| Age | Commit message (Collapse) | Author |
|---|
|
* Improve anonymous authentication logic
* forgot to git add
* Fix incorrect token check
Because an empty parameter could be just passed if token for the user wasn't set: `&token=`
|
|
* Housekeeping lib_rss.php
`lib_rss.php` had become much too large, especially after https://github.com/FreshRSS/FreshRSS/pull/7924
Moved most functions to other places.
Mostly no change of code otherwise (see comments).
* Extension: composer run-script phpstan-third-party
|
|
For login, tokens, nonces
|
|
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989
https://github.com/phpstan/phpstan/releases/tag/2.0.0
https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md
* More
* More
* Done
* fix i18n CLI
* Restore a PHPStan Next test
For work towards PHPStan Level 10
* 4 more on Level 10
* fix getTagsForEntry
* API at Level 10
* More Level 10
* Finish Minz at Level 10
* Finish CLI at Level 10
* Finish Controllers at Level 10
* More Level 10
* More
* Pass bleedingEdge
* Clean PHPStan options and add TODOs
* Level 10 for main config
* More
* Consitency array vs. list
* Sanitize themes get_infos
* Simplify TagDAO->getTagsForEntries()
* Finish reportAnyTypeWideningInVarTag
* Prepare checkBenevolentUnionTypes and checkImplicitMixed
* Fixes
* Refix
* Another fix
* Casing of __METHOD__ constant
|
|
* Minor update whitespace PHPCS rules
To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12.
Does not change our current conventions, but just a bit more consistent.
* Forgotten *.phtml
* Sort exclusion patterns + add a few for Extensions repo
* Relaxed some rules
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6611
Logged-in users were still able to use their account for some time despite having being disabled by admin
|
|
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Modernize code to php7.4
* Consistency
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
|
|
* Little's optimisations and booleans in conditions
* Apply strict type
* Apply strict type
* Apply strict type
* Fix multiple bugs with PHP 8.2 and 8.3
* Many declares missing, more errors fixed
* Apply strict type
* Another approach
* Stronger typing for Minz_Session
* Fix case of SQLite
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Require PHP 7.4+
https://github.com/FreshRSS/FreshRSS/discussions/5474
* Update Docker oldest
Alpine 3.13 with PHP 7.4.26
* Add missing packets to Docker oldest
* Update to typed properties
https://php.net/migration74.new-features#migration74.new-features.core.typed-properties
* More types
|
|
* processing of depreciations and updating of code to php7.2 minimum
* Autoformat many strange array indenting
And revert a few unwanted changes
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357
* Fix install for http_auth
* Update lib/lib_rss.php
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Fill null exception e-mail
* Revert some syntax
* Minor parentheses
|
|
* Complete PHPStan Level 6
Fix https://github.com/FreshRSS/FreshRSS/issues/4112
And initiate PHPStan Level 7
* PHPStan Level 6 for tests
* Use phpstan/phpstan-phpunit
* Update to PHPStan version 1.10
* Fix mixed bug
* Fix mixed return bug
* Fix paginator bug
* Fix FreshRSS_UserConfiguration
* A couple more Minz_Configuration bug fixes
* A few trivial PHPStan Level 7 fixes
* A few more simple PHPStan Level 7
* More files passing PHPStan Level 7
Add interface to replace removed class from https://github.com/FreshRSS/FreshRSS/pull/5251
* A few more PHPStan Level 7 preparations
* A few last details
|
|
* Use typed access to request parameters
This was a big source of mixed datatypes in many places
* Fix notifications
* Fix bookmarkAction
|
|
7 more files passing (see phpstan-next.txt)
|
|
* Modernize Constants and use new constant 'currentUser'
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Models/Auth.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update app/Models/Context.php
* Update app/Models/LogDAO.php
* Update lib/Minz/Log.php
* Update p/api/greader.php
* Update app/layout/header.phtml
* Update app/views/helpers/export/articles.phtml
* Update cli/do-install.php
* Remarque's from Alkarex
* Remarque's from Alkarex
* Refactor using new Minz_User class
* Consistent naming of public constants
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
* Fix most PHPDocs errors
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
https://phpstan.org/writing-php-code/phpdoc-types
* Avoid func_get_args
Use variadic syntax instead https://php.net/manual/functions.arguments#functions.variable-arg-list
And avoid dynamic functions names when possible to more easily identify calls and unused functions.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/4103
* PHPStan level 3
* PHPStand level 4
* Update default to PHPStan level 4
* Towards level 5
* Fix level 4 regression
* Towards level 5
* Pass PHPStan level 5
* Towards level 6
* Remove erronenous regression from changelog
https://github.com/FreshRSS/FreshRSS/pull/4116
|
|
Take advantage of PHP7+ null-coalescing operator `??` to make code more standard, shorter, and faster instead of custom function with no extra functionality.
Allows code to be better tested and fix two PHPstan errors:
```
------ -----------------------------------------
Line app/Controllers/configureController.php
------ -----------------------------------------
410 Cannot unset offset 'rid' on string.
------ -----------------------------------------
------ ------------------------------------
Line lib/Minz/FrontController.php
------ ------------------------------------
70 Cannot unset offset 'c' on string.
71 Cannot unset offset 'a' on string.
------ ------------------------------------
```
https://github.com/FreshRSS/FreshRSS/issues/4016
|
|
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
|
|
It's a follow-up of what was started in #3297.
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/3169#issuecomment-685983797
Supplement https://github.com/FreshRSS/FreshRSS/pull/3170
When we get the long-term login cookie (i.e. when starting a new session), renew it at the same time for the same duration
|
|
* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
|
|
* Add auto-registration when using http_auth
* Document HTTP auth auto-registration
* Check email variable for HTTP auth auto-registration
* Auto-create HTTP users by default
* Fix Context init
(I will provide in another PR a better fix requiring a bit of global refactoring)
* Init language
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* A wrong login must produce HTTP 403
#fix https://github.com/FreshRSS/FreshRSS/issues/2901
https://github.com/FreshRSS/FreshRSS/pull/2794/files#r389319248
* Just for consistency
|
|
The `FreshRSS_Auth::hasAccess` method is called during auth
initialization (`app/FreshRSS.php:78`), only for `user#create` action.
However, at this step, the `user` configuration namespace hasn't be
initialized yet, and so users weren't able to register because of the
exception... quite critical!
|
|
Now FRSS supports more than one admin. Admins have the same rights as
the default user. Admins can promote or demote other users. The default
user is considered as an admin even if it does not have the admin flag
enabled.
See #2096
|
|
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Rework CSRF interaction with sessions
Fix https://github.com/FreshRSS/FreshRSS/issues/2288
Improve security in some edge cases
Maybe relevant for
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-474992671
* Forgotten mime type
|
|
https://github.com/Alkarex/FreshRSS/commit/bf51c82d55f6bf1af2a6464ca4f148d6c613d28f
https://github.com/FreshRSS/FreshRSS/issues/2125#issuecomment-473873922
|
|
* Security fixes when HTTP user does not exist in FreshRSS
* Accept HTTP header X-WebAuth-User for delegated HTTP Authentication (e.g. Træfik)
* Document delegated HTTP authentication from https://github.com/FreshRSS/FreshRSS/pull/2202
|
|
Small fix for https://github.com/FreshRSS/FreshRSS/pull/2137
|
|
* Use cookie_duration correctly
* WIP allow cookie_duration to be modified from GUI
* Allow cookie_duration to actually be updated
* Update view to properly display cookie_duration
* Add new strings in Translation Files
* Fix typo
* Fix trailing whitespace
* I18n: French translation
* I18n fr: Forgot todo
|
|
https://github.com/FreshRSS/FreshRSS/issues/1807
|
|
https://github.com/YunoHost-Apps/freshrss_ynh/issues/33
|
|
https://github.com/FreshRSS/FreshRSS/issues/1390
https://github.com/FreshRSS/FreshRSS/issues/366
|
|
|
|
|
|
Send cookie FreshRSS_login only once
|
|
Prior to this patch, two cookies with the same name were sent, the first
one was to destroy the cookie, and the second one to create it
|
|
https://github.com/FreshRSS/FreshRSS/issues/1384
|
|
https://github.com/FreshRSS/FreshRSS/issues/1345
|
|
Avoid returning CSRF POST token for a GET
|
|
https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer
https://github.com/FreshRSS/FreshRSS/issues/570
https://github.com/FreshRSS/FreshRSS/issues/955
https://github.com/FreshRSS/FreshRSS/issues/1198
https://github.com/FreshRSS/FreshRSS/issues/565
https://github.com/FreshRSS/FreshRSS/issues/554
|
|
https://github.com/FreshRSS/FreshRSS/issues/1052
|
|
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
- We have still to fix actualize_script and greader api (refactoring?)
- We have to fix the FreshRSS_Configuration calls
- We have to fix availableLanguages calls
See https://github.com/FreshRSS/FreshRSS/issues/730
|
|
General attribute has been removed from system config.
Now subattributes (e.g. environment, salt, title, etc.) are directly accessible.
YOU HAVE TO FIX YOUR ./data/config.php file!
- Remove the general array
- Values inside this array must be kept
- To see what it must look like, please have a look to ./data/config.default.php
(but keep your values!!).
See https://github.com/FreshRSS/FreshRSS/issues/730
|
Inverle
Alexandre Alapetite
Luc SANCHEZ
Alexis Degrugillier
Martin
bpatath
Marien Fressinaud
Patrick Crandol
Clément
Alexandre Alapetite
