| Age | Commit message (Collapse) | Author |
|---|
|
Safer password evaluation
|
|
Fix https://github.com/FreshRSS/FreshRSS/issues/8268
To better support user management on FreshRSS instance with many users.
SQL speed improved. On a reduced test with 5 users, including some large accounts (PostgreSQL on a very tiny and slow server), improving from ~2.3s to ~1.8s, which gives ~20% speed improvement.
Then tested with 1000 users, with only the default feed (on my old desktop computer):
```sh
for i in {1..1000}; do ./cli/create-user.php --user=freshrss$i --password=freshrss; done
app/actualize_script.php
cli/access-permissions.sh
```
SQLite:
```console
$ time cli/user-info.php | wc -l
1001
real 0m1.366s
user 0m0.908s
sys 0m0.475s
```
PostgreSQL:
```console
$ time cli/user-info.php | wc -l
1001
real 0m28.498s
user 0m12.137s
sys 0m2.217s
```
MariaDB:
```console
# time ./cli/user-info.php | wc -l
1001
real 0m49.485s
user 0m1.276s
sys 0m2.258s
```
Yes, SQLite is much faster - not a surprise for such use-cases, where the TCP connection is not re-used.
I have added some CLI options to disable some statistics:
```sh
cli/user-info.php --no-db-size --no-db-counts
```
For the Web UI, I have disabled detailed user statistics if it takes too long, and retrieve missing user statistics asynchronously via JavaScript. Lazy loading of the user details based on IntersectionObserver, with maximum 10 requests in parallel.
Web UI tested on 1000 users as well. Checked with SeaMonkey.
|
|
Follow-up (or replacement) of https://github.com/FreshRSS/FreshRSS/pull/8167
|
|
Rewrote the last Promise pattern of our code-base with an async/await pattern: [custom feed favicons](https://github.com/FreshRSS/FreshRSS/pull/7646)
Related to:
* https://github.com/FreshRSS/FreshRSS/pull/7962
|
|
Harmless bug introduced in https://github.com/FreshRSS/FreshRSS/pull/7877
Before:
<img width="1580" height="96" alt="image" src="https://github.com/user-attachments/assets/eaebd4fc-fb40-49ec-83af-43bde3009b00" />
(load *Archiving* page for example, `init_crypto_forms()` is not called on view pages)
|
|
## Screenshots
<details>
<summary>Before</summary>
<img width="773" height="652" alt="image" src="https://github.com/user-attachments/assets/89a0e58c-8c4a-41ff-b5d6-3e916079d563" />
</details>
<details>
<summary>After</summary>
<img width="1006" height="646" alt="image" src="https://github.com/user-attachments/assets/f4575103-7365-4870-a170-2742bf10eb27" />
</details>
This is an example on Firefox, where the `Master authentication token` field was incorrectly being autofilled.
Red borders are indicating that the fields are required.
## List of changes
* `required="required"` is now being added to the password fields if the section is open
* The `challenge` field is being added if section is open instead of when at least one of the password fields isn't empty due to autocomplete
* Added `autocomplete="new-password"` on fields that shouldn't be autocompleted
* Unfortunately Chrome requires a workaround with CSS
* Not tested on Safari yet
* User will be redirected to profile page after successfully changing their password instead of index page
## How to test
Autocomplete related changes should be tested on a HTTPS page with saved credentials for FreshRSS
|
|
Regression from #7763
Earlier regression which was fixed before #7626
In addition:
* get rid of `data-toggle` (refactor)
* show invalid login message if deleting account and entered incorrect password instead of redirect to 403
* remove unused reference to `r` parameter
* `forgetOpenCategories()` on login not on any crypto form
|
|
* Improve leave validation
* array_key_exists -> isset
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Instead of a repeating pattern like: `<input type="text" value="something" data-leave-validation="something">`, you can now put a `data-auto-leave-validation="1"` attribute on a `<form>` for example, and it will automatically set the `data-leave-validation` attributes inside the form elements.
`data_auto_leave_validation(parent)` from `extra.js` is called on slider open and page load.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Require current password when setting new password
* i18n: fr
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Previously when you clicked the "Cancel" button inside of the confirm dialog, the slider would close anyway.
|
|
* Rework #7646: `URLSearchParams` -> `JSON.stringify`
* Single quotes
* Send `id` as int
|
|
Closes #3789, #6503
Icon setting when no custom icon is set yet:
- `Change...` button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. `Submit` must be clicked after selecting the icon.
- `Reset to default` changes the preview icon to the default one, and also requires `Submit` to be clicked to apply the changes.
Full list of changes:
- CSP now includes `blob:` in `img-src` for
- `indexAction()` and `feedAction()` in `subscriptionController.php`
- all of the view actions in `indexController.php`
- Introduce new attribute `customFavicon (boolean)` for feeds that indicates if the feed has a custom favicon
- `hashFavicon()` in `Feed.php` is dependent on this attribute
- `hashFavicon()` has a new parameter called `skipCache (boolean)` that allows the reset of the favicon hash for the Feed object
- `resetFaviconHash()` just calls `hashFavicon(skipCache: true)`
- `f.php` URLs now have the format of `/f.php?h=XXXXX&t=cachebuster`, where the `t` parameter is only used for serving custom favicons
- if `t` parameter is set, `f.php` returns a `Cache-Control: immutable` header
- `stripos` and `strpos` were changed to `str_contains` in various places (refactor)
- JS for handling the custom favicon configuration logic is in `extra.js` inside `init_update_feed()` which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded
- Server-side code for uploading the icon in `subscriptionController.php` under `feedAction()`
- Errors that may occur during the setting of a custom favicon:
- Unsupported image file type (handled only server-side with `isImgMime()`)
- When the file is bigger than 1 MiB (default), handled both client-side and server-side
- Standard feed error when `updateFeed()` fails
- JS vars `javascript_vars.phtml` are no longer escaped with `htmlspecialchars()`, instead with json encoding,
- CSS for disabled buttons was added
- Max favicon file size is configurable with the `max_favicon_upload_size` option in `config.php` (not exposed via UI)
- Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first.
- ` faviconPrepare()` and `faviconRebuild()` are not allowed to be called when the `customFavicon` attribute is `true`
- New i18n strings:
- `'sub.feed.icon' => 'Icon'`
- `'sub.feed.change_favicon' => 'Change…'`
- `'sub.feed.reset_favicon' => 'Reset to default'`
- `'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'`
- `'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'`
- `'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'`
- Extension hook `custom_favicon_hash`
- `setCustomFavicon()` method
- `resetCustomFavicon()` method
- `customFaviconExt` and `customFaviconDisallowDel` attributes
- example of usage: https://github.com/FreshRSS/Extensions/pull/337
- Extension hook `custom_favicon_btn_url`
- Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the `extAction` field set to either `query_icon_info` or `update_icon`, along with an `id` field which describes the feed's ID.
|
|
* Fix user self-deletion
* Minor code cleanup
|
|
https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0
Can be updated to the latest version with:
`curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js`
|
|
Fix https://github.com/FreshRSS/FreshRSS/issues/7019
|
|
Restore compatibility with older browsers (e.g. Firefox and Chrome older than 2020) and simplify code at the same time
https://developer.mozilla.org/en-US/docs/Web/API/SubmitEvent/submitter
Contributes to https://github.com/FreshRSS/FreshRSS/issues/6776
Was introduced by https://github.com/FreshRSS/FreshRSS/pull/4370 (to be retested a bit more, though)
|
|
* Allow deep link to extension configuration
Full screen
* Support slider
* Add aside_configure
Fix https://github.com/FreshRSS/FreshRSS/pull/5449#issuecomment-1588089769
|
|
* prependTitle()
* do not need the "damn" in the alert
* update page layout improved
* release channel
* i18n labels
* add log messages while updating
* Delete updatee.php
* Update updateController.php
* Update updateController.php
* Update updateController.php
* Update updateController.php
* add getCurrentGitBranch()
* Update updateController.php
* state2 buttons
* i18n
* loading
* Update feedback.php
* Update feedback.php
* Update feedback.php
* Update extra.js
* Apply suggestions from code review
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
* Update updateController.php
* Update terminology
* update button is now armed
---------
Co-authored-by: Luc SANCHEZ <4697568+ColonelMoutarde@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
|
|
* less buttons on step 1
* add form-group
* jump to next step as link not as button
* improve navigation bar HTML structure
* sync password-show button with extra.js
* fix CSS
* i18n: step 4: split text strings for help text (max chars default user)
* show menu button if mobile view
* improve header layout with empty div
* step 5: button in form-actions
* improve buttons in goup-controls
* Favicon added
* Button: Font color hover btn-attention
* install check step: add subtitles
* fix .btn
* improve tabindex
* improve showPW_this()
|
|
|
|
|
|
* Block page if slider is open; Hides the double page scrollbar
* Slider scrollbar default width
* Update frss.rtl.css
* Add user Cyb10101 to credits
* make fix-all
* make fix-all (second pass)
Co-authored-by: mathContao <math-home@web.de>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* add close button, add content slider div
* add &ajax=1#slider to the links
* CSS
* fix showPW functionality
* open slider after received Ajax
* do not show empty slider
* RTL CSS
* fixed code smell
* improved: links prep via JS
* Redirect anchor
* enable #anchors in printuri()
* enable #slider when config was saved
* Active sliding via JS
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Dynamic OPML draft
#fix https://github.com/FreshRSS/FreshRSS/issues/4191
* Export dynamic OPML
http://opml.org/spec2.opml#1629043127000
* Restart with simpler approach
* Minor revert
* Export dynamic OPML also for single feeds
* Special category type for importing dynamic OPML
* Parameter for excludeMutedFeeds
* Details
* More draft
* i18n
* Fix update
* Draft manual import working
* Working manual refresh
* Draft automatic update
* Working Web refresh + fixes
* Import/export dynamic OPML settings
* Annoying numerous lines in SQL logs
* Fix minor JavaScript error
* Fix auto adding new columns
* Add require
* Add missing 🗲
* Missing space
* Disable adding new feeds to dynamic categories
* Link from import
* i18n typo
* Improve theme icon function
* Fix pink-dark
|
|
* change close-slider behind slider
* open/close slider via anchor
* use shortcuts globaly
* deleted debugging console.log()
|
|
|
|
* fix
* Update extra.js
* reorga the scripts
* Update extra.js
* Several fixes
https://github.com/FreshRSS/FreshRSS/pull/4291#issuecomment-1125472321
* More fixes
* Cleaning
* fix pr 4291
* Reorganise some script functions
* Remove unused popup-txt
And associated function openPopupWithMessage
* Fix archiving categories
https://github.com/FreshRSS/FreshRSS/pull/4291#issuecomment-1126924602
* Fix stats
https://github.com/FreshRSS/FreshRSS/pull/4291#issuecomment-1126983134
* Fix direct subscription
E.g. http://localhost/i/?c=subscription&id=735
* Fix subscription add
https://github.com/FreshRSS/FreshRSS/pull/4291#issuecomment-1126991621
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* it works with alert
* timout does not work without alert
* switch to click - it solve all problems
* Update extra.js
* Update extra.js
* Update extra.js
* Update p/scripts/extra.js
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* it works
* small improvements
* Update slider.js
* fixed JS syntax
* slider.js included in main.js
* fix syntax
* delete including of slider.js
* Update extra.js
|
|
* done
* fix extra.js
* click event
* URL input does not extend anymore
* fix
* improved the i18n key
* Update app/i18n/fr/gen.php
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* More PHP type hints for Fever
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4201
Related to https://github.com/FreshRSS/FreshRSS/issues/4200
* Detail
* Draft
* Progress
* More draft
* Fix thumbnail PHP type hint
https://github.com/FreshRSS/FreshRSS/issues/4215
* More types
* A bit more
* Refactor FreshRSS_Entry::fromArray
* Progress
* Starts to work
* Categories
* Fonctional
* Layout update
* Fix relative URLs
* Cache system
* Forgotten files
* Remove a debug line
* Automatic form validation of XPath expressions
* data-leave-validation
* Fix reload action
* Simpler examples
* Fix column type for PostgreSQL
* Enforce HTTP encoding
* Readme
* Fix get full content
* target="_blank"
* gitignore
* htmlspecialchars_utf8
* Implement HTML <base>
And fix/revert `xml:base` support in SimplePie https://github.com/simplepie/simplepie/commit/e49c578817aa504d8d05cd7f33857aeda9d41908
* SimplePie upstream PR merged
https://github.com/simplepie/simplepie/pull/723
|
|
* CSS + JS
* fixed the quotes
|
|
* fixed missed popup
* fix missed document.getElementById('loginButton')
* make fix-all
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* fixed space char as default password
* fix: whitespace in feed http username configuration
* fix: type=password
* extend the type=password with the watch-password-plain button
* init_extra() again for new slider content
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* ESLint upgrade from JSHint
* commit corresponding package.json
* `npm run fix` for automatic JS and CSS fixes
* Keep JSHint config for now
|
|
I've refactored the user query code to be able to use it also on the
integration configuration page. Now, items can be re-organized as in
the user query list.
|
|
* Fix bugs in anomymous mode
Login bug (submit button not working) and refresh bug (JS null
exception, and then 403).
* Take advantage of existing variable
|
|
Disable submit button until extra.js with its crypto functions is
loaded.
|
|
* feature(normal) - Remember opened categories in the left menu
Session storage based implementation to remember opened categories in left menu
Issue Ref: #2248
* lib_phpQuery updates
* Updates covering feedback points and functionality fixes
* Feedback updates
* Revert "lib_phpQuery updates"
This reverts commit dcd23b9418405a2d14ee03c1fcadf90c04b267e1.
* First review
Change variable name to "remember" instead of "open".
Start using localStorage instead of sessionStorage.
Simplify code.
* Simplify remember categories init function
Replace 'session' with 'local' in function names and comment
Set open categories CSS as same as when category is opened in 'active' unfold mode
* Remove URLSearchParams check in remember categories init function
* Delete open categories on login and logout
* JSHint check fix
* Second review
* Make new mode the default for new users
* Always open active category
* Reduce / simplify code
* i18n French
* Revert default value
Wait a bit more for this decision / change
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Docker Alpine 3.12 (#3025)
https://alpinelinux.org/posts/Alpine-3.12.0-released.html
With PHP 7.3.18 (from 7.3.17) (and Apache 2.4.43 unchanged).
No other significant change spotted
* Ensure feed attributes are used before load
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix JS for statistics repartition select form
Error was: `s.form is null in extra.js:166:7`
At the same time, disable the form and clears the value while waiting
for the next page to load, to better understand what is happening.
* Whitespace
|
|
- Add a maintenance section to be able to clear cache and force reload a feed.
- Add an icon next to path field to show a pop-up with the result of the content path.
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Marien Fressinaud <dev@marienfressinaud.fr>
|
|
* Change archiving config page layout
I've changed some wording and moved actions into a
maintenance section.
* Update purge action
Now we have more control on the purge action. The configuration allows
us to choose what to keep and what to discard in a more precise way.
At the moment, the configuration applies for all feeds.
* Add purge configuration on feed level
Now the extend purge configuration is available on feed level.
It is stored as attributes and will be used in the purge action.
* Update purge action
Now the purge action uses the feed configuration if it exists and
defaults on user configuration if not.
* Add empty option in period list
* Fix configuration warnings
* Add archiving configuration on categories
See #2369
* Add user info back
* Add explanations in UI
* Fixes for SQLite + error + misc.
* Fix invalid feed reference
* Short array syntax
Only for new code, so far
* Fix prefix error
* Query performance, default values
Work in progress
* Fix default values and confirm before leaving
Form cancel and confirm changes before leaving were broken.
And start taking advantage of the short echo syntax `<?= ?>` as we have
moved to PHP 5.4+
* More work
* Tuning SQL
* Fix MariaDB + performance issue
* SQL performance
* Fix SQLite bug
* Fix some attributes JSON encoding bugs
Especially for SQLite export/import
* More uniform, fix bugs
More uniform between global, category, feed settings
* Drop special cases for old articles during refresh
Instead will use lastSeen date with the new archiving logic.
This was generating problems anyway
https://github.com/FreshRSS/FreshRSS/issues/2154
* Draft drop index keep_history
Not needed anymore
* MySQL typo
Now properly tested with MySQL, PostgreSQL, SQLite
* More work for legacy values
Important to avoid overriding user's preference and risking deleting
data erroneously
* Fix PHP 7.3 / 7.4 warnings
@aledeg "Trying to use values of type null, bool, int, float or resource
as an array (such as $null["key"]) will now generate a notice. "
https://php.net/migration74.incompatible
* Reintroduce min articles and take care of legacy parameters
* A few changes forgotten
* Draft of migration + DROP of feed.keep_history
* Fix several errors
And give up using const for SQL to allow multiple database types (and we
cannot redefine a const)
* Add keep_min to categories + factorise archiving logic
* Legacy fix
* Fix bug yield from
* Minor: Use JSON_UNESCAPED_SLASHE for attributes
And make more uniform
* Fix sign and missing variable
* Fine tune the logic
|
|
https://www.gnu.org/software/librejs/
https://addons.mozilla.org/firefox/addon/librejs/
Did not touch jquery.min.js because it is a third party script, which is regularly updated, and the add-on does not seem to block it enough to break our statitics page, which remains usable.
|
|
* Fixed user configuration 404
https://github.com/FreshRSS/FreshRSS/pull/2234#issuecomment-466561555
* Fixed "SPACE" shortcut bug
https://github.com/FreshRSS/FreshRSS/pull/2234#issuecomment-466626412
* Use next feed / previous feed when reaching last / first article
instead of looping
* Jump to next / previous category when reaching last / first feed
instead of looping
|
|
* Less jQuery
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/2199
* Even less jQuery + global view unread title fix
* Even less jQuery
* Yet even less jQuery
* Even less jQuery
* Reduce some events
* Even less jQuery
* jQuery gone from main view
+Fixed English i18n
* Fix feed folded view
* Remove Firefox 64 workaround
Remove workaround for Gecko bug 1514498 in Firefox 64, fixed in Firefox
65
* Split to extra.js
Avoid loading unneeded JavaScript code for the main view.
+ several adjustements
* Improve CSS transition fold category
* Rewrite shortcuts
Remove library. Much faster, shorter, one listener instead of many.
Control of the shortcut context.
Fix https://github.com/FreshRSS/FreshRSS/issues/2215
* Remove debug
* Minor syntax
* Filter out unwanted shortcut modifiers
* Menu overflow fix
* Typo
* Fix unfolding in mobile view
* Remove jQuery from category.js
* Remove jQuery from Global view
|
Alexandre Alapetite
Inverle
maTh
Cyb10101
Alexis Degrugillier
Prashant Tholia
Julien-Pierre Avérous
