tt-rss.git - Unnamed repository; edit this file 'description' to name the repository.

Age	Commit message (Collapse)	Author
2020-09-28	update_rss_feed: fallback to previous method if passthru() is not available	Andrew Dolgov

2020-09-28	validate url: feed urlencoded() URL to filter_var() only	Andrew Dolgov

2020-09-28	accept -1 as a valid exit code for per-feed update processes	Andrew Dolgov

2020-09-28	don't mention last_updated in non-zero failure error message because that's ↵	Andrew Dolgov
	not what it means
2020-09-28	improve logging for per-feed update task failures	Andrew Dolgov

2020-09-27	update_rss_feed: don't return as if failed on http 304	Andrew Dolgov

2020-09-27	update-feed: exit with non-zero exit code if update_rss_feed() failed	Andrew Dolgov
	daemon: log if per-feed update task terminated with non-zero exit code
2020-09-27	lock per-feed update processes based on feed ID to reduce possibilty	Andrew Dolgov
	of concurrent updates
2020-09-27	update individual feed in a separate process to prevent PHP fatal errors	Andrew Dolgov
	(for example, OOM) from stopping the entire batch this should also slightly increase memory budget for update processes
2020-09-25	Merge branch 'master' of git.fakecake.org:tt-rss	Andrew Dolgov

2020-09-25	search_to_sql: use per-user default language instead of hardcoded english if ↵	Andrew Dolgov
	isn't specified explicitly
2020-09-23	prev: add missing class	Andrew Dolgov

2020-09-23	move timestamp-related stuff to a separate class	Andrew Dolgov

2020-09-22	fix updater never scheduling feeds for update if they never been updated ↵	Andrew Dolgov
	before while having default update interval set
2020-09-22	another hack for validation of URLs with invalid characters	Andrew Dolgov

2020-09-22	validate URLs: convert IDN to punycode before passing URL to filter_var()	Andrew Dolgov

2020-09-22	use self:: in some places to invoke static methods from the same class	Andrew Dolgov

2020-09-22	- don't fail on non-ascii characters when validating URLs	Andrew Dolgov
	- fix IDN hostnames not being converted properly
2020-09-22	fix previous re: resolve_redirects	Andrew Dolgov

2020-09-22	remove a lot of stuff from global context (functions.php), add a few helper ↵	Andrew Dolgov
	classes instead
2020-09-21	clarify some URL validation-related error messages	Andrew Dolgov

2020-09-21	update_rss_feed: log effective URL after fetching	Andrew Dolgov
	validate_url: treat scheme as case-insensitive
2020-09-19	update URL pointing to version.json	Andrew Dolgov

2020-09-18	add basic safe mode which doesn't load any user plugins	Andrew Dolgov

2020-09-17	replace FALSE with false so that static analyzer shuts up about it	Andrew Dolgov

2020-09-17	don't try to update manually disabled feeds even if they haven't been ↵	Andrew Dolgov
	updated before or are marked for a manual update
2020-09-17	forgotpass: use type strict comparison for reset token	Andrew Dolgov

2020-09-17	fix several cases of Db class being invoked as wrong name (as DB)	Andrew Dolgov

2020-09-17	fix typo in previous	Andrew Dolgov

2020-09-17	fix OTP QR code not displayed because of CSRF token passed as a query	Andrew Dolgov
	parameter use type-strict comparison when validating CSRF token on the backend
2020-09-16	subscribe: allow pre-filling feed URL if passed via query string	Andrew Dolgov

2020-09-16	pass CSRF token to opml import and feed icon replace dialogs	Andrew Dolgov

2020-09-15	editarticletags: load dialog via XHR	Andrew Dolgov

2020-09-15	handler: default base csrf_ignore() to false	Andrew Dolgov

2020-09-15	backend handler: require CSRF, remove obsolete code	Andrew Dolgov

2020-09-15	public/logout: require valid CSRF token	Andrew Dolgov

2020-09-15	Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection	Andrew Dolgov

2020-09-15	- backend: require CSRF token to be passed via POST	Andrew Dolgov
	- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST
2020-09-15	require CSRF token for Article/redirect	Andrew Dolgov

2020-09-15	- enable CSRF support earlier	Andrew Dolgov
	- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15	af_proxy_http: never print received data directly, always redirect to cached_url	Andrew Dolgov
	cache/getUrl: basename() passed filename just in case
2020-09-14	user preferences: forbid < and > characters when changing passwords (were ↵	Andrew Dolgov
	silently stripped on save because of clean())
2020-09-14	public/subscribe: require valid CSRF token when validating the form	Andrew Dolgov

2020-09-14	- fix multiple vulnerabilities in af_proxy_http	Andrew Dolgov
	- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-11	order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins ↵	Andrew Dolgov
	to override built-in sorting
2020-08-29	properly return counters for labels with zero assigned articles	Andrew Dolgov
	refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766
2020-08-14	Silence php 7.2 error message generated in `session_set_cookie_params`.	Rodney Stromlund

2020-08-13	pluginhost: allow overriding default sort modes via ↵	Andrew Dolgov
	HOOK_HEADLINES_CUSTOM_SORT_MAP etc
2020-08-13	move order_by to SQL override logic into a separate function	Andrew Dolgov

2020-08-11	instead of taking batch timestamp and score (?) into account, make oldest ↵	Andrew Dolgov
	first sorting work consistently with newest first - i.e. rely on feed-provided timestamp