10078 Commits (227b2ae350946758bd93ae3cab0d84dd37b8eea1)

 

All Branches   

Search

Author	SHA1	Message	Date
Andrew Dolgov	05744bb474	fix updater never scheduling feeds for update if they never been updated before while having default update interval set	4 years ago
Andrew Dolgov	8fb2baecdc	another hack for validation of URLs with invalid characters	4 years ago
Andrew Dolgov	a897c4165b	validate URLs: convert IDN to punycode before passing URL to filter_var()	4 years ago
Andrew Dolgov	6811d0bde2	use self:: in some places to invoke static methods from the same class	4 years ago
Andrew Dolgov	b5710baf34	- don't fail on non-ascii characters when validating URLs ... - fix IDN hostnames not being converted properly	4 years ago
Andrew Dolgov	e3780050e7	Merge branch 'weblate-integration'	4 years ago
Andrew Dolgov	490df818aa	router: only allow functions without required parameters as handler methods	4 years ago
Andrew Dolgov	ab6aa0ad3e	fix previous re: resolve_redirects	4 years ago
Andrew Dolgov	74568df4ff	remove a lot of stuff from global context (functions.php), add a few helper classes instead	4 years ago
Glandos	4d6c80b198	Translated using Weblate (French) ... Currently translated at 100.0% (727 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/fr/	4 years ago
Andrew Dolgov	41fbd3f15f	Added translation using Weblate (Persian)	4 years ago
Andrew Dolgov	d04ac399ff	clarify some URL validation-related error messages	4 years ago
Andrew Dolgov	3dd4169b5f	clarify some URL validation-related error messages	4 years ago
Andrew Dolgov	4785f21316	update_rss_feed: log effective URL after fetching ... validate_url: treat scheme as case-insensitive	4 years ago
Andrew Dolgov	486f1d84ed	resolve_redirects: fix previous	4 years ago
Andrew Dolgov	d2867d887a	resolve_redirects: only use three argument version of get_headers() on php 7.1+	4 years ago
Andrew Dolgov	05ef9aac2f	update URL pointing to version.json	4 years ago
fox	7584ecc8a2	Merge branch 'gettext-const-scope' of JustAMacUser/tt-rss into master	4 years ago
JustAMacUser	c8ac9dc7ea	Remove `private` scope for class constants. ... This change branches from the merged patch by Sunil Mohan Adapa's for Debian's package.	4 years ago
Andrew Dolgov	03a337a660	add basic safe mode which doesn't load any user plugins	4 years ago
Andrew Dolgov	3588d5186e	- gettext: merge patch from Sunil Mohan Adapa which rewrites plural parser to not use eval() ... - fix typo in aforementioned patch which caused plurals to never load - update code again to newer PHP constructor syntax	4 years ago
Andrew Dolgov	4f5ae94b62	prevent source errors from crashing gulp watch	4 years ago
Andrew Dolgov	f3803c9e60	add eslint to package.json	4 years ago
Andrew Dolgov	5c1f70348e	add less to package.json	4 years ago
Andrew Dolgov	4efc3d7b3f	validate_url: relax requirements for URLs, limit additional port/loopback filtering to fetch_file_contents()	4 years ago
Andrew Dolgov	a4525d31b2	replace FALSE with false so that static analyzer shuts up about it	4 years ago
Andrew Dolgov	57fac84516	rename gettext.inc to gettext.inc.php (cosmetic)	4 years ago
Andrew Dolgov	d8619b9a84	auth_internal: cast OTP code to integer before trying to check it	4 years ago
Andrew Dolgov	c25edd0024	fetch_file_contents: validate effective URL (after redirects) without CURL	4 years ago
Andrew Dolgov	27e695436f	fetch_file_contents: validate effective URL (after redirects) if using CURL	4 years ago
Andrew Dolgov	afa0023c51	don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update	4 years ago
Andrew Dolgov	f41fdef389	add gulp task for less compilation	4 years ago
Andrew Dolgov	5415a0e033	add makefile for less to css compilation	4 years ago
Andrew Dolgov	37f41a5246	forgotpass: use type strict comparison for reset token	4 years ago
Andrew Dolgov	5a7e7e1367	don't try to call hash_equals() on unset user token	4 years ago
Andrew Dolgov	f72e6947d5	use hash_equals() correctly	4 years ago
Andrew Dolgov	e3adacc588	fix several cases of Db class being invoked as wrong name (as DB)	4 years ago
Andrew Dolgov	16c86e2fc3	replace some plain http links with https	4 years ago
Andrew Dolgov	a817d3794d	* use get_random_bytes() for CSRF token ... * get_random_bytes: use PHP7 random_bytes() if it is available * validate CSRF token using hash_equals	4 years ago
Andrew Dolgov	0757ad0406	auth_internal: use type-strict comparison when checking OTP code	4 years ago
Andrew Dolgov	89d53a7f49	fix typo in previous	4 years ago
Andrew Dolgov	1f79d614c4	fix OTP QR code not displayed because of CSRF token passed as a query ... parameter use type-strict comparison when validating CSRF token on the backend	4 years ago
Andrew Dolgov	6a4b6cf603	amend previous to 127/8 subnet	4 years ago
Andrew Dolgov	213d6330b1	fetch_file_contents: resolve requested hosts and check for possible ... loopback address	4 years ago
Andrew Dolgov	88c4dc405e	build_url: also put query parameters and fragment in resulting URL ... rewrite_relative_url: simplify handling of relative URLs	4 years ago
Andrew Dolgov	9d3c794983	subscribe: allow pre-filling feed URL if passed via query string	4 years ago
Andrew Dolgov	da5af2fae0	cached_url: block SVG images because of potential javascript inside	4 years ago
Andrew Dolgov	33fdde249e	pass CSRF token to opml import and feed icon replace dialogs	4 years ago
Andrew Dolgov	f693ebab21	fix default password nag dialog, load via xhr	4 years ago
Andrew Dolgov	77faa5d523	editFeed: only try to reload feed tree in preferences if its actually there	4 years ago