Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
bump severity of PDO exception log messages to E_USER_WARNING
|
|
|
|
|
|
|
|
|
|
not what it means
|
|
|
|
|
|
daemon: log if per-feed update task terminated with non-zero exit code
|
|
of concurrent updates
|
|
(for example, OOM) from stopping the entire batch
this should also slightly increase memory budget for update processes
|
|
|
|
isn't specified explicitly
|
|
|
|
|
|
before while having default update interval set
|
|
|
|
|
|
|
|
- fix IDN hostnames not being converted properly
|
|
|
|
classes instead
|
|
|
|
validate_url: treat scheme as case-insensitive
|
|
|
|
|
|
|
|
updated before or are marked for a manual update
|
|
|
|
|
|
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
|
|
|
- remove rpc/sanityCheck from CSRF-excluded calls
|
|
cache/getUrl: basename() passed filename just in case
|
|
silently stripped on save because of clean())
|
|
|
|
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
|