FreshRSS (Customized)/app/Controllers/authController.php, branch 1.27.1 Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.27.1 2025-09-25T19:52:29+00:00 Prevent logout CSRFs (#7999) 2025-09-25T19:52:29+00:00 Inverle inverle@proton.me 2025-09-25T19:52:29+00:00 urn:sha1:f8b2b8c4153f8acdb4267a269ada27f8af22d7d9 By avoiding `FreshRSS_Context::initUser()` calls Regenerate session ID on login (#7829) 2025-08-30T19:40:00+00:00 Inverle inverle@proton.me 2025-08-30T19:40:00+00:00 urn:sha1:200eafb352f807bd70592b2ccc06745017328a85 Follow-up to #7762 * Regenerate session ID on login * Send only one cookie * Improvements * Delete old session file * Simplify * Make function consistent with others Implement sudo mode / reauthentication (#7753) 2025-07-31T11:53:14+00:00 Inverle inverle@proton.me 2025-07-31T11:53:14+00:00 urn:sha1:3ce64d271b2b470bd6c9f7294946347dcdfed9b9 * Implement sudo mode / reauthentication * i18n: fr * generate flags * Improvements * Remove HMAC check * Don't require reauth to access logs when signed in as admin * Notify user of bad login via notification instead --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Regenerate cookie ID after logging out (#7762) 2025-07-29T12:44:14+00:00 Inverle inverle@proton.me 2025-07-29T12:44:14+00:00 urn:sha1:e967b07589f687fcd2f71e2df265fcb7c4f15c07 To make the session cookie no longer usable if hijacked and put in another browser after user logs out Use HTTP POST for logout (#7489) 2025-04-05T21:15:37+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-05T21:15:37+00:00 urn:sha1:d858053a7c70b3fee0fe407420ff8bd1466d5de2 * Use HTTP POST for logout To avoid potential CSRF risks * Fixed button font issue * Minor whitespace Update bcrypt.js from 2.4.4 to 3.0.2 (#7449) 2025-03-25T09:19:51+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-03-25T09:19:51+00:00 urn:sha1:d0b961131939800a119801bfce7411ad2e429e9e https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0 Can be updated to the latest version with: `curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js` fix: Update the user's last activity on login action (#7406) 2025-03-05T21:36:41+00:00 berumuron dev@marienfressinaud.fr 2025-03-05T21:36:41+00:00 urn:sha1:40cdeb86874296b090dfb48ce4d0d6c41455405b Reduce undeeded use of elvis operator ?: (#7204) 2025-01-10T07:13:09+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-01-10T07:13:09+00:00 urn:sha1:5368f38753a3e655ed3d7d7dfc7af2cc22de7980 Upgrade code to php 8.1 (#6748) 2024-11-28T16:11:04+00:00 Luc SANCHEZ 4697568+ColonelMoutarde@users.noreply.github.com 2024-11-28T16:11:04+00:00 urn:sha1:15745d42b779ad14efde2932ab116f45eee39246 * revert Fix code indentation Fix code Upgrade code to php 8.1 * fix remarques * code review * code review * code review * Apply suggestions from code review * code review * Fixes * Many remainging updates of array syntax * Lost case 'reading-list' * Uneeded PHPDoc --------- Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Rename param specialchars to plaintext (#6809) 2024-09-15T10:00:46+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-09-15T10:00:46+00:00 urn:sha1:469a42d9c3dedaf2817ba6ffec2f0945f83e63c0 https://github.com/FreshRSS/FreshRSS/pull/6800#discussion_r1756435762