Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.24.0 2024-05-15T06:57:58+00:00 2024-05-15T06:57:58+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-05-15T06:57:58+00:00 urn:sha1:2d17c020b6695d47debda065804db4e2d2f92e55 * PHPStan 1.11 + minor update dev dependencies https://github.com/phpstan/phpstan/releases/tag/1.11.0 * Comment style 2024-05-13T10:44:35+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-05-13T10:44:35+00:00 urn:sha1:4f57a46075fc38cffd479ab76b2ea56e9b626926 * Auto-update 5038 https://github.com/FreshRSS/FreshRSS/pull/5038 * PostgreSQL * Draft for MySQL * More draft MySQL * Finalise * A bit more robust 2024-04-21T14:25:37+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-04-21T14:25:37+00:00 urn:sha1:90fbb524ce5a8c5a87d808278289b013300b0aba * Windows: release SQLite fix https://github.com/FreshRSS/FreshRSS/issues/6275 * Do not use sharedPdo for deleting user * Case of same user * Help PHPStan 2024-04-11T06:48:50+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-04-11T06:48:50+00:00 urn:sha1:7aaed6092f09b73b2deb7e32a1fed9b776c0202d * SimplePie strip iframe allow attribute https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#allow Besides security, the `allow autoplay` atttribute is especially problematic on mobile (Firefox on Android) as it asks to open the YouTube app as soon as the article is opened. Example of code before: ```html <iframe data-original="https://www.youtube.com/embed/??????feature=oembed" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" sandbox="allow-scripts allow-same-origin"></iframe> ``` * Replace allow attribute * Allow more 2024-04-10T13:33:43+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-04-10T13:33:43+00:00 urn:sha1:350edf398c55b472e19a3017de9b4d2d3420b9e4 * PHP 8.3 #[\Override] https://php.watch/versions/8.3/override-attr With PHPStan `checkMissingOverrideMethodAttribute` https://phpstan.org/config-reference#checkmissingoverridemethodattribute And modified the call to phpstan-next on the model of https://github.com/FreshRSS/Extensions/pull/228 (more robust than the find method, which gave some strange errors) * Update extension example accordingly 2024-04-08T09:13:01+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-04-08T09:13:01+00:00 urn:sha1:6e1278182155c6b1e8cef274368bd35510a2a14e This is especially relevant for HTML+XPath mode, for which we rely on proper URL "absolutize" Upstream PR https://github.com/simplepie/simplepie/pull/861 2024-04-06T21:02:50+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-04-06T21:02:50+00:00 urn:sha1:e3c86a164d9903a99f10affae095f350e4075287 * HTTP Get allow UTF-8 even when charset is far from top fix https://github.com/FreshRSS/FreshRSS/issues/5586 The case was an HTML document with 15k whitespace then 1.2k of scripts before the `<meta charset="utf-8">` (far from the 1024 bytes suggested by the spec..., and too far for DOMDocument) * Rewording * Trim also vertical tab + comment 2024-03-31T16:39:43+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-03-31T16:39:43+00:00 urn:sha1:1fb0cdfd069c480b0910aba7b95b47c62adae55a fix https://github.com/FreshRSS/FreshRSS/issues/6236 https://php.net/reference.pcre.pattern.modifiers 2024-03-30T17:09:44+00:00 Alexis Degrugillier aledeg@users.noreply.github.com 2024-03-30T17:09:44+00:00 urn:sha1:7da0e70a7221a42fb8ff6534fc339b18f8e2daa1 This will allow to change CSP rules to authorize the use of external scripts. We might need to add some safeguard since it will be virtually possible to load any script even malicious one. 2024-03-10T22:04:17+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-03-10T22:04:17+00:00 urn:sha1:d0072b9fb73a6582c98c7b5a44daf2d6ca39636e * Refactor some cURL options and use CURLOPT_USERPWD fix https://github.com/FreshRSS/FreshRSS/issues/6176 * Fixes