ 2021-02-22 17:38:46 +03:00
Andrew Dolgov be4e7b1340 fix several issues reported by phpstan 2021-02-22 14:41:09 +03:00
Andrew Dolgov 33fff26869 reinstate HOOK_RENDER_ENCLOSURE 2021-02-22 10:00:50 +03:00
Andrew Dolgov 94560132dd for the most part, deal with filter rules UI 2021-02-21 09:35:07 +03:00
Andrew Dolgov 545bcc3e4b bookmarklets: cleanup some more markup 2021-02-20 08:49:40 +03:00
Andrew Dolgov fc0ebf0891 move bookmarklet-related methods out of public.php into the plugin 2021-02-19 20:21:36 +03:00
Andrew Dolgov cf249d7e8c modify classname helpers to use element.classList; fix feed debugger & share--get 2021-02-19 19:29:43 +03:00
Andrew Dolgov 5cec4eb015 af_readability: fix selector 2021-02-19 18:47:50 +03:00
Andrew Dolgov d445530fa0 format note on the client 2021-02-19 17:15:22 +03:00
Andrew Dolgov 660a1bbe01 * switch to xhr.post() almost everywhere
* call App.handlerpcjson() automatically on json request (if possible)
 * show net/log indicators in prefs
2021-02-19 13:44:56 +03:00
Andrew Dolgov 6b43b788d9 migrate xhrJson invocations to the new helper 2021-02-19 10:22:00 +03:00
Andrew Dolgov 00310d2d23 cleanup some unused code, fix App.byId() invoked by wrong name 2021-02-19 06:58:50 +03:00
Andrew Dolgov c088e9d9d8 get rid of a few more prototype-isms 2021-02-18 22:23:06 +03:00
Andrew Dolgov 70fa423026 initial for RIP prototype/scriptaculous 2021-02-18 21:51:18 +03:00
Andrew Dolgov bed36cbf9f af_psql_trgm: cleanup 2021-02-18 13:41:40 +03:00
Andrew Dolgov a2c75257f1 bookmarklets: cleanup 2021-02-18 13:16:55 +03:00
Andrew Dolgov d8a99ce06a remove unneeded headings 2021-02-18 12:45:31 +03:00
Andrew Dolgov 39c0fe3697 shorten many invocations of Ajax.Request in inline form methods 2021-02-18 12:27:26 +03:00
Andrew Dolgov ee0b66b6bd af_proxy_http: markup cleanup 2021-02-18 12:13:13 +03:00
Andrew Dolgov b888bc2091 cache_starred_images: don't try to use undefined array index 2021-02-17 21:54:43 +03:00
Andrew Dolgov e4609c18ef * add (disabled) shortcut syntax for plugin methods
* add controls shortcut for pluginhandler tags
 * add similar shortcut for frontend
 * allow plugins to selectively exclude their methods from CSRF checking
2021-02-17 21:44:21 +03:00
Andrew Dolgov 35b6d63289 af_proxy_http: don't try to proxy back to ourselves 2021-02-17 16:27:52 +03:00
Andrew Dolgov 6ecee2abbd cache_starred_images: minor fixes 2021-02-17 16:17:05 +03:00
Andrew Dolgov ea37d05a83 delete unused mail .pngs 2021-02-17 15:53:58 +03:00
Andrew Dolgov 2ac6508fe6 mail, mailto: cleanup markup 2021-02-17 15:53:00 +03:00
Andrew Dolgov 2b2833bb4f plugins: load dialogs via xhr instead of http 2021-02-17 14:56:36 +03:00
Andrew Dolgov 4632d6cf55 fix some php8 warnings 2021-02-17 14:14:17 +03:00
Andrew Dolgov 538f87e415 af_psql_trgm: don't load dialog via http 2021-02-17 14:08:06 +03:00
Andrew Dolgov 00b31c3f53 af_readability: cleanup markup 2021-02-17 13:55:58 +03:00
Andrew Dolgov 3c14eed1c2 close_button: fix color not applying 2021-02-17 13:45:38 +03:00
Andrew Dolgov 35b6a88146 RIP af_tumblr_1280 2021-02-17 13:36:24 +03:00
Andrew Dolgov 7587f2cdc6 af_redditimgur: cleanup markup 2021-02-17 13:35:10 +03:00
Andrew Dolgov 91049335eb af_readability: cleanup markup 2021-02-17 12:36:02 +03:00
Andrew Dolgov 9ac6741d24 af_comics: markup cleanup 2021-02-17 12:25:33 +03:00
Andrew Dolgov 4325c30a3f share: markup cleanup 2021-02-17 12:10:19 +03:00
Andrew Dolgov 273ada7353 * implement shortcut syntax for exposed plugin methods
* move shared article rendering code to share plugin
2021-02-17 09:59:14 +03:00
Andrew Dolgov 7adcada324 share plugin: cleanup, fix icon not highlighting properly 2021-02-17 08:52:39 +03:00
Andrew Dolgov 0fc783e2b3 cleanup markup in some plugins, make nsfw generate dijit widgets 2021-02-16 22:07:37 +03:00
Andrew Dolgov f58c49beaa replace a few more controls to new style 2021-02-16 18:50:18 +03:00
Andrew Dolgov bdbbdbb0ed rework controls to accept parameters as array 2021-02-16 16:59:21 +03:00
Andrew Dolgov 1f43d7916c replace print_hidden with hidden_tag 2021-02-16 14:32:06 +03:00
Andrew Dolgov 26d6b84a57 add namespaced controls with unified naming; deprecated old-style control shortcuts 2021-02-16 14:23:00 +03:00
Andrew Dolgov 6e06fe2885 shorten_expanded: fix for posts without attachments 2021-02-16 08:31:24 +03:00
Andrew Dolgov bd3c38de84 move bookmarklet-related subscribe_to_feed_url to bookmarklet plugin 2021-02-15 16:41:52 +03:00
Andrew Dolgov 166f2d4666 diskcache: unify naming 2021-02-15 16:11:30 +03:00
Andrew Dolgov 257efb43c6 article: unify naming 2021-02-15 15:52:28 +03:00
Andrew Dolgov 020f062a76 feeds: unify naming 2021-02-15 15:43:07 +03:00
Andrew Dolgov 82adb01307 render enclosures on the client 2021-02-15 14:10:46 +03:00
Andrew Dolgov a2e688fcb2 render headline-specific toolbar on the client 2021-02-14 22:17:13 +03:00
Andrew Dolgov 15fd23c374 use shortcut echo syntax for php templates 2021-02-14 09:15:51 +03:00
Andrew Dolgov 17413078a7 pref feeds: index cleanup, split into several methods, use tabs to maximize space for feed tree, persist feed tree state 2021-02-13 18:32:02 +03:00
Andrew Dolgov 3d11c61f32 * OPML import: don't reload everything, just feed tree
* dialogs: use auto-destroying dialog for almost all dialogs instead of destroying them manually
* some general dialog-related cleanup
2021-02-12 15:22:10 +03:00
Andrew Dolgov d466284fab * customizeCSS: client dialog
* remove hardcoded width from most dialogs (move to css)
* add helper to easily get dialog from its widget
* rework some dialog buttons to use current object instead of calling dialog by name
2021-02-12 09:02:44 +03:00
Andrew Dolgov 7af8744c85 authentication: make logins case-insensitive (force lowercase) 2021-02-11 09:57:57 +03:00
Andrew Dolgov 72edab5f1c close_button: fix warning 2021-02-10 21:40:31 +03:00
Andrew Dolgov 7874f6ac58 remove PHPMD.UnusedFormalParameter 2021-02-08 19:42:10 +03:00
Andrew Dolgov 51d2deeea9 fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost 2021-02-08 19:11:31 +03:00
Andrew Dolgov 363b3629a4 rewrite a few more hooks 2021-02-08 16:52:47 +03:00
Andrew Dolgov 9de26d44da af_psql_trgm: fix warning 2021-02-08 11:47:41 +03:00
Andrew Dolgov d293cbd5a9 fix several warnings related to feed editor 2021-02-08 11:46:43 +03:00
Andrew Dolgov c1ad7acfb9 bookmarklet: encode URL properly so special characters won't get lost 2021-02-07 21:09:27 +03:00
Andrew Dolgov 5849a39820 af_redditimgur: don't try to load empty html; fix a warning in update debugger 2021-02-06 10:31:06 +03:00
Andrew Dolgov ce489a724b fix a few more warnings 2021-02-06 10:23:45 +03:00
Andrew Dolgov 9fdeb58fd3 check a few more php8 warnings 2021-02-06 09:51:28 +03:00
Andrew Dolgov 6e774a58fe more php8 fixes mostly related to login 2021-02-06 00:12:15 +03:00
Andrew Dolgov 403dca154c initial WIP for php8; bump php version requirement to 7.0 2021-02-05 23:41:32 +03:00
Andrew Dolgov 6c546f37ba af_redditimgur: handle youtube /embed/ URLs 2021-01-23 08:57:36 +03:00
Andrew Dolgov b30b354b53 af_redditimgur: add some last minute handling for generic preview media URLs provided in JSON 2021-01-22 15:44:44 +03:00
Andrew Dolgov 0d1336bd29 af_redditimgur:
* draw a basic form for testurl() if no url is given
 * only process specific JSON media files/child elements until something is found
 * handle generic preview images for self posts (not link posts because
link is handled afterwards)
2021-01-21 08:28:55 +03:00
Andrew Dolgov 1ded706f8f af_redditimgur: cleanup, rework to embed stuff from reddit-provided JSON first 2021-01-19 22:21:57 +03:00
Andrew Dolgov 41bde84a92 af_redditimgur: add basic support for reddit galleries 2021-01-18 15:34:05 +03:00
Andrew Dolgov 4e95591087 af_redditimgur: shorten href stuff 2021-01-18 14:46:08 +03:00
Andrew Dolgov 7a2ad08a7d scored_oldest_first: update sort caption 2021-01-17 10:50:40 +03:00
Andrew Dolgov c82457e534 add plugins/scored_oldest_first 2021-01-17 10:47:37 +03:00
Andrew Dolgov 6d4005f984 af_psql_trgm:
1. better debugging output
2. fix incorrect default values being used sometimes
3. remove special workaround for equal titles because trgm extension
seems to be working properly for those now (tested on postgres 11)
4. code cleanup
2021-01-11 12:23:46 +03:00
Andrew Dolgov 0868ff9d64 auth_remote: use empty() instead of isset() while checking headers 2021-01-07 11:18:02 +03:00
Andrew Dolgov dc40f69511 fix auth_remote broken by previous commit 2021-01-05 18:55:05 +03:00
Andrew Dolgov 8a34084df1 auth_remote: rewrite header checking to be more readable 2021-01-05 10:37:30 +03:00
Andrew Dolgov 8764662138 af_redditimgur: also blacklist in-content links 2021-01-03 10:55:57 +03:00
Tony 564a24fd78 Add support for HTTP_REMOTE_USER variable for user authentication 2020-12-21 16:56:39 +00:00
Andrew Dolgov 9e62513095 af_redditimgur: also rewrite in the API handler 2020-12-20 13:12:50 +03:00
Andrew Dolgov f25ea5355c af_redditimgur: add option to rewrite reddit URLs to teddit.net 2020-12-20 11:28:48 +03:00
Andrew Dolgov 50d089ae59 redditimgur: blacklist github because it usually resolves to a huge profile photo of someone 2020-12-18 08:12:31 +03:00
wn 6f31372b37 Address param order deprecation warning for 'af_redditimgur'. 2020-12-12 10:28:45 -06:00
Andrew Dolgov 65254f5db4 - move sphinx plugin to a separate repo
- regenerate config checks without sphinx-related variables
2020-12-11 09:48:34 +03:00
Andrew Dolgov 43bd3394c3 shorten_expanded: remove loading=lazy from images if enabled 2020-12-11 09:22:30 +03:00
Andrew Dolgov 8479421da4 af_readability: allow appending to original summary instead of always
replacing it, some minor code cleanup
2020-11-26 13:39:47 +03:00
JustAMacUser 65b3926ae5 Ensure proxy_all setting is saved in database. 2020-10-11 01:31:30 -04:00
Andrew Dolgov 38a7a1da88 hide uninteresting errors in several DOMDocument->loadHTML() invocations 2020-10-01 13:20:07 +03:00
Andrew Dolgov 215f388992 move timestamp-related stuff to a separate class 2020-09-23 13:04:26 +03:00
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 2020-09-22 09:04:33 +03:00
Andrew Dolgov a4525d31b2 replace FALSE with false so that static analyzer shuts up about it 2020-09-17 19:02:27 +03:00
Andrew Dolgov d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 2020-09-17 16:50:34 +03:00
Andrew Dolgov a817d3794d * use get_random_bytes() for CSRF token
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
Andrew Dolgov 0757ad0406 auth_internal: use type-strict comparison when checking OTP code 2020-09-17 08:46:57 +03:00
Andrew Dolgov 91e1542a82 af_proxy_http: require separate token to access imgproxy 2020-09-15 10:59:57 +03:00
Andrew Dolgov 79f102c25d af_proxy_http: never print received data directly, always redirect to cached_url
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
Andrew Dolgov 0758397dd8 af_redditimgur: don't add embedded blank gif image for rewritten videos 2020-09-15 06:55:22 +03:00
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov c352e872e9 core: pass found enclosures to HOOK_ARTICLE_FILTER
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
Nathan Warner f8d96543de Created hotkeys_force_top plugin
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
Andrew Dolgov 9ae9302b6b implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7 2020-05-17 08:25:51 +03:00
Andrew Dolgov 5e77d0062b use intersection observer to unpack visible articles, remove Headlines.unpackVisible() 2020-05-13 07:28:13 +03:00
Andrew Dolgov a802649d53 rename cdmScrollToId to cdmMoveToId
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov 4e74da590e af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding 2020-02-28 08:03:25 +03:00
Andrew Dolgov 96fa6e3002 af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters 2020-02-27 12:15:56 +03:00
Andrew Dolgov ba7f7e72db af_comics: mention that Far Side needs cached media 2020-02-27 11:44:18 +03:00
Andrew Dolgov 61168847ac af_comics: escape all template urls 2020-02-27 10:25:00 +03:00
Andrew Dolgov 3b62150abd use canonical fetch url for Far Side 2020-02-27 10:24:12 +03:00
Andrew Dolgov db8a1f76c7 remove unnecessary debugging from previous 2020-02-27 10:20:16 +03:00
Andrew Dolgov 9b4053b1ea af_comics: add experimental support for The Far Side 2020-02-27 10:19:09 +03:00
Andrew Dolgov b159bbe55d af_readability: sanitize content requested for embedding 2020-02-27 08:28:54 +03:00
Andrew Dolgov 3b635c7557 fix plugins/note javascript part broken by previous changeset 2020-02-27 07:59:57 +03:00
Andrew Dolgov 71ff485fbf af_readability: add article button to embed content of a specific article 2020-02-27 07:57:22 +03:00
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
koffieanon 3a3c74dfa4 Also match images with query string (size, tokens, etc). 2020-01-04 17:22:58 +01:00
koffieanon e89dd83f05 Spaces to tabs for consistency. 2020-01-04 17:21:05 +01:00
koffieanon 297a89c2d2 Fix bug processing found due to operator precedence. 2020-01-04 17:20:33 +01:00
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 2019-12-18 14:27:40 +03:00
Andrew Dolgov 219840341c Af_Youtube_Embed: whitelist youtube iframes if enabled 2019-11-27 22:46:43 +03:00
Andrew Dolgov ffa3f9309f af_comics: support buni webtoon episodes 2019-11-18 19:00:08 +03:00
Andrew Dolgov f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 2019-11-03 20:47:21 +03:00
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov 249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov 68b0380118 add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov 178bcd4349 auth_internal: fix OTP seed checking 2019-11-01 10:34:31 +03:00
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
JustAMacUser 8459238f6c af_comics: Use a fixed time of day when generating fake feed for GoComics. Without this the timestamp is always updated to be the time the feed is fetched, which causes the comics to keep moving to the top/bottom of the article list depending on the sort order. (Using 11:00 a.m. UTC as that should keep the date the same across the majority of time zones.)
Try to get the actual title for GoComics comics.

Also a little code clean up.
2019-10-06 16:19:21 -04:00