Commit Graph

700 Commits

Author SHA1 Message Date
Andrew Dolgov 8a34084df1 auth_remote: rewrite header checking to be more readable 2021-01-05 10:37:30 +03:00
Andrew Dolgov 8764662138 af_redditimgur: also blacklist in-content links 2021-01-03 10:55:57 +03:00
Tony 564a24fd78 Add support for HTTP_REMOTE_USER variable for user authentication 2020-12-21 16:56:39 +00:00
Andrew Dolgov 9e62513095 af_redditimgur: also rewrite in the API handler 2020-12-20 13:12:50 +03:00
Andrew Dolgov f25ea5355c af_redditimgur: add option to rewrite reddit URLs to teddit.net 2020-12-20 11:28:48 +03:00
Andrew Dolgov 50d089ae59 redditimgur: blacklist github because it usually resolves to a huge profile photo of someone 2020-12-18 08:12:31 +03:00
wn 6f31372b37 Address param order deprecation warning for 'af_redditimgur'. 2020-12-12 10:28:45 -06:00
Andrew Dolgov 65254f5db4 - move sphinx plugin to a separate repo
- regenerate config checks without sphinx-related variables
2020-12-11 09:48:34 +03:00
Andrew Dolgov 43bd3394c3 shorten_expanded: remove loading=lazy from images if enabled 2020-12-11 09:22:30 +03:00
Andrew Dolgov 8479421da4 af_readability: allow appending to original summary instead of always
replacing it, some minor code cleanup
2020-11-26 13:39:47 +03:00
JustAMacUser 65b3926ae5 Ensure proxy_all setting is saved in database. 2020-10-11 01:31:30 -04:00
Andrew Dolgov 38a7a1da88 hide uninteresting errors in several DOMDocument->loadHTML() invocations 2020-10-01 13:20:07 +03:00
Andrew Dolgov 215f388992 move timestamp-related stuff to a separate class 2020-09-23 13:04:26 +03:00
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 2020-09-22 09:04:33 +03:00
Andrew Dolgov a4525d31b2 replace FALSE with false so that static analyzer shuts up about it 2020-09-17 19:02:27 +03:00
Andrew Dolgov d8619b9a84 auth_internal: cast OTP code to integer before trying to check it 2020-09-17 16:50:34 +03:00
Andrew Dolgov a817d3794d * use get_random_bytes() for CSRF token
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
Andrew Dolgov 0757ad0406 auth_internal: use type-strict comparison when checking OTP code 2020-09-17 08:46:57 +03:00
Andrew Dolgov 91e1542a82 af_proxy_http: require separate token to access imgproxy 2020-09-15 10:59:57 +03:00
Andrew Dolgov 79f102c25d af_proxy_http: never print received data directly, always redirect to cached_url
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
Andrew Dolgov 0758397dd8 af_redditimgur: don't add embedded blank gif image for rewritten videos 2020-09-15 06:55:22 +03:00
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov c352e872e9 core: pass found enclosures to HOOK_ARTICLE_FILTER
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
Nathan Warner f8d96543de Created hotkeys_force_top plugin
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
Andrew Dolgov 9ae9302b6b implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7 2020-05-17 08:25:51 +03:00
Andrew Dolgov 5e77d0062b use intersection observer to unpack visible articles, remove Headlines.unpackVisible() 2020-05-13 07:28:13 +03:00
Andrew Dolgov a802649d53 rename cdmScrollToId to cdmMoveToId
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov 4e74da590e af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding 2020-02-28 08:03:25 +03:00
Andrew Dolgov 96fa6e3002 af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters 2020-02-27 12:15:56 +03:00
Andrew Dolgov ba7f7e72db af_comics: mention that Far Side needs cached media 2020-02-27 11:44:18 +03:00
Andrew Dolgov 61168847ac af_comics: escape all template urls 2020-02-27 10:25:00 +03:00
Andrew Dolgov 3b62150abd use canonical fetch url for Far Side 2020-02-27 10:24:12 +03:00
Andrew Dolgov db8a1f76c7 remove unnecessary debugging from previous 2020-02-27 10:20:16 +03:00
Andrew Dolgov 9b4053b1ea af_comics: add experimental support for The Far Side 2020-02-27 10:19:09 +03:00
Andrew Dolgov b159bbe55d af_readability: sanitize content requested for embedding 2020-02-27 08:28:54 +03:00
Andrew Dolgov 3b635c7557 fix plugins/note javascript part broken by previous changeset 2020-02-27 07:59:57 +03:00
Andrew Dolgov 71ff485fbf af_readability: add article button to embed content of a specific article 2020-02-27 07:57:22 +03:00
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
koffieanon 3a3c74dfa4 Also match images with query string (size, tokens, etc). 2020-01-04 17:22:58 +01:00
koffieanon e89dd83f05 Spaces to tabs for consistency. 2020-01-04 17:21:05 +01:00
koffieanon 297a89c2d2 Fix bug processing found due to operator precedence. 2020-01-04 17:20:33 +01:00
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 2019-12-18 14:27:40 +03:00
Andrew Dolgov 219840341c Af_Youtube_Embed: whitelist youtube iframes if enabled 2019-11-27 22:46:43 +03:00
Andrew Dolgov ffa3f9309f af_comics: support buni webtoon episodes 2019-11-18 19:00:08 +03:00
Andrew Dolgov f6090655bf 2fa: check TOTP based on previous secret values (oops of the year, 2019) 2019-11-03 20:47:21 +03:00
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov 249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov 68b0380118 add placeholder authentication via app passwords if service is passed
forbid logins via regular passwords for services
remove AUTH_DISABLE_OTP
2019-11-01 13:03:06 +03:00
Andrew Dolgov 178bcd4349 auth_internal: fix OTP seed checking 2019-11-01 10:34:31 +03:00