Commit Graph

10928 Commits

Author SHA1 Message Date
Andrew Dolgov 05744bb474 fix updater never scheduling feeds for update if they never been updated before while having default update interval set 2020-09-22 20:33:51 +03:00
Andrew Dolgov 8fb2baecdc another hack for validation of URLs with invalid characters 2020-09-22 19:56:26 +03:00
Andrew Dolgov a897c4165b validate URLs: convert IDN to punycode before passing URL to filter_var() 2020-09-22 15:32:22 +03:00
Andrew Dolgov 6811d0bde2 use self:: in some places to invoke static methods from the same class 2020-09-22 14:54:15 +03:00
Andrew Dolgov b5710baf34 - don't fail on non-ascii characters when validating URLs
- fix IDN hostnames not being converted properly
2020-09-22 14:37:45 +03:00
Andrew Dolgov e3780050e7 Merge branch 'weblate-integration' 2020-09-22 11:55:53 +03:00
Andrew Dolgov 490df818aa router: only allow functions without required parameters as handler methods 2020-09-22 09:34:39 +03:00
Andrew Dolgov ab6aa0ad3e fix previous re: resolve_redirects 2020-09-22 09:18:24 +03:00
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 2020-09-22 09:04:33 +03:00
Glandos 4d6c80b198 Translated using Weblate (French)
Currently translated at 100.0% (727 of 727 strings)

Translation: Tiny Tiny RSS/messages
Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/fr/
2020-09-22 01:24:24 +00:00
Andrew Dolgov 41fbd3f15f Added translation using Weblate (Persian) 2020-09-21 18:27:39 +00:00
Andrew Dolgov d04ac399ff clarify some URL validation-related error messages 2020-09-21 20:37:29 +03:00
Andrew Dolgov 3dd4169b5f clarify some URL validation-related error messages 2020-09-21 20:35:24 +03:00
Andrew Dolgov 4785f21316 update_rss_feed: log effective URL after fetching
validate_url: treat scheme as case-insensitive
2020-09-21 20:26:57 +03:00
Andrew Dolgov 486f1d84ed resolve_redirects: fix previous 2020-09-20 18:14:34 +03:00
Andrew Dolgov d2867d887a resolve_redirects: only use three argument version of get_headers() on php 7.1+ 2020-09-20 17:27:04 +03:00
Andrew Dolgov 05ef9aac2f update URL pointing to version.json 2020-09-19 07:33:59 +03:00
fox 7584ecc8a2 Merge branch 'gettext-const-scope' of JustAMacUser/tt-rss into master 2020-09-19 04:04:47 +00:00
JustAMacUser c8ac9dc7ea Remove `private` scope for class constants.
This change branches from the merged patch by Sunil Mohan Adapa's for
Debian's package.
2020-09-18 18:13:18 -04:00
Andrew Dolgov 03a337a660 add basic safe mode which doesn't load any user plugins 2020-09-18 15:48:22 +03:00
Andrew Dolgov 3588d5186e - gettext: merge patch from Sunil Mohan Adapa which rewrites plural parser to not use eval()
- fix typo in aforementioned patch which caused plurals to never load
- update code again to newer PHP constructor syntax
2020-09-18 14:05:34 +03:00
Andrew Dolgov 4f5ae94b62 prevent source errors from crashing gulp watch 2020-09-18 12:14:37 +03:00
Andrew Dolgov f3803c9e60 add eslint to package.json 2020-09-17 20:47:01 +03:00
Andrew Dolgov 5c1f70348e add less to package.json 2020-09-17 20:45:21 +03:00
Andrew Dolgov 4efc3d7b3f validate_url: relax requirements for URLs, limit additional port/loopback filtering to fetch_file_contents() 2020-09-17 20:20:23 +03:00
Andrew Dolgov a4525d31b2 replace FALSE with false so that static analyzer shuts up about it 2020-09-17 19:02:27 +03:00
Andrew Dolgov 57fac84516 rename gettext.inc to gettext.inc.php (cosmetic) 2020-09-17 18:56:29 +03:00
Andrew Dolgov d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 2020-09-17 16:50:34 +03:00
Andrew Dolgov c25edd0024 fetch_file_contents: validate effective URL (after redirects) without CURL 2020-09-17 16:17:33 +03:00
Andrew Dolgov 27e695436f fetch_file_contents: validate effective URL (after redirects) if using CURL 2020-09-17 15:53:13 +03:00
Andrew Dolgov afa0023c51 don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update 2020-09-17 15:40:50 +03:00
Andrew Dolgov f41fdef389 add gulp task for less compilation 2020-09-17 13:30:52 +03:00
Andrew Dolgov 5415a0e033 add makefile for less to css compilation 2020-09-17 12:15:49 +03:00
Andrew Dolgov 37f41a5246 forgotpass: use type strict comparison for reset token 2020-09-17 11:49:27 +03:00
Andrew Dolgov 5a7e7e1367 don't try to call hash_equals() on unset user token 2020-09-17 10:20:55 +03:00
Andrew Dolgov f72e6947d5 use hash_equals() correctly 2020-09-17 10:04:00 +03:00
Andrew Dolgov e3adacc588 fix several cases of Db class being invoked as wrong name (as DB) 2020-09-17 09:18:03 +03:00
Andrew Dolgov 16c86e2fc3 replace some plain http links with https 2020-09-17 09:02:30 +03:00
Andrew Dolgov a817d3794d * use get_random_bytes() for CSRF token
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
Andrew Dolgov 0757ad0406 auth_internal: use type-strict comparison when checking OTP code 2020-09-17 08:46:57 +03:00
Andrew Dolgov 89d53a7f49 fix typo in previous 2020-09-17 08:45:17 +03:00
Andrew Dolgov 1f79d614c4 fix OTP QR code not displayed because of CSRF token passed as a query
parameter
use type-strict comparison when validating CSRF token on the backend
2020-09-17 08:43:39 +03:00
Andrew Dolgov 6a4b6cf603 amend previous to 127/8 subnet 2020-09-17 07:37:48 +03:00
Andrew Dolgov 213d6330b1 fetch_file_contents: resolve requested hosts and check for possible
loopback address
2020-09-17 07:36:47 +03:00
Andrew Dolgov 88c4dc405e build_url: also put query parameters and fragment in resulting URL
rewrite_relative_url: simplify handling of relative URLs
2020-09-16 21:41:05 +03:00
Andrew Dolgov 9d3c794983 subscribe: allow pre-filling feed URL if passed via query string 2020-09-16 17:20:31 +03:00
Andrew Dolgov da5af2fae0 cached_url: block SVG images because of potential javascript inside 2020-09-16 16:25:20 +03:00
Andrew Dolgov 33fdde249e pass CSRF token to opml import and feed icon replace dialogs 2020-09-16 06:43:55 +03:00
Andrew Dolgov f693ebab21 fix default password nag dialog, load via xhr 2020-09-16 06:38:41 +03:00
Andrew Dolgov 77faa5d523 editFeed: only try to reload feed tree in preferences if its actually there 2020-09-15 18:55:34 +03:00