Commit Graph

29 Commits (d04ac399ff284e9747e3fb55e87d05e0a5b8d85f)

Author SHA1 Message Date
Andrew Dolgov a4525d31b2 replace FALSE with false so that static analyzer shuts up about it 4 years ago
Andrew Dolgov 0a142912d3 backend handler: require CSRF, remove obsolete code 4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov 3e4701116d af_readability: add missing file 5 years ago
Andrew Dolgov 5373b2fe0a hotkey help: remove more info button 6 years ago
Andrew Dolgov 6ec602e1a4 digestTest: don't display empty digest when not logged in 6 years ago
Andrew Dolgov da1b3e3ba1 digest: add ARTICLE_LABELS 6 years ago
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
6 years ago
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 6 years ago
Andrew Dolgov 96fccefa62 update hotkey help dialog a bit 6 years ago
Andrew Dolgov e6532439d6 force strip_tags() on all user input unless explicitly allowed 7 years ago
Andrew Dolgov c2f0f24e4c move digest stuff to Digest class 8 years ago
Andrew Dolgov ea79a0e033 remove some redundant php closing tags 8 years ago
Andrew Dolgov a42c55f02b fix blank character after opening bracket in function calls 12 years ago
Andrew Dolgov 6322ac79a0 remove $link 12 years ago
Andrew Dolgov fcef9eeae0 remove dialogNotice; tweak dialog appearance a bit 12 years ago
Andrew Dolgov 5b18c93622 tweak hotkey map notation to allow stuff like shift-arrows 12 years ago
Andrew Dolgov 7d272e5c04 fix warning in hotkey help dialog when disabled hotkey is processed 12 years ago
Andrew Dolgov c2e4e8fe91 hotkey help: fix actions bound to multiple sequences not displayed correctly 12 years ago
Andrew Dolgov e5e2cf3b88 add hack to support arbitrary key descriptions for hotkeys 12 years ago
Andrew Dolgov 93f53ffe55 help: remove checkboxes 12 years ago
Andrew Dolgov b8cb4d08b3 help cleanup, use dijit dialog 12 years ago
Andrew Dolgov f16116834e split digest stuff into digest.php 12 years ago
Andrew Dolgov 9a5f5633c0 remove backend/digestSend 12 years ago
Andrew Dolgov 8437c066e1 implement digestTest back
misc digest updates and improvements
13 years ago
Andrew Dolgov 61c1812f29 implement preferred time for sending out digests 13 years ago
Andrew Dolgov 66be620a87 do not include keyboard help files into index and prefs.php 13 years ago
Andrew Dolgov 4f09f594c2 move help to backend class 13 years ago
Andrew Dolgov 611efae712 add catchall backend class 13 years ago