Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-02-23 | drop errors.php and simplify error handling | Andrew Dolgov | |
2021-02-22 | wip: initial for config object | Andrew Dolgov | |
2021-02-22 | fix several issues reported by phpstan | Andrew Dolgov | |
2021-02-21 | move published OPML endpoint to public.php | Andrew Dolgov | |
2021-02-19 | rename public.php/cached_url to cached | Andrew Dolgov | |
2021-02-19 | move bookmarklet-related methods out of public.php into the plugin | Andrew Dolgov | |
2021-02-18 | get rid of a few more prototype-isms | Andrew Dolgov | |
2021-02-18 | initial for RIP prototype/scriptaculous | Andrew Dolgov | |
2021-02-17 | * implement shortcut syntax for exposed plugin methods | Andrew Dolgov | |
* move shared article rendering code to share plugin | |||
2021-02-16 | add namespaced controls with unified naming; deprecated old-style control ↵ | Andrew Dolgov | |
shortcuts | |||
2021-02-15 | move reset_password to UserHelper | Andrew Dolgov | |
2021-02-15 | dbupdater: unify naming | Andrew Dolgov | |
2021-02-15 | diskcache: unify naming | Andrew Dolgov | |
2021-02-15 | prefs: unify naming | Andrew Dolgov | |
2021-02-15 | article: unify naming | Andrew Dolgov | |
2021-02-15 | feeds: unify naming | Andrew Dolgov | |
2021-02-15 | render enclosures on the client | Andrew Dolgov | |
2021-02-14 | move logout_user() to UserHelper | Andrew Dolgov | |
2021-02-14 | use shortcut echo syntax for php templates | Andrew Dolgov | |
2021-02-12 | fix a bunch of warnings related to generated feeds | Andrew Dolgov | |
2021-02-12 | force _ENABLED_PLUGINS to string when passed to pluginhost | Andrew Dolgov | |
2021-02-11 | shorten pref tab names; make log-alert clickable | Andrew Dolgov | |
2021-02-11 | add UserHelper::find_user_by_login() and rewrite some user checks to invoke ↵ | Andrew Dolgov | |
it instead of going through PDO | |||
2021-02-11 | authentication: make logins case-insensitive (force lowercase) | Andrew Dolgov | |
2021-02-08 | login: fix profile warning | Andrew Dolgov | |
2021-02-08 | even more hooks | Andrew Dolgov | |
2021-02-08 | pluginhost: rework run_hooks() to be shorter, add callback variant; ↵ | Andrew Dolgov | |
implement exception handling for both | |||
2021-02-08 | public/subscribe: fix warnings | Andrew Dolgov | |
2021-02-06 | more php8 fixes mostly related to login | Andrew Dolgov | |
2021-02-05 | initial WIP for php8; bump php version requirement to 7.0 | Andrew Dolgov | |
2021-01-17 | Archive cleanup: | Andrew Dolgov | |
- remove code to manually archive/unarchive articles - remove ttrss_archived_feeds/orig_feed_id handling - the whole thing was implemented for this data to be kept indefinitely; it doesn't make a lot of sense to deal with this stuff now that it is expired after one month anyway (same reasons as feed browser being removed - privacy) - remove "originally from"-related stuff because of the above - also remove unused remaining frontend/backend code related to feed browser (rip) | |||
2021-01-15 | pluginhost: load plugin data automatically (also marks load_data method as ↵ | Andrew Dolgov | |
private) | |||
2021-01-11 | HOOK_ARTICLE_EXPORT_FEED: also pass owner_uid | Andrew Dolgov | |
2021-01-10 | Include tags for HOOK_ARTICLE_EXPORT_FEED. | JustAMacUser | |
2021-01-05 | use X-Real-IP headers if possible while authenticating | Andrew Dolgov | |
2020-09-23 | move timestamp-related stuff to a separate class | Andrew Dolgov | |
2020-09-22 | remove a lot of stuff from global context (functions.php), add a few helper ↵ | Andrew Dolgov | |
classes instead | |||
2020-09-18 | add basic safe mode which doesn't load any user plugins | Andrew Dolgov | |
2020-09-17 | forgotpass: use type strict comparison for reset token | Andrew Dolgov | |
2020-09-17 | fix OTP QR code not displayed because of CSRF token passed as a query | Andrew Dolgov | |
parameter use type-strict comparison when validating CSRF token on the backend | |||
2020-09-16 | subscribe: allow pre-filling feed URL if passed via query string | Andrew Dolgov | |
2020-09-15 | public/logout: require valid CSRF token | Andrew Dolgov | |
2020-09-15 | - backend: require CSRF token to be passed via POST | Andrew Dolgov | |
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST | |||
2020-09-14 | public/subscribe: require valid CSRF token when validating the form | Andrew Dolgov | |
2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
2020-08-14 | Silence php 7.2 error message generated in `session_set_cookie_params`. | Rodney Stromlund | |
2020-08-13 | move order_by to SQL override logic into a separate function | Andrew Dolgov | |
2020-08-11 | instead of taking batch timestamp and score (?) into account, make oldest ↵ | Andrew Dolgov | |
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp | |||
2020-03-13 | allow overriding built-in templates via templates.local | Andrew Dolgov | |
2020-02-27 | external subscribe dialog: support dark theme | Andrew Dolgov | |