Commit Graph

3417 Commits

Author SHA1 Message Date
Samantaz Fox
ddb06b0cac
Fix XSS vulnerability in channel playlists
The channel/<ucid>/playlists page was vulnerable to Cross Site Scripting
(XSS), because the different URL parameters were inserted as-is in the URL
meant for instance switching.

This vulnerability could allow an attacker to inject malicious Javascript
in the page by tricking the user to click on a crafted link.

Bug introduced in commit 66e7285108
("Only use /redirect when automatically redirecting").

Thanks to Jack (@testa:cthd.icu on Matrix, @cysea on github) for responsibly
reporting this issue!
2021-12-19 20:51:44 +01:00
Samantaz Fox
f54e247eb4
Extractors: Add support for shorts
Fixes #2708
2021-12-17 16:47:41 +01:00
Samantaz Fox
2ac19eb8fc
Merge pull request #2725 from weblate/weblate-invidious-translations
Translations update from Hosted Weblate
2021-12-17 15:02:59 +01:00
Hosted Weblate
6cdaafdc37
Update Norwegian Bokmål translation
Co-authored-by: Petter Reinholdtsen <pere-weblate@hungry.com>
2021-12-16 06:25:54 +01:00
bbielsa
ed6476b5ea Allow the t parameter to override the stored video playback position 2021-12-15 19:38:58 +01:00
bbielsa
b90bceb2dc Fix formatting of preferences.cr and videos.cr 2021-12-15 19:38:58 +01:00
bbielsa
f31bd5ffb9 Use localization for save player position label in the preferences page 2021-12-15 19:38:56 +01:00
bbielsa
5abe7fe123 Rename 'remember_position' to 'save_player_pos' for clarity 2021-12-15 19:37:55 +01:00
bbielsa
b6792cf02e Added default value for get_video_time() which was causing a bug in safari 2021-12-15 19:37:55 +01:00
bbielsa
1261323c66 Remove console.log debugging 2021-12-15 19:37:55 +01:00
bbielsa
2a45b4eba0 Save and load the position for the video using a local storage object, the object is a dictionary, where the key is the video ID, and the value is the time at which the user last left off watching the video. If the user deselected the 'remember video position' checkbox in the preferences this dictionary is cleared 2021-12-15 19:37:55 +01:00
bbielsa
a6a0bbf398 Add remember_position field to the Preferences and VideoPreferences structs, and add a checkbox in the preferences page to toggle it 2021-12-15 19:37:55 +01:00
Samantaz Fox
7f3ef12297
Merge pull request #2692 from weblate/weblate-invidious-translations
Invidious translations update
Merged from the command line due to merge conflicts.
2021-12-12 23:50:14 +01:00
Samantaz Fox
da2f592de6
locales: use "DASH" instead of "dash" in en-US 2021-12-12 22:46:12 +01:00
Samantaz Fox
ee91effb7a
Merge pull request #2576 from SamantazFox/fix-locales-handling
Fix locales handling
2021-12-12 22:26:22 +01:00
Hosted Weblate
b13f9c25b3
Update Danish translation
Update Danish translation

Update Danish translation

Update Danish translation

Update Danish translation

Update Danish translation

Co-authored-by: Grooty12 <Rasmus@rosendahl-kaa.name>
Co-authored-by: HackerNCoder <hackerncoder@protonmail.ch>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-12-10 23:36:14 +01:00
Hosted Weblate
f85563eb66
Update Indonesian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: I. Musthafa <i.musthafa66@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate
7b689a186d
Update Dutch translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate
092d7df761
Update Chinese (Traditional) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Jeff Huang <s8321414@gmail.com>
2021-12-10 23:36:14 +01:00
Hosted Weblate
6c444707d7
Update Turkish translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Oğuz Ersen <oguzersen@protonmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate
81c006cc04
Update Chinese (Simplified) translation
Co-authored-by: Eric <spice2wolf@gmail.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-12-10 23:36:13 +01:00
Hosted Weblate
7cbd1e413f
Update Serbian (cyrillic) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate
f34f8ef188
Update Serbian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:13 +01:00
Hosted Weblate
c3eb385cd3
Update Croatian translation
Update Croatian translation

Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
Co-authored-by: Milo Ivir <mail@milotype.de>
2021-12-10 23:36:13 +01:00
Hosted Weblate
be34f03157
Update French translation
Update French translation

Co-authored-by: Bundy01 <bundy@posteo.eu>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Samantaz Fox <translator-weblate@samantaz.fr>
2021-12-10 23:36:13 +01:00
Hosted Weblate
4964785b13
Update German translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Issa1553 <fairfull.playing@gmail.com>
2021-12-10 23:36:12 +01:00
Hosted Weblate
1b7757c14f
Update Arabic translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Rex_sa <rex.sa@pm.me>
2021-12-10 23:36:12 +01:00
Hosted Weblate
58c9f20226
Update Norwegian Bokmål translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Petter Reinholdtsen <pere-weblate@hungry.com>
2021-12-10 23:36:12 +01:00
Hosted Weblate
f19be0c3ce
Update English (United States) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Samantaz Fox <translator-weblate@samantaz.fr>
2021-12-10 23:36:12 +01:00
Samantaz Fox
f236a6872b
Merge pull request #2659 from SamantazFox/fix-likes-dislikes
Fix likes/dislikes
2021-12-06 03:52:38 +01:00
Samantaz Fox
3e0096f360
Merge pull request #2683 from iv-org/SamantazFox-patch-1
Fix #2682
2021-12-02 15:35:00 +01:00
Samantaz Fox
438b334320
Merge pull request #2671 from matthewmcgarvey/code-removal
Remove dead code
2021-12-01 20:49:23 +01:00
Samantaz Fox
4aa96ecab9
Use 'dig()' in 'find()' statements 2021-12-01 17:32:10 +01:00
Samantaz Fox
e5557b515e
Merge pull request #2684 from iv-org/SamantazFox-patch-2
Decode title from download widget
2021-12-01 17:29:04 +01:00
Samantaz Fox
7b9d26d688
Fix #2670
Fixes "Download widget replaces spaces in filename with +"
https://github.com/iv-org/invidious/issues/2670
2021-11-29 23:12:55 +01:00
matthewmcgarvey
8d4b4cd14c Remove dead code 2021-11-29 09:11:50 -06:00
Samantaz Fox
342fc202a7
Fix #2682
Fix "Missing param name: "q" (KeyError)"
https://github.com/iv-org/invidious/issues/2682
2021-11-29 14:53:27 +01:00
Samantaz Fox
4436359d07
Use dig to get category contents
Co-authored-by: Matthew McGarvey <matthewmcgarvey14@gmail.com>
2021-11-28 23:44:37 +01:00
Samantaz Fox
91f8395222
Typo: missing '?' when looking for key in dislikes_button
Co-authored-by: Matthew McGarvey <matthewmcgarvey14@gmail.com>
2021-11-28 23:37:27 +01:00
Samantaz Fox
de00e86cd5
Decompress the response body ourselves
Temp fix for #2612
2021-11-28 18:04:12 +01:00
Émilien Devos
c6e086c6ff
Revert "Temporarily fix for #2612" (#2673) 2021-11-28 09:41:16 +01:00
Samantaz Fox
82f3eda82b
Merge pull request #2656 from SamantazFox/fix-2549
extract_video_info: Make sure that the Android player response is valid
2021-11-28 02:38:29 +01:00
Samantaz Fox
05f9613e14
Merge pull request #2623 from SamantazFox/temp-decompression-fix
Temporarily fix for #2612
2021-11-28 02:35:39 +01:00
TheFrenchGhosty
50bb591826
Merge pull request #2658 from weblate/weblate-invidious-translations
Translations update from Hosted Weblate
2021-11-26 19:38:32 +00:00
Hosted Weblate
2ca23c714d
Update Indonesian translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: I. Musthafa <i.musthafa66@gmail.com>
2021-11-26 20:28:07 +01:00
Hosted Weblate
b030d822f1
Update Serbian translation
Co-authored-by: Anon Anonimovic <BGteam@live.com>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-11-26 20:28:07 +01:00
Hosted Weblate
65b5183f01
Update Portuguese (Brazil) translation
Co-authored-by: Hosted Weblate <hosted@weblate.org>
Co-authored-by: Vinicius <rodriguessv30@gmail.com>
2021-11-26 20:28:07 +01:00
Hosted Weblate
33431844b7
Update French translation
Co-authored-by: Bundy01 <bundy@posteo.eu>
2021-11-26 20:28:07 +01:00
Hosted Weblate
325a67155d
Update Catalan translation
Update Catalan translation

Add Catalan translation

Co-authored-by: Alfonso Montero López <amontero@tinet.org>
Co-authored-by: Hosted Weblate <hosted@weblate.org>
2021-11-26 20:28:07 +01:00
Samantaz Fox
6876f88f43
Merge pull request #2622 from SamantazFox/add-makefile
Add a makefile
2021-11-26 20:28:03 +01:00