- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
* support various logging levels per-message
* remove hacks like debug_suppress, DAEMON_EXTENDED_DEBUG, etc
* _debug() is kept as a compatibility shim for plugins
implement a hook (HOOK_SEND_LOCAL_FILE) which plugins may use to send files
via httpd-specific implementation to increase performance typically on larger files
It's expected the plugin will return content parsable by FeedParser, which
will act as an interface to the basic feed info. In the case of a plugin
that also uses 'HOOK_FETCH_FEED', both might return the same content.
The hook signature was made somewhat similar to 'HOOK_FETCH_FEED'.
Runs HTML and enclosures array through a plugin hook when rendering an article's enclosures in format_article_enclosures(). Allows plugins to override handling of how enclosures are presented by either filtering the array of enclosures, or generating the HTML to add to the article content.
Currently, TinyTinyRSS can use raw SQL or the Sphinx search engine
for searching. It would be nice if other search engines (such as
Xapian) could be used, or if features of the underlying SQL engine
(such as MySQL's FULLTEXT indexes) could be leveraged. This commit
makes searching into a plugin hook, falling back to the builtin behavior
if no search plugin is active. The Sphinx search behavior has been
broken out into a plugin.