Andrew Dolgov
c55fb22bcd
af_zz_imgproxy: rewrite to absolute url; add on-parse article filter hook to handle redirect situation in case frontend has open_basedir (disabled currently)
2017-02-14 18:48:40 +03:00
Andrew Dolgov
b73bf7e2d8
rebase translations
2017-02-14 11:22:37 +03:00
Andrew Dolgov
79ec2f3efd
set error report url to https
2017-02-14 09:32:21 +03:00
Andrew Dolgov
5161460048
bind headlines menu to a selector to avoid remaking it unnecessarily
2017-02-13 23:36:58 +03:00
Andrew Dolgov
3eec1de393
fix vertical position of cdm collapse button in floating title
2017-02-13 22:49:20 +03:00
Andrew Dolgov
20deb5fc32
cdmcollapse/expand: use less convoluted selector queries
2017-02-13 22:45:30 +03:00
Andrew Dolgov
61570c474b
add af_zz_vidmute
2017-02-13 19:21:38 +03:00
Andrew Dolgov
093d463320
af_zz_imgproxy: truncate url in error png
2017-02-13 15:49:41 +03:00
Andrew Dolgov
bf6398650a
af_zz_imgproxy: show GD-based (if possible) error message on proxy failure
2017-02-13 15:25:52 +03:00
Andrew Dolgov
4a23031fcd
rewrite_relative_url: cleanup resulting url path while rewriting
2017-02-13 15:25:21 +03:00
Andrew Dolgov
ab39e213b3
af_zz_imgproxy: disable api render hook: pointless, because api clients won't have an authenticated cookie-based session
2017-02-13 08:46:36 +03:00
Andrew Dolgov
ff4f2b1e0c
af_zz_imgproxy: fix typo
2017-02-13 08:08:19 +03:00
Andrew Dolgov
454292b295
format_article_enclosures: allow embedding .jpeg files
2017-02-12 20:24:29 +03:00
Andrew Dolgov
046a0cc7c8
fix previous, again
2017-02-12 20:23:52 +03:00
Andrew Dolgov
bc83dcb381
af_zz_imgproxy: limit enclosure rewriting to images
2017-02-12 17:32:43 +03:00
Andrew Dolgov
676c7303ca
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2)
2017-02-12 17:02:07 +03:00
Andrew Dolgov
58210301e0
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy
2017-02-12 16:01:28 +03:00
Andrew Dolgov
3891782cf5
Merge branch 'fix-target-blank-vulnerability' into 'master'
...
Prevent target='_blank' vulnerability on dynamic link
This merge request refere to https://tt-rss.org/forum/viewtopic.php?f=8&t=4048
It fix the issue I enconter on some feeds I follow.
Just need to add "noopener" and "noreferrer" on "_blank" link to avoid the vulnerability.
See merge request !46
2017-02-12 14:19:37 +03:00
Jérémy DECOOL
ba2853caac
Prevent target='_blank' vulnerability on dynamic link
2017-02-12 11:01:36 +01:00
Andrew Dolgov
2187322cae
af_zz_imgproxy: redirect to caller url unless called in user context
2017-02-10 22:02:30 +03:00
Andrew Dolgov
4daaf23491
allow user plugins to expose public methods out in a limited fashion
2017-02-10 16:04:28 +03:00
Andrew Dolgov
fafd32e2dc
use get_self_url_prefix() when rewriting cached images
2017-02-10 15:14:47 +03:00
Andrew Dolgov
dc8bd8a640
add some print_checkbox/print_button calls; rename some plugin preference pane titles
2017-02-10 14:57:25 +03:00
Andrew Dolgov
51198e7e40
af_zz_imgproxy: urlencode() url parameter, DUH
2017-02-10 14:41:11 +03:00
Andrew Dolgov
328118d12e
use print_hidden() for hidden dojo form fields
2017-02-10 14:36:21 +03:00
Andrew Dolgov
8cf37284e7
af_zz_imgproxy: add optional setting to proxy all remote images
...
functions: add some form helper methods
2017-02-10 14:17:18 +03:00
Andrew Dolgov
38b3998bbc
af_zz_imgproxy: use inline disposition, misc updates
2017-02-10 12:37:21 +03:00
Andrew Dolgov
c93d43c617
update af_zz_imgproxy to plug into built-in image caching
2017-02-10 12:12:09 +03:00
Andrew Dolgov
7818bfde0b
sanitize: properly handle cached content in archived articles
2017-02-10 12:11:09 +03:00
Andrew Dolgov
c4ebf01e69
add af_zz_imgproxy (initial)
2017-02-10 10:30:48 +03:00
Andrew Dolgov
70c0a8c2e0
pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor.
2017-02-09 23:19:26 +03:00
Andrew Dolgov
3188e863b3
handle_rpc_json: fix netalert button never appearing on JSON parse error
2017-02-09 23:04:34 +03:00
Andrew Dolgov
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
Andrew Dolgov
23c8ef7e36
parse_counters: skip subscribed-feeds id properly
2017-02-04 14:50:50 +03:00
Andrew Dolgov
9c7ebaa08c
cached_image: remove unnecessary basename()
2017-02-04 12:02:17 +03:00
Andrew Dolgov
6358d70d5e
reset local counter cache when feed count changes
2017-02-04 11:57:31 +03:00
Andrew Dolgov
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
Andrew Dolgov
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
Andrew Dolgov
60e97d9e63
af_redditimgur: inline streamable.com videos
2017-01-29 14:36:37 +03:00
Andrew Dolgov
f45a1152bb
af_readability: force utf8 preamble on html document load. no idea why but it seems to work better even for not-unicode sites.
2017-01-28 14:24:48 +03:00
Andrew Dolgov
24c7e4132d
subscribe dialog: do not report errors via alert()
...
fetch_file_contents: reset all globals on start, return error message body when not using curl
subscribe_to_feed: report if cloudflare is in the error message
2017-01-28 12:45:49 +03:00
Andrew Dolgov
80fbc1fdc4
compact.css: remove version tag
2017-01-26 22:43:57 +03:00
Andrew Dolgov
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
Andrew Dolgov
22387de225
preferences: set themes dropdown to default if selected theme is missing
2017-01-26 22:37:22 +03:00
Andrew Dolgov
7d9aac9afa
remove default.css
2017-01-25 12:18:15 +03:00
Andrew Dolgov
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov
7c04f8afeb
increase content font size by 1px
2017-01-25 11:22:53 +03:00
Andrew Dolgov
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
Andrew Dolgov
e304c1473b
Merge branch 'fix-sanitize-dfn' into 'master'
...
sanitize: allow <dfn> tag
### In brief
* Add `<dfn>` tag to allowed tags list
* `<dfn>` represents the defining instance of a term in HTML
* More [information about `<dfn>` on the w3school's website](http://www.w3schools.com/tags/tag_dfn.asp )
### Example
This stops article content such as...
```
Indian tea harvests are divided up by <dfn>flush</dfn>.
```
...from getting turned into...
```
Indian tea harvests are divided up by .
```
See merge request !45
2017-01-25 08:43:50 +03:00
Shane Synan
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00