| Age | Commit message (Collapse) | Author |
|---|
|
* Rework CSRF interaction with sessions
Fix https://github.com/FreshRSS/FreshRSS/issues/2288
Improve security in some edge cases
Maybe relevant for
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671
* Forgotten mime type
|
|
https://github.com/Alkarex/FreshRSS/commit/bf51c82d55f6bf1af2a6464ca4f148d6c613d28f
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-473873922
|
|
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
|
|
Small fix for https://github.com/FreshRSS/FreshRSS/pull/2137
|
|
* Use cookie_duration correctly
* WIP allow cookie_duration to be modified from GUI
* Allow cookie_duration to actually be updated
* Update view to properly display cookie_duration
* Add new strings in Translation Files
* Fix typo
* Fix trailing whitespace
* I18n: French translation
* I18n fr: Forgot todo
|
|
https://github.com/FreshRSS/FreshRSS/issues/1807
|
|
https://github.com/YunoHost-Apps/freshrss_ynh/issues/33
|
|
https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
|
|
|
|
|
|
Send cookie FreshRSS_login only once
|
|
Prior to this patch, two cookies with the same name were sent, the first
one was to destroy the cookie, and the second one to create it
|
|
https://github.com/FreshRSS/FreshRSS/issues/1384
|
|
https://github.com/FreshRSS/FreshRSS/issues/1345
|
|
Avoid returning CSRF POST token for a GET
|
|
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer
https://github.com/FreshRSS/FreshRSS/issues/570
https://github.com/FreshRSS/FreshRSS/issues/955
https://github.com/FreshRSS/FreshRSS/issues/1198
https://github.com/FreshRSS/FreshRSS/issues/565
https://github.com/FreshRSS/FreshRSS/issues/554
|
|
https://github.com/FreshRSS/FreshRSS/issues/1052
|
|
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- We have still to fix actualize_script and greader api (refactoring?)
- We have to fix the FreshRSS_Configuration calls
- We have to fix availableLanguages calls
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
General attribute has been removed from system config.
Now subattributes (e.g. environment, salt, title, etc.) are directly accessible.
YOU HAVE TO FIX YOUR ./data/config.php file!
- Remove the general array
- Values inside this array must be kept
- To see what it must look like, please have a look to ./data/config.default.php
(but keep your values!!).
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- Use only Minz_Configuration
- register() method to load a new configuration file
- get() to get a configuration
- new exceptions related to configuration
- fix a list configuration calls to have FRSS working
Current problems to resolve:
- How to handle configuration param verifications (i.e. check auth_type
is a value from none, http_auth, persona or form)
- We must use $conf = Minz_Configuration::get('system'); $general_conf = $conf->general;
to access global system configuration which is quite annoying. How to change that?
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
https://github.com/marienfressinaud/FreshRSS/issues/681
Warning: needs some testing
|
|
AuthController is dedicated to auhentication.
Persona is back, greater than ever!
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
|
Replace Minz_Configuration::isAdmin($user). FreshRSS_Auth::hasAccess() could
be extended to others scopes later.
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
|
Big work, not finished. A lot of features have been removed.
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
Alexandre Alapetite
Patrick Crandol
Clément
Alexandre Alapetite
Marien Fressinaud
