Pierre Rudloff
7bfe55fff6
"git describe" needs to be non-interactive so we can get its output
2023-03-11 14:37:28 +01:00
Pierre Rudloff
9d8bff3c42
Updated robo to 3.0
...
Various dependencies update
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAJ1cjUGHGZz2Xlnuxq9dZ2
wA/r2ineVomdWGZBiq9GYcfUirCaArD49YsXbdQKkcHhrQ+gMUNQP4iOWjuPBG5WAPrORz
LXUXwmk0UHdEPdJ2LymHXQsyYyHaldikt3gfsiD0ny/Uf3V9lL3vnrEUhQAxIYN87RaQun
OL0S5y5wOp3vr8DwMlvAUDfZbzZgJ56nzVWRElVLNuQCQSZta9imqnJpzHQf4KTMut191S
hgQjBA0TWeOAqGVeIMOctLqNY1gL5QUSyg5RYmBHjResH8tnOkfPElE1Ih19MCCQ9Eaubw
g1cS6Ls6LgbTIdvyMud6ep+0iF3ifj0g7w1X6NvQfQp0JcWkU3eXyQfOGjdePZG9Kn+27Q
EeMv47cyCGuMdGbpbFoD/yR82T2n78rPmxbYEnPnJSmuy30Wi8reYeaQUP2z+Krexk5tGQ
a/thYIk1yhN+Ui3nSr78sATwgqateS6VvNw8nY315PUzmf4Bk0kDCnj7Q7z4wenHAhkayU
FwAAAANnaXQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAAABgG9ULjUS0q
UP06d9PYGfxYL3aADqwS5eczhU4B3QsUD5aab3q1qbqUfkRZ7Gvhy3lK4UXJvyy5kGC5Ba
1u+WBlCuX4ki6Vgum0skw612V5cKOdcr5eDDc5jYRPwNd3P/Aa/YoBc1Ev4a1Ozlj9g2MR
2XmDHxaoW6tzjsGYgPhihr1eIDAQm+BxeccDdjs9lsSiHfpcW6Vg7MdBzxZFPBEbpeEp6I
WsvWVntjwBKFXG+cx/nBq+HNwdBHOq5ncE3eLHG7loNb5O3cof9t8Y91z+P6Cnw8r6lulu
RIOgBfv/fIgZTIXq/UZ/bjUmbDrpCfDm2mtSi57X4Iaj5ZBXAu0tGwl46ZhGjDnwxBcBGn
DcaLWUhVL19JEhKwq3APdV++ZEpeU4+G4VbuYvjbLe3kT/S/AMaw/5H1D7CFPQB30AeLbl
l+1QWoc3bW8rY0FqBHpaFl5mgvu3VL23H8O+VhrzueM/CK22aaBt86bvUVHQnqLnQQ82xo
oARjISpOfp0xjw==
-----END SSH SIGNATURE-----
gpgsig -----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAAZcAAAAHc3NoLXJzYQAAAAMBAAEAAAGBAJ1cjUGHGZz2Xlnuxq9dZ2
wA/r2ineVomdWGZBiq9GYcfUirCaArD49YsXbdQKkcHhrQ+gMUNQP4iOWjuPBG5WAPrORz
LXUXwmk0UHdEPdJ2LymHXQsyYyHaldikt3gfsiD0ny/Uf3V9lL3vnrEUhQAxIYN87RaQun
OL0S5y5wOp3vr8DwMlvAUDfZbzZgJ56nzVWRElVLNuQCQSZta9imqnJpzHQf4KTMut191S
hgQjBA0TWeOAqGVeIMOctLqNY1gL5QUSyg5RYmBHjResH8tnOkfPElE1Ih19MCCQ9Eaubw
g1cS6Ls6LgbTIdvyMud6ep+0iF3ifj0g7w1X6NvQfQp0JcWkU3eXyQfOGjdePZG9Kn+27Q
EeMv47cyCGuMdGbpbFoD/yR82T2n78rPmxbYEnPnJSmuy30Wi8reYeaQUP2z+Krexk5tGQ
a/thYIk1yhN+Ui3nSr78sATwgqateS6VvNw8nY315PUzmf4Bk0kDCnj7Q7z4wenHAhkayU
FwAAAANnaXQAAAAAAAAABnNoYTUxMgAAAZQAAAAMcnNhLXNoYTItNTEyAAABgJrUC15ar9
VQj/LfmlMNN7+ec1D17Bk4q7/XH27FgUyRCHXLFS4hm0GhtjIZAaA9jErCt23NcAFan7cI
WQyL6AAqqq/DOshmaYXY7Zj+5vQXbiJjDcGu1IsdGEFAA/DIAr721vxfKrri3aArucWK3T
ymPliFOqhL1qyxKqFxrADJmcqZeL9XzoQ0RHxayyN8XRYf5Px8vrmxkgvcI7wiy2W554qk
3DR7UlcHX/rg1H8B6W+PO7WK0JWdFoRRR/EErmo2VzCfEo/3USxJPPNUrhEv6K02WUVzib
1ac6cjuIsb0xHE2zVQO6hgpIH9L73Ef6pOUcEnlu2zqE1FPgJc5u0q5MDXQyNMGTtcKk8U
/UfNJw55umSMneOTHnhZ3AfmNYAmxWGGfwpbc2Y/rrOdBXWVhJzoPZWRKuOANk65+9NIjC
20KLEeZSvodADv+f+WGrsVDHB2NUKLG5YuuWANH/s07a9Mm7I/XedWgRE7wh/WzfT93XKn
BwDuEKTCMHOZwQ==
-----END SSH SIGNATURE-----
Merge tag '3.1.1' into develop
Updated robo to 3.0
Various dependencies update
2023-03-11 14:32:35 +01:00
Pierre Rudloff
2bef4d551d
Merge branch 'release/3.1.1'
2023-03-11 14:30:30 +01:00
Pierre Rudloff
f475fa2a47
Lint
2023-03-03 00:18:00 +01:00
Pierre Rudloff
8e6e88a2b2
Dependencies update
2023-03-03 00:14:36 +01:00
Pierre Rudloff
2d60fd32ef
Merge branch 'master' into develop
2022-11-07 21:20:44 +01:00
Pierre Rudloff
f32412e861
fixup! fix dockerfile permission issue ( #426 )
2022-11-07 21:19:52 +01:00
Samuel Tan
d060650833
fix dockerfile permission issue ( #426 )
2022-10-25 22:43:26 +02:00
Pierre Rudloff
4e09393fd9
Update robo to 3.0
...
To fix a PHP 8 compatibility notice
2022-10-16 15:42:19 +02:00
Pierre Rudloff
5d5a6624b8
Merge tag '3.1.0' into develop
...
Removed every reference to alltubedownload.net (#422 )
Updated youtube-dl to 2021.12.17
Updated alltube-library to 0.1.3
Updated Smarty to 4.0
PHP 8 compatibility
Various refactoring and typying improvement
2022-10-16 15:36:55 +02:00
Pierre Rudloff
36a91c8d4d
Merge branch 'release/3.1.0'
2022-10-16 15:36:37 +02:00
Pierre Rudloff
1031ad152d
Remove every reference to alltubedownload.net ( #422 )
2022-10-16 15:22:47 +02:00
Pierre Rudloff
87e30f2e87
Merge branch 'master' into develop
2022-10-16 15:16:38 +02:00
dependabot[bot]
3b6b1f0387
Bump smarty/smarty from 3.1.45 to 3.1.47 ( #425 )
...
Bumps smarty/smarty from 3.1.45 to 3.1.47.
---
updated-dependencies:
- dependency-name: smarty/smarty
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-09-25 15:09:49 +02:00
Pierre Rudloff
b95fed4935
Update phpstan
...
To fix compatibility with PHP 8.1
2022-06-28 23:08:03 +02:00
Pierre Rudloff
b5f757b562
Merge branch 'master' into develop
2022-06-28 23:07:07 +02:00
Pierre Rudloff
ffeda5ea90
Declare allowed composer plugins
2022-06-28 23:05:34 +02:00
Pierre Rudloff
e9efc6ef71
Update symfony/string
...
To avoid redeclaring functions that already exist: af4b27f47b
2022-06-28 23:04:03 +02:00
dependabot[bot]
550371db7c
Bump guzzlehttp/guzzle from 6.5.7 to 6.5.8 ( #418 )
...
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle ) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/guzzle/guzzle/releases )
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md )
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.7...6.5.8 )
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-28 22:52:44 +02:00
dependabot[bot]
4e826e554d
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 ( #415 )
...
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle ) from 6.5.6 to 6.5.7.
- [Release notes](https://github.com/guzzle/guzzle/releases )
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.7/CHANGELOG.md )
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.6...6.5.7 )
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-06-14 22:05:02 +02:00
Pierre Rudloff
1055ce0c4b
Merge branch 'master' into develop
2022-06-08 00:10:34 +02:00
Pierre Rudloff
57dd9a7dd3
Convert issue template to form
2022-06-08 00:08:01 +02:00
Pierre Rudloff
e53393d670
Force port for canonical URL ( #410 )
2022-06-01 21:57:46 +02:00
Pierre Rudloff
f6ae6eded3
Merge branch 'master' into develop
2022-05-28 23:52:51 +02:00
dependabot[bot]
e7fd4c6bc4
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 ( #412 )
...
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle ) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases )
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md )
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6 )
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:56 +02:00
dependabot[bot]
b894cdd6ce
Bump smarty/smarty from 3.1.43 to 3.1.45 ( #413 )
...
Bumps smarty/smarty from 3.1.43 to 3.1.45.
---
updated-dependencies:
- dependency-name: smarty/smarty
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-05-28 23:50:20 +02:00
Pierre Rudloff
e81b8c75a8
Add void return types
2022-05-28 23:44:34 +02:00
Pierre Rudloff
e3187a7258
Merge branch 'master' into develop
2022-04-07 22:15:36 +02:00
Liu Wenyuan
1d1e804b71
Update (redo) zh_CN translation ( #369 )
2022-04-07 22:14:08 +02:00
dependabot[bot]
6731fcdf96
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 ( #406 )
...
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7 ) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases )
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md )
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5 )
---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
2022-03-30 09:11:45 +02:00
Pierre Rudloff
10b7658240
Merge tag '3.0.3' into develop
...
Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack
2022-03-08 09:36:00 +01:00
Pierre Rudloff
3d09289104
Merge branch 'hotfix/3.0.3'
2022-03-08 09:33:44 +01:00
Pierre Rudloff
8913f27716
Disable the generic extractor entirely
...
It can be used for SSRF attacks even when redirects are disabled
2022-03-08 09:29:57 +01:00
Pierre Rudloff
113b3d5e50
Some videos have no format
2022-03-06 22:55:33 +01:00
Pierre Rudloff
edaf6f82c0
fixup! LinkHeaderMiddleware should use the same URL as ViewFactory This way the X-Forwarded-Path header is used to generate the Link header
2022-02-27 23:47:19 +01:00
Pierre Rudloff
f814ebc492
Missing exception in @throws tag
2022-02-27 23:45:59 +01:00
Pierre Rudloff
dad8b6d704
Use HTTPS URLs in tests
2022-02-27 23:44:36 +01:00
Pierre Rudloff
363bf9b08c
fixup! Prevent SSRF requests By validating the provided URL before passing it to youtube-dl
2022-02-27 23:36:51 +01:00
Pierre Rudloff
732baccd63
Make the watch route generate a full YouTube URL ( fixes #402 )
2022-02-27 23:32:08 +01:00
Pierre Rudloff
7f28275fb0
Merge tag '3.0.2' into develop
...
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
2022-02-27 12:34:23 +01:00
Pierre Rudloff
148a171b24
Merge branch 'hotfix/3.0.2'
2022-02-27 12:32:36 +01:00
Pierre Rudloff
1b099bb983
Patch youtube-dl to disable redirects
...
In order to prevent SSRF attacks using redirects
2022-02-27 12:30:15 +01:00
Pierre Rudloff
3a4f09dda0
Prevent SSRF requests
...
By validating the provided URL before passing it to youtube-dl
2022-02-27 11:00:33 +01:00
Pierre Rudloff
bf4a761d3a
Make UglyRouter compatible with routes with parameters ( #399 )
2022-02-23 21:30:58 +01:00
Pierre Rudloff
6ad0486468
Use Python 3.8.12 on Heroku
2022-02-22 23:10:54 +01:00
Pierre Rudloff
e246ab03e9
Partial PHP 8 compatibility
...
But we still need to update rinvex/countries
2022-02-22 22:58:57 +01:00
Pierre Rudloff
e567f9c9fa
Update annotated-command
...
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
2022-02-20 14:19:41 +01:00
Pierre Rudloff
64ac180a53
Merge branch 'master' into develop
2022-02-20 14:07:21 +01:00
Pierre Rudloff
2afbfb4bf2
fixup! Don't redirect to REQUEST_URI when browsing to index.php Instead, we can make sure everything works correctly on index.php
2022-02-20 14:06:59 +01:00
Pierre Rudloff
9410d4b49b
LinkHeaderMiddleware should use the same URL as ViewFactory
...
This way the X-Forwarded-Path header is used to generate the Link header
2022-02-20 13:55:44 +01:00