Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.26.2 2025-05-02T07:47:57+00:00 2025-05-02T07:47:57+00:00 Inverle inverle@proton.me 2025-05-02T07:47:57+00:00 urn:sha1:4568111c00813756a3a34a381d684b8354fc4438 * Fix file serving for symlinked extensions from ext.php * Don't resolve symlink when deleting extension * Minor syntax --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> 2025-04-28T20:51:54+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-28T20:51:54+00:00 urn:sha1:6bb8680ae0051b9a2ff344f17814f4fa5d844628 When using HTTP Auth methods (including OpenID Connect), exactly 1 HTTP header should be received, not more. 2025-04-12T22:01:09+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-12T22:01:09+00:00 urn:sha1:f58dea6a5abec4da2b14eb808221b3f28d6160d0 Sanitize buttons with a form or formaction attribute. 2025-04-07T06:33:13+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-07T06:33:13+00:00 urn:sha1:d3d9acca9f905fc03d6151f6ad75567256310831 Prevent using `Remote-User`, `X-WebAuth-User` during Web scraping. 2025-04-05T22:47:45+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-05T22:47:45+00:00 urn:sha1:54e2f9107d03c5b3bb260f38fdb2736bce449fd4 We do not sanitize this attribute well enough, so striped for now. It is rarely used: I have not seen any use of it in any of my many test feeds. Can be added back when we can handle its inherent security issues better. 2025-04-01T10:23:56+00:00 maTh 1645099+math-GH@users.noreply.github.com 2025-04-01T10:23:56+00:00 urn:sha1:1f624bc5e2fc720b7f570b4b217860747ef5dc65 * Referrer-Policy: same-origin * same-origin for our own images --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> 2025-01-26T22:19:44+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-01-26T22:19:44+00:00 urn:sha1:d7ca2f8768fed347f6132a4cb98bd54c4d7163bb * Doc force-https https://github.com/FreshRSS/FreshRSS/discussions/7252#discussioncomment-11951183 * Forgotten ^ * More proper support for comments 2025-01-25T08:14:08+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-01-25T08:14:08+00:00 urn:sha1:22b74b0a5790360d81088a83addab1f98b7f7947 3 is now used for CURLPROXY_HTTPS2 https://github.com/curl/curl/blob/f07612cd9ae1ec50b9bedd749171ad75203c9e7e/include/curl/curl.h#L789 Related to https://github.com/FreshRSS/FreshRSS/issues/7209 2025-01-08T12:26:09+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-01-08T12:26:09+00:00 urn:sha1:50adb559823f935582f3ed308b8d4352c5f216ed * Add some missing PHP native types Replaces https://github.com/FreshRSS/FreshRSS/pull/7184 * Clean some types 2024-12-27T11:12:49+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-12-27T11:12:49+00:00 urn:sha1:b1d24fbdb7d1cc948c946295035dad6df550fb7e * PHPStan 2.0 fix https://github.com/FreshRSS/FreshRSS/issues/6989 https://github.com/phpstan/phpstan/releases/tag/2.0.0 https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md * More * More * Done * fix i18n CLI * Restore a PHPStan Next test For work towards PHPStan Level 10 * 4 more on Level 10 * fix getTagsForEntry * API at Level 10 * More Level 10 * Finish Minz at Level 10 * Finish CLI at Level 10 * Finish Controllers at Level 10 * More Level 10 * More * Pass bleedingEdge * Clean PHPStan options and add TODOs * Level 10 for main config * More * Consitency array vs. list * Sanitize themes get_infos * Simplify TagDAO->getTagsForEntries() * Finish reportAnyTypeWideningInVarTag * Prepare checkBenevolentUnionTypes and checkImplicitMixed * Fixes * Refix * Another fix * Casing of __METHOD__ constant