Pierre Rudloff
|
b95fed4935
|
Update phpstan
To fix compatibility with PHP 8.1
|
2022-06-28 23:08:03 +02:00 |
|
Pierre Rudloff
|
b5f757b562
|
Merge branch 'master' into develop
|
2022-06-28 23:07:07 +02:00 |
|
Pierre Rudloff
|
ffeda5ea90
|
Declare allowed composer plugins
|
2022-06-28 23:05:34 +02:00 |
|
Pierre Rudloff
|
e9efc6ef71
|
Update symfony/string
To avoid redeclaring functions that already exist: af4b27f47b
|
2022-06-28 23:04:03 +02:00 |
|
dependabot[bot]
|
550371db7c
|
Bump guzzlehttp/guzzle from 6.5.7 to 6.5.8 (#418)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.7 to 6.5.8.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.8/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.7...6.5.8)
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-06-28 22:52:44 +02:00 |
|
dependabot[bot]
|
4e826e554d
|
Bump guzzlehttp/guzzle from 6.5.6 to 6.5.7 (#415)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.6 to 6.5.7.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.7/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.6...6.5.7)
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-06-14 22:05:02 +02:00 |
|
Pierre Rudloff
|
1055ce0c4b
|
Merge branch 'master' into develop
|
2022-06-08 00:10:34 +02:00 |
|
Pierre Rudloff
|
57dd9a7dd3
|
Convert issue template to form
|
2022-06-08 00:08:01 +02:00 |
|
Pierre Rudloff
|
e53393d670
|
Force port for canonical URL (#410)
|
2022-06-01 21:57:46 +02:00 |
|
Pierre Rudloff
|
f6ae6eded3
|
Merge branch 'master' into develop
|
2022-05-28 23:52:51 +02:00 |
|
dependabot[bot]
|
e7fd4c6bc4
|
Bump guzzlehttp/guzzle from 6.5.5 to 6.5.6 (#412)
Bumps [guzzlehttp/guzzle](https://github.com/guzzle/guzzle) from 6.5.5 to 6.5.6.
- [Release notes](https://github.com/guzzle/guzzle/releases)
- [Changelog](https://github.com/guzzle/guzzle/blob/6.5.6/CHANGELOG.md)
- [Commits](https://github.com/guzzle/guzzle/compare/6.5.5...6.5.6)
---
updated-dependencies:
- dependency-name: guzzlehttp/guzzle
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-28 23:50:56 +02:00 |
|
dependabot[bot]
|
b894cdd6ce
|
Bump smarty/smarty from 3.1.43 to 3.1.45 (#413)
Bumps smarty/smarty from 3.1.43 to 3.1.45.
---
updated-dependencies:
- dependency-name: smarty/smarty
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-05-28 23:50:20 +02:00 |
|
Pierre Rudloff
|
e81b8c75a8
|
Add void return types
|
2022-05-28 23:44:34 +02:00 |
|
Pierre Rudloff
|
e3187a7258
|
Merge branch 'master' into develop
|
2022-04-07 22:15:36 +02:00 |
|
Liu Wenyuan
|
1d1e804b71
|
Update (redo) zh_CN translation (#369)
|
2022-04-07 22:14:08 +02:00 |
|
dependabot[bot]
|
6731fcdf96
|
Bump guzzlehttp/psr7 from 1.6.1 to 1.8.5 (#406)
Bumps [guzzlehttp/psr7](https://github.com/guzzle/psr7) from 1.6.1 to 1.8.5.
- [Release notes](https://github.com/guzzle/psr7/releases)
- [Changelog](https://github.com/guzzle/psr7/blob/1.8.5/CHANGELOG.md)
- [Commits](https://github.com/guzzle/psr7/compare/1.6.1...1.8.5)
---
updated-dependencies:
- dependency-name: guzzlehttp/psr7
dependency-type: indirect
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
2022-03-30 09:11:45 +02:00 |
|
Pierre Rudloff
|
10b7658240
|
Merge tag '3.0.3' into develop
Fixed a vulnerability that could be used to trigger either an open redirect or a SSRF attack
|
2022-03-08 09:36:00 +01:00 |
|
Pierre Rudloff
|
3d09289104
|
Merge branch 'hotfix/3.0.3'
|
2022-03-08 09:33:44 +01:00 |
|
Pierre Rudloff
|
8913f27716
|
Disable the generic extractor entirely
It can be used for SSRF attacks even when redirects are disabled
|
2022-03-08 09:29:57 +01:00 |
|
Pierre Rudloff
|
113b3d5e50
|
Some videos have no format
|
2022-03-06 22:55:33 +01:00 |
|
Pierre Rudloff
|
edaf6f82c0
|
fixup! LinkHeaderMiddleware should use the same URL as ViewFactory This way the X-Forwarded-Path header is used to generate the Link header
|
2022-02-27 23:47:19 +01:00 |
|
Pierre Rudloff
|
f814ebc492
|
Missing exception in @throws tag
|
2022-02-27 23:45:59 +01:00 |
|
Pierre Rudloff
|
dad8b6d704
|
Use HTTPS URLs in tests
|
2022-02-27 23:44:36 +01:00 |
|
Pierre Rudloff
|
363bf9b08c
|
fixup! Prevent SSRF requests By validating the provided URL before passing it to youtube-dl
|
2022-02-27 23:36:51 +01:00 |
|
Pierre Rudloff
|
732baccd63
|
Make the watch route generate a full YouTube URL (fixes #402)
|
2022-02-27 23:32:08 +01:00 |
|
Pierre Rudloff
|
7f28275fb0
|
Merge tag '3.0.2' into develop
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
|
2022-02-27 12:34:23 +01:00 |
|
Pierre Rudloff
|
148a171b24
|
Merge branch 'hotfix/3.0.2'
|
2022-02-27 12:32:36 +01:00 |
|
Pierre Rudloff
|
1b099bb983
|
Patch youtube-dl to disable redirects
In order to prevent SSRF attacks using redirects
|
2022-02-27 12:30:15 +01:00 |
|
Pierre Rudloff
|
3a4f09dda0
|
Prevent SSRF requests
By validating the provided URL before passing it to youtube-dl
|
2022-02-27 11:00:33 +01:00 |
|
Pierre Rudloff
|
bf4a761d3a
|
Make UglyRouter compatible with routes with parameters (#399)
|
2022-02-23 21:30:58 +01:00 |
|
Pierre Rudloff
|
6ad0486468
|
Use Python 3.8.12 on Heroku
|
2022-02-22 23:10:54 +01:00 |
|
Pierre Rudloff
|
e246ab03e9
|
Partial PHP 8 compatibility
But we still need to update rinvex/countries
|
2022-02-22 22:58:57 +01:00 |
|
Pierre Rudloff
|
e567f9c9fa
|
Update annotated-command
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
|
2022-02-20 14:19:41 +01:00 |
|
Pierre Rudloff
|
64ac180a53
|
Merge branch 'master' into develop
|
2022-02-20 14:07:21 +01:00 |
|
Pierre Rudloff
|
2afbfb4bf2
|
fixup! Don't redirect to REQUEST_URI when browsing to index.php Instead, we can make sure everything works correctly on index.php
|
2022-02-20 14:06:59 +01:00 |
|
Pierre Rudloff
|
9410d4b49b
|
LinkHeaderMiddleware should use the same URL as ViewFactory
This way the X-Forwarded-Path header is used to generate the Link header
|
2022-02-20 13:55:44 +01:00 |
|
Pierre Rudloff
|
bfaea0e381
|
Merge tag '3.0.1' into develop
Fixed an open redirect vulnerability that could be used to construct an URL redirecting to an arbitraty domain
|
2022-02-20 13:34:53 +01:00 |
|
Pierre Rudloff
|
3ab22c654a
|
Merge branch 'hotfix/3.0.1'
|
2022-02-20 13:31:40 +01:00 |
|
Pierre Rudloff
|
bc14b6e45c
|
Don't redirect to REQUEST_URI when browsing to index.php
Instead, we can make sure everything works correctly on index.php
|
2022-02-20 13:28:57 +01:00 |
|
Pierre Rudloff
|
acbd2008ca
|
Merge branch 'master' into develop
|
2022-02-19 20:48:02 +01:00 |
|
Pierre Rudloff
|
cf82f1cc8f
|
Add security policy
|
2022-02-19 20:47:53 +01:00 |
|
Pierre Rudloff
|
5677ce719a
|
Update youtube-dl to 2021.12.17 (#395)
|
2022-02-17 22:13:56 +01:00 |
|
Pierre Rudloff
|
655490eeb3
|
Use HTTPS URLs in composer.json
|
2022-02-17 22:00:08 +01:00 |
|
Pierre Rudloff
|
18847e4d75
|
More robust way to detect CI in tests
|
2022-02-07 22:30:47 +01:00 |
|
Pierre Rudloff
|
fe771886d9
|
Replace Travis with GitHub actions
travis-ci.org does not run tests anymore
|
2022-02-07 22:26:33 +01:00 |
|
Pierre Rudloff
|
27439c7e14
|
Simplify overly complicated format selection template
|
2022-02-06 20:46:38 +01:00 |
|
Pierre Rudloff
|
d9ba01f017
|
Generate <img> tags with Smarty
|
2022-02-06 19:17:05 +01:00 |
|
Pierre Rudloff
|
ce9b4d9a48
|
Update Smarty to 4.0
|
2022-02-06 18:43:08 +01:00 |
|
Pierre Rudloff
|
7cd42e6c6b
|
Fix MP3 option size
|
2022-02-03 21:57:00 +01:00 |
|
Pierre Rudloff
|
ac8c53375a
|
Easier to maintain template structure
This the head and footer don't have to be included everytime and the hierarchy is easier to read
|
2022-02-03 21:41:07 +01:00 |
|