Andrew Dolgov
cbcb10a272
Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection
2020-09-15 16:28:09 +03:00
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov
a922b3cc6d
order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting
2020-09-11 07:48:22 +03:00
Andrew Dolgov
ddf9227dc4
pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc
2020-08-13 12:23:27 +03:00
Andrew Dolgov
dfa65e9374
move order_by to SQL override logic into a separate function
2020-08-13 11:52:32 +03:00
Andrew Dolgov
48be005774
instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-08-11 13:29:09 +03:00
Andrew Dolgov
d01ad09800
eslint-related fixes; move a few things from global context to App
2020-06-05 07:44:57 +03:00
Andrew Dolgov
44b1f0fcc0
search: add support for label:XXX search keyword
...
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-04-04 14:34:08 +03:00
Andrew Dolgov
5f30061c92
properly calculate marked counters for feeds in nested categories
2020-02-20 15:54:40 +03:00
Andrew Dolgov
0e9e1ad112
getCategoryUnread: return correct unread count for labels category
2020-01-25 12:53:10 +03:00
Andrew Dolgov
cdd2b6fd22
getCategoryChildrenUnread: fix typo
2020-01-25 10:00:22 +03:00
Andrew Dolgov
a6ced36189
getCategoryCounters: properly calculate counters for child subcategory entries
...
getCategoryUnread: cleanup
2020-01-25 09:57:28 +03:00
Andrew Dolgov
a64b8a7fdb
getCategoryUnread: don't return unread counters for Special category because it doesn't make a lot of sense to do so
2020-01-24 15:54:01 +03:00
Andrew Dolgov
6080cca9ca
scrap counter cache system; rework counters to sum() booleans instead
2020-01-24 14:25:31 +03:00
Andrew Dolgov
3b29e865b0
support night mode in feed debugger
2020-01-19 10:56:49 +03:00
Andrew Dolgov
9c0235ab66
show current unread counter on headlines toolbar if sidebar is hidden
2019-12-12 07:37:28 +03:00
Andrew Dolgov
565547f5a1
php 7.4 deprecation-related fixes
2019-12-06 07:27:22 +03:00
Andrew Dolgov
06393750c7
headline grouping:
...
1. block grouping for specific feeds where it doesn't make a lot of sense to do so or flat list fits better (archived, recently read)
2. block per-week grouping for feeds where feed-first grouping makes more sense (fresh, starred, published)
2019-08-30 10:16:38 +03:00
Andrew Dolgov
133c2b482b
move rewrite_cached_urls to DiskCache::rewriteUrls()
2019-08-13 12:46:57 +03:00
Andrew Dolgov
088fcf8131
move more globals to more appropriate places
...
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov
4fa9aee4e7
move several more global functions to more appropriate classes
2019-06-20 08:14:06 +03:00
Andrew Dolgov
6d746453c7
get_feeds_from_html: remove XML preamble hack
...
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov
270b39a337
queryFeedHeadlines: support start_ts when browsing by tag
2019-06-18 13:10:32 +03:00
Andrew Dolgov
905f038610
search dialog: display active query if searching already
2019-05-20 07:59:53 +03:00
Andrew Dolgov
09f520eda2
fix search query test statement stopping valid modifiers like unread: from working
2019-05-20 07:12:43 +03:00
Andrew Dolgov
de713035fd
when subscribing, check for valid html content type before checking if requested document has HTML doctype/start element
2019-05-16 10:07:22 +03:00
Andrew Dolgov
84d43a1b44
catchup_feed: invoke HOOK_SEARCH if necessary
2019-05-07 06:57:28 +03:00
Andrew Dolgov
ccc0315ef0
better tsquery support:
...
1. report query syntax errors properly
2. fall back to implicit &-joining only if no joiners are detected in user query, otherwise permit full tsquery syntax
2019-04-30 14:39:08 +03:00
Andrew Dolgov
1cd9b3c866
prevent a fatal error on an invalid tsquery syntax
2019-04-29 21:15:49 +03:00
Michael Kuhn
e38fcd6dea
Fix button focus issues
...
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Andrew Dolgov
c936cc3a1f
use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience
2019-04-10 13:03:26 +03:00
Andrew Dolgov
19f162dbe3
css: insensitive -> text-muted
2019-03-08 10:11:57 +03:00
Andrew Dolgov
0b74db5ad7
remove feedbrowser (other feeds)
2019-03-06 20:02:06 +03:00
Andrew Dolgov
54c1b5c611
fill in some missing doctypes; use short doctype where it wasn't
2019-02-23 13:49:40 +03:00
Andrew Dolgov
a366da90a6
add label.inline
2019-02-22 12:13:41 +03:00
Andrew Dolgov
335147e572
dialogs: use semantic markup instead of dlgsec stuff
...
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
Andrew Dolgov
4e253add8c
UI: add some more info links to relevant wiki pages; minor layout updates
2019-02-21 16:21:16 +03:00
Andrew Dolgov
26e57604c0
simplify layout of search and subscribe dialogs
2019-02-21 13:22:31 +03:00
Andrew Dolgov
f8836ec080
search dialog fixes
...
pgsql: get FTS languages list from the database
2019-02-20 15:12:37 +03:00
Andrew Dolgov
4d9141d762
simplify dlgSec-related markup
2019-02-20 14:37:59 +03:00
Andrew Dolgov
9e7bbf6809
debugger: use narrow fieldsets for checkboxes
2019-02-19 21:24:00 +03:00
Andrew Dolgov
55d2e5871a
feed debugger: dojoify controls
2019-02-19 21:00:15 +03:00
Andrew Dolgov
8cd7f31bde
utility css updates
2019-02-19 19:46:09 +03:00
Andrew Dolgov
8b26b8629f
headlines-frame: set is-vfeed attribute if result is virtual feed
2019-01-16 21:33:59 +03:00
Andrew Dolgov
4729bdb132
queryFeedHeadlines: fix published field not returned when browsing by tag
2018-12-25 16:19:42 +03:00
Andrew Dolgov
215c9f0f88
fail better if Feeds.view() data failed encoding to JSON
2018-12-24 12:28:11 +03:00
Andrew Dolgov
eda4ac2a2b
add fallback colors for headline feed titles based on feed name if favicon color is not available
2018-12-12 07:57:37 +03:00
Andrew Dolgov
f3c04fc5d8
sync modified scores via mutation observer
2018-12-11 10:30:32 +03:00
Andrew Dolgov
25ca144bb7
score: get correct classes for rows/score icons on the client
2018-12-11 10:00:54 +03:00