| Age | Commit message (Collapse) | Author |
|---|
|
Strip `bgcolor`, `text`, `background`, `link`, `alink`, `vlink`
fix https://github.com/FreshRSS/FreshRSS/issues/7604
|
|
* Fix newest articles not shown
Case when processing was faster than 1 second.
fix https://github.com/FreshRSS/FreshRSS/issues/7412
Regression from https://github.com/FreshRSS/FreshRSS/pull/7149
* Simplify uTimeString()
PHPStan has become a bit smarter
|
|
It is too late to check for minimum version check in `lib_rss.php` because that file already contains some relatively new PHP language constructs, which will lead to a syntax error - when running with an old PHP version - instead of the expected error message.
Moved to `constants.php` for now.
Example of syntax error with PHP 7.4:
```
PHP Parse error: syntax error, unexpected '|', expecting '{' in /var/www/FreshRSS/lib/lib_rss.php on line 166
```
Should help users like in:
* https://github.com/FreshRSS/FreshRSS/discussions/7539
* https://github.com/FreshRSS/FreshRSS/issues/7557
|
|
* Fix file serving for symlinked extensions from ext.php
* Don't resolve symlink when deleting extension
* Minor syntax
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
When using HTTP Auth methods (including OpenID Connect), exactly 1 HTTP header should be received, not more.
|
|
Sanitize buttons with a form or formaction attribute.
|
|
Prevent using `Remote-User`, `X-WebAuth-User` during Web scraping.
|
|
We do not sanitize this attribute well enough, so striped for now.
It is rarely used: I have not seen any use of it in any of my many test feeds.
Can be added back when we can handle its inherent security issues better.
|
|
* Referrer-Policy: same-origin
* same-origin for our own images
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Doc force-https
https://github.com/FreshRSS/FreshRSS/discussions/7252#discussioncomment-11951183
* Forgotten ^
* More proper support for comments
|
|
3 is now used for CURLPROXY_HTTPS2
https://github.com/curl/curl/blob/f07612cd9ae1ec50b9bedd749171ad75203c9e7e/include/curl/curl.h#L789
Related to https://github.com/FreshRSS/FreshRSS/issues/7209
|
|
* Add some missing PHP native types
Replaces https://github.com/FreshRSS/FreshRSS/pull/7184
* Clean some types
|
|
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989
https://github.com/phpstan/phpstan/releases/tag/2.0.0
https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md
* More
* More
* Done
* fix i18n CLI
* Restore a PHPStan Next test
For work towards PHPStan Level 10
* 4 more on Level 10
* fix getTagsForEntry
* API at Level 10
* More Level 10
* Finish Minz at Level 10
* Finish CLI at Level 10
* Finish Controllers at Level 10
* More Level 10
* More
* Pass bleedingEdge
* Clean PHPStan options and add TODOs
* Level 10 for main config
* More
* Consitency array vs. list
* Sanitize themes get_infos
* Simplify TagDAO->getTagsForEntries()
* Finish reportAnyTypeWideningInVarTag
* Prepare checkBenevolentUnionTypes and checkImplicitMixed
* Fixes
* Refix
* Another fix
* Casing of __METHOD__ constant
|
|
* revert
Fix code indentation
Fix code
Upgrade code to php 8.1
* fix remarques
* code review
* code review
* code review
* Apply suggestions from code review
* code review
* Fixes
* Many remainging updates of array syntax
* Lost case 'reading-list'
* Uneeded PHPDoc
---------
Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* SimplePie support for HTTP cache policies
Discussion in https://github.com/FreshRSS/simplepie/pull/26
* Bump SimplePie commit
* Typos
* Typos
* Simpler logic
* Explicitly disable cache for non-GET flows
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
|
|
* rename lib/SimplePie to lib/CustomSimplePie
* add test for autoloading SimplePie with PSR-0
* install SimplePie 1.6.0
* Add SimplePie CHANGELOG.md, ignore irrelevant files
* remove unmodified custom classes
* rename all customized SimplePie classes
* Add autoloading for SimplePie PSR-0 and CustomSimplePie classes
* let CustomSimplePie extends SimplePie, remove unchanged code
* let CustomSimplePieMisc extends SimplePie\Misc, remove unchanged code
* Add tests for autoloading
* let CustomSimplePieContentTypeSniffer extends Sniffer, remove unchanged code
* remove unchanged CustomSimplePieEnclosure class
The fixed typos are commited to SimplePie
See https://github.com/simplepie/simplepie/pull/722/commits/133eac158cddaf5d2ddf9d9e5f42d92f944f885d
* let CustomSimplePieFile extends SimplePie\File, remove unchanged code
* let CustomSimplePieParser extends SimplePie\Parser, remove unchanged code
* let CustomSimplePieSanitize extends SimplePie\Sanitize, remove unchanged code
* let CustomSimplePieHttpParser extends SimplePie\HTTP\Parser, remove unchanged code
* Remove CustomSimplePie
* Switch SimplePie repo to https://github.com/FreshRSS/simplepie.git
* move to latest branch, update all SimplePie source files
* Use namespaced SimplePie classes, remove SimplePie library folder
* Update to latest SimplePie version with FreshRSS modifications
* Bump SimplePie
Tests expected to fail due to missing a backport of functionalities
* Add fork-specific readme
* Re-implement initial syslog SimplePie GET
https://github.com/FreshRSS/FreshRSS/pull/815
Lacks https://github.com/FreshRSS/FreshRSS/pull/6061
* Closer backport of syslog SimplePie GET
https://github.com/FreshRSS/FreshRSS/pull/6061
But the requests logs will be in the wrong order in case of redirections
* Fixes
* lib update
* SimplePie include a few more files
* Try with cache-hash branch
* Point to newer commit
* Point to newer commit
* Finalise logs
* Finalise
* Bump SimplePie commit
* Bump SimplePie commit
* Readme SimplePie fork
* Bump SimplePie commit
* Better logging
* Bump SimplePie commit
* Reworked approach to work with SimplePie cache
Simpler FreshRSS patches
* Bump SimplePie commit
https://github.com/FreshRSS/simplepie/pull/22
* Simplepie846
https://github.com/FreshRSS/simplepie/pull/23
And additional fixes
* Remove log
* Cherry pick relevant unmerged SimplePie PRs
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* PHPStan booleansInConditions
* Uniformisation
|
|
* Upgrade to PHP 8.1
As discussed in https://github.com/FreshRSS/FreshRSS/discussions/5474
https://www.php.net/releases/8.0/en.php
https://www.php.net/releases/8.1/en.php
Upgrade to available native type declarations
https://php.net/language.types.declarations
Upgrade to https://phpunit.de/announcements/phpunit-10.html which requires PHP 8.1+ (good timing, as version 9 was not maintained anymore)
Upgrade `:oldest` Docker dev image to oldest Alpine version supporting PHP 8.1: Alpine 3.16, which includes PHP 8.1.22.
* Include 6736
https://github.com/FreshRSS/FreshRSS/pull/6736
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6717
|
|
* Minor update whitespace PHPCS rules
To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12.
Does not change our current conventions, but just a bit more consistent.
* Forgotten *.phtml
* Sort exclusion patterns + add a few for Extensions repo
* Relaxed some rules
|
|
* More PHPStan
* More, passing
* 4 more files
* Update to PHPStan 1.11.4
Needed for fixed bug: Consider numeric-string types after string concat
https://github.com/phpstan/phpstan/releases/tag/1.11.4
* Pass PHPStan level 9
Start tracking booleansInConditions
* Fix mark as read
* Fix doctype
* ctype_digit
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6491
Regression from https://github.com/FreshRSS/FreshRSS/pull/6177
|
|
* PHPStan 1.11 + minor update dev dependencies
https://github.com/phpstan/phpstan/releases/tag/1.11.0
* Comment style
|
|
* SimplePie strip iframe allow attribute
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#allow
Besides security, the `allow autoplay` atttribute is especially problematic on mobile (Firefox on Android) as it asks to open the YouTube app as soon as the article is opened.
Example of code before:
```html
<iframe data-original="https://www.youtube.com/embed/??????feature=oembed" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" sandbox="allow-scripts allow-same-origin"></iframe>
```
* Replace allow attribute
* Allow more
|
|
* HTTP Get allow UTF-8 even when charset is far from top
fix https://github.com/FreshRSS/FreshRSS/issues/5586
The case was an HTML document with 15k whitespace then 1.2k of scripts before the `<meta charset="utf-8">` (far from the 1024 bytes suggested by the spec..., and too far for DOMDocument)
* Rewording
* Trim also vertical tab + comment
|
|
* Refactor some cURL options and use CURLOPT_USERPWD
fix https://github.com/FreshRSS/FreshRSS/issues/6176
* Fixes
|
|
`echo json_encode(...)` is very memory demanding for large responses, so optimised.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/6136
https://github.com/FreshRSS/FreshRSS/pull/6013#discussion_r1506779881
|
|
* Web scraping support encodings such as EUC-JP
fix https://github.com/FreshRSS/FreshRSS/issues/6106
* Typo
|
|
Update PHPStan, fixing some bugs needed for https://github.com/FreshRSS/FreshRSS/pull/6052
(One syntax fix caught by new version)
Update also PHPUnit
|
|
Take advantage of
https://phpstan.org/blog/bring-your-exceptions-under-control
Minimum changes to pass `tooWideThrowType` and `implicitThrows`.
Revert some mistakes from:
https://github.com/FreshRSS/FreshRSS/pull/5504
Preparation needed before new PRs of the same type:
https://github.com/FreshRSS/FreshRSS/pull/5962
Fix several wrong PHPDocs and catches:
> Method ... has ...Exception in PHPDoc @throws tag but it's not thrown.
> Dead catch - ...Exception is never thrown in the try block.
|
|
* allow POST requests for feeds
* added json dotpath and jsonfeed subscriptions. No translation strings yet
* debug and fix jsonfeed parser
* bugfix params saved when editing feed
* added translations for JSON features
* Update docs for web scraping
* make fix-all
and revert unrelated changes, plus a few manual fixes, but there are still several type errors
* Fix some i18n
* refactor json parsing for both feed types
* cleanup unnecessary comment
* refactored generation of SimplePie for XPath and JSON feeds
* Fix merge error
* Update to newer FreshRSS code
* A bit of refactoring
* doc, whitespace
* JSON Feed is in two words
* Add support for array syntax
* Whitespace
* Add OPML export/import
* Work on i18n
* Accept application/feed+json
* Rework POST
* Fix update
* OPML for cURL options
* Fix types
* Fix Typos
---------
Co-authored-by: Erion Elmasllari <elmasllari@factorsixty.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
|
|
* Fix PHP 7 compatibility
https://github.com/FreshRSS/FreshRSS/discussions/5892
* Multiple PHP 7 fixes
* PHPStan
|
|
* Little's optimisations and booleans in conditions
* Apply strict type
* Apply strict type
* Apply strict type
* Fix multiple bugs with PHP 8.2 and 8.3
* Many declares missing, more errors fixed
* Apply strict type
* Another approach
* Stronger typing for Minz_Session
* Fix case of SQLite
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix ignored TRUSTED_PROXY issue
* Add a sub-section to the docs no property mappings for Authentik
* Typo
* Fix typing
* A few changes to the doc
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix import with empty content
fix https://github.com/FreshRSS/FreshRSS/issues/5622
Cherry picks on https://github.com/FreshRSS/FreshRSS/pull/5584
* Fix export of tags / labels
Article-defined tags were wrongly exported as user-defined labels.
* Fix export of tags / labels
Article-defined tags were wrongly exported as user-defined labels.
* Fix bug with many labels
* Better typing
* Comments
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* fix many "Only booleans are allowed in an if condition"
* Update cli/create-user.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update cli/i18n/I18nUsageValidator.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Fix several regressions and other minor things
* Fix another regression
* Update lib/http-conditional.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Improve Dev Container
PHPStan was failing in Dev Container
* Update Docker to Alpine Linux 3.18
* New DATA_PATH environment variable
* README
|
|
A subset of
https://github.com/phpstan/phpstan-strict-rules
|
|
* docs: language table added
* Update 05_Configuration.md
* Update 05_Configuration.md
* french docs
* Unicode quote and a few fixes
(Same search&replace aslo applied to a few other files)
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
https://phpstan.org/config-reference#constants
Avoid a few phpstan-ignore-next-line
|
|
* Automatic trusted_sources during install
Fix https://github.com/FreshRSS/FreshRSS/issues/5357
* Fix install for http_auth
* Update lib/lib_rss.php
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Fill null exception e-mail
* Revert some syntax
* Minor parentheses
|
|
Report feeds as errored for more cases
|
|
And fix bugs for saving user queries
|
|
Fix https://github.com/FreshRSS/FreshRSS/issues/5310
|
|
* Complete PHPStan Level 6
Fix https://github.com/FreshRSS/FreshRSS/issues/4112
And initiate PHPStan Level 7
* PHPStan Level 6 for tests
* Use phpstan/phpstan-phpunit
* Update to PHPStan version 1.10
* Fix mixed bug
* Fix mixed return bug
* Fix paginator bug
* Fix FreshRSS_UserConfiguration
* A couple more Minz_Configuration bug fixes
* A few trivial PHPStan Level 7 fixes
* A few more simple PHPStan Level 7
* More files passing PHPStan Level 7
Add interface to replace removed class from https://github.com/FreshRSS/FreshRSS/pull/5251
* A few more PHPStan Level 7 preparations
* A few last details
|
|
* Modernize Constants and use new constant 'currentUser'
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Add FreshRSS_Context::currentUser() function and use
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Controllers/userController.php
* Update app/Models/Auth.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update p/api/greader.php
* Update app/Models/Context.php
* Update app/Models/LogDAO.php
* Update lib/Minz/Log.php
* Update p/api/greader.php
* Update app/layout/header.phtml
* Update app/views/helpers/export/articles.phtml
* Update cli/do-install.php
* Remarque's from Alkarex
* Remarque's from Alkarex
* Refactor using new Minz_User class
* Consistent naming of public constants
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
https://github.com/FreshRSS/FreshRSS/issues/4627
|
|
* XML+XPath
#fix https://github.com/FreshRSS/FreshRSS/issues/5075
Implementation allowing to take an XML document as input using an XML parser (instead of an HTML parser for HTML+XPath)
* Remove noise from another PR
* Better MIME for XML
* And add glob *.xml for cache cleaning
* Minor syntax
* Add glob json for clean cache
|
Alexandre Alapetite
Inverle
maTh
Luc SANCHEZ
Artur Weigandt
eta-orionis
Joe Stump
maTh
