PrivateCoffee/alltube
4
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
1574 commits 1 branch 0 tags 4.5 MiB
Commit graph

1574 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pierre Rudloff
4e09393fd9 Update robo to 3.0 
To fix a PHP 8 compatibility notice
 2022-10-16 15:42:19 +02:00
Pierre Rudloff
5d5a6624b8 Merge tag '3.1.0' into develop 
Removed every reference to alltubedownload.net (#422)
Updated youtube-dl to 2021.12.17
Updated alltube-library to 0.1.3
Updated Smarty to 4.0
PHP 8 compatibility
Various refactoring and typying improvement
 2022-10-16 15:36:55 +02:00
Pierre Rudloff
36a91c8d4d Merge branch 'release/3.1.0' 2022-10-16 15:36:37 +02:00
Pierre Rudloff
1031ad152d Remove every reference to alltubedownload.net (#422) 2022-10-16 15:22:47 +02:00
Pierre Rudloff
87e30f2e87 Merge branch 'master' into develop 2022-10-16 15:16:38 +02:00
dependabot[bot]
3b6b1f0387
Bump smarty/smarty from 3.1.45 to 3.1.47 (#425) 
Bumps smarty/smarty from 3.1.45 to 3.1.47.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-09-25 15:09:49 +02:00
Pierre Rudloff
b95fed4935 Update phpstan 
To fix compatibility with PHP 8.1
 2022-06-28 23:08:03 +02:00
Pierre Rudloff
b5f757b562 Merge branch 'master' into develop 2022-06-28 23:07:07 +02:00
Pierre Rudloff
ffeda5ea90 Declare allowed composer plugins 2022-06-28 23:05:34 +02:00
Pierre Rudloff
e9efc6ef71 Update symfony/string 
To avoid redeclaring functions that already exist: af4b27f47b
 2022-06-28 23:04:03 +02:00
dependabot[bot]
550371db7c
Bump guzzlehttp/guzzle from 6.5.7 to 6.5.8 (#418) 
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.7...6.5.8)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-28 22:52:44 +02:00
dependabot[bot]
4e826e554d
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 (#415) 
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.6 to 6.5.7.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.7/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.6...6.5.7)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-06-14 22:05:02 +02:00
Pierre Rudloff
1055ce0c4b Merge branch 'master' into develop 2022-06-08 00:10:34 +02:00
Pierre Rudloff
57dd9a7dd3 Convert issue template to form 2022-06-08 00:08:01 +02:00
Pierre Rudloff
e53393d670 Force port for canonical URL (#410) 2022-06-01 21:57:46 +02:00
Pierre Rudloff
f6ae6eded3 Merge branch 'master' into develop 2022-05-28 23:52:51 +02:00
dependabot[bot]
e7fd4c6bc4
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 (#412) 
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6)

---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-28 23:50:56 +02:00
dependabot[bot]
b894cdd6ce
Bump smarty/smarty from 3.1.43 to 3.1.45 (#413) 
Bumps smarty/smarty from 3.1.43 to 3.1.45.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-05-28 23:50:20 +02:00
Pierre Rudloff
e81b8c75a8 Add void return types 2022-05-28 23:44:34 +02:00
Pierre Rudloff
e3187a7258 Merge branch 'master' into develop 2022-04-07 22:15:36 +02:00
Liu Wenyuan
1d1e804b71
Update (redo) zh_CN translation (#369) 2022-04-07 22:14:08 +02:00
dependabot[bot]
6731fcdf96
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (#406) 
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5)

---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-03-30 09:11:45 +02:00
Pierre Rudloff
10b7658240 Merge tag '3.0.3' into develop 
Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack
 2022-03-08 09:36:00 +01:00
Pierre Rudloff
3d09289104 Merge branch 'hotfix/3.0.3' 2022-03-08 09:33:44 +01:00
Pierre Rudloff
8913f27716 Disable the generic extractor entirely 
It can be used for SSRF attacks even when redirects are disabled
 2022-03-08 09:29:57 +01:00
Pierre Rudloff
113b3d5e50 Some videos have no format 2022-03-06 22:55:33 +01:00
Pierre Rudloff
edaf6f82c0 fixup! LinkHeaderMiddleware should use the same URL as ViewFactory This way the X-Forwarded-Path header is used to generate the Link header 2022-02-27 23:47:19 +01:00
Pierre Rudloff
f814ebc492 Missing exception in @throws tag 2022-02-27 23:45:59 +01:00
Pierre Rudloff
dad8b6d704 Use HTTPS URLs in tests 2022-02-27 23:44:36 +01:00
Pierre Rudloff
363bf9b08c fixup! Prevent SSRF requests By validating the provided URL before passing it to youtube-dl 2022-02-27 23:36:51 +01:00
Pierre Rudloff
732baccd63 Make the watch route generate a full YouTube URL (fixes #402) 2022-02-27 23:32:08 +01:00
Pierre Rudloff
7f28275fb0 Merge tag '3.0.2' into develop 
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
 2022-02-27 12:34:23 +01:00
Pierre Rudloff
148a171b24 Merge branch 'hotfix/3.0.2' 2022-02-27 12:32:36 +01:00
Pierre Rudloff
1b099bb983 Patch youtube-dl to disable redirects 
In order to prevent SSRF attacks using redirects
 2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0 Prevent SSRF requests 
By validating the provided URL before passing it to youtube-dl
 2022-02-27 11:00:33 +01:00
Pierre Rudloff
bf4a761d3a Make UglyRouter compatible with routes with parameters (#399) 2022-02-23 21:30:58 +01:00
Pierre Rudloff
6ad0486468 Use Python 3.8.12 on Heroku 2022-02-22 23:10:54 +01:00
Pierre Rudloff
e246ab03e9 Partial PHP 8 compatibility 
But we still need to update rinvex/countries
 2022-02-22 22:58:57 +01:00
Pierre Rudloff
e567f9c9fa Update annotated-command 
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
 2022-02-20 14:19:41 +01:00
Pierre Rudloff
64ac180a53 Merge branch 'master' into develop 2022-02-20 14:07:21 +01:00
Pierre Rudloff
2afbfb4bf2 fixup! Don't redirect to REQUEST_URI when browsing to index.php Instead, we can make sure everything works correctly on index.php 2022-02-20 14:06:59 +01:00
Pierre Rudloff
9410d4b49b LinkHeaderMiddleware should use the same URL as ViewFactory 
This way the X-Forwarded-Path header is used to generate the Link header
 2022-02-20 13:55:44 +01:00
Pierre Rudloff
bfaea0e381 Merge tag '3.0.1' into develop 
Fixed an open redirect vulnerability that could be used to construct an URL redirecting to an arbitraty domain
 2022-02-20 13:34:53 +01:00
Pierre Rudloff
3ab22c654a Merge branch 'hotfix/3.0.1' 2022-02-20 13:31:40 +01:00
Pierre Rudloff
bc14b6e45c Don't redirect to REQUEST_URI when browsing to index.php 
Instead, we can make sure everything works correctly on index.php
 2022-02-20 13:28:57 +01:00
Pierre Rudloff
acbd2008ca Merge branch 'master' into develop 2022-02-19 20:48:02 +01:00
Pierre Rudloff
cf82f1cc8f
Add security policy 2022-02-19 20:47:53 +01:00
Pierre Rudloff
5677ce719a Update youtube-dl to 2021.12.17 (#395) 2022-02-17 22:13:56 +01:00
Pierre Rudloff
655490eeb3 Use HTTPS URLs in composer.json 2022-02-17 22:00:08 +01:00
Pierre Rudloff
18847e4d75 More robust way to detect CI in tests 2022-02-07 22:30:47 +01:00