Andrew Dolgov
7e50c6c4b5
- enable CSRF support earlier
...
- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15 15:32:17 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
fdb1fc7608
get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching
2019-12-20 18:17:05 +03:00
Andrew Dolgov
f30287be65
versioning changes
...
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
2019-12-05 13:23:54 +03:00
Andrew Dolgov
3e4701116d
af_readability: add missing file
2019-08-16 15:29:24 +03:00
Andrew Dolgov
4edfb526e1
change version.json endpoint URL
2019-08-01 11:51:27 +03:00
Andrew Dolgov
3bd3324e5a
update: add option to send digests
2019-03-21 07:44:39 +03:00
Andrew Dolgov
0b74db5ad7
remove feedbrowser (other feeds)
2019-03-06 20:02:06 +03:00
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
2019-03-06 19:06:05 +03:00
Andrew Dolgov
0517b88cce
rpc, catchupfeed: return counters immediately so that frontend can figure out next unread feed correctly
2019-01-03 10:47:41 +03:00
Andrew Dolgov
5c481fb249
rpc/checkforupdates: restrict to administrative access level
2018-12-16 19:08:41 +03:00
Andrew Dolgov
957c44d177
rework git update checking to be initiated by frontend, outside of runtime info output
2018-12-16 19:05:37 +03:00
Andrew Dolgov
b66deb3240
rpc/getAllCounters: return seq
2018-12-15 13:17:51 +03:00
Andrew Dolgov
d53cdaf815
requestCounters: remove cooldown
2018-12-12 20:06:44 +03:00
Andrew Dolgov
19e24b4fe2
force cast profile id to integer when assigning to session variable
2018-12-06 07:08:54 +03:00
Colin Vidal
c217de557f
rpc: addfeed: gets login and pass only if need_auth is checked.
...
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
2018-01-14 20:55:39 +01:00
Andrew Dolgov
92175a8371
setpref: remove nl2br()
2017-12-04 08:27:25 +03:00
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
2017-12-03 23:35:38 +03:00
Andrew Dolgov
731ecac530
completeLabels: use prepare() not query()
2017-12-03 09:06:43 +03:00
Andrew Dolgov
b5bf9a0ff3
remove long forgotten stuff related to feed debugging actionbar
2017-12-02 15:12:39 +03:00
Andrew Dolgov
7039370368
pref-prefs: PDO
2017-12-02 12:01:56 +03:00
Andrew Dolgov
fbe7cb0a48
rpc: switch to PDO
2017-12-01 23:49:14 +03:00
Andrew Dolgov
5b6ea1ef91
remove pubsubhubbub: dead
2017-05-16 10:41:20 +03:00
Andrew Dolgov
e6c886bf66
wrap rssfuncs into rssutils class
2017-05-05 18:10:07 +03:00
Andrew Dolgov
65af3b2cbb
move counter stuff to a separate class
2017-05-05 11:54:31 +03:00
Andrew Dolgov
aeb1abedb2
move a bunch of functions into Feeds/Article namespaces
...
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+ static function getLastArticleId() {
+ static function queryFeedHeadlines($params) {
+ static function getParentCategories($cat, $owner_uid) {
+ static function getChildCategories($cat, $owner_uid) {
move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
2017-05-04 15:13:02 +03:00
Andrew Dolgov
a230bf88a9
move to Article:
...
+ static function purge_orphans($do_output = false) {
move to Feeds
+ static function getGlobalUnread($user_id = false) {
+ static function getCategoryTitle($cat_id) {
+ static function getLabelUnread($label_id, $owner_uid = false) {
2017-05-04 15:00:21 +03:00
Andrew Dolgov
86a8351ca2
move the following to Feeds:
...
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+ static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+ static function subscribe_to_feed($url, $cat_id = 0,
+ static function getFeedIcon($id) {
+ static function getFeedTitle($id, $cat = false) {
+ static function getCategoryUnread($cat, $owner_uid = false) {
+ static function getCategoryChildrenUnread($cat, $owner_uid = false) {
2017-05-04 14:50:56 +03:00
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov
337535416f
filter by search results while marking feed as read
2017-03-31 11:21:35 +03:00
Andrew Dolgov
270c0a00e5
improve JS error logging with additional stuff
2017-03-05 10:50:15 +03:00
Andrew Dolgov
cb3f877303
reference pubsubhubbub classes using their namespace
2017-01-23 08:20:46 +03:00
Andrew Dolgov
cfc2fe50cb
fix sql error when subscribing to a feed using feed archive
2016-07-05 11:48:36 +03:00
Andrew Dolgov
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
2016-03-30 13:32:49 +03:00
Andrew Dolgov
71b75bb7fa
fix multiple issues with archived feeds
2016-01-26 19:03:05 +03:00
Andrew Dolgov
9b736a20b3
do not automatically call cleanup_tags() in housekeeping tasks
2016-01-04 10:42:24 +03:00
Andrew Dolgov
86d07d367c
rpc, setpref: properly save settings to active profile
2015-09-26 17:31:53 +03:00
Anders Kaseorg
0e653f751e
Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
...
The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb2
turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data. This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2015-05-21 23:53:58 -04:00
Andrew Dolgov
4a80c57c50
remove some unused code reported by phpmd
2014-02-19 15:42:52 +04:00
Andrew Dolgov
e1f1857d95
fix globalUpdateFeeds failing when no active session exists
2013-08-25 17:34:27 +04:00
Andrew Dolgov
113c3dec9e
make globalUpdateFeeds handler use simple update mechanism to prevent script timeouts
2013-07-24 12:55:10 +04:00
Andrew Dolgov
41a7a066ef
share: move unsharing all articles into the plugin
2013-07-11 14:11:41 +04:00
Rasmus Lerdorf
6f7798b643
Fixing bugs found by static analysis
2013-05-07 00:35:10 -07:00
Andrew Dolgov
e57a1507ae
do not use session cookie lifetime for additional cookies
2013-04-29 13:03:28 +04:00
Andrew Dolgov
6bfc97da86
add automatic timezone (based on client tz offset)
2013-04-26 10:31:57 +04:00
Andrew Dolgov
f66492d357
better javascript error reporting, save error reports in tt-rss log
2013-04-20 10:43:21 +04:00
Andrew Dolgov
52d88392da
move db-prefs to OO
2013-04-18 12:00:01 +04:00
Andrew Dolgov
d9c85e0f11
classes: use OO DB interface
2013-04-17 20:12:14 +04:00
Andrew Dolgov
a42c55f02b
fix blank character after opening bracket in function calls
2013-04-17 18:34:18 +04:00
Andrew Dolgov
6322ac79a0
remove $link
2013-04-17 16:48:41 +04:00
Andrew Dolgov
40fe2d7382
remove js-based player, better mp3 support detection for html5 audio
2013-04-16 15:44:38 +04:00
Andrew Dolgov
41694a956d
fix double-escaping possible with encrypted passwords
2013-04-13 18:58:09 +04:00
Andrew Dolgov
ae31704bb3
only unmark articles which had been processed when automarking (for realz)
2013-04-04 09:49:37 +04:00
Andrew Dolgov
4b7726f0b4
rpc: move labelops to article
2013-04-02 14:56:08 +04:00
Andrew Dolgov
9c96a3e28c
rpc: remove getArticles
2013-04-02 14:54:34 +04:00
Andrew Dolgov
c83554bddd
rpc: move completeTags to article
2013-04-02 14:53:36 +04:00
Andrew Dolgov
5df8be5c0a
rpc: move setArticleTags to article
2013-04-02 14:52:21 +04:00
Andrew Dolgov
195187c490
rpc: move several feed-related calls to pref-feeds
2013-04-02 14:47:43 +04:00
Andrew Dolgov
d719b06240
rpc: move setScore to article
2013-04-02 14:41:41 +04:00
Andrew Dolgov
8956b3a607
remove obsolete checkDate stuff
2013-04-02 14:36:00 +04:00
Andrew Dolgov
c88e4a2af3
remove small_article_preview
2013-04-02 14:34:17 +04:00
Andrew Dolgov
96e3ae8cce
move batchAddFeeds to pref-feeds
2013-04-02 14:32:10 +04:00
Andrew Dolgov
76f2113b35
instances: fix a few wrong calls, move genHash method from rpc
2013-04-02 14:27:15 +04:00
Andrew Dolgov
1c9bda915b
move several methods from dlg; fix displayed tags not updated after editing
2013-04-01 11:14:27 +04:00
Andrew Dolgov
c8b693cf7f
implement catchup with selectable updated criteria
2013-03-31 12:37:42 +04:00
Andrew Dolgov
b029f91621
archive: automatically subscribe user to originating feed while unarchiving
2013-03-30 21:59:52 +04:00
Andrew Dolgov
f0d3c94aa7
purge orphans after deleting articles
2013-03-29 15:20:26 +04:00
Andrew Dolgov
b9a06a0e39
retire frankly ridiculous sorting by score/title/date/default
...
keep defaul and oldest first instead of REVERSE_HEADLINES
2013-03-28 20:44:43 +04:00
Andrew Dolgov
cda55d67d0
add cleanup_tags/purge orphans to globalUpdateFeeds and simple update
...
rpc call (closes #636 )
2013-03-28 08:19:31 +04:00
Andrew Dolgov
d2f3467bb6
add a simple appearing preview for unexpanded cdm and normal mode
2013-03-25 16:09:05 +04:00
Andrew Dolgov
efc6553da4
api: implement subscribeToFeed/unsubscribeFeed ( closes #623 )
2013-03-24 14:28:43 +04:00
Andrew Dolgov
5defc29ff8
remove PTITLE kludge; use ajax
2013-03-22 09:49:45 +04:00
Andrew Dolgov
3972bf5981
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
2013-03-22 09:14:55 +04:00
Andrew Dolgov
7fc2e87e17
add headline menu entry to show article url
2013-03-21 23:29:06 +04:00
Joschasa
2a3b6de0ef
remove deprecated theme_image()
2013-03-20 22:59:08 +01:00
Andrew Dolgov
4f7d69e185
detect whether browser supports iframe.sandbox and allow iframes accordingly; allow object and embed elements
2013-03-19 12:49:55 +04:00
Andrew Dolgov
7873d58822
implement proper last_marked/last_published feeds for proper sorting of
...
published and marked virtual feeds, remove sorting by last_read
workaround
api: add pubsubhubbub ping when article is being set published
bump schema
2013-03-17 15:38:21 +04:00
Andrew Dolgov
f03701fe99
store widescreen status in a cookie (refs #539 )
2013-02-20 14:40:13 +04:00
Andrew Dolgov
5b55e9e25c
js: simplify counter updating, remove some unused stuff
2013-02-01 13:09:43 +04:00
Andrew Dolgov
5083271956
move some more functions out of functions.php; fix opml.php failing due to redeclared autoload
2013-01-22 22:36:16 +04:00
Andrew Dolgov
87d7e8507a
split some more functions from functions.php
2013-01-22 22:32:17 +04:00
Andrew Dolgov
6b1a4ecd41
updaterandomfeed: use max_execution_time parameter
2013-01-22 20:07:34 +04:00
Andrew Dolgov
8b83bf5fa1
implement fallback _SIMPLE_UPDATE_MODE
2013-01-22 19:56:46 +04:00
Andrew Dolgov
7d8f56571b
persist widescreen mode in session
2013-01-19 10:55:51 +04:00
Andrew Dolgov
55c7f0923e
split feedbrowser into a separate file
2012-12-24 15:58:29 +04:00
Andrew Dolgov
6c2637d973
move data import/export to a separate plugin
2012-12-24 15:03:19 +04:00
Andrew Dolgov
19b3992b78
remove magpie, fix article filter plugins
2012-12-24 13:45:34 +04:00
Andrew Dolgov
ac22075182
move digest to a separate plugin
2012-12-24 10:16:01 +04:00
Andrew Dolgov
19c7350770
experimental new plugin system
2012-12-23 14:52:18 +04:00
Andrew Dolgov
29064218d0
allow batch setting of article scores
2012-10-31 15:17:49 +04:00
Andrew Dolgov
beb6ce2761
allow setting article score manually
2012-10-31 14:39:26 +04:00
Andrew Dolgov
1b4d1a6b44
sharepopup: implement assigning labels while sharing
2012-10-31 12:55:24 +04:00
Andrew Dolgov
b3682750bb
Revert "sanitize article content when importing data from feed"
...
This reverts commit c7fe1b4e9e
.
Conflicts:
include/functions.php
include/rssfuncs.php
2012-10-29 12:17:28 +04:00
Andrew Dolgov
c7fe1b4e9e
sanitize article content when importing data from feed
2012-10-28 12:44:10 +04:00
Andrew Dolgov
5d7688fe43
rpc: remove unneeded methods
2012-10-28 11:04:26 +04:00
Andrew Dolgov
9a0e28f4da
fix rpc/cdmGetArticle for archived articles
2012-10-28 10:59:27 +04:00
Andrew Dolgov
759e5132a1
subscribe_to_feed: stop fetching URL multiple times while subscribing, various other speedups
2012-09-23 13:38:58 +04:00
Andrew Dolgov
46b781491b
set last_read to NOW() when publishing, order published feed by last read by default, allow overriding order in recently read feed
2012-09-10 10:27:51 +04:00
Andrew Dolgov
8361e72478
implement sharing of arbitrary stuff using bookmarklet and API call, bump API version
2012-09-09 16:05:59 +04:00