summaryrefslogtreecommitdiff
path: root/include
AgeCommit message (Expand)Author
2020-09-17rename gettext.inc to gettext.inc.php (cosmetic)Andrew Dolgov
2020-09-17fetch_file_contents: validate effective URL (after redirects) without CURLAndrew Dolgov
2020-09-17fetch_file_contents: validate effective URL (after redirects) if using CURLAndrew Dolgov
2020-09-17don't try to call hash_equals() on unset user tokenAndrew Dolgov
2020-09-17use hash_equals() correctlyAndrew Dolgov
2020-09-17fix several cases of Db class being invoked as wrong name (as DB)Andrew Dolgov
2020-09-17replace some plain http links with httpsAndrew Dolgov
2020-09-17* use get_random_bytes() for CSRF tokenAndrew Dolgov
2020-09-17fix OTP QR code not displayed because of CSRF token passed as a queryAndrew Dolgov
2020-09-17amend previous to 127/8 subnetAndrew Dolgov
2020-09-17fetch_file_contents: resolve requested hosts and check for possibleAndrew Dolgov
2020-09-16build_url: also put query parameters and fragment in resulting URLAndrew Dolgov
2020-09-16cached_url: block SVG images because of potential javascript insideAndrew Dolgov
2020-09-15don't pass csrf token as a GET parameter to ArticleAndrew Dolgov
2020-09-15rewrite_relative_url: validate resulting absolutized URLsAndrew Dolgov
2020-09-15validate_url: only allow safe ports (80, 443), disallow access to loopbackAndrew Dolgov
2020-09-15validate_url: add clean()Andrew Dolgov
2020-09-15rename base64_img() to image_to_base64()Andrew Dolgov
2020-09-15cached_url: perform mimetype validation before possible HOOK_SEND_LOCAL_FILE ...Andrew Dolgov
2020-09-14remove csrf token from rpc method sanityCheckAndrew Dolgov
2020-09-14- fix multiple vulnerabilities in af_proxy_httpAndrew Dolgov
2020-07-13Update wiki and forums links in error message.Rodney Stromlund
2020-06-15better support for image srcset attributes as discussed in https://community....Andrew Dolgov
2020-05-23only bind up/down in 3 panel modeAndrew Dolgov
2020-05-23Revert "unbind up/down by default (use native scrolling for consistency with ...Andrew Dolgov
2020-05-23unbind up/down by default (use native scrolling for consistency with pgup/pgdn)Andrew Dolgov
2020-05-17implement keyboard-related changes discussed in https://community.tt-rss.org/...Andrew Dolgov
2020-05-15Make iframes size responsively.JustAMacUser
2020-05-09sanitize: forbid "allow" attributeAndrew Dolgov
2020-05-09add hotkey "\" to cancel current searchAndrew Dolgov
2020-04-29sanitize: simplify initial attribute processingAndrew Dolgov
2020-04-29sanitize: remove srcset plain-http hack, globally disallow width and height a...Andrew Dolgov
2020-04-29sanitize: handle picture[@srcset] elements properly, i.e. rewrite relative URLsAndrew Dolgov
2020-03-25Fix documentation for _noexpand commandsMartin Stone
2020-03-02In get_version() disable DIRECTORY_SEPARATOR check, permit using git on Windo...Toby Simmons
2020-02-28af_readability: allow get full text button to work as a toggle; in cdm, scrol...Andrew Dolgov
2020-02-27update toggle_embed_original hotkey to invoke readability embed instead of re...Andrew Dolgov
2020-02-22don't generate default.css, replace with themes/light.css as a default root C...Andrew Dolgov
2020-02-13add support for image loading=lazy attributeAndrew Dolgov
2020-01-25login form: add workarounds for chrome password managerAndrew Dolgov
2020-01-24scrap counter cache system; rework counters to sum() booleans insteadAndrew Dolgov
2020-01-23support dark mode for login formAndrew Dolgov
2020-01-17disable MAX_FETCH_REQUESTS_PER_HOST warnings for the time beingAndrew Dolgov
2020-01-14get_version: don't rely on exec() exit code to determine whether output is validAndrew Dolgov
2019-12-20get_version: fix commit/timestamp lost on subsequent invocations because of m...Andrew Dolgov
2019-12-19force-disable php display_errors/display_startup_errors on startupAndrew Dolgov
2019-12-19get_version: filter out DarwinAndrew Dolgov
2019-12-18get_version: always return unsupported on windowsAndrew Dolgov
2019-12-18SELF_USER_AGENT: switch to get_version()Andrew Dolgov
2019-12-18get_version: don't pass useless root dir to git, instead log it in case of fa...Andrew Dolgov