| Age | Commit message (Collapse) | Author |
|---|
|
* PHPStan 1.11 + minor update dev dependencies
https://github.com/phpstan/phpstan/releases/tag/1.11.0
* Comment style
|
|
* Auto-update 5038
https://github.com/FreshRSS/FreshRSS/pull/5038
* PostgreSQL
* Draft for MySQL
* More draft MySQL
* Finalise
* A bit more robust
|
|
* Windows: release SQLite
fix https://github.com/FreshRSS/FreshRSS/issues/6275
* Do not use sharedPdo for deleting user
* Case of same user
* Help PHPStan
|
|
* SimplePie strip iframe allow attribute
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#allow
Besides security, the `allow autoplay` atttribute is especially problematic on mobile (Firefox on Android) as it asks to open the YouTube app as soon as the article is opened.
Example of code before:
```html
<iframe data-original="https://www.youtube.com/embed/??????feature=oembed" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" sandbox="allow-scripts allow-same-origin"></iframe>
```
* Replace allow attribute
* Allow more
|
|
* PHP 8.3 #[\Override]
https://php.watch/versions/8.3/override-attr
With PHPStan `checkMissingOverrideMethodAttribute` https://phpstan.org/config-reference#checkmissingoverridemethodattribute
And modified the call to phpstan-next on the model of https://github.com/FreshRSS/Extensions/pull/228 (more robust than the find method, which gave some strange errors)
* Update extension example accordingly
|
|
This is especially relevant for HTML+XPath mode, for which we rely on proper URL "absolutize"
Upstream PR https://github.com/simplepie/simplepie/pull/861
|
|
* HTTP Get allow UTF-8 even when charset is far from top
fix https://github.com/FreshRSS/FreshRSS/issues/5586
The case was an HTML document with 15k whitespace then 1.2k of scripts before the `<meta charset="utf-8">` (far from the 1024 bytes suggested by the spec..., and too far for DOMDocument)
* Rewording
* Trim also vertical tab + comment
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6236
https://php.net/reference.pcre.pattern.modifiers
|
|
This will allow to change CSP rules to authorize the use of external scripts.
We might need to add some safeguard since it will be virtually possible to
load any script even malicious one.
|
|
* Refactor some cURL options and use CURLOPT_USERPWD
fix https://github.com/FreshRSS/FreshRSS/issues/6176
* Fixes
|
|
`echo json_encode(...)` is very memory demanding for large responses, so optimised.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/6136
https://github.com/FreshRSS/FreshRSS/pull/6013#discussion_r1506779881
|
|
and related improvements to clarify inheritance
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/6130
|
|
* New feature: shareable user query
Share the output of a user query by RSS / HTML / OPML with other people through unique URLs.
Replaces the global admin token, which was the only option (but unsafe) to share RSS outputs with other people.
Also add a new HTML output for people without an RSS reader.
fix https://github.com/FreshRSS/FreshRSS/issues/3066#issuecomment-648977890
fix https://github.com/FreshRSS/FreshRSS/issues/3178#issuecomment-769435504
* Remove unused method
* Fix token saving
* Implement HTML view
* Update i18n for master token
* Revert i18n get_favorite
* Fix missing i18n for user queries from before this PR
* Remove irrelevant tests
* Add link to RSS version
* Fix getGet
* Fix getState
* Fix getSearch
* Alternative getSearch
* Default getOrder
* Explicit default state
* Fix test
* Add OPML sharing
* Remove many redundant SQL queries from original implementation of user queries
* Fix article tags
* Use default user settings
* Prepare public search
* Fixes
* Allow user search on article tags
* Implement user search
* Revert filter bug
* Revert wrong SQL left outer join change
* Implement checkboxes
* Safe check of OPML
* Fix label
* Remove RSS button to favour new sharing method
That sharing button was using a global admin token
* First version of HTTP 304
* Disallow some recusrivity
fix https://github.com/FreshRSS/FreshRSS/issues/6086
* Draft of nav
* Minor httpConditional
* Add support for offset for pagination
* Fix offset pagination
* Fix explicit order ASC
* Add documentation
* Help links i18n
* Note about deprecated master token
* Typo
* Doc about format
|
|
* Web scraping support encodings such as EUC-JP
fix https://github.com/FreshRSS/FreshRSS/issues/6106
* Typo
|
|
Update PHPStan, fixing some bugs needed for https://github.com/FreshRSS/FreshRSS/pull/6052
(One syntax fix caught by new version)
Update also PHPUnit
|
|
The URL of favicons with protocol-relative URL's already start with "//" so by adding it again it will result in "http:////url" and the icon will never be retrieved.
|
|
To make debugging of e.g. https://github.com/FreshRSS/FreshRSS/issues/6056 easier
|
|
Take advantage of
https://phpstan.org/blog/bring-your-exceptions-under-control
Minimum changes to pass `tooWideThrowType` and `implicitThrows`.
Revert some mistakes from:
https://github.com/FreshRSS/FreshRSS/pull/5504
Preparation needed before new PRs of the same type:
https://github.com/FreshRSS/FreshRSS/pull/5962
Fix several wrong PHPDocs and catches:
> Method ... has ...Exception in PHPDoc @throws tag but it's not thrown.
> Dead catch - ...Exception is never thrown in the try block.
|
|
* allow POST requests for feeds
* added json dotpath and jsonfeed subscriptions. No translation strings yet
* debug and fix jsonfeed parser
* bugfix params saved when editing feed
* added translations for JSON features
* Update docs for web scraping
* make fix-all
and revert unrelated changes, plus a few manual fixes, but there are still several type errors
* Fix some i18n
* refactor json parsing for both feed types
* cleanup unnecessary comment
* refactored generation of SimplePie for XPath and JSON feeds
* Fix merge error
* Update to newer FreshRSS code
* A bit of refactoring
* doc, whitespace
* JSON Feed is in two words
* Add support for array syntax
* Whitespace
* Add OPML export/import
* Work on i18n
* Accept application/feed+json
* Rework POST
* Fix update
* OPML for cURL options
* Fix types
* Fix Typos
---------
Co-authored-by: Erion Elmasllari <elmasllari@factorsixty.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5976
fix https://github.com/YunoHost-Apps/freshrss_ynh/pull/176
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5970
Regression from https://github.com/FreshRSS/FreshRSS/pull/5957
|
|
Replaces https://github.com/FreshRSS/FreshRSS/pull/5837
The signature of methods supposed to be overriden by existing thid-party extensions cannot be modified
|
|
The notification about wrong login was not working. Noticed while working on https://github.com/FreshRSS/FreshRSS/pull/5955
This was due to timing of when the notification is retrieved.
Simplified code to make the logic easier and more robust.
|
|
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-rules
https://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
|
|
* Better debug SQL error
* Fix check
|
|
* Fix types for extensions
To accompany https://github.com/FreshRSS/Extensions/pull/185
* Avoid bug redeclared function
|
|
* Fix PHP 7 compatibility
https://github.com/FreshRSS/FreshRSS/discussions/5892
* Multiple PHP 7 fixes
* PHPStan
|
|
Regression from https://github.com/FreshRSS/FreshRSS/pull/5830
|
|
Regression from https://github.com/FreshRSS/FreshRSS/pull/5830
|
|
* Little's optimisations and booleans in conditions
* Apply strict type
* Apply strict type
* Apply strict type
* Fix multiple bugs with PHP 8.2 and 8.3
* Many declares missing, more errors fixed
* Apply strict type
* Another approach
* Stronger typing for Minz_Session
* Fix case of SQLite
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Avoid potential Information Exposure
|
|
* Fix ignored TRUSTED_PROXY issue
* Add a sub-section to the docs no property mappings for Authentik
* Typo
* Fix typing
* A few changes to the doc
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Rework the behavior of favicon search
Use xpath queries to reduce the filtering necessary.
Don't call checkUrl since the href value will not always be a full URL.
Check for a base path in the HTML to be used if the favicon href doesn't
start with a leading slash.
* Break long xpath query into two lines
* Fix issues found by CI
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5797
|
|
* Require PHP 7.4+
https://github.com/FreshRSS/FreshRSS/discussions/5474
* Update Docker oldest
Alpine 3.13 with PHP 7.4.26
* Add missing packets to Docker oldest
* Update to typed properties
https://php.net/migration74.new-features#migration74.new-features.core.typed-properties
* More types
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/5734
fix https://github.com/FreshRSS/FreshRSS/issues/5724
Regression from https://github.com/FreshRSS/FreshRSS/pull/5426
|
|
|
|
* Minor update dependencies
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/5691
Mostly dev dependencies; nothing that affects our runtime
* Update versions for GitHub Actions
* Fix newly found typos
* Fix exclude path
|
|
* Allow configuration of Base URL via website
* Fix alphabetization of CREDITS
* Apply suggestions from code review
* Add Automatic recommendation
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix import with empty content
fix https://github.com/FreshRSS/FreshRSS/issues/5622
Cherry picks on https://github.com/FreshRSS/FreshRSS/pull/5584
* Fix export of tags / labels
Article-defined tags were wrongly exported as user-defined labels.
* Fix export of tags / labels
Article-defined tags were wrongly exported as user-defined labels.
* Fix bug with many labels
* Better typing
* Comments
|
|
* Rework trusted proxies
Fix https://github.com/FreshRSS/FreshRSS/issues/5502
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3226
New environment variable `TRUSTED_PROXY`: set to 0 to disable, or to a list of trusted IP ranges compatible with https://httpd.apache.org/docs/current/mod/mod_remoteip.html#remoteiptrustedproxy
New internal environment variable `CONN_REMOTE_ADDR` to remember the true IP address of the connection (e.g. last proxy), even when using mod_remoteip.
Current working setups should not observe any significant change.
* Minor whitespace
* Safer trusted sources during install
Rework of https://github.com/FreshRSS/FreshRSS/pull/5358
https://github.com/FreshRSS/FreshRSS/issues/5357
* Minor readme
|
|
* fix many "Only booleans are allowed in an if condition"
* Update cli/create-user.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update cli/i18n/I18nUsageValidator.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Fix several regressions and other minor things
* Fix another regression
* Update lib/http-conditional.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* New extension hook entry_auto_read
For extensions to be notified of articles being automatically marked as read for various reasons
* Documentation + entry_auto_unread
|
|
* Fix slider titles
And fix full-page view of category configuration.
FIx https://github.com/FreshRSS/FreshRSS/pull/5449#issuecomment-1590021947
* Fix user queries and user management
Implement https://github.com/FreshRSS/FreshRSS/pull/5469#issuecomment-1591957935
|
|
* Remove core extensions Google Groups and Tumblr
* Google Groups seems to have remove support for RSS/ATOM https://github.com/FreshRSS/FreshRSS/pull/2838 (see e.g. https://www.theregister.com/2021/08/16/google_groups_rss/ )
* Tumblr seems to have fixed their RSS/ATOM post-GDPR https://github.com/FreshRSS/FreshRSS/pull/1924
So for both of thems, the extensions have become irrelevant.
* Cleaning
|
|
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
|
|
* Improve Dev Container
PHPStan was failing in Dev Container
* Update Docker to Alpine Linux 3.18
* New DATA_PATH environment variable
* README
|
|
* Update Translate.php
* Small improvements
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix favicon fetching while using proxies
This ensures that if curl_options are defined in config.php, those
settings are respected while fetching favicons.
Fixes FreshRSS#4951
* Change options priority
* Credits keep alphabticorder
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
Alexandre Alapetite
Alexis Degrugillier
Thomas Renes
eta-orionis
Luc SANCHEZ
Joe Stump
Dan Hersam
NaeiKinDus
Sam Cohen
maTh
vrachnis
