FreshRSS (Customized)/lib, branch 1.17.0

SimplePie: Fix HTTP 301 permanent redirection (#3180)

2020-09-17T08:35:56+00:00

* SimplePie: Fix HTTP 301 permanent redirection When adding feeds it worked fine, but detecting permanent redirects for existing feeds was sometimes broken (only when PHP open_basedir was not set). Indeed, using the built-in CURLOPT_FOLLOWLOCATION instead of the manual method in SimplePie hides the list of HTTP redirects along the way, and prevents the distinction of e.g. 301 vs. 302 redirects. This patch disables CURLOPT_FOLLOWLOCATION in SimplePie, and fixes the manual method at the same time. The use of CURLOPT_FOLLOWLOCATION was nevertheless not systematic (only when open_basedir was not set), so now there is only one logic independent of open_basedir. I will send a PR upstream to SimplePie. How to test: pick a feed with 301 redirection such as HTTP to HTTPS, e.g. http://ing.dk/rss/term/341 Manually change back to previous address (to simulate a feed that is changing address) Refresh feed and observe whether the 301 redirect is obeyed. * Wrong blank

When ssl_verify is false, decrease SSL security (#3171)

2020-09-03T08:35:23+00:00

When ssl_verify option is set to false for a feed, allow lower security such as SHA-1 signatures. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=900984 https://stackoverflow.com/questions/58342699/php-curl-curl-error-35-error1414d172ssl-routinestls12-check-peer-sigalgwr Fix error of type `cURL error 35: error:1414D172:SSL routines:tls12_check_peer_sigalg:wrong signature` Example of feeds: https://www.version2.dk/it-nyheder/rss https://ing.dk/rss/nyheder

Relaxed to allow underscore _ in URL hostnames (#3133)

2020-07-31T14:33:45+00:00

* Relaxed to allow underscore _ in URL hostnames #fix https://github.com/FreshRSS/FreshRSS/issues/3132 https://bugs.php.net/bug.php?id=64948 * Minor fix in favicons redirect * Minor fix in relative HREF for favicons

Add a way to disable shortcuts (#3114)

2020-07-14T09:02:30+00:00

When the user do not want to use a shortcut, he can let the shortcut value empty. This will save an empty configuration thus disabling the shortcut. The load default action allows to use default shortcut only for disabled shortcuts. See #3110

fix: Test setupMigrations doesn't return false (#3113)

2020-07-14T08:25:48+00:00

`file_put_contents` can return 0 if there’s nothing to write in the `applied_migrations.txt` file, which is equivalent to `false`. Since there are no migrations yet, this is what happens. Because this value (i.e. `0`) is tested next in the `app/install.php` file, the install script was failing.

Add a migration system (#2760)

2020-07-08T10:11:55+00:00

* Add a Minz_Migrator class Until now, we updated the database structure somewhere in the code but it wasn't always consistent and somehow complicated to find. Also, this code was always checked for nothing. The Migrator aims to improve and ease the creation of migrations. It should improve the way we apply the updates, making the update server almost useless. References: - example of migration (before Migrator): https://github.com/FreshRSS/FreshRSS/commit/cc0db9af4f980829faa4bf0960617807b32fb4fa#diff-11a53443fa81512b128c66b065df0679R10 - update server: https://github.com/FreshRSS/update.freshrss.org - PR moving the code of the update server to the core: https://github.com/FreshRSS/FreshRSS/pull/1760 * Automatically apply migrations For now, administrators are used to have nothing to do during an update else than getting the new code. I suggest to keep this behaviour and automatically apply migrations if we detect new ones. Another solution would be to create a CLI command and ask admins to call it after getting the new code. It could hide migrations errors to end users, but admin can forget to apply migrations since there are not used to it. * Add documentation for Minz Migrator * Execute migrations even if next ones are applied * Change mechanism to prevent multiple update at once * Use mkdir to create the lock and to test it exists Reference: https://stackoverflow.com/a/731634 * Append .lock to applied_migrations_path There are no needs to define another file to serve as a lock. * Change migrations naming convention * Apply suggestions from code review Co-Authored-By: Alexandre Alapetite * Perform a low-cost migration versions comparaison * Clarify version numbers concerning the migration system Co-authored-by: Alexandre Alapetite

Add language detection when the user is not logged in (#3022)

2020-06-05T08:10:46+00:00

Before, when the user was not logged in, pages where translated with the '_' user language. Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.

Updates PHPMailer to 6.1.6 (#3024)

2020-06-01T10:22:57+00:00

* Update PHPMailer to 6.1.6 Fixes a security issue in PHPMailer 6.1.5 and earlier * Remove .DS_Store

Fix PostgreSQL database auto-create with limited rights (#3013)

2020-05-29T21:55:53+00:00

* Fix PostgreSQL database auto-create with limited rights #fix https://github.com/FreshRSS/FreshRSS/issues/3009 Install would fail if the user is not even allowed to connect to the default `postgres` database. * Confused by custom Minz_PDOConnectionException

Update/php mailer (#2980)

2020-05-18T07:42:04+00:00

* Update PHPMailer to 6.1.5 This PR update the bundled version of PHPMAiler