FreshRSS (Customized)/app/Controllers, branch 1.27.1

FreshRSS (Customized)/app/Controllers, branch 1.27.1 Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.27.1 2025-09-25T19:52:29+00:00 Prevent logout CSRFs (#7999) 2025-09-25T19:52:29+00:00 Inverle inverle@proton.me 2025-09-25T19:52:29+00:00 urn:sha1:f8b2b8c4153f8acdb4267a269ada27f8af22d7d9 By avoiding `FreshRSS_Context::initUser()` calls Fix some CSRFs (#8000) 2025-09-24T10:13:40+00:00 Inverle inverle@proton.me 2025-09-24T10:13:40+00:00 urn:sha1:f612a560d28a31095c27c130e84bf6ff39f061f5 In two bookmark actions and one in `entryController` Completes one TODO from #7923: https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/entryController.php#L257 (a POST request is already sent in the frontend) Add option for CSP frame-ancestors (#7857) 2025-09-21T11:29:58+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-21T11:29:58+00:00 urn:sha1:bc3e4c8fa4bae9591166e12caa3fb6bf73893102 * Add option for CSP frame-ancestors https://github.com/FreshRSS/FreshRSS/discussions/7856 * Revert contentSelectorPreviewAction * Same for f.php and api * Fix double init in f.php * No sandbox for API page Move update one step before (#7989) 2025-09-21T10:40:40+00:00 Inverle inverle@proton.me 2025-09-21T10:40:40+00:00 urn:sha1:f2c6942a60189913e4a2ebe955d765050d53bc14 Closes https://github.com/FreshRSS/FreshRSS/issues/7897 Add `entry_before_update` and `entry_before_add` hooks (#7977) 2025-09-18T21:44:17+00:00 KleinMann 47398070+rnkln@users.noreply.github.com 2025-09-18T21:44:17+00:00 urn:sha1:d670bf1e72d92c3bbeeca874f6a042f4e3a74007 Discussion: https://github.com/FreshRSS/FreshRSS/discussions/7973 Changes proposed in this pull request: - Add new extension hook "entry_before_add" - Add new extension hook "entry_before_update" How to test the feature manually: 1. Create extension that uses the hooks and confirm they are invoked correctly. Extension to use for testing https://github.com/rnkln/freshrss-xExtension-Discord/pull/2 Keep sort and order after marking as read (#7974) 2025-09-17T12:03:00+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-17T12:03:00+00:00 urn:sha1:b5ee1d8936f64178b88eb289babafa020c24085d fix https://github.com/FreshRSS/FreshRSS/issues/7867 Clarify: Visibility hidden vs. archived (#7970) 2025-09-15T21:43:46+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-15T21:43:46+00:00 urn:sha1:f8310a587c26b0965bab71abfeb2d018e414f572 fix https://github.com/FreshRSS/FreshRSS/issues/7887 We have two concepts: how much a feed is shown or not (controlled by priority), and how often a feed is refreshed (or not, in which case it is archived). This PR removes the wording *Archived* from the *visibility* parameter, since this is not what it does. Fix another user self-delete regression (#7877) 2025-09-15T20:17:14+00:00 Inverle inverle@proton.me 2025-09-15T20:17:14+00:00 urn:sha1:ddb51c0e95074c6fbddade547ca267801177bb01 Regression from #7763 Earlier regression which was fixed before #7626 In addition: * get rid of `data-toggle` (refactor) * show invalid login message if deleting account and entered incorrect password instead of redirect to 403 * remove unused reference to `r` parameter * `forgetOpenCategories()` on login not on any crypto form Recovery: skip broken entries during CLI export/import (#7949) 2025-09-14T20:36:01+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-14T20:36:01+00:00 urn:sha1:29446a29f58b484817e6c9798c736e5f531c21ee * Recovery: skip broken entries during CLI export/import fix https://github.com/FreshRSS/FreshRSS/discussions/7927 ``` 25605/25605 (48 broken) ``` Help with *database malformed* or other corruption. * Compatibility multiple databases Use `Minz_Translate::exists()` for language check in `createUser()` (#7934) 2025-09-09T21:11:38+00:00 Inverle inverle@proton.me 2025-09-09T21:11:38+00:00 urn:sha1:087df1e5d990cb9464bf1ac7f36f136c64d9dd2e (consistency) Related / follow-up: #7878