FreshRSS (Customized)/app/FreshRSS.php, branch 1.16.0

[UI] Add RTL support with RTLCSS (#2776)

2020-03-01T20:15:17+00:00

* Add dir info to gen.php & install.php! * Add `make rtl` command Using rtlcss because it has actually has a command-line application!

tec: Allow to change CSP header from controllers

2019-12-22T14:01:02+00:00

For an extension, I needed to call a script from an external domain. Unfortunately, the CSP headers didn't allow this domain and I had to patch manually the FreshRSS FrontController for my extension. It's obviously not a long-term solution since it has nothing to do in the core of FRSS, and I don't want to apply this patch manually at each update. With this patch, I allow changing the CSP header from inside the controller actions. It allows extensions to modify headers. It's also an opportunity to remove a bit of code from the FrontController. I wasn't happy with the previous implementation anyhow. Reference: https://github.com/flusio/xExtension-Flus/commit/ed12d56#diff-ff12e33ed31b23bda327499fa6e84eccR143

fix: Allow to refresh feeds if user isn't verified (#2694)

2019-12-03T21:27:20+00:00

While I was looking at the number of articles of my users, I discovered some of them had none, while having a bunch of feeds though. I took a look at the logs generated by `app/actualize_script.php` and discovered that the script stopped strangely (in this example, "OK" for denise is expected, and more users too): ``` FreshRSS[1681]: FreshRSS Start feeds actualization... Starting feed actualization at 2019-11-29T16:37:19+00:00 Actualize alice... Actualize denise... Results: alice OK denise ``` After digging a bit, I quickly realized the script stopped always on users who didn't validate their emails. And indeed, we trigger a `Minz_Request::forward(..., true)` for these users, in the `FreshRSS` class. This function calls the `exit` function, which stops the script. This patch only allows the feed#actualize action to be executed for unverified users in order to avoid an early-`exit`. This is a quick-win solution, but I don't think it's a good one on the long term. I'll propose an alternative in another patch, later.

fix: Fix "validate email"-related issues (#2512)

2019-08-29T16:08:43+00:00

* fix: Make sure $disable_aside is initialized There was a warning for an uninitialized variable, hidden in production but visible in development mode. * fix: Allow to delete account when email isn't validated

Provide email address verification feature (#2481)

2019-08-29T10:02:05+00:00

* Add an email field to the profile page I reuse the `mail_login` from the configuration. I'm not sure if it's useful today (I would say it was used when Persona login was available). A good improvement would be to rename `mail_login` into `email` so it would be more intuitive to use. * Add boolean to the conf to force email validation This commit only adds a configuration item. * Add email during registration if email must be validated * Set email token to validate when email changes * Block access to FreshRSS if email is not validated * Send email when address is changed * Allow to resend the validation email * Allow the user to change its email while blocked * Document the email validation feature * fixup! Allow the user to change its email while blocked * tec: Autoload PHPMailer lib * Validate email address format * Add feedback on validation email resend action * Allow to logout when user is blocked * fix: Change default email "from" * Reorganize i18n keys * Complete all the locales with default english * Hide sidebar (profile page) if email is not validated * Check email requirements on registration * Allow admin to specify email when creating users * Don't check email format if value is empty * Remove trailing comma in userController Co-Authored-By: Alexandre Alapetite * Set PHPMailer validator to html5 before sending email * fixup! Remove trailing comma in userController

Add hooks to ExtensionManager (#2482)

2019-08-14T20:19:24+00:00

Hooks allow to: - add items in menus - perform new actions at the end of FreshRSS initialization

Fix user self registration (#2442)

2019-07-21T09:05:51+00:00

* Fix user self registration Fix https://github.com/FreshRSS/FreshRSS/issues/2381 * CSRF for admin

Rework CSRF interaction with sessions (#2290)

2019-03-22T18:05:38+00:00

* Rework CSRF interaction with sessions Fix https://github.com/FreshRSS/FreshRSS/issues/2288 Improve security in some edge cases Maybe relevant for https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671 * Forgotten mime type

Remove deprecated CSP child-src

2019-02-13T16:18:21+00:00

It's been probably long enough since https://github.com/FreshRSS/FreshRSS/pull/1099

Less jQuery (#2234)

2019-02-13T14:06:28+00:00

* Less jQuery Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2199 * Even less jQuery + global view unread title fix * Even less jQuery * Yet even less jQuery * Even less jQuery * Reduce some events * Even less jQuery * jQuery gone from main view +Fixed English i18n * Fix feed folded view * Remove Firefox 64 workaround Remove workaround for Gecko bug 1514498 in Firefox 64, fixed in Firefox 65 * Split to extra.js Avoid loading unneeded JavaScript code for the main view. + several adjustements * Improve CSS transition fold category * Rewrite shortcuts Remove library. Much faster, shorter, one listener instead of many. Control of the shortcut context. Fix https://github.com/FreshRSS/FreshRSS/issues/2215 * Remove debug * Minor syntax * Filter out unwanted shortcut modifiers * Menu overflow fix * Typo * Fix unfolding in mobile view * Remove jQuery from category.js * Remove jQuery from Global view