| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2020-09-15 | - backend: require CSRF token to be passed via POST | Andrew Dolgov | |
| - do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST | |||
| 2020-09-15 | don't pass csrf token as a GET parameter to Article | Andrew Dolgov | |
| 2020-09-15 | require CSRF token for Article/redirect | Andrew Dolgov | |
| 2020-09-15 | - enable CSRF support earlier | Andrew Dolgov | |
| - remove rpc/sanityCheck from CSRF-excluded calls | |||
| 2020-09-15 | af_proxy_http: require separate token to access imgproxy | Andrew Dolgov | |
| 2020-09-15 | rewrite_relative_url: validate resulting absolutized URLs | Andrew Dolgov | |
| 2020-09-15 | validate_url: only allow safe ports (80, 443), disallow access to loopback | Andrew Dolgov | |
| 2020-09-15 | validate_url: add clean() | Andrew Dolgov | |
| 2020-09-15 | rename base64_img() to image_to_base64() | Andrew Dolgov | |
| 2020-09-15 | af_proxy_http: never print received data directly, always redirect to cached_url | Andrew Dolgov | |
| cache/getUrl: basename() passed filename just in case | |||
| 2020-09-15 | cached_url: perform mimetype validation before possible HOOK_SEND_LOCAL_FILE ↵ | Andrew Dolgov | |
| hooks | |||
| 2020-09-15 | af_redditimgur: don't add embedded blank gif image for rewritten videos | Andrew Dolgov | |
| 2020-09-14 | user preferences: forbid < and > characters when changing passwords (were ↵ | Andrew Dolgov | |
| silently stripped on save because of clean()) | |||
| 2020-09-14 | public/subscribe: require valid CSRF token when validating the form | Andrew Dolgov | |
| 2020-09-14 | remove csrf token from rpc method sanityCheck | Andrew Dolgov | |
| 2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
| - fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
| 2020-09-11 | Merge branch 'weblate-integration' | Andrew Dolgov | |
| 2020-09-11 | order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins ↵ | Andrew Dolgov | |
| to override built-in sorting | |||
| 2020-08-29 | properly return counters for labels with zero assigned articles | Andrew Dolgov | |
| refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766 | |||
| 2020-08-14 | Merge branch 'master' of rodneys_mission/tt-rss into master | fox | |
| 2020-08-14 | Silence php 7.2 error message generated in `session_set_cookie_params`. | Rodney Stromlund | |
| 2020-08-13 | pluginhost: allow overriding default sort modes via ↵ | Andrew Dolgov | |
| HOOK_HEADLINES_CUSTOM_SORT_MAP etc | |||
| 2020-08-13 | move order_by to SQL override logic into a separate function | Andrew Dolgov | |
| 2020-08-11 | instead of taking batch timestamp and score (?) into account, make oldest ↵ | Andrew Dolgov | |
| first sorting work consistently with newest first - i.e. rely on feed-provided timestamp | |||
| 2020-08-10 | OPML: export/import per-feed purge interval | Andrew Dolgov | |
| 2020-08-01 | Merge branch 'master' of e1e0/tt-rss into master | fox | |
| 2020-08-01 | more int/string type mismatches on getCategories | Paco Esteban | |
| 2020-08-01 | Merge branch 'master' of e1e0/tt-rss into master | fox | |
| 2020-07-31 | Translated using Weblate (Czech) | Marek Pavelka | |
| Currently translated at 100.0% (727 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/cs/ | |||
| 2020-07-31 | make sure all ints are casted (to int) on getCategories | Paco Esteban | |
| 2020-07-19 | Translated using Weblate (Norwegian Bokmål) | Jan Espen Pedersen | |
| Currently translated at 44.7% (325 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/nb_NO/ | |||
| 2020-07-13 | Merge branch 'master' of rodneys_mission/tt-rss-fix-sanity-urls into master | fox | |
| 2020-07-13 | Update wiki and forums links in error message. | Rodney Stromlund | |
| 2020-07-09 | Merge branch 'feed-tree-localstorage' of nanaya/tt-rss into master | fox | |
| 2020-07-09 | Store FeedTree data in localStorage | nanaya | |
| Patching internal functions of dijit.Tree as they don't provide option on where to store the data. It stores to cookies by default but the data can get quite big for hundreds of feeds and exceeds cookies size limit. Not to mention it'll cause the cookie to be sent during any request with nothing handling it server side and just wasting bandwidth. This patch will also migrate current data in cookie to local storage accordingly. | |||
| 2020-07-03 | Translated using Weblate (Norwegian Bokmål) | Jan Espen Pedersen | |
| Currently translated at 44.7% (325 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/nb_NO/ | |||
| 2020-07-03 | Translated using Weblate (Norwegian Bokmål) | Anonymous | |
| Currently translated at 44.7% (325 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/nb_NO/ | |||
| 2020-07-02 | Translated using Weblate (Norwegian Bokmål) | Jan Espen Pedersen | |
| Currently translated at 44.4% (323 of 727 strings) Translation: Tiny Tiny RSS/messages Translate-URL: https://weblate.tt-rss.org/projects/tt-rss/messages/nb_NO/ | |||
| 2020-07-01 | Merge branch 'bugfix/invalid-opml' of wn/tt-rss into master | fox | |
| 2020-07-01 | when exporting OPML via web UI, add user login to the filename | Andrew Dolgov | |
| 2020-07-01 | prefs: show disabled filters properly on mysql | Andrew Dolgov | |
| 2020-07-01 | prefs: show root of filter tree as enabled so it's not grayed out | Andrew Dolgov | |
| 2020-06-27 | Properly check if OPML file was loaded during import. | wn_ | |
| 2020-06-24 | core: pass found enclosures to HOOK_ARTICLE_FILTER | Andrew Dolgov | |
| af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail | |||
| 2020-06-15 | better support for image srcset attributes as discussed in ↵ | Andrew Dolgov | |
| https://community.tt-rss.org/t/problem-with-img-srcset/3519 | |||
| 2020-06-05 | more eslint fixessingle-app-object | Andrew Dolgov | |
| 2020-06-05 | eslint-related fixes; move a few things from global context to App | Andrew Dolgov | |
| 2020-06-04 | fix various minor issues reported by eslint | Andrew Dolgov | |
| 2020-06-04 | add eslintrc | Andrew Dolgov | |
| 2020-06-04 | unify prefs/main App objects, remove fake classes, use single static App ↵ | Andrew Dolgov | |
| object instead | |||
 |
index : tt-rss.git | |
| Web-based news feed aggregator | Linux User |
| summaryrefslogtreecommitdiff |