40f38fc87f
pluginhost: load plugin data automatically (also marks load_data method as private)
4 years ago
33a5ecd2ce
feed editor: show purge interval correctly if FORCE_ARTICLE_PURGE is set
4 years ago
8cc07bc8bd
event log: add severity filtering
4 years ago
6da576dbe4
BLACKLISTED_TAGS: use textarea for editing; normalize value when saving
4 years ago
d2db58de4f
Switch from 'vsprintf' to 'sprintf' in another place.
4 years ago
ef7e679363
Merge branch 'feature/php8' of wn/tt-rss into master
4 years ago
9b7338e807
feed editor: properly show global purging interval as disabled
4 years ago
62da307ef1
Use correct 'sprintf' function and other minor fixes in Pref_Feeds.
4 years ago
a1f8d6941b
Remove duplicate block in 'classes/pref/filters.php'.
...
Also a minor tweak to getting the search filter.
4 years ago
8c4ca7c8ef
Fix some 'isset' checks in 'classes/pref/prefs.php'.
4 years ago
8089fcc762
feed editor: also show default value for purge interval
4 years ago
d48460969d
feed editor: show actual value of default update interval
4 years ago
d1ee30d1ba
prevent horizontal scrolling in filter editor dialog if rules are very long
4 years ago
215f388992
move timestamp-related stuff to a separate class
4 years ago
6811d0bde2
use self:: in some places to invoke static methods from the same class
4 years ago
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
4 years ago
03a337a660
add basic safe mode which doesn't load any user plugins
4 years ago
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
4 years ago
89d53a7f49
fix typo in previous
4 years ago
1f79d614c4
fix OTP QR code not displayed because of CSRF token passed as a query
...
parameter
use type-strict comparison when validating CSRF token on the backend
4 years ago
33fdde249e
pass CSRF token to opml import and feed icon replace dialogs
4 years ago
4a074111b5
user preferences: forbid < and > characters when changing passwords (were silently stripped on save because of clean())
4 years ago
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
fa653f5a43
prefs: show disabled filters properly on mysql
4 years ago
2996a3942f
prefs: show root of filter tree as enabled so it's not grayed out
4 years ago
d01ad09800
eslint-related fixes; move a few things from global context to App
5 years ago
c8cc845d5b
when removing favicon, reset its auto-refresh timer
5 years ago
1f2a721905
allow overriding built-in templates via templates.local
5 years ago
bcbc5ccc78
batchSubscribe: use validationtextarea
5 years ago
f24ece85a6
add validationtextarea control, use it for filter match editor
5 years ago
8645f36c5b
filter test dialog: pass contents via xhr POST
5 years ago
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
5 years ago
60288f02e8
1. feedtree: show counters for marked articles if view-mode == marked
...
2. hide/show relevant counter nodes using css
3. cleanup some counter-related code
4. compile default css into light theme to prevent cache-related issues
5 years ago
5b6d9cee29
prefs layout fixes:
...
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords
2. show explanatory messages when OTP or password changing is not available
3. allow app (API) passwords when using any auth module
5 years ago
6080cca9ca
scrap counter cache system; rework counters to sum() booleans instead
5 years ago
df464e3d0d
update app password notice
5 years ago
76dd74e0d9
add a hidden tweakable which forbids changing passwords
5 years ago
ac95ab4a65
user css dialog: allow saving and applying CSS without closing the dialog
5 years ago
63ce7ea705
add a plugin page warning for plugins using HOOK_FEED_FETCHED, etc
5 years ago
f75fb6bd75
Merge branch 'master' of git.fakecake.org:tt-rss
5 years ago
266a805bfe
line endings + remove : from headings
5 years ago
05dffcff6f
OTP stuff: update notice wording a bit
5 years ago
812a6c9f16
auth_internal: fix indents
5 years ago
249130e58d
implement app password checking / management UI
5 years ago
88cd9e586e
add placeholder UI plumbing for app passwords
5 years ago
904ecc31e2
allow using OTP without GD
5 years ago
2820f41a4b
add notification for OTP being disabled
5 years ago
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
5 years ago
12a542977e
makefeedtree: properly calculate feed total amount in no-categories mode
5 years ago
6825aaff55
update SSL certificate wiki link
5 years ago
Andrew Dolgov