From 9d55313b92811bad7b4d0cc8bc87c3dcd8fafb2c Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 4 Nov 2015 21:44:08 +0100
Subject: Start 1.3.1-dev version

---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 167c5a29e..2c2d7f4cf 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 2015-xx-xx FreshRSS 1.3.1-beta
+
+* Nothing for the moment.
+
 ## 2015-11-03 FreshRSS 1.2.0 / 1.3.0-beta
 
 * Features
-- 
cgit v1.2.3


From 159ea0aecf2f3738da4fdf70e7e0aaffade60dcc Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 24 Jan 2016 13:28:29 +0100
Subject: Readme jQuery 2.2

---
 CHANGELOG.md | 13 ++++++++-----
 1 file changed, 8 insertions(+), 5 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2c2d7f4cf..d089cb86e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,8 +1,11 @@
 # Changelog
 
-## 2015-xx-xx FreshRSS 1.3.1-beta
+## 2016-xx-xx FreshRSS 1.3.1-beta
+
+* UI
+	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
+	* Updated to jQuery 2.2 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
 
-* Nothing for the moment.
 
 ## 2015-11-03 FreshRSS 1.2.0 / 1.3.0-beta
 
@@ -12,13 +15,13 @@
 * Security
 	* Invalid logins now return HTTP 403, to be easier to catch (e.g. fail2ban) [#1015](https://github.com/FreshRSS/FreshRSS/issues/1015)
 * UI
-    * Remove "title" field during installation [#858](https://github.com/FreshRSS/FreshRSS/issues/858)
+	* Remove "title" field during installation [#858](https://github.com/FreshRSS/FreshRSS/issues/858)
 	* Visual alert on categories containing feeds in error [#984](https://github.com/FreshRSS/FreshRSS/pull/984)
 * I18n
 	* Italian [#1003](https://github.com/FreshRSS/FreshRSS/issues/1003)
 * Misc.
-    * Support reverse proxy [#975](https://github.com/FreshRSS/FreshRSS/issues/975)
-    * Make auto-update server URL alterable [#1019](https://github.com/FreshRSS/FreshRSS/issues/1019)
+	* Support reverse proxy [#975](https://github.com/FreshRSS/FreshRSS/issues/975)
+	* Make auto-update server URL alterable [#1019](https://github.com/FreshRSS/FreshRSS/issues/1019)
 
 
 ## 2015-09-12 FreshRSS 1.1.3-beta
-- 
cgit v1.2.3


From ad54c6624c3adddc345688f97c80b19dfc523ded Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 16 Feb 2016 19:16:53 +0100
Subject: Changelog Turkish language

By https://github.com/hckweb
https://github.com/FreshRSS/FreshRSS/issues/1073
https://github.com/FreshRSS/FreshRSS/pull/1074
---
 CHANGELOG.md | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index d089cb86e..7f96839eb 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,8 @@
 * UI
 	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
 	* Updated to jQuery 2.2 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
+* I18n
+	* Turkish [#1073](https://github.com/FreshRSS/FreshRSS/issues/1073)
 
 
 ## 2015-11-03 FreshRSS 1.2.0 / 1.3.0-beta
-- 
cgit v1.2.3


From cb913a3a76daf357ad36ca39c26b4aaf800211d2 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 21 Feb 2016 19:15:23 +0100
Subject: CSP for statistics and forms

https://github.com/FreshRSS/FreshRSS/issues/1075
---
 CHANGELOG.md                       |  2 ++
 app/FreshRSS.php                   |  6 +++++-
 app/layout/aside_feed.phtml        |  2 +-
 app/layout/nav_menu.phtml          |  2 +-
 app/views/extension/index.phtml    |  2 +-
 app/views/feed/add.phtml           |  2 +-
 app/views/helpers/pagination.phtml |  2 +-
 app/views/stats/idle.phtml         |  2 +-
 app/views/stats/index.phtml        | 10 +++++-----
 app/views/stats/repartition.phtml  | 10 +++++-----
 app/views/subscription/index.phtml |  4 ++--
 p/scripts/main.js                  |  6 +++---
 p/themes/base-theme/template.css   |  8 ++++++++
 13 files changed, 36 insertions(+), 22 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7f96839eb..7fc872040 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,8 @@
 
 ## 2016-xx-xx FreshRSS 1.3.1-beta
 
+* Security
+	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 * UI
 	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
 	* Updated to jQuery 2.2 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index a6ed2a306..62ea18d96 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -111,7 +111,11 @@ class FreshRSS extends Minz_FrontController {
 	}
 
 	public static function preLayout() {
-		header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'");
+		if (Minz_Request::controllerName() === 'stats') {
+			header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
+		} else {
+			header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+		}
 	}
 
 	private function loadNotifications() {
diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml
index 307db6af8..4e1903a7a 100644
--- a/app/layout/aside_feed.phtml
+++ b/app/layout/aside_feed.phtml
@@ -19,7 +19,7 @@
 	<a href="<?php echo _url('index', 'about'); ?>"><?php echo _t('index.menu.about'); ?></a>
 	<?php } ?>
 
-	<form id="mark-read-aside" method="post" style="display: none"></form>
+	<form id="mark-read-aside" method="post" aria-hidden="true"></form>
 
 	<ul class="tree">
 		<li class="tree-folder category all<?php echo FreshRSS_Context::isCurrentGet('a') ? ' active' : ''; ?>">
diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
index 3a755b560..0f303beb8 100644
--- a/app/layout/nav_menu.phtml
+++ b/app/layout/nav_menu.phtml
@@ -79,7 +79,7 @@
 		);
 	?>
 
-	<form id="mark-read-menu" method="post" style="display: none"></form>
+	<form id="mark-read-menu" method="post" aria-hidden="true"></form>
 
 	<div class="stick" id="nav_menu_read_all">
 		<?php $confirm = FreshRSS_Context::$user_conf->reading_confirm ? 'confirm' : ''; ?>
diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml
index f2d05028f..4b0d5ebeb 100644
--- a/app/views/extension/index.phtml
+++ b/app/views/extension/index.phtml
@@ -5,7 +5,7 @@
 
 	<h1><?php echo _t('admin.extensions.title'); ?></h1>
 
-	<form id="form-extension" method="post" style="display: none"></form>
+	<form id="form-extension" method="post" aria-hidden="true"></form>
 	<?php if (!empty($this->extension_list['system'])) { ?>
 	<h2><?php echo _t('admin.extensions.system'); ?></h2>
 	<?php
diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml
index 35f6fbb12..fd6d41b1d 100644
--- a/app/views/feed/add.phtml
+++ b/app/views/feed/add.phtml
@@ -56,7 +56,7 @@
 					<option value="nc"><?php echo _t('sub.category.new'); ?></option>
 				</select>
 
-				<span style="display: none;">
+				<span aria-hidden="true">
 					<input type="text" name="new_category[name]" id="new_category_name" autocomplete="off" placeholder="<?php echo _t('sub.category.new'); ?>" />
 				</span>
 			</div>
diff --git a/app/views/helpers/pagination.phtml b/app/views/helpers/pagination.phtml
index b20201c4b..7eca8c525 100755
--- a/app/views/helpers/pagination.phtml
+++ b/app/views/helpers/pagination.phtml
@@ -14,7 +14,7 @@
 	);
 ?>
 
-<form id="mark-read-pagination" method="post" style="display: none"></form>
+<form id="mark-read-pagination" method="post" aria-hidden="true"></form>
 
 <ul class="pagination">
 	<li class="item pager-next">
diff --git a/app/views/stats/idle.phtml b/app/views/stats/idle.phtml
index 22117792d..11b7df8c4 100644
--- a/app/views/stats/idle.phtml
+++ b/app/views/stats/idle.phtml
@@ -18,7 +18,7 @@
 		<div class="stat">
 			<h2><?php echo _t('gen.date.' . $period); ?></h2>
 
-			<form id="form-delete" method="post" style="display: none"></form>
+			<form id="form-delete" method="post" aria-hidden="true"></form>
 
 			<?php foreach ($feeds as $feed) { ?>
 			<ul class="horizontal-list">
diff --git a/app/views/stats/index.phtml b/app/views/stats/index.phtml
index c11b88999..0a2fbdb10 100644
--- a/app/views/stats/index.phtml
+++ b/app/views/stats/index.phtml
@@ -66,18 +66,18 @@
 
 	<div class="stat">
 		<h2><?php echo _t('admin.stats.entry_per_day'); ?></h2>
-		<div id="statsEntryPerDay" style="height: 300px"></div>
+		<div id="statsEntryPerDay" class="statGraph"></div>
 	</div>
 
 	<div class="stat half">
 		<h2><?php echo _t('admin.stats.feed_per_category'); ?></h2>
-		<div id="statsFeedPerCategory" style="height: 300px"></div>
+		<div id="statsFeedPerCategory" class="statGraph"></div>
 		<div id="statsFeedPerCategoryLegend"></div>
-	</div><!--
+	</div>
 
-	--><div class="stat half">
+	<div class="stat half">
 		<h2><?php echo _t('admin.stats.entry_per_category'); ?></h2>
-		<div id="statsEntryPerCategory" style="height: 300px"></div>
+		<div id="statsEntryPerCategory" class="statGraph"></div>
 		<div id="statsEntryPerCategoryLegend"></div>
 	</div>
 </div>
diff --git a/app/views/stats/repartition.phtml b/app/views/stats/repartition.phtml
index 980b26a3d..ffb2c361e 100644
--- a/app/views/stats/repartition.phtml
+++ b/app/views/stats/repartition.phtml
@@ -48,17 +48,17 @@
 
 	<div class="stat">
 		<h2><?php echo _t('admin.stats.entry_per_hour', $this->averageHour); ?></h2>
-		<div id="statsEntryPerHour" style="height: 300px"></div>
+		<div id="statsEntryPerHour" class="statGraph"></div>
 	</div>
 
 	<div class="stat half">
 		<h2><?php echo _t('admin.stats.entry_per_day_of_week', $this->averageDayOfWeek); ?></h2>
-		<div id="statsEntryPerDayOfWeek" style="height: 300px"></div>
-	</div><!--
+		<div id="statsEntryPerDayOfWeek" class="statGraph"></div>
+	</div>
 
-	--><div class="stat half">
+	<div class="stat half">
 		<h2><?php echo _t('admin.stats.entry_per_month', $this->averageMonth); ?></h2>
-		<div id="statsEntryPerMonth" style="height: 300px"></div>
+		<div id="statsEntryPerMonth" class="statGraph"></div>
 	</div>
 </div>
 
diff --git a/app/views/subscription/index.phtml b/app/views/subscription/index.phtml
index 2cfe3f33c..07cebf817 100644
--- a/app/views/subscription/index.phtml
+++ b/app/views/subscription/index.phtml
@@ -28,7 +28,7 @@
 						</select>
 					</li>
 
-					<li class="input" style="display:none">
+					<li class="input" aria-hidden="true">
 						<input type="text" name="new_category[name]" id="new_category_name" autocomplete="off" placeholder="<?php echo _t('sub.category.new'); ?>" />
 					</li>
 
@@ -62,7 +62,7 @@
 		</ul>
 	</div>
 
-	<form id="controller-category" method="post" style="display: none;"></form>
+	<form id="controller-category" method="post" aria-hidden="true"></form>
 
 	<?php
 		foreach ($this->categories as $cat) {
diff --git a/p/scripts/main.js b/p/scripts/main.js
index cfde5fd4e..d62a6aff8 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -899,7 +899,7 @@ function refreshUnreads() {
 
 			if ((incUnreadsFeed(null, feed_id, nbUnreads - feed_unreads) || isAll) &&	//Update of current view?
 				(nbUnreads - feed_unreads > 0)) {
-				$('#new-article').show();
+				$('#new-article').attr('aria-hidden', 'false').show();
 				new_articles = true;
 			};
 		});
@@ -1122,10 +1122,10 @@ function init_feed_observers() {
 	$('select[id="category"]').on('change', function() {
 		var detail = $('#new_category_name').parent();
 		if ($(this).val() === 'nc') {
-			detail.show();
+			detail.attr('aria-hidden', 'false').show();
 			detail.find('input').focus();
 		} else {
-			detail.hide();
+			detail.attr('aria-hidden', 'true').hide();
 		}
 	});
 }
diff --git a/p/themes/base-theme/template.css b/p/themes/base-theme/template.css
index 17a43d3ed..8a12423be 100644
--- a/p/themes/base-theme/template.css
+++ b/p/themes/base-theme/template.css
@@ -110,6 +110,11 @@ td.numeric {
 
 /*=== COMPONENTS */
 /*===============*/
+
+[aria-hidden="true"] {
+	display: none;
+}
+
 /*=== Forms */
 .form-group::after {
 	content: "";
@@ -620,6 +625,9 @@ br + br + br {
 .stat > table {
 	width: 100%;
 }
+.statGraph {
+	height: 300px;
+}
 
 /*=== GLOBAL VIEW */
 /*================*/
-- 
cgit v1.2.3


From be3b2e3327df2bdc831d477ab7517132dae6c4e6 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 28 Feb 2016 12:36:55 +0100
Subject: Readme 1.3.1-beta

---
 CHANGELOG.md | 18 +++++++++++++++---
 1 file changed, 15 insertions(+), 3 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7fc872040..7efb05aae 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,14 +1,26 @@
 # Changelog
 
-## 2016-xx-xx FreshRSS 1.3.1-beta
+## 2016-03-xx FreshRSS 1.3.1-beta
 
 * Security
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
+* Features
+	* Add sharing with "Journal du Hacker" [#1056](https://github.com/FreshRSS/FreshRSS/pull/1056)
 * UI
-	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
-	* Updated to jQuery 2.2 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
+	* Updated to jQuery 2.2.1 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050), [#1091](https://github.com/FreshRSS/FreshRSS/pull/1091)
 * I18n
 	* Turkish [#1073](https://github.com/FreshRSS/FreshRSS/issues/1073)
+* Bug fixing
+	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
+	* Fixed sharing bug with PHP7 [#1072](https://github.com/FreshRSS/FreshRSS/issues/1072)
+	* Fixed fall-back when php-json is not installed [#1092](https://github.com/FreshRSS/FreshRSS/issues/1092)
+* API
+	* Possibility to show only read items [#1035](https://github.com/FreshRSS/FreshRSS/pull/1035)
+* Misc.
+	* Filters `<img />` attributes `srcset` and `sizes` [#1077](https://github.com/FreshRSS/FreshRSS/issues/1077), [#1086](https://github.com/FreshRSS/FreshRSS/pull/1086)
+	* Implement PubSubHubbub unsubscribe responses [#1058](https://github.com/FreshRSS/FreshRSS/issues/1058)
+	* Restored some compatibility with PHP 5.2 [#1055](https://github.com/FreshRSS/FreshRSS/issues/1055)
+	* Updated the sharing with Movim [#1030](https://github.com/FreshRSS/FreshRSS/pull/1030)
 
 
 ## 2015-11-03 FreshRSS 1.2.0 / 1.3.0-beta
-- 
cgit v1.2.3


From eee3a90a5077ee894836c81a98b78263a8c8976f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Mon, 29 Feb 2016 18:41:58 +0100
Subject: Readme force HTTPS

https://github.com/FreshRSS/FreshRSS/issues/1083
---
 CHANGELOG.md                 | 4 +++-
 data/force-https.default.txt | 1 +
 2 files changed, 4 insertions(+), 1 deletion(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7efb05aae..096c930d1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,9 @@
 * Security
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 * Features
-	* Add sharing with "Journal du Hacker" [#1056](https://github.com/FreshRSS/FreshRSS/pull/1056)
+	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
+		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
+	* Add sharing with “Journal du Hacker” [#1056](https://github.com/FreshRSS/FreshRSS/pull/1056)
 * UI
 	* Updated to jQuery 2.2.1 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050), [#1091](https://github.com/FreshRSS/FreshRSS/pull/1091)
 * I18n
diff --git a/data/force-https.default.txt b/data/force-https.default.txt
index 668a7c0e8..044620098 100644
--- a/data/force-https.default.txt
+++ b/data/force-https.default.txt
@@ -1,5 +1,6 @@
 dailymotion.com
 feedburner.com
+gravatar.com
 gstatic.com
 tumblr.com
 wordpress.com
-- 
cgit v1.2.3


From cbac2afd23daaeeb3b5d6c81fdcd5c28619f5b1d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 1 Mar 2016 21:56:19 +0100
Subject: CSP compatibility with Firefox older than 45

https://github.com/FreshRSS/FreshRSS/pull/1075
https://github.com/FreshRSS/FreshRSS/pull/1078
https://developer.mozilla.org/en-US/Firefox/Releases/45#Security
https://bugzilla.mozilla.org/show_bug.cgi?id=1045891
---
 CHANGELOG.md     | 2 +-
 app/FreshRSS.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 096c930d1..43823b536 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,7 @@
 ## 2016-03-xx FreshRSS 1.3.1-beta
 
 * Security
-	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
+	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
diff --git a/app/FreshRSS.php b/app/FreshRSS.php
index bfbd7a6eb..d6f4f4062 100644
--- a/app/FreshRSS.php
+++ b/app/FreshRSS.php
@@ -113,7 +113,7 @@ class FreshRSS extends Minz_FrontController {
 	public static function preLayout() {
 		switch (Minz_Request::controllerName()) {
 			case 'index':
-				header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *");
+				header("Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *");
 				break;
 			case 'stats':
 				header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'");
-- 
cgit v1.2.3


From 1aa6321376321bb2a41c61771178d18cc2c2190d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 6 Mar 2016 18:04:28 +0100
Subject: Changelog 1.3.1-beta

https://github.com/FreshRSS/FreshRSS/issues/1113
---
 CHANGELOG.md | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 43823b536..ae6c91946 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,9 @@
 * I18n
 	* Turkish [#1073](https://github.com/FreshRSS/FreshRSS/issues/1073)
 * Bug fixing
+	* Fixed OPML import title bug [#1048](https://github.com/FreshRSS/FreshRSS/issues/1048)
+	* Fixed upgrade bug with SQLite when articles where marked as unread [#1049](https://github.com/FreshRSS/FreshRSS/issues/1049)
+	* Fixed error when deleting feeds from statistics page [#1047](https://github.com/FreshRSS/FreshRSS/issues/1047)
 	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
 	* Fixed sharing bug with PHP7 [#1072](https://github.com/FreshRSS/FreshRSS/issues/1072)
 	* Fixed fall-back when php-json is not installed [#1092](https://github.com/FreshRSS/FreshRSS/issues/1092)
@@ -22,6 +25,7 @@
 	* Filters `<img />` attributes `srcset` and `sizes` [#1077](https://github.com/FreshRSS/FreshRSS/issues/1077), [#1086](https://github.com/FreshRSS/FreshRSS/pull/1086)
 	* Implement PubSubHubbub unsubscribe responses [#1058](https://github.com/FreshRSS/FreshRSS/issues/1058)
 	* Restored some compatibility with PHP 5.2 [#1055](https://github.com/FreshRSS/FreshRSS/issues/1055)
+	* Check for extension php-xml during install [#1094](https://github.com/FreshRSS/FreshRSS/issues/1094)
 	* Updated the sharing with Movim [#1030](https://github.com/FreshRSS/FreshRSS/pull/1030)
 
 
-- 
cgit v1.2.3


From c424c8acef45cc32187526d94e4d0bb06092de69 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 6 Mar 2016 18:08:32 +0100
Subject: Changelog typo

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index ae6c91946..6be1a4b6a 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -14,7 +14,7 @@
 	* Turkish [#1073](https://github.com/FreshRSS/FreshRSS/issues/1073)
 * Bug fixing
 	* Fixed OPML import title bug [#1048](https://github.com/FreshRSS/FreshRSS/issues/1048)
-	* Fixed upgrade bug with SQLite when articles where marked as unread [#1049](https://github.com/FreshRSS/FreshRSS/issues/1049)
+	* Fixed upgrade bug with SQLite when articles were marked as unread [#1049](https://github.com/FreshRSS/FreshRSS/issues/1049)
 	* Fixed error when deleting feeds from statistics page [#1047](https://github.com/FreshRSS/FreshRSS/issues/1047)
 	* Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050)
 	* Fixed sharing bug with PHP7 [#1072](https://github.com/FreshRSS/FreshRSS/issues/1072)
-- 
cgit v1.2.3


From 7f764ca6824420813db2e71a3344360620d2e5ca Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 18:41:03 +0100
Subject: Changelog nosniff

---
 CHANGELOG.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 6be1a4b6a..74cb9d250 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,7 +3,8 @@
 ## 2016-03-xx FreshRSS 1.3.1-beta
 
 * Security
-	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075)
+	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
+	* Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116)
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
-- 
cgit v1.2.3


From ba9f4461d8935bb9de256a5bedf0c89d3d317c7f Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 19:00:04 +0100
Subject: Secure cookie HTTPS

---
 CHANGELOG.md         |  1 +
 lib/Minz/Request.php | 17 ++++++++++++-----
 lib/Minz/Session.php |  6 +++---
 3 files changed, 16 insertions(+), 8 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 74cb9d250..7298c4523 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,7 @@
 * Security
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
 	* Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116)
+	* Cookie with `Secure` tag when used over HTTPS []()
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index effb9943c..81457df9e 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -84,6 +84,17 @@ class Minz_Request {
 		self::magicQuotesOff();
 	}
 
+	/**
+	 * Return true if the request is over HTTPS, false otherwise (HTTP)
+	 */
+	public static function isHttps() {
+		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
+			return strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https';
+		} else {
+			return isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
+		}
+	}
+
 	/**
 	 * Try to guess the base URL from $_SERVER information
 	 *
@@ -92,11 +103,7 @@ class Minz_Request {
 	public static function guessBaseUrl() {
 		$url = 'http';
 
-		if (isset($_SERVER['HTTP_X_FORWARDED_PROTO'])) {
-			$https = strtolower($_SERVER['HTTP_X_FORWARDED_PROTO']) === 'https';
-		} else {
-			$https = isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on';
-		}
+		$https = self::isHttps();
 
 		if (!empty($_SERVER['HTTP_HOST'])) {
 			$host = $_SERVER['HTTP_HOST'];
diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php
index 940cd27d9..c94f2b646 100644
--- a/lib/Minz/Session.php
+++ b/lib/Minz/Session.php
@@ -73,7 +73,7 @@ class Minz_Session {
 	 * @param $l la durée de vie
 	 */
 	public static function keepCookie($l) {
-		session_set_cookie_params($l, self::getCookieDir(), '', false, true);
+		session_set_cookie_params($l, self::getCookieDir(), '', Minz_Request::isHttps(), true);
 	}
 
 
@@ -86,11 +86,11 @@ class Minz_Session {
 	}
 
 	public static function deleteLongTermCookie($name) {
-		setcookie($name, '', 1, '', '', false, true);
+		setcookie($name, '', 1, '', '', Minz_Request::isHttps(), true);
 	}
 
 	public static function setLongTermCookie($name, $value, $expire) {
-		setcookie($name, $value, $expire, '', '', false, true);
+		setcookie($name, $value, $expire, '', '', Minz_Request::isHttps(), true);
 	}
 
 	public static function getLongTermCookie($name) {
-- 
cgit v1.2.3


From cd4153912f3c91dcb5d68ea886855e9014684ea0 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 19:01:43 +0100
Subject: Changelog secure cookie HTTPS

---
 CHANGELOG.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7298c4523..a316a1c15 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,7 +5,7 @@
 * Security
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
 	* Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116)
-	* Cookie with `Secure` tag when used over HTTPS []()
+	* Cookie with `Secure` tag when used over HTTPS [#1117](https://github.com/FreshRSS/FreshRSS/pull/1117)
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
-- 
cgit v1.2.3


From c9ebbe9657b9b202817b9e0b387a584340e4e20b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 8 Mar 2016 19:32:58 +0100
Subject: Changelog API

---
 CHANGELOG.md | 1 +
 1 file changed, 1 insertion(+)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index a316a1c15..233d9bdba 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,6 +6,7 @@
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
 	* Added `X-Content-Type-Options: nosniff` [#1116](https://github.com/FreshRSS/FreshRSS/pull/1116)
 	* Cookie with `Secure` tag when used over HTTPS [#1117](https://github.com/FreshRSS/FreshRSS/pull/1117)
+	* Limit API post input to 1MB [#1118](https://github.com/FreshRSS/FreshRSS/pull/1118)
 * Features
 	* New list of domains for which to force HTTPS (for images, videos, iframes…) defined in `./data/force-https.default.txt` and `./data/force-https.txt` [#1083](https://github.com/FreshRSS/FreshRSS/issues/1083)
 		* In particular useful for privacy and to avoid mixed content errors, e.g. to see YouTube videos when FreshRSS is in HTTPS
-- 
cgit v1.2.3


From f64d7384a7df16c7fef7418038fc7f891bebb588 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Fri, 11 Mar 2016 22:35:21 +0100
Subject: Prepare release 1.3.1-beta

https://github.com/FreshRSS/FreshRSS/issues/1113
---
 CHANGELOG.md  | 2 +-
 constants.php | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'CHANGELOG.md')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 233d9bdba..5e80b43ed 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,6 @@
 # Changelog
 
-## 2016-03-xx FreshRSS 1.3.1-beta
+## 2016-03-11 FreshRSS 1.3.1-beta
 
 * Security
 	* Added CSP `Content-Security-Policy: default-src 'self'; child-src *; frame-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/issues/1075), [#1114](https://github.com/FreshRSS/FreshRSS/issues/1114)
diff --git a/constants.php b/constants.php
index a501d0df5..a279534e3 100644
--- a/constants.php
+++ b/constants.php
@@ -1,5 +1,5 @@
 <?php
-define('FRESHRSS_VERSION', '1.3.1-dev');
+define('FRESHRSS_VERSION', '1.3.1-beta');
 define('FRESHRSS_WEBSITE', 'http://freshrss.org');
 define('FRESHRSS_WIKI', 'http://doc.freshrss.org');
 
-- 
cgit v1.2.3