summaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Collapse)Author
2018-10-16fix session write handler always assuming that database entry exists and ↵Andrew Dolgov
failing silently if it doesn't; remove session cookie-related hacks
2018-10-16remove session REMOTE_ADDR checksAndrew Dolgov
2018-10-16login: check for stale session in login handler, instead of authenticate_user()Andrew Dolgov
2018-10-16another attempt to enforce session ID regeneration on loginAndrew Dolgov
2018-10-16properly save auth_module after logging inAndrew Dolgov
2018-10-15it was probably not the best idea to use session_regenerate_id() right after ↵Andrew Dolgov
session_start(), duh
2018-10-15do not use separate _ssl cookie for secure sessionsAndrew Dolgov
2018-10-15force regenerate session id on successful login, remove previous blank SID checkAndrew Dolgov
2018-10-15if empty session is autostarted because of a cookie, immediately destroy itAndrew Dolgov
2018-10-15validate_session: bring back IP session binding (enabled by default) and UA ↵Andrew Dolgov
checking
2018-10-14logout user: commit destroyed sessionAndrew Dolgov
2018-09-071. per-feed option STRIP_IMAGES should now also affect other media tagsAndrew Dolgov
2. video/audio elements were not replaced with text links properly in low bandwidth mode
2018-08-23send_local_file: touch() sent files to reset their expiration cooldownAndrew Dolgov
2018-08-20rewrite_cached_urls: support video postersAndrew Dolgov
2018-08-20Revert "add (hidden) _NGINX_XACCEL_PREFIX which uses nginx X-Accel-Redirect ↵Andrew Dolgov
to serve static files faster" This reverts commit c5c3a0a2a8febaa2b1ebcae6c17ff4398a9da6c7.
2018-08-20split transparent rewriting of locally cached media URLs to execute after ↵Andrew Dolgov
both sanitize() and HOOK_RENDER_ARTICLE to allow plugins work on original source URLs consistently
2018-08-20add (hidden) _NGINX_XACCEL_PREFIX which uses nginx X-Accel-Redirect to serve ↵Andrew Dolgov
static files faster
2018-08-16send_local_file: add application/octet-stream hackAndrew Dolgov
cached_url: return original requested filename to save as
2018-08-13if PHP_VERSION check fails, show current versionAndrew Dolgov
2018-08-13bump version_staticAndrew Dolgov
2018-08-13bump required php version to 5.6Andrew Dolgov
2018-08-13remove FEED_CRYPT_KEY and everything related to itAndrew Dolgov
always assume auth_pass_encrypted is false
2018-07-18autoloader: check if class name is namespaced before trying to split itAndrew Dolgov
2018-06-20remove SWF enclosure audio playerAndrew Dolgov
2018-06-20move JShrink Minifier to vendor/Andrew Dolgov
2018-06-20update autoloader to consider namespaces for third party libraries: placed ↵Andrew Dolgov
and loaded from vendor/namespace/classpath.php update readability to a newer implementation based on Readability.js (https://github.com/andreskrey/readability.php) add vendor/Psr/Log interface required for the above
2018-06-18feedbrowser: fix incorrect usage of LIMIT in prepared statementAndrew Dolgov
2018-06-08Don't bail out if git gc removed refsTobias Bell
2018-05-25fetch_file_contents: allow setting http Accept headerAndrew Dolgov
2018-05-23increase buffersize to 16384 bytesAndrew Dolgov
(also some trailing whitespace got clipped)
2018-05-23increased CURLOPT_BUFFERSIZE from 128 to 256Alexander Yaburov
2018-05-20implement hard limits on downloaded data size for general fetching and cache ↵Andrew Dolgov
plugins: MAX_DOWNLOAD_FILE_SIZE & MAX_CACHE_FILE_SIZE
2018-04-14change filter rule regexp type to textfoobar
2018-02-27Allow abbr tag when sanitizing.JustAMacUser
2018-02-25fix previous wrt if-modified-since being added to context options headersAndrew Dolgov
2018-02-25Обновить 'include/functions.php'Metallizzer
The "Connection: close" header is added to the context_options
2018-02-12Merge branch 'master' of git.fakecake.org:tt-rssAndrew Dolgov
2018-02-11sanitize: disallow width and height attributes for imagesAndrew Dolgov
2018-02-11Merge branch 'save-effective-url' of JustAMacUser/tt-rss into masterfox
2018-02-11Have fetch_file_contents() save the effective URL.JustAMacUser
2018-02-11tag_is_valid: simplify codeAndrew Dolgov
2018-01-30include: convert some spaces to tabsAndrew Dolgov
2018-01-18undocumenting the proxy settings [see #36]martin scharm
in response to https://git.tt-rss.org/git/tt-rss/pulls/36#issuecomment-119
2018-01-17some proxies require `request_fulluri` set to true [see #36]martin scharm
at least polipo won't work for plain HTTP URLs (HTTPS strangely also works without `request_fulluri`..?) see https://git.tt-rss.org/git/tt-rss/pulls/36
2018-01-14Add proper support for proxiesmartin scharm
There are situations where you want tt-rss to use a proxy (e.g. because of network restrictions, or privacy concerns). tt-rss already comes with an undocumented `_CURL_HTTP_PROXY` variable (see eg https://binfalse.de/2015/05/06/ttrss-with-proxy/), however that won't have an effect when, for example, php-curl is not installed, see https://git.tt-rss.org/git/tt-rss/src/c30f5e18119d1935e8fe6d422053b127e8f4f1b3/include/functions.php#L377 In this case it would use the `file_get_contents` with a stream context without a proxy definition: https://git.tt-rss.org/git/tt-rss/src/c30f5e18119d1935e8fe6d422053b127e8f4f1b3/include/functions.php#L487 Here I propose to properly support proxies, and I introduced a `PROXY` variable, that is respected in both scenarios, with and without curl installed.
2017-12-30search_to_sql: quote fallback search languageAndrew Dolgov
2017-12-30Add missing quotes to array_map.JustAMacUser
2017-12-17force-cast some variables used in queries to integerAndrew Dolgov
do not display SQL query in headlines debug mode
2017-12-13sanitize: disable referrer via referrerpolicy for img elementsAndrew Dolgov
2017-12-10merge login form css into default.cssAndrew Dolgov
update more hardcoded colors to use @color-accent update @color-accent
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-02 20:32:15 +0000