Andrew Dolgov
215f388992
move timestamp-related stuff to a separate class
4 years ago
Andrew Dolgov
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
4 years ago
Andrew Dolgov
03a337a660
add basic safe mode which doesn't load any user plugins
4 years ago
Andrew Dolgov
37f41a5246
forgotpass: use type strict comparison for reset token
4 years ago
Andrew Dolgov
1f79d614c4
fix OTP QR code not displayed because of CSRF token passed as a query
...
parameter
use type-strict comparison when validating CSRF token on the backend
4 years ago
Andrew Dolgov
9d3c794983
subscribe: allow pre-filling feed URL if passed via query string
4 years ago
Andrew Dolgov
154417d80b
public/logout: require valid CSRF token
4 years ago
Andrew Dolgov
8080c525fd
- backend: require CSRF token to be passed via POST
...
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov
da98ba662e
public/subscribe: require valid CSRF token when validating the form
4 years ago
Andrew Dolgov
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Rodney Stromlund
88ced02622
Silence php 7.2 error message generated in `session_set_cookie_params`.
4 years ago
Andrew Dolgov
dfa65e9374
move order_by to SQL override logic into a separate function
4 years ago
Andrew Dolgov
48be005774
instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
4 years ago
Andrew Dolgov
1f2a721905
allow overriding built-in templates via templates.local
5 years ago
Andrew Dolgov
bdb1e475e7
external subscribe dialog: support dark theme
5 years ago
Andrew Dolgov
b2876f6c72
share anything dialog: support dark theme
5 years ago
Andrew Dolgov
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
5 years ago
Andrew Dolgov
aa56bcaf44
support night mode when using share by URL
5 years ago
Andrew Dolgov
f47998f569
generate_syndicated_feed: use local media in generated feeds if it is available
5 years ago
Andrew Dolgov
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
5 years ago
Andrew Dolgov
ef514bc4bd
add notifications for mail and password changes
...
update and shorten some other message templates
5 years ago
Rodney Stromlund
958c4dc124
Removed extra php end tag that was showing in the page title
5 years ago
Andrew Dolgov
3e4701116d
af_readability: add missing file
5 years ago
Andrew Dolgov
0e3b71c535
public/pluginhandler: log invalid requests
5 years ago
Andrew Dolgov
d4df57e1a4
Article::get_article_image() - also return stream URI if possible
5 years ago
Andrew Dolgov
68e2b05f65
* move get_article_image to Article; implement better og:image detection (similar to android app)
...
* pass article image to API clients in headlines row object
5 years ago
Andrew Dolgov
39f459eb04
public/cached_url: forbid sending files with extensions
5 years ago
Andrew Dolgov
3c075bfd21
DiskCache: more strict checking for input filenames, getUrl() is no longer static
5 years ago
Andrew Dolgov
fdb6066bf6
* HOOK_ENCLOSURE_ENTRY: pass article_id to handler
...
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
5 years ago
Andrew Dolgov
133c2b482b
move rewrite_cached_urls to DiskCache::rewriteUrls()
5 years ago
Andrew Dolgov
b1dd38f880
add DiskCache.getUrl() and use it in a bunch of places
5 years ago
Andrew Dolgov
ea30061cce
public: fix share() returning random unshared articles if uuid is not given
5 years ago
Andrew Dolgov
4fa9aee4e7
move several more global functions to more appropriate classes
5 years ago
Andrew Dolgov
6d746453c7
get_feeds_from_html: remove XML preamble hack
...
move several related helper functions to Feeds class
5 years ago
Andrew Dolgov
671f4cee65
domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense)
...
af_readability: better (?) charset hack for non-unicode pages
6 years ago
Andrew Dolgov
6ae0a3dd3e
share: further improve og:description excerpt logic, minor layout stuff
6 years ago
Andrew Dolgov
74e8661351
share: decode entities in metadata fields so that length limits would make more sense
6 years ago
Andrew Dolgov
19f162dbe3
css: insensitive -> text-muted
6 years ago
Andrew Dolgov
44858ca2dd
Merge branch 'master' of git.fakecake.org:tt-rss
6 years ago
Andrew Dolgov
e91223ec7d
update CLI schema updater with newer warnings
6 years ago
Andrew Dolgov
609662d48c
oops, fix typo
6 years ago
Andrew Dolgov
91cfd9c391
dbupdater: add mysql transaction warning
6 years ago
Andrew Dolgov
0881d0a00d
some dbupdater improvements; fix schema 136 syntax for mysql
6 years ago
Andrew Dolgov
38e01270d8
archived feeds: expire old entries (schema bump)
6 years ago
Andrew Dolgov
ef6d2b8a4e
update notifications to make them more visible
...
cleanup some minor stuff in pref-users
6 years ago
Andrew Dolgov
5b3a73e574
login: switch to absolute redirect urls
6 years ago
Andrew Dolgov
925065b1fe
Revert "login: only allow relative URLs in return="
...
This reverts commit c68ac04020
.
6 years ago
Andrew Dolgov
c68ac04020
login: only allow relative URLs in return=
6 years ago
Andrew Dolgov
cc57ed3775
public/subscribe: add basic dialog to enter feed urls
6 years ago
Andrew Dolgov
54c1b5c611
fill in some missing doctypes; use short doctype where it wasn't
6 years ago
Andrew Dolgov
d60038d48b
simplify some public.php prompts; prevent from submitting forgotpass form repeatedly if check succeeds
6 years ago
Andrew Dolgov
6701497879
public.php: markup cleanup
6 years ago
Andrew Dolgov
be322d6fc8
cleanup sharepopup dialog
6 years ago
Andrew Dolgov
d9e20f8b16
update external subscribe dialog
6 years ago
Andrew Dolgov
5ce55faa3b
installer: reduce margins; misc fixes
6 years ago
Andrew Dolgov
420e71280a
dbupdater: dojoify, add some missing translations
6 years ago
Andrew Dolgov
f7a4a45bde
pwd reset: use dijit controls
6 years ago
Andrew Dolgov
59df261fb8
forgotpass: slightly better anti-bot protection
6 years ago
Andrew Dolgov
8cd7f31bde
utility css updates
6 years ago
Andrew Dolgov
c11f32ac38
center and rework some utility screens
6 years ago
Andrew Dolgov
b1f9ebe46e
get_article_image: ignore data: schema images, other minor fixes
6 years ago
Andrew Dolgov
e70d42237a
edit options after subscribe: use correct method name
6 years ago
Andrew Dolgov
d0d05e4079
zoom mode: hide .attachments
6 years ago
Andrew Dolgov
6a6af964df
feed template, ARTICLE_OG_IMAGE: set as optional
6 years ago
Andrew Dolgov
851f62dc4a
syndicated feeds:
...
1. properly reset enclosure template variables if there's no enclosures
2. add ARTICLE_OG_IMAGE which sets flavor image for article using common code with article render etc
6 years ago
Andrew Dolgov
b2c079893b
move Article::format_article() to Handler_Public
6 years ago
Andrew Dolgov
966fe6d612
#sharepopup: update css
6 years ago
Andrew Dolgov
19e24b4fe2
force cast profile id to integer when assigning to session variable
6 years ago
Andrew Dolgov
29c890b495
login form: use dojo, remove profile hacks
6 years ago
Andrew Dolgov
79c5035920
reset password: use updated mailer parameters properly
6 years ago
Andrew Dolgov
57932e1837
remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class
6 years ago
Andrew Dolgov
253dbd4856
generate_syndicated_feed: add support for virtual feeds provided by plugins
6 years ago
Andrew Dolgov
5f66f872b6
fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks
6 years ago
Andrew Dolgov
f8fc1ac543
login: check for stale session in login handler, instead of authenticate_user()
6 years ago
Andrew Dolgov
f730d7bb0a
another attempt to enforce session ID regeneration on login
6 years ago
Andrew Dolgov
65e98f4086
force regenerate session id on successful login, remove previous blank SID check
6 years ago
Andrew Dolgov
88adf3da1b
send_local_file: add application/octet-stream hack
...
cached_url: return original requested filename to save as
6 years ago
Andrew Dolgov
e6532439d6
force strip_tags() on all user input unless explicitly allowed
7 years ago
Andrew Dolgov
df5d2a0665
pluginhost: do not connect via legacy DB api until requested
...
log all initiated legacy database connections
7 years ago
Andrew Dolgov
b51d44a5e6
further stylesheet simplification related fixes (2)
7 years ago
Andrew Dolgov
09bc54c690
further stylesheet simplification related fixes
7 years ago
Andrew Dolgov
5e68e24679
css/less updates
7 years ago
Andrew Dolgov
187abfe732
main classes: remove sql_bool_to_bool() kludge
7 years ago
Andrew Dolgov
1d92297a96
dbupdater: use PDO
7 years ago
Andrew Dolgov
cb13089af1
public: use PDO headlines result (2)
7 years ago
Andrew Dolgov
dc393a580b
public: use PDO headlines result
7 years ago
Andrew Dolgov
1271407eea
public: partial conversion to PDO, misc fixes
7 years ago
Andrew Dolgov
9dd336a2c3
generate base css files using lessc
7 years ago
Andrew Dolgov
2352c320c2
fix possible sql injection in public/forgotpass
7 years ago
Gilles Grandou
81d96c0dee
makes 'order by title' to sort by title and by ascending date
...
* this allows to chronologically browse all articles with the
same title.
7 years ago
Andrew Dolgov
8b73bd28d8
remove apache-specific x-sendfile stuff
...
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
7 years ago
Andrew Dolgov
b2d42e960b
replace some usages of SELF_URL_PATH with get_self_url_prefix()
7 years ago
Andrew Dolgov
5b6ea1ef91
remove pubsubhubbub: dead
8 years ago
Andrew Dolgov
2ed0d6c433
move counter cache to a separate class
...
fix references to get_article_tags
8 years ago
Andrew Dolgov
aeb1abedb2
move a bunch of functions into Feeds/Article namespaces
...
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+ static function getLastArticleId() {
+ static function queryFeedHeadlines($params) {
+ static function getParentCategories($cat, $owner_uid) {
+ static function getChildCategories($cat, $owner_uid) {
move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
8 years ago
Andrew Dolgov
a230bf88a9
move to Article:
...
+ static function purge_orphans($do_output = false) {
move to Feeds
+ static function getGlobalUnread($user_id = false) {
+ static function getCategoryTitle($cat_id) {
+ static function getLabelUnread($label_id, $owner_uid = false) {
8 years ago
Andrew Dolgov
86a8351ca2
move the following to Feeds:
...
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+ static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+ static function subscribe_to_feed($url, $cat_id = 0,
+ static function getFeedIcon($id) {
+ static function getFeedTitle($id, $cat = false) {
+ static function getCategoryUnread($cat, $owner_uid = false) {
+ static function getCategoryChildrenUnread($cat, $owner_uid = false) {
8 years ago
Andrew Dolgov
7e5f8d9fb3
move the following to Article:
...
+ static function format_article_enclosures($id, $always_display_enclosures,
+ static function format_article($id, $mark_as_read = true, $zoom_mode = false, $owner_uid = false) {
+ static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) {
+ static function format_tags_string($tags) {
+ static function format_article_labels($labels) {
+ static function format_article_note($id, $note, $allow_edit = true) {
+ static function get_article_enclosures($id) {
8 years ago
Andrew Dolgov
ea79a0e033
remove some redundant php closing tags
8 years ago
Andrew Dolgov
41bead9baa
remove local file extensions and generalize some method names for cached media
...
file extensions may still be present in urls, but are ignored by the backend
MIGRATION (if you have any cached data worth keeping, not required):
in cache/images run "rename 's/\..*$//' *" i.e. strip file extensions
8 years ago