Andrew Dolgov
8a34084df1
auth_remote: rewrite header checking to be more readable
2021-01-05 10:37:30 +03:00
Andrew Dolgov
8764662138
af_redditimgur: also blacklist in-content links
2021-01-03 10:55:57 +03:00
Tony
564a24fd78
Add support for HTTP_REMOTE_USER variable for user authentication
2020-12-21 16:56:39 +00:00
Andrew Dolgov
9e62513095
af_redditimgur: also rewrite in the API handler
2020-12-20 13:12:50 +03:00
Andrew Dolgov
f25ea5355c
af_redditimgur: add option to rewrite reddit URLs to teddit.net
2020-12-20 11:28:48 +03:00
Andrew Dolgov
50d089ae59
redditimgur: blacklist github because it usually resolves to a huge profile photo of someone
2020-12-18 08:12:31 +03:00
wn
6f31372b37
Address param order deprecation warning for 'af_redditimgur'.
2020-12-12 10:28:45 -06:00
Andrew Dolgov
65254f5db4
- move sphinx plugin to a separate repo
...
- regenerate config checks without sphinx-related variables
2020-12-11 09:48:34 +03:00
Andrew Dolgov
43bd3394c3
shorten_expanded: remove loading=lazy from images if enabled
2020-12-11 09:22:30 +03:00
Andrew Dolgov
8479421da4
af_readability: allow appending to original summary instead of always
...
replacing it, some minor code cleanup
2020-11-26 13:39:47 +03:00
JustAMacUser
65b3926ae5
Ensure proxy_all setting is saved in database.
2020-10-11 01:31:30 -04:00
Andrew Dolgov
38a7a1da88
hide uninteresting errors in several DOMDocument->loadHTML() invocations
2020-10-01 13:20:07 +03:00
Andrew Dolgov
215f388992
move timestamp-related stuff to a separate class
2020-09-23 13:04:26 +03:00
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
Andrew Dolgov
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
2020-09-17 19:02:27 +03:00
Andrew Dolgov
d8619b9a84
auth_internal: cast OTP code to integer before trying to check it
2020-09-17 16:50:34 +03:00
Andrew Dolgov
a817d3794d
* use get_random_bytes() for CSRF token
...
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
Andrew Dolgov
0757ad0406
auth_internal: use type-strict comparison when checking OTP code
2020-09-17 08:46:57 +03:00
Andrew Dolgov
91e1542a82
af_proxy_http: require separate token to access imgproxy
2020-09-15 10:59:57 +03:00
Andrew Dolgov
79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
Andrew Dolgov
0758397dd8
af_redditimgur: don't add embedded blank gif image for rewritten videos
2020-09-15 06:55:22 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
Nathan Warner
f8d96543de
Created hotkeys_force_top plugin
...
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
Andrew Dolgov
9ae9302b6b
implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7
2020-05-17 08:25:51 +03:00
Andrew Dolgov
5e77d0062b
use intersection observer to unpack visible articles, remove Headlines.unpackVisible()
2020-05-13 07:28:13 +03:00
Andrew Dolgov
a802649d53
rename cdmScrollToId to cdmMoveToId
...
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
Andrew Dolgov
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
Andrew Dolgov
4e74da590e
af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding
2020-02-28 08:03:25 +03:00
Andrew Dolgov
96fa6e3002
af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters
2020-02-27 12:15:56 +03:00
Andrew Dolgov
ba7f7e72db
af_comics: mention that Far Side needs cached media
2020-02-27 11:44:18 +03:00
Andrew Dolgov
61168847ac
af_comics: escape all template urls
2020-02-27 10:25:00 +03:00
Andrew Dolgov
3b62150abd
use canonical fetch url for Far Side
2020-02-27 10:24:12 +03:00
Andrew Dolgov
db8a1f76c7
remove unnecessary debugging from previous
2020-02-27 10:20:16 +03:00
Andrew Dolgov
9b4053b1ea
af_comics: add experimental support for The Far Side
2020-02-27 10:19:09 +03:00
Andrew Dolgov
b159bbe55d
af_readability: sanitize content requested for embedding
2020-02-27 08:28:54 +03:00
Andrew Dolgov
3b635c7557
fix plugins/note javascript part broken by previous changeset
2020-02-27 07:59:57 +03:00
Andrew Dolgov
71ff485fbf
af_readability: add article button to embed content of a specific article
2020-02-27 07:57:22 +03:00
Andrew Dolgov
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
koffieanon
3a3c74dfa4
Also match images with query string (size, tokens, etc).
2020-01-04 17:22:58 +01:00
koffieanon
e89dd83f05
Spaces to tabs for consistency.
2020-01-04 17:21:05 +01:00
koffieanon
297a89c2d2
Fix bug processing found due to operator precedence.
2020-01-04 17:20:33 +01:00
Andrew Dolgov
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
2019-12-18 14:27:40 +03:00
Andrew Dolgov
219840341c
Af_Youtube_Embed: whitelist youtube iframes if enabled
2019-11-27 22:46:43 +03:00
Andrew Dolgov
ffa3f9309f
af_comics: support buni webtoon episodes
2019-11-18 19:00:08 +03:00
Andrew Dolgov
f6090655bf
2fa: check TOTP based on previous secret values (oops of the year, 2019)
2019-11-03 20:47:21 +03:00
Andrew Dolgov
812a6c9f16
auth_internal: fix indents
2019-11-01 15:25:40 +03:00
Andrew Dolgov
249130e58d
implement app password checking / management UI
2019-11-01 15:03:57 +03:00
Andrew Dolgov
68b0380118
add placeholder authentication via app passwords if service is passed
...
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov
178bcd4349
auth_internal: fix OTP seed checking
2019-11-01 10:34:31 +03:00