Commit Graph

398 Commits (d04ac399ff284e9747e3fb55e87d05e0a5b8d85f)

Author SHA1 Message Date
Andrew Dolgov a4525d31b2 replace FALSE with false so that static analyzer shuts up about it 4 years ago
Andrew Dolgov e3adacc588 fix several cases of Db class being invoked as wrong name (as DB) 4 years ago
Andrew Dolgov cbcb10a272 Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection 4 years ago
Andrew Dolgov 8080c525fd - backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov a922b3cc6d order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sorting 4 years ago
Andrew Dolgov ddf9227dc4 pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etc 4 years ago
Andrew Dolgov dfa65e9374 move order_by to SQL override logic into a separate function 4 years ago
Andrew Dolgov 48be005774 instead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestamp 4 years ago
Andrew Dolgov d01ad09800 eslint-related fixes; move a few things from global context to App 5 years ago
Andrew Dolgov 44b1f0fcc0 search: add support for label:XXX search keyword
Labels: enforce case-insensitive lookups when creating/looking for labels
5 years ago
Andrew Dolgov 5f30061c92 properly calculate marked counters for feeds in nested categories 5 years ago
Andrew Dolgov 0e9e1ad112 getCategoryUnread: return correct unread count for labels category 5 years ago
Andrew Dolgov cdd2b6fd22 getCategoryChildrenUnread: fix typo 5 years ago
Andrew Dolgov a6ced36189 getCategoryCounters: properly calculate counters for child subcategory entries
getCategoryUnread: cleanup
5 years ago
Andrew Dolgov a64b8a7fdb getCategoryUnread: don't return unread counters for Special category because it doesn't make a lot of sense to do so 5 years ago
Andrew Dolgov 6080cca9ca scrap counter cache system; rework counters to sum() booleans instead 5 years ago
Andrew Dolgov 3b29e865b0 support night mode in feed debugger 5 years ago
Andrew Dolgov 9c0235ab66 show current unread counter on headlines toolbar if sidebar is hidden 5 years ago
Andrew Dolgov 565547f5a1 php 7.4 deprecation-related fixes 5 years ago
Andrew Dolgov 06393750c7 headline grouping:
1. block grouping for specific feeds where it doesn't make a lot of sense to do so or flat list fits better (archived, recently read)
2. block per-week grouping for feeds where feed-first grouping makes more sense (fresh, starred, published)
5 years ago
Andrew Dolgov 133c2b482b move rewrite_cached_urls to DiskCache::rewriteUrls() 5 years ago
Andrew Dolgov 088fcf8131 move more globals to more appropriate places
set libxml to always use internal errors
6 years ago
Andrew Dolgov 4fa9aee4e7 move several more global functions to more appropriate classes 6 years ago
Andrew Dolgov 6d746453c7 get_feeds_from_html: remove XML preamble hack
move several related helper functions to Feeds class
6 years ago
Andrew Dolgov 270b39a337 queryFeedHeadlines: support start_ts when browsing by tag 6 years ago
Andrew Dolgov 905f038610 search dialog: display active query if searching already 6 years ago
Andrew Dolgov 09f520eda2 fix search query test statement stopping valid modifiers like unread: from working 6 years ago
Andrew Dolgov de713035fd when subscribing, check for valid html content type before checking if requested document has HTML doctype/start element 6 years ago
Andrew Dolgov 84d43a1b44 catchup_feed: invoke HOOK_SEARCH if necessary 6 years ago
Andrew Dolgov ccc0315ef0 better tsquery support:
1. report query syntax errors properly
2. fall back to implicit &-joining only if no joiners are detected in user query, otherwise permit full tsquery syntax
6 years ago
Andrew Dolgov 1cd9b3c866 prevent a fatal error on an invalid tsquery syntax 6 years ago
Michael Kuhn e38fcd6dea Fix button focus issues
This change introduces derived classes for ComboButton, DropDownButton
and Select that make sure that buttons do not remain focused after their
menus are closed. This allows using hotkeys after closing them.
6 years ago
Andrew Dolgov c936cc3a1f use DEFAULT_SEARCH_LANGUAGE to generate tsvector index if per-feed language is not specified, also use it as default value on search form for convenience 6 years ago
Andrew Dolgov 19f162dbe3 css: insensitive -> text-muted 6 years ago
Andrew Dolgov 0b74db5ad7 remove feedbrowser (other feeds) 6 years ago
Andrew Dolgov 54c1b5c611 fill in some missing doctypes; use short doctype where it wasn't 6 years ago
Andrew Dolgov a366da90a6 add label.inline 6 years ago
Andrew Dolgov 335147e572 dialogs: use semantic markup instead of dlgsec stuff
continue unifying quoting style for html strings
6 years ago
Andrew Dolgov 4e253add8c UI: add some more info links to relevant wiki pages; minor layout updates 6 years ago
Andrew Dolgov 26e57604c0 simplify layout of search and subscribe dialogs 6 years ago
Andrew Dolgov f8836ec080 search dialog fixes
pgsql: get FTS languages list from the database
6 years ago
Andrew Dolgov 4d9141d762 simplify dlgSec-related markup 6 years ago
Andrew Dolgov 9e7bbf6809 debugger: use narrow fieldsets for checkboxes 6 years ago
Andrew Dolgov 55d2e5871a feed debugger: dojoify controls 6 years ago
Andrew Dolgov 8cd7f31bde utility css updates 6 years ago
Andrew Dolgov 8b26b8629f headlines-frame: set is-vfeed attribute if result is virtual feed 6 years ago
Andrew Dolgov 4729bdb132 queryFeedHeadlines: fix published field not returned when browsing by tag 6 years ago
Andrew Dolgov 215c9f0f88 fail better if Feeds.view() data failed encoding to JSON 6 years ago
Andrew Dolgov eda4ac2a2b add fallback colors for headline feed titles based on feed name if favicon color is not available 6 years ago