Customized version of FreshRSS, a self-hosted RSS feed aggregator https://git.rdnlsmith.com/fresh-rss-custom/atom?h=1.27.1 2025-09-21T11:29:58+00:00 2025-09-21T11:29:58+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-09-21T11:29:58+00:00 urn:sha1:bc3e4c8fa4bae9591166e12caa3fb6bf73893102 * Add option for CSP frame-ancestors https://github.com/FreshRSS/FreshRSS/discussions/7856 * Revert contentSelectorPreviewAction * Same for f.php and api * Fix double init in f.php * No sandbox for API page 2025-09-05T13:56:46+00:00 Alexis Degrugillier aledeg@users.noreply.github.com 2025-09-05T13:56:46+00:00 urn:sha1:23ba48c71f0d41bbe012d668349f6516dad527b4 1. `include`, `include_once`, `require` and `require_once` are expressions not functions, parentheses are not necessary. 2. to move up the directory tree, it's better to use the `dirname` function instead of relying on `/..`. 2025-09-05T06:16:52+00:00 Inverle inverle@proton.me 2025-09-05T06:16:52+00:00 urn:sha1:858616f075e5a66a5e0973af421a9f300b3b9ce1 * Closes and fixes error from #7885 * `no-cache.txt` is now respected in `f.php`, `ext.php` and `serve` action in `extensionController` * And in all other places that weren't checking for `no-cache.txt` (some extensions maybe) 2025-08-11T17:35:54+00:00 Inverle inverle@proton.me 2025-08-11T17:35:54+00:00 urn:sha1:7df6c201f2e6a6521d20718dfd8d9794c7437d1f * Puts CSP everywhere in `p/api` * including the HTML query page ❗ * Also in `p/ext.php` * Puts `X-Content-Type-Options: nosniff` everywhere * Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds) * Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed * Improves CSP of `p/f.php` * Add `sandbox` directive 2025-08-01T06:30:49+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-08-01T06:30:49+00:00 urn:sha1:e915ebe46ecc76bd00e19a9cc63764ff2e277315 * Use main function `httpGet()` instead of local one; * Use HTTP cache, also between users; * Do not default to feed URL when there is no website URL TODO for later: consider supporting Atom's `<icon>` and RSS 2.0's `<image>` https://github.com/FreshRSS/FreshRSS/issues/7774 2025-07-05T21:46:54+00:00 Inverle inverle@proton.me 2025-07-05T21:46:54+00:00 urn:sha1:ce22997dfbe4a8f2a6efa6f77d5b0bfc7b2dabd1 * Fix custom icons not displaying * Refactor 2025-06-30T10:01:56+00:00 Inverle inverle@proton.me 2025-06-30T10:01:56+00:00 urn:sha1:7915abd833e1ab7a72ad27b3ec52020ac9ab7051 Closes #3789, #6503 Icon setting when no custom icon is set yet:  - `Change...` button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. `Submit` must be clicked after selecting the icon. - `Reset to default` changes the preview icon to the default one, and also requires `Submit` to be clicked to apply the changes. Full list of changes: - CSP now includes `blob:` in `img-src` for - `indexAction()` and `feedAction()` in `subscriptionController.php` - all of the view actions in `indexController.php` - Introduce new attribute `customFavicon (boolean)` for feeds that indicates if the feed has a custom favicon - `hashFavicon()` in `Feed.php` is dependent on this attribute - `hashFavicon()` has a new parameter called `skipCache (boolean)` that allows the reset of the favicon hash for the Feed object - `resetFaviconHash()` just calls `hashFavicon(skipCache: true)` - `f.php` URLs now have the format of `/f.php?h=XXXXX&t=cachebuster`, where the `t` parameter is only used for serving custom favicons - if `t` parameter is set, `f.php` returns a `Cache-Control: immutable` header - `stripos` and `strpos` were changed to `str_contains` in various places (refactor) - JS for handling the custom favicon configuration logic is in `extra.js` inside `init_update_feed()` which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded - Server-side code for uploading the icon in `subscriptionController.php` under `feedAction()` - Errors that may occur during the setting of a custom favicon: - Unsupported image file type (handled only server-side with `isImgMime()`) - When the file is bigger than 1 MiB (default), handled both client-side and server-side - Standard feed error when `updateFeed()` fails - JS vars `javascript_vars.phtml` are no longer escaped with `htmlspecialchars()`, instead with json encoding, - CSS for disabled buttons was added - Max favicon file size is configurable with the `max_favicon_upload_size` option in `config.php` (not exposed via UI) - Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first. - ` faviconPrepare()` and `faviconRebuild()` are not allowed to be called when the `customFavicon` attribute is `true` - New i18n strings: - `'sub.feed.icon' => 'Icon'` - `'sub.feed.change_favicon' => 'Change…'` - `'sub.feed.reset_favicon' => 'Reset to default'` - `'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'` - `'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'` - `'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'` - Extension hook `custom_favicon_hash` - `setCustomFavicon()` method - `resetCustomFavicon()` method - `customFaviconExt` and `customFaviconDisallowDel` attributes - example of usage: https://github.com/FreshRSS/Extensions/pull/337 - Extension hook `custom_favicon_btn_url` - Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the `extAction` field set to either `query_icon_info` or `update_icon`, along with an `id` field which describes the feed's ID. 2025-06-18T20:20:17+00:00 Inverle inverle@proton.me 2025-06-18T20:20:17+00:00 urn:sha1:a6948218fb1c66fe146c7651555e5a1f791c8112 2025-04-01T07:27:33+00:00 Alexandre Alapetite alexandre@alapetite.fr 2025-04-01T07:27:33+00:00 urn:sha1:426e3054c237c2b98667ebeacbbdb5caa88e7b1f E.g. for the case of SVGs 2024-12-27T11:12:49+00:00 Alexandre Alapetite alexandre@alapetite.fr 2024-12-27T11:12:49+00:00 urn:sha1:b1d24fbdb7d1cc948c946295035dad6df550fb7e * PHPStan 2.0 fix https://github.com/FreshRSS/FreshRSS/issues/6989 https://github.com/phpstan/phpstan/releases/tag/2.0.0 https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md * More * More * Done * fix i18n CLI * Restore a PHPStan Next test For work towards PHPStan Level 10 * 4 more on Level 10 * fix getTagsForEntry * API at Level 10 * More Level 10 * Finish Minz at Level 10 * Finish CLI at Level 10 * Finish Controllers at Level 10 * More Level 10 * More * Pass bleedingEdge * Clean PHPStan options and add TODOs * Level 10 for main config * More * Consitency array vs. list * Sanitize themes get_infos * Simplify TagDAO->getTagsForEntries() * Finish reportAnyTypeWideningInVarTag * Prepare checkBenevolentUnionTypes and checkImplicitMixed * Fixes * Refix * Another fix * Casing of __METHOD__ constant