| Age | Commit message (Collapse) | Author |
|---|
|
* API: add remote user in Apache logs
fix https://github.com/FreshRSS/FreshRSS/discussions/8385
Example:
```
2026-01-01T18:38:28.645486326Z 0.0.0.0 - alex [01/Jan/2026:19:38:28 +0100] "GET /api/greader.php/reader/api/0/subscription/list?output=json HTTP/1.1" 200 9798 "-" "curl/8.14.1"
```
* Fallback mod_rewrite
* Log remote user with same priority as FreshRSS_http_Util::httpAuthUser()
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/8378
|
|
Rework:
* https://github.com/FreshRSS/FreshRSS/pull/8222
now that we have:
* https://github.com/FreshRSS/FreshRSS/pull/8293
Follow-up of:
* https://github.com/FreshRSS/FreshRSS/pull/8311
* More simplification
* Deprecate getRawInput
|
|
* Bump to API level 4 for Fever; add with_ids so we can mass-change read/unread/saved/unsaved on lists of articles.
As discussed in https://github.com/FreshRSS/FreshRSS/issues/8305
A small enhancement to the Fever API to vastly increase efficiency when bulk marking items.
-
How to test the feature manually:
The client at:
https://sources.vsta.org:7100/FeedMonkey/file?name=js/Fever.js&ci=tip
has code to talk to this API enhancement (when the API level says it's supported). In particular walkArticles().
* Update indentation per PR check on Github
* make fix-all
* Line length
* Fix many typing issues
* is_numeric
* Update comment
---------
Co-authored-by: Andy Valencia <ajv-899-334-8894@vsta.org>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search.
Fix also some cases with wrong quoting.
Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293
|
|
To allow minimal diagnostic from client side
|
|
* Housekeeping lib_rss.php
`lib_rss.php` had become much too large, especially after https://github.com/FreshRSS/FreshRSS/pull/7924
Moved most functions to other places.
Mostly no change of code otherwise (see comments).
* Extension: composer run-script phpstan-third-party
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/7520
fix https://github.com/FreshRSS/FreshRSS/issues/8168
fix https://github.com/FreshRSS/FreshRSS/discussions/8172
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7583
|
|
* GReader API frss:priority
Experiment with a FreshRSS namespace in the GReader API to see whether there is any interest.
fix https://github.com/FreshRSS/FreshRSS/issues/1868
`'frss:priority'` can be: `'important'`, `'main'`, `'category'`, `'feed'` (there is also the value `hidden`, but which is filtered out and as such never sent through the API at the moment)
* Add visibility feed
https://github.com/FreshRSS/FreshRSS/pull/7972
|
|
* Option to show user labels instead of tags in RSS share
fix https://github.com/FreshRSS/FreshRSS/discussions/8108#discussioncomment-14668813
<img width="711" height="182" alt="image" src="https://github.com/user-attachments/assets/8effb2cd-fffb-4f00-b628-54e963e8b2dc" />
|
|
* API optimisation: more streaming of outputs
I spotted a memory issue when testing https://github.com/FreshRSS/FreshRSS/pull/7714
Attempt to stream results more, instead of keeping too much in memory.
Could be further improved.
* Apply suggestions from code review
Co-authored-by: Alexis Degrugillier <aledeg@users.noreply.github.com>
* Minor whitespace JSON formatting
---------
Co-authored-by: Alexis Degrugillier <aledeg@users.noreply.github.com>
|
|
- add an enum to handle hook types (enum are available since PHP 8.1)
- change hook calls from string value to enum value
|
|
* Add new visibility priority *Show in its feed*
fix https://github.com/FreshRSS/FreshRSS/pull/7970#issuecomment-3293917428 (you can't directly filter a hidden feed, it just shows a 404 page)
And add a new visibility *Show in its feed* to show the feed in the list but not its articles.
Ensure that visibility *hidden* is not shown to API.
* TODO for later
* Update app/i18n/pl/sub.php
Co-authored-by: Inverle <inverle@proton.me>
|
|
* Stable IDs during SQL import
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7949
Make sure that the original category IDs, feed IDs, and label IDs are kept identical during an SQL import.
Avoid breaking everything referring to categories, feeds, labels by their IDs such as searches and third-party extensions.
* Fix export of default category
|
|
* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856
* Revert contentSelectorPreviewAction
* Same for f.php and api
* Fix double init in f.php
* No sandbox for API page
|
|
Closes #6222
Translate the `api/index.php` page
* Update app/i18n/pl/api.php
Co-authored-by: Inverle <inverle@proton.me>
* Update app/i18n/de/api.php
Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com>
* i18n: fr
* <kbd>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---------
Co-authored-by: Inverle <inverle@proton.me>
Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
1. `include`, `include_once`, `require` and `require_once` are expressions not functions, parentheses are not necessary.
2. to move up the directory tree, it's better to use the `dirname` function instead of relying on `/..`.
|
|
* Closes and fixes error from #7885
* `no-cache.txt` is now respected in `f.php`, `ext.php` and `serve` action in `extensionController`
* And in all other places that weren't checking for `no-cache.txt` (some extensions maybe)
|
|
* Puts CSP everywhere in `p/api`
* including the HTML query page ❗
* Also in `p/ext.php`
* Puts `X-Content-Type-Options: nosniff` everywhere
* Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds)
* Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed
* Improves CSP of `p/f.php`
* Add `sandbox` directive
|
|
* GReader API: fix incorrect favicon URL
* Fix compatibility with custom favicons
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
And add support for HTTP Link header for "self" URL
Changing URL based on "self" URL will only be done when coming from a WebSub push
fix https://github.com/FreshRSS/FreshRSS/issues/7737
|
|
* Fix HTML queries with single feed
* Suggestion
|
|
https://github.com/Ashinch/ReadYou/issues/1081#issuecomment-3009682580
Some other implementations allow `s` to target states:
* https://www.inoreader.com/developers/stream-ids
* https://github.com/theoldreader/api/blob/master/README.md#item-ids
* https://feedhq.readthedocs.io/en/latest/api/reference.html#stream-items-ids
I find this behaviour redundant with `it`, but for the sake of compatibility
|
|
* Add API endpoint for extensions
Useful for https://github.com/FreshRSS/FreshRSS/issues/7572
* Support PATH_INFO
Now also support being invoked like `/api/misc.php/Extension%20Name/`
* More documentation
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/7368
|
|
* Fix favicon hashing in GReader API (#7570)
This allows the correct iconUrl to be returned from the GReader API for
a given feed.
* Fix method signature
* Fix Fever API
---------
Co-authored-by: CarelessCaution <189675655+CarelessCaution@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/7435
|
|
|
|
Add option to sort results by received date (existing, default), publication date, title, URL (link), random.
fix https://github.com/FreshRSS/FreshRSS/issues/1771
fix https://github.com/FreshRSS/FreshRSS/issues/2083
fix https://github.com/FreshRSS/FreshRSS/issues/2119
fix https://github.com/FreshRSS/FreshRSS/issues/2596
fix https://github.com/FreshRSS/FreshRSS/issues/3204
fix https://github.com/FreshRSS/FreshRSS/issues/4405
fix https://github.com/FreshRSS/FreshRSS/issues/5529
fix https://github.com/FreshRSS/FreshRSS/issues/5864
fix https://github.com/FreshRSS/Extensions/issues/161
URL parameters:
* `&sort=id` (current behaviour, sorting according to newest received articles)
* `&sort=date` (publication date, which is not indicative of how new an article is)
* `&sort=title`
* `&sort=link`
* `&sort=rand` (random order - which disables infinite scrolling, at least for now)
combined with `&order=ASC` or `&order=DESC`
## Implementation notes
The sorting criteria by *received date* (id), which is the default, and which was the only one before this PR, is the one that has the best sorting characteristics:
* *uniqueness*: no entries have the exact same received date
* *monotonicity*: new entries always have a higher received date
* *performance*: this field is efficiently indexed in database for fast usage, including for paging (indexing could also be done to other fields, but with lower effective performance)
In contrary, sorting criteria such as by *publication date*, by *title*, or by *link* are neither unique nor monotonic. In particular, multiple articles may share the same *publication date*, and we may receive articles with a *publication date* far in the future, and then later some new articles with a *publication date* far in the past.
To understand why sorting by *publication date* is problematic, it helps to think about sorting by *title* or by *link*, as sorting by *title* and by *publication date* share more or less the same characteristics.
### Problem 1: new articles
New articles may be received in the background after what is shown on screen, and before the next user action such as *mark all as read*. Due to the lack of *monotonicity* when sorting by e.g. *publication date* or *title*, users risk marking as read a batch of articles containing some fresh articles without seeing them.
Mitigation: A parameter `idMax` tracks the maximum ID related to a batch of actions such as *mark all as read* to exclude articles received after those that are displayed.
### Problem 2: paging / pagination
When navigating articles, only a few articles are displayed, and a new "page" of articles needs to be received from the database when scrolling down or when clicking the button to show more articles. When sorting by e.g. *publication date* or *title*, it is not trivial to show the next page without re-showing some of the same articles, and without skipping any. Indeed, views are often with additional criteria such as showing only unread articles, and users may mark some articles as read while viewing them, hereby removing some articles from the previous pages. And like for *Problem 1*, new articles may have been received in the background. Consequently, it is not possible to use `OFFSET` to implement pagination (so the patches suggested by a few users were wrong due to that, in particular).
Mitigation: `idMax` is also used (just like for *Problem 1*) and a *Keyset Pagination* approach is used, combining an unstable sorting criterion such as *publication date* or *title*, together with *id* to ensure stable sorting. (So, 2 sorting criteria + 1 filter criteria)
See e.g. https://www.alwaysdeveloping.net/dailydrop/2022/07/01-keyset-pagination/
### Problem 3: performance
Sorting by anything else than *received date* (id) is doomed to be slow(er) due to the combination of 3 criteria (see *Problem 2*). An `OFFSET` approach (which is not possible anyway as explained) would be even slower. Furthermore, we have no SQL index at the moment, but they would not necessarily help much due to the multiple sorting criteria needed and involving some `OR` logic which is difficult to optimise for databases.
The nicest syntax would be using tuples and corresponding indexes, but that is poorly supported by MySQL https://bugs.mysql.com/bug.php?id=104128
Mitigation: a compatibility SQL syntax is used to implement *Keyset Pagination*
### Problem 4: user confusion
Several users have shown that they do not fully understand the difference between *received date* and *publication date*, and particularly not the pitfalls of *publication date*.
Mitigation: the menus to mark-as-read *before 1 day* and *before 1 week* are disabled when sorting by anything else than *received date*. Likewise, the separation headers *Today* and *Yesterday* and *Before yesterday* are only shown when sorting by *received date*.
Again here, to better understand why, it helps to think about sorting by *title* or by *link*, as sorting by *title* and by *publication date* share more or less the same characteristics.
* [ ] We should write a Q&A and/or documentation about the problems associated to *sorting by publication date*: risks of not noticing new publication, of inadvertently marking them as read, of having some articles with a date in the future hanging at the top of the views (vice versa when sorting in ascending order), performance, etc.
### Problem 5: APIs
Sorting by anything else than *received date* breaks the guarantees needed for a successful synchronisation via API.
Mitigation: sorting by *received date* is ensured for all API calls.
|
|
regressions from https://github.com/FreshRSS/FreshRSS/pull/7131
fix https://github.com/FreshRSS/FreshRSS/issues/7154
|
|
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989
https://github.com/phpstan/phpstan/releases/tag/2.0.0
https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md
* More
* More
* Done
* fix i18n CLI
* Restore a PHPStan Next test
For work towards PHPStan Level 10
* 4 more on Level 10
* fix getTagsForEntry
* API at Level 10
* More Level 10
* Finish Minz at Level 10
* Finish CLI at Level 10
* Finish Controllers at Level 10
* More Level 10
* More
* Pass bleedingEdge
* Clean PHPStan options and add TODOs
* Level 10 for main config
* More
* Consitency array vs. list
* Sanitize themes get_infos
* Simplify TagDAO->getTagsForEntries()
* Finish reportAnyTypeWideningInVarTag
* Prepare checkBenevolentUnionTypes and checkImplicitMixed
* Fixes
* Refix
* Another fix
* Casing of __METHOD__ constant
|
|
* improve(GReader): update doc URLs; add TODO
* Link update
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
before
count(...)' is used in a loop and is a low performing construction.
after
Foreach instead (easier to read and support)
Co-authored-by: LucS <l.sanchez-prestataire@alptis.fr>
|
|
* API support edit multiple tags
fix https://github.com/FreshRSS/FreshRSS/issues/7057
* Doc typo
|
|
https://github.com/FreshRSS/FreshRSS/issues/7013#issuecomment-2495281874
|
|
Labels or categories containing a `+` were failing.
And avoid returning everything if the label/category filter is not found.
Compatibility with FocusReader
|
|
* revert
Fix code indentation
Fix code
Upgrade code to php 8.1
* fix remarques
* code review
* code review
* code review
* Apply suggestions from code review
* code review
* Fixes
* Many remainging updates of array syntax
* Lost case 'reading-list'
* Uneeded PHPDoc
---------
Co-authored-by: Luc Sanchez <l.sanchez-prestataire@alptis.fr>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix API add category to multiple feeds
fix https://github.com/FreshRSS/FreshRSS/issues/7013
* Fix PHPDoc variable
* Remove unused variable
|
|
* Allow dynamic search operator in user queries
fix https://github.com/FreshRSS/FreshRSS/issues/6849
* Other approach
|
|
* SimplePie support for HTTP cache policies
Discussion in https://github.com/FreshRSS/simplepie/pull/26
* Bump SimplePie commit
* Typos
* Typos
* Simpler logic
* Explicitly disable cache for non-GET flows
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
* Bump SimplePie commit
|
|
* Upgrade to PHP 8.1
As discussed in https://github.com/FreshRSS/FreshRSS/discussions/5474
https://www.php.net/releases/8.0/en.php
https://www.php.net/releases/8.1/en.php
Upgrade to available native type declarations
https://php.net/language.types.declarations
Upgrade to https://phpunit.de/announcements/phpunit-10.html which requires PHP 8.1+ (good timing, as version 9 was not maintained anymore)
Upgrade `:oldest` Docker dev image to oldest Alpine version supporting PHP 8.1: Alpine 3.16, which includes PHP 8.1.22.
* Include 6736
https://github.com/FreshRSS/FreshRSS/pull/6736
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6717
|
|
* Minor update whitespace PHPCS rules
To simplify our configuration, apply more rules, and be clearer about what is added or removed compared with PSR12.
Does not change our current conventions, but just a bit more consistent.
* Forgotten *.phtml
* Sort exclusion patterns + add a few for Extensions repo
* Relaxed some rules
|
|
* Add default API CORS HTTP Headers
To allow interacting with our APIs from a JavaScript application.
So far limited to the APIs: Greader, User queries
Fix https://github.com/FreshRSS/FreshRSS/discussions/6654#discussioncomment-10131144
* Early abort for OPTIONS requests
* Move a bit OPTIONS test
* No content!
* More cleaning
|
|
fix https://github.com/FreshRSS/FreshRSS/discussions/6654#discussioncomment-10128309
|
|
* Revisit keepMaxUnreads
Again, follow-up of https://github.com/FreshRSS/FreshRSS/pull/5905
fix https://github.com/FreshRSS/FreshRSS/issues/6620
* Refactoring to address buggy cases
* Fix minor test
|
|
* Remove dependency to exit extension
fix https://github.com/FreshRSS/FreshRSS/issues/6573
* Fix return
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/6611
Logged-in users were still able to use their account for some time despite having being disabled by admin
|
|
* More PHPStan
* More, passing
* 4 more files
* Update to PHPStan 1.11.4
Needed for fixed bug: Consider numeric-string types after string concat
https://github.com/phpstan/phpstan/releases/tag/1.11.4
* Pass PHPStan level 9
Start tracking booleansInConditions
* Fix mark as read
* Fix doctype
* ctype_digit
|
Alexandre Alapetite
Andy Valencia
Alexis Degrugillier
Inverle
hilariousperson
CarelessCaution
Brandon Jones
Luc SANCHEZ
