diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-04-01 17:54:52 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-04-01 17:54:52 +0200 |
| commit | dbdadbb4107878d9233f635c31a88afe45957101 (patch) | |
| tree | f870b813aacba5948bf22a3a3dce5f6adc96aa25 | |
| parent | 5cb73fa2206138235a0978d64c35332b67ce180c (diff) | |
Make update URL readonly (#7477)
The security risks look higher than the minor convinience
Modify https://github.com/FreshRSS/FreshRSS/pull/1024
| -rw-r--r-- | app/Controllers/configureController.php | 1 | ||||
| -rw-r--r-- | app/Models/SystemConfiguration.php | 2 | ||||
| -rw-r--r-- | app/views/configure/system.phtml | 3 |
3 files changed, 2 insertions, 4 deletions
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index d1912fbc9..d502ca717 100644 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -505,7 +505,6 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController { $limits['cookie_duration'] = Minz_Request::paramInt('cookie-duration') ?: FreshRSS_Auth::DEFAULT_COOKIE_DURATION; FreshRSS_Context::systemConf()->limits = $limits; FreshRSS_Context::systemConf()->title = Minz_Request::paramString('instance-name') ?: 'FreshRSS'; - FreshRSS_Context::systemConf()->auto_update_url = Minz_Request::paramString('auto-update-url'); FreshRSS_Context::systemConf()->force_email_validation = Minz_Request::paramBoolean('force-email-validation'); FreshRSS_Context::systemConf()->save(); diff --git a/app/Models/SystemConfiguration.php b/app/Models/SystemConfiguration.php index 522e475ea..403950728 100644 --- a/app/Models/SystemConfiguration.php +++ b/app/Models/SystemConfiguration.php @@ -9,7 +9,7 @@ declare(strict_types=1); * @property bool $api_enabled * @property string $archiving * @property 'form'|'http_auth'|'none' $auth_type - * @property string $auto_update_url + * @property-read string $auto_update_url * @property-read array<int,mixed> $curl_options * @property string $default_user * @property string $email_validation_token diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml index 8954c6f55..60c5b5362 100644 --- a/app/views/configure/system.phtml +++ b/app/views/configure/system.phtml @@ -40,8 +40,7 @@ <div class="form-group"> <label class="group-name" for="auto-update-url"><?= _t('admin.system.auto-update-url') ?></label> <div class="group-controls"> - <input type="text" id="auto-update-url" name="auto-update-url" value="<?= FreshRSS_Context::systemConf()->auto_update_url ?>" - data-leave-validation="<?= FreshRSS_Context::systemConf()->auto_update_url ?>"/> + <input type="text" id="auto-update-url" name="auto-update-url" disabled="disabled" value="<?= FreshRSS_Context::systemConf()->auto_update_url ?>" /> </div> </div> |