| Age | Commit message (Collapse) | Author |
|---|
|
* A wrong login must produce HTTP 403
#fix https://github.com/FreshRSS/FreshRSS/issues/2901
https://github.com/FreshRSS/FreshRSS/pull/2794/files#r389319248
* Just for consistency
|
|
The `FreshRSS_Auth::hasAccess` method is called during auth
initialization (`app/FreshRSS.php:78`), only for `user#create` action.
However, at this step, the `user` configuration namespace hasn't be
initialized yet, and so users weren't able to register because of the
exception... quite critical!
|
|
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
|
|
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Rework CSRF interaction with sessions
Fix https://github.com/FreshRSS/FreshRSS/issues/2288
Improve security in some edge cases
Maybe relevant for
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671
* Forgotten mime type
|
|
https://github.com/Alkarex/FreshRSS/commit/bf51c82d55f6bf1af2a6464ca4f148d6c613d28f
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-473873922
|
|
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
|
|
Small fix for https://github.com/FreshRSS/FreshRSS/pull/2137
|
|
* Use cookie_duration correctly
* WIP allow cookie_duration to be modified from GUI
* Allow cookie_duration to actually be updated
* Update view to properly display cookie_duration
* Add new strings in Translation Files
* Fix typo
* Fix trailing whitespace
* I18n: French translation
* I18n fr: Forgot todo
|
|
https://github.com/FreshRSS/FreshRSS/issues/1807
|
|
https://github.com/YunoHost-Apps/freshrss_ynh/issues/33
|
|
https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
|
|
|
|
|
|
Send cookie FreshRSS_login only once
|
|
Prior to this patch, two cookies with the same name were sent, the first
one was to destroy the cookie, and the second one to create it
|
|
https://github.com/FreshRSS/FreshRSS/issues/1384
|
|
https://github.com/FreshRSS/FreshRSS/issues/1345
|
|
Avoid returning CSRF POST token for a GET
|
|
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer
https://github.com/FreshRSS/FreshRSS/issues/570
https://github.com/FreshRSS/FreshRSS/issues/955
https://github.com/FreshRSS/FreshRSS/issues/1198
https://github.com/FreshRSS/FreshRSS/issues/565
https://github.com/FreshRSS/FreshRSS/issues/554
|
|
https://github.com/FreshRSS/FreshRSS/issues/1052
|
|
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- We have still to fix actualize_script and greader api (refactoring?)
- We have to fix the FreshRSS_Configuration calls
- We have to fix availableLanguages calls
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
General attribute has been removed from system config.
Now subattributes (e.g. environment, salt, title, etc.) are directly accessible.
YOU HAVE TO FIX YOUR ./data/config.php file!
- Remove the general array
- Values inside this array must be kept
- To see what it must look like, please have a look to ./data/config.default.php
(but keep your values!!).
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- Use only Minz_Configuration
- register() method to load a new configuration file
- get() to get a configuration
- new exceptions related to configuration
- fix a list configuration calls to have FRSS working
Current problems to resolve:
- How to handle configuration param verifications (i.e. check auth_type
is a value from none, http_auth, persona or form)
- We must use $conf = Minz_Configuration::get('system'); $general_conf = $conf->general;
to access global system configuration which is quite annoying. How to change that?
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
https://github.com/marienfressinaud/FreshRSS/issues/681
Warning: needs some testing
|
|
AuthController is dedicated to auhentication.
Persona is back, greater than ever!
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
|
Replace Minz_Configuration::isAdmin($user). FreshRSS_Auth::hasAccess() could
be extended to others scopes later.
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
|
Big work, not finished. A lot of features have been removed.
See https://github.com/marienfressinaud/FreshRSS/issues/655
|
Alexandre Alapetite
Marien Fressinaud
Alexis Degrugillier
Patrick Crandol
Clément
Alexandre Alapetite
