Age | Commit message (Collapse) | Author |
|
- fix IDN hostnames not being converted properly
|
|
|
|
classes instead
|
|
|
|
validate_url: treat scheme as case-insensitive
|
|
|
|
|
|
|
|
updated before or are marked for a manual update
|
|
|
|
|
|
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
|
|
- remove rpc/sanityCheck from CSRF-excluded calls
|
|
cache/getUrl: basename() passed filename just in case
|
|
silently stripped on save because of clean())
|
|
|
|
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
|
|
to override built-in sorting
|
|
refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766
|
|
|
|
HOOK_HEADLINES_CUSTOM_SORT_MAP etc
|
|
|
|
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail
|
|
https://community.tt-rss.org/t/problem-with-img-srcset/3519
|
|
|
|
|
|
|
|
when calculating hash
|
|
cleanly to a different instance
* store resulting GUID as a JSON object so it could be extended easier if needed
|
|
|
|
mime type to make saving files easier
|