266c8a6eae
add nsfw.png placeholder
2021-03-07 13:26:03 +03:00
ac6a59914b
nsfw: support API clients
2021-03-07 13:22:38 +03:00
d6fd0d5462
add some icons, remove some words
2021-03-06 23:51:48 +03:00
b649d2240f
split af_zz_noautoplay into a separate repo
2021-03-05 10:17:35 +03:00
c8883d3440
af_comics filters: don't try to load empty html
2021-03-05 10:07:34 +03:00
bc2953b5e7
split no_url_hashes into a separate repo
2021-03-05 09:55:28 +03:00
198c9b4069
split scored_oldest_first into a separate repo
2021-03-05 09:52:45 +03:00
cb4b730e42
split af_unburn
2021-03-04 16:31:48 +03:00
c50a4296a5
split vf_shared
2021-03-04 15:54:44 +03:00
2f6ea8b387
split a bunch of plugins into separate repos
2021-03-04 15:09:56 +03:00
4fda5ccd0e
fix a bunch of bookmarklets login forms not leading back
2021-03-04 13:40:54 +03:00
3b67abb0ea
reddit: import comment counts
2021-03-02 21:32:20 +03:00
7cf12233d7
use ORM when subscribing feeds
2021-03-02 10:11:42 +03:00
70adfd4a74
* sanitize: never rewrite relative links to our own prefix
...
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch
of places
2021-03-02 08:16:41 +03:00
031ee47a3e
don't try to pass string literal NOW() to ORM as a timestamp
2021-03-01 23:07:20 +03:00
8b1a2406e6
userhelper: use orm for a few more user-related things
2021-03-01 19:32:27 +03:00
2d1391a02b
come to think of it, we don't need it at all
2021-03-01 15:50:41 +03:00
dbad39d7a2
auth_internal: don't try to get otp_enabled on old schema
2021-03-01 15:49:44 +03:00
6359259dbb
simplify internal authentication code and bump default algo to SSHA-512
2021-03-01 15:24:18 +03:00
320503dd39
move version-related stuff to Config; fix conditional feed requests
2021-03-01 13:43:37 +03:00
20a844085f
hide version for bundled plugins because it's meaningless; for everything else support showing version using git (if about[0] is null)
2021-03-01 12:11:42 +03:00
7ef72fe0dc
move startup checks to Config, set a bunch of @deprecated annotations
2021-03-01 10:20:21 +03:00
bada1601fc
OTP form: simplify layout, use dojo controls
2021-02-28 14:18:23 +03:00
afc7142250
move all $fetch globals to UrlHelper
2021-02-28 10:12:57 +03:00
78a7b3642f
af_redditimgur: allow adding custom tags for NSFW posts
2021-02-27 13:50:28 +03:00
c521e26a19
use absolute namespace for readability
2021-02-26 19:55:49 +03:00
3fd7856543
* switch to composer for qrcode and otp dependencies
...
* move most OTP-related stuff into userhelper
* remove old phpqrcode and otphp libraries
2021-02-26 19:16:17 +03:00
bc4475b669
add missing composer files
2021-02-26 17:39:57 +03:00
cf1ede0ba8
pull latest readability-php via composer
2021-02-26 17:35:58 +03:00
167c9fc34e
silence php8 warnings in otp secondary login form
2021-02-26 14:25:40 +03:00
c96172fa04
use constants in get_pref()/set_pref()
2021-02-25 14:49:58 +03:00
bd2314170d
implement prefs UI based on new prefs class and a few more things
2021-02-25 12:46:13 +03:00
2ae0b7059f
cleanup some defined-stuff
2021-02-23 09:01:27 +03:00
cae54dad56
af_redditimgur: fix an oopsie
2021-02-23 00:27:52 +03:00
211f699aa0
migrate the rest into Config::
2021-02-22 22:35:27 +03:00
e4107ac952
wip: initial for config object
2021-02-22 21:47:48 +03:00
42173386b3
dirname(__FILE__) -> __DIR__
2021-02-22 17:38:46 +03:00
be4e7b1340
fix several issues reported by phpstan
2021-02-22 14:41:09 +03:00
33fff26869
reinstate HOOK_RENDER_ENCLOSURE
2021-02-22 10:00:50 +03:00
94560132dd
for the most part, deal with filter rules UI
2021-02-21 09:35:07 +03:00
545bcc3e4b
bookmarklets: cleanup some more markup
2021-02-20 08:49:40 +03:00
fc0ebf0891
move bookmarklet-related methods out of public.php into the plugin
2021-02-19 20:21:36 +03:00
cf249d7e8c
modify classname helpers to use element.classList; fix feed debugger & share--get
2021-02-19 19:29:43 +03:00
5cec4eb015
af_readability: fix selector
2021-02-19 18:47:50 +03:00
d445530fa0
format note on the client
2021-02-19 17:15:22 +03:00
660a1bbe01
* switch to xhr.post() almost everywhere
...
* call App.handlerpcjson() automatically on json request (if possible)
* show net/log indicators in prefs
2021-02-19 13:44:56 +03:00
6b43b788d9
migrate xhrJson invocations to the new helper
2021-02-19 10:22:00 +03:00
00310d2d23
cleanup some unused code, fix App.byId() invoked by wrong name
2021-02-19 06:58:50 +03:00
c088e9d9d8
get rid of a few more prototype-isms
2021-02-18 22:23:06 +03:00
70fa423026
initial for RIP prototype/scriptaculous
2021-02-18 21:51:18 +03:00
bed36cbf9f
af_psql_trgm: cleanup
2021-02-18 13:41:40 +03:00
a2c75257f1
bookmarklets: cleanup
2021-02-18 13:16:55 +03:00
d8a99ce06a
remove unneeded headings
2021-02-18 12:45:31 +03:00
39c0fe3697
shorten many invocations of Ajax.Request in inline form methods
2021-02-18 12:27:26 +03:00
ee0b66b6bd
af_proxy_http: markup cleanup
2021-02-18 12:13:13 +03:00
b888bc2091
cache_starred_images: don't try to use undefined array index
2021-02-17 21:54:43 +03:00
e4609c18ef
* add (disabled) shortcut syntax for plugin methods
...
* add controls shortcut for pluginhandler tags
* add similar shortcut for frontend
* allow plugins to selectively exclude their methods from CSRF checking
2021-02-17 21:44:21 +03:00
35b6d63289
af_proxy_http: don't try to proxy back to ourselves
2021-02-17 16:27:52 +03:00
6ecee2abbd
cache_starred_images: minor fixes
2021-02-17 16:17:05 +03:00
ea37d05a83
delete unused mail .pngs
2021-02-17 15:53:58 +03:00
2ac6508fe6
mail, mailto: cleanup markup
2021-02-17 15:53:00 +03:00
2b2833bb4f
plugins: load dialogs via xhr instead of http
2021-02-17 14:56:36 +03:00
4632d6cf55
fix some php8 warnings
2021-02-17 14:14:17 +03:00
538f87e415
af_psql_trgm: don't load dialog via http
2021-02-17 14:08:06 +03:00
00b31c3f53
af_readability: cleanup markup
2021-02-17 13:55:58 +03:00
3c14eed1c2
close_button: fix color not applying
2021-02-17 13:45:38 +03:00
35b6a88146
RIP af_tumblr_1280
2021-02-17 13:36:24 +03:00
7587f2cdc6
af_redditimgur: cleanup markup
2021-02-17 13:35:10 +03:00
91049335eb
af_readability: cleanup markup
2021-02-17 12:36:02 +03:00
9ac6741d24
af_comics: markup cleanup
2021-02-17 12:25:33 +03:00
4325c30a3f
share: markup cleanup
2021-02-17 12:10:19 +03:00
273ada7353
* implement shortcut syntax for exposed plugin methods
...
* move shared article rendering code to share plugin
2021-02-17 09:59:14 +03:00
7adcada324
share plugin: cleanup, fix icon not highlighting properly
2021-02-17 08:52:39 +03:00
0fc783e2b3
cleanup markup in some plugins, make nsfw generate dijit widgets
2021-02-16 22:07:37 +03:00
f58c49beaa
replace a few more controls to new style
2021-02-16 18:50:18 +03:00
bdbbdbb0ed
rework controls to accept parameters as array
2021-02-16 16:59:21 +03:00
1f43d7916c
replace print_hidden with hidden_tag
2021-02-16 14:32:06 +03:00
26d6b84a57
add namespaced controls with unified naming; deprecated old-style control shortcuts
2021-02-16 14:23:00 +03:00
6e06fe2885
shorten_expanded: fix for posts without attachments
2021-02-16 08:31:24 +03:00
bd3c38de84
move bookmarklet-related subscribe_to_feed_url to bookmarklet plugin
2021-02-15 16:41:52 +03:00
166f2d4666
diskcache: unify naming
2021-02-15 16:11:30 +03:00
257efb43c6
article: unify naming
2021-02-15 15:52:28 +03:00
020f062a76
feeds: unify naming
2021-02-15 15:43:07 +03:00
82adb01307
render enclosures on the client
2021-02-15 14:10:46 +03:00
a2e688fcb2
render headline-specific toolbar on the client
2021-02-14 22:17:13 +03:00
15fd23c374
use shortcut echo syntax for php templates
2021-02-14 09:15:51 +03:00
17413078a7
pref feeds: index cleanup, split into several methods, use tabs to maximize space for feed tree, persist feed tree state
2021-02-13 18:32:02 +03:00
3d11c61f32
* OPML import: don't reload everything, just feed tree
...
* dialogs: use auto-destroying dialog for almost all dialogs instead of destroying them manually
* some general dialog-related cleanup
2021-02-12 15:22:10 +03:00
d466284fab
* customizeCSS: client dialog
...
* remove hardcoded width from most dialogs (move to css)
* add helper to easily get dialog from its widget
* rework some dialog buttons to use current object instead of calling dialog by name
2021-02-12 09:02:44 +03:00
7af8744c85
authentication: make logins case-insensitive (force lowercase)
2021-02-11 09:57:57 +03:00
72edab5f1c
close_button: fix warning
2021-02-10 21:40:31 +03:00
7874f6ac58
remove PHPMD.UnusedFormalParameter
2021-02-08 19:42:10 +03:00
51d2deeea9
fix hierarchy of authentication modules, make everything extend Auth_Base and implement hook_auth_user() for pluginhost
2021-02-08 19:11:31 +03:00
363b3629a4
rewrite a few more hooks
2021-02-08 16:52:47 +03:00
9de26d44da
af_psql_trgm: fix warning
2021-02-08 11:47:41 +03:00
d293cbd5a9
fix several warnings related to feed editor
2021-02-08 11:46:43 +03:00
c1ad7acfb9
bookmarklet: encode URL properly so special characters won't get lost
2021-02-07 21:09:27 +03:00
5849a39820
af_redditimgur: don't try to load empty html; fix a warning in update debugger
2021-02-06 10:31:06 +03:00
ce489a724b
fix a few more warnings
2021-02-06 10:23:45 +03:00
9fdeb58fd3
check a few more php8 warnings
2021-02-06 09:51:28 +03:00
6e774a58fe
more php8 fixes mostly related to login
2021-02-06 00:12:15 +03:00
403dca154c
initial WIP for php8; bump php version requirement to 7.0
2021-02-05 23:41:32 +03:00
6c546f37ba
af_redditimgur: handle youtube /embed/ URLs
2021-01-23 08:57:36 +03:00
b30b354b53
af_redditimgur: add some last minute handling for generic preview media URLs provided in JSON
2021-01-22 15:44:44 +03:00
0d1336bd29
af_redditimgur:
...
* draw a basic form for testurl() if no url is given
* only process specific JSON media files/child elements until something is found
* handle generic preview images for self posts (not link posts because
link is handled afterwards)
2021-01-21 08:28:55 +03:00
1ded706f8f
af_redditimgur: cleanup, rework to embed stuff from reddit-provided JSON first
2021-01-19 22:21:57 +03:00
41bde84a92
af_redditimgur: add basic support for reddit galleries
2021-01-18 15:34:05 +03:00
4e95591087
af_redditimgur: shorten href stuff
2021-01-18 14:46:08 +03:00
7a2ad08a7d
scored_oldest_first: update sort caption
2021-01-17 10:50:40 +03:00
c82457e534
add plugins/scored_oldest_first
2021-01-17 10:47:37 +03:00
6d4005f984
af_psql_trgm:
...
1. better debugging output
2. fix incorrect default values being used sometimes
3. remove special workaround for equal titles because trgm extension
seems to be working properly for those now (tested on postgres 11)
4. code cleanup
2021-01-11 12:23:46 +03:00
0868ff9d64
auth_remote: use empty() instead of isset() while checking headers
2021-01-07 11:18:02 +03:00
dc40f69511
fix auth_remote broken by previous commit
2021-01-05 18:55:05 +03:00
8a34084df1
auth_remote: rewrite header checking to be more readable
2021-01-05 10:37:30 +03:00
8764662138
af_redditimgur: also blacklist in-content links
2021-01-03 10:55:57 +03:00
564a24fd78
Add support for HTTP_REMOTE_USER variable for user authentication
2020-12-21 16:56:39 +00:00
9e62513095
af_redditimgur: also rewrite in the API handler
2020-12-20 13:12:50 +03:00
f25ea5355c
af_redditimgur: add option to rewrite reddit URLs to teddit.net
2020-12-20 11:28:48 +03:00
50d089ae59
redditimgur: blacklist github because it usually resolves to a huge profile photo of someone
2020-12-18 08:12:31 +03:00
6f31372b37
Address param order deprecation warning for 'af_redditimgur'.
2020-12-12 10:28:45 -06:00
65254f5db4
- move sphinx plugin to a separate repo
...
- regenerate config checks without sphinx-related variables
2020-12-11 09:48:34 +03:00
43bd3394c3
shorten_expanded: remove loading=lazy from images if enabled
2020-12-11 09:22:30 +03:00
8479421da4
af_readability: allow appending to original summary instead of always
...
replacing it, some minor code cleanup
2020-11-26 13:39:47 +03:00
65b3926ae5
Ensure proxy_all setting is saved in database.
2020-10-11 01:31:30 -04:00
38a7a1da88
hide uninteresting errors in several DOMDocument->loadHTML() invocations
2020-10-01 13:20:07 +03:00
215f388992
move timestamp-related stuff to a separate class
2020-09-23 13:04:26 +03:00
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
2020-09-22 09:04:33 +03:00
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
2020-09-17 19:02:27 +03:00
d8619b9a84
auth_internal: cast OTP code to integer before trying to check it
2020-09-17 16:50:34 +03:00
a817d3794d
* use get_random_bytes() for CSRF token
...
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
2020-09-17 08:59:18 +03:00
0757ad0406
auth_internal: use type-strict comparison when checking OTP code
2020-09-17 08:46:57 +03:00
91e1542a82
af_proxy_http: require separate token to access imgproxy
2020-09-15 10:59:57 +03:00
79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
2020-09-15 08:02:28 +03:00
0758397dd8
af_redditimgur: don't add embedded blank gif image for rewritten videos
2020-09-15 06:55:22 +03:00
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-24 22:54:14 +03:00
f8d96543de
Created hotkeys_force_top plugin
...
Renamed swap_jk to match new naming scheme.
2020-05-30 22:45:41 -06:00
9ae9302b6b
implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7
2020-05-17 08:25:51 +03:00
5e77d0062b
use intersection observer to unpack visible articles, remove Headlines.unpackVisible()
2020-05-13 07:28:13 +03:00
a802649d53
rename cdmScrollToId to cdmMoveToId
...
prevent smooth scrolling when going directly to an article
2020-05-09 08:16:12 +03:00
1f2a721905
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
4e74da590e
af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding
2020-02-28 08:03:25 +03:00
96fa6e3002
af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters
2020-02-27 12:15:56 +03:00
ba7f7e72db
af_comics: mention that Far Side needs cached media
2020-02-27 11:44:18 +03:00
61168847ac
af_comics: escape all template urls
2020-02-27 10:25:00 +03:00
3b62150abd
use canonical fetch url for Far Side
2020-02-27 10:24:12 +03:00
db8a1f76c7
remove unnecessary debugging from previous
2020-02-27 10:20:16 +03:00
9b4053b1ea
af_comics: add experimental support for The Far Side
2020-02-27 10:19:09 +03:00
b159bbe55d
af_readability: sanitize content requested for embedding
2020-02-27 08:28:54 +03:00
3b635c7557
fix plugins/note javascript part broken by previous changeset
2020-02-27 07:59:57 +03:00
Andrew Dolgov
Tony
wn
JustAMacUser
Nathan Warner