Commit Graph

29 Commits (ea25c49eb97e8acd4754b9da64db0d6acd4d0972)

Author SHA1 Message Date
Andrew Dolgov 70adfd4a74 * sanitize: never rewrite relative links to our own prefix
* use Config::get_self_url() instead of get_self_url_prefix() in a bunch
of places
4 years ago
Andrew Dolgov 211f699aa0 migrate the rest into Config:: 4 years ago
Andrew Dolgov e4107ac952 wip: initial for config object 4 years ago
Andrew Dolgov 053b262aa7 rename public.php/cached_url to cached 4 years ago
Andrew Dolgov 166f2d4666 diskcache: unify naming 4 years ago
Andrew Dolgov 3b52cea811 move some old-style handlers to new callback ones 4 years ago
Andrew Dolgov c94f1b6ff8 fix some more warnings reported by phpstan 4 years ago
Andrew Dolgov 40f38fc87f pluginhost: load plugin data automatically (also marks load_data method as private) 4 years ago
John Aylward 01c0d4bbfd allow audio to be sent to client from the cache 4 years ago
Andrew Dolgov 38a7a1da88 hide uninteresting errors in several DOMDocument->loadHTML() invocations 4 years ago
Andrew Dolgov 74568df4ff remove a lot of stuff from global context (functions.php), add a few helper classes instead 4 years ago
Andrew Dolgov 79f102c25d af_proxy_http: never print received data directly, always redirect to cached_url
cache/getUrl: basename() passed filename just in case
4 years ago
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
4 years ago
Andrew Dolgov 6eb94f1e13 better support for image srcset attributes as discussed in https://community.tt-rss.org/t/problem-with-img-srcset/3519 5 years ago
Andrew Dolgov c275a0cd33 DiskCache: append fake file extension when sending cached files based on mime type to make saving files easier 5 years ago
Andrew Dolgov 3a4b9249a9 DiskCache: properly deal with srcset attributes 5 years ago
lllusion3418 ec1b0befc7 add support for video[@src] in media cache
it's a valid alternative to a source[@src] child element:
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/video
5 years ago
lllusion3418 b4287a2e98 fix url rewriting for videos with poster and src
if a poster attribute was present only that would have been rewritten
and the (arguably more important) src attribute would be left as-is
5 years ago
Andrew Dolgov 75ab1f05f9 DiskCache::rewriteUrls() - remove img[@srcset] 5 years ago
Andrew Dolgov c34726b2b2 consistency: use DiskCache->exists() to check for present files 5 years ago
Andrew Dolgov 3c075bfd21 DiskCache: more strict checking for input filenames, getUrl() is no longer static 5 years ago
Andrew Dolgov fdb6066bf6 * HOOK_ENCLOSURE_ENTRY: pass article_id to handler
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send()
* public/cached_url: allow selecting files from sub-caches other than images
* plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
5 years ago
Andrew Dolgov bed695b127 DiskCache::expire: support .no-auto-expiry to prevent automatic cache maintenance 5 years ago
Andrew Dolgov 19b9b27662 expire_cached_files to DiskCache::expire() 5 years ago
Andrew Dolgov 133c2b482b move rewrite_cached_urls to DiskCache::rewriteUrls() 5 years ago
Andrew Dolgov b1dd38f880 add DiskCache.getUrl() and use it in a bunch of places 5 years ago
Andrew Dolgov 7602819b98 add DiskCache.send; switch af_zz_imgproxy to use DiskCache 5 years ago
Andrew Dolgov 82694bd6ce add DiskCache.isWritable 5 years ago
Andrew Dolgov 86308b30ea add classes/diskcache 5 years ago