From 481c2a671913cdd6099a1b6ee4d5491dff16c0bf Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 24 Oct 2015 22:25:48 +0200 Subject: Clean logs Reduced login of API and PubSubHubbub (both are quite stable now). When clearing logs as admin, also clear API and PubSubHubbub logs. https://github.com/FreshRSS/FreshRSS/issues/988 --- app/Controllers/feedController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index ec3dce777..4ec661115 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -307,9 +307,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $pubSubHubbubEnabled = $pubsubhubbubEnabledGeneral && $feed->pubSubHubbubEnabled(); if ((!$simplePiePush) && (!$id) && $pubSubHubbubEnabled && ($feed->lastUpdate() > $pshbMinAge)) { - $text = 'Skip pull of feed using PubSubHubbub: ' . $url; + //$text = 'Skip pull of feed using PubSubHubbub: ' . $url; //Minz_Log::debug($text); - file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); + //file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); continue; //When PubSubHubbub is used, do not pull refresh so often } -- cgit v1.2.3 From 7bb28c3f2b77b109451e2514e83fa99789fee35e Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 25 Oct 2015 13:24:48 +0100 Subject: HTTP 403 for invalid login https://github.com/FreshRSS/FreshRSS/issues/1015 And does not leak if user exists or not --- app/Controllers/authController.php | 9 +++------ app/Controllers/javascriptController.php | 8 ++++++-- 2 files changed, 9 insertions(+), 8 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index aff184263..bccce5a59 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -123,8 +123,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { $conf = get_user_configuration($username); if (is_null($conf)) { - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } $ok = FreshRSS_FormAuth::checkCredentials( @@ -151,8 +150,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { ' user=' . $username . ', nonce=' . $nonce . ', c=' . $challenge); - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } } elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) { $username = Minz_Request::param('u', ''); @@ -184,8 +182,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { array('c' => 'index', 'a' => 'index')); } else { Minz_Log::warning('Unsafe password mismatch for user ' . $username); - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'login')); + Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); } } } diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index 421cf6f72..f8746240c 100755 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -43,7 +43,11 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { } else { Minz_Log::notice('Nonce failure due to invalid username!'); } - $this->view->nonce = ''; //Failure - $this->view->salt1 = ''; + //Failure: Return random data. + $this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST); + for ($i = 22; $i > 0; $i--) { + $this->view->salt1 .= './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'[rand(0, 63)]; + } + $this->view->nonce = sha1(rand()); } } -- cgit v1.2.3 From ad1f0cb96b3eefdeac5031e59c8810fc9427b6e2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 25 Oct 2015 19:31:41 +0100 Subject: Return after 403 https://github.com/FreshRSS/FreshRSS/pull/1016 https://github.com/FreshRSS/FreshRSS/issues/1015 --- app/Controllers/authController.php | 1 + 1 file changed, 1 insertion(+) (limited to 'app/Controllers') diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index bccce5a59..f58b008de 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -124,6 +124,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { $conf = get_user_configuration($username); if (is_null($conf)) { Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false); + return; } $ok = FreshRSS_FormAuth::checkCredentials( -- cgit v1.2.3 From c992b683a8467de60136e4d4b1860f06a746c6b1 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 26 Oct 2015 17:38:32 +0100 Subject: PHP 5.2 compatibility https://github.com/FreshRSS/FreshRSS/pull/1016 https://github.com/FreshRSS/FreshRSS/issues/1015 It is first PHP 5.5 that added support for accessing characters within string literals using []... --- app/Controllers/javascriptController.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'app/Controllers') diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index f8746240c..e3ae3669e 100755 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -45,8 +45,9 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { } //Failure: Return random data. $this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST); + $alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; for ($i = 22; $i > 0; $i--) { - $this->view->salt1 .= './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'[rand(0, 63)]; + $this->view->salt1 .= $alphabet[rand(0, 63)]; } $this->view->nonce = sha1(rand()); } -- cgit v1.2.3 From bb0556543d3d5d54832ea6d81372587b88062a5b Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 2 Nov 2015 20:20:40 +0100 Subject: Move auto-update server URL in configuration Fix https://github.com/FreshRSS/FreshRSS/issues/1019 --- app/Controllers/updateController.php | 5 +++-- constants.php | 1 - data/config.default.php | 3 +++ 3 files changed, 6 insertions(+), 3 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/updateController.php b/app/Controllers/updateController.php index 84a33fe85..64c984b04 100644 --- a/app/Controllers/updateController.php +++ b/app/Controllers/updateController.php @@ -53,7 +53,8 @@ class FreshRSS_update_Controller extends Minz_ActionController { return; } - $c = curl_init(FRESHRSS_UPDATE_WEBSITE); + $auto_update_url = FreshRSS_Context::$system_conf->auto_update_url . '?v=' . FRESHRSS_VERSION; + $c = curl_init($auto_update_url); curl_setopt($c, CURLOPT_RETURNTRANSFER, true); curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true); curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2); @@ -70,7 +71,7 @@ class FreshRSS_update_Controller extends Minz_ActionController { $this->view->message = array( 'status' => 'bad', 'title' => _t('gen.short.damn'), - 'body' => _t('feedback.update.server_not_found', FRESHRSS_UPDATE_WEBSITE) + 'body' => _t('feedback.update.server_not_found', $auto_update_url) ); return; } diff --git a/constants.php b/constants.php index 0035c259b..1c50d4a83 100644 --- a/constants.php +++ b/constants.php @@ -1,7 +1,6 @@ '', + # Specify address of the FreshRSS auto-update server. + 'auto_update_url' => 'https://update.freshrss.org', + # Natural language of the user interface, e.g. `en`, `fr`. 'language' => 'en', -- cgit v1.2.3 From 697817eebf754c2a05c7b4c88df1f13dbd0179da Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 2 Nov 2015 21:11:31 +0100 Subject: Make auto-update server URL alterable See https://github.com/FreshRSS/FreshRSS/issues/1019 --- CHANGELOG.md | 2 ++ app/Controllers/configureController.php | 1 + app/Models/ConfigurationSetter.php | 8 ++++++++ app/i18n/cz/admin.php | 1 + app/i18n/de/admin.php | 1 + app/i18n/en/admin.php | 1 + app/i18n/fr/admin.php | 1 + app/i18n/it/admin.php | 1 + app/i18n/nl/admin.php | 11 +++++++++++ app/i18n/nl/gen.php | 1 + app/views/configure/system.phtml | 9 ++++++++- 11 files changed, 36 insertions(+), 1 deletion(-) (limited to 'app/Controllers') diff --git a/CHANGELOG.md b/CHANGELOG.md index 14b6a18ce..828884546 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,8 @@ * Visual alert on categories containing feeds in error [#984](https://github.com/FreshRSS/FreshRSS/pull/984) * I18n * Italian [#1003](https://github.com/FreshRSS/FreshRSS/issues/1003) +* Misc. + * Make auto-update server URL alterable [#1019](https://github.com/FreshRSS/FreshRSS/issues/1019) ## 2015-09-12 FreshRSS 1.1.3-beta diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php index 0dc7ceab2..d0f0bd68b 100755 --- a/app/Controllers/configureController.php +++ b/app/Controllers/configureController.php @@ -317,6 +317,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController { $limits['max_categories'] = Minz_Request::param('max-categories', 16384); FreshRSS_Context::$system_conf->limits = $limits; FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS'); + FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false); FreshRSS_Context::$system_conf->save(); invalidateHttpCache(); diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php index 5c8a1ce29..250c14c39 100644 --- a/app/Models/ConfigurationSetter.php +++ b/app/Models/ConfigurationSetter.php @@ -378,4 +378,12 @@ class FreshRSS_ConfigurationSetter { private function _unsafe_autologin_enabled(&$data, $value) { $data['unsafe_autologin_enabled'] = $this->handleBool($value); } + + private function _auto_update_url(&$data, $value) { + if (!$value) { + return; + } + + $data['auto_update_url'] = $value; + } } diff --git a/app/i18n/cz/admin.php b/app/i18n/cz/admin.php index e1fa5d141..342ac7ccd 100644 --- a/app/i18n/cz/admin.php +++ b/app/i18n/cz/admin.php @@ -148,6 +148,7 @@ return array( ), 'system' => array( '_' => 'System configuration', // @todo translate + 'auto-update-url' => 'Auto-update server URL', // @todo translate 'instance-name' => 'Instance name', // @todo translate 'max-categories' => 'Categories per user limit', // @todo translate 'max-feeds' => 'Feeds per user limit', // @todo translate diff --git a/app/i18n/de/admin.php b/app/i18n/de/admin.php index 395b51acf..6e6cc0956 100644 --- a/app/i18n/de/admin.php +++ b/app/i18n/de/admin.php @@ -148,6 +148,7 @@ return array( ), 'system' => array( '_' => 'System configuration', // @todo translate + 'auto-update-url' => 'Auto-update server URL', // @todo translate 'instance-name' => 'Instance name', // @todo translate 'max-categories' => 'Categories per user limit', // @todo translate 'max-feeds' => 'Feeds per user limit', // @todo translate diff --git a/app/i18n/en/admin.php b/app/i18n/en/admin.php index 6edb38cf0..a58771edf 100644 --- a/app/i18n/en/admin.php +++ b/app/i18n/en/admin.php @@ -148,6 +148,7 @@ return array( ), 'system' => array( '_' => 'System configuration', + 'auto-update-url' => 'Auto-update server URL', 'instance-name' => 'Instance name', 'max-categories' => 'Categories per user limit', 'max-feeds' => 'Feeds per user limit', diff --git a/app/i18n/fr/admin.php b/app/i18n/fr/admin.php index e73622577..f4f267306 100644 --- a/app/i18n/fr/admin.php +++ b/app/i18n/fr/admin.php @@ -148,6 +148,7 @@ return array( ), 'system' => array( '_' => 'Configuration du système', + 'auto-update-url' => 'URL du service de mise à jour', 'instance-name' => 'Nom de l’instance', 'max-categories' => 'Limite de catégories par utilisateur', 'max-feeds' => 'Limite de flux par utilisateur', diff --git a/app/i18n/it/admin.php b/app/i18n/it/admin.php index cb9a55c0b..94b2d6762 100644 --- a/app/i18n/it/admin.php +++ b/app/i18n/it/admin.php @@ -148,6 +148,7 @@ return array( ), 'system' => array( '_' => 'Configurazione di sistema', + 'auto-update-url' => 'Auto-update server URL', // @todo translate 'instance-name' => 'Nome istanza', 'max-categories' => 'Limite categorie per utente', 'max-feeds' => 'Limite feeds per utente', diff --git a/app/i18n/nl/admin.php b/app/i18n/nl/admin.php index 5c6a14fda..c3a3062b9 100644 --- a/app/i18n/nl/admin.php +++ b/app/i18n/nl/admin.php @@ -146,6 +146,17 @@ return array( 'title' => 'Statistieken', 'top_feed' => 'Top tien feeds', ), + 'system' => array( + '_' => 'System configuration', // @todo translate + 'auto-update-url' => 'Auto-update server URL', // @todo translate + 'instance-name' => 'Instance name', // @todo translate + 'max-categories' => 'Categories per user limit', // @todo translate + 'max-feeds' => 'Feeds per user limit', // @todo translate + 'registration' => array( + 'help' => '0 means that there is no account limit', // @todo translate + 'number' => 'Max number of accounts', // @todo translate + ), + ), 'update' => array( '_' => 'Versie controle', 'apply' => 'Toepassen', diff --git a/app/i18n/nl/gen.php b/app/i18n/nl/gen.php index b8467f92f..574f0386b 100644 --- a/app/i18n/nl/gen.php +++ b/app/i18n/nl/gen.php @@ -139,6 +139,7 @@ return array( 'sharing' => 'Delen', 'shortcuts' => 'Snelle toegang', 'stats' => 'Statistieken', + 'system' => 'System configuration', // @todo translate 'update' => 'Versie controle', 'user_management' => 'Beheer gebruikers', 'user_profile' => 'Profiel', diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml index 9406c34d6..4af669eb0 100644 --- a/app/views/configure/system.phtml +++ b/app/views/configure/system.phtml @@ -9,7 +9,14 @@
- + +
+
+ +
+ +
+
-- cgit v1.2.3