public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 10:05:56 +00:00
Code Issues Releases Wiki Activity
Files
c3d14e1fa54c7dade7b1b7955575e2991396d7ef
tt-rss/classes
History
Andrew Dolgov c3d14e1fa5 - fix multiple vulnerabilities in af_proxy_http 
- fix vulnerability in rewrite_relative_url() which prevented some URLs from being properly absolutized
- fetch_file_contents: validate all URLs before requesting them
- validate URLs: explicitly whitelist http and https scheme, forbid everything else
- DiskCache/cached_url: only serve whitelisted content types (images, video)
- simplify filename/URL handling code, remove and consolidate some less-used functions
2020-09-14 19:46:52 +03:00
..
auth
add placeholder authentication via app passwords if service is passed
2019-11-01 13:03:06 +03:00
db
db_prefs: return null if requested key is unset
2019-04-10 13:39:55 +03:00
feeditem
tag-related fixes
2019-11-20 18:56:34 +03:00
handler
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
logger
SQL logger: log some parameters
2019-08-20 08:09:05 +03:00
pref
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
api.php
move order_by to SQL override logic into a separate function
2020-08-13 11:52:32 +03:00
article.php
eslint-related fixes; move a few things from global context to App
2020-06-05 07:44:57 +03:00
backend.php
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
counters.php
properly return counters for labels with zero assigned articles
2020-08-29 08:41:52 +03:00
db.php
Logger_SQL: use separate PDO connection
2018-09-10 21:49:31 +03:00
dbupdater.php
further update CLI schema updater layout to make it more readable
2019-03-07 06:54:05 +03:00
debug.php
CLI tools: fix --quiet not working if --log is unset
2018-12-01 10:05:26 +03:00
digest.php
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00
diskcache.php
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
dlg.php
mark primary button in the default password dialog
2020-01-25 13:08:29 +03:00
feedenclosure.php
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
feeditem.php
Store language of entries as indicated by the feed.
2018-08-12 15:27:26 +01:00
feedparser.php
parser: force libxml error messages to valid utf8
2019-05-12 10:13:22 +03:00
feeds.php
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
handler.php
pluginhost: do not connect via legacy DB api until requested
2017-12-03 14:49:18 +03:00
iauthmodule.php
add placeholder authentication via app passwords if service is passed
2019-11-01 13:03:06 +03:00
idb.php
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
ihandler.php
remove some redundant php closing tags
2017-04-26 20:24:18 +03:00
labels.php
search: add support for label:XXX search keyword
2020-04-04 14:34:08 +03:00
logger.php
Logger->log() allow passing context (defaults to '')
2018-09-10 21:32:10 +03:00
mailer.php
Fix to_address being logged twice
2019-03-09 20:09:16 +01:00
opml.php
OPML: export/import per-feed purge interval
2020-08-10 11:57:39 +03:00
plugin.php
pluginhost: remove plugin gettext helpers (moved to plugin base class)
2019-03-05 10:26:23 +03:00
pluginhandler.php
af_readability: add missing file
2019-08-16 15:29:24 +03:00
pluginhost.php
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
rpc.php
- fix multiple vulnerabilities in af_proxy_http
2020-09-14 19:46:52 +03:00
rssutils.php
core: pass found enclosures to HOOK_ARTICLE_FILTER
2020-06-24 22:54:14 +03:00
templator.php
allow overriding built-in templates via templates.local
2020-03-13 14:40:35 +03:00