Age | Commit message (Collapse) | Author | |
---|---|---|---|
2021-02-08 | public/subscribe: fix warnings | Andrew Dolgov | |
2021-02-06 | more php8 fixes mostly related to login | Andrew Dolgov | |
2021-02-05 | initial WIP for php8; bump php version requirement to 7.0 | Andrew Dolgov | |
2021-01-17 | Archive cleanup: | Andrew Dolgov | |
- remove code to manually archive/unarchive articles - remove ttrss_archived_feeds/orig_feed_id handling - the whole thing was implemented for this data to be kept indefinitely; it doesn't make a lot of sense to deal with this stuff now that it is expired after one month anyway (same reasons as feed browser being removed - privacy) - remove "originally from"-related stuff because of the above - also remove unused remaining frontend/backend code related to feed browser (rip) | |||
2021-01-15 | pluginhost: load plugin data automatically (also marks load_data method as ↵ | Andrew Dolgov | |
private) | |||
2021-01-11 | HOOK_ARTICLE_EXPORT_FEED: also pass owner_uid | Andrew Dolgov | |
2021-01-10 | Include tags for HOOK_ARTICLE_EXPORT_FEED. | JustAMacUser | |
2021-01-05 | use X-Real-IP headers if possible while authenticating | Andrew Dolgov | |
2020-09-23 | move timestamp-related stuff to a separate class | Andrew Dolgov | |
2020-09-22 | remove a lot of stuff from global context (functions.php), add a few helper ↵ | Andrew Dolgov | |
classes instead | |||
2020-09-18 | add basic safe mode which doesn't load any user plugins | Andrew Dolgov | |
2020-09-17 | forgotpass: use type strict comparison for reset token | Andrew Dolgov | |
2020-09-17 | fix OTP QR code not displayed because of CSRF token passed as a query | Andrew Dolgov | |
parameter use type-strict comparison when validating CSRF token on the backend | |||
2020-09-16 | subscribe: allow pre-filling feed URL if passed via query string | Andrew Dolgov | |
2020-09-15 | public/logout: require valid CSRF token | Andrew Dolgov | |
2020-09-15 | - backend: require CSRF token to be passed via POST | Andrew Dolgov | |
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST | |||
2020-09-14 | public/subscribe: require valid CSRF token when validating the form | Andrew Dolgov | |
2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
2020-08-14 | Silence php 7.2 error message generated in `session_set_cookie_params`. | Rodney Stromlund | |
2020-08-13 | move order_by to SQL override logic into a separate function | Andrew Dolgov | |
2020-08-11 | instead of taking batch timestamp and score (?) into account, make oldest ↵ | Andrew Dolgov | |
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp | |||
2020-03-13 | allow overriding built-in templates via templates.local | Andrew Dolgov | |
2020-02-27 | external subscribe dialog: support dark theme | Andrew Dolgov | |
2020-02-27 | share anything dialog: support dark theme | Andrew Dolgov | |
2020-02-22 | don't generate default.css, replace with themes/light.css as a default root ↵ | Andrew Dolgov | |
CSS file | |||
2020-01-19 | support night mode when using share by URL | Andrew Dolgov | |
2020-01-13 | generate_syndicated_feed: use local media in generated feeds if it is available | Andrew Dolgov | |
2019-12-18 | remove version.php and VERSION global constant, do version-related things in ↵ | Andrew Dolgov | |
a slightly less ridiculous way | |||
2019-10-09 | add notifications for mail and password changes | Andrew Dolgov | |
update and shorten some other message templates | |||
2019-09-17 | Removed extra php end tag that was showing in the page title | Rodney Stromlund | |
2019-08-16 | af_readability: add missing file | Andrew Dolgov | |
2019-08-15 | public/pluginhandler: log invalid requests | Andrew Dolgov | |
2019-08-14 | Article::get_article_image() - also return stream URI if possible | Andrew Dolgov | |
2019-08-14 | * move get_article_image to Article; implement better og:image detection ↵ | Andrew Dolgov | |
(similar to android app) * pass article image to API clients in headlines row object | |||
2019-08-14 | public/cached_url: forbid sending files with extensions | Andrew Dolgov | |
2019-08-14 | DiskCache: more strict checking for input filenames, getUrl() is no longer ↵ | Andrew Dolgov | |
static | |||
2019-08-13 | * HOOK_ENCLOSURE_ENTRY: pass article_id to handler | Andrew Dolgov | |
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send() * public/cached_url: allow selecting files from sub-caches other than images * plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc | |||
2019-08-13 | move rewrite_cached_urls to DiskCache::rewriteUrls() | Andrew Dolgov | |
2019-08-13 | add DiskCache.getUrl() and use it in a bunch of places | Andrew Dolgov | |
2019-07-05 | public: fix share() returning random unshared articles if uuid is not given | Andrew Dolgov | |
2019-06-20 | move several more global functions to more appropriate classes | Andrew Dolgov | |
2019-06-20 | get_feeds_from_html: remove XML preamble hack | Andrew Dolgov | |
move several related helper functions to Feeds class | |||
2019-03-21 | domdocument: remove old meta charset unicode hacks, replace with shorter xml ↵ | Andrew Dolgov | |
preamble utf8 hack (on loadhtml where it makes sense) af_readability: better (?) charset hack for non-unicode pages | |||
2019-03-19 | share: further improve og:description excerpt logic, minor layout stuff | Andrew Dolgov | |
2019-03-19 | share: decode entities in metadata fields so that length limits would make ↵ | Andrew Dolgov | |
more sense | |||
2019-03-08 | css: insensitive -> text-muted | Andrew Dolgov | |
2019-03-07 | Merge branch 'master' of git.fakecake.org:tt-rss | Andrew Dolgov | |
2019-03-07 | update CLI schema updater with newer warnings | Andrew Dolgov | |
2019-03-06 | oops, fix typo | Andrew Dolgov | |
2019-03-06 | dbupdater: add mysql transaction warning | Andrew Dolgov | |