| Age | Commit message (Collapse) | Author |
|---|
|
* Doc force-https
https://github.com/FreshRSS/FreshRSS/discussions/7252#discussioncomment-11951183
* Forgotten ^
* More proper support for comments
|
|
3 is now used for CURLPROXY_HTTPS2
https://github.com/curl/curl/blob/f07612cd9ae1ec50b9bedd749171ad75203c9e7e/include/curl/curl.h#L789
Related to https://github.com/FreshRSS/FreshRSS/issues/7209
|
|
No change
https://github.com/PhpGt/CssXPath/pull/227#issuecomment-2580589055
|
|
|
|
* Add some missing PHP native types
Replaces https://github.com/FreshRSS/FreshRSS/pull/7184
* Clean some types
|
|
Add option to sort results by received date (existing, default), publication date, title, URL (link), random.
fix https://github.com/FreshRSS/FreshRSS/issues/1771
fix https://github.com/FreshRSS/FreshRSS/issues/2083
fix https://github.com/FreshRSS/FreshRSS/issues/2119
fix https://github.com/FreshRSS/FreshRSS/issues/2596
fix https://github.com/FreshRSS/FreshRSS/issues/3204
fix https://github.com/FreshRSS/FreshRSS/issues/4405
fix https://github.com/FreshRSS/FreshRSS/issues/5529
fix https://github.com/FreshRSS/FreshRSS/issues/5864
fix https://github.com/FreshRSS/Extensions/issues/161
URL parameters:
* `&sort=id` (current behaviour, sorting according to newest received articles)
* `&sort=date` (publication date, which is not indicative of how new an article is)
* `&sort=title`
* `&sort=link`
* `&sort=rand` (random order - which disables infinite scrolling, at least for now)
combined with `&order=ASC` or `&order=DESC`
## Implementation notes
The sorting criteria by *received date* (id), which is the default, and which was the only one before this PR, is the one that has the best sorting characteristics:
* *uniqueness*: no entries have the exact same received date
* *monotonicity*: new entries always have a higher received date
* *performance*: this field is efficiently indexed in database for fast usage, including for paging (indexing could also be done to other fields, but with lower effective performance)
In contrary, sorting criteria such as by *publication date*, by *title*, or by *link* are neither unique nor monotonic. In particular, multiple articles may share the same *publication date*, and we may receive articles with a *publication date* far in the future, and then later some new articles with a *publication date* far in the past.
To understand why sorting by *publication date* is problematic, it helps to think about sorting by *title* or by *link*, as sorting by *title* and by *publication date* share more or less the same characteristics.
### Problem 1: new articles
New articles may be received in the background after what is shown on screen, and before the next user action such as *mark all as read*. Due to the lack of *monotonicity* when sorting by e.g. *publication date* or *title*, users risk marking as read a batch of articles containing some fresh articles without seeing them.
Mitigation: A parameter `idMax` tracks the maximum ID related to a batch of actions such as *mark all as read* to exclude articles received after those that are displayed.
### Problem 2: paging / pagination
When navigating articles, only a few articles are displayed, and a new "page" of articles needs to be received from the database when scrolling down or when clicking the button to show more articles. When sorting by e.g. *publication date* or *title*, it is not trivial to show the next page without re-showing some of the same articles, and without skipping any. Indeed, views are often with additional criteria such as showing only unread articles, and users may mark some articles as read while viewing them, hereby removing some articles from the previous pages. And like for *Problem 1*, new articles may have been received in the background. Consequently, it is not possible to use `OFFSET` to implement pagination (so the patches suggested by a few users were wrong due to that, in particular).
Mitigation: `idMax` is also used (just like for *Problem 1*) and a *Keyset Pagination* approach is used, combining an unstable sorting criterion such as *publication date* or *title*, together with *id* to ensure stable sorting. (So, 2 sorting criteria + 1 filter criteria)
See e.g. https://www.alwaysdeveloping.net/dailydrop/2022/07/01-keyset-pagination/
### Problem 3: performance
Sorting by anything else than *received date* (id) is doomed to be slow(er) due to the combination of 3 criteria (see *Problem 2*). An `OFFSET` approach (which is not possible anyway as explained) would be even slower. Furthermore, we have no SQL index at the moment, but they would not necessarily help much due to the multiple sorting criteria needed and involving some `OR` logic which is difficult to optimise for databases.
The nicest syntax would be using tuples and corresponding indexes, but that is poorly supported by MySQL https://bugs.mysql.com/bug.php?id=104128
Mitigation: a compatibility SQL syntax is used to implement *Keyset Pagination*
### Problem 4: user confusion
Several users have shown that they do not fully understand the difference between *received date* and *publication date*, and particularly not the pitfalls of *publication date*.
Mitigation: the menus to mark-as-read *before 1 day* and *before 1 week* are disabled when sorting by anything else than *received date*. Likewise, the separation headers *Today* and *Yesterday* and *Before yesterday* are only shown when sorting by *received date*.
Again here, to better understand why, it helps to think about sorting by *title* or by *link*, as sorting by *title* and by *publication date* share more or less the same characteristics.
* [ ] We should write a Q&A and/or documentation about the problems associated to *sorting by publication date*: risks of not noticing new publication, of inadvertently marking them as read, of having some articles with a date in the future hanging at the top of the views (vice versa when sorting in ascending order), performance, etc.
### Problem 5: APIs
Sorting by anything else than *received date* breaks the guarantees needed for a successful synchronisation via API.
Mitigation: sorting by *received date* is ensured for all API calls.
|
|
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989
https://github.com/phpstan/phpstan/releases/tag/2.0.0
https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md
* More
* More
* Done
* fix i18n CLI
* Restore a PHPStan Next test
For work towards PHPStan Level 10
* 4 more on Level 10
* fix getTagsForEntry
* API at Level 10
* More Level 10
* Finish Minz at Level 10
* Finish CLI at Level 10
* Finish Controllers at Level 10
* More Level 10
* More
* Pass bleedingEdge
* Clean PHPStan options and add TODOs
* Level 10 for main config
* More
* Consitency array vs. list
* Sanitize themes get_infos
* Simplify TagDAO->getTagsForEntries()
* Finish reportAnyTypeWideningInVarTag
* Prepare checkBenevolentUnionTypes and checkImplicitMixed
* Fixes
* Refix
* Another fix
* Casing of __METHOD__ constant
|
|
https://github.com/FreshRSS/simplepie/pull/32
|
|
* Update phpmailer/phpmailer requirement from 6.9.2 to 6.9.3 in /lib
Updates the requirements on [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) to permit the latest version.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.9.2...v6.9.3)
---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update phpmailer
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* revert
Fix code indentation
Fix code
Upgrade code to php 8.1
* fix remarques
* code review
* code review
* code review
* Apply suggestions from code review
* code review
* Fixes
* Many remainging updates of array syntax
* Lost case 'reading-list'
* Uneeded PHPDoc
---------
Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Add extension hook simplepie_after_init
fix https://github.com/FreshRSS/FreshRSS/issues/7006
* Add documentation note
* fix doc get_headers
* Syntax void
* Forgotten code
|
|
* Update phpmailer/phpmailer requirement from 6.9.1 to 6.9.2 in /lib
Updates the requirements on [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) to permit the latest version.
- [Release notes](https://github.com/PHPMailer/PHPMailer/releases)
- [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md)
- [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.9.1...v6.9.2)
---
updated-dependencies:
- dependency-name: phpmailer/phpmailer
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
* Update library code
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
words in previous translations. (#6960)
* upd: Update Turkish translation
* upd: "Ramazan Sancar" was added to Credits.md.
* upd: Turkish translations have been completed. Changes have been made to words in previous translations.
upd: fixed ellipsis usage.
* Update app/i18n/tr/gen.php
* add: Turkish translations have been made for Core Extensions (User CSS, UserJS).
* Update app/i18n/tr/sub.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update app/i18n/tr/sub.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update app/i18n/tr/sub.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6898
|
|
Called when entries are starred or unstarred
|
|
* Apache protect more non-public folders
* Also protect root
* Do the same for /p/
* Simplify Require all denied
In case of Apache 2.2, it will just make an error 500 instead of 403
* .htaccess.dist
* Simplify
* Better comment
|
|
FreshRSS upstream PR merged https://github.com/simplepie/simplepie/pull/883
|
|
* Fix HTML encodings in e.g. cURL options
* Trim headers whitespace
|
|
* Remove HTTP Referer
https://github.com/FreshRSS/simplepie/pull/27
https://github.com/FreshRSS/FreshRSS/pull/6523
fix https://github.com/FreshRSS/FreshRSS/issues/6811
https://github.com/simplepie/simplepie/issues/224
* Bump SimplePie commit
|
|
* SimplePie support for HTTP cache policies
Discussion in https://github.com/FreshRSS/simplepie/pull/26
* Bump SimplePie commit
* Typos
* Typos
* Simpler logic
* Explicitly disable cache for non-GET flows
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
|
|
https://github.com/FreshRSS/FreshRSS/pull/6800#discussion_r1756435762
|
|
* rename lib/SimplePie to lib/CustomSimplePie
* add test for autoloading SimplePie with PSR-0
* install SimplePie 1.6.0
* Add SimplePie CHANGELOG.md, ignore irrelevant files
* remove unmodified custom classes
* rename all customized SimplePie classes
* Add autoloading for SimplePie PSR-0 and CustomSimplePie classes
* let CustomSimplePie extends SimplePie, remove unchanged code
* let CustomSimplePieMisc extends SimplePie\Misc, remove unchanged code
* Add tests for autoloading
* let CustomSimplePieContentTypeSniffer extends Sniffer, remove unchanged code
* remove unchanged CustomSimplePieEnclosure class
The fixed typos are commited to SimplePie
See https://github.com/simplepie/simplepie/pull/722/commits/133eac158cddaf5d2ddf9d9e5f42d92f944f885d
* let CustomSimplePieFile extends SimplePie\File, remove unchanged code
* let CustomSimplePieParser extends SimplePie\Parser, remove unchanged code
* let CustomSimplePieSanitize extends SimplePie\Sanitize, remove unchanged code
* let CustomSimplePieHttpParser extends SimplePie\HTTP\Parser, remove unchanged code
* Remove CustomSimplePie
* Switch SimplePie repo to https://github.com/FreshRSS/simplepie.git
* move to latest branch, update all SimplePie source files
* Use namespaced SimplePie classes, remove SimplePie library folder
* Update to latest SimplePie version with FreshRSS modifications
* Bump SimplePie
Tests expected to fail due to missing a backport of functionalities
* Add fork-specific readme
* Re-implement initial syslog SimplePie GET
https://github.com/FreshRSS/FreshRSS/pull/815
Lacks https://github.com/FreshRSS/FreshRSS/pull/6061
* Closer backport of syslog SimplePie GET
https://github.com/FreshRSS/FreshRSS/pull/6061
But the requests logs will be in the wrong order in case of redirections
* Fixes
* lib update
* SimplePie include a few more files
* Try with cache-hash branch
* Point to newer commit
* Point to newer commit
* Finalise logs
* Finalise
* Bump SimplePie commit
* Bump SimplePie commit
* Readme SimplePie fork
* Bump SimplePie commit
* Better logging
* Bump SimplePie commit
* Reworked approach to work with SimplePie cache
Simpler FreshRSS patches
* Bump SimplePie commit
https://github.com/FreshRSS/simplepie/pull/22
* Simplepie846
https://github.com/FreshRSS/simplepie/pull/23
And additional fixes
* Remove log
* Cherry pick relevant unmerged SimplePie PRs
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix inversed encoding logic in paramArray
https://github.com/FreshRSS/FreshRSS/pull/6797#discussion_r1754661634
Also fix the possibility to use `<'&">` in shortcuts, and some minor encoding bugs in user queries
* Forgot paramArrayString
|
|
* PHPStan booleansInConditions
* Uniformisation
|
|
|
|
* Regex search
fix https://github.com/FreshRSS/FreshRSS/issues/3549
* Fix PHPStan
* Fix escape
* Fix ungreedy
* Initial support for regex search in PostgreSQL and MySQL
* Improvements, support MySQL
* Fix multiline
* Add support for SQLite
* A few tests
* Added author: and inurl: support, documentation
* author example
* Remove \b for now
* Disable regex sanitization for now
* Fix getInurlRegex
* getNotInurlRegex
* Quotes for inurl:
* Fix test
* Fix quoted tags + regex for tags
https://github.com/FreshRSS/FreshRSS/issues/6761
* Fix wrong regex detection
* Add MariaDB
* Fix logic
* Increase requirements for MySQL and MariaDB
Check support for multiline mode in MySQL
* Remove sanitizeRegexes()
* Allow searching HTML code
Allow searching for instance `/<pre>/`
Fix https://github.com/FreshRSS/FreshRSS/issues/6775#issuecomment-2331769883
* Doc regex search HTML
* Fix Doctype
|
|
Includes https://github.com/PhpGt/CssXPath/pull/227
Follow-up of https://github.com/PhpGt/CssXPath/pull/227 for PHP 8.4
Requires PHP 8.0+
Full diff https://github.com/PhpGt/CssXPath/compare/d99d35f7194bac19fb3f8726b70c1bc83de3e931...45f3ac151fc21d459e2515c3aff97cd4bf877bf8
|
|
* Upgrade to PHP 8.1
As discussed in https://github.com/FreshRSS/FreshRSS/discussions/5474
https://www.php.net/releases/8.0/en.php
https://www.php.net/releases/8.1/en.php
Upgrade to available native type declarations
https://php.net/language.types.declarations
Upgrade to https://phpunit.de/announcements/phpunit-10.html which requires PHP 8.1+ (good timing, as version 9 was not maintained anymore)
Upgrade `:oldest` Docker dev image to oldest Alpine version supporting PHP 8.1: Alpine 3.16, which includes PHP 8.1.22.
* Include 6736
https://github.com/FreshRSS/FreshRSS/pull/6736
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6756
|
|
Apply some minor recommendations from Snyk scanner
|
|
Fix case when server is sending a new modified time while the content was not actually modified.
fix https://github.com/FreshRSS/FreshRSS/issues/6712
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6717
|
|
* Minor update whitespace PHPCS rules
To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12.
Does not change our current conventions, but just a bit more consistent.
* Forgotten *.phtml
* Sort exclusion patterns + add a few for Extensions repo
* Relaxed some rules
|
|
Also useful for extensions (including one I am writing)
|
|
* Remove dependency to exit extension
fix https://github.com/FreshRSS/FreshRSS/issues/6573
* Fix return
|
|
* More PHPStan
* More, passing
* 4 more files
* Update to PHPStan 1.11.4
Needed for fixed bug: Consider numeric-string types after string concat
https://github.com/phpstan/phpstan/releases/tag/1.11.4
* Pass PHPStan level 9
Start tracking booleansInConditions
* Fix mark as read
* Fix doctype
* ctype_digit
|
|
* Copy CustomCSS and CustomJS
Original: FreshRSS/Extensions@9f21984
* Rename CustomCSS -> UserCSS
* Rename CustomJS -> UserJS
* Change metadata
The name is used for the directory where the configuration
is stored and should not contain spaces.
Since the name was changed, I reset the version number and
changed to semantic versioning.
* Change data directory
Changed the location of the configuration file to
the user data directory, because it is not `static`.
That way, the user's configurations are gathered
in the user directory, which makes it easier to backup them.
* Edit documentations
Remove procedures to install the extension
because it is no longer necessary.
* Fix wrong variables in the configuration page
Remove permission error indication because the storage location
is now in the user data directory managed by the application.
* Remove the `xExtension-` prefix for core extensions
* Set version to 1.0.0 for UserCSS, UserJS
* Refactoring
* Remove unused variables
* Remove version 0.0.1 in Changelog
Version 0.0.1 will not be merged, so only version 1.0.0 will remain.
* public getFileUrl
* Revert more protected
* Use entrypoint for extension user path instead of name
* Add space to extension name
* Add `#[\Override]`
* Add explains of User CSS and User JS to docs
* Remove README of User CSS and User JS
* Add migration code for extension user path
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6491
Regression from https://github.com/FreshRSS/FreshRSS/pull/6177
|
|
* PHPStan 1.11 + minor update dev dependencies
https://github.com/phpstan/phpstan/releases/tag/1.11.0
* Comment style
|
|
* Auto-update 5038
https://github.com/FreshRSS/FreshRSS/pull/5038
* PostgreSQL
* Draft for MySQL
* More draft MySQL
* Finalise
* A bit more robust
|
|
* Windows: release SQLite
fix https://github.com/FreshRSS/FreshRSS/issues/6275
* Do not use sharedPdo for deleting user
* Case of same user
* Help PHPStan
|
|
* SimplePie strip iframe allow attribute
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#allow
Besides security, the `allow autoplay` atttribute is especially problematic on mobile (Firefox on Android) as it asks to open the YouTube app as soon as the article is opened.
Example of code before:
```html
<iframe data-original="https://www.youtube.com/embed/??????feature=oembed" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen="" sandbox="allow-scripts allow-same-origin"></iframe>
```
* Replace allow attribute
* Allow more
|
|
* PHP 8.3 #[\Override]
https://php.watch/versions/8.3/override-attr
With PHPStan `checkMissingOverrideMethodAttribute` https://phpstan.org/config-reference#checkmissingoverridemethodattribute
And modified the call to phpstan-next on the model of https://github.com/FreshRSS/Extensions/pull/228 (more robust than the find method, which gave some strange errors)
* Update extension example accordingly
|
|
This is especially relevant for HTML+XPath mode, for which we rely on proper URL "absolutize"
Upstream PR https://github.com/simplepie/simplepie/pull/861
|
|
* HTTP Get allow UTF-8 even when charset is far from top
fix https://github.com/FreshRSS/FreshRSS/issues/5586
The case was an HTML document with 15k whitespace then 1.2k of scripts before the `<meta charset="utf-8">` (far from the 1024 bytes suggested by the spec..., and too far for DOMDocument)
* Rewording
* Trim also vertical tab + comment
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6236
https://php.net/reference.pcre.pattern.modifiers
|
|
This will allow to change CSP rules to authorize the use of external scripts.
We might need to add some safeguard since it will be virtually possible to
load any script even malicious one.
|
|
* Refactor some cURL options and use CURLOPT_USERPWD
fix https://github.com/FreshRSS/FreshRSS/issues/6176
* Fixes
|
|
`echo json_encode(...)` is very memory demanding for large responses, so optimised.
Contributes to https://github.com/FreshRSS/FreshRSS/issues/6136
https://github.com/FreshRSS/FreshRSS/pull/6013#discussion_r1506779881
|
|
and related improvements to clarify inheritance
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/6130
|
Alexandre Alapetite
dependabot[bot]
Luc SANCHEZ
Ramazan Sancar
Artur Weigandt
hkcomori
Alexis Degrugillier
