Commit Graph

446 Commits

Author SHA1 Message Date
Andrew Dolgov cbcb10a272 Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection 2020-09-15 16:28:09 +03:00
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
2020-09-15 16:12:53 +03:00
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
Andrew Dolgov a922b3cc6d order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting 2020-09-11 07:48:22 +03:00
Andrew Dolgov ddf9227dc4 pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc 2020-08-13 12:23:27 +03:00
Andrew Dolgov dfa65e9374 move order_by to SQL override logic into a separate function 2020-08-13 11:52:32 +03:00
Andrew Dolgov 48be005774 instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp 2020-08-11 13:29:09 +03:00
Andrew Dolgov d01ad09800 eslint-related fixes; move a few things from global context to App 2020-06-05 07:44:57 +03:00
Andrew Dolgov 44b1f0fcc0 search: add support for label:XXX search keyword
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-04-04 14:34:08 +03:00
Andrew Dolgov 5f30061c92 properly calculate marked counters for feeds in nested categories 2020-02-20 15:54:40 +03:00
Andrew Dolgov 0e9e1ad112 getCategoryUnread: return correct unread count for labels category 2020-01-25 12:53:10 +03:00
Andrew Dolgov cdd2b6fd22 getCategoryChildrenUnread: fix typo 2020-01-25 10:00:22 +03:00
Andrew Dolgov a6ced36189 getCategoryCounters: properly calculate counters for child subcategory entries
getCategoryUnread: cleanup
2020-01-25 09:57:28 +03:00
Andrew Dolgov a64b8a7fdb getCategoryUnread: don't return unread counters for Special category because it doesn't make a lot of sense to do so 2020-01-24 15:54:01 +03:00
Andrew Dolgov 6080cca9ca scrap counter cache system; rework counters to sum() booleans instead 2020-01-24 14:25:31 +03:00
Andrew Dolgov 3b29e865b0 support night mode in feed debugger 2020-01-19 10:56:49 +03:00
Andrew Dolgov 9c0235ab66 show current unread counter on headlines toolbar if sidebar is hidden 2019-12-12 07:37:28 +03:00
Andrew Dolgov 565547f5a1 php 7.4 deprecation-related fixes 2019-12-06 07:27:22 +03:00
Andrew Dolgov 06393750c7 headline grouping:
1. block grouping for specific feeds where it doesn't make a lot of sense to do so or flat list fits better (archived, recently read)
2. block per-week grouping for feeds where feed-first grouping makes more sense (fresh, starred, published)
2019-08-30 10:16:38 +03:00
Andrew Dolgov 133c2b482b move rewrite_cached_urls to DiskCache::rewriteUrls() 2019-08-13 12:46:57 +03:00
Andrew Dolgov 088fcf8131 move more globals to more appropriate places
set libxml to always use internal errors
2019-06-20 08:40:02 +03:00
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 2019-06-20 08:14:06 +03:00
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
2019-06-20 07:51:48 +03:00
Andrew Dolgov 270b39a337 queryFeedHeadlines: support start_ts when browsing by tag 2019-06-18 13:10:32 +03:00
Andrew Dolgov 905f038610 search dialog: display active query if searching already 2019-05-20 07:59:53 +03:00
Andrew Dolgov 09f520eda2 fix search query test statement stopping valid modifiers like unread: from working 2019-05-20 07:12:43 +03:00
Andrew Dolgov de713035fd when subscribing, check for valid html content type before checking if requested document has HTML doctype/start element 2019-05-16 10:07:22 +03:00
Andrew Dolgov 84d43a1b44 catchup_feed: invoke HOOK_SEARCH if necessary 2019-05-07 06:57:28 +03:00
Andrew Dolgov ccc0315ef0 better tsquery support:
1. report query syntax errors properly
2. fall back to implicit &-joining only if no joiners are detected in user query, otherwise permit full tsquery syntax
2019-04-30 14:39:08 +03:00
Andrew Dolgov 1cd9b3c866 prevent a fatal error on an invalid tsquery syntax 2019-04-29 21:15:49 +03:00
Michael Kuhn e38fcd6dea Fix button focus issues
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
2019-04-14 12:01:52 +02:00
Andrew Dolgov c936cc3a1f use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience 2019-04-10 13:03:26 +03:00
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
Andrew Dolgov 0b74db5ad7 remove feedbrowser (other feeds) 2019-03-06 20:02:06 +03:00
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 2019-02-23 13:49:40 +03:00
Andrew Dolgov a366da90a6 add label.inline 2019-02-22 12:13:41 +03:00
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
2019-02-22 10:48:56 +03:00
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 2019-02-21 16:21:16 +03:00
Andrew Dolgov 26e57604c0 simplify layout of search and subscribe dialogs 2019-02-21 13:22:31 +03:00
Andrew Dolgov f8836ec080 search dialog fixes
pgsql: get FTS languages list from the database
2019-02-20 15:12:37 +03:00
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 2019-02-20 14:37:59 +03:00
Andrew Dolgov 9e7bbf6809 debugger: use narrow fieldsets for checkboxes 2019-02-19 21:24:00 +03:00
Andrew Dolgov 55d2e5871a feed debugger: dojoify controls 2019-02-19 21:00:15 +03:00
Andrew Dolgov 8cd7f31bde utility css updates 2019-02-19 19:46:09 +03:00
Andrew Dolgov 8b26b8629f headlines-frame: set is-vfeed attribute if result is virtual feed 2019-01-16 21:33:59 +03:00
Andrew Dolgov 4729bdb132 queryFeedHeadlines: fix published field not returned when browsing by tag 2018-12-25 16:19:42 +03:00
Andrew Dolgov 215c9f0f88 fail better if Feeds.view() data failed encoding to JSON 2018-12-24 12:28:11 +03:00
Andrew Dolgov eda4ac2a2b add fallback colors for headline feed titles based on feed name if favicon color is not available 2018-12-12 07:57:37 +03:00
Andrew Dolgov f3c04fc5d8 sync modified scores via mutation observer 2018-12-11 10:30:32 +03:00
Andrew Dolgov 25ca144bb7 score: get correct classes for rows/score icons on the client 2018-12-11 10:00:54 +03:00
Andrew Dolgov a5813bb766 mysql: use date_format() for yyiw part in queryFeedHeadlines() 2018-12-09 20:38:02 +03:00
Michael Kuhn 3484ad2aaf Use IYYY in combination with IW
Otherwise, we could end up with a wrong date, see:
https://community.oracle.com/thread/997899
2018-12-09 18:28:15 +01:00
Andrew Dolgov fa538a6c86 implement year-week sorting window if headlines buffer is grouped by feed titles 2018-12-09 13:35:37 +03:00
Andrew Dolgov 8f5b5ae09e if not enabled, set content_preview to "" instead of null 2018-12-09 04:24:48 +03:00
Andrew Dolgov bd66a9ef28 render article on the client using headlines data 2018-12-08 09:32:14 +03:00
Andrew Dolgov 41e967136f format headlines list: normalize booleans for pdo mysql 2018-12-08 08:23:18 +03:00
Andrew Dolgov 811e1514a3 remove uuid from headlines JSON output 2018-12-07 22:14:32 +03:00
Andrew Dolgov 3b7a9219f6 viewfeed: cleanup unneeded stuff from server JSON output 2018-12-07 21:52:41 +03:00
Andrew Dolgov 76885fc5ad viewfeed: general code cleanup 2018-12-07 21:22:51 +03:00
Andrew Dolgov 8f75b06835 implement feed grouping display, remove unneeded server vgrlf passing 2018-12-07 21:11:50 +03:00
Andrew Dolgov 0b84d1d0dc viewfeed: add orig_feed object 2018-12-07 18:38:27 +03:00
Andrew Dolgov e075e6141b json-viewfeed updates 2018-12-07 18:24:56 +03:00
Andrew Dolgov 249c93a228 initial for js templates 2018-12-07 16:00:11 +03:00
Andrew Dolgov e9cf8e8e35 normalize archived articles output in headlines 2018-12-06 19:00:11 +03:00
Andrew Dolgov 26c074ed7e rework article header to use flexbox 2018-12-06 16:35:57 +03:00
Andrew Dolgov b4c2b26822 remove collapse.png 2018-12-06 15:28:11 +03:00
Andrew Dolgov 0b8cbc9156 remove some bitmaps and rework stuff using it to use iconfont instead 2018-12-06 15:22:52 +03:00
Andrew Dolgov d2d2cb7e7d rework scoring display, JS processing and icons 2018-12-06 14:23:45 +03:00
Andrew Dolgov 8b2286305e and again 2018-12-06 13:18:14 +03:00
Andrew Dolgov 1de1426114 Revert "change fresh feed icon"
This reverts commit 69da55b945.
2018-12-06 13:16:53 +03:00
Andrew Dolgov 69da55b945 change fresh feed icon 2018-12-06 13:13:25 +03:00
Andrew Dolgov c700345c96 trgm: use vector icon, replace recently read icon 2018-12-05 22:48:14 +03:00
Andrew Dolgov cad6d1d7fd various icon updates; use new icons in feed tree 2018-12-05 20:26:27 +03:00
Andrew Dolgov a0778577ac remove pub_{set,unset}.png usage in main code 2018-12-05 14:18:03 +03:00
Andrew Dolgov cbd7328cb4 minor fixes to pub/mark icons etc 2018-12-05 14:11:40 +03:00
Andrew Dolgov b65d8384c2 update headlines to use vector icons 2018-12-05 13:58:18 +03:00
Andrew Dolgov 89b213b4bb initial for material-icons 2018-12-05 10:50:50 +03:00
Andrew Dolgov edd348b16c rework not-cdm headline rows to use flex-box 2018-12-05 09:08:02 +03:00
Andrew Dolgov 88c2da72d5 combined mode: use flex-box for header/footer layout 2018-12-05 08:31:13 +03:00
Andrew Dolgov 2621180b54 in three panel mode, attach context menu to the title, instead of entire headlines row 2018-12-05 07:34:16 +03:00
Andrew Dolgov 2ab097b2e5 initial work for flat modern theme 2018-12-04 22:24:31 +03:00
Andrew Dolgov 6befff30d7 updates for flat theme (mostly disable old dijit overrides) 2018-12-04 19:03:42 +03:00
Andrew Dolgov 0b8fef8262 combined unexpanded: respect 'SHOW_CONTENT_PREVIEW' preference 2018-12-04 10:47:50 +03:00
Andrew Dolgov 27b93988e7 add placeholder loading indicator to CDM entries
restore missing "originally from" for archived articles
2018-12-03 20:05:11 +03:00
Andrew Dolgov e76d1fb995 plugins: mail, mailto: remove code from global context 2018-12-03 14:21:50 +03:00
wn_ 6100392bd5 Fix an `onclick` (`Article.editArticleTags` --> `Article.editTags`) 2018-12-02 16:02:03 -06:00
Andrew Dolgov 5ead558e43 move Utils to AppBase where it belongs 2018-12-02 22:08:18 +03:00
Andrew Dolgov ad1b6f0a86 bring back excerpts in unexpanded mode 2018-12-02 19:04:53 +03:00
Andrew Dolgov 874560db54 remove obsolete row selection functions
move getUrlParam() to Utils
2018-12-02 10:33:58 +03:00
Andrew Dolgov 0a18d0b1ed Feeds: shorten some method names
finally rename "view as rss"
2018-12-02 08:57:22 +03:00
Andrew Dolgov 6e625555c9 Headlines: shorten selectArticles 2018-12-02 08:34:08 +03:00
Andrew Dolgov 3678315bea Article, Headlines: shorten several method names 2018-12-02 08:32:13 +03:00
Andrew Dolgov cc26be0793 migrate tt-rss.js contents to App 2018-12-01 21:51:00 +03:00
Andrew Dolgov ab0fadf60d fix vfeed group title CSS in not combined mode 2018-12-01 21:08:15 +03:00
Andrew Dolgov 642c37ea61 further effocts to wrap JS stuff into objects 2018-12-01 21:01:53 +03:00
Andrew Dolgov 4bed9be57d js-ification: start on some common dialogs 2018-12-01 18:25:32 +03:00
Andrew Dolgov 97df81d8d9 even more objectification of JS 2018-12-01 17:54:16 +03:00
Andrew Dolgov d86ddbc635 further objectification of JS code 2018-12-01 17:21:26 +03:00
Andrew Dolgov 049a37aa0e WIP reshuffling of JS global context into separate logical objects 2018-12-01 17:05:35 +03:00
Andrew Dolgov 195180b64d minor refactoring: normalize some function names; cleanup; etc 2018-12-01 11:18:35 +03:00