ttrss/plugins
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
..
af_comics allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
af_fsckportal domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense) 2019-03-21 21:08:02 +03:00
af_proxy_http - fix multiple vulnerabilities in af_proxy_http 2020-09-14 19:46:52 +03:00
af_psql_trgm css: insensitive -> text-muted 2019-03-08 10:11:57 +03:00
af_readability rename cdmScrollToId to cdmMoveToId 2020-05-09 08:16:12 +03:00
af_redditimgur core: pass found enclosures to HOOK_ARTICLE_FILTER 2020-06-24 22:54:14 +03:00
af_tumblr_1280 domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense) 2019-03-21 21:08:02 +03:00
af_unburn update phpmd ruleset to use (subset) of cleancode 2017-04-26 20:57:36 +03:00
af_youtube_embed Af_Youtube_Embed: whitelist youtube iframes if enabled 2019-11-27 22:46:43 +03:00
af_zz_noautoplay plugins: run eslint const/let fixes 2018-11-30 08:39:45 +03:00
af_zz_vidmute fix af_zz_vidmute for new chrome breaking muting via setAttribute 2018-09-11 11:46:10 +03:00
auth_internal allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
auth_remote auth_remote: use PDO 2017-12-03 09:21:08 +03:00
auto_assign_labels auto_assign_labels: pass delimiter to preg_quote() to escape slashes properly 2018-02-23 13:31:08 +03:00
bookmarklets bookmarklets: add more info link 2019-02-26 08:15:58 +03:00
cache_starred_images consistency: use DiskCache->exists() to check for present files 2019-08-14 12:52:41 +03:00
close_button close_button: use vector icon 2018-12-09 16:35:00 +03:00
googlereaderkeys Fix missed hotkeys in googlereaderkeys plugin 2019-03-17 17:39:20 +01:00
hotkeys_force_top Created hotkeys_force_top plugin 2020-05-30 22:45:41 -06:00
hotkeys_noscroll implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7 2020-05-17 08:25:51 +03:00
hotkeys_swap_jk Created hotkeys_force_top plugin 2020-05-30 22:45:41 -06:00
mail allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
mailto allow overriding built-in templates via templates.local 2020-03-13 14:40:35 +03:00
no_iframes update phpmd ruleset to use (subset) of cleancode 2017-04-26 20:57:36 +03:00
no_title_counters add PluginHost.HOOK_INIT_COMPLETE (and make no_title_counters use it) 2018-12-08 20:06:07 +03:00
no_url_hashes update phpmd ruleset to use (subset) of cleancode 2017-04-26 20:57:36 +03:00
note fix plugins/note javascript part broken by previous changeset 2020-02-27 07:59:57 +03:00
nsfw add icons to accordion panels in preferences 2018-12-06 08:56:28 +03:00
search_sphinx search_sphinx: convert contructor of the sphinx API library 2019-05-01 09:33:52 +03:00
share dialogs: use semantic markup instead of dlgsec stuff 2019-02-22 10:48:56 +03:00
shorten_expanded use intersection observer to unpack visible articles, remove Headlines.unpackVisible() 2020-05-13 07:28:13 +03:00
toggle_sidebar toggle_sidebar: switch icon on click 2019-03-06 12:52:09 +03:00
vf_shared remove vf_shared pixmap 2018-12-09 16:51:44 +03:00
index.html block listing of several util directories; deny access to config.php 2013-04-11 22:01:10 +04:00