Age | Commit message (Collapse) | Author | |
---|---|---|---|
2020-09-15 | af_proxy_http: never print received data directly, always redirect to cached_url | Andrew Dolgov | |
cache/getUrl: basename() passed filename just in case | |||
2020-09-14 | user preferences: forbid < and > characters when changing passwords (were ↵ | Andrew Dolgov | |
silently stripped on save because of clean()) | |||
2020-09-14 | public/subscribe: require valid CSRF token when validating the form | Andrew Dolgov | |
2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
2020-09-11 | order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins ↵ | Andrew Dolgov | |
to override built-in sorting | |||
2020-08-29 | properly return counters for labels with zero assigned articles | Andrew Dolgov | |
refs https://community.tt-rss.org/t/label-counter-doesnt-update-when-count-goes-down-to-zero/3766 | |||
2020-08-14 | Silence php 7.2 error message generated in `session_set_cookie_params`. | Rodney Stromlund | |
2020-08-13 | pluginhost: allow overriding default sort modes via ↵ | Andrew Dolgov | |
HOOK_HEADLINES_CUSTOM_SORT_MAP etc | |||
2020-08-13 | move order_by to SQL override logic into a separate function | Andrew Dolgov | |
2020-08-11 | instead of taking batch timestamp and score (?) into account, make oldest ↵ | Andrew Dolgov | |
first sorting work consistently with newest first - i.e. rely on feed-provided timestamp | |||
2020-08-10 | OPML: export/import per-feed purge interval | Andrew Dolgov | |
2020-08-01 | more int/string type mismatches on getCategories | Paco Esteban | |
2020-07-31 | make sure all ints are casted (to int) on getCategories | Paco Esteban | |
2020-07-01 | Merge branch 'bugfix/invalid-opml' of wn/tt-rss into master | fox | |
2020-07-01 | when exporting OPML via web UI, add user login to the filename | Andrew Dolgov | |
2020-07-01 | prefs: show disabled filters properly on mysql | Andrew Dolgov | |
2020-07-01 | prefs: show root of filter tree as enabled so it's not grayed out | Andrew Dolgov | |
2020-06-27 | Properly check if OPML file was loaded during import. | wn_ | |
2020-06-24 | core: pass found enclosures to HOOK_ARTICLE_FILTER | Andrew Dolgov | |
af_redditimgur: remove enclosures if we found something to embed because it's going to be a low-res thumbnail | |||
2020-06-15 | better support for image srcset attributes as discussed in ↵ | Andrew Dolgov | |
https://community.tt-rss.org/t/problem-with-img-srcset/3519 | |||
2020-06-05 | eslint-related fixes; move a few things from global context to App | Andrew Dolgov | |
2020-05-22 | when removing favicon, reset its auto-refresh timer | Andrew Dolgov | |
2020-05-17 | calculate_article_hash: don't die() on previous, woops | Andrew Dolgov | |
2020-05-17 | calculate_article_hash: ignore some useless or read-only fields (i.e. GUID) ↵ | Andrew Dolgov | |
when calculating hash | |||
2020-05-17 | * store UID in article hashed GUID separately so it could be migrated ↵ | Andrew Dolgov | |
cleanly to a different instance * store resulting GUID as a JSON object so it could be extended easier if needed | |||
2020-05-13 | add --opml-export to update.php | Andrew Dolgov | |
2020-05-12 | DiskCache: append fake file extension when sending cached files based on ↵ | Andrew Dolgov | |
mime type to make saving files easier | |||
2020-04-29 | DiskCache: properly deal with srcset attributes | Andrew Dolgov | |
2020-04-29 | remove unneeded var_dump() | Andrew Dolgov | |
2020-04-29 | * add HOOK_ENCLOSURE_IMPORTED | Andrew Dolgov | |
* pass feed id to HOOK_FEED_PARSED | |||
2020-04-04 | search: add support for label:XXX search keyword | Andrew Dolgov | |
Labels: enforce case-insensitive lookups when creating/looking for labels | |||
2020-03-13 | allow overriding built-in templates via templates.local | Andrew Dolgov | |
2020-03-12 | add support for video[@src] in media cache | lllusion3418 | |
it's a valid alternative to a source[@src] child element: https://developer.mozilla.org/en-US/docs/Web/HTML/Element/video | |||
2020-03-12 | actually download <video> posters to media cache | lllusion3418 | |
video[@poster] is already supported in the rewriting logic but never actually downloaded | |||
2020-03-12 | fix url rewriting for videos with poster and src | lllusion3418 | |
if a poster attribute was present only that would have been rewritten and the (arguably more important) src attribute would be left as-is | |||
2020-03-10 | PluginHost/save_data: use separate PDO connection to prevent issues with ↵ | Andrew Dolgov | |
nested transactions | |||
2020-02-28 | batchSubscribe: use validationtextarea | Andrew Dolgov | |
2020-02-28 | add validationtextarea control, use it for filter match editor | Andrew Dolgov | |
2020-02-28 | filter test dialog: pass contents via xhr POST | Andrew Dolgov | |
2020-02-27 | external subscribe dialog: support dark theme | Andrew Dolgov | |
2020-02-27 | share anything dialog: support dark theme | Andrew Dolgov | |
2020-02-22 | don't generate default.css, replace with themes/light.css as a default root ↵ | Andrew Dolgov | |
CSS file | |||
2020-02-20 | properly calculate marked counters for feeds in nested categories | Andrew Dolgov | |
2020-02-20 | 1. feedtree: show counters for marked articles if view-mode == marked | Andrew Dolgov | |
2. hide/show relevant counter nodes using css 3. cleanup some counter-related code 4. compile default css into light theme to prevent cache-related issues | |||
2020-02-18 | prefs layout fixes: | Andrew Dolgov | |
1. prevent layout breakage when using an authenticator which doesn't allow changing passwords 2. show explanatory messages when OTP or password changing is not available 3. allow app (API) passwords when using any auth module | |||
2020-01-27 | getCategoryCounters: properly handle categories which don't have any stored ↵ | Andrew Dolgov | |
feeds/articles | |||
2020-01-25 | mark primary button in the default password dialog | Andrew Dolgov | |
2020-01-25 | default password warning: fix close button, don't crash if dialog is ↵ | Andrew Dolgov | |
recreated (on feed tree reload etc) | |||
2020-01-25 | getCategoryUnread: return correct unread count for labels category | Andrew Dolgov | |
2020-01-25 | getCategoryChildrenUnread: fix typo | Andrew Dolgov | |