Commit Graph

125 Commits (3588d5186ef7321fa573adbb62f42b05d7a138be)

Author SHA1 Message Date
Andrew Dolgov afa0023c51 don't try to update manually disabled feeds even if they haven't been updated before or are marked for a manual update 4 years ago
Andrew Dolgov 7e50c6c4b5 - enable CSRF support earlier
- remove rpc/sanityCheck from CSRF-excluded calls
4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov fdb1fc7608 get_version: fix commit/timestamp lost on subsequent invocations because of misbehaving caching 5 years ago
Andrew Dolgov f30287be65 versioning changes
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974
- report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc
- remove git-related global constants used when checking for updates
5 years ago
Andrew Dolgov 3e4701116d af_readability: add missing file 5 years ago
Andrew Dolgov 4edfb526e1 change version.json endpoint URL 5 years ago
Andrew Dolgov 3bd3324e5a update: add option to send digests 6 years ago
Andrew Dolgov 0b74db5ad7 remove feedbrowser (other feeds) 6 years ago
Andrew Dolgov 38e01270d8 archived feeds: expire old entries (schema bump) 6 years ago
Andrew Dolgov 0517b88cce rpc, catchupfeed: return counters immediately so that frontend can figure out next unread feed correctly 6 years ago
Andrew Dolgov 5c481fb249 rpc/checkforupdates: restrict to administrative access level 6 years ago
Andrew Dolgov 957c44d177 rework git update checking to be initiated by frontend, outside of runtime info output 6 years ago
Andrew Dolgov b66deb3240 rpc/getAllCounters: return seq 6 years ago
Andrew Dolgov d53cdaf815 requestCounters: remove cooldown 6 years ago
Andrew Dolgov 19e24b4fe2 force cast profile id to integer when assigning to session variable 6 years ago
Colin Vidal c217de557f rpc: addfeed: gets login and pass only if need_auth is checked.
Because of browser form auto-completion, the hidden field login and
password can be automatically filled when adding a feed. It would
enable feed authentication even if the user doesn't click on need_auth
button.
7 years ago
Andrew Dolgov 92175a8371 setpref: remove nl2br() 7 years ago
Andrew Dolgov e6532439d6 force strip_tags() on all user input unless explicitly allowed 7 years ago
Andrew Dolgov 731ecac530 completeLabels: use prepare() not query() 7 years ago
Andrew Dolgov b5bf9a0ff3 remove long forgotten stuff related to feed debugging actionbar 7 years ago
Andrew Dolgov 7039370368 pref-prefs: PDO 7 years ago
Andrew Dolgov fbe7cb0a48 rpc: switch to PDO 7 years ago
Andrew Dolgov 5b6ea1ef91 remove pubsubhubbub: dead 8 years ago
Andrew Dolgov e6c886bf66 wrap rssfuncs into rssutils class 8 years ago
Andrew Dolgov 65af3b2cbb move counter stuff to a separate class 8 years ago
Andrew Dolgov aeb1abedb2 move a bunch of functions into Feeds/Article namespaces
+       static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+       static function getLastArticleId() {
+       static function queryFeedHeadlines($params) {
+       static function getParentCategories($cat, $owner_uid) {
+       static function getChildCategories($cat, $owner_uid) {

move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
8 years ago
Andrew Dolgov a230bf88a9 move to Article:
+       static function purge_orphans($do_output = false) {

move to Feeds

+       static function getGlobalUnread($user_id = false) {
+       static function getCategoryTitle($cat_id) {
+       static function getLabelUnread($label_id, $owner_uid = false) {
8 years ago
Andrew Dolgov 86a8351ca2 move the following to Feeds:
+       static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+       static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+       static function subscribe_to_feed($url, $cat_id = 0,
+       static function getFeedIcon($id) {
+       static function getFeedTitle($id, $cat = false) {
+       static function getCategoryUnread($cat, $owner_uid = false) {
+       static function getCategoryChildrenUnread($cat, $owner_uid = false) {
8 years ago
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 8 years ago
Andrew Dolgov 7b55001eee fix various issues reported by static analysis
update gitlab-ci config
8 years ago
Andrew Dolgov 337535416f filter by search results while marking feed as read 8 years ago
Andrew Dolgov 270c0a00e5 improve JS error logging with additional stuff 8 years ago
Andrew Dolgov cb3f877303 reference pubsubhubbub classes using their namespace 8 years ago
Andrew Dolgov cfc2fe50cb fix sql error when subscribing to a feed using feed archive 9 years ago
Andrew Dolgov 79c891a8b7 set smallish timeout on update check, exclude update checking on initial load 9 years ago
Andrew Dolgov 71b75bb7fa fix multiple issues with archived feeds 9 years ago
Andrew Dolgov 9b736a20b3 do not automatically call cleanup_tags() in housekeeping tasks 9 years ago
Andrew Dolgov 86d07d367c rpc, setpref: properly save settings to active profile 9 years ago
Anders Kaseorg 0e653f751e Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC
The undocumented _DISABLE_FEED_BROWSER option added in commit
c39befacb2 turns off the UI for looking
at which feeds other users are subscribed to, but it did not prevent
you from manually constructing an RPC call to get the same data.  This
was a privacy risk for those who consider _DISABLE_FEED_BROWSER
important.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
10 years ago
Andrew Dolgov 4a80c57c50 remove some unused code reported by phpmd 11 years ago
Andrew Dolgov e1f1857d95 fix globalUpdateFeeds failing when no active session exists 11 years ago
Andrew Dolgov 113c3dec9e make globalUpdateFeeds handler use simple update mechanism to prevent script timeouts 12 years ago
Andrew Dolgov 41a7a066ef share: move unsharing all articles into the plugin 12 years ago
Rasmus Lerdorf 6f7798b643 Fixing bugs found by static analysis 12 years ago
Andrew Dolgov e57a1507ae do not use session cookie lifetime for additional cookies 12 years ago
Andrew Dolgov 6bfc97da86 add automatic timezone (based on client tz offset) 12 years ago
Andrew Dolgov f66492d357 better javascript error reporting, save error reports in tt-rss log 12 years ago
Andrew Dolgov 52d88392da move db-prefs to OO 12 years ago
Andrew Dolgov d9c85e0f11 classes: use OO DB interface 12 years ago