summaryrefslogtreecommitdiff
path: root/classes
AgeCommit message (Collapse)Author
2020-09-18add basic safe mode which doesn't load any user pluginsAndrew Dolgov
2020-09-17replace FALSE with false so that static analyzer shuts up about itAndrew Dolgov
2020-09-17don't try to update manually disabled feeds even if they haven't been ↵Andrew Dolgov
updated before or are marked for a manual update
2020-09-17forgotpass: use type strict comparison for reset tokenAndrew Dolgov
2020-09-17fix several cases of Db class being invoked as wrong name (as DB)Andrew Dolgov
2020-09-17fix typo in previousAndrew Dolgov
2020-09-17fix OTP QR code not displayed because of CSRF token passed as a queryAndrew Dolgov
parameter use type-strict comparison when validating CSRF token on the backend
2020-09-16subscribe: allow pre-filling feed URL if passed via query stringAndrew Dolgov
2020-09-16pass CSRF token to opml import and feed icon replace dialogsAndrew Dolgov
2020-09-15editarticletags: load dialog via XHRAndrew Dolgov
2020-09-15handler: default base csrf_ignore() to falseAndrew Dolgov
2020-09-15backend handler: require CSRF, remove obsolete codeAndrew Dolgov
2020-09-15public/logout: require valid CSRF tokenAndrew Dolgov
2020-09-15Feeds: load quickaddfeed and search dialogs via XHR w/ CSRF protectionAndrew Dolgov
2020-09-15- backend: require CSRF token to be passed via POSTAndrew Dolgov
- do not leak CSRF token via GET request in feed debugger - rework Article/redirect to use POST
2020-09-15require CSRF token for Article/redirectAndrew Dolgov
2020-09-15- enable CSRF support earlierAndrew Dolgov
- remove rpc/sanityCheck from CSRF-excluded calls
2020-09-15af_proxy_http: never print received data directly, always redirect to cached_urlAndrew Dolgov
cache/getUrl: basename() passed filename just in case
2020-09-14user preferences: forbid < and > characters when changing passwords (were ↵Andrew Dolgov
silently stripped on save because of clean())
2020-09-14public/subscribe: require valid CSRF token when validating the formAndrew Dolgov
2020-09-14- fix multiple vulnerabilities in af_proxy_httpAndrew Dolgov
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-11order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins ↵Andrew Dolgov
to override built-in sorting
2020-08-29properly return counters for labels with zero assigned articlesAndrew Dolgov
refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766
2020-08-14Silence php 7.2 error message generated in `session_set_cookie_params`.Rodney Stromlund
2020-08-13pluginhost: allow overriding default sort modes via ↵Andrew Dolgov
HOOK_HEADLINES_CUSTOM_SORT_MAP etc
2020-08-13move order_by to SQL override logic into a separate functionAndrew Dolgov
2020-08-11instead of taking batch timestamp and score (?) into account, make oldest ↵Andrew Dolgov
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
2020-08-10OPML: export/import per-feed purge intervalAndrew Dolgov
2020-08-01more int/string type mismatches on getCategoriesPaco Esteban
2020-07-31make sure all ints are casted (to int) on getCategoriesPaco Esteban
2020-07-01Merge branch 'bugfix/invalid-opml' of wn/tt-rss into masterfox
2020-07-01when exporting OPML via web UI, add user login to the filenameAndrew Dolgov
2020-07-01prefs: show disabled filters properly on mysqlAndrew Dolgov
2020-07-01prefs: show root of filter tree as enabled so it's not grayed outAndrew Dolgov
2020-06-27Properly check if OPML file was loaded during import.wn_
2020-06-24core: pass found enclosures to HOOK_ARTICLE_FILTERAndrew Dolgov
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
2020-06-15better support for image srcset attributes as discussed in ↵Andrew Dolgov
https://community.tt-rss.org/t/problem-with-img-srcset/3519
2020-06-05eslint-related fixes; move a few things from global context to AppAndrew Dolgov
2020-05-22when removing favicon, reset its auto-refresh timerAndrew Dolgov
2020-05-17calculate_article_hash: don't die() on previous, woopsAndrew Dolgov
2020-05-17calculate_article_hash: ignore some useless or read-only fields (i.e. GUID) ↵Andrew Dolgov
when calculating hash
2020-05-17* store UID in article hashed GUID separately so it could be migrated ↵Andrew Dolgov
cleanly to a different instance * store resulting GUID as a JSON object so it could be extended easier if needed
2020-05-13add --opml-export to update.phpAndrew Dolgov
2020-05-12DiskCache: append fake file extension when sending cached files based on ↵Andrew Dolgov
mime type to make saving files easier
2020-04-29DiskCache: properly deal with srcset attributesAndrew Dolgov
2020-04-29remove unneeded var_dump()Andrew Dolgov
2020-04-29* add HOOK_ENCLOSURE_IMPORTEDAndrew Dolgov
* pass feed id to HOOK_FEED_PARSED
2020-04-04search: add support for label:XXX search keywordAndrew Dolgov
Labels: enforce case-insensitive lookups when creating/looking for labels
2020-03-13allow overriding built-in templates via templates.localAndrew Dolgov
2020-03-12add support for video[@src] in media cachelllusion3418
it's a valid alternative to a source[@src] child element: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/video
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-03 00:08:16 +0000