summaryrefslogtreecommitdiff
path: root/classes/handler/public.php
AgeCommit message (Collapse)Author
2020-09-23move timestamp-related stuff to a separate classAndrew Dolgov
2020-09-22remove a lot of stuff from global context (functions.php), add a few helper ↵Andrew Dolgov
classes instead
2020-09-18add basic safe mode which doesn't load any user pluginsAndrew Dolgov
2020-09-17forgotpass: use type strict comparison for reset tokenAndrew Dolgov
2020-09-17fix OTP QR code not displayed because of CSRF token passed as a queryAndrew Dolgov
parameter use type-strict comparison when validating CSRF token on the backend
2020-09-16subscribe: allow pre-filling feed URL if passed via query stringAndrew Dolgov
2020-09-15public/logout: require valid CSRF tokenAndrew Dolgov
2020-09-15- backend: require CSRF token to be passed via POSTAndrew Dolgov
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST
2020-09-14public/subscribe: require valid CSRF token when validating the formAndrew Dolgov
2020-09-14- fix multiple vulnerabilities in af_proxy_httpAndrew Dolgov
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions
2020-08-14Silence php 7.2 error message generated in `session_set_cookie_params`.Rodney Stromlund
2020-08-13move order_by to SQL override logic into a separate functionAndrew Dolgov
2020-08-11instead of taking batch timestamp and score (?) into account, make oldest ↵Andrew Dolgov
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-03-13allow overriding built-in templates via templates.localAndrew Dolgov
2020-02-27external subscribe dialog: support dark themeAndrew Dolgov
2020-02-27share anything dialog: support dark themeAndrew Dolgov
2020-02-22don't generate default.css, replace with themes/light.css as a default root ↵Andrew Dolgov
CSS file
2020-01-19support night mode when using share by URLAndrew Dolgov
2020-01-13generate_syndicated_feed: use local media in generated feeds if it is availableAndrew Dolgov
2019-12-18remove version.php and VERSION global constant, do version-related things in ↵Andrew Dolgov
a slightly less ridiculous way
2019-10-09add notifications for mail and password changesAndrew Dolgov
update and shorten some other message templates
2019-09-17Removed extra php end tag that was showing in the page titleRodney Stromlund
2019-08-16af_readability: add missing fileAndrew Dolgov
2019-08-15public/pluginhandler: log invalid requestsAndrew Dolgov
2019-08-14Article::get_article_image() - also return stream URI if possibleAndrew Dolgov
2019-08-14* move get_article_image to Article; implement better og:image detection ↵Andrew Dolgov
(similar to android app) * pass article image to API clients in headlines row object
2019-08-14public/cached_url: forbid sending files with extensionsAndrew Dolgov
2019-08-14DiskCache: more strict checking for input filenames, getUrl() is no longer ↵Andrew Dolgov
static
2019-08-13* HOOK_ENCLOSURE_ENTRY: pass article_id to handlerAndrew Dolgov
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send() * public/cached_url: allow selecting files from sub-caches other than images * plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13move rewrite_cached_urls to DiskCache::rewriteUrls()Andrew Dolgov
2019-08-13add DiskCache.getUrl() and use it in a bunch of placesAndrew Dolgov
2019-07-05public: fix share() returning random unshared articles if uuid is not givenAndrew Dolgov
2019-06-20move several more global functions to more appropriate classesAndrew Dolgov
2019-06-20get_feeds_from_html: remove XML preamble hackAndrew Dolgov
move several related helper functions to Feeds class
2019-03-21domdocument: remove old meta charset unicode hacks, replace with shorter xml ↵Andrew Dolgov
preamble utf8 hack (on loadhtml where it makes sense) af_readability: better (?) charset hack for non-unicode pages
2019-03-19share: further improve og:description excerpt logic, minor layout stuffAndrew Dolgov
2019-03-19share: decode entities in metadata fields so that length limits would make ↵Andrew Dolgov
more sense
2019-03-08css: insensitive -> text-mutedAndrew Dolgov
2019-03-07Merge branch 'master' of git.fakecake.org:tt-rssAndrew Dolgov
2019-03-07update CLI schema updater with newer warningsAndrew Dolgov
2019-03-06oops, fix typoAndrew Dolgov
2019-03-06dbupdater: add mysql transaction warningAndrew Dolgov
2019-03-06some dbupdater improvements; fix schema 136 syntax for mysqlAndrew Dolgov
2019-03-06archived feeds: expire old entries (schema bump)Andrew Dolgov
2019-03-05update notifications to make them more visibleAndrew Dolgov
cleanup some minor stuff in pref-users
2019-03-04login: switch to absolute redirect urlsAndrew Dolgov
2019-03-04Revert "login: only allow relative URLs in return="Andrew Dolgov
This reverts commit c68ac04020d85a296c784de18f8def3f365f9f6a.
2019-03-03login: only allow relative URLs in return=Andrew Dolgov
2019-03-03public/subscribe: add basic dialog to enter feed urlsAndrew Dolgov
2019-02-23fill in some missing doctypes; use short doctype where it wasn'tAndrew Dolgov
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-28 11:18:06 +0000