FreshRSS (Customized)/p/ext.php, branch 1.28.1-custom Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.28.1-custom 2025-09-27T12:40:35+00:00 Fix regression in ext.php (#8021) 2025-09-27T12:40:35+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-27T12:40:35+00:00 urn:sha1:3a795eb5dbcd5b901d99a1b509a8c1a5746e8ea1 fix https://github.com/FreshRSS/Extensions/issues/370 Regression from https://github.com/FreshRSS/FreshRSS/pull/7857 Add option for CSP frame-ancestors (#7857) 2025-09-21T11:29:58+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-21T11:29:58+00:00 urn:sha1:bc3e4c8fa4bae9591166e12caa3fb6bf73893102 * Add option for CSP frame-ancestors https://github.com/FreshRSS/FreshRSS/discussions/7856 * Revert contentSelectorPreviewAction * Same for f.php and api * Fix double init in f.php * No sandbox for API page Change how files are included (#7916) 2025-09-05T13:56:46+00:00 Alexis Degrugillier aledeg@users.noreply.github.com 2025-09-05T13:56:46+00:00 urn:sha1:23ba48c71f0d41bbe012d668349f6516dad527b4 1. `include`, `include_once`, `require` and `require_once` are expressions not functions, parentheses are not necessary. 2. to move up the directory tree, it's better to use the `dirname` function instead of relying on `/..`. Fixes for no-cache.txt (#7907) 2025-09-05T06:16:52+00:00 Inverle inverle@proton.me 2025-09-05T06:16:52+00:00 urn:sha1:858616f075e5a66a5e0973af421a9f300b3b9ce1 * Closes and fixes error from #7885 * `no-cache.txt` is now respected in `f.php`, `ext.php` and `serve` action in `extensionController` * And in all other places that weren't checking for `no-cache.txt` (some extensions maybe) Put CSP everywhere (#7810) 2025-08-11T17:35:54+00:00 Inverle inverle@proton.me 2025-08-11T17:35:54+00:00 urn:sha1:7df6c201f2e6a6521d20718dfd8d9794c7437d1f * Puts CSP everywhere in `p/api` * including the HTML query page ❗ * Also in `p/ext.php` * Puts `X-Content-Type-Options: nosniff` everywhere * Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds) * Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed * Improves CSP of `p/f.php` * Add `sandbox` directive Fix file serving for symlinked extensions (#7545) 2025-05-02T07:47:57+00:00 Inverle inverle@proton.me 2025-05-02T07:47:57+00:00 urn:sha1:4568111c00813756a3a34a381d684b8354fc4438 * Fix file serving for symlinked extensions from ext.php * Don't resolve symlink when deleting extension * Minor syntax --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Fix regression ext.php (#7499) 2025-04-08T08:25:42+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-08T08:25:42+00:00 urn:sha1:be73c6d6694beb6d68b90b6e59223a397676b303 fix https://github.com/FreshRSS/FreshRSS/issues/7498 Regression from https://github.com/FreshRSS/FreshRSS/pull/7495 Secure serving of user files from extensions (#7495) 2025-04-07T06:47:42+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-07T06:47:42+00:00 urn:sha1:0c33d2713957eaf6cc0222150df7ebbcb53beaed * Secure serving of user files from extensions fix https://github.com/FreshRSS/FreshRSS/issues/4930 * More fixes * Typo Fix ext.php: Restrict valid paths in ext.php for extensions (#7479) 2025-04-01T17:13:27+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-01T17:13:27+00:00 urn:sha1:d3aaefb1f6c13bf3817cd0b89e4bcaa751765181 * Fix ext.php: Restrict valid paths in ext.php for extensions Rework https://github.com/FreshRSS/FreshRSS/pull/7474 * Fix wrong variable Restrict valid paths in ext.php for extensions (#7474) 2025-04-01T15:53:33+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-01T15:53:33+00:00 urn:sha1:5cb73fa2206138235a0978d64c35332b67ce180c * Restrict valid paths in ext.php for extensions * Disallow absolute paths as well