Andrew Dolgov
0a142912d3
backend handler: require CSRF, remove obsolete code
4 years ago
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov
3e4701116d
af_readability: add missing file
5 years ago
Andrew Dolgov
5373b2fe0a
hotkey help: remove more info button
6 years ago
Andrew Dolgov
6ec602e1a4
digestTest: don't display empty digest when not logged in
6 years ago
Andrew Dolgov
da1b3e3ba1
digest: add ARTICLE_LABELS
6 years ago
Andrew Dolgov
335147e572
dialogs: use semantic markup instead of dlgsec stuff
...
continue unifying quoting style for html strings
6 years ago
Andrew Dolgov
4e253add8c
UI: add some more info links to relevant wiki pages; minor layout updates
6 years ago
Andrew Dolgov
96fccefa62
update hotkey help dialog a bit
6 years ago
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
7 years ago
Andrew Dolgov
c2f0f24e4c
move digest stuff to Digest class
8 years ago
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
8 years ago
Andrew Dolgov
a42c55f02b
fix blank character after opening bracket in function calls
12 years ago
Andrew Dolgov
6322ac79a0
remove $link
12 years ago
Andrew Dolgov
fcef9eeae0
remove dialogNotice; tweak dialog appearance a bit
12 years ago
Andrew Dolgov
5b18c93622
tweak hotkey map notation to allow stuff like shift-arrows
12 years ago
Andrew Dolgov
7d272e5c04
fix warning in hotkey help dialog when disabled hotkey is processed
12 years ago
Andrew Dolgov
c2e4e8fe91
hotkey help: fix actions bound to multiple sequences not displayed correctly
12 years ago
Andrew Dolgov
e5e2cf3b88
add hack to support arbitrary key descriptions for hotkeys
12 years ago
Andrew Dolgov
93f53ffe55
help: remove checkboxes
12 years ago
Andrew Dolgov
b8cb4d08b3
help cleanup, use dijit dialog
12 years ago
Andrew Dolgov
f16116834e
split digest stuff into digest.php
12 years ago
Andrew Dolgov
9a5f5633c0
remove backend/digestSend
12 years ago
Andrew Dolgov
8437c066e1
implement digestTest back
...
misc digest updates and improvements
13 years ago
Andrew Dolgov
61c1812f29
implement preferred time for sending out digests
13 years ago
Andrew Dolgov
66be620a87
do not include keyboard help files into index and prefs.php
13 years ago
Andrew Dolgov
4f09f594c2
move help to backend class
13 years ago
Andrew Dolgov
611efae712
add catchall backend class
13 years ago