Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-09-15 | - enable CSRF support earlier | Andrew Dolgov | |
- remove rpc/sanityCheck from CSRF-excluded calls | |||
2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
2019-12-20 | get_version: fix commit/timestamp lost on subsequent invocations because of ↵ | Andrew Dolgov | |
misbehaving caching | |||
2019-12-05 | versioning changes | Andrew Dolgov | |
- remove VERSION_STATIC - https://community.tt-rss.org/t/versioning-changes-for-trunk/2974 - report git commit/timestamp properly by invoking git instead of trying to parse .git/HEAD etc - remove git-related global constants used when checking for updates | |||
2019-08-16 | af_readability: add missing file | Andrew Dolgov | |
2019-08-01 | change version.json endpoint URL | Andrew Dolgov | |
2019-03-21 | update: add option to send digests | Andrew Dolgov | |
2019-03-06 | remove feedbrowser (other feeds) | Andrew Dolgov | |
2019-03-06 | archived feeds: expire old entries (schema bump) | Andrew Dolgov | |
2019-01-03 | rpc, catchupfeed: return counters immediately so that frontend can figure ↵ | Andrew Dolgov | |
out next unread feed correctly | |||
2018-12-16 | rpc/checkforupdates: restrict to administrative access level | Andrew Dolgov | |
2018-12-16 | rework git update checking to be initiated by frontend, outside of runtime ↵ | Andrew Dolgov | |
info output | |||
2018-12-15 | rpc/getAllCounters: return seq | Andrew Dolgov | |
2018-12-12 | requestCounters: remove cooldown | Andrew Dolgov | |
2018-12-06 | force cast profile id to integer when assigning to session variable | Andrew Dolgov | |
2018-01-14 | rpc: addfeed: gets login and pass only if need_auth is checked. | Colin Vidal | |
Because of browser form auto-completion, the hidden field login and password can be automatically filled when adding a feed. It would enable feed authentication even if the user doesn't click on need_auth button. | |||
2017-12-04 | setpref: remove nl2br() | Andrew Dolgov | |
2017-12-03 | force strip_tags() on all user input unless explicitly allowed | Andrew Dolgov | |
2017-12-03 | completeLabels: use prepare() not query() | Andrew Dolgov | |
2017-12-02 | remove long forgotten stuff related to feed debugging actionbar | Andrew Dolgov | |
2017-12-02 | pref-prefs: PDO | Andrew Dolgov | |
2017-12-01 | rpc: switch to PDO | Andrew Dolgov | |
2017-05-16 | remove pubsubhubbub: dead | Andrew Dolgov | |
2017-05-05 | wrap rssfuncs into rssutils class | Andrew Dolgov | |
2017-05-05 | move counter stuff to a separate class | Andrew Dolgov | |
2017-05-04 | move a bunch of functions into Feeds/Article namespaces | Andrew Dolgov | |
+ static function catchupArticlesById($ids, $cmode, $owner_uid = false) { + static function getLastArticleId() { + static function queryFeedHeadlines($params) { + static function getParentCategories($cat, $owner_uid) { + static function getChildCategories($cat, $owner_uid) { move the rest of functions2.php back to functions.php as it is of more manageable size, remove the former | |||
2017-05-04 | move to Article: | Andrew Dolgov | |
+ static function purge_orphans($do_output = false) { move to Feeds + static function getGlobalUnread($user_id = false) { + static function getCategoryTitle($cat_id) { + static function getLabelUnread($label_id, $owner_uid = false) { | |||
2017-05-04 | move the following to Feeds: | Andrew Dolgov | |
+ static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) { + static function getFeedArticles($feed, $is_cat = false, $unread_only = false, + static function subscribe_to_feed($url, $cat_id = 0, + static function getFeedIcon($id) { + static function getFeedTitle($id, $cat = false) { + static function getCategoryUnread($cat, $owner_uid = false) { + static function getCategoryChildrenUnread($cat, $owner_uid = false) { | |||
2017-04-26 | remove some redundant php closing tags | Andrew Dolgov | |
2017-04-26 | fix various issues reported by static analysis | Andrew Dolgov | |
update gitlab-ci config | |||
2017-03-31 | filter by search results while marking feed as read | Andrew Dolgov | |
2017-03-05 | improve JS error logging with additional stuff | Andrew Dolgov | |
2017-01-23 | reference pubsubhubbub classes using their namespace | Andrew Dolgov | |
2016-07-05 | fix sql error when subscribing to a feed using feed archive | Andrew Dolgov | |
2016-03-30 | set smallish timeout on update check, exclude update checking on initial load | Andrew Dolgov | |
2016-01-26 | fix multiple issues with archived feeds | Andrew Dolgov | |
2016-01-04 | do not automatically call cleanup_tags() in housekeeping tasks | Andrew Dolgov | |
2015-09-26 | rpc, setpref: properly save settings to active profile | Andrew Dolgov | |
2015-05-21 | Make _DISABLE_FEED_BROWSER also disable the updateFeedBrowser RPC | Anders Kaseorg | |
The undocumented _DISABLE_FEED_BROWSER option added in commit c39befacb29f3f709e2d248ab6d6235524d6e929 turns off the UI for looking at which feeds other users are subscribed to, but it did not prevent you from manually constructing an RPC call to get the same data. This was a privacy risk for those who consider _DISABLE_FEED_BROWSER important. Signed-off-by: Anders Kaseorg <[email protected]> | |||
2014-02-19 | remove some unused code reported by phpmd | Andrew Dolgov | |
2013-08-25 | fix globalUpdateFeeds failing when no active session exists | Andrew Dolgov | |
2013-07-24 | make globalUpdateFeeds handler use simple update mechanism to prevent script ↵ | Andrew Dolgov | |
timeouts | |||
2013-07-11 | share: move unsharing all articles into the plugin | Andrew Dolgov | |
2013-05-07 | Fixing bugs found by static analysis | Rasmus Lerdorf | |
2013-04-29 | do not use session cookie lifetime for additional cookies | Andrew Dolgov | |
2013-04-26 | add automatic timezone (based on client tz offset) | Andrew Dolgov | |
2013-04-20 | better javascript error reporting, save error reports in tt-rss log | Andrew Dolgov | |
2013-04-18 | move db-prefs to OO | Andrew Dolgov | |
2013-04-17 | classes: use OO DB interface | Andrew Dolgov | |
2013-04-17 | fix blank character after opening bracket in function calls | Andrew Dolgov | |