Age | Commit message (Collapse) | Author |
|
|
|
|
|
|
|
|
|
|
|
classes instead
|
|
|
|
|
|
validate_url: treat scheme as case-insensitive
|
|
|
|
|
|
|
|
filtering to fetch_file_contents()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
* get_random_bytes: use PHP7 random_bytes() if it is available
* validate CSRF token using hash_equals
|
|
parameter
use type-strict comparison when validating CSRF token on the backend
|
|
|
|
loopback address
|
|
rewrite_relative_url: simplify handling of relative URLs
|
|
|
|
|
|
|
|
|
|
|
|
|
|
hooks
|
|
|
|
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
|
|
|
|
https://community.tt-rss.org/t/problem-with-img-srcset/3519
|
|
|
|
pgup/pgdn)"
This reverts commit 6fc18e450b72306693de8723464f4176e73c5a5b.
|
|
|
|
https://community.tt-rss.org/t/changing-the-amount-of-scroll-by-arrow-key/3452/7
|
|
|
|
CSS: remove auto hyphens stuff, remove iframe width clipping to 98% because they get squished
|
|
|
|
|
|
attributes for all elements
|
|
|
|
|
|
Windows to get version details;
|
|
scroll to article after embedding
|