Andrew Dolgov
afa0023c51
don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update
4 years ago
Andrew Dolgov
7e50c6c4b5
- enable CSRF support earlier
...
- remove rpc/sanityCheck from CSRF-excluded calls
4 years ago
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov
fdb1fc7608
get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching
5 years ago
Andrew Dolgov
f30287be65
versioning changes
...
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
5 years ago
Andrew Dolgov
3e4701116d
af_readability: add missing file
5 years ago
Andrew Dolgov
4edfb526e1
change version.json endpoint URL
5 years ago
Andrew Dolgov
3bd3324e5a
update: add option to send digests
6 years ago
Andrew Dolgov
0b74db5ad7
remove feedbrowser (other feeds)
6 years ago
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
6 years ago
Andrew Dolgov
0517b88cce
rpc, catchupfeed: return counters immediately so that frontend can figure out next unread feed correctly
6 years ago
Andrew Dolgov
5c481fb249
rpc/checkforupdates: restrict to administrative access level
6 years ago
Andrew Dolgov
957c44d177
rework git update checking to be initiated by frontend, outside of runtime info output
6 years ago
Andrew Dolgov
b66deb3240
rpc/getAllCounters: return seq
6 years ago
Andrew Dolgov
d53cdaf815
requestCounters: remove cooldown
6 years ago
Andrew Dolgov
19e24b4fe2
force cast profile id to integer when assigning to session variable
6 years ago
Colin Vidal
c217de557f
rpc: addfeed: gets login and pass only if need_auth is checked.
...
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
7 years ago
Andrew Dolgov
92175a8371
setpref: remove nl2br()
7 years ago
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
7 years ago
Andrew Dolgov
731ecac530
completeLabels: use prepare() not query()
7 years ago
Andrew Dolgov
b5bf9a0ff3
remove long forgotten stuff related to feed debugging actionbar
7 years ago
Andrew Dolgov
7039370368
pref-prefs: PDO
7 years ago
Andrew Dolgov
fbe7cb0a48
rpc: switch to PDO
7 years ago
Andrew Dolgov
5b6ea1ef91
remove pubsubhubbub: dead
8 years ago
Andrew Dolgov
e6c886bf66
wrap rssfuncs into rssutils class
8 years ago
Andrew Dolgov
65af3b2cbb
move counter stuff to a separate class
8 years ago
Andrew Dolgov
aeb1abedb2
move a bunch of functions into Feeds/Article namespaces
...
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+ static function getLastArticleId() {
+ static function queryFeedHeadlines($params) {
+ static function getParentCategories($cat, $owner_uid) {
+ static function getChildCategories($cat, $owner_uid) {
move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
8 years ago
Andrew Dolgov
a230bf88a9
move to Article:
...
+ static function purge_orphans($do_output = false) {
move to Feeds
+ static function getGlobalUnread($user_id = false) {
+ static function getCategoryTitle($cat_id) {
+ static function getLabelUnread($label_id, $owner_uid = false) {
8 years ago
Andrew Dolgov
86a8351ca2
move the following to Feeds:
...
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+ static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+ static function subscribe_to_feed($url, $cat_id = 0,
+ static function getFeedIcon($id) {
+ static function getFeedTitle($id, $cat = false) {
+ static function getCategoryUnread($cat, $owner_uid = false) {
+ static function getCategoryChildrenUnread($cat, $owner_uid = false) {
8 years ago
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
8 years ago
Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
8 years ago
Andrew Dolgov
337535416f
filter by search results while marking feed as read
8 years ago
Andrew Dolgov
270c0a00e5
improve JS error logging with additional stuff
8 years ago
Andrew Dolgov
cb3f877303
reference pubsubhubbub classes using their namespace
8 years ago
Andrew Dolgov
cfc2fe50cb
fix sql error when subscribing to a feed using feed archive
9 years ago
Andrew Dolgov
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
9 years ago
Andrew Dolgov
71b75bb7fa
fix multiple issues with archived feeds
9 years ago
Andrew Dolgov
9b736a20b3
do not automatically call cleanup_tags() in housekeeping tasks
9 years ago
Andrew Dolgov
86d07d367c
rpc, setpref: properly save settings to active profile
9 years ago
Anders Kaseorg
0e653f751e
Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
...
The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb2
turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data. This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
10 years ago
Andrew Dolgov
4a80c57c50
remove some unused code reported by phpmd
11 years ago
Andrew Dolgov
e1f1857d95
fix globalUpdateFeeds failing when no active session exists
11 years ago
Andrew Dolgov
113c3dec9e
make globalUpdateFeeds handler use simple update mechanism to prevent script timeouts
12 years ago
Andrew Dolgov
41a7a066ef
share: move unsharing all articles into the plugin
12 years ago
Rasmus Lerdorf
6f7798b643
Fixing bugs found by static analysis
12 years ago
Andrew Dolgov
e57a1507ae
do not use session cookie lifetime for additional cookies
12 years ago
Andrew Dolgov
6bfc97da86
add automatic timezone (based on client tz offset)
12 years ago
Andrew Dolgov
f66492d357
better javascript error reporting, save error reports in tt-rss log
12 years ago
Andrew Dolgov
52d88392da
move db-prefs to OO
12 years ago
Andrew Dolgov
d9c85e0f11
classes: use OO DB interface
12 years ago