servers
/
alltube
mirror of https://github.com/Rudloff/alltube.git
1
0
Fork 0
Code Issues Releases Wiki Activity
1,547 Commits 2 Branches 60 Tags 4.4 MiB
Commit Graph

1547 Commits

Author SHA1 Message Date
Pierre Rudloff f814ebc492 Missing exception in @throws tag 2022-02-27 23:45:59 +01:00
Pierre Rudloff dad8b6d704 Use HTTPS URLs in tests 2022-02-27 23:44:36 +01:00
Pierre Rudloff 363bf9b08c fixup! Prevent SSRF requests By validating the provided URL before passing it to youtube-dl 2022-02-27 23:36:51 +01:00
Pierre Rudloff 732baccd63 Make the watch route generate a full YouTube URL (fixes #402) 2022-02-27 23:32:08 +01:00
Pierre Rudloff 7f28275fb0 Merge tag '3.0.2' into develop 
Fixed a SSRF vulnerability that could be used to send a request to an internal hostname
 2022-02-27 12:34:23 +01:00
Pierre Rudloff 148a171b24 Merge branch 'hotfix/3.0.2' 2022-02-27 12:32:36 +01:00
Pierre Rudloff 1b099bb983 Patch youtube-dl to disable redirects 
In order to prevent SSRF attacks using redirects
 2022-02-27 12:30:15 +01:00
Pierre Rudloff 3a4f09dda0 Prevent SSRF requests 
By validating the provided URL before passing it to youtube-dl
 2022-02-27 11:00:33 +01:00
Pierre Rudloff bf4a761d3a Make UglyRouter compatible with routes with parameters (#399) 2022-02-23 21:30:58 +01:00
Pierre Rudloff 6ad0486468 Use Python 3.8.12 on Heroku 2022-02-22 23:10:54 +01:00
Pierre Rudloff e246ab03e9 Partial PHP 8 compatibility 
But we still need to update rinvex/countries
 2022-02-22 22:58:57 +01:00
Pierre Rudloff e567f9c9fa Update annotated-command 
To fix PHP 8 compatibility issues: https://github.com/consolidation/annotated-command/pull/210
 2022-02-20 14:19:41 +01:00
Pierre Rudloff 64ac180a53 Merge branch 'master' into develop 2022-02-20 14:07:21 +01:00
Pierre Rudloff 2afbfb4bf2 fixup! Don't redirect to REQUEST_URI when browsing to index.php Instead, we can make sure everything works correctly on index.php 2022-02-20 14:06:59 +01:00
Pierre Rudloff 9410d4b49b LinkHeaderMiddleware should use the same URL as ViewFactory 
This way the X-Forwarded-Path header is used to generate the Link header
 2022-02-20 13:55:44 +01:00
Pierre Rudloff bfaea0e381 Merge tag '3.0.1' into develop 
Fixed an open redirect vulnerability that could be used to construct an URL redirecting to an arbitraty domain
 2022-02-20 13:34:53 +01:00
Pierre Rudloff 3ab22c654a Merge branch 'hotfix/3.0.1' 2022-02-20 13:31:40 +01:00
Pierre Rudloff bc14b6e45c Don't redirect to REQUEST_URI when browsing to index.php 
Instead, we can make sure everything works correctly on index.php
 2022-02-20 13:28:57 +01:00
Pierre Rudloff acbd2008ca Merge branch 'master' into develop 2022-02-19 20:48:02 +01:00
Pierre Rudloff cf82f1cc8f
Add security policy 2022-02-19 20:47:53 +01:00
Pierre Rudloff 5677ce719a Update youtube-dl to 2021.12.17 (#395) 2022-02-17 22:13:56 +01:00
Pierre Rudloff 655490eeb3 Use HTTPS URLs in composer.json 2022-02-17 22:00:08 +01:00
Pierre Rudloff 18847e4d75 More robust way to detect CI in tests 2022-02-07 22:30:47 +01:00
Pierre Rudloff fe771886d9 Replace Travis with GitHub actions 
travis-ci.org does not run tests anymore
 2022-02-07 22:26:33 +01:00
Pierre Rudloff 27439c7e14 Simplify overly complicated format selection template 2022-02-06 20:46:38 +01:00
Pierre Rudloff d9ba01f017 Generate <img> tags with Smarty 2022-02-06 19:17:05 +01:00
Pierre Rudloff ce9b4d9a48 Update Smarty to 4.0 2022-02-06 18:43:08 +01:00
Pierre Rudloff 7cd42e6c6b Fix MP3 option size 2022-02-03 21:57:00 +01:00
Pierre Rudloff ac8c53375a Easier to maintain template structure 
This the head and footer don't have to be included everytime and the hierarchy is easier to read
 2022-02-03 21:41:07 +01:00
Pierre Rudloff de74808459 More readable way to include HTML in translated strings 2022-02-03 21:07:13 +01:00
Pierre Rudloff bdf5554430 Use HTTPS links 2022-02-03 20:55:09 +01:00
Pierre Rudloff b8c88aecf5 Improve typing 2022-02-03 20:52:18 +01:00
Pierre Rudloff d46563f994 Simplify code 2022-02-03 20:21:04 +01:00
Pierre Rudloff 781b5c8bc2 phpcs does not like full namespaces 2022-02-03 20:03:55 +01:00
Pierre Rudloff ffd9275500 Correct way to use interface constant 2022-02-03 20:01:56 +01:00
Pierre Rudloff 6fef87f58b Use HTML dumper for Smarty collector 2022-01-27 00:15:05 +01:00
Pierre Rudloff 835170f4b5 Use phpmnd to detect magic numbers 2022-01-27 00:03:37 +01:00
Pierre Rudloff 5ed15afe1f Use constant for HTTP response code 2022-01-26 23:58:25 +01:00
Pierre Rudloff 359c358df1 Symfony 5.0 is not maintained anymore 2022-01-26 23:53:14 +01:00
Pierre Rudloff c44979bbae
Merge pull request #385 from LoganTann/master 
fix: manifest causes 404 when making pwa shortcut
 2022-01-17 20:24:57 +01:00
Pierre Rudloff 8f3f1cdaf8 Merge branch 'master' into develop 2022-01-17 20:14:06 +01:00
ShinProg (Logan Tann) 1464b2c319
fix: manifest causes 404 when making pwa shortcut 
fixes #384
 2022-01-17 11:38:38 +01:00
dependabot[bot] fb78ecb410 Bump smarty/smarty from 3.1.39 to 3.1.43 (#383) 
Bumps smarty/smarty from 3.1.39 to 3.1.43.

---
updated-dependencies:
- dependency-name: smarty/smarty
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2022-01-13 00:05:49 +01:00
Pierre Rudloff d744ee557e Build Link header from an array 2021-10-19 23:14:38 +02:00
Pierre Rudloff 5d40523cf4 Don't hardcode class name 2021-10-18 13:16:28 +02:00
Pierre Rudloff 55db198d39 Upgrade phpunit to 9.5 
So we stop depending on the unmaintained php-token-stream
 2021-10-17 21:14:39 +02:00
M*C*O 60f924f4bf
Document X-Forwarded-Proto in README (#368) 2021-07-25 15:02:03 +02:00
Pierre Rudloff 607efaa292 fixup! Fix small typos (#333) 2021-06-06 19:15:44 +02:00
Pierre Rudloff f3ffa90a2e Update alltube-library to 0.1.3 2021-05-13 13:03:10 +02:00
Pierre Rudloff a95d1de67e Update alltube-library to 0.1.2 2021-05-05 21:48:10 +02:00