0868ff9d64
auth_remote: use empty() instead of isset() while checking headers
5 years ago
dc40f69511
fix auth_remote broken by previous commit
5 years ago
8a34084df1
auth_remote: rewrite header checking to be more readable
5 years ago
8764662138
af_redditimgur: also blacklist in-content links
5 years ago
564a24fd78
Add support for HTTP_REMOTE_USER variable for user authentication
5 years ago
9e62513095
af_redditimgur: also rewrite in the API handler
5 years ago
f25ea5355c
af_redditimgur: add option to rewrite reddit URLs to teddit.net
5 years ago
50d089ae59
redditimgur: blacklist github because it usually resolves to a huge profile photo of someone
5 years ago
6f31372b37
Address param order deprecation warning for 'af_redditimgur'.
5 years ago
65254f5db4
- move sphinx plugin to a separate repo
...
- regenerate config checks without sphinx-related variables
5 years ago
43bd3394c3
shorten_expanded: remove loading=lazy from images if enabled
5 years ago
8479421da4
af_readability: allow appending to original summary instead of always
...
replacing it, some minor code cleanup
5 years ago
65b3926ae5
Ensure proxy_all setting is saved in database.
5 years ago
38a7a1da88
hide uninteresting errors in several DOMDocument->loadHTML() invocations
5 years ago
215f388992
move timestamp-related stuff to a separate class
5 years ago
74568df4ff
remove a lot of stuff from global context (functions.php), add a few helper classes instead
5 years ago
a4525d31b2
replace FALSE with false so that static analyzer shuts up about it
5 years ago
d8619b9a84
auth_internal: cast OTP code to integer before trying to check it
5 years ago
a817d3794d
* use get_random_bytes() for CSRF token
...
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
5 years ago
0757ad0406
auth_internal: use type-strict comparison when checking OTP code
5 years ago
91e1542a82
af_proxy_http: require separate token to access imgproxy
5 years ago
79f102c25d
af_proxy_http: never print received data directly, always redirect to cached_url
...
cache/getUrl: basename() passed filename just in case
5 years ago
0758397dd8
af_redditimgur: don't add embedded blank gif image for rewritten videos
5 years ago
c3d14e1fa5
- fix multiple vulnerabilities in af_proxy_http
...
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
5 years ago
c352e872e9
core: pass found enclosures to HOOK_ARTICLE_FILTER
...
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
6 years ago
f8d96543de
Created hotkeys_force_top plugin
...
Renamed swap_jk to match new naming scheme.
6 years ago
9ae9302b6b
implement keyboard-related changes discussed in https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7
6 years ago
5e77d0062b
use intersection observer to unpack visible articles, remove Headlines.unpackVisible()
6 years ago
a802649d53
rename cdmScrollToId to cdmMoveToId
...
prevent smooth scrolling when going directly to an article
6 years ago
1f2a721905
allow overriding built-in templates via templates.local
6 years ago
4e74da590e
af_readability: allow get full text button to work as a toggle; in cdm, scroll to article after embedding
6 years ago
96fa6e3002
af_comics: split contents of subscribe/basic_info/fetch hooks into appropriate per-comic filters
6 years ago
ba7f7e72db
af_comics: mention that Far Side needs cached media
6 years ago
61168847ac
af_comics: escape all template urls
6 years ago
3b62150abd
use canonical fetch url for Far Side
6 years ago
db8a1f76c7
remove unnecessary debugging from previous
6 years ago
9b4053b1ea
af_comics: add experimental support for The Far Side
6 years ago
b159bbe55d
af_readability: sanitize content requested for embedding
6 years ago
3b635c7557
fix plugins/note javascript part broken by previous changeset
6 years ago
71ff485fbf
af_readability: add article button to embed content of a specific article
6 years ago
4ab3854aed
don't generate default.css, replace with themes/light.css as a default root CSS file
6 years ago
3a3c74dfa4
Also match images with query string (size, tokens, etc).
6 years ago
e89dd83f05
Spaces to tabs for consistency.
6 years ago
297a89c2d2
Fix bug processing found due to operator precedence.
6 years ago
72d0fac80c
remove version.php and VERSION global constant, do version-related things in a slightly less ridiculous way
6 years ago
219840341c
Af_Youtube_Embed: whitelist youtube iframes if enabled
6 years ago
ffa3f9309f
af_comics: support buni webtoon episodes
6 years ago
f6090655bf
2fa: check TOTP based on previous secret values (oops of the year, 2019)
6 years ago
812a6c9f16
auth_internal: fix indents
6 years ago
249130e58d
implement app password checking / management UI
6 years ago
Andrew Dolgov