ttrss

Commit Graph

Author	SHA1	Message	Date
Andrew Dolgov	f2d3cba231	add HTTP_ACCEPT_LANGUAGE handling for php8	2021-02-12 21:20:04 +03:00
Andrew Dolgov	1f2ba932b8	RIP easy-installer	2021-02-12 15:59:19 +03:00
Andrew Dolgov	d23a261b92	RIP self-registration	2021-02-12 15:57:43 +03:00
Andrew Dolgov	8f8675a26a	* filters: remove duplicate code, overall cleanup * check if some tres exist before trying to reload them	2021-02-12 14:31:36 +03:00
Andrew Dolgov	848bc57f29	disable themes in safe mode; rework safe mode warning/login prompt	2021-02-11 21:19:57 +03:00
Andrew Dolgov	cc646790fd	format_backtrace: don't try to use resources as strings	2021-02-11 10:29:42 +03:00
Andrew Dolgov	7833760fa0	make feed/cat nested dropdowns a bit more readable	2021-02-10 08:58:31 +03:00
Andrew Dolgov	7874f6ac58	remove PHPMD.UnusedFormalParameter	2021-02-08 19:42:10 +03:00
Andrew Dolgov	942afb43a1	sanity checks: use better CLI detection, shorten most of the text	2021-02-08 08:49:21 +03:00
Andrew Dolgov	10392ecc28	event log: add pagination	2021-02-06 10:10:54 +03:00
Andrew Dolgov	8b39e6bca7	_color_pack: define variable before using	2021-02-06 09:29:31 +03:00
Andrew Dolgov	a544123b59	fix clean() for arrays and user plugin list	2021-02-06 00:17:41 +03:00
Andrew Dolgov	6e774a58fe	more php8 fixes mostly related to login	2021-02-06 00:12:15 +03:00
Andrew Dolgov	403dca154c	initial WIP for php8; bump php version requirement to 7.0	2021-02-05 23:41:32 +03:00
Andrew Dolgov	33a5ecd2ce	feed editor: show purge interval correctly if FORCE_ARTICLE_PURGE is set	2021-01-07 18:16:42 +03:00
Andrew Dolgov	f59c567831	update_rss_feed: fix BLACKLISTED_TAGS not working properly, simplify tag-related code	2020-12-20 23:12:45 +03:00
wn	c68f2aabc9	Make 'ttrss_error_handler' compatible w/ 8. `2d467abc46/UPGRADING (L43)` `2d467abc46/UPGRADING (L63)`	2020-12-12 10:28:52 -06:00
wn	936b91a7e6	Don't do deprecated 'libxml_disable_entity_loader(true)' under PHP 8. `2d467abc46/UPGRADING (L886)`	2020-12-12 10:28:49 -06:00
wn	6bdf4a1a25	Switch to 'get_error_types()' to ensure availability in 'include/functions.php'. The global in 'sanity_check()' was null... possibly due to circular requires?	2020-12-12 10:28:48 -06:00
wn	08a6f6bde2	Only do sanity checks for self URL if we can create a valid URL. 'sanity_check.php' gets included in 'update.php' and 'update_daemon2.php', where a Host request header is likely not provided.	2020-12-12 10:28:47 -06:00
Andrew Dolgov	65254f5db4	- move sphinx plugin to a separate repo - regenerate config checks without sphinx-related variables	2020-12-11 09:48:34 +03:00
Andrew Dolgov	81c52b4b1e	add support for an override stylesheet which applies to all users	2020-11-30 15:53:32 +03:00
Andrew Dolgov	24cdacd59e	enable Farsi locale in the UI	2020-10-01 10:19:04 +03:00
Andrew Dolgov	8a02a728c8	add DAEMON_UNSUCCESSFUL_DAYS_LIMIT tunable (defaults to 30 days)	2020-09-30 17:03:16 +03:00
Andrew Dolgov	da5deaaca1	set session.cookie_lifetime to 0 initially instead of a rather useless min()	2020-09-30 14:43:53 +03:00
Andrew Dolgov	de22464ea8	schema: add ttrss_feeds.last_successful_update	2020-09-28 14:14:06 +03:00
Andrew Dolgov	215f388992	move timestamp-related stuff to a separate class	2020-09-23 13:04:26 +03:00
Andrew Dolgov	74568df4ff	remove a lot of stuff from global context (functions.php), add a few helper classes instead	2020-09-22 09:04:33 +03:00
Andrew Dolgov	d04ac399ff	clarify some URL validation-related error messages	2020-09-21 20:37:29 +03:00
Andrew Dolgov	3dd4169b5f	clarify some URL validation-related error messages	2020-09-21 20:35:24 +03:00
Andrew Dolgov	4785f21316	update_rss_feed: log effective URL after fetching validate_url: treat scheme as case-insensitive	2020-09-21 20:26:57 +03:00
Andrew Dolgov	486f1d84ed	resolve_redirects: fix previous	2020-09-20 18:14:34 +03:00
Andrew Dolgov	d2867d887a	resolve_redirects: only use three argument version of get_headers() on php 7.1+	2020-09-20 17:27:04 +03:00
Andrew Dolgov	03a337a660	add basic safe mode which doesn't load any user plugins	2020-09-18 15:48:22 +03:00
Andrew Dolgov	4efc3d7b3f	validate_url: relax requirements for URLs, limit additional port/loopback filtering to fetch_file_contents()	2020-09-17 20:20:23 +03:00
Andrew Dolgov	a4525d31b2	replace FALSE with false so that static analyzer shuts up about it	2020-09-17 19:02:27 +03:00
Andrew Dolgov	57fac84516	rename gettext.inc to gettext.inc.php (cosmetic)	2020-09-17 18:56:29 +03:00
Andrew Dolgov	c25edd0024	fetch_file_contents: validate effective URL (after redirects) without CURL	2020-09-17 16:17:33 +03:00
Andrew Dolgov	27e695436f	fetch_file_contents: validate effective URL (after redirects) if using CURL	2020-09-17 15:53:13 +03:00
Andrew Dolgov	5a7e7e1367	don't try to call hash_equals() on unset user token	2020-09-17 10:20:55 +03:00
Andrew Dolgov	f72e6947d5	use hash_equals() correctly	2020-09-17 10:04:00 +03:00
Andrew Dolgov	e3adacc588	fix several cases of Db class being invoked as wrong name (as DB)	2020-09-17 09:18:03 +03:00
Andrew Dolgov	16c86e2fc3	replace some plain http links with https	2020-09-17 09:02:30 +03:00
Andrew Dolgov	a817d3794d	* use get_random_bytes() for CSRF token * get_random_bytes: use PHP7 random_bytes() if it is available * validate CSRF token using hash_equals	2020-09-17 08:59:18 +03:00
Andrew Dolgov	1f79d614c4	fix OTP QR code not displayed because of CSRF token passed as a query parameter use type-strict comparison when validating CSRF token on the backend	2020-09-17 08:43:39 +03:00
Andrew Dolgov	6a4b6cf603	amend previous to 127/8 subnet	2020-09-17 07:37:48 +03:00
Andrew Dolgov	213d6330b1	fetch_file_contents: resolve requested hosts and check for possible loopback address	2020-09-17 07:36:47 +03:00
Andrew Dolgov	88c4dc405e	build_url: also put query parameters and fragment in resulting URL rewrite_relative_url: simplify handling of relative URLs	2020-09-16 21:41:05 +03:00
Andrew Dolgov	da5af2fae0	cached_url: block SVG images because of potential javascript inside	2020-09-16 16:25:20 +03:00
Andrew Dolgov	aeaafefa07	don't pass csrf token as a GET parameter to Article	2020-09-15 16:03:09 +03:00

1 2 3 4 5 ...

1509 Commits