| Age | Commit message (Collapse) | Author |
|---|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* processing of depreciations and updating of code to php7.2 minimum
* Autoformat many strange array indenting
And revert a few unwanted changes
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* PHPStan Level 7 for Minz_Request
* PHPStan Level 7 for FreshRSS_Feed
* PHPStan Level 7 for Minz_Error
|
|
* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357
* Fix install for http_auth
* Update lib/lib_rss.php
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Fill null exception e-mail
* Revert some syntax
* Minor parentheses
|
|
* Show REMOTE_ADDR in case of HTTP Basic Auth error
https://github.com/FreshRSS/FreshRSS/issues/5300
* Remove obsolete TODO
|
|
* Remarque's from Alkarex
* indentation
* indentation
* Apply suggestions from code review
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Remarque's from Alkarex
* A few improvements
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Fixes and improvments
* Fix getTagsForEntry
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Use typed access to request parameters
This was a big source of mixed datatypes in many places
* Fix notifications
* Fix bookmarkAction
|
|
7 more files passing (see phpstan-next.txt)
|
|
* Modernize Constants and use new constant 'currentUser'
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Models/Auth.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update app/Models/Context.php
* Update app/Models/LogDAO.php
* Update lib/Minz/Log.php
* Update p/api/greader.php
* Update app/layout/header.phtml
* Update app/views/helpers/export/articles.phtml
* Update cli/do-install.php
* Remarque's from Alkarex
* Remarque's from Alkarex
* Refactor using new Minz_User class
* Consistent naming of public constants
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Typehint to Controllers
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
|
|
* Use constants for path to TOS
* improve comments
* TOS title moved to template
* TOS available via config menu
* CSS: improve handling of content of TOS/about
* give info about set/unset TOS in system config
* fix target
* i18n FR
* i18n DE
|
|
|
|
Before, if you've tried to reach a page without being logged, you'll be
automatically redirected to the index page after login.
Now, the original page is used after login.
Fix #3663
|
|
|
|
|
|
* Fix ctype_alnum
#fix https://github.com/FreshRSS/FreshRSS/issues/4180
Ensure `ctype_alnum()` gets a string
* Changelog
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
(#4134)
|
|
* Fix most PHPDocs errors
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
https://phpstan.org/writing-php-code/phpdoc-types
* Avoid func_get_args
Use variadic syntax instead https://php.net/manual/functions.arguments#functions.variable-arg-list
And avoid dynamic functions names when possible to more easily identify calls and unused functions.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
* PHPStan level 3
* PHPStand level 4
* Update default to PHPStan level 4
* Towards level 5
* Fix level 4 regression
* Towards level 5
* Pass PHPStan level 5
* Towards level 6
* Remove erronenous regression from changelog
https://github.com/FreshRSS/FreshRSS/pull/4116
|
|
* Add PHPStan
#fix https://github.com/FreshRSS/FreshRSS/issues/4016
https://phpstan.org/
```sh
composer run-script phpstan
```
* More fixes
* Fix global variables
* Add .phtml
* Fix merge
https://github.com/FreshRSS/FreshRSS/pull/4090
* Fix more warnings
* Fix view errors and enable in CI
* ReturnTypeWillChange
* Dynamic view type
* Fix Minz static/self bug
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/4080
Initialise the default user to be able to display the error page
|
|
* Update Travis line length
* Also check whitespace in CSS files
* Fix line length ext.php
* More syntax, string templates
* Fix exclude-pattern
* Test JS files as well
|
|
Small bug from https://github.com/FreshRSS/FreshRSS/pull/3070 , leading
to an exception due to not being able to log the error.
Minor: Also add some very primitive mitigation of timing attacks (to
find out whether a user exists or not, although I have not checked
whether this might be guessed through other means) - before, if the user
did not exist, the response was always measurably faster; now it is
harder to tell due to the noise
|
|
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
|
|
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
|
|
* Minz: Attach a notification to a request
Notifications should be attached to a request, not to a global session.
Fix
https://github.com/FreshRSS/FreshRSS/pull/3096#issuecomment-654891906
Prepare https://github.com/FreshRSS/FreshRSS/pull/3096
* Rename array
* Avoid string constants
Implement
https://github.com/FreshRSS/FreshRSS/pull/3208#issuecomment-703243863
* Improved logic
* Simplify storage
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499511213
* Fix notification bug in configuration/system
|
|
If you want to block users without deleting their account, you can now
disable them from the interface.
|
|
Before, when the user was not logged in, pages where translated with the '_' user language.
Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.
|
|
* A wrong login must produce HTTP 403
#fix https://github.com/FreshRSS/FreshRSS/issues/2901
https://github.com/FreshRSS/FreshRSS/pull/2794/files#r389319248
* Just for consistency
|
|
* Keep the user on login page on failure
* Show an error if username already exists
* Check the password format in the backend
* Return a better message if username is invalid
* Add a title to the login page
* wip: Improve look of login and register pages
* Set a capital M in username help message
On the registration page, username tip started with a minuscule, while
the password tip started with a capital.
* Change message if username is taken
|
|
|
|
This feature is optional. It is based on the presence of a
`data/tos.html` file that an administrator can create. If this file
exists, FreshRSS will automatically add a "ToS" checkbox on the
registration page that users must check to be able to create their
account.
|
|
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
|
|
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Rework CSRF interaction with sessions
Fix https://github.com/FreshRSS/FreshRSS/issues/2288
Improve security in some edge cases
Maybe relevant for
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671
* Forgotten mime type
|
|
* Less jQuery
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2199
* Even less jQuery + global view unread title fix
* Even less jQuery
* Yet even less jQuery
* Even less jQuery
* Reduce some events
* Even less jQuery
* jQuery gone from main view
+Fixed English i18n
* Fix feed folded view
* Remove Firefox 64 workaround
Remove workaround for Gecko bug 1514498 in Firefox 64, fixed in Firefox
65
* Split to extra.js
Avoid loading unneeded JavaScript code for the main view.
+ several adjustements
* Improve CSS transition fold category
* Rewrite shortcuts
Remove library. Much faster, shorter, one listener instead of many.
Control of the shortcut context.
Fix https://github.com/FreshRSS/FreshRSS/issues/2215
* Remove debug
* Minor syntax
* Filter out unwanted shortcut modifiers
* Menu overflow fix
* Typo
* Fix unfolding in mobile view
* Remove jQuery from category.js
* Remove jQuery from Global view
|
|
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
|
|
https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
|
|
https://github.com/FreshRSS/FreshRSS/issues/1384
|
|
https://github.com/FreshRSS/FreshRSS/issues/1052
|
|
https://github.com/FreshRSS/FreshRSS/pull/1016
https://github.com/FreshRSS/FreshRSS/issues/1015
|
|
https://github.com/FreshRSS/FreshRSS/issues/1015
And does not leak if user exists or not
|
|
See https://github.com/FreshRSS/FreshRSS/issues/679
|
|
See https://github.com/FreshRSS/FreshRSS/issues/679
|
|
See https://github.com/FreshRSS/FreshRSS/issues/679
|
|
In particular, ensure that ERROR is only used for errors that may affect
FreshRSS integrity, and ensure that feed errors are visible also in
production, i.e. visibility of WARNING
https://github.com/FreshRSS/FreshRSS/issues/885
https://github.com/FreshRSS/FreshRSS/issues/884
|
|
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
Old setters does not exist anymore, remove them.
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
Replaced by a get_user_configuration() function in lib_rss.
This function register a new configuration based on the given username
and return the corresponding configuration.
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- We have still to fix actualize_script and greader api (refactoring?)
- We have to fix the FreshRSS_Configuration calls
- We have to fix availableLanguages calls
See https://github.com/FreshRSS/FreshRSS/issues/730
|
Alexandre Alapetite
Luc SANCHEZ
maTh
Alexis Degrugillier
Thomas Renes
Marien Fressinaud
Alexandre Alapetite
