Andrew Dolgov
7b55001eee
fix various issues reported by static analysis
...
update gitlab-ci config
2017-04-26 15:29:22 +03:00
Andrew Dolgov
9594ea6875
add cosmetic suffixes back for cached url links
2017-03-23 18:26:43 +03:00
Andrew Dolgov
dc2c4b13d4
when choosing enclosures to embed or rewrite (af_zz_imgproxy) only use content type instead of "filename"-based hacks
2017-03-23 15:22:00 +03:00
Andrew Dolgov
388d4dfa88
enable caching of media in article enclosures
2017-03-23 15:19:25 +03:00
Andrew Dolgov
48eefd8c5c
allow caching of audio files
2017-03-23 15:03:22 +03:00
Andrew Dolgov
41bead9baa
remove local file extensions and generalize some method names for cached media
...
file extensions may still be present in urls, but are ignored by the backend
MIGRATION (if you have any cached data worth keeping, not required):
in cache/images run "rename 's/\..*$//' *" i.e. strip file extensions
2017-03-23 14:55:40 +03:00
Andrew Dolgov
8519c68d93
rewrite relative urls for html5 audio source elements
2017-03-06 09:20:58 +03:00
Andrew Dolgov
1bfe1d7b31
simplify error handling
...
* less convoluted exception dialogs
* use window.onerror for the majority of exception catching/reporting
* remove most of now useless try/catch blocks
* report stacktrace instead of manually specified error locations
2017-03-04 14:34:44 +03:00
Andrew Dolgov
4a23031fcd
rewrite_relative_url: cleanup resulting url path while rewriting
2017-02-13 15:25:21 +03:00
Andrew Dolgov
454292b295
format_article_enclosures: allow embedding .jpeg files
2017-02-12 20:24:29 +03:00
Andrew Dolgov
676c7303ca
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy (2)
2017-02-12 17:02:07 +03:00
Andrew Dolgov
58210301e0
add HOOK_ENCLOSURE_ENTRY for af_zz_imgproxy
2017-02-12 16:01:28 +03:00
Jérémy DECOOL
ba2853caac
Prevent target='_blank' vulnerability on dynamic link
2017-02-12 11:01:36 +01:00
Andrew Dolgov
fafd32e2dc
use get_self_url_prefix() when rewriting cached images
2017-02-10 15:14:47 +03:00
Andrew Dolgov
7818bfde0b
sanitize: properly handle cached content in archived articles
2017-02-10 12:11:09 +03:00
Andrew Dolgov
70c0a8c2e0
pass several image files used in notify messages to frontend as base64 to prevent broken error messages in case network connection is down. also, update some close buttons to show correct cursor.
2017-02-09 23:19:26 +03:00
Andrew Dolgov
829d478f1b
add some protection against opener attacks if external site is opened via window.open()
2017-02-08 15:07:05 +03:00
Andrew Dolgov
5edd605ae1
image cache: do not try to cache data: schema urls; add caching of html5 video content (similar to cache_starred_images plugin)
2017-02-04 11:50:01 +03:00
Andrew Dolgov
0442cbb6c1
image cache: send files as content-disposition: attachment; add .png suffix to image urls
2017-02-04 11:32:24 +03:00
Andrew Dolgov
181c8285dd
add compact theme with smaller font
2017-01-26 22:41:18 +03:00
Andrew Dolgov
e432b8fbe2
implement cache-busting for default theme.css
...
night theme: small fixes
2017-01-25 12:17:41 +03:00
Andrew Dolgov
553ec3c351
pass article guid to hook_render_article
2017-01-25 08:50:42 +03:00
Shane Synan
311cdb27f4
sanitize: allow dfn tag
...
Add <dfn> tag to allowed tags list. <dfn> represents the defining
instance of a term in HTML.
2017-01-24 18:39:17 -06:00
Andrew Dolgov
3b001e4330
support rel=noopener for links
2017-01-24 18:45:25 +03:00
Andrew Dolgov
67268b0017
sanitize: allow acronym tag
2017-01-24 11:36:43 +03:00
Andrew Dolgov
967f0619c7
force ngettext() count argument type to string
2017-01-22 10:18:43 +03:00
Andrew Dolgov
c606bd5741
tweak the enclosure dropdown display a little bit for less-readable urls
2017-01-17 14:04:00 +03:00
Bernhard Thaler
62958fe9dc
convert to punycode for feed on idn hostname
2017-01-02 22:50:26 +01:00
Andrew Dolgov
6687cb9927
shared posts: remove link to feed in externally shared articles to prevent leaking potentially private feed urls
2016-09-21 09:39:31 +03:00
Andrew Dolgov
1a322ff3df
import_export: better error message if upload failed
2016-08-19 18:14:22 +03:00
JustAMacUser
d8b0f06705
Remove href attribute if it executes JavaScript.
2016-08-06 14:07:30 -04:00
Andrew Dolgov
64c24ecb59
add hotkey for toggling VFEED_GROUP_BY_FEED preference
2016-07-26 15:55:00 +03:00
Andrew Dolgov
42f78188d0
sanitize: force strip unnecessary data outside of <body>...</body> tags generated by DOMDocument::saveHTML()
2016-04-29 21:59:34 +03:00
Andrew Dolgov
465fb16d33
remove fetch_file_contents2, use a compat shim instead
2016-03-30 13:46:32 +03:00
Andrew Dolgov
633fb7ffe2
amend previous
2016-03-30 13:34:26 +03:00
Andrew Dolgov
79c891a8b7
set smallish timeout on update check, exclude update checking on initial load
2016-03-30 13:32:49 +03:00
Andrew Dolgov
7c0d68f207
remove dismiss* functions
2016-03-22 10:28:34 +03:00
Andrew Dolgov
94d425fe4a
rewrite_relative_url: only skip urls like magnet: instead of everything with :
2016-02-20 12:06:47 +03:00
Andrew Dolgov
7bbe94bc93
Revert "rewrite_relative_url: do not skip urls containing :"
...
This reverts commit a547fef6ab
.
2016-02-20 12:02:34 +03:00
Andrew Dolgov
a547fef6ab
rewrite_relative_url: do not skip urls containing :
2016-02-20 11:57:37 +03:00
JustAMacUser
a01bfd78c2
Remove srcset and sizes attributes from img tag if locally caching images.
2016-02-19 01:35:11 -05:00
Andrew Dolgov
50bda3fefb
sanitize: allow <xml:namespace> (thanks, livejournal)
2016-02-05 11:31:13 +03:00
Andrew Dolgov
71b75bb7fa
fix multiple issues with archived feeds
2016-01-26 19:03:05 +03:00
Andrew Dolgov
3b44aae0f3
sanitize: allow <description>
2016-01-23 02:17:00 +03:00
Andrew Dolgov
c352248651
get_article_tags: while getting tags from cache check if article entry actually exists
2016-01-14 12:12:35 +03:00
Andrew Dolgov
85d067e837
tag_is_valid: check numeric tags properly
2015-12-30 15:15:18 +03:00
Andrew Dolgov
a536f94c8d
sanitize: clear out @srcset/@sizes on images leading to http sites when running over https
2015-12-17 09:59:53 +03:00
Andrew Dolgov
19e47ad60b
queryFeedHeadlines: don't check first_id when sorting by oldest first
2015-11-21 22:20:00 +03:00
Andrew Dolgov
4c46702672
drop support for (obsolete, removed from recent php versions) php safe_mode setting
...
remove ugly hacks for curl + open_basedir combination breaking support for http redirects
2015-11-19 20:05:17 +03:00
Andrew Dolgov
389ae94a40
iframe_whitelisted: allow player.vimeo.com
2015-10-26 20:50:44 +03:00