Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.27.1 2025-09-24T10:13:40+00:00 2025-09-24T10:13:40+00:00 Inverle inverle@proton.me 2025-09-24T10:13:40+00:00 urn:sha1:f612a560d28a31095c27c130e84bf6ff39f061f5 In two bookmark actions and one in `entryController` Completes one TODO from #7923: https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/entryController.php#L257 (a POST request is already sent in the frontend) 2025-09-09T20:01:04+00:00 Alexis Degrugillier aledeg@users.noreply.github.com 2025-09-09T20:01:04+00:00 urn:sha1:6ad625812a77dc1a63b3c88792b588de11ae8f3c This replace the use of `en` through out the code. 2025-08-30T14:26:24+00:00 Inverle inverle@proton.me 2025-08-30T14:26:24+00:00 urn:sha1:379a387ddeabdab428c2c6257ff6521f69e5d974 The set language is used inside paths and can lead to issues by including PHP files from other locations 2025-08-07T20:19:45+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-08-07T20:19:45+00:00 urn:sha1:62f32ccadff77594f5b8e3ad24c4c2541ff35885 As well as reportPossiblyNonexistentConstantArrayOffset. And disable PHPStan-next from GitHub Action, since the work is completed for now. 2025-07-24T05:59:00+00:00 Inverle inverle@proton.me 2025-07-24T05:59:00+00:00 urn:sha1:1ef3bd34d690f65a3eddbe75d416d3b47b799e06 2025-07-07T21:32:35+00:00 Inverle inverle@proton.me 2025-07-07T21:32:35+00:00 urn:sha1:6549932d59aef3b72a9da29294af0f30ffb77af5 Related: https://github.com/FreshRSS/xExtension-Demo/pull/2, https://github.com/FreshRSS/FreshRSS/pull/7559#issuecomment-2858083635 Mostly to make sure that no one is able to break the demo instance But the issues below could possibly be exploited in other scenarios too: * Setting a theme like `../../lib/core-extensions/UserJS`: this directory contains `metadata.json` like themes do, so FreshRSS treats it as a theme after setting it and doesn't load any CSS * Setting a theme like `x dropdown-menu`: the `dropdown-menu` class was able to get injected into the `<body>` element since https://github.com/FreshRSS/FreshRSS/pull/7559 and turn every page blank 2025-06-21T22:36:32+00:00 Stefan 11146296+tryallthethings@users.noreply.github.com 2025-06-21T22:36:32+00:00 urn:sha1:51298cd6bc100b1cc6508abb602a59c01a9e2c04 * + Exposed the reading modes for extensions through Minz. Now extensions can add a custom view mode. Graceful fallback to normal view in case the extension was disabled without resetting the view_mode through the uninstall method. In that case the user will be informed via Minz_Request::setBadNotification that the view has been reset to normal. + Added translation strings for de, en and en-us for the notification * + Added missing, generated translations * Simplify indexAction, performance * Minor settings htmlspecialchars * i18n: fr * Minor wording * Doc * Fix i18n --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> 2025-05-25T11:05:23+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-05-25T11:05:23+00:00 urn:sha1:62592da2837d21b84a4dc53272030d2a0df90224 fix https://github.com/FreshRSS/FreshRSS/issues/7612 2025-04-01T15:54:52+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-01T15:54:52+00:00 urn:sha1:dbdadbb4107878d9233f635c31a88afe45957101 The security risks look higher than the minor convinience Modify https://github.com/FreshRSS/FreshRSS/pull/1024 2025-03-13T22:10:48+00:00 maTh 1645099+math-GH@users.noreply.github.com 2025-03-13T22:10:48+00:00 urn:sha1:7de384bf9c192292cbc726085eedfadddfa7ca7d * settings * i18n: mark_read_button * big, small, none * fix * Fixes * make fix-all --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>