Commit Graph

9384 Commits

Author SHA1 Message Date
Anders Kaseorg 88946d331a Replace all setTimeout strings with functions
This fixes a cross-site scripting vulnerability.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 16:52:27 -05:00
Andrew Dolgov 0047f2578f Merge branch 'lib-upgrades' into 'master'
Third-party library upgrades

* lib: Upgrade php-gettext from 1.0.11 to 1.0.12
* lib: Upgrade accept-to-gettext.php from 2003-08-14 to 2007-04-01
* lib: Upgrade JShrink from 0.5.1 to 1.1.0
* lib: Upgrade mobile-detect from svn r44 (2012-05-03) to 2.8.24 (2016-11-11)
* lib: Upgrade php-publisher from ??? to a5d6a0e (2016-11-15)
* lib: Upgrade php-subscriber from ??? to 1213f89 (2016-11-15)
* lib: Upgrade script.aculo.us from 1.8.3 to 1.9.0
* lib: Upgrade timezones.txt from 2010k/l/m/n/2011a to 2016j

See merge request !40
2017-01-21 23:06:35 +03:00
Andrew Dolgov 6be7fe00ae Merge branch 'prototype-1.7.3' into 'master'
lib: Upgrade Prototype from 1.7 to 1.7.3

Are you sure you want these as separate merge requests?  The rest of the upgrades are much less invasive than Dojo, with essentially no changes outside of `lib`.  I would of course leave them as separate commits in any case, but I had assumed they would be more convenient to test in one batch.

See merge request !39
2017-01-21 23:02:22 +03:00
Anders Kaseorg 566e8574fb lib: Upgrade timezones.txt from 2010k/l/m/n/2011a to 2016j
https://www.iana.org/time-zones

The local change adding Automatic was preserved; the local change
removing Zulu was not.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg 4ad37eda21 lib: Upgrade script.aculo.us from 1.8.3 to 1.9.0
https://script.aculo.us/

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg becd215a75 lib: Upgrade php-subscriber from ??? to 1213f89 (2016-11-15)
https://github.com/pubsubhubbub/php-subscriber

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg 5ddc3e274d lib: Upgrade php-publisher from ??? to a5d6a0e (2016-11-15)
https://github.com/pubsubhubbub/php-publisher

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg e0c232b8f1 lib: Upgrade mobile-detect from svn r44 (2012-05-03) to 2.8.24 (2016-11-11)
https://github.com/serbanghita/Mobile-Detect

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg 22f5fdf810 lib: Upgrade JShrink from 0.5.1 to 1.1.0
https://github.com/tedivm/JShrink

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg 8eaad18b8c lib: Upgrade accept-to-gettext.php from 2003-08-14 to 2007-04-01
http://grep.be/data/accept-to-gettext.inc

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Anders Kaseorg 526096f06a lib: Upgrade php-gettext from 1.0.11 to 1.0.12
https://launchpad.net/php-gettext

The local change to rename the gettext_reader function to
__construct (commit 00b6b66827) has been
preserved.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 15:01:14 -05:00
Andrew Dolgov b80101ef2d addendum to the previous 2017-01-21 23:00:05 +03:00
Andrew Dolgov ee575027fd assorted CSS fixes related to Dojo upgrade 2017-01-21 22:58:32 +03:00
Andrew Dolgov 157944d424 set .loadingExpando height to a correct value 2017-01-21 22:39:41 +03:00
Anders Kaseorg e3cfa33ba9 lib: Upgrade Prototype from 1.7 to 1.7.3
http://prototypejs.org/

The local change from ‘on’ to ‘p_on’ for Dojo compatibility has been
preserved.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 14:35:26 -05:00
Andrew Dolgov 84012df5cd prefs: auto expand feed tree 2017-01-21 22:33:23 +03:00
Andrew Dolgov b7d63a58db fix loading indicator position/size for tree leafs 2017-01-21 22:30:20 +03:00
Andrew Dolgov 7fbc10c236 force-enable persist for feedTree 2017-01-21 22:21:46 +03:00
Andrew Dolgov e2e2479984 Merge branch 'dojo-1.12.1'
Conflicts:
	js/prefs.js
2017-01-21 21:59:17 +03:00
Andrew Dolgov ab235fc5f1 prefs: add updateSelectedPrompt shim called by toggleSelectedRow() 2017-01-21 21:49:10 +03:00
Andrew Dolgov 1c4f5e8390 add dependency on dojo/_base/html 2017-01-21 21:47:44 +03:00
Anders Kaseorg 6887a0f573 lib: Upgrade Dojo and Dijit from 1.8.3 to 1.12.1
The itemNode and expandoNode elements have changed from img to
span (https://bugs.dojotoolkit.org/ticket/16699), so we now put our
tree icons inside them rather than replacing them.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 13:22:14 -05:00
Anders Kaseorg 9f539be3c2 Replace deprecated dojo.place with domConstruct.place
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 13:22:13 -05:00
Anders Kaseorg 6a11634c93 dojo: Build dojo/dom-construct
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2017-01-21 13:22:13 -05:00
Andrew Dolgov c606bd5741 tweak the enclosure dropdown display a little bit for less-readable urls 2017-01-17 14:04:00 +03:00
Andrew Dolgov db92edd1aa update phpmailer 2017-01-16 16:30:01 +03:00
Andrew Dolgov f6bcb5c606 Merge branch 'subscribe-idn-feed' into 'master'
Subscribe to feed with Internationalized Domain Name

Currently you cannot subscribe to feeds on hosts with internationalized domain names (IDNA) within tt-rss. You need to manually convert them to punycode to subscribe to them.

This patch adds code to detect IDNA and convert them to punycode in fix_url() if possible on the system. This requires PHP IDN functions (e.g. on Debian Jessie this needs php5-intl to be installed), so a notice is added to the installer sanity check.

See merge request !37
2017-01-16 11:36:00 +03:00
Andrew Dolgov 6b06a609af headlines toolbar: move selection links into the dropdown 2017-01-07 17:03:58 +03:00
Andrew Dolgov 6293d3717c add toggle_sidebar plugin, remove obsolete toggle button
add PluginHost::HOOK_MAIN_TOOLBAR_BUTTON
2017-01-07 15:29:17 +03:00
Andrew Dolgov 4822485a74 hide selected_prompt on low width screens 2017-01-07 14:59:30 +03:00
Andrew Dolgov 17a8e61d2a deprecate encrypted feed passwords because mcrypt is getting removed from php 7.1
1. transparent decryption for existing installs stays for the time being
2. new passwords are not going to be encrypted even if FEED_CRYPT_KEY is defined
3. added update.php --decrypt-feeds to bulk decrypt existing encrypted passwords
4. updated install to not auto-generate crypt key
5. added warning to config.php-dist
2017-01-07 14:25:46 +03:00
Andrew Dolgov 370fe2bdcd Merge branch 'fclose-before-unlink-updater' into 'master'
If Windows, fclose() before unlink() in updater.php

Windows barks an error if you try to unlink() a file while the pointer is still open(); If running under Windows, fclose() the handle before the unlink();

See merge request !36
2017-01-06 20:18:06 +03:00
tsimmons 9973b13e19 Make sure we are running on Windows before fclose() to avoid race condition possible in Nix. 2017-01-06 11:06:09 -06:00
tsimmons 8231c039ed Close lockfile handle before trying to unlink during update. 2017-01-05 15:56:24 -06:00
Andrew Dolgov 8b8568e9a3 edit tags dialog: fix height 2017-01-04 10:40:09 +03:00
Andrew Dolgov 8de58e1798 mail plugin: i guess rows= on dijit text areas doesn't work now 2017-01-04 10:37:44 +03:00
Andrew Dolgov eee818c46a ttrssmailer: include phpmailer's smtp class 2017-01-04 10:33:24 +03:00
Bernhard Thaler 62958fe9dc convert to punycode for feed on idn hostname 2017-01-02 22:50:26 +01:00
Andrew Dolgov 832aa24943 update phpmailer (again) 2016-12-29 07:37:10 +03:00
Andrew Dolgov d518096b83 update phpmailer 2016-12-26 22:26:16 +03:00
Andrew Dolgov 73c4e7ddf2 edit tags dialog: enable overflow so that tag completion works properly 2016-12-13 15:26:39 +03:00
Andrew Dolgov 3d5d289077 set_basic_feed_info: fix typo 2016-11-30 14:09:57 +03:00
Andrew Dolgov bfe1eb4e52 rssfuncs: fix warning when trying to update nonexisting feed 2016-11-30 14:03:21 +03:00
Andrew Dolgov 12ff230bc2 maybe we shouldn't escape entry_author twice 2016-11-25 14:04:41 +03:00
Andrew Dolgov f04b12d8e7 category: swap context menu items 2016-11-22 09:11:13 +03:00
Andrew Dolgov e4071d2544 feedparser: fix syntax error 2016-11-11 19:47:09 +03:00
Andrew Dolgov acfee412a3 feed tree: add category context menu entry to un/collapse it 2016-11-11 14:14:31 +03:00
Andrew Dolgov 4a5490dc58 feedparser: fix normalize_encoding() not working properly for some encodings 2016-11-11 14:08:40 +03:00
Andrew Dolgov 3bba9c396f fetch_file_contents: set timeout when not using CURL 2016-10-24 16:12:18 +03:00
Andrew Dolgov e3dceca66b get_article_filters: add unicode modifier to preg_match() 2016-10-19 21:40:58 +03:00