Commit Graph

258 Commits (b1961163b8917bfefeaac2a0e83f490a5bb5e296)

Author SHA1 Message Date
Andrew Dolgov 215f388992 move timestamp-related stuff to a separate class 4 years ago
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 4 years ago
Andrew Dolgov 03a337a660 add basic safe mode which doesn't load any user plugins 4 years ago
Andrew Dolgov 37f41a5246 forgotpass: use type strict comparison for reset token 4 years ago
Andrew Dolgov 1f79d614c4 fix OTP QR code not displayed because of CSRF token passed as a query
parameter
use type-strict comparison when validating CSRF token on the backend
4 years ago
Andrew Dolgov 9d3c794983 subscribe: allow pre-filling feed URL if passed via query string 4 years ago
Andrew Dolgov 154417d80b public/logout: require valid CSRF token 4 years ago
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov da98ba662e public/subscribe: require valid CSRF token when validating the form 4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Rodney Stromlund 88ced02622 Silence php 7.2 error message generated in `session_set_cookie_params`. 4 years ago
Andrew Dolgov dfa65e9374 move order_by to SQL override logic into a separate function 4 years ago
Andrew Dolgov 48be005774 instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp 4 years ago
Andrew Dolgov 1f2a721905 allow overriding built-in templates via templates.local 5 years ago
Andrew Dolgov bdb1e475e7 external subscribe dialog: support dark theme 5 years ago
Andrew Dolgov b2876f6c72 share anything dialog: support dark theme 5 years ago
Andrew Dolgov 4ab3854aed don't generate default.css, replace with themes/light.css as a default root CSS file 5 years ago
Andrew Dolgov aa56bcaf44 support night mode when using share by URL 5 years ago
Andrew Dolgov f47998f569 generate_syndicated_feed: use local media in generated feeds if it is available 5 years ago
Andrew Dolgov 72d0fac80c remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way 5 years ago
Andrew Dolgov ef514bc4bd add notifications for mail and password changes
update and shorten some other message templates
5 years ago
Rodney Stromlund 958c4dc124 Removed extra php end tag that was showing in the page title 5 years ago
Andrew Dolgov 3e4701116d af_readability: add missing file 5 years ago
Andrew Dolgov 0e3b71c535 public/pluginhandler: log invalid requests 5 years ago
Andrew Dolgov d4df57e1a4 Article::get_article_image() - also return stream URI if possible 5 years ago
Andrew Dolgov 68e2b05f65 * move get_article_image to Article; implement better og:image detection (similar to android app)
* pass article image to API clients in headlines row object
5 years ago
Andrew Dolgov 39f459eb04 public/cached_url: forbid sending files with extensions 5 years ago
Andrew Dolgov 3c075bfd21 DiskCache: more strict checking for input filenames, getUrl() is no longer static 5 years ago
Andrew Dolgov fdb6066bf6 * HOOK_ENCLOSURE_ENTRY: pass article_id to handler
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
5 years ago
Andrew Dolgov 133c2b482b move rewrite_cached_urls to DiskCache::rewriteUrls() 5 years ago
Andrew Dolgov b1dd38f880 add DiskCache.getUrl() and use it in a bunch of places 5 years ago
Andrew Dolgov ea30061cce public: fix share() returning random unshared articles if uuid is not given 5 years ago
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 5 years ago
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
5 years ago
Andrew Dolgov 671f4cee65 domdocument: remove old meta charset unicode hacks, replace with shorter xml preamble utf8 hack (on loadhtml where it makes sense)
af_readability: better (?) charset hack for non-unicode pages
6 years ago
Andrew Dolgov 6ae0a3dd3e share: further improve og:description excerpt logic, minor layout stuff 6 years ago
Andrew Dolgov 74e8661351 share: decode entities in metadata fields so that length limits would make more sense 6 years ago
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 6 years ago
Andrew Dolgov 44858ca2dd Merge branch 'master' of git.fakecake.org:tt-rss 6 years ago
Andrew Dolgov e91223ec7d update CLI schema updater with newer warnings 6 years ago
Andrew Dolgov 609662d48c oops, fix typo 6 years ago
Andrew Dolgov 91cfd9c391 dbupdater: add mysql transaction warning 6 years ago
Andrew Dolgov 0881d0a00d some dbupdater improvements; fix schema 136 syntax for mysql 6 years ago
Andrew Dolgov 38e01270d8 archived feeds: expire old entries (schema bump) 6 years ago
Andrew Dolgov ef6d2b8a4e update notifications to make them more visible
cleanup some minor stuff in pref-users
6 years ago
Andrew Dolgov 5b3a73e574 login: switch to absolute redirect urls 6 years ago
Andrew Dolgov 925065b1fe Revert "login: only allow relative URLs in return="
This reverts commit c68ac04020.
6 years ago
Andrew Dolgov c68ac04020 login: only allow relative URLs in return= 6 years ago
Andrew Dolgov cc57ed3775 public/subscribe: add basic dialog to enter feed urls 6 years ago
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 6 years ago
Andrew Dolgov d60038d48b simplify some public.php prompts; prevent from submitting forgotpass form repeatedly if check succeeds 6 years ago
Andrew Dolgov 6701497879 public.php: markup cleanup 6 years ago
Andrew Dolgov be322d6fc8 cleanup sharepopup dialog 6 years ago
Andrew Dolgov d9e20f8b16 update external subscribe dialog 6 years ago
Andrew Dolgov 5ce55faa3b installer: reduce margins; misc fixes 6 years ago
Andrew Dolgov 420e71280a dbupdater: dojoify, add some missing translations 6 years ago
Andrew Dolgov f7a4a45bde pwd reset: use dijit controls 6 years ago
Andrew Dolgov 59df261fb8 forgotpass: slightly better anti-bot protection 6 years ago
Andrew Dolgov 8cd7f31bde utility css updates 6 years ago
Andrew Dolgov c11f32ac38 center and rework some utility screens 6 years ago
Andrew Dolgov b1f9ebe46e get_article_image: ignore data: schema images, other minor fixes 6 years ago
Andrew Dolgov e70d42237a edit options after subscribe: use correct method name 6 years ago
Andrew Dolgov d0d05e4079 zoom mode: hide .attachments 6 years ago
Andrew Dolgov 6a6af964df feed template, ARTICLE_OG_IMAGE: set as optional 6 years ago
Andrew Dolgov 851f62dc4a syndicated feeds:
1. properly reset enclosure template variables if there's no enclosures
2. add ARTICLE_OG_IMAGE which sets flavor image for article using common code with article render etc
6 years ago
Andrew Dolgov b2c079893b move Article::format_article() to Handler_Public 6 years ago
Andrew Dolgov 966fe6d612 #sharepopup: update css 6 years ago
Andrew Dolgov 19e24b4fe2 force cast profile id to integer when assigning to session variable 6 years ago
Andrew Dolgov 29c890b495 login form: use dojo, remove profile hacks 6 years ago
Andrew Dolgov 79c5035920 reset password: use updated mailer parameters properly 6 years ago
Andrew Dolgov 57932e1837 remove PHPMailer and related directives from config.php-dist; add pluggable Mailer class 6 years ago
Andrew Dolgov 253dbd4856 generate_syndicated_feed: add support for virtual feeds provided by plugins 6 years ago
Andrew Dolgov 5f66f872b6 fix session write handler always assuming that database entry exists and failing silently if it doesn't; remove session cookie-related hacks 6 years ago
Andrew Dolgov f8fc1ac543 login: check for stale session in login handler, instead of authenticate_user() 6 years ago
Andrew Dolgov f730d7bb0a another attempt to enforce session ID regeneration on login 6 years ago
Andrew Dolgov 65e98f4086 force regenerate session id on successful login, remove previous blank SID check 6 years ago
Andrew Dolgov 88adf3da1b send_local_file: add application/octet-stream hack
cached_url: return original requested filename to save as
6 years ago
Andrew Dolgov e6532439d6 force strip_tags() on all user input unless explicitly allowed 7 years ago
Andrew Dolgov df5d2a0665 pluginhost: do not connect via legacy DB api until requested
log all initiated legacy database connections
7 years ago
Andrew Dolgov b51d44a5e6 further stylesheet simplification related fixes (2) 7 years ago
Andrew Dolgov 09bc54c690 further stylesheet simplification related fixes 7 years ago
Andrew Dolgov 5e68e24679 css/less updates 7 years ago
Andrew Dolgov 187abfe732 main classes: remove sql_bool_to_bool() kludge 7 years ago
Andrew Dolgov 1d92297a96 dbupdater: use PDO 7 years ago
Andrew Dolgov cb13089af1 public: use PDO headlines result (2) 7 years ago
Andrew Dolgov dc393a580b public: use PDO headlines result 7 years ago
Andrew Dolgov 1271407eea public: partial conversion to PDO, misc fixes 7 years ago
Andrew Dolgov 9dd336a2c3 generate base css files using lessc 7 years ago
Andrew Dolgov 2352c320c2 fix possible sql injection in public/forgotpass 7 years ago
Gilles Grandou 81d96c0dee makes 'order by title' to sort by title and by ascending date
* this allows to chronologically browse all articles with the
  same title.
7 years ago
Andrew Dolgov 8b73bd28d8 remove apache-specific x-sendfile stuff
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
7 years ago
Andrew Dolgov b2d42e960b replace some usages of SELF_URL_PATH with get_self_url_prefix() 7 years ago
Andrew Dolgov 5b6ea1ef91 remove pubsubhubbub: dead 8 years ago
Andrew Dolgov 2ed0d6c433 move counter cache to a separate class
fix references to get_article_tags
8 years ago
Andrew Dolgov aeb1abedb2 move a bunch of functions into Feeds/Article namespaces
+       static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
+       static function getLastArticleId() {
+       static function queryFeedHeadlines($params) {
+       static function getParentCategories($cat, $owner_uid) {
+       static function getChildCategories($cat, $owner_uid) {

move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former
8 years ago
Andrew Dolgov a230bf88a9 move to Article:
+       static function purge_orphans($do_output = false) {

move to Feeds

+       static function getGlobalUnread($user_id = false) {
+       static function getCategoryTitle($cat_id) {
+       static function getLabelUnread($label_id, $owner_uid = false) {
8 years ago
Andrew Dolgov 86a8351ca2 move the following to Feeds:
+       static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) {
+       static function getFeedArticles($feed, $is_cat = false, $unread_only = false,
+       static function subscribe_to_feed($url, $cat_id = 0,
+       static function getFeedIcon($id) {
+       static function getFeedTitle($id, $cat = false) {
+       static function getCategoryUnread($cat, $owner_uid = false) {
+       static function getCategoryChildrenUnread($cat, $owner_uid = false) {
8 years ago
Andrew Dolgov 7e5f8d9fb3 move the following to Article:
+       static function format_article_enclosures($id, $always_display_enclosures,
+       static function format_article($id, $mark_as_read = true, $zoom_mode = false, $owner_uid = false) {
+       static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) {
+       static function format_tags_string($tags) {
+       static function format_article_labels($labels) {
+       static function format_article_note($id, $note, $allow_edit = true) {
+       static function get_article_enclosures($id) {
8 years ago
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 8 years ago
Andrew Dolgov 41bead9baa remove local file extensions and generalize some method names for cached media
file extensions may still be present in urls, but are ignored by the backend

MIGRATION (if you have any cached data worth keeping, not required):
in cache/images run "rename 's/\..*$//' *" i.e. strip file extensions
8 years ago