Skip to content
Snippets Groups Projects
Select Git revision
  • add-docker
  • mickge-tedomum-prod-patch-74398
  • tedomum-prod default protected
  • update_19.2
4 results
You can move around the graph by using the arrow keys.
Created with Raphaël 2.2.016Sep15141129Aug14131110131Jul1913932127Jun24155432131May302523221917161513129329Apr2322211918177428Mar2625131210832128Feb2725222120181613527Jan2524231918171413985422Dec212019181715141312111098654327Nov2523222018171413127653130Oct259876430Sep23221817131130Aug292827262321201615141398762131Jul302720171512520Jun18171510631May30252322201918161276130Apr29262217141312111098129Mar2826222119171615141312111098765432128Feb2625242322212019build_url: also put query parameters and fragment in resulting URLsubscribe: allow pre-filling feed URL if passed via query stringcached_url: block SVG images because of potential javascript insidepass CSRF token to opml import and feed icon replace dialogsfix default password nag dialog, load via xhreditFeed: only try to reload feed tree in preferences if its actually therecomments link: load in new tabeditarticletags: load dialog via XHRhandler: default base csrf_ignore() to falsebackend handler: require CSRF, remove obsolete codepublic/logout: require valid CSRF tokenFeeds: load quickaddfeed and search dialogs via XHR w/ CSRF protection- backend: require CSRF token to be passed via POSTdon't pass csrf token as a GET parameter to Articlerequire CSRF token for Article/redirect- enable CSRF support earlieraf_proxy_http: require separate token to access imgproxyrewrite_relative_url: validate resulting absolutized URLsvalidate_url: only allow safe ports (80, 443), disallow access to loopbackvalidate_url: add clean()rename base64_img() to image_to_base64()af_proxy_http: never print received data directly, always redirect to cached_urlcached_url: perform mimetype validation before possible HOOK_SEND_LOCAL_FILE hooksaf_redditimgur: don't add embedded blank gif image for rewritten videosuser preferences: forbid < and > characters when changing passwords (were silently stripped on save because of clean())public/subscribe: require valid CSRF token when validating the formremove csrf token from rpc method sanityCheck- fix multiple vulnerabilities in af_proxy_httpMerge branch 'weblate-integration'order_to_override_query: allow HOOK_HEADLINES_CUSTOM_SORT_OVERRIDE plugins to override built-in sortingproperly return counters for labels with zero assigned articlesMerge branch 'master' of rodneys_mission/tt-rss into masterSilence php 7.2 error message generated in `session_set_cookie_params`.pluginhost: allow overriding default sort modes via HOOK_HEADLINES_CUSTOM_SORT_MAP etcmove order_by to SQL override logic into a separate functioninstead of taking batch timestamp and score (?) into account, make oldest first sorting work consistently with newest first - i.e. rely on feed-provided timestampOPML: export/import per-feed purge intervalMerge branch 'master' of e1e0/tt-rss into mastermore int/string type mismatches on getCategoriesMerge branch 'master' of e1e0/tt-rss into master