foobar
2008ec4ed7
change filter rule regexp type to text
2018-04-14 14:11:29 +02:00
JustAMacUser
905ff10dc9
Allow abbr tag when sanitizing.
2018-02-27 16:06:10 +00:00
Andrew Dolgov
e7c9bc60ec
fix previous wrt if-modified-since being added to context options headers
2018-02-25 14:22:46 +03:00
Metallizzer
dd597297cb
Обновить 'include/functions.php'
...
The "Connection: close" header is added to the context_options
2018-02-25 10:03:09 +00:00
Andrew Dolgov
3d7db21602
Merge branch 'master' of git.fakecake.org:tt-rss
2018-02-12 09:37:31 +03:00
Andrew Dolgov
8babb8e75a
sanitize: disallow width and height attributes for images
2018-02-11 16:47:19 +03:00
fox
1aeb282be1
Merge branch 'save-effective-url' of JustAMacUser/tt-rss into master
2018-02-11 08:57:12 +00:00
JustAMacUser
7ae05ed790
Have fetch_file_contents() save the effective URL.
2018-02-11 07:56:28 +00:00
Andrew Dolgov
2eaf2a1f36
tag_is_valid: simplify code
2018-02-11 10:26:33 +03:00
Andrew Dolgov
7f4a404566
include: convert some spaces to tabs
2018-01-30 10:44:31 +03:00
martin scharm
32dc9ec854
undocumenting the proxy settings [see #36 ]
...
in response to https://git.tt-rss.org/git/tt-rss/pulls/36#issuecomment-119
2018-01-18 08:48:53 +01:00
martin scharm
213c01d459
some proxies require `request_fulluri` set to true [see #36 ]
...
at least polipo won't work for plain HTTP URLs (HTTPS strangely also works without `request_fulluri`..?)
see https://git.tt-rss.org/git/tt-rss/pulls/36
2018-01-17 12:28:47 +01:00
martin scharm
ea55f2e11c
Add proper support for proxies
...
There are situations where you want tt-rss to use a proxy (e.g.
because of network restrictions, or privacy concerns).
tt-rss already comes with an undocumented `_CURL_HTTP_PROXY`
variable (see eg https://binfalse.de/2015/05/06/ttrss-with-proxy/ ),
however that won't have an effect when, for example, php-curl is
not installed, see
c30f5e1811/include/functions.php (L377)
In this case it would use the `file_get_contents` with a stream
context without a proxy definition:
c30f5e1811/include/functions.php (L487)
Here I propose to properly support proxies, and I introduced a
`PROXY` variable, that is respected in both scenarios, with and
without curl installed.
2018-01-14 00:30:22 +01:00
Andrew Dolgov
9274109c19
search_to_sql: quote fallback search language
2017-12-30 16:27:05 +03:00
JustAMacUser
56c2216295
Add missing quotes to array_map.
2017-12-30 01:00:56 -05:00
Andrew Dolgov
bed2d6e054
force-cast some variables used in queries to integer
...
do not display SQL query in headlines debug mode
2017-12-17 16:24:13 +03:00
Andrew Dolgov
7651b6e2cd
sanitize: disable referrer via referrerpolicy for img elements
2017-12-13 20:07:10 +03:00
Andrew Dolgov
4d10b4abca
merge login form css into default.css
...
update more hardcoded colors to use @color-accent
update @color-accent
2017-12-10 22:51:39 +03:00
Andrew Dolgov
f8db5bb4db
installer: use PDO, improve wording for some notices
...
PDO wrapper: allow working with blank DB_HOST
2017-12-10 09:20:52 +03:00
Andrew Dolgov
76fc7a2d9c
bool_to_sql_bool: for some reason PDO really likes integers for boolean columns
...
incidentally this fixes OPML filter import
2017-12-06 00:12:28 +03:00
Andrew Dolgov
c4a08e4ff0
remove mentions of deprecated.js
2017-12-05 07:09:01 +03:00
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
2017-12-03 23:35:38 +03:00
Andrew Dolgov
fa3bcfa379
queryfeedheadlines: there's no need to quote order_by/override_order
...
else: feedicon cache busting etc
2017-12-03 22:49:57 +03:00
Andrew Dolgov
7c0eb1b621
add defaultPasswordWarning nag dialog
2017-12-03 20:46:27 +03:00
Andrew Dolgov
bfebf57c5f
get_theme_path: fallback to css/default.css if default theme is selected
2017-12-03 14:17:25 +03:00
Andrew Dolgov
2cf93c046c
pref-users: fix sorting the table
2017-12-03 13:54:31 +03:00
Andrew Dolgov
3eecebc34f
sanity_check: do not invoke PDO without checking that it exists
2017-12-03 13:41:09 +03:00
Andrew Dolgov
97a5e13370
add sanity check for PDO
2017-12-03 13:40:09 +03:00
Andrew Dolgov
83303f20e0
update version static for css & db changes
2017-12-03 13:38:25 +03:00
Andrew Dolgov
09bc54c690
further stylesheet simplification related fixes
2017-12-03 13:25:34 +03:00
Andrew Dolgov
8ff3cbb32e
filters: remove sql_bool_to_bool()
...
checkbox_to_sql_bool: return ints (???)
2017-12-03 09:26:11 +03:00
Andrew Dolgov
ed5cd6eae5
get_feed_access_key: param type bullshit
2017-12-03 00:25:12 +03:00
Andrew Dolgov
6cf3a57282
login: fix profile dropdown popping out in a weird place
2017-12-03 00:23:11 +03:00
Andrew Dolgov
7d960ce7e9
auth_internal: use PDO + other fixes
2017-12-03 00:18:08 +03:00
Andrew Dolgov
4ee398a41e
Merge branch 'master' of git.fakecake.org:tt-rss into pdo-experimental
2017-12-02 23:13:49 +03:00
Andrew Dolgov
1e78803c44
search_to_sql: leftover tsquery query fix for pgsql
2017-12-02 23:11:28 +03:00
Andrew Dolgov
a2d77092fe
search_to_sql: quoting fix
2017-12-02 22:58:59 +03:00
Andrew Dolgov
0002e598f8
sql_bool_to_bool: backwards compat fix
2017-12-02 22:39:34 +03:00
Andrew Dolgov
e4befe6bf4
fix label cache being double escaped on save
...
remove some old-style escaping
2017-12-02 15:47:53 +03:00
Andrew Dolgov
ef83c69404
more boolean fixes
2017-12-02 14:13:16 +03:00
Andrew Dolgov
da9ea57d1c
checkbox to sql bool related changes, some more boolean fixes
2017-12-02 14:07:48 +03:00
Andrew Dolgov
7ccb4e91ff
boolean handling changes which probably won't break everything
2017-12-02 14:02:01 +03:00
Andrew Dolgov
c949a9282e
OPML: use PDO; minor fixes
2017-12-02 01:08:30 +03:00
Andrew Dolgov
fbe7cb0a48
rpc: switch to PDO
2017-12-01 23:49:14 +03:00
Andrew Dolgov
ecf6baaa1c
fix add_feed_category
2017-12-01 22:17:04 +03:00
Andrew Dolgov
cc9450c309
ccache, misc: fixes
...
feeds: start PDO transition
2017-12-01 19:42:02 +03:00
Andrew Dolgov
1271407eea
public: partial conversion to PDO, misc fixes
2017-12-01 18:57:34 +03:00
Andrew Dolgov
cab58c44ae
some minor PDO-related fixes
2017-12-01 18:26:53 +03:00
Andrew Dolgov
c9d5c26041
auth/base: PDO
...
functions: fix small pdo-related bug
2017-12-01 17:40:53 +03:00
Andrew Dolgov
d068111a37
controls: PDO
2017-12-01 15:10:05 +03:00
Andrew Dolgov
bbd9e5045e
controls: start pdo stuff
2017-12-01 15:03:14 +03:00
Andrew Dolgov
4ff8bdcb00
feedbrowser: PDO
2017-12-01 14:56:27 +03:00
Andrew Dolgov
fdda3e4efb
pdo pdo pdo
2017-12-01 14:50:10 +03:00
Andrew Dolgov
4d13514dd4
sessions: PDO
2017-12-01 14:48:23 +03:00
Andrew Dolgov
a21f7495ae
more pdo stuff
2017-12-01 14:39:24 +03:00
Andrew Dolgov
90dafaa9f6
add qmarks function
2017-12-01 12:44:54 +03:00
Andrew Dolgov
b78a6f08b6
more pdo stuff i guess
2017-12-01 12:42:18 +03:00
Andrew Dolgov
7c4d7bce3f
increase default of MAX_CONDITIONAL_INTERVAL to 12 hours
2017-12-01 11:51:46 +03:00
Andrew Dolgov
8aa568b3a2
some more pdo stuff
2017-12-01 10:35:22 +03:00
Andrew Dolgov
bfc54b0369
Merge branch 'pdo-experimental' of git.fakecake.org:tt-rss into pdo-experimental
2017-12-01 10:17:36 +03:00
Andrew Dolgov
e50c8eaa4e
enforce unconditional requests every 6 hours even if server claims data is not modified
2017-11-30 13:12:28 +03:00
Andrew Dolgov
ecd2e414bd
add ttrss_feeds.last_unconditional (schema bump)
2017-11-30 12:55:50 +03:00
Andrew Dolgov
8adb3ec472
add some WIP pdo stuff
2017-11-30 12:28:07 +03:00
Andrew Dolgov
9dd336a2c3
generate base css files using lessc
2017-11-29 18:55:12 +03:00
Andrew Dolgov
820873de9f
update myisam fail warning
2017-11-27 20:20:33 +03:00
Andrew Dolgov
0b68b1629e
add a sanity check for tt-rss myisam tables
2017-11-27 20:09:02 +03:00
woxcab
6eeeec4838
Allow <hr> tag in the RSS item' description
2017-11-03 10:23:29 +03:00
Andrew Dolgov
9d930af9e1
fetch_file_contents: improve error handling
...
1. if request fails get error string from http response status line
2. do not override http error with possible CURL/php specific last error
3. fix silent php error generated while processing response headers to get last modified value
2017-10-30 13:13:10 +03:00
Andrew Dolgov
8716ec20d6
add sanity check for mime_content_type()
2017-10-29 10:17:43 +03:00
Andrew Dolgov
8b73bd28d8
remove apache-specific x-sendfile stuff
...
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
2017-10-08 17:14:56 +03:00
wn_
701c5a7ee4
get_favicon_url: only check base elements with href attribute
2017-10-01 15:47:31 -05:00
wn_
241f69e4db
Handle potentially-relative base element when getting favicon.
...
The base element's "href" attribute is not required to be absolute,
so rewrite relative to the site URL if it is relative.
See:
* https://www.w3.org/TR/html51/document-metadata.html#the-base-element
* https://html.spec.whatwg.org/multipage/semantics.html#the-base-element
2017-10-01 14:25:12 -05:00
Andrew Dolgov
153cb6d305
add support for http 304 not modified (no timestamp calculation bullshit like last time)
2017-08-17 14:40:21 +03:00
Andrew Dolgov
5e78b0c253
do not base headlines label context submenu on feed tree labels category
2017-07-30 11:55:30 +03:00
Andrew Dolgov
1b5b1e5fec
sessions: use is_server_https() for secure cookie setting
2017-07-17 07:33:43 +03:00
Natan Frei
e234ac8dcb
$_SERVER['HTTPS'] can be exists and 'off' for non-https connectios
2017-07-17 00:44:48 +03:00
Andrew Dolgov
09628e1b1a
rework previous 32 bit session stuff
2017-07-13 14:40:30 +03:00
Andrew Dolgov
e6d77d2b29
Merge branch 'master' of git.fakecake.org:tt-rss
2017-07-13 08:57:31 +03:00
Andrew Dolgov
b465c28ee0
sessions: clip max expiry value to a 32bit integer
2017-07-13 08:57:07 +03:00
Andrew Dolgov
9f7bd151c6
hopefully unify handling of server HTTPS variables where needed, use scheme based on SELF_URL_PATH otherwise
2017-07-10 16:20:40 +03:00
Cédric Barboiron
643ebe4229
sanity: check X-Forwarded-Proto for self_url
2017-07-10 14:04:50 +02:00
Andrew Dolgov
b2d42e960b
replace some usages of SELF_URL_PATH with get_self_url_prefix()
2017-07-06 23:01:44 +03:00
Andrew Dolgov
948471a44b
self url path checking: accept value without an ending slash
2017-07-06 22:51:56 +03:00
Andrew Dolgov
2953687b72
sanity: it's probably a good idea to check whether we're running under httpd before enforcing SELF_URL_PATH checks
2017-07-05 22:46:05 +03:00
Andrew Dolgov
1f91695895
previous: spaces -> tabs
2017-07-05 22:07:41 +03:00
Andrew Dolgov
7506b61af2
sanity: check whether SELF_URL_PATH conforms to data returned by httpd
2017-07-05 22:00:31 +03:00
Andrew Dolgov
d76d5e86d2
controls: disable print_feed_select (unused)
2017-07-02 22:57:06 +03:00
Andrew Dolgov
10a1f28f7c
schema: updates for new filter format (bump version to 131)
2017-07-02 20:59:24 +03:00
Andrew Dolgov
02f3992a5a
Revert "Revert "filters: support matching on multiple feeds/categories""
...
This reverts commit f5d174bda9
.
2017-07-02 20:37:52 +03:00
Andrew Dolgov
f5d174bda9
Revert "filters: support matching on multiple feeds/categories"
...
This reverts commit 0bf7e007bb
.
2017-07-02 20:37:01 +03:00
Andrew Dolgov
0bf7e007bb
filters: support matching on multiple feeds/categories
...
opml: update filter export/import for new format
2017-07-02 20:27:21 +03:00
Andrew Dolgov
6fd0399694
tunables:
...
* add CACHE_MAX_DAYS as a tunable generic expiry interval for various cached files
* add some comments to tunables in functions.php
* rename _MIN_CACHE_FILE_SIZE to MIN_CACHE_FILE_SIZE
* respect MIN_CACHE_FILE_SIZE setting in a few more places where content is cached
2017-05-29 23:14:42 +03:00
wn_
9b8bec700a
Replace '__autoload' (deprecated in PHP 7.2) with 'spl_autoload_register'.
...
http://php.net/manual/en/function.autoload.php
http://php.net/spl_autoload_register
https://wiki.php.net/rfc/deprecations_php_7_2
2017-05-27 10:52:16 -05:00
Andrew Dolgov
5b6ea1ef91
remove pubsubhubbub: dead
2017-05-16 10:41:20 +03:00
Andrew Dolgov
c114a2596f
move add_feed_url() to pref_feeds
2017-05-11 09:07:49 +03:00
Andrew Dolgov
4fd0790804
fix DAEMON_SLEEP_INTERVAL not being defined when used
...
enforce minimum 60 sec spawn/sleep interval in update processes
2017-05-06 10:54:14 +03:00
Andrew Dolgov
e6c886bf66
wrap rssfuncs into rssutils class
2017-05-05 18:10:07 +03:00
Andrew Dolgov
65af3b2cbb
move counter stuff to a separate class
2017-05-05 11:54:31 +03:00
Andrew Dolgov
e35ba0e212
add sanity check for SELF_URL_PATH going to http url if server is accessed over https
2017-05-05 10:16:54 +03:00
Andrew Dolgov
7c9b5a3fe4
move label stuff to Labels class
...
fix some unresolved functions
2017-05-04 15:57:40 +03:00
Andrew Dolgov
c2f0f24e4c
move digest stuff to Digest class
2017-05-04 15:41:38 +03:00
Andrew Dolgov
0086a89740
move some label stuff to labels.php
...
move getfeedcategory() to Feeds
2017-05-04 15:36:36 +03:00
Andrew Dolgov
904aff7667
abs_to_rel_path: removed
2017-05-04 15:28:21 +03:00
Andrew Dolgov
4a0da0e5bf
move get_article_labels to Article
2017-05-04 15:26:21 +03:00
Andrew Dolgov
2ed0d6c433
move counter cache to a separate class
...
fix references to get_article_tags
2017-05-04 15:22:57 +03:00
Andrew Dolgov
aeb1abedb2
move a bunch of functions into Feeds/Article namespaces
...
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+ static function getLastArticleId() {
+ static function queryFeedHeadlines($params) {
+ static function getParentCategories($cat, $owner_uid) {
+ static function getChildCategories($cat, $owner_uid) {
move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
2017-05-04 15:13:02 +03:00
Andrew Dolgov
a230bf88a9
move to Article:
...
+ static function purge_orphans($do_output = false) {
move to Feeds
+ static function getGlobalUnread($user_id = false) {
+ static function getCategoryTitle($cat_id) {
+ static function getLabelUnread($label_id, $owner_uid = false) {
2017-05-04 15:00:21 +03:00
Andrew Dolgov
86a8351ca2
move the following to Feeds:
...
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+ static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+ static function subscribe_to_feed($url, $cat_id = 0,
+ static function getFeedIcon($id) {
+ static function getFeedTitle($id, $cat = false) {
+ static function getCategoryUnread($cat, $owner_uid = false) {
+ static function getCategoryChildrenUnread($cat, $owner_uid = false) {
2017-05-04 14:50:56 +03:00
Andrew Dolgov
7e5f8d9fb3
move the following to Article:
...
+ static function format_article_enclosures($id, $always_display_enclosures,
+ static function format_article($id, $mark_as_read = true, $zoom_mode = false, $owner_uid = false) {
+ static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) {
+ static function format_tags_string($tags) {
+ static function format_article_labels($labels) {
+ static function format_article_note($id, $note, $allow_edit = true) {
+ static function get_article_enclosures($id) {
2017-05-04 14:38:45 +03:00
Andrew Dolgov
4122da0290
move getArticleFeed to Article
...
move print_label_select to controls
2017-05-04 14:26:44 +03:00
Andrew Dolgov
e60d5b0a84
move opml-specific get_feed_category to opml.php
2017-05-04 14:24:30 +03:00
Andrew Dolgov
9549e33c2c
move some common control-generating functions to controls.php
2017-05-04 14:22:23 +03:00
Andrew Dolgov
07d3431e28
update_rss_feed: minor code cleanup
2017-04-27 13:08:43 +03:00
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov
467bc4fe03
bump version_static to 17.4
2017-04-23 00:48:51 +03:00
Andrew Dolgov
337535416f
filter by search results while marking feed as read
2017-03-31 11:21:35 +03:00
Andrew Dolgov
86e534290e
enclosures: rewrite relative urls on import, duh
2017-03-27 19:20:46 +03:00
Andrew Dolgov
9594ea6875
add cosmetic suffixes back for cached url links
2017-03-23 18:26:43 +03:00
Andrew Dolgov
dc2c4b13d4
when choosing enclosures to embed or rewrite (af_zz_imgproxy) only use content type instead of "filename"-based hacks
2017-03-23 15:22:00 +03:00
Andrew Dolgov
388d4dfa88
enable caching of media in article enclosures
2017-03-23 15:19:25 +03:00
Andrew Dolgov
48eefd8c5c
allow caching of audio files
2017-03-23 15:03:22 +03:00
Andrew Dolgov
41bead9baa
remove local file extensions and generalize some method names for cached media
...
file extensions may still be present in urls, but are ignored by the backend
MIGRATION (if you have any cached data worth keeping, not required):
in cache/images run "rename 's/\..*$//' *" i.e. strip file extensions
2017-03-23 14:55:40 +03:00
Andrew Dolgov
8519c68d93
rewrite relative urls for html5 audio source elements
2017-03-06 09:20:58 +03:00
Andrew Dolgov
1bfe1d7b31
simplify error handling
...
* less convoluted exception dialogs
* use window.onerror for the majority of exception catching/reporting
* remove most of now useless try/catch blocks
* report stacktrace instead of manually specified error locations
2017-03-04 14:34:44 +03:00
Luc Didry
453787526a
Improve update_feedbrowser_cache SQL query
2017-02-16 12:05:32 +01:00
Andrew Dolgov
4a23031fcd
rewrite_relative_url: cleanup resulting url path while rewriting
2017-02-13 15:25:21 +03:00
Andrew Dolgov
454292b295
format_article_enclosures: allow embedding .jpeg files
2017-02-12 20:24:29 +03:00
Andrew Dolgov
676c7303ca
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2)
2017-02-12 17:02:07 +03:00
Andrew Dolgov
58210301e0
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy
2017-02-12 16:01:28 +03:00
Jérémy DECOOL
ba2853caac
Prevent target='_blank' vulnerability on dynamic link
2017-02-12 11:01:36 +01:00
Andrew Dolgov
fafd32e2dc
use get_self_url_prefix() when rewriting cached images
2017-02-10 15:14:47 +03:00
Andrew Dolgov
dc8bd8a640
add some print_checkbox/print_button calls; rename some plugin preference pane titles
2017-02-10 14:57:25 +03:00
Andrew Dolgov
8cf37284e7
af_zz_imgproxy: add optional setting to proxy all remote images
...
functions: add some form helper methods
2017-02-10 14:17:18 +03:00
Andrew Dolgov
7818bfde0b
sanitize: properly handle cached content in archived articles
2017-02-10 12:11:09 +03:00
Andrew Dolgov
70c0a8c2e0
pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor.
2017-02-09 23:19:26 +03:00
Andrew Dolgov
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
Andrew Dolgov
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
Andrew Dolgov
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
Andrew Dolgov
24c7e4132d
subscribe dialog: do not report errors via alert()
...
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
2017-01-28 12:45:49 +03:00
Andrew Dolgov
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
Andrew Dolgov
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
Shane Synan
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
Andrew Dolgov
3b001e4330
support rel=noopener for links
2017-01-24 18:45:25 +03:00
Andrew Dolgov
e934d63e0c
fetch_file_contents: rework the way shim works to prevent intermittent warnings
2017-01-24 15:11:13 +03:00
Andrew Dolgov
67268b0017
sanitize: allow acronym tag
2017-01-24 11:36:43 +03:00
Andrew Dolgov
cb3f877303
reference pubsubhubbub classes using their namespace
2017-01-23 08:20:46 +03:00
Andrew Dolgov
70c5b2bfcc
feed tree: only run animation for appearing unread counters to prevent clashes with aux counter updating and animations ending up in wrong state
2017-01-22 20:20:35 +03:00
Andrew Dolgov
a86255572a
bump VERSION_STATIC due to Dojo changes
2017-01-22 13:55:36 +03:00