ttrss/classes
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
..
auth add placeholder authentication via app passwords if service is passed 2019-11-01 13:03:06 +03:00
db db_prefs: return null if requested key is unset 2019-04-10 13:39:55 +03:00
feeditem tag-related fixes 2019-11-20 18:56:34 +03:00
handler - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
logger SQL logger: log some parameters 2019-08-20 08:09:05 +03:00
pref - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
api.php move order_by to SQL override logic into a separate function 2020-08-13 11:52:32 +03:00
article.php eslint-related fixes; move a few things from global context to App 2020-06-05 07:44:57 +03:00
backend.php - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
counters.php properly return counters for labels with zero assigned articles 2020-08-29 08:41:52 +03:00
db.php Logger_SQL: use separate PDO connection 2018-09-10 21:49:31 +03:00
dbupdater.php further update CLI schema updater layout to make it more readable 2019-03-07 06:54:05 +03:00
debug.php CLI tools: fix --quiet not working if --log is unset 2018-12-01 10:05:26 +03:00
digest.php allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
diskcache.php - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
dlg.php mark primary button in the default password dialog 2020-01-25 13:08:29 +03:00
feedenclosure.php remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
feeditem.php Store language of entries as indicated by the feed. 2018-08-12 15:27:26 +01:00
feedparser.php parser: force libxml error messages to valid utf8 2019-05-12 10:13:22 +03:00
feeds.php - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
handler.php pluginhost: do not connect via legacy DB api until requested 2017-12-03 14:49:18 +03:00
iauthmodule.php add placeholder authentication via app passwords if service is passed 2019-11-01 13:03:06 +03:00
idb.php remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
ihandler.php remove some redundant php closing tags 2017-04-26 20:24:18 +03:00
labels.php search: add support for label:XXX search keyword 2020-04-04 14:34:08 +03:00
logger.php Logger->log() allow passing context (defaults to '') 2018-09-10 21:32:10 +03:00
mailer.php Fix to_address being logged twice 2019-03-09 20:09:16 +01:00
opml.php OPML: export/import per-feed purge interval 2020-08-10 11:57:39 +03:00
plugin.php pluginhost: remove plugin gettext helpers (moved to plugin base class) 2019-03-05 10:26:23 +03:00
pluginhandler.php af_readability: add missing file 2019-08-16 15:29:24 +03:00
pluginhost.php - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
rpc.php - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
rssutils.php core: pass found enclosures to HOOK_ARTICLE_FILTER 2020-06-24 22:54:14 +03:00
templator.php allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00