Commit graph

3185 commits

Author SHA1 Message Date
Samantaz Fox ddb06b0cac
Fix XSS vulnerability in channel playlists
The channel/<ucid>/playlists page was vulnerable to Cross Site Scripting
(XSS), because the different URL parameters were inserted as-is in the URL
meant for instance switching.

This vulnerability could allow an attacker to inject malicious Javascript
in the page by tricking the user to click on a crafted link.

Bug introduced in commit 66e7285108
("Only use /redirect when automatically redirecting").

Thanks to Jack (@testa:cthd.icu on Matrix, @cysea on github) for responsibly
reporting this issue!
2021-12-19 20:51:44 +01:00
Samantaz Fox 2ac19eb8fc
Merge pull request #2725 from weblate/weblate-invidious-translations
Translations update from Hosted Weblate
2021-12-17 15:02:59 +01:00
Hosted Weblate 6cdaafdc37
Update Norwegian Bokmål translation
Co-authored-by: Petter Reinholdtsen <pere-weblate@hungry.com>
2021-12-16 06:25:54 +01:00
Samantaz Fox 7f3ef12297
Merge pull request #2692 from weblate/weblate-invidious-translations
Invidious translations update
Merged from the command line due to merge conflicts.
2021-12-12 23:50:14 +01:00
Samantaz Fox da2f592de6
locales: use "DASH" instead of "dash" in en-US 2021-12-12 22:46:12 +01:00
Samantaz Fox ee91effb7a
Merge pull request #2576 from SamantazFox/fix-locales-handling
Fix locales handling
2021-12-12 22:26:22 +01:00
Hosted Weblate b13f9c25b3
Update Danish translation
Update Danish translation

Update Danish translation

Update Danish translation

Update Danish translation

Update Danish translation

Co-authored-by: Grooty12 <Rasmus@rosendahl-kaa.name>
Co-authored-by: HackerNCoder <hackerncoder@protonmail.ch>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-12-10 23:36:14 +01:00
Hosted Weblate f85563eb66
Update Indonesian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: I. Musthafa <i.musthafa66@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate 7b689a186d
Update Dutch translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate 092d7df761
Update Chinese (Traditional) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jeff Huang <s8321414@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate 6c444707d7
Update Turkish translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate 81c006cc04
Update Chinese (Simplified) translation
Co-authored-by: Eric <spice2wolf@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-12-10 23:36:13 +01:00
Hosted Weblate 7cbd1e413f
Update Serbian (cyrillic) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate f34f8ef188
Update Serbian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate c3eb385cd3
Update Croatian translation
Update Croatian translation

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
Co-authored-by: Milo Ivir <mail@milotype.de>
2021-12-10 23:36:13 +01:00
Hosted Weblate be34f03157
Update French translation
Update French translation

Co-authored-by: Bundy01 <bundy@posteo.eu>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Samantaz Fox <translator-weblate@samantaz.fr>
2021-12-10 23:36:13 +01:00
Hosted Weblate 4964785b13
Update German translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:12 +01:00
Hosted Weblate 1b7757c14f
Update Arabic translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Rex_sa <rex.sa@pm.me>
2021-12-10 23:36:12 +01:00
Hosted Weblate 58c9f20226
Update Norwegian Bokmål translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Petter Reinholdtsen <pere-weblate@hungry.com>
2021-12-10 23:36:12 +01:00
Hosted Weblate f19be0c3ce
Update English (United States) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Samantaz Fox <translator-weblate@samantaz.fr>
2021-12-10 23:36:12 +01:00
Samantaz Fox f236a6872b
Merge pull request #2659 from SamantazFox/fix-likes-dislikes
Fix likes/dislikes
2021-12-06 03:52:38 +01:00
Samantaz Fox 3e0096f360
Merge pull request #2683 from iv-org/SamantazFox-patch-1
Fix #2682
2021-12-02 15:35:00 +01:00
Samantaz Fox 438b334320
Merge pull request #2671 from matthewmcgarvey/code-removal
Remove dead code
2021-12-01 20:49:23 +01:00
Samantaz Fox 4aa96ecab9
Use 'dig()' in 'find()' statements 2021-12-01 17:32:10 +01:00
Samantaz Fox e5557b515e
Merge pull request #2684 from iv-org/SamantazFox-patch-2
Decode title from download widget
2021-12-01 17:29:04 +01:00
Samantaz Fox 7b9d26d688
Fix #2670
Fixes "Download widget replaces spaces in filename with +"
https://github.com/iv-org/invidious/issues/2670
2021-11-29 23:12:55 +01:00
matthewmcgarvey 8d4b4cd14c Remove dead code 2021-11-29 09:11:50 -06:00
Samantaz Fox 342fc202a7
Fix #2682
Fix "Missing param name: "q" (KeyError)"
https://github.com/iv-org/invidious/issues/2682
2021-11-29 14:53:27 +01:00
Samantaz Fox 4436359d07
Use dig to get category contents
Co-authored-by: Matthew McGarvey <matthewmcgarvey14@gmail.com>
2021-11-28 23:44:37 +01:00
Samantaz Fox 91f8395222
Typo: missing '?' when looking for key in dislikes_button
Co-authored-by: Matthew McGarvey <matthewmcgarvey14@gmail.com>
2021-11-28 23:37:27 +01:00
Émilien Devos c6e086c6ff
Revert "Temporarily fix for #2612" (#2673) 2021-11-28 09:41:16 +01:00
Samantaz Fox 82f3eda82b
Merge pull request #2656 from SamantazFox/fix-2549
extract_video_info: Make sure that the Android player response is valid
2021-11-28 02:38:29 +01:00
Samantaz Fox 05f9613e14
Merge pull request #2623 from SamantazFox/temp-decompression-fix
Temporarily fix for #2612
2021-11-28 02:35:39 +01:00
TheFrenchGhosty 50bb591826
Merge pull request #2658 from weblate/weblate-invidious-translations
Translations update from Hosted Weblate
2021-11-26 19:38:32 +00:00
Hosted Weblate 2ca23c714d
Update Indonesian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: I. Musthafa <i.musthafa66@gmail.com>
2021-11-26 20:28:07 +01:00
Hosted Weblate b030d822f1
Update Serbian translation
Co-authored-by: Anon Anonimovic <BGteam@live.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-11-26 20:28:07 +01:00
Hosted Weblate 65b5183f01
Update Portuguese (Brazil) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Vinicius <rodriguessv30@gmail.com>
2021-11-26 20:28:07 +01:00
Hosted Weblate 33431844b7
Update French translation
Co-authored-by: Bundy01 <bundy@posteo.eu>
2021-11-26 20:28:07 +01:00
Hosted Weblate 325a67155d
Update Catalan translation
Update Catalan translation

Add Catalan translation

Co-authored-by: Alfonso Montero López <amontero@tinet.org>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-11-26 20:28:07 +01:00
Samantaz Fox 6876f88f43
Merge pull request #2622 from SamantazFox/add-makefile
Add a makefile
2021-11-26 20:28:03 +01:00
Samantaz Fox ad9d3f4425
Merge pull request #2555 from iv-org/readme-enhancements
Enhance some stuff in the README
2021-11-26 20:24:31 +01:00
TheFrenchGhosty 5eca7a8a30
Fix indenting
Co-authored-by: Samantaz Fox <coding@samantaz.fr>
2021-11-26 19:18:12 +00:00
TheFrenchGhosty de153ece4e Move the Awesome-Humane-Tech to its own line 2021-11-26 19:52:36 +01:00
TheFrenchGhosty 2d8964d37d Apply the suggestions 2021-11-26 19:51:55 +01:00
Samantaz Fox ceb1feb350
likes/dislikes: better fallback management
'.to_i64?' instead of '.to_i64' returns nil rather than raising
an exception when it's done on an empty string.

In some rare cases, rating can be equal to 5. In this case, the
value of player_response[videoDetails][averageRating] is an
Int and not a Float.
2021-11-25 23:16:50 +01:00
Samantaz Fox 2ea0590b03
i18n: return 'key' if 'key' is not in locales files 2021-11-25 19:46:34 +01:00
Samantaz Fox 80a513baa5
Use new techniques to get (dis)likes back 2021-11-24 01:22:09 +01:00
Samantaz Fox ba48f68fc3
allow multiple, successive content-encodings 2021-11-21 18:16:05 +01:00
Samantaz Fox 319587e2f1
extract_video_info: make sure that the Android player response is valid 2021-11-21 17:34:17 +01:00
Samantaz Fox bf7952d9c7
i18n: log a warning instead of rising an exception
This is more user-friendly.
TODO: maybe make a compile time flag for testing purposes
2021-11-21 01:54:54 +01:00