Commit Graph

100 Commits

Author SHA1 Message Date
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov ddf9227dc4 pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc 2020-08-13 12:23:27 +03:00
Andrew Dolgov 6573541873 * add HOOK_ENCLOSURE_IMPORTED
* pass feed id to HOOK_FEED_PARSED
2020-04-29 11:33:39 +03:00
Andrew Dolgov 208e02c47d PluginHost/save_data: use separate PDO connection to prevent issues with nested transactions 2020-03-10 08:14:00 +03:00
Andrew Dolgov d15f0349bf remove hardcoded iframe domain whitelist, make iframe script whitelisting configurable by plugins (HOOK_IFRAME_WHITELISTED) 2019-11-27 11:52:51 +03:00
jc 8fd11fd53a Add const HOOK_FEED_TREE 2019-10-07 13:46:31 +00:00
jc a243979aaf Add const HOOK_FEED_TREE 2019-10-07 13:44:57 +00:00
Andrew Dolgov 3e4701116d af_readability: add missing file 2019-08-16 15:29:24 +03:00
Andrew Dolgov 865c54abcb fix get_method_url() to use correct method parameter 2019-08-15 20:27:21 +03:00
Andrew Dolgov 10c63ed582 pluginhost: add helper methods to get private/public pluginmethod endpoint URLs 2019-08-15 20:23:45 +03:00
Andrew Dolgov 7f8946f14e pluginhost: implement priority-based system for running hooks 2019-08-15 15:34:09 +03:00
Andrew Dolgov 9d852e052c add HOOK_ARTICLE_IMAGE for Article::get_article_image() 2019-08-15 09:04:42 +03:00
Andrew Dolgov fdb6066bf6 * HOOK_ENCLOSURE_ENTRY: pass article_id to handler
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13 16:40:21 +03:00
Andrew Dolgov 6955b2e02d plugins: add HOOK_GET_FULL_TEXT which may be used to provide full text extraction to core code and other plugins, instead of trying to invoke af_readability specifically 2019-04-17 08:32:35 +03:00
Andrew Dolgov 614a4b3b4a pluginhost: remove plugin gettext helpers (moved to plugin base class) 2019-03-05 10:26:23 +03:00
Andrew Dolgov c1175070a2 add P_sprintf 2019-03-05 10:01:08 +03:00
Andrew Dolgov 72fcc81919 support per-plugin locale directories 2019-03-01 14:25:24 +03:00
Andrew Dolgov 95f63e121a note that HOOK_FORMAT_ARTICLE_CDM is dead for now 2018-12-07 18:35:50 +03:00
Andrew Dolgov a01c33d654 add HOOK_FILTER_TRIGGERED (for filter debugging) 2018-12-06 19:15:00 +03:00
Andrew Dolgov c10a43069e debug logging system rework:
* support various logging levels per-message
 * remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
 * _debug() is kept as a compatibility shim for plugins
2018-11-30 08:34:29 +03:00
Andrew Dolgov 57932e1837 remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class 2018-11-22 14:45:14 +03:00
Andrew Dolgov 3a0292303e php: remove trailing whitespaces 2018-11-03 15:08:43 +03:00
Andrew Dolgov 32c0c07cc1 pluginhost: implement basic autoloader for classes bundled with plugins (uses vendor/ layout) 2018-08-07 14:36:45 +03:00
Andrew Dolgov 6fb5f17be6 pluginhost: always return an array in get_all() 2017-12-17 19:06:18 +03:00
Andrew Dolgov f70d456a5b Merge branch 'master' of git.tt-rss.org:git/tt-rss into pdo-experimental 2017-12-11 12:54:30 +03:00
Andrew Dolgov 7c6f7bb0aa fix some minor issues found by code analyzer 2017-12-03 23:08:04 +03:00
Andrew Dolgov df5d2a0665 pluginhost: do not connect via legacy DB api until requested
log all initiated legacy database connections
2017-12-03 14:49:18 +03:00
Andrew Dolgov f8108cc28d pluginhost: save_data() fixes 2017-12-02 11:31:02 +03:00
Andrew Dolgov 8af94f1292 pluginhost: use PDO 2017-12-02 11:25:43 +03:00
dim0x69 5395526444 add HOOK_UNSUBSCRIBE_FEED 2017-11-27 11:46:46 +01:00
Andrew Dolgov 8b73bd28d8 remove apache-specific x-sendfile stuff
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
2017-10-08 17:14:56 +03:00
wn_ bec5ba93e2 Add 'HOOK_FEED_BASIC_INFO' to enable plugins to provide basic feed info.
It's expected the plugin will return content parsable by FeedParser, which
will act as an interface to the basic feed info.  In the case of a plugin
that also uses 'HOOK_FETCH_FEED', both might return the same content.

The hook signature was made somewhat similar to 'HOOK_FETCH_FEED'.
2017-09-24 19:37:49 -05:00
Andrew Dolgov e50a647916 add HOOK_FORMAT_ARTICLE & HOOK_FORMAT_ARTICLE_CDM
Feeds::format_headlines_list: add some comments for cdm article closing tags
2017-05-26 23:22:00 +03:00
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov 58210301e0 add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy 2017-02-12 16:01:28 +03:00
Andrew Dolgov 6293d3717c add toggle_sidebar plugin, remove obsolete toggle button
add PluginHost::HOOK_MAIN_TOOLBAR_BUTTON
2017-01-07 15:29:17 +03:00
Andrew Dolgov 399678a14e add PluginHost.HOOK_ARTICLE_EXPORT_FEED 2016-03-01 14:39:36 +03:00
Andrew Dolgov 583f163f40 don't init plugins when loading everything to make a list, duh 2015-10-08 17:02:32 +03:00
Andrew Dolgov b87744534a add plugin-based filter actions (see example plugin in attic)
bump schema
2015-08-11 23:28:42 +03:00
Andrew Dolgov 5914f31981 pluginhost: mention that update task & housekeeping hooks are for global plugins only 2015-06-15 21:41:55 +03:00
Andrew Dolgov ca5d39e866 pluginhost: assume plugins.local exists 2015-06-05 18:10:17 +03:00
Andrew Dolgov 7c0a2ab202 pluginhost: allow loading user plugins from plugins.local 2015-06-05 17:54:52 +03:00
Andrew Dolgov 945346cbff add HOOK_RENDER_ENCLOSURE & af_youtube_embed plugin 2015-04-21 14:07:20 +03:00
Andrew Dolgov 7eb87b80d5 add pluginhost HOOK_HEADLINES_BEFORE (refs #814) 2014-08-19 14:24:34 +04:00
wltb 01465325b4 Add subscribe hook, give more information to fetch_feed hook 2014-05-19 14:06:52 +02:00
Dave Zaikos 2bb11658a8 Added HOOK_FORMAT_ENCLOSURES plugin hook.
Runs HTML and enclosures array through a plugin hook when rendering an article's enclosures in format_article_enclosures(). Allows plugins to override handling of how enclosures are presented by either filtering the array of enclosures, or generating the HTML to add to the article content.
2014-05-12 00:59:27 -04:00
Rob Hoelz baaf4c3043 Make search mechanism pluggable
Currently, TinyTinyRSS can use raw SQL or the Sphinx search engine
for searching.  It would be nice if other search engines (such as
Xapian) could be used, or if features of the underlying SQL engine
(such as MySQL's FULLTEXT indexes) could be leveraged.  This commit
makes searching into a plugin hook, falling back to the builtin behavior
if no search plugin is active.  The Sphinx search behavior has been
broken out into a plugin.
2014-04-23 04:49:54 +00:00
Andrew Dolgov 84e36b61a3 make_init_params: add plugins 2014-03-14 15:06:37 +04:00
Dave Zaikos a96bb3d88a Fixed a bug in PluginHost::del_hook() where the parameters passed to array_search() were in the incorrect order. 2014-01-25 02:18:27 -05:00