summaryrefslogtreecommitdiff
path: root/classes/handler
AgeCommit message (Collapse)Author
2021-02-12force _ENABLED_PLUGINS to string when passed to pluginhostAndrew Dolgov
2021-02-11shorten pref tab names; make log-alert clickableAndrew Dolgov
2021-02-11add UserHelper::find_user_by_login() and rewrite some user checks to invoke ↵Andrew Dolgov
it instead of going through PDO
2021-02-11authentication: make logins case-insensitive (force lowercase)Andrew Dolgov
2021-02-08login: fix profile warningAndrew Dolgov
2021-02-08even more hooksAndrew Dolgov
2021-02-08pluginhost: rework run_hooks() to be shorter, add callback variant; ↵Andrew Dolgov
implement exception handling for both
2021-02-08public/subscribe: fix warningsAndrew Dolgov
2021-02-06more php8 fixes mostly related to loginAndrew Dolgov
2021-02-05initial WIP for php8; bump php version requirement to 7.0Andrew Dolgov
2021-01-17Archive cleanup:Andrew Dolgov
- remove code to manually archive/unarchive articles - remove ttrss_archived_feeds/orig_feed_id handling - the whole thing was implemented for this data to be kept indefinitely; it doesn't make a lot of sense to deal with this stuff now that it is expired after one month anyway (same reasons as feed browser being removed - privacy) - remove "originally from"-related stuff because of the above - also remove unused remaining frontend/backend code related to feed browser (rip)
2021-01-15pluginhost: load plugin data automatically (also marks load_data method as ↵Andrew Dolgov
private)
2021-01-11HOOK_ARTICLE_EXPORT_FEED: also pass owner_uidAndrew Dolgov
2021-01-10Include tags for HOOK_ARTICLE_EXPORT_FEED.JustAMacUser
2021-01-05use X-Real-IP headers if possible while authenticatingAndrew Dolgov
2020-09-23move timestamp-related stuff to a separate classAndrew Dolgov
2020-09-22remove a lot of stuff from global context (functions.php), add a few helper ↵Andrew Dolgov
classes instead
2020-09-18add basic safe mode which doesn't load any user pluginsAndrew Dolgov
2020-09-17forgotpass: use type strict comparison for reset tokenAndrew Dolgov
2020-09-17fix OTP QR code not displayed because of CSRF token passed as a queryAndrew Dolgov
parameter use type-strict comparison when validating CSRF token on the backend
2020-09-16subscribe: allow pre-filling feed URL if passed via query stringAndrew Dolgov
2020-09-15public/logout: require valid CSRF tokenAndrew Dolgov
2020-09-15- backend: require CSRF token to be passed via POSTAndrew Dolgov
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST
2020-09-14public/subscribe: require valid CSRF token when validating the formAndrew Dolgov
2020-09-14- fix multiple vulnerabilities in af_proxy_httpAndrew Dolgov
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions
2020-08-14Silence php 7.2 error message generated in `session_set_cookie_params`.Rodney Stromlund
2020-08-13move order_by to SQL override logic into a separate functionAndrew Dolgov
2020-08-11instead of taking batch timestamp and score (?) into account, make oldest ↵Andrew Dolgov
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-03-13allow overriding built-in templates via templates.localAndrew Dolgov
2020-02-27external subscribe dialog: support dark themeAndrew Dolgov
2020-02-27share anything dialog: support dark themeAndrew Dolgov
2020-02-22don't generate default.css, replace with themes/light.css as a default root ↵Andrew Dolgov
CSS file
2020-01-19support night mode when using share by URLAndrew Dolgov
2020-01-13generate_syndicated_feed: use local media in generated feeds if it is availableAndrew Dolgov
2019-12-18remove version.php and VERSION global constant, do version-related things in ↵Andrew Dolgov
a slightly less ridiculous way
2019-10-09add notifications for mail and password changesAndrew Dolgov
update and shorten some other message templates
2019-09-17Removed extra php end tag that was showing in the page titleRodney Stromlund
2019-08-16af_readability: add missing fileAndrew Dolgov
2019-08-15public/pluginhandler: log invalid requestsAndrew Dolgov
2019-08-14Article::get_article_image() - also return stream URI if possibleAndrew Dolgov
2019-08-14* move get_article_image to Article; implement better og:image detection ↵Andrew Dolgov
(similar to android app) * pass article image to API clients in headlines row object
2019-08-14public/cached_url: forbid sending files with extensionsAndrew Dolgov
2019-08-14DiskCache: more strict checking for input filenames, getUrl() is no longer ↵Andrew Dolgov
static
2019-08-13* HOOK_ENCLOSURE_ENTRY: pass article_id to handlerAndrew Dolgov
* DiskCache: multiple fixes; support isWritable() for cache entries, set content-disposition for send() * public/cached_url: allow selecting files from sub-caches other than images * plugins/Cache_Starred_Images: rework to use DiskCache, can be enabled per-user, properly handles article enclosures, etc
2019-08-13move rewrite_cached_urls to DiskCache::rewriteUrls()Andrew Dolgov
2019-08-13add DiskCache.getUrl() and use it in a bunch of placesAndrew Dolgov
2019-07-05public: fix share() returning random unshared articles if uuid is not givenAndrew Dolgov
2019-06-20move several more global functions to more appropriate classesAndrew Dolgov
2019-06-20get_feeds_from_html: remove XML preamble hackAndrew Dolgov
move several related helper functions to Feeds class
2019-03-21domdocument: remove old meta charset unicode hacks, replace with shorter xml ↵Andrew Dolgov
preamble utf8 hack (on loadhtml where it makes sense) af_readability: better (?) charset hack for non-unicode pages
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 13:55:37 +0000