index
:
tt-rss.git
app-rootless
claro-throwback
dockerignore-test
dojo-module-define-test
exp-flavor-icon-cache
exp-flex-feedtree
exp-headline-flavor-images
exp-separate-handlers
jaeger-tracing
js-objects
js-strict-mode
json-viewfeed
jsonfeed-test-branch
lint-workflow
master
pdo-experimental
protected/dockerignore-test
protected/html2text
protected/kaniko
protected/opentelemetry
protected/phpunit-integration
protected/psr-4
protected/sanitizer-test
sanitizer-test
single-app-object
test
testing-php8.1
unify-method-naming
weblate-integration
wip-config-object
wip-hook-callbacks
wip-new-prefs
wip-no-prototype
wip-php8
wip-phpstan-level6
Web-based news feed aggregator
Linux User
summary
refs
log
tree
commit
diff
log msg
author
committer
range
Age
Commit message (
Expand
)
Author
2020-09-17
fetch_file_contents: validate effective URL (after redirects) without CURL
Andrew Dolgov
2020-09-17
fetch_file_contents: validate effective URL (after redirects) if using CURL
Andrew Dolgov
2020-09-17
don't try to update manually disabled feeds even if they haven't been updated...
Andrew Dolgov
2020-09-17
add gulp task for less compilation
Andrew Dolgov
2020-09-17
add makefile for less to css compilation
Andrew Dolgov
2020-09-17
forgotpass: use type strict comparison for reset token
Andrew Dolgov
2020-09-17
don't try to call hash_equals() on unset user token
Andrew Dolgov
2020-09-17
use hash_equals() correctly
Andrew Dolgov
2020-09-17
fix several cases of Db class being invoked as wrong name (as DB)
Andrew Dolgov
2020-09-17
replace some plain http links with https
Andrew Dolgov
2020-09-17
* use get_random_bytes() for CSRF token
Andrew Dolgov
2020-09-17
auth_internal: use type-strict comparison when checking OTP code
Andrew Dolgov
2020-09-17
fix typo in previous
Andrew Dolgov
2020-09-17
fix OTP QR code not displayed because of CSRF token passed as a query
Andrew Dolgov
2020-09-17
amend previous to 127/8 subnet
Andrew Dolgov
2020-09-17
fetch_file_contents: resolve requested hosts and check for possible
Andrew Dolgov
2020-09-16
build_url: also put query parameters and fragment in resulting URL
Andrew Dolgov
2020-09-16
subscribe: allow pre-filling feed URL if passed via query string
Andrew Dolgov
2020-09-16
cached_url: block SVG images because of potential javascript inside
Andrew Dolgov
2020-09-16
pass CSRF token to opml import and feed icon replace dialogs
Andrew Dolgov
2020-09-16
fix default password nag dialog, load via xhr
Andrew Dolgov
2020-09-15
editFeed: only try to reload feed tree in preferences if its actually there
Andrew Dolgov
2020-09-15
comments link: load in new tab
Andrew Dolgov
2020-09-15
editarticletags: load dialog via XHR
Andrew Dolgov
2020-09-15
handler: default base csrf_ignore() to false
Andrew Dolgov
2020-09-15
backend handler: require CSRF, remove obsolete code
Andrew Dolgov
2020-09-15
public/logout: require valid CSRF token
Andrew Dolgov
2020-09-15
Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection
Andrew Dolgov
2020-09-15
- backend: require CSRF token to be passed via POST
Andrew Dolgov
2020-09-15
don't pass csrf token as a GET parameter to Article
Andrew Dolgov
2020-09-15
require CSRF token for Article/redirect
Andrew Dolgov
2020-09-15
- enable CSRF support earlier
Andrew Dolgov
2020-09-15
af_proxy_http: require separate token to access imgproxy
Andrew Dolgov
2020-09-15
rewrite_relative_url: validate resulting absolutized URLs
Andrew Dolgov
2020-09-15
validate_url: only allow safe ports (80, 443), disallow access to loopback
Andrew Dolgov
2020-09-15
validate_url: add clean()
Andrew Dolgov
2020-09-15
rename base64_img() to image_to_base64()
Andrew Dolgov
2020-09-15
af_proxy_http: never print received data directly, always redirect to cached_url
Andrew Dolgov
2020-09-15
cached_url: perform mimetype validation before possible HOOK_SEND_LOCAL_FILE ...
Andrew Dolgov
2020-09-15
af_redditimgur: don't add embedded blank gif image for rewritten videos
Andrew Dolgov
2020-09-14
user preferences: forbid < and > characters when changing passwords (were sil...
Andrew Dolgov
2020-09-14
public/subscribe: require valid CSRF token when validating the form
Andrew Dolgov
2020-09-14
remove csrf token from rpc method sanityCheck
Andrew Dolgov
2020-09-14
- fix multiple vulnerabilities in af_proxy_http
Andrew Dolgov
2020-09-11
Merge branch 'weblate-integration'
Andrew Dolgov
2020-09-11
order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to...
Andrew Dolgov
2020-08-29
properly return counters for labels with zero assigned articles
Andrew Dolgov
2020-08-14
Merge branch 'master' of rodneys_mission/tt-rss into master
fox
2020-08-14
Silence php 7.2 error message generated in `session_set_cookie_params`.
Rodney Stromlund
2020-08-13
pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SOR...
Andrew Dolgov
[prev]
[next]