Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
fa653f5a43
prefs: show disabled filters properly on mysql
2020-07-01 09:49:53 +03:00
Andrew Dolgov
2996a3942f
prefs: show root of filter tree as enabled so it's not grayed out
2020-07-01 09:48:27 +03:00
Andrew Dolgov
d01ad09800
eslint-related fixes; move a few things from global context to App
2020-06-05 07:44:57 +03:00
Andrew Dolgov
c8cc845d5b
when removing favicon, reset its auto-refresh timer
2020-05-22 15:06:52 +03:00
Andrew Dolgov
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
Andrew Dolgov
bcbc5ccc78
batchSubscribe: use validationtextarea
2020-02-28 14:03:29 +03:00
Andrew Dolgov
f24ece85a6
add validationtextarea control, use it for filter match editor
2020-02-28 13:53:45 +03:00
Andrew Dolgov
8645f36c5b
filter test dialog: pass contents via xhr POST
2020-02-28 12:16:54 +03:00
Andrew Dolgov
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
2020-02-22 16:22:44 +03:00
Andrew Dolgov
60288f02e8
1. feedtree: show counters for marked articles if view-mode == marked
...
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
2020-02-20 14:14:45 +03:00
Andrew Dolgov
5b6d9cee29
prefs layout fixes:
...
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
2020-02-18 11:51:04 +03:00
Andrew Dolgov
6080cca9ca
scrap counter cache system; rework counters to sum() booleans instead
2020-01-24 14:25:31 +03:00
Andrew Dolgov
df464e3d0d
update app password notice
2019-12-17 14:58:31 +03:00
Andrew Dolgov
76dd74e0d9
add a hidden tweakable which forbids changing passwords
2019-12-06 17:45:22 +03:00
Andrew Dolgov
ac95ab4a65
user css dialog: allow saving and applying CSS without closing the dialog
2019-12-06 14:02:30 +03:00
Andrew Dolgov
63ce7ea705
add a plugin page warning for plugins using HOOK_FEED_FETCHED, etc
2019-11-14 07:01:45 +03:00
Andrew Dolgov
f75fb6bd75
Merge branch 'master' of git.fakecake.org:tt-rss
2019-11-01 15:40:15 +03:00
Andrew Dolgov
266a805bfe
line endings + remove : from headings
2019-11-01 15:40:08 +03:00
Andrew Dolgov
05dffcff6f
OTP stuff: update notice wording a bit
2019-11-01 15:27:24 +03:00
Andrew Dolgov
812a6c9f16
auth_internal: fix indents
2019-11-01 15:25:40 +03:00
Andrew Dolgov
249130e58d
implement app password checking / management UI
2019-11-01 15:03:57 +03:00
Andrew Dolgov
88cd9e586e
add placeholder UI plumbing for app passwords
2019-11-01 12:23:11 +03:00
Andrew Dolgov
904ecc31e2
allow using OTP without GD
2019-11-01 10:32:58 +03:00
Andrew Dolgov
2820f41a4b
add notification for OTP being disabled
2019-10-09 09:10:43 +03:00
Andrew Dolgov
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
2019-10-09 09:04:51 +03:00
Andrew Dolgov
12a542977e
makefeedtree: properly calculate feed total amount in no-categories mode
2019-08-21 19:32:27 +03:00
Andrew Dolgov
6825aaff55
update SSL certificate wiki link
2019-08-02 08:03:20 +03:00
Andrew Dolgov
e8523733b0
filter dialog: add inline regexp checker
2019-07-12 12:40:42 +03:00
Andrew Dolgov
86a014f23b
add placeholder Filters.filterDlgCheckRegExp
2019-07-12 10:47:18 +03:00
Andrew Dolgov
088fcf8131
move more globals to more appropriate places
...
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov
4fa9aee4e7
move several more global functions to more appropriate classes
2019-06-20 08:14:06 +03:00
Andrew Dolgov
6d746453c7
get_feeds_from_html: remove XML preamble hack
...
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov
d36b64d8a7
event log: simplify styles, prevent horizontal scrolling
...
sql logger: clip context length to 8kb
2019-05-31 10:31:43 +03:00
Andrew Dolgov
4b74491b8b
feed tree: set placeholder feed unread value to -1
2019-05-06 09:32:08 +03:00
Michael Kuhn
e38fcd6dea
Fix button focus issues
...
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Michael Kuhn
4a2a90c980
Fix focus issues with hotkeys
...
Since making use of keypress in addition to keydown, hotkeys did not
work in certain scenarios, including clicking on the feed tree expanders
or empty spaces of the toolbar.
This issue is caused by dijit.Tree and dijit.Toolbar implementing the
_KeyNavMixin, which explicitly stops propagation of keypress events.
This change contains two main fixes plus a smaller hotfix:
1. It overrides _onContainerKeydown and _onContainerKeypress for
fox.FeedTree (which inherits from dijit.Tree).
2. It adds fox.Toolbar, which overrides _onContainerKeydown,
_onContainerKeypress and focus. This fixes hotkeys being swallowed
and the first focusable child receiving focus when clicking on an
empty space of the toolbar.
3. It adds the same handling of keydown and keypress to the prefs hotkey
handler as is done in the main hotkey handler.
2019-04-13 22:34:57 +02:00
Andrew Dolgov
ed22473272
feed editor: use DEFAULT_SEARCH_LANGUAGE as a default per-feed dropdown value
2019-04-10 13:08:32 +03:00
Andrew Dolgov
c936cc3a1f
use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience
2019-04-10 13:03:26 +03:00
Andrew Dolgov
019f4578bc
fix feed icon upload not working, rework form to use FormData/ajax
2019-03-14 09:08:44 +03:00
Andrew Dolgov
241d646fba
batch subscribe: stop dialog from being submitted twice
2019-03-10 09:20:46 +03:00
Andrew Dolgov
19f162dbe3
css: insensitive -> text-muted
2019-03-08 10:11:57 +03:00
Andrew Dolgov
371325a899
remove feed editor private checkbox
2019-03-06 20:07:23 +03:00
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
2019-03-06 19:06:05 +03:00
Andrew Dolgov
16a9bdc387
make_password: generate longer passwords by default, use better random function if available
2019-03-05 20:16:50 +03:00
Andrew Dolgov
ef6d2b8a4e
update notifications to make them more visible
...
cleanup some minor stuff in pref-users
2019-03-05 20:09:06 +03:00
Andrew Dolgov
1f2c769c5a
editfeed: mark save button
2019-03-05 19:41:44 +03:00
Andrew Dolgov
b9309b1822
filters: show inverse status in list
2019-03-05 08:52:45 +03:00
Andrew Dolgov
a130da2d1a
add layout hack to unify heights of plugin fieldsets
2019-02-26 15:03:33 +03:00
Andrew Dolgov
8819272db1
prefs-set -> prefs
2019-02-25 19:22:20 +03:00