| Age | Commit message (Collapse) | Author |
|---|
|
https://github.com/FreshRSS/FreshRSS/issues?q=is%3Aopen%20milestone%3A1.27.0
|
|
|
|
For fastcgi, REMOTE_USER is the correct variable.
|
|
Otherwise, it is only called when calling `httpGet()` which can be rare for users not using Web Scraping.
https://github.com/FreshRSS/FreshRSS/discussions/7784#discussioncomment-14109207
|
|
https://github.com/php/php-src/blob/php-8.5.0beta1/NEWS
https://php.net/function.curl-close
> This function has no effect. Prior to PHP 8.0.0, this function was used to close the resource.
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7824
|
|
Fix regression (bad merge) from https://github.com/FreshRSS/FreshRSS/pull/7775
* https://github.com/FreshRSS/simplepie/pull/50
|
|
Maybe related to https://github.com/FreshRSS/FreshRSS/issues/7820
|
|
SeaMonkey support was broken by #7752
Reproduce JS file:
```bash
git clone https://github.com/chartjs/Chart.js && \
cd Chart.js && \
git checkout tags/v4.5.0 && \
sed -i 's/es2022/es2021/g' rollup.config.js && \
pnpm install && \
pnpm run build && \
sha256sum dist/chart.umd.min.js
# SHA256 of dist/chart.umd.min.js should be: 311a5a5e0db077a787b782977f359a72f8584f94d800e324dcc6aefe8a006dd7
```
|
|
* Puts CSP everywhere in `p/api`
* including the HTML query page ❗
* Also in `p/ext.php`
* Puts `X-Content-Type-Options: nosniff` everywhere
* Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds)
* Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed
* Improves CSP of `p/f.php`
* Add `sandbox` directive
|
|
|
|
https://github.com/FreshRSS/simplepie/pull/48
and merge upstream https://github.com/FreshRSS/simplepie/pull/49
fix https://github.com/FreshRSS/FreshRSS/issues/7807
We had a risk of hitting `Backtrack limit was exhausted` in case of open XML comment `<!--` not closed and followed by a very long document.
Fixed by:
* Limiting the max length of the comment
* Stopping at an apparent end of CDATA section `]]>` as it is likely an error
It does not matter much if there are rare cases when the regex does not work perfectly, as it is only used for a cache hint.
|
|
* Show warning when unsafe CSP policy is in use
* Fix bare markdown URL
* i18n: fr
* Minor i18n: fr
* Add target="_blank" to i18n strings
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
|
|
Force our Alpine-based Docker image to PHP 8.4 (default is still PHP 8.3).
Related to the fact that we may have to [revert our Debian image to Debian 12 with PHP 8.2 instead of Debian 13 with PHP 8.4](https://github.com/FreshRSS/FreshRSS/pull/7805), so for the next FreshRSS release, we can offer at least one image with PHP 8.4.
|
|
Fix https://github.com/FreshRSS/FreshRSS/issues/7798
Revert https://github.com/FreshRSS/FreshRSS/pull/7772
Revert https://github.com/FreshRSS/FreshRSS/commit/af6f7f013ae5b908520aa0d9fb0e0b56247ff026
|
|
|
|
Instead of a repeating pattern like: `<input type="text" value="something" data-leave-validation="something">`, you can now put a `data-auto-leave-validation="1"` attribute on a `<form>` for example, and it will automatically set the `data-leave-validation` attributes inside the form elements.
`data_auto_leave_validation(parent)` from `extra.js` is called on slider open and page load.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Update CREDITS.md
Added my name (Ali Moslemi) with link to GitHub profile as Persian (fa) translation contributor.
* More uniform
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
(#7793)
* Optimize how much data needs to be `chown`/`chmod`ed on container startup
This works around an issue where `chmod`/`chown` operations inside a
container can be extremely slow when using the `overlay2` storage
driver, resulting in 10min+ container startup times.
It modifies the owner of the webapp when building the container so that
only the `data` and `extensions` directories (which are commonly mapped
as volumes into the container) have to be modified by the
`access-permissions.sh` script at container startup.
When not running via docker the behaviour of the `access-permissions.sh`
script is unchanged.
* Take DATA_PATH environment variable into account when fixing permissions
* Revert change to using bash for arrays
(the alpine image doesn't include `bash`)
* A few more improvements
* Slightly tweak reapply permissions variable
- lowercase to indicate it's not an env variable
- use 0/1 to address potentially-irrational paranoia about unset variables
* Remove conditional logic to skip reapplying permissions
Also documents why in a comment so it's not missed in the future.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Add Persian (fa) translations for FreshRSS
* Fix Persian translation and syntax issues
* Apply fix-all for Persian translation2
* Fix syntax errors and update Persian translations
* Mark untranslated strings as IGNORE and fix remaining TODOs
* make fix-all
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Remove background from <code> inside <pre>
This caused an ugly effect where each line has a seperate background to
the whole pre block.
Fixes #7796
* Add James Frost to CREDITS.md
|
|
* Add more unicity criteria based on title and/or content
https://github.com/FreshRSS/FreshRSS/discussions/7788
* More
|
|
As well as reportPossiblyNonexistentConstantArrayOffset.
And disable PHPStan-next from GitHub Action, since the work is completed for now.
|
|
List of changes:
* The temporary document for printing is now in an `<iframe>` instead of a new tab
* The whole `<head>` element is copied to the temporary document, except for `<script>` tags to copy over the `<meta>` tags as well
* URLs that contain the instance base URL are now removed from the printed PDF
* The saved filename (PDF) will now default to the article title
* `<details>` is auto expanded
* Styling:
* The main document's `<html>` class is copied over to preserve some styling that might use those classes
* Instead of writing `content_el.innerHTML` to the temporary document, `content_el.outerHTML` is now written instead to apply the styles that select `.content`
* `.dropdown-menu` is now hidden in the printed document, because it can't be expanded anyway
* Headers and footers are hidden in the printed document
* The printed document will now display correctly all the time, by waiting for it to load before calling `print()`
* Before, the stylesheets might've not finished loading and the document was broken
* Better browser support on mobile for this feature
* Before, the document would fail to print on Chrome Mobile
Tested on:
* Firefox - both desktop and mobile, works ✅
* Chrome - both desktop and mobile, works ✅
* Opera - desktop, works (same as Chrome) ✅
* Brave - both desktop and mobile (same as Chrome), works ✅
* Safari - both desktop and mobile, works✅
* Microsoft Edge - both desktop and mobile, works ✅
* GNOME Web - desktop, works ✅
* SeaMonkey - desktop, works ✅
Known issues:
* Images may not finish loading the first time the print dialog is opened
TODO:
* [x] Test on Safari
* [x] Try to fix GNOME Web
|
|
* GReader API: fix incorrect favicon URL
* Fix compatibility with custom favicons
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
https://github.com/phpstan/phpstan/releases/tag/2.1.22
|
|
|
|
Quick fix, while waiting for something better
Regression from https://github.com/FreshRSS/FreshRSS/pull/7771
|
|
Related to https://github.com/FreshRSS/FreshRSS/pull/7684
The form buttons requiring confirmation are disabled in HTML in the case of Ajax, and only enabled again if our own JavaScript is running
|
|
* Fix registration regression due to #7753
* Add missing access check
|
|
Makes it easier than having to sign in then go back to the website I clicked the bookmarklet on.
|
|
* Bump SimplePie with PHPStan Level 8
* https://github.com/FreshRSS/simplepie/pull/45
SimplePie increased to PHPStan Level 8:
* https://github.com/simplepie/simplepie/pull/857
* Merge upstream
Including my two PRs:
* https://github.com/simplepie/simplepie/pull/932
* https://github.com/simplepie/simplepie/pull/933
* Resolve upstream sync of Expose HTTP status
* https://github.com/FreshRSS/simplepie/pull/47
Finalise merge, following:
* https://github.com/simplepie/simplepie/pull/905#issuecomment-3007605779
* https://github.com/simplepie/simplepie/pull/909
* https://github.com/FreshRSS/FreshRSS/issues/7038
|
|
Replacing failing Dependabot PRs:
* https://github.com/FreshRSS/FreshRSS/pull/7779
* https://github.com/FreshRSS/FreshRSS/pull/7780
* https://github.com/FreshRSS/FreshRSS/pull/7778
|
|
Bumps the stylelint group with 2 updates: [stylelint](https://github.com/stylelint/stylelint) and [@stylistic/stylelint-plugin](https://github.com/stylelint-stylistic/stylelint-stylistic).
Updates `stylelint` from 16.21.0 to 16.23.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/16.21.0...16.23.0)
Updates `@stylistic/stylelint-plugin` from 3.1.3 to 4.0.0
- [Release notes](https://github.com/stylelint-stylistic/stylelint-stylistic/releases)
- [Changelog](https://github.com/stylelint-stylistic/stylelint-stylistic/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint-stylistic/stylelint-stylistic/compare/v3.1.3...v4.0.0)
---
updated-dependencies:
- dependency-name: stylelint
dependency-version: 16.23.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: stylelint
- dependency-name: "@stylistic/stylelint-plugin"
dependency-version: 4.0.0
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: stylelint
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
Bumps the eslint group with 3 updates: [eslint](https://github.com/eslint/eslint), [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js) and [neostandard](https://github.com/neostandard/neostandard).
Updates `eslint` from 9.30.0 to 9.32.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.30.0...v9.32.0)
Updates `@eslint/js` from 9.30.0 to 9.32.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.32.0/packages/js)
Updates `neostandard` from 0.12.1 to 0.12.2
- [Release notes](https://github.com/neostandard/neostandard/releases)
- [Changelog](https://github.com/neostandard/neostandard/blob/main/CHANGELOG.md)
- [Commits](https://github.com/neostandard/neostandard/compare/v0.12.1...v0.12.2)
---
updated-dependencies:
- dependency-name: eslint
dependency-version: 9.32.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: eslint
- dependency-name: "@eslint/js"
dependency-version: 9.32.0
dependency-type: direct:development
update-type: version-update:semver-minor
dependency-group: eslint
- dependency-name: neostandard
dependency-version: 0.12.2
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: eslint
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
|
|
|
|
* Use main function `httpGet()` instead of local one;
* Use HTTP cache, also between users;
* Do not default to feed URL when there is no website URL
TODO for later: consider supporting Atom's `<icon>` and RSS 2.0's `<image>` https://github.com/FreshRSS/FreshRSS/issues/7774
|
|
Now that PHP 8.4 is covered by our main Debian image https://github.com/FreshRSS/FreshRSS/pull/7772, let's bump the :newest dev image to PHP 8.5.
Note: OPCache is now included in the core https://wiki.php.net/rfc/make_opcache_required
No other apparent breaking change.
|
|
Help final testing of Debian 13 Trixie before the release (9 August)
https://lists.debian.org/debian-devel-announce/2025/07/msg00003.html
PHP 8.4.10, Apache 2.4.64
I will make another PR after the release to update to `debian:13-slim` when it gets available.
|
|
|
|
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Add missing access checks for feed-related actions
* fix whitespace
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7761
Partially avoid calls to deprecated functions.
Avoid warnings:
```
[warning] --- old_entries does not exist in configuration
[warning] --- keep_history_default does not exist in configuration
```
|
|
* Require current password when setting new password
* i18n: fr
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Implement support for HTTP 429 Too Many Requests
Will obey the corresponding HTTP `Retry-After` header at domain level.
* Implement 503 Service Unavailable
* Sanitize Retry-After
* Reduce default value when Retry-After is absent
And make configuration parameter
* Retry-After also for favicons
|
|
* `before_login_btn` hook + system conf attributes
* phpstan fix
* Refactoring
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
To make the session cookie no longer usable if hijacked and put in another browser after user logs out
|
|
* Include enclosures in entries hash
Fix https://github.com/FreshRSS/FreshRSS/issues/7718
Negative side-effect: users using the option to automatically mark updated articles as unread will have some articles with enclosures appear as unread
* Changelog with warning
|
|
|
Alexandre Alapetite
triatic
Inverle
Ali Moslemi
Carey Metcalfe
James Frost
hilariousperson
dependabot[bot]
