| Age | Commit message (Collapse) | Author |
|---|
|
Follow-up of #7636
I found it's the only missing element that needs to be lazy loaded by putting HTML of https://github.com/cure53/HTTPLeaks/blob/main/leak.html into a feed
|
|
* Add option for CSP frame-ancestors
https://github.com/FreshRSS/FreshRSS/discussions/7856
* Revert contentSelectorPreviewAction
* Same for f.php and api
* Fix double init in f.php
* No sandbox for API page
|
|
Regression from #7763
Earlier regression which was fixed before #7626
In addition:
* get rid of `data-toggle` (refactor)
* show invalid login message if deleting account and entered incorrect password instead of redirect to 403
* remove unused reference to `r` parameter
* `forgetOpenCategories()` on login not on any crypto form
|
|
Before
<img width="536" height="50" alt="image" src="https://github.com/user-attachments/assets/799fe85b-3141-4f02-b020-ab7b06439ddc" />
After
<img width="510" height="46" alt="image" src="https://github.com/user-attachments/assets/780fa55e-e42b-4c4c-8ba9-32b877cf4ddd" />
|
|
This error would print in the console if navigating to last article with <kbd>J</kbd> or <kbd>K</kbd> key:
<img width="836" height="173" alt="image" src="https://github.com/user-attachments/assets/0ae88d1c-26eb-4ebe-8d15-4bf03c24cef6" />
---
To reproduce the bug:
<ol>
<li>Select unread + read view, while having all articles marked as read</li>
<li>Mark two as unread and go to unread only view</li>
<li>Navigate with either <kbd>J</kbd> or <kbd>K</kbd> until you go past the last article or before first article</li>
<li>See error in console and no navigation with <code>first_feed()</code> or <code>last_feed()</code></li>
</ol>
note: I'm not sure if the fix is what the expected behavior is supposed to be
|
|
Closes #6222
Translate the `api/index.php` page
* Update app/i18n/pl/api.php
Co-authored-by: Inverle <inverle@proton.me>
* Update app/i18n/de/api.php
Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com>
* i18n: fr
* <kbd>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
---------
Co-authored-by: Inverle <inverle@proton.me>
Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
1. `include`, `include_once`, `require` and `require_once` are expressions not functions, parentheses are not necessary.
2. to move up the directory tree, it's better to use the `dirname` function instead of relying on `/..`.
|
|
* Closes and fixes error from #7885
* `no-cache.txt` is now respected in `f.php`, `ext.php` and `serve` action in `extensionController`
* And in all other places that weren't checking for `no-cache.txt` (some extensions maybe)
|
|
Drop of back-compatibility with older browsers: use standard `overflow-wrap` instead of `word-wrap` .
We may re-introduce `word-wrap` (in addition of standard `overflow-wrap`) if a need is reported.
* Bump the stylelint group with 2 updates
Bumps the stylelint group with 2 updates: [stylelint](https://github.com/stylelint/stylelint) and [stylelint-config-recommended-scss](https://github.com/stylelint-scss/stylelint-config-recommended-scss).
Updates `stylelint` from 16.23.0 to 16.23.1
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/16.23.0...16.23.1)
Updates `stylelint-config-recommended-scss` from 15.0.1 to 16.0.0
- [Release notes](https://github.com/stylelint-scss/stylelint-config-recommended-scss/releases)
- [Changelog](https://github.com/stylelint-scss/stylelint-config-recommended-scss/blob/master/CHANGELOG.md)
- [Commits](https://github.com/stylelint-scss/stylelint-config-recommended-scss/compare/v15.0.1...v16.0.0)
---
updated-dependencies:
- dependency-name: stylelint
dependency-version: 16.23.1
dependency-type: direct:development
update-type: version-update:semver-patch
dependency-group: stylelint
- dependency-name: stylelint-config-recommended-scss
dependency-version: 16.0.0
dependency-type: direct:development
update-type: version-update:semver-major
dependency-group: stylelint
...
Signed-off-by: dependabot[bot] <support@github.com>
* stylelint --fix
---------
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Ref: #4493
Before:
<img width="816" height="571" alt="grafik" src="https://github.com/user-attachments/assets/bfc6c933-5e4e-46e8-91d7-0e0e7b469671" />
After:
<img width="795" height="523" alt="grafik" src="https://github.com/user-attachments/assets/5b5a668c-c3ca-46ef-be69-ad5b5b90a412" />
|
|
- Fixes for Swage
- Buttons not showing correctly #7465
- Dropdown placement (some dropdowns couldn't fit in viewport)
- Icons not appearing in some places due to color i.e. label management and subscription management page
- Made `.form-group` and button inside search dropdown hover colors slightly darker, for better visibility
- Nav menu style improvements on mobile
- Smaller if not on main page
- Align settings icon on configuration pages to the right
- Support nav menu for feed statistics page
- Text alignment in search dropdown
- Ensure `input, select, textarea` don't overflow the page
- Login link placement in anonymous view
- Other fixes for
- Add via bookmarklet page
- About page
- Shared HTML query page
- Register page
- Text visibility for debug log
- Provide classes `layout.phtml` within `<html>`:
- `logged_in` if applicable
- `controller_$NAME` if applicable
- `file_$NAME` if applicable
- Some other fixes
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: maTh <1645099+math-GH@users.noreply.github.com>
|
|
Before:
<img width="534" height="394" alt="grafik" src="https://github.com/user-attachments/assets/63cbf645-2380-448f-9e96-11cf454f9a13" />
1: menu is not right hand side aligned
2: rounded corner (Origine theme specific)
After:
<img width="533" height="359" alt="grafik" src="https://github.com/user-attachments/assets/bfb8fd79-3190-4d40-bba1-ef5fadb81f01" />
Menu is aligned on the right hand side
Sharp corner
Changes proposed in this pull request:
- CSS
How to test the feature manually:
1. small screen for mobile view
2. open config menu right top corner
Negative check:
other dropdown menus should not be touched (f.e. User Queries menu, search, article labels menu)
|
|
* Improve leave validation
* array_key_exists -> isset
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
I found this todo and just did it. 😆
Changes proposed in this pull request:
- use `open-class` instead of `.box a`
How to test the feature manually:
1. go to global view
2. click on a box title link: it will open the whole category in the panel
3. click on a feed name: it will open the feed articles in the panel
4. nothing will be different for the user as before
|
|
Closes #7644
Before:
<img width="212" height="153" alt="grafik" src="https://github.com/user-attachments/assets/628034cf-421a-43c1-a762-21906d99d5d9" />
After:
<img width="249" height="186" alt="grafik" src="https://github.com/user-attachments/assets/8414aa34-4936-44e1-84e4-52dad70477b6" />
How to test the feature manually:
1. use Ansum/Mapco theme
2. have a small screen to see it in the mobile view
3. see the read all button in the normal view
|
|
|
|
SeaMonkey support was broken by #7752
Reproduce JS file:
```bash
git clone https://github.com/chartjs/Chart.js && \
cd Chart.js && \
git checkout tags/v4.5.0 && \
sed -i 's/es2022/es2021/g' rollup.config.js && \
pnpm install && \
pnpm run build && \
sha256sum dist/chart.umd.min.js
# SHA256 of dist/chart.umd.min.js should be: 311a5a5e0db077a787b782977f359a72f8584f94d800e324dcc6aefe8a006dd7
```
|
|
* Puts CSP everywhere in `p/api`
* including the HTML query page ❗
* Also in `p/ext.php`
* Puts `X-Content-Type-Options: nosniff` everywhere
* Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds)
* Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed
* Improves CSP of `p/f.php`
* Add `sandbox` directive
|
|
* Show warning when unsafe CSP policy is in use
* Fix bare markdown URL
* i18n: fr
* Minor i18n: fr
* Add target="_blank" to i18n strings
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Instead of a repeating pattern like: `<input type="text" value="something" data-leave-validation="something">`, you can now put a `data-auto-leave-validation="1"` attribute on a `<form>` for example, and it will automatically set the `data-leave-validation` attributes inside the form elements.
`data_auto_leave_validation(parent)` from `extra.js` is called on slider open and page load.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
|
|
* Remove background from <code> inside <pre>
This caused an ugly effect where each line has a seperate background to
the whole pre block.
Fixes #7796
* Add James Frost to CREDITS.md
|
|
List of changes:
* The temporary document for printing is now in an `<iframe>` instead of a new tab
* The whole `<head>` element is copied to the temporary document, except for `<script>` tags to copy over the `<meta>` tags as well
* URLs that contain the instance base URL are now removed from the printed PDF
* The saved filename (PDF) will now default to the article title
* `<details>` is auto expanded
* Styling:
* The main document's `<html>` class is copied over to preserve some styling that might use those classes
* Instead of writing `content_el.innerHTML` to the temporary document, `content_el.outerHTML` is now written instead to apply the styles that select `.content`
* `.dropdown-menu` is now hidden in the printed document, because it can't be expanded anyway
* Headers and footers are hidden in the printed document
* The printed document will now display correctly all the time, by waiting for it to load before calling `print()`
* Before, the stylesheets might've not finished loading and the document was broken
* Better browser support on mobile for this feature
* Before, the document would fail to print on Chrome Mobile
Tested on:
* Firefox - both desktop and mobile, works ✅
* Chrome - both desktop and mobile, works ✅
* Opera - desktop, works (same as Chrome) ✅
* Brave - both desktop and mobile (same as Chrome), works ✅
* Safari - both desktop and mobile, works✅
* Microsoft Edge - both desktop and mobile, works ✅
* GNOME Web - desktop, works ✅
* SeaMonkey - desktop, works ✅
Known issues:
* Images may not finish loading the first time the print dialog is opened
TODO:
* [x] Test on Safari
* [x] Try to fix GNOME Web
|
|
* GReader API: fix incorrect favicon URL
* Fix compatibility with custom favicons
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Quick fix, while waiting for something better
Regression from https://github.com/FreshRSS/FreshRSS/pull/7771
|
|
* Use main function `httpGet()` instead of local one;
* Use HTTP cache, also between users;
* Do not default to feed URL when there is no website URL
TODO for later: consider supporting Atom's `<icon>` and RSS 2.0's `<image>` https://github.com/FreshRSS/FreshRSS/issues/7774
|
|
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Require current password when setting new password
* i18n: fr
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
|
|
And add support for HTTP Link header for "self" URL
Changing URL based on "self" URL will only be done when coming from a WebSub push
fix https://github.com/FreshRSS/FreshRSS/issues/7737
|
|
* Prevent onbeforeunload from showing a popup before leaving
* Send mark as read request when leaving and revert interval
* Use visibilitychange event instead of onbeforeunload, and refactor send_mark_read_queue to use fetch
* Move removed code to the new `catch` block
* Refactor with async fetch
|
|
* Fixes for frss.css and make more buttons accessible in anonymous view
* Suggested changes and page overflow fix
* Forgot rtlcss
* Revert anonymous view changes
|
|
* Fix HTML queries with single feed
* Suggestion
|
|
* Fix custom icons not displaying
* Refactor
|
|
Previously when you clicked the "Cancel" button inside of the confirm dialog, the slider would close anyway.
|
|
* Rework #7646: `URLSearchParams` -> `JSON.stringify`
* Single quotes
* Send `id` as int
|
|
Closes #3789, #6503
Icon setting when no custom icon is set yet:
- `Change...` button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. `Submit` must be clicked after selecting the icon.
- `Reset to default` changes the preview icon to the default one, and also requires `Submit` to be clicked to apply the changes.
Full list of changes:
- CSP now includes `blob:` in `img-src` for
- `indexAction()` and `feedAction()` in `subscriptionController.php`
- all of the view actions in `indexController.php`
- Introduce new attribute `customFavicon (boolean)` for feeds that indicates if the feed has a custom favicon
- `hashFavicon()` in `Feed.php` is dependent on this attribute
- `hashFavicon()` has a new parameter called `skipCache (boolean)` that allows the reset of the favicon hash for the Feed object
- `resetFaviconHash()` just calls `hashFavicon(skipCache: true)`
- `f.php` URLs now have the format of `/f.php?h=XXXXX&t=cachebuster`, where the `t` parameter is only used for serving custom favicons
- if `t` parameter is set, `f.php` returns a `Cache-Control: immutable` header
- `stripos` and `strpos` were changed to `str_contains` in various places (refactor)
- JS for handling the custom favicon configuration logic is in `extra.js` inside `init_update_feed()` which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded
- Server-side code for uploading the icon in `subscriptionController.php` under `feedAction()`
- Errors that may occur during the setting of a custom favicon:
- Unsupported image file type (handled only server-side with `isImgMime()`)
- When the file is bigger than 1 MiB (default), handled both client-side and server-side
- Standard feed error when `updateFeed()` fails
- JS vars `javascript_vars.phtml` are no longer escaped with `htmlspecialchars()`, instead with json encoding,
- CSS for disabled buttons was added
- Max favicon file size is configurable with the `max_favicon_upload_size` option in `config.php` (not exposed via UI)
- Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first.
- ` faviconPrepare()` and `faviconRebuild()` are not allowed to be called when the `customFavicon` attribute is `true`
- New i18n strings:
- `'sub.feed.icon' => 'Icon'`
- `'sub.feed.change_favicon' => 'Change…'`
- `'sub.feed.reset_favicon' => 'Reset to default'`
- `'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'`
- `'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'`
- `'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'`
- Extension hook `custom_favicon_hash`
- `setCustomFavicon()` method
- `resetCustomFavicon()` method
- `customFaviconExt` and `customFaviconDisallowDel` attributes
- example of usage: https://github.com/FreshRSS/Extensions/pull/337
- Extension hook `custom_favicon_btn_url`
- Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the `extAction` field set to either `query_icon_info` or `update_icon`, along with an `id` field which describes the feed's ID.
|
|
https://github.com/Ashinch/ReadYou/issues/1081#issuecomment-3009682580
Some other implementations allow `s` to target states:
* https://www.inoreader.com/developers/stream-ids
* https://github.com/theoldreader/api/blob/master/README.md#item-ids
* https://feedhq.readthedocs.io/en/latest/api/reference.html#stream-items-ids
I find this behaviour redundant with `it`, but for the sake of compatibility
|
|
|
|
* Add API endpoint for extensions
Useful for https://github.com/FreshRSS/FreshRSS/issues/7572
* Support PATH_INFO
Now also support being invoked like `/api/misc.php/Extension%20Name/`
* More documentation
|
|
* Include remaining tags/attributes for lazy loading
* Suggested change
|
|
* Fix user self-deletion
* Minor code cleanup
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/7368
|
|
* Implement loading spinner for marking as favorite
* Ensure that the correct previous icon gets set
* Remove delay
* Improve compatibility with various parsers
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Support multiple icons (top, bottom)
* Remove preload for now
* Fix CSS, remove !important
* Implement read/unread and alt
* Ensure correct bookmark icon gets set after error
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Fix favicon hashing in GReader API (#7570)
This allows the correct iconUrl to be returned from the GReader API for
a given feed.
* Fix method signature
* Fix Fever API
---------
Co-authored-by: CarelessCaution <189675655+CarelessCaution@users.noreply.github.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/7552
I cannot find any distribution still supporting Apache 2.2
|
|
Start using `Cache-Control: immutable` for some resources served with a timestamp.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control#immutable
The `<If>` directive requires Apache 2.4+
|
|
* Fix file serving for symlinked extensions from ext.php
* Don't resolve symlink when deleting extension
* Minor syntax
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
|
|
* Themes fix CSS .as-link
Add missing rules.
fix https://github.com/FreshRSS/FreshRSS/pull/7489#issuecomment-2781146577
* More fixes
|
|
fix https://github.com/FreshRSS/FreshRSS/issues/7498
Regression from https://github.com/FreshRSS/FreshRSS/pull/7495
|
|
* Secure serving of user files from extensions
fix https://github.com/FreshRSS/FreshRSS/issues/4930
* More fixes
* Typo
|
Inverle
Alexandre Alapetite
Alexis Degrugillier
dependabot[bot]
maTh
James Frost
hilariousperson
CarelessCaution
