banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
10,617 Commits
1 Branch
18 Tags
108 MiB
master
release-2021-10-24-14-02
release-2021-07-11-16-25
release-2021-03-03-13-03
release-2021-02-25-17-30
release-2020-12-20-14-26
release-2020-12-16-16-18
release-2020-12-13-00-34
release-2020-11-13-13-25
release-2020-10-16-17-24
release-2020-10-12-13-17
release-2020-10-07-12-33
release-2020-10-03-11-50
release-2020-09-28-18-13
release-2020-09-25-13-32
release-2020-09-15-23-57
release-2020-08-22-13-43
release-2020-06-16-12-02
release-2020-05-23-22-08
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'a22ddb2fe0'
${ noResults }
Commit Graph

20 Commits (a22ddb2fe0d538ef930a47d480dd71ca1ad9f8d4)

Author SHA1 Message Date
Andrew Dolgov afc7142250 move all $fetch globals to UrlHelper 4 years ago
Andrew Dolgov 211f699aa0 migrate the rest into Config:: 4 years ago
Andrew Dolgov 660a1bbe01 * switch to xhr.post() almost everywhere 
* call App.handlerpcjson() automatically on json request (if possible)
 * show net/log indicators in prefs
 4 years ago
Andrew Dolgov ee0b66b6bd af_proxy_http: markup cleanup 4 years ago
Andrew Dolgov e4609c18ef * add (disabled) shortcut syntax for plugin methods 
* add controls shortcut for pluginhandler tags
 * add similar shortcut for frontend
 * allow plugins to selectively exclude their methods from CSRF checking
 4 years ago
Andrew Dolgov 35b6d63289 af_proxy_http: don't try to proxy back to ourselves 4 years ago
Andrew Dolgov f58c49beaa replace a few more controls to new style 4 years ago
Andrew Dolgov 1f43d7916c replace print_hidden with hidden_tag 4 years ago
Andrew Dolgov 166f2d4666 diskcache: unify naming 4 years ago
Andrew Dolgov 7874f6ac58 remove PHPMD.UnusedFormalParameter 4 years ago
Andrew Dolgov 403dca154c initial WIP for php8; bump php version requirement to 7.0 4 years ago
JustAMacUser 65b3926ae5 Ensure proxy_all setting is saved in database. 4 years ago
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 4 years ago
Andrew Dolgov a817d3794d * use get_random_bytes() for CSRF token 
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
 4 years ago
Andrew Dolgov 91e1542a82 af_proxy_http: require separate token to access imgproxy 4 years ago
Andrew Dolgov 79f102c25d af_proxy_http: never print received data directly, always redirect to cached_url 
cache/getUrl: basename() passed filename just in case
 4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http 
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
 4 years ago
Andrew Dolgov 10c63ed582 pluginhost: add helper methods to get private/public pluginmethod endpoint URLs 5 years ago
Andrew Dolgov bdf29856fb fix several leftover mentions of old (renamed) class name, duh 5 years ago
Andrew Dolgov de5669f723 af_zz_imgproxy: rename to af_proxy_http, use priority hook loader 5 years ago