| Age | Commit message (Collapse) | Author |
|---|
|
* Use HTTP POST for logout
To avoid potential CSRF risks
* Fixed button font issue
* Minor whitespace
|
|
https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0
Can be updated to the latest version with:
`curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js`
|
|
|
|
|
|
* revert
Fix code indentation
Fix code
Upgrade code to php 8.1
* fix remarques
* code review
* code review
* code review
* Apply suggestions from code review
* code review
* Fixes
* Many remainging updates of array syntax
* Lost case 'reading-list'
* Uneeded PHPDoc
---------
Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
https://github.com/FreshRSS/FreshRSS/pull/6800#discussion_r1756435762
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6796
|
|
* Minor update whitespace PHPCS rules
To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12.
Does not change our current conventions, but just a bit more consistent.
* Forgotten *.phtml
* Sort exclusion patterns + add a few for Extensions repo
* Relaxed some rules
|
|
* More PHPStan
* More, passing
* 4 more files
* Update to PHPStan 1.11.4
Needed for fixed bug: Consider numeric-string types after string concat
https://github.com/phpstan/phpstan/releases/tag/1.11.4
* Pass PHPStan level 9
Start tracking booleansInConditions
* Fix mark as read
* Fix doctype
* ctype_digit
|
|
Take advantage of
https://phpstan.org/blog/bring-your-exceptions-under-control
Minimum changes to pass `tooWideThrowType` and `implicitThrows`.
Revert some mistakes from:
https://github.com/FreshRSS/FreshRSS/pull/5504
Preparation needed before new PRs of the same type:
https://github.com/FreshRSS/FreshRSS/pull/5962
Fix several wrong PHPDocs and catches:
> Method ... has ...Exception in PHPDoc @throws tag but it's not thrown.
> Dead catch - ...Exception is never thrown in the try block.
|
|
The notification about wrong login was not working. Noticed while working on https://github.com/FreshRSS/FreshRSS/pull/5955
This was due to timing of when the notification is retrieved.
Simplified code to make the logic easier and more robust.
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5953
Regression due to https://github.com/FreshRSS/FreshRSS/pull/5946
|
|
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
|
|
* Fix types for extensions
To accompany https://github.com/FreshRSS/Extensions/pull/185
* Avoid bug redeclared function
|
|
* Little's optimisations and booleans in conditions
* Apply strict type
* Apply strict type
* Apply strict type
* Fix multiple bugs with PHP 8.2 and 8.3
* Many declares missing, more errors fixed
* Apply strict type
* Another approach
* Stronger typing for Minz_Session
* Fix case of SQLite
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* processing of depreciations and updating of code to php7.2 minimum
* Autoformat many strange array indenting
And revert a few unwanted changes
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* PHPStan Level 7 for Minz_Request
* PHPStan Level 7 for FreshRSS_Feed
* PHPStan Level 7 for Minz_Error
|
|
* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357
* Fix install for http_auth
* Update lib/lib_rss.php
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Fill null exception e-mail
* Revert some syntax
* Minor parentheses
|
|
* Show REMOTE_ADDR in case of HTTP Basic Auth error
https://github.com/FreshRSS/FreshRSS/issues/5300
* Remove obsolete TODO
|
|
* Remarque's from Alkarex
* indentation
* indentation
* Apply suggestions from code review
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Remarque's from Alkarex
* A few improvements
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Fixes and improvments
* Fix getTagsForEntry
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Use typed access to request parameters
This was a big source of mixed datatypes in many places
* Fix notifications
* Fix bookmarkAction
|
|
7 more files passing (see phpstan-next.txt)
|
|
* Modernize Constants and use new constant 'currentUser'
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Models/Auth.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update app/Models/Context.php
* Update app/Models/LogDAO.php
* Update lib/Minz/Log.php
* Update p/api/greader.php
* Update app/layout/header.phtml
* Update app/views/helpers/export/articles.phtml
* Update cli/do-install.php
* Remarque's from Alkarex
* Remarque's from Alkarex
* Refactor using new Minz_User class
* Consistent naming of public constants
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Typehint to Controllers
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
* Remarque's from Alkarex
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
|
|
* Use constants for path to TOS
* improve comments
* TOS title moved to template
* TOS available via config menu
* CSS: improve handling of content of TOS/about
* give info about set/unset TOS in system config
* fix target
* i18n FR
* i18n DE
|
|
|
|
Before, if you've tried to reach a page without being logged, you'll be
automatically redirected to the index page after login.
Now, the original page is used after login.
Fix #3663
|
|
|
|
|
|
* Fix ctype_alnum
#fix https://github.com/FreshRSS/FreshRSS/issues/4180
Ensure `ctype_alnum()` gets a string
* Changelog
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
(#4134)
|
|
* Fix most PHPDocs errors
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
https://phpstan.org/writing-php-code/phpdoc-types
* Avoid func_get_args
Use variadic syntax instead https://php.net/manual/functions.arguments#functions.variable-arg-list
And avoid dynamic functions names when possible to more easily identify calls and unused functions.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
* PHPStan level 3
* PHPStand level 4
* Update default to PHPStan level 4
* Towards level 5
* Fix level 4 regression
* Towards level 5
* Pass PHPStan level 5
* Towards level 6
* Remove erronenous regression from changelog
https://github.com/FreshRSS/FreshRSS/pull/4116
|
|
* Add PHPStan
#fix https://github.com/FreshRSS/FreshRSS/issues/4016
https://phpstan.org/
```sh
composer run-script phpstan
```
* More fixes
* Fix global variables
* Add .phtml
* Fix merge
https://github.com/FreshRSS/FreshRSS/pull/4090
* Fix more warnings
* Fix view errors and enable in CI
* ReturnTypeWillChange
* Dynamic view type
* Fix Minz static/self bug
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/4080
Initialise the default user to be able to display the error page
|
|
* Update Travis line length
* Also check whitespace in CSS files
* Fix line length ext.php
* More syntax, string templates
* Fix exclude-pattern
* Test JS files as well
|
|
Small bug from https://github.com/FreshRSS/FreshRSS/pull/3070 , leading
to an exception due to not being able to log the error.
Minor: Also add some very primitive mitigation of timing attacks (to
find out whether a user exists or not, although I have not checked
whether this might be guessed through other means) - before, if the user
did not exist, the response was always measurably faster; now it is
harder to tell due to the noise
|
|
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
|
|
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
|
|
* Minz: Attach a notification to a request
Notifications should be attached to a request, not to a global session.
Fix
https://github.com/FreshRSS/FreshRSS/pull/3096#issuecomment-654891906
Prepare https://github.com/FreshRSS/FreshRSS/pull/3096
* Rename array
* Avoid string constants
Implement
https://github.com/FreshRSS/FreshRSS/pull/3208#issuecomment-703243863
* Improved logic
* Simplify storage
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499511213
* Fix notification bug in configuration/system
|
|
If you want to block users without deleting their account, you can now
disable them from the interface.
|
|
Before, when the user was not logged in, pages where translated with the '_' user language.
Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.
|
|
* A wrong login must produce HTTP 403
#fix https://github.com/FreshRSS/FreshRSS/issues/2901
https://github.com/FreshRSS/FreshRSS/pull/2794/files#r389319248
* Just for consistency
|
|
* Keep the user on login page on failure
* Show an error if username already exists
* Check the password format in the backend
* Return a better message if username is invalid
* Add a title to the login page
* wip: Improve look of login and register pages
* Set a capital M in username help message
On the registration page, username tip started with a minuscule, while
the password tip started with a capital.
* Change message if username is taken
|
|
|
|
This feature is optional. It is based on the presence of a
`data/tos.html` file that an administrator can create. If this file
exists, FreshRSS will automatically add a "ToS" checkbox on the
registration page that users must check to be able to create their
account.
|
|
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
|
|
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Rework CSRF interaction with sessions
Fix https://github.com/FreshRSS/FreshRSS/issues/2288
Improve security in some edge cases
Maybe relevant for
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671
* Forgotten mime type
|
Alexandre Alapetite
berumuron
Luc SANCHEZ
maTh
Alexis Degrugillier
Thomas Renes
