| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2021-03-01 | hide version for bundled plugins because it's meaningless; for everything ↵ | Andrew Dolgov | |
| else support showing version using git (if about[0] is null) | |||
| 2021-02-28 | move all $fetch globals to UrlHelper | Andrew Dolgov | |
| 2021-02-22 | migrate the rest into Config:: | Andrew Dolgov | |
| 2021-02-19 | * switch to xhr.post() almost everywhere | Andrew Dolgov | |
| * call App.handlerpcjson() automatically on json request (if possible) * show net/log indicators in prefs | |||
| 2021-02-18 | af_proxy_http: markup cleanup | Andrew Dolgov | |
| 2021-02-17 | * add (disabled) shortcut syntax for plugin methods | Andrew Dolgov | |
| * add controls shortcut for pluginhandler tags * add similar shortcut for frontend * allow plugins to selectively exclude their methods from CSRF checking | |||
| 2021-02-17 | af_proxy_http: don't try to proxy back to ourselves | Andrew Dolgov | |
| 2021-02-16 | replace a few more controls to new style | Andrew Dolgov | |
| 2021-02-16 | replace print_hidden with hidden_tag | Andrew Dolgov | |
| 2021-02-15 | diskcache: unify naming | Andrew Dolgov | |
| 2021-02-08 | remove PHPMD.UnusedFormalParameter | Andrew Dolgov | |
| 2021-02-05 | initial WIP for php8; bump php version requirement to 7.0 | Andrew Dolgov | |
| 2020-10-11 | Ensure proxy_all setting is saved in database. | JustAMacUser | |
| 2020-09-22 | remove a lot of stuff from global context (functions.php), add a few helper ↵ | Andrew Dolgov | |
| classes instead | |||
| 2020-09-17 | * use get_random_bytes() for CSRF token | Andrew Dolgov | |
| * get_random_bytes: use PHP7 random_bytes() if it is available * validate CSRF token using hash_equals | |||
| 2020-09-15 | af_proxy_http: require separate token to access imgproxy | Andrew Dolgov | |
| 2020-09-15 | af_proxy_http: never print received data directly, always redirect to cached_url | Andrew Dolgov | |
| cache/getUrl: basename() passed filename just in case | |||
| 2020-09-14 | - fix multiple vulnerabilities in af_proxy_http | Andrew Dolgov | |
| - fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized - fetch_file_contents: validate all URLs before requesting them - validate URLs: explicitly whitelist http and https scheme, forbid everything else - DiskCache/cached_url: only serve whitelisted content types (images, video) - simplify filename/URL handling code, remove and consolidate some less-used functions | |||
| 2019-08-15 | pluginhost: add helper methods to get private/public pluginmethod endpoint URLs | Andrew Dolgov | |
| 2019-08-15 | fix several leftover mentions of old (renamed) class name, duh | Andrew Dolgov | |
| 2019-08-15 | af_zz_imgproxy: rename to af_proxy_http, use priority hook loader | Andrew Dolgov | |
 |
index : tt-rss.git | |
| Web-based news feed aggregator | Linux User |
| summaryrefslogtreecommitdiff |