Commit Graph

549 Commits

Author SHA1 Message Date
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov fa653f5a43 prefs: show disabled filters properly on mysql 2020-07-01 09:49:53 +03:00
Andrew Dolgov 2996a3942f prefs: show root of filter tree as enabled so it's not grayed out 2020-07-01 09:48:27 +03:00
Andrew Dolgov d01ad09800 eslint-related fixes; move a few things from global context to App 2020-06-05 07:44:57 +03:00
Andrew Dolgov c8cc845d5b when removing favicon, reset its auto-refresh timer 2020-05-22 15:06:52 +03:00
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
Andrew Dolgov bcbc5ccc78 batchSubscribe: use validationtextarea 2020-02-28 14:03:29 +03:00
Andrew Dolgov f24ece85a6 add validationtextarea control, use it for filter match editor 2020-02-28 13:53:45 +03:00
Andrew Dolgov 8645f36c5b filter test dialog: pass contents via xhr POST 2020-02-28 12:16:54 +03:00
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 2020-02-22 16:22:44 +03:00
Andrew Dolgov 60288f02e8 1. feedtree: show counters for marked articles if view-mode == marked
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
2020-02-20 14:14:45 +03:00
Andrew Dolgov 5b6d9cee29 prefs layout fixes:
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
2020-02-18 11:51:04 +03:00
Andrew Dolgov 6080cca9ca scrap counter cache system; rework counters to sum() booleans instead 2020-01-24 14:25:31 +03:00
Andrew Dolgov df464e3d0d update app password notice 2019-12-17 14:58:31 +03:00
Andrew Dolgov 76dd74e0d9 add a hidden tweakable which forbids changing passwords 2019-12-06 17:45:22 +03:00
Andrew Dolgov ac95ab4a65 user css dialog: allow saving and applying CSS without closing the dialog 2019-12-06 14:02:30 +03:00
Andrew Dolgov 63ce7ea705 add a plugin page warning for plugins using HOOK_FEED_FETCHED, etc 2019-11-14 07:01:45 +03:00
Andrew Dolgov f75fb6bd75 Merge branch 'master' of git.fakecake.org:tt-rss 2019-11-01 15:40:15 +03:00
Andrew Dolgov 266a805bfe line endings + remove : from headings 2019-11-01 15:40:08 +03:00
Andrew Dolgov 05dffcff6f OTP stuff: update notice wording a bit 2019-11-01 15:27:24 +03:00
Andrew Dolgov 812a6c9f16 auth_internal: fix indents 2019-11-01 15:25:40 +03:00
Andrew Dolgov 249130e58d implement app password checking / management UI 2019-11-01 15:03:57 +03:00
Andrew Dolgov 88cd9e586e add placeholder UI plumbing for app passwords 2019-11-01 12:23:11 +03:00
Andrew Dolgov 904ecc31e2 allow using OTP without GD 2019-11-01 10:32:58 +03:00
Andrew Dolgov 2820f41a4b add notification for OTP being disabled 2019-10-09 09:10:43 +03:00
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
Andrew Dolgov 12a542977e makefeedtree: properly calculate feed total amount in no-categories mode 2019-08-21 19:32:27 +03:00
Andrew Dolgov 6825aaff55 update SSL certificate wiki link 2019-08-02 08:03:20 +03:00
Andrew Dolgov e8523733b0 filter dialog: add inline regexp checker 2019-07-12 12:40:42 +03:00
Andrew Dolgov 86a014f23b add placeholder Filters.filterDlgCheckRegExp 2019-07-12 10:47:18 +03:00
Andrew Dolgov 088fcf8131 move more globals to more appropriate places
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 2019-06-20 08:14:06 +03:00
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov d36b64d8a7 event log: simplify styles, prevent horizontal scrolling
sql logger: clip context length to 8kb
2019-05-31 10:31:43 +03:00
Andrew Dolgov 4b74491b8b feed tree: set placeholder feed unread value to -1 2019-05-06 09:32:08 +03:00
Michael Kuhn e38fcd6dea Fix button focus issues
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Michael Kuhn 4a2a90c980 Fix focus issues with hotkeys
Since making use of keypress in addition to keydown, hotkeys did not
work in certain scenarios, including clicking on the feed tree expanders
or empty spaces of the toolbar.

This issue is caused by dijit.Tree and dijit.Toolbar implementing the
_KeyNavMixin, which explicitly stops propagation of keypress events.

This change contains two main fixes plus a smaller hotfix:
1. It overrides _onContainerKeydown and _onContainerKeypress for
   fox.FeedTree (which inherits from dijit.Tree).
2. It adds fox.Toolbar, which overrides _onContainerKeydown,
   _onContainerKeypress and focus. This fixes hotkeys being swallowed
   and the first focusable child receiving focus when clicking on an
   empty space of the toolbar.
3. It adds the same handling of keydown and keypress to the prefs hotkey
   handler as is done in the main hotkey handler.
2019-04-13 22:34:57 +02:00
Andrew Dolgov ed22473272 feed editor: use DEFAULT_SEARCH_LANGUAGE as a default per-feed dropdown value 2019-04-10 13:08:32 +03:00
Andrew Dolgov c936cc3a1f use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience 2019-04-10 13:03:26 +03:00
Andrew Dolgov 019f4578bc fix feed icon upload not working, rework form to use FormData/ajax 2019-03-14 09:08:44 +03:00
Andrew Dolgov 241d646fba batch subscribe: stop dialog from being submitted twice 2019-03-10 09:20:46 +03:00
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
Andrew Dolgov 371325a899 remove feed editor private checkbox 2019-03-06 20:07:23 +03:00
Andrew Dolgov 38e01270d8 archived feeds: expire old entries (schema bump) 2019-03-06 19:06:05 +03:00
Andrew Dolgov 16a9bdc387 make_password: generate longer passwords by default, use better random function if available 2019-03-05 20:16:50 +03:00
Andrew Dolgov ef6d2b8a4e update notifications to make them more visible
cleanup some minor stuff in pref-users
2019-03-05 20:09:06 +03:00
Andrew Dolgov 1f2c769c5a editfeed: mark save button 2019-03-05 19:41:44 +03:00
Andrew Dolgov b9309b1822 filters: show inverse status in list 2019-03-05 08:52:45 +03:00
Andrew Dolgov a130da2d1a add layout hack to unify heights of plugin fieldsets 2019-02-26 15:03:33 +03:00
Andrew Dolgov 8819272db1 prefs-set -> prefs 2019-02-25 19:22:20 +03:00
Andrew Dolgov cbd119c7a3 pref-prefs: fix markup 2019-02-25 19:11:17 +03:00
Andrew Dolgov 52d77dee62 plugin list: update layout 2019-02-25 17:15:05 +03:00
Andrew Dolgov 7724aa9b7c pref-users: fix typo which stopped search from working; quote style stuff 2019-02-23 08:01:29 +03:00
fox e72243edfd Merge branch 'master' of DLange/tt-rss into master 2019-02-23 04:54:57 +00:00
Andrew Dolgov dab81ff7d0 feed editor: fix missing <section> breaking checkbox fieldsets 2019-02-22 12:19:37 +03:00
DLange a539baece2 Fix warning after icon has successfully been moved. 2019-02-22 08:53:18 +01:00
Andrew Dolgov a0636ccc90 Revert "Fix warning after icon has successfully been moved."
This reverts commit 8b73b9812d.
2019-02-22 10:50:28 +03:00
Andrew Dolgov e535a063ca Merge branch 'master' of git.tt-rss.org:fox/tt-rss 2019-02-22 10:49:06 +03:00
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
DLange 8b73b9812d Fix warning after icon has successfully been moved. 2019-02-22 07:25:09 +01:00
Andrew Dolgov 7dbf63693b prefs small update 2019-02-22 06:58:06 +03:00
Andrew Dolgov c2fa0c4416 try to organize preferences better, shorten some descriptions 2019-02-21 22:08:23 +03:00
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 2019-02-21 16:21:16 +03:00
Andrew Dolgov c78425b386 feed edit dialog: add interval label 2019-02-21 14:05:40 +03:00
Andrew Dolgov 1dbfbcfae1 batchSubscribe: use common markup 2019-02-21 13:57:18 +03:00
Andrew Dolgov 4db13b8a17 simplify preference layout, remove some unnecessary css classes 2019-02-21 12:35:40 +03:00
Andrew Dolgov 3880a17e57 pref-prefs: rework personal info tab, remove ugly table markup 2019-02-20 17:21:32 +03:00
Andrew Dolgov 580f8c0883 enlarge feed title 2019-02-20 15:13:47 +03:00
Andrew Dolgov f8836ec080 search dialog fixes
pgsql: get FTS languages list from the database
2019-02-20 15:12:37 +03:00
Andrew Dolgov 063b4f535a filter rule & label dialog updates 2019-02-20 14:58:09 +03:00
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 2019-02-20 14:37:59 +03:00
Andrew Dolgov 205a75dfb9 prefs: show phpinfo on system tab 2019-02-20 08:51:48 +03:00
Andrew Dolgov c11f32ac38 center and rework some utility screens 2019-02-19 14:59:29 +03:00
Andrew Dolgov 734af3357d fix user plugins not saving properly in non-default profiles 2018-12-26 22:04:35 +03:00
Andrew Dolgov 51b069a1ee display filter tree rules as a list 2018-12-19 12:08:06 +03:00
Andrew Dolgov 5f1b39f7dc filter tree: don't crash on search, also search by filter titles 2018-12-19 09:04:04 +03:00
Andrew Dolgov 8c49689fda filter test results: remove table bloat 2018-12-14 17:44:53 +03:00
Andrew Dolgov b6a021461d add night_base so that output files would generate properly, etc 2018-12-11 21:06:02 +03:00
Andrew Dolgov be49b77b14 Revert "use codeflask for user css editor"
This reverts commit daa43e0572.
2018-12-11 20:48:17 +03:00
Andrew Dolgov 66d3dcbc7d update user css info line 2018-12-11 14:31:07 +03:00
Andrew Dolgov daa43e0572 use codeflask for user css editor 2018-12-11 14:25:41 +03:00
Andrew Dolgov 93dfdb2fcd exp: tweak headline label styles 2018-12-10 21:39:12 +03:00
Andrew Dolgov 703351c79e remove theme supports-version etc checking 2018-12-09 11:37:26 +03:00
Andrew Dolgov a68b150601 remove separate classes for various panels, unify under .panel
remove a few other unnecessary css classes/ids
2018-12-07 14:03:33 +03:00
Andrew Dolgov 4fdcc923f0 prefs: reload on user theme change 2018-12-07 10:35:46 +03:00
Andrew Dolgov 3e4326e34d add ttrss_filters2.last_triggered (bump schema version) 2018-12-06 19:37:20 +03:00
Andrew Dolgov 0b8cbc9156 remove some bitmaps and rework stuff using it to use iconfont instead 2018-12-06 15:22:52 +03:00
Andrew Dolgov 15d05e8a26 night.css: do not import default less theme statically
remove themes/default.php (not needed)
compact.css: fixes
2018-12-06 14:49:33 +03:00
Andrew Dolgov 4aa11fe78d set some alt-info buttons; fix missing default submit for create filter dialog 2018-12-06 13:04:39 +03:00
Andrew Dolgov 814e49f8f7 add icons to accordion panels in preferences
fix typo in pref-prefs closing panel tag
2018-12-06 08:56:28 +03:00
Andrew Dolgov fd10614f5d labels: unfortunately we can't rely on caption to selectively clear label_cache (because of json unicode encoding) so clean it completely if label is updated 2018-12-06 08:29:32 +03:00
Andrew Dolgov 0a41c1a6e1 update label rendering (and editor) 2018-12-06 08:26:52 +03:00
Andrew Dolgov 19e24b4fe2 force cast profile id to integer when assigning to session variable 2018-12-06 07:08:54 +03:00
Andrew Dolgov a0b1664620 prefs: change user icon 2018-12-05 21:40:46 +03:00
Andrew Dolgov cad6d1d7fd various icon updates; use new icons in feed tree 2018-12-05 20:26:27 +03:00
Andrew Dolgov 8c5c762a85 some more icon styling updates + user control panel 2018-12-05 16:58:00 +03:00
Andrew Dolgov f3e6e12d46 various minor updates re: icons 2018-12-05 16:48:29 +03:00
Andrew Dolgov b16c57d29c replace plugin.png with scalable icon 2018-12-05 16:37:09 +03:00
Andrew Dolgov 6befff30d7 updates for flat theme (mostly disable old dijit overrides) 2018-12-04 19:03:42 +03:00
Andrew Dolgov f81df37c36 wrap plugin list into border container, like prefs (2) 2018-12-04 15:33:20 +03:00
Andrew Dolgov 0880100f6a wrap plugin list into border container, like prefs 2018-12-04 15:31:21 +03:00
Andrew Dolgov 31e79317b3 normalize various font sizes and families between prefs & main UI
change some dialogs layout a bit to maybe become more readable
2018-12-04 15:22:22 +03:00
Andrew Dolgov 197e80add6 fix several issues related to profile being set to a non-numeric value 2018-12-04 10:47:01 +03:00
Andrew Dolgov 4d4034091a prefs: Prefs global -> Helpers 2018-12-03 12:46:00 +03:00
Andrew Dolgov b3bc638a9f refactor OPML export/import code to be less horrible 2018-12-03 12:26:49 +03:00
wn_ 6f9307aa9a Also fix the 'Create label' `onclick` 2018-12-02 16:15:31 -06:00
Andrew Dolgov 5ead558e43 move Utils to AppBase where it belongs 2018-12-02 22:08:18 +03:00
Andrew Dolgov eeb49d375c uploadIconHandler -> CommonDialogs 2018-12-02 20:57:51 +03:00
Andrew Dolgov 526389b2d3 update notify_* calls to use Notify 2018-12-02 20:56:30 +03:00
Andrew Dolgov d9c5c93cef move some more stuff out of common.js
rework client-side cookie functions a bit
limit dojo cachebust based on server scripts modification time
remove param_escape()
2018-12-02 20:07:57 +03:00
Andrew Dolgov 3a6dae9203 prefs: more of the same, really 2018-12-02 16:29:00 +03:00
Andrew Dolgov b9869dbc01 prefs: remove some more stuff from global context (user management, etc) 2018-12-02 16:17:36 +03:00
Andrew Dolgov 58e54282d3 prefs: move more global functions into matching classes 2018-12-02 15:30:07 +03:00
Andrew Dolgov f26d404890 prefs: move other tree-related functions to respective trees 2018-12-02 12:03:28 +03:00
Andrew Dolgov 60cd467694 embed some pref-feed helper functions into the tree 2018-12-02 11:50:53 +03:00
Andrew Dolgov 2e985d1733 move some label helper functions to prefLabelTree 2018-12-02 11:34:57 +03:00
Andrew Dolgov e23b6e397d prefs: store active tab for reload, remove most old table row functions 2018-12-02 11:25:32 +03:00
Andrew Dolgov 874560db54 remove obsolete row selection functions
move getUrlParam() to Utils
2018-12-02 10:33:58 +03:00
Andrew Dolgov 2f85b50e36 remove toggleSelectListRow2() 2018-12-02 10:16:25 +03:00
Andrew Dolgov 0a18d0b1ed Feeds: shorten some method names
finally rename "view as rss"
2018-12-02 08:57:22 +03:00
Andrew Dolgov 1e2d4410d3 move some more shared stuff to CommonDialogs, Filters, and Utils 2018-12-01 22:39:29 +03:00
Andrew Dolgov 4bed9be57d js-ification: start on some common dialogs 2018-12-01 18:25:32 +03:00
Andrew Dolgov 049a37aa0e WIP reshuffling of JS global context into separate logical objects 2018-12-01 17:05:35 +03:00
Andrew Dolgov 195180b64d minor refactoring: normalize some function names; cleanup; etc 2018-12-01 11:18:35 +03:00
Andrew Dolgov a2ef54cd92 toggleMark, togglePub: refactor implementation
shorten marked/published img CSS classes
2018-12-01 08:20:09 +03:00
Andrew Dolgov 9563e3bcd6 remove expandable CDM headlines 2018-11-30 13:51:54 +03:00
Andrew Dolgov ef129fed2a some more xhrPost refactoring (batchEditSave WIP) 2018-11-30 10:48:50 +03:00
Andrew Dolgov fc0a3050eb use xhrPost is even more places! 2018-11-30 09:23:51 +03:00
Andrew Dolgov c10a43069e debug logging system rework:
* support various logging levels per-message
 * remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
 * _debug() is kept as a compatibility shim for plugins
2018-11-30 08:34:29 +03:00
Andrew Dolgov 55bf4bc1d3 mailer: split to/from name/addresses 2018-11-22 16:36:10 +03:00
Andrew Dolgov 57932e1837 remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class 2018-11-22 14:45:14 +03:00
Andrew Dolgov 3a0292303e php: remove trailing whitespaces 2018-11-03 15:08:43 +03:00
Andrew Dolgov d4fef36237 rewrite per-feed/global strip images to strip media 2018-09-07 10:24:46 +03:00
Andrew Dolgov 069aea5989 remove FEED_CRYPT_KEY and everything related to it
always assume auth_pass_encrypted is false
2018-08-13 15:59:24 +03:00
Andrew Dolgov 310c18e6bb move OTPHP to vendor/; additionally move Base32 class to OTPHP namespace 2018-06-20 18:27:34 +03:00
Andrew Dolgov 4fa64e8446 filter dialog: remove placeholder 2018-03-21 14:02:06 +03:00
Andrew Dolgov e794e434da filter dialog: add tooltip re: filter syntax 2018-03-21 13:38:36 +03:00
tsia 551f3c2c85 fixed "reset to defaults" in preferences 2018-03-15 16:26:50 +00:00
Andrew Dolgov 0a8cdd4b9c remove firefox feed subscribe integration code (obsolete) 2018-03-14 18:15:21 +03:00
Andrew Dolgov c9a5e5aa28 feed editor: expose site_url for editing 2018-03-01 15:43:40 +03:00
Andrew Dolgov f1415df47c prefs: expand feed tree if displaying search results 2018-02-26 11:58:53 +03:00
Andrew Dolgov f6269d1bc4 add special class for feeds with disabled updates 2018-02-08 13:54:06 +03:00
Andrew Dolgov a340b29ba9 pref-feeds: disable tree autoexpand 2018-02-04 09:36:56 +03:00
Andrew Dolgov 67bf38afda savefeedorder, savefilterorder: do not use clean() on json payload 2018-02-04 09:33:28 +03:00
Francesco Turco 1a7277570b fix two-factor authenticaton 2017-12-22 12:29:25 +01:00
Andrew Dolgov d0cce0c7a4 isdefaultpassword: use method_exists() to check for check_password 2017-12-15 12:15:15 +03:00
simonp 5f19596651 Fix typo from previous pull request 2017-12-14 18:43:42 +01:00
Benjamin Collet 44c6a04b61 Check if the auth module supports check_password() method before using it 2017-12-14 18:02:37 +01:00
Andrew Dolgov 9390ddeae2 fix single user mode login failing because of isdefaultpassword() 2017-12-14 19:27:55 +03:00
Andrew Dolgov 1bf468ba1a pref-prefs: set button classes 2017-12-11 18:50:00 +03:00