| Age | Commit message (Collapse) | Author |
|---|
|
Completes the following TODO https://github.com/FreshRSS/FreshRSS/issues/7923:
https://github.com/FreshRSS/FreshRSS/blob/de624dc8ce63ec819c61216d9d44f828841c293e/app/Controllers/authController.php#L105
Extension PR: https://github.com/FreshRSS/Extensions/pull/364
https://github.com/FreshRSS/Extensions/tree/main/xExtension-UnsafeAutologin
|
|
* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856
* Revert contentSelectorPreviewAction
* Same for f.php and api
* Fix double init in f.php
* No sandbox for API page
|
|
* Show warning when unsafe CSP policy is in use
* Fix bare markdown URL
* i18n: fr
* Minor i18n: fr
* Add target="_blank" to i18n strings
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Implement support for HTTP 429 Too Many Requests
Will obey the corresponding HTTP `Retry-After` header at domain level.
* Implement 503 Service Unavailable
* Sanitize Retry-After
* Reduce default value when Retry-After is absent
And make configuration parameter
* Retry-After also for favicons
|
|
Closes #3789, #6503
Icon setting when no custom icon is set yet:
- `Change...` button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. `Submit` must be clicked after selecting the icon.
- `Reset to default` changes the preview icon to the default one, and also requires `Submit` to be clicked to apply the changes.
Full list of changes:
- CSP now includes `blob:` in `img-src` for
- `indexAction()` and `feedAction()` in `subscriptionController.php`
- all of the view actions in `indexController.php`
- Introduce new attribute `customFavicon (boolean)` for feeds that indicates if the feed has a custom favicon
- `hashFavicon()` in `Feed.php` is dependent on this attribute
- `hashFavicon()` has a new parameter called `skipCache (boolean)` that allows the reset of the favicon hash for the Feed object
- `resetFaviconHash()` just calls `hashFavicon(skipCache: true)`
- `f.php` URLs now have the format of `/f.php?h=XXXXX&t=cachebuster`, where the `t` parameter is only used for serving custom favicons
- if `t` parameter is set, `f.php` returns a `Cache-Control: immutable` header
- `stripos` and `strpos` were changed to `str_contains` in various places (refactor)
- JS for handling the custom favicon configuration logic is in `extra.js` inside `init_update_feed()` which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded
- Server-side code for uploading the icon in `subscriptionController.php` under `feedAction()`
- Errors that may occur during the setting of a custom favicon:
- Unsupported image file type (handled only server-side with `isImgMime()`)
- When the file is bigger than 1 MiB (default), handled both client-side and server-side
- Standard feed error when `updateFeed()` fails
- JS vars `javascript_vars.phtml` are no longer escaped with `htmlspecialchars()`, instead with json encoding,
- CSS for disabled buttons was added
- Max favicon file size is configurable with the `max_favicon_upload_size` option in `config.php` (not exposed via UI)
- Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first.
- ` faviconPrepare()` and `faviconRebuild()` are not allowed to be called when the `customFavicon` attribute is `true`
- New i18n strings:
- `'sub.feed.icon' => 'Icon'`
- `'sub.feed.change_favicon' => 'Change…'`
- `'sub.feed.reset_favicon' => 'Reset to default'`
- `'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'`
- `'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'`
- `'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'`
- Extension hook `custom_favicon_hash`
- `setCustomFavicon()` method
- `resetCustomFavicon()` method
- `customFaviconExt` and `customFaviconDisallowDel` attributes
- example of usage: https://github.com/FreshRSS/Extensions/pull/337
- Extension hook `custom_favicon_btn_url`
- Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the `extAction` field set to either `query_icon_info` or `update_icon`, along with an `id` field which describes the feed's ID.
|
|
* revert
Fix code indentation
Fix code
Upgrade code to php 8.1
* fix remarques
* code review
* code review
* code review
* Apply suggestions from code review
* code review
* Fixes
* Many remainging updates of array syntax
* Lost case 'reading-list'
* Uneeded PHPDoc
---------
Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* SimplePie support for HTTP cache policies
Discussion in https://github.com/FreshRSS/simplepie/pull/26
* Bump SimplePie commit
* Typos
* Typos
* Simpler logic
* Explicitly disable cache for non-GET flows
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
|
|
* Upgrade to PHP 8.1
As discussed in https://github.com/FreshRSS/FreshRSS/discussions/5474
https://www.php.net/releases/8.0/en.php
https://www.php.net/releases/8.1/en.php
Upgrade to available native type declarations
https://php.net/language.types.declarations
Upgrade to https://phpunit.de/announcements/phpunit-10.html which requires PHP 8.1+ (good timing, as version 9 was not maintained anymore)
Upgrade `:oldest` Docker dev image to oldest Alpine version supporting PHP 8.1: Alpine 3.16, which includes PHP 8.1.22.
* Include 6736
https://github.com/FreshRSS/FreshRSS/pull/6736
|
|
* System option for number of feeds to refresh in parallel
fix https://github.com/FreshRSS/FreshRSS/issues/6123
* Forgot refreshDynamicOpml
|
|
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* Remove core extensions Google Groups and Tumblr
* Google Groups seems to have remove support for RSS/ATOM https://github.com/FreshRSS/FreshRSS/pull/2838 (see e.g. https://www.theregister.com/2021/08/16/google_groups_rss/ )
* Tumblr seems to have fixed their RSS/ATOM post-GDPR https://github.com/FreshRSS/FreshRSS/pull/1924
So for both of thems, the extensions have become irrelevant.
* Cleaning
|
|
* Increase maximum HTTP request timeout from 2 minutes to 15 minutes;
* Reason: I have some RSS Bridge generating feeds, which can take several minutes.
* Increase default HTTP request timeout from 15 to 20s.
* Reason: I regularly observe feeds, which are slow to answer.
|
|
* Update config.default.php
description of default_user adapted
* Update config.default.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Custom logo HTML
Add option for custom HTML logo/title in the main Web UI view.
Can potentially be different per user.
#fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247
* logo_html in main config
With new `./data/config.custom.php` to provide custom values before install
* Docker documentation
* whitespace
* Auto relax CSP to allow images for HTML logo
* Documentation
|
|
* Allow many (20k+) feeds
Fix errors such as `SQL error listWhereRaw: ERROR: value "42926" is out of range for type smallint`
Start of UI performance improvements accordingly.
|
|
* add HTTP_REMOTE_USER header for auth
* add ip whitelist for HTTP_REMOTE_USER header
* add IPv6 support for header auth
* fix formatting
* A few fixes
* Add some default trusted sources
* Fix IPv6 doc
* More standard header names
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
|
|
(#4134)
|
|
|
|
* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Add auto-registration when using http_auth
* Document HTTP auth auto-registration
* Check email variable for HTTP auth auto-registration
* Auto-create HTTP users by default
* Fix Context init
(I will provide in another PR a better fix requiring a bit of global refactoring)
* Init language
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Add core extension for Google Groups
#Fix https://github.com/FreshRSS/FreshRSS/issues/2835
Add ability to discover RSS feeds for Google Groups
Based on https://github.com/FreshRSS/FreshRSS/pull/2837
* Allow HTTP in addition of HTTPS
|
|
* Default or custom OPML
Fix https://github.com/FreshRSS/FreshRSS/issues/2075
Replaces https://github.com/FreshRSS/FreshRSS/pull/2515
https://github.com/FreshRSS/FreshRSS/issues/2514
Uses the local ./data/opml.xml if it exists, otherwise
./opml.default.xml
* Better message
* Move to controller
|
|
#fix https://github.com/FreshRSS/FreshRSS/issues/2549
|
|
* Homogenize SQL_INSERT_FEEDS across database types
* Extract default feeds into system configuration
* Adapt default feeds init during installation
|
|
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
|
|
* Add Minz_View::_path method (replace change_view)
The `_path` method is more powerful since it allows to choose the file
extension. It is also Minz_Request-agnostic, which is useful to reuse
the Minz_View class in other places.
`change_view` is now deprecated and a warning is logged if we use it.
* Provide a Minz_Mailer to send emails
It uses PHPMailer under the hood and only supports PHP >= 5.5
|
|
Instead of PubSubHubbub / PuSH
|
|
* New extension event + Tumblr GDPR
https://github.com/FreshRSS/FreshRSS/issues/1894
simplepie_before_init event
* Refactor extension enabling + Tumblr GDPR enabled by default
Add possibility for extensions to be enabled by default, and disabled
back by users.
* Minor whitespace
|
|
|
|
https://github.com/FreshRSS/FreshRSS/issues/1687
https://github.com/FreshRSS/FreshRSS/issues/443#issuecomment-36666133
|
|
https://github.com/FreshRSS/FreshRSS/issues/1531
|
Inverle
Alexandre Alapetite
Luc SANCHEZ
Tealk
drosoCode
Thomas Renes
maTh
Martin
bpatath
Marien Fressinaud
