index
:
tt-rss.git
claro-throwback
dockerignore-test
dojo-module-define-test
exp-flavor-icon-cache
exp-flex-feedtree
exp-headline-flavor-images
exp-separate-handlers
jaeger-tracing
js-objects
js-strict-mode
json-viewfeed
jsonfeed-test-branch
lint-workflow
master
pdo-experimental
protected/dockerignore-test
protected/html2text
protected/kaniko
protected/opentelemetry
protected/phpunit-integration
protected/psr-4
protected/sanitizer-test
sanitizer-test
single-app-object
test
testing-php8.1
unify-method-naming
weblate-integration
wip-config-object
wip-hook-callbacks
wip-new-prefs
wip-no-prototype
wip-php8
wip-phpstan-level6
Web-based news feed aggregator
Linux User
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
include
Age
Commit message (
Expand
)
Author
2020-09-17
validate_url: relax requirements for URLs, limit additional port/loopback fil...
Andrew Dolgov
2020-09-17
replace FALSE with false so that static analyzer shuts up about it
Andrew Dolgov
2020-09-17
rename gettext.inc to gettext.inc.php (cosmetic)
Andrew Dolgov
2020-09-17
fetch_file_contents: validate effective URL (after redirects) without CURL
Andrew Dolgov
2020-09-17
fetch_file_contents: validate effective URL (after redirects) if using CURL
Andrew Dolgov
2020-09-17
don't try to call hash_equals() on unset user token
Andrew Dolgov
2020-09-17
use hash_equals() correctly
Andrew Dolgov
2020-09-17
fix several cases of Db class being invoked as wrong name (as DB)
Andrew Dolgov
2020-09-17
replace some plain http links with https
Andrew Dolgov
2020-09-17
* use get_random_bytes() for CSRF token
Andrew Dolgov
2020-09-17
fix OTP QR code not displayed because of CSRF token passed as a query
Andrew Dolgov
2020-09-17
amend previous to 127/8 subnet
Andrew Dolgov
2020-09-17
fetch_file_contents: resolve requested hosts and check for possible
Andrew Dolgov
2020-09-16
build_url: also put query parameters and fragment in resulting URL
Andrew Dolgov
2020-09-16
cached_url: block SVG images because of potential javascript inside
Andrew Dolgov
2020-09-15
don't pass csrf token as a GET parameter to Article
Andrew Dolgov
2020-09-15
rewrite_relative_url: validate resulting absolutized URLs
Andrew Dolgov
2020-09-15
validate_url: only allow safe ports (80, 443), disallow access to loopback
Andrew Dolgov
2020-09-15
validate_url: add clean()
Andrew Dolgov
2020-09-15
rename base64_img() to image_to_base64()
Andrew Dolgov
2020-09-15
cached_url: perform mimetype validation before possible HOOK_SEND_LOCAL_FILE ...
Andrew Dolgov
2020-09-14
remove csrf token from rpc method sanityCheck
Andrew Dolgov
2020-09-14
- fix multiple vulnerabilities in af_proxy_http
Andrew Dolgov
2020-07-13
Update wiki and forums links in error message.
Rodney Stromlund
2020-06-15
better support for image srcset attributes as discussed in https://community....
Andrew Dolgov
2020-05-23
only bind up/down in 3 panel mode
Andrew Dolgov
2020-05-23
Revert "unbind up/down by default (use native scrolling for consistency with ...
Andrew Dolgov
2020-05-23
unbind up/down by default (use native scrolling for consistency with pgup/pgdn)
Andrew Dolgov
2020-05-17
implement keyboard-related changes discussed in https://community.tt-rss.org/...
Andrew Dolgov
2020-05-15
Make iframes size responsively.
JustAMacUser
2020-05-09
sanitize: forbid "allow" attribute
Andrew Dolgov
2020-05-09
add hotkey "\" to cancel current search
Andrew Dolgov
2020-04-29
sanitize: simplify initial attribute processing
Andrew Dolgov
2020-04-29
sanitize: remove srcset plain-http hack, globally disallow width and height a...
Andrew Dolgov
2020-04-29
sanitize: handle picture[@srcset] elements properly, i.e. rewrite relative URLs
Andrew Dolgov
2020-03-25
Fix documentation for _noexpand commands
Martin Stone
2020-03-02
In get_version() disable DIRECTORY_SEPARATOR check, permit using git on Windo...
Toby Simmons
2020-02-28
af_readability: allow get full text button to work as a toggle; in cdm, scrol...
Andrew Dolgov
2020-02-27
update toggle_embed_original hotkey to invoke readability embed instead of re...
Andrew Dolgov
2020-02-22
don't generate default.css, replace with themes/light.css as a default root C...
Andrew Dolgov
2020-02-13
add support for image loading=lazy attribute
Andrew Dolgov
2020-01-25
login form: add workarounds for chrome password manager
Andrew Dolgov
2020-01-24
scrap counter cache system; rework counters to sum() booleans instead
Andrew Dolgov
2020-01-23
support dark mode for login form
Andrew Dolgov
2020-01-17
disable MAX_FETCH_REQUESTS_PER_HOST warnings for the time being
Andrew Dolgov
2020-01-14
get_version: don't rely on exec() exit code to determine whether output is valid
Andrew Dolgov
2019-12-20
get_version: fix commit/timestamp lost on subsequent invocations because of m...
Andrew Dolgov
2019-12-19
force-disable php display_errors/display_startup_errors on startup
Andrew Dolgov
2019-12-19
get_version: filter out Darwin
Andrew Dolgov
2019-12-18
get_version: always return unsupported on windows
Andrew Dolgov
[prev]
[next]