-- cgit v1.2.3 From e4a459a6edc40b64cba7845b52f3e90666b2818a Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 16 Feb 2016 23:53:39 +0100 Subject: CSP no inline javascript draft https://github.com/FreshRSS/FreshRSS/issues/1075 --- app/FreshRSS.php | 62 +++++++++++++++++++++++++++++ app/layout/layout.phtml | 6 +-- app/views/helpers/javascript_vars.phtml | 70 --------------------------------- lib/Minz/Session.php | 15 ++++--- p/scripts/main.js | 13 +++++- p/scripts/persona.js | 2 +- 6 files changed, 87 insertions(+), 81 deletions(-) delete mode 100644 app/views/helpers/javascript_vars.phtml (limited to 'app/layout') diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 044de9cd4..e0e82457c 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -110,6 +110,68 @@ class FreshRSS extends Minz_FrontController { } } + private static function setJavascriptCookie() { + $mark = FreshRSS_Context::$user_conf->mark_when; + $mail = Minz_Session::param('mail', false); + $s = FreshRSS_Context::$user_conf->shortcuts; + $json = json_encode(array( + 'context' => array( + 'auto_remove_article' => !!FreshRSS_Context::isAutoRemoveAvailable(), + 'hide_posts' => !(FreshRSS_Context::$user_conf->display_posts || Minz_Request::actionName() === 'reader'), + 'display_order' => Minz_Request::param('order', FreshRSS_Context::$user_conf->sort_order), + 'auto_mark_article' => !!$mark['article'], + 'auto_mark_site' => !!$mark['site'], + 'auto_mark_scroll' => !!$mark['scroll'], + 'auto_load_more' => !!FreshRSS_Context::$user_conf->auto_load_more, + 'auto_actualize_feeds' => !!Minz_Session::param('actualize_feeds', false), + 'does_lazyload' => !!FreshRSS_Context::$user_conf->lazyload , + 'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(), + 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, + 'auth_type' => FreshRSS_Context::$system_conf->auth_type, + 'current_user_mail' => $mail ? ('"' . $mail . '"') : null, + 'current_view' => Minz_Request::actionName(), + ), + 'shortcuts' => array( + 'mark_read' => @$s['mark_read'], + 'mark_favorite' => @$s['mark_favorite'], + 'go_website' => @$s['go_website'], + 'prev_entry' => @$s['prev_entry'], + 'next_entry' => @$s['next_entry'], + 'first_entry' => @$s['first_entry'], + 'last_entry' => @$s['last_entry'], + 'collapse_entry' => @$s['collapse_entry'], + 'load_more' => @$s['load_more'], + 'auto_share' => @$s['auto_share'], + 'focus_search' => @$s['focus_search'], + 'user_filter' => @$s['user_filter'], + 'help' => @$s['help'], + 'close_dropdown' => @$s['close_dropdown'], + ), + 'url' => array( + 'index' => _url('index', 'index'), + 'login' => Minz_Url::display(array('c' => 'auth', 'a' => 'login'), 'php'), + 'logout' => Minz_Url::display(array('c' => 'auth', 'a' => 'logout'), 'php'), + 'help' => FRESHRSS_WIKI, + ), + 'i18n' => array( + 'confirmation_default' => _t('gen.js.confirm_action'), + 'notif_title_articles' => _t('gen.js.feedback.title_new_articles'), + 'notif_body_articles' => _t('gen.js.feedback.body_new_articles'), + 'notif_request_failed' => _t('gen.js.feedback.request_failed'), + 'category_empty' => _t('gen.js.category_empty'), + ), + 'icons' => array( + 'close' => _i('close'), + ), + ), JSON_UNESCAPED_UNICODE); + setrawcookie('FreshRSS-vars', rawurlencode($json), 0, Minz_Session::getCookieDir()); + } + + public static function preLayout() { + header("Content-Security-Policy: default-src 'self'; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'"); + self::setJavascriptCookie(); + } + private function loadNotifications() { $notif = Minz_Session::param('notification'); if ($notif) { diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index 1d3afbf71..7d718efbd 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -1,3 +1,6 @@ + @@ -5,9 +8,6 @@ - mark_when; -$mail = Minz_Session::param('mail', false); -$auto_actualize = Minz_Session::param('actualize_feeds', false); -$hide_posts = !(FreshRSS_Context::$user_conf->display_posts || Minz_Request::actionName() === 'reader'); -$s = FreshRSS_Context::$user_conf->shortcuts; - -$url_login = Minz_Url::display(array( - 'c' => 'auth', - 'a' => 'login' -), 'php'); -$url_logout = Minz_Url::display(array( - 'c' => 'auth', - 'a' => 'logout' -), 'php'); - -echo 'var context={', - 'auto_remove_article:', FreshRSS_Context::isAutoRemoveAvailable() ? 'true' : 'false', ',', - 'hide_posts:', $hide_posts ? 'true' : 'false', ',', - 'display_order:"', Minz_Request::param('order', FreshRSS_Context::$user_conf->sort_order), '",', - 'auto_mark_article:', $mark['article'] ? 'true' : 'false', ',', - 'auto_mark_site:', $mark['site'] ? 'true' : 'false', ',', - 'auto_mark_scroll:', $mark['scroll'] ? 'true' : 'false', ',', - 'auto_load_more:', FreshRSS_Context::$user_conf->auto_load_more ? 'true' : 'false', ',', - 'auto_actualize_feeds:', $auto_actualize ? 'true' : 'false', ',', - 'does_lazyload:', FreshRSS_Context::$user_conf->lazyload ? 'true' : 'false', ',', - 'sticky_post:', FreshRSS_Context::isStickyPostEnabled() ? 'true' : 'false', ',', - 'html5_notif_timeout:', FreshRSS_Context::$user_conf->html5_notif_timeout, ',', - 'auth_type:"', FreshRSS_Context::$system_conf->auth_type, '",', - 'current_user_mail:', $mail ? ('"' . $mail . '"') : 'null', ',', - 'current_view:"', Minz_Request::actionName(), '"', -"},\n"; - -echo 'shortcuts={', - 'mark_read:"', @$s['mark_read'], '",', - 'mark_favorite:"', @$s['mark_favorite'], '",', - 'go_website:"', @$s['go_website'], '",', - 'prev_entry:"', @$s['prev_entry'], '",', - 'next_entry:"', @$s['next_entry'], '",', - 'first_entry:"', @$s['first_entry'], '",', - 'last_entry:"', @$s['last_entry'], '",', - 'collapse_entry:"', @$s['collapse_entry'], '",', - 'load_more:"', @$s['load_more'], '",', - 'auto_share:"', @$s['auto_share'], '",', - 'focus_search:"', @$s['focus_search'], '",', - 'user_filter:"', @$s['user_filter'], '",', - 'help:"', @$s['help'], '",', - 'close_dropdown:"', @$s['close_dropdown'], '"', -"},\n"; - -echo 'url={', - 'index:"', _url('index', 'index'), '",', - 'login:"', $url_login, '",', - 'logout:"', $url_logout, '",', - 'help:"', FRESHRSS_WIKI, '"', -"},\n"; - -echo 'i18n={', - 'confirmation_default:"', _t('gen.js.confirm_action'), '",', - 'notif_title_articles:"', _t('gen.js.feedback.title_new_articles'), '",', - 'notif_body_articles:"', _t('gen.js.feedback.body_new_articles'), '",', - 'notif_request_failed:"', _t('gen.js.feedback.request_failed'), '",', - 'category_empty:"', _t('gen.js.category_empty'), '"', -"},\n"; - -echo 'icons={', - 'close:\'', _i('close'), '\'', -"}\n"; \ No newline at end of file diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 057e7746a..940cd27d9 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -59,18 +59,21 @@ class Minz_Session { } } + public static function getCookieDir() { + // Get the script_name (e.g. /p/i/index.php) and keep only the path. + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; + if (substr($cookie_dir, -1) !== '/') { + $cookie_dir = dirname($cookie_dir) . '/'; + } + return $cookie_dir; + } /** * Spécifie la durée de vie des cookies * @param $l la durée de vie */ public static function keepCookie($l) { - // Get the script_name (e.g. /p/i/index.php) and keep only the path. - $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '/' : $_SERVER['REQUEST_URI']; - if (substr($cookie_dir, -1) !== '/') { - $cookie_dir = dirname($cookie_dir) . '/'; - } - session_set_cookie_params($l, $cookie_dir, '', false, true); + session_set_cookie_params($l, self::getCookieDir(), '', false, true); } diff --git a/p/scripts/main.js b/p/scripts/main.js index 968c945c8..32a2ca913 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -1245,8 +1245,19 @@ function init_configuration_alert() { }); } +function parseJavaScriptCookie() { + var json = JSON.parse(decodeURIComponent(document.cookie.replace(/(?:(?:^|.*;\s*)FreshRSS-vars\s*\=\s*([^;]*).*$)|^.*$/, "$1"))) || {}; + document.cookie = 'FreshRSS-vars=; expires=Thu, 01 Jan 1970 00:00:00 GMT'; + window.context = json.context; + window.shortcuts = json.shortcuts; + window.url = json.url; + window.i18n = json.i18n; + window.icons = json.icons; +} + function init_all() { - if (!(window.$ && window.context)) { + parseJavaScriptCookie(); + if (!window.$) { if (window.console) { console.log('FreshRSS waiting for JS…'); } diff --git a/p/scripts/persona.js b/p/scripts/persona.js index 36aeeaf56..63ab43795 100644 --- a/p/scripts/persona.js +++ b/p/scripts/persona.js @@ -1,7 +1,7 @@ "use strict"; function init_persona() { - if (!(navigator.id && window.$)) { + if (!(navigator.id && window.$ && window.url)) { if (window.console) { console.log('FreshRSS (Persona) waiting for JS…'); } -- cgit v1.2.3 From e3dc7d46e15d97f8bd008acf3489d5e6c22b8daa Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 21 Feb 2016 14:23:24 +0100 Subject: CSP: Use inline JSON instead of one-time cookie Simpler, lighter https://github.com/FreshRSS/FreshRSS/issues/1075 --- app/FreshRSS.php | 58 --------------------------------- app/layout/layout.phtml | 3 ++ app/views/helpers/javascript_vars.phtml | 54 ++++++++++++++++++++++++++++++ p/scripts/main.js | 10 +++--- 4 files changed, 62 insertions(+), 63 deletions(-) create mode 100644 app/views/helpers/javascript_vars.phtml (limited to 'app/layout') diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 8eb862aeb..a6ed2a306 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -110,66 +110,8 @@ class FreshRSS extends Minz_FrontController { } } - private static function setJavascriptCookie() { - $mark = FreshRSS_Context::$user_conf->mark_when; - $mail = Minz_Session::param('mail', false); - $s = FreshRSS_Context::$user_conf->shortcuts; - $json = json_encode(array( - 'context' => array( - 'auto_remove_article' => !!FreshRSS_Context::isAutoRemoveAvailable(), - 'hide_posts' => !(FreshRSS_Context::$user_conf->display_posts || Minz_Request::actionName() === 'reader'), - 'display_order' => Minz_Request::param('order', FreshRSS_Context::$user_conf->sort_order), - 'auto_mark_article' => !!$mark['article'], - 'auto_mark_site' => !!$mark['site'], - 'auto_mark_scroll' => !!$mark['scroll'], - 'auto_load_more' => !!FreshRSS_Context::$user_conf->auto_load_more, - 'auto_actualize_feeds' => !!Minz_Session::param('actualize_feeds', false), - 'does_lazyload' => !!FreshRSS_Context::$user_conf->lazyload , - 'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(), - 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, - 'auth_type' => FreshRSS_Context::$system_conf->auth_type, - 'current_user_mail' => $mail ? ('"' . $mail . '"') : null, - 'current_view' => Minz_Request::actionName(), - ), - 'shortcuts' => array( - 'mark_read' => @$s['mark_read'], - 'mark_favorite' => @$s['mark_favorite'], - 'go_website' => @$s['go_website'], - 'prev_entry' => @$s['prev_entry'], - 'next_entry' => @$s['next_entry'], - 'first_entry' => @$s['first_entry'], - 'last_entry' => @$s['last_entry'], - 'collapse_entry' => @$s['collapse_entry'], - 'load_more' => @$s['load_more'], - 'auto_share' => @$s['auto_share'], - 'focus_search' => @$s['focus_search'], - 'user_filter' => @$s['user_filter'], - 'help' => @$s['help'], - 'close_dropdown' => @$s['close_dropdown'], - ), - 'url' => array( - 'index' => _url('index', 'index'), - 'login' => Minz_Url::display(array('c' => 'auth', 'a' => 'login'), 'php'), - 'logout' => Minz_Url::display(array('c' => 'auth', 'a' => 'logout'), 'php'), - 'help' => FRESHRSS_WIKI, - ), - 'i18n' => array( - 'confirmation_default' => _t('gen.js.confirm_action'), - 'notif_title_articles' => _t('gen.js.feedback.title_new_articles'), - 'notif_body_articles' => _t('gen.js.feedback.body_new_articles'), - 'notif_request_failed' => _t('gen.js.feedback.request_failed'), - 'category_empty' => _t('gen.js.category_empty'), - ), - 'icons' => array( - 'close' => _i('close'), - ), - ), JSON_UNESCAPED_UNICODE); - setrawcookie('FreshRSS-vars', rawurlencode($json), 0, Minz_Session::getCookieDir()); - } - public static function preLayout() { header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'"); - self::setJavascriptCookie(); } private function loadNotifications() { diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index 7d718efbd..99a3717bc 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -8,6 +8,9 @@ + mark_when; +$mail = Minz_Session::param('mail', false); +$s = FreshRSS_Context::$user_conf->shortcuts; +echo htmlspecialchars(json_encode(array( + 'context' => array( + 'auto_remove_article' => !!FreshRSS_Context::isAutoRemoveAvailable(), + 'hide_posts' => !(FreshRSS_Context::$user_conf->display_posts || Minz_Request::actionName() === 'reader'), + 'display_order' => Minz_Request::param('order', FreshRSS_Context::$user_conf->sort_order), + 'auto_mark_article' => !!$mark['article'], + 'auto_mark_site' => !!$mark['site'], + 'auto_mark_scroll' => !!$mark['scroll'], + 'auto_load_more' => !!FreshRSS_Context::$user_conf->auto_load_more, + 'auto_actualize_feeds' => !!Minz_Session::param('actualize_feeds', false), + 'does_lazyload' => !!FreshRSS_Context::$user_conf->lazyload , + 'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(), + 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, + 'auth_type' => FreshRSS_Context::$system_conf->auth_type, + 'current_user_mail' => $mail ? ('"' . $mail . '"') : null, + 'current_view' => Minz_Request::actionName(), + ), + 'shortcuts' => array( + 'mark_read' => @$s['mark_read'], + 'mark_favorite' => @$s['mark_favorite'], + 'go_website' => @$s['go_website'], + 'prev_entry' => @$s['prev_entry'], + 'next_entry' => @$s['next_entry'], + 'first_entry' => @$s['first_entry'], + 'last_entry' => @$s['last_entry'], + 'collapse_entry' => @$s['collapse_entry'], + 'load_more' => @$s['load_more'], + 'auto_share' => @$s['auto_share'], + 'focus_search' => @$s['focus_search'], + 'user_filter' => @$s['user_filter'], + 'help' => @$s['help'], + 'close_dropdown' => @$s['close_dropdown'], + ), + 'url' => array( + 'index' => _url('index', 'index'), + 'login' => Minz_Url::display(array('c' => 'auth', 'a' => 'login'), 'php'), + 'logout' => Minz_Url::display(array('c' => 'auth', 'a' => 'logout'), 'php'), + 'help' => FRESHRSS_WIKI, + ), + 'i18n' => array( + 'confirmation_default' => _t('gen.js.confirm_action'), + 'notif_title_articles' => _t('gen.js.feedback.title_new_articles'), + 'notif_body_articles' => _t('gen.js.feedback.body_new_articles'), + 'notif_request_failed' => _t('gen.js.feedback.request_failed'), + 'category_empty' => _t('gen.js.category_empty'), + ), + 'icons' => array( + 'close' => _i('close'), + ), +), JSON_UNESCAPED_UNICODE), ENT_NOQUOTES); diff --git a/p/scripts/main.js b/p/scripts/main.js index 31b07721a..f07cdafd7 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -1245,10 +1245,10 @@ function init_configuration_alert() { }); } -function parseJavaScriptCookie() { - var vars = decodeURIComponent(document.cookie.replace(/(?:(?:^|.*;\s*)FreshRSS-vars\s*\=\s*([^;]*).*$)|^.*$/, "$1")); - document.cookie = 'FreshRSS-vars=; expires=Thu, 01 Jan 1970 00:00:00 GMT'; - var json = JSON.parse(vars); +function parseJsonVars() { + var jsonVars = document.getElementById('jsonVars'), + json = JSON.parse(jsonVars.innerHTML); + jsonVars.outerHTML = ''; window.context = json.context; window.shortcuts = json.shortcuts; window.url = json.url; @@ -1264,7 +1264,7 @@ function init_all() { window.setTimeout(init_all, 50); return; } - parseJavaScriptCookie(); + parseJsonVars(); init_notifications(); init_confirm_action(); $stream = $('#stream'); -- cgit v1.2.3 From b4864149889a749042d344625d4ffbdbd3f8a3cc Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 21 Feb 2016 18:06:32 +0100 Subject: CSP for bookmarklet (subscription) https://github.com/FreshRSS/FreshRSS/issues/1075 --- app/layout/aside_subscription.phtml | 2 +- p/scripts/main.js | 7 +++++++ 2 files changed, 8 insertions(+), 1 deletion(-) (limited to 'app/layout') diff --git a/app/layout/aside_subscription.phtml b/app/layout/aside_subscription.phtml index 8a54e2dc2..fa10d63e8 100644 --- a/app/layout/aside_subscription.phtml +++ b/app/layout/aside_subscription.phtml @@ -10,7 +10,7 @@

- +

diff --git a/p/scripts/main.js b/p/scripts/main.js index f07cdafd7..cfde5fd4e 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -1245,6 +1245,12 @@ function init_configuration_alert() { }); } +function init_subscription() { + $('body').on('click', '.bookmarkClick', function (e) { + return false; + }); +} + function parseJsonVars() { var jsonVars = document.getElementById('jsonVars'), json = JSON.parse(jsonVars.innerHTML); @@ -1281,6 +1287,7 @@ function init_all() { init_notifs_html5(); window.setInterval(refreshUnreads, 120000); } else { + init_subscription(); init_crypto_form(); init_share_observers(); init_remove_observers(); -- cgit v1.2.3 From cb913a3a76daf357ad36ca39c26b4aaf800211d2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 21 Feb 2016 19:15:23 +0100 Subject: CSP for statistics and forms https://github.com/FreshRSS/FreshRSS/issues/1075 --- CHANGELOG.md | 2 ++ app/FreshRSS.php | 6 +++++- app/layout/aside_feed.phtml | 2 +- app/layout/nav_menu.phtml | 2 +- app/views/extension/index.phtml | 2 +- app/views/feed/add.phtml | 2 +- app/views/helpers/pagination.phtml | 2 +- app/views/stats/idle.phtml | 2 +- app/views/stats/index.phtml | 10 +++++----- app/views/stats/repartition.phtml | 10 +++++----- app/views/subscription/index.phtml | 4 ++-- p/scripts/main.js | 6 +++--- p/themes/base-theme/template.css | 8 ++++++++ 13 files changed, 36 insertions(+), 22 deletions(-) (limited to 'app/layout') diff --git a/CHANGELOG.md b/CHANGELOG.md index 7f96839eb..7fc872040 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,8 @@ ## 2016-xx-xx FreshRSS 1.3.1-beta +* Security + * Added CSP `Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *` [#1075](https://github.com/FreshRSS/FreshRSS/pull/1075) * UI * Fixed several small bugs in global and reader view [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050) * Updated to jQuery 2.2 and changed code for auto-load on scroll [#1050](https://github.com/FreshRSS/FreshRSS/pull/1050) diff --git a/app/FreshRSS.php b/app/FreshRSS.php index a6ed2a306..62ea18d96 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -111,7 +111,11 @@ class FreshRSS extends Minz_FrontController { } public static function preLayout() { - header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *; style-src 'self' 'unsafe-inline'"); + if (Minz_Request::controllerName() === 'stats') { + header("Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline'"); + } else { + header("Content-Security-Policy: default-src 'self'; child-src *; img-src * data:; media-src *"); + } } private function loadNotifications() { diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml index 307db6af8..4e1903a7a 100644 --- a/app/layout/aside_feed.phtml +++ b/app/layout/aside_feed.phtml @@ -19,7 +19,7 @@ - +

diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 3a755b560..0f303beb8 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -79,7 +79,7 @@ ); ?> -
+

reading_confirm ? 'confirm' : ''; ?> diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml index f2d05028f..4b0d5ebeb 100644 --- a/app/views/extension/index.phtml +++ b/app/views/extension/index.phtml @@ -5,7 +5,7 @@
-
+ extension_list['system'])) { ?>
- +
diff --git a/app/views/helpers/pagination.phtml b/app/views/helpers/pagination.phtml index b20201c4b..7eca8c525 100755 --- a/app/views/helpers/pagination.phtml +++ b/app/views/helpers/pagination.phtml @@ -14,7 +14,7 @@ ); ?> -
+
- diff --git a/app/views/stats/idle.phtml b/app/views/stats/idle.phtml index 22117792d..11b7df8c4 100644 --- a/app/views/stats/idle.phtml +++ b/app/views/stats/idle.phtml @@ -18,7 +18,7 @@
  -
  +
  - +
  -
  +
  categories as $cat) { diff --git a/p/scripts/main.js b/p/scripts/main.js index cfde5fd4e..d62a6aff8 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -899,7 +899,7 @@ function refreshUnreads() { if ((incUnreadsFeed(null, feed_id, nbUnreads - feed_unreads) || isAll) && //Update of current view? (nbUnreads - feed_unreads > 0)) { - $('#new-article').show(); + $('#new-article').attr('aria-hidden', 'false').show(); new_articles = true; }; }); @@ -1122,10 +1122,10 @@ function init_feed_observers() { $('select[id="category"]').on('change', function() { var detail = $('#new_category_name').parent(); if ($(this).val() === 'nc') { - detail.show(); + detail.attr('aria-hidden', 'false').show(); detail.find('input').focus(); } else { - detail.hide(); + detail.attr('aria-hidden', 'true').hide(); } }); } diff --git a/p/themes/base-theme/template.css b/p/themes/base-theme/template.css index 17a43d3ed..8a12423be 100644 --- a/p/themes/base-theme/template.css +++ b/p/themes/base-theme/template.css @@ -110,6 +110,11 @@ td.numeric { /*=== COMPONENTS */ /*===============*/ + +[aria-hidden="true"] { + display: none; +} + /*=== Forms */ .form-group::after { content: ""; @@ -620,6 +625,9 @@ br + br + br { .stat > table { width: 100%; } +.statGraph { + height: 300px; +} /*=== GLOBAL VIEW */ /*================*/ -- cgit v1.2.3 From b042d3a7728037db90a9306c61091be0a8ac42c4 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 23 Apr 2016 19:10:32 +0200 Subject: HTTP2 optimization Fast flush HTTP headers, push promise CSS. Requires PHP 5.3+ due to anonymous function. Do not load syles, scripts, and notifications for Ajax requests. https://github.com/FreshRSS/FreshRSS/issues/1089 --- README.fr.md | 2 +- README.md | 2 +- app/Controllers/indexController.php | 64 +++++++++++++++++++------------------ app/FreshRSS.php | 37 ++++++++++----------- app/Models/Themes.php | 4 --- app/layout/layout.phtml | 40 ++++++++++++----------- lib/Minz/Request.php | 5 ++- lib/Minz/Url.php | 12 ++++--- lib/lib_rss.php | 4 +++ 9 files changed, 89 insertions(+), 81 deletions(-) (limited to 'app/layout') diff --git a/README.fr.md b/README.fr.md index 794b1a9e1..a173f0a75 100644 --- a/README.fr.md +++ b/README.fr.md @@ -33,7 +33,7 @@ Nous sommes une communauté amicale. * Serveur modeste, par exemple sous Linux ou Windows * Fonctionne même sur un Raspberry Pi 1 avec des temps de réponse < 1s (testé sur 150 flux, 22k articles) * Serveur Web Apache2 (recommandé), ou nginx, lighttpd (non testé sur les autres) -* PHP 5.2.1+ (PHP 5.3.7+ recommandé, et PHP 5.5+ pour les performances) (support bêta de PHP 7 avec encore meilleures performances) +* PHP 5.3+ (PHP 5.3.7+ recommandé, et PHP 5.5+ pour les performances, et PHP 7+ pour d’encore meilleures performances) * Requis : [PDO_MySQL](http://php.net/pdo-mysql) ou [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (pour accès API sur plateformes < 64 bits), [IDN](http://php.net/intl.idn) (pour les noms de domaines internationalisés) * Recommandés : [iconv](http://php.net/iconv), [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [Zip](http://php.net/zip), [zlib](http://php.net/zlib) * Inclus par défaut : [DOM](http://php.net/dom), [XML](http://php.net/xml)… diff --git a/README.md b/README.md index 728204a38..4d3bb5c4c 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ We are a friendly community. * Light server running Linux or Windows * It even works on Raspberry Pi 1 with response time under a second (tested with 150 feeds, 22k articles) * A web server: Apache2 (recommended), nginx, lighttpd (not tested on others) -* PHP 5.2.1+ (PHP 5.3.7+ recommended, and PHP 5.5+ for performance) (beta support for PHP 7 with even higher performance) +* PHP 5.3+ (PHP 5.3.7+ recommended, and PHP 5.5+ for performance, and PHP 7 for even higher performance) * Required extensions: [PDO_MySQL](http://php.net/pdo-mysql) or [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (for API access on platforms < 64 bits), [IDN](http://php.net/intl.idn) (for Internationalized Domain Names) * Recommended extensions: [iconv](http://php.net/iconv), [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [Zip](http://php.net/zip), [zlib](http://php.net/zlib) * Enabled by default: [DOM](http://php.net/dom), [XML](http://php.net/xml)… diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index baaf99065..7e626720e 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -32,42 +32,44 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Error::error(404); } - try { - $entries = $this->listEntriesByContext(); - - $nb_entries = count($entries); - if ($nb_entries > FreshRSS_Context::$number) { - // We have more elements for pagination - $last_entry = array_pop($entries); - FreshRSS_Context::$next_id = $last_entry->id(); - } + $this->view->callbackBeforeContent = function() { + try { + $entries = $this->listEntriesByContext(); + + $nb_entries = count($entries); + if ($nb_entries > FreshRSS_Context::$number) { + // We have more elements for pagination + $last_entry = array_pop($entries); + FreshRSS_Context::$next_id = $last_entry->id(); + } - $first_entry = $nb_entries > 0 ? $entries[0] : null; - FreshRSS_Context::$id_max = $first_entry === null ? - (time() - 1) . '000000' : - $first_entry->id(); - if (FreshRSS_Context::$order === 'ASC') { - // In this case we do not know but we guess id_max - $id_max = (time() - 1) . '000000'; - if (strcmp($id_max, FreshRSS_Context::$id_max) > 0) { - FreshRSS_Context::$id_max = $id_max; + $first_entry = $nb_entries > 0 ? $entries[0] : null; + FreshRSS_Context::$id_max = $first_entry === null ? + (time() - 1) . '000000' : + $first_entry->id(); + if (FreshRSS_Context::$order === 'ASC') { + // In this case we do not know but we guess id_max + $id_max = (time() - 1) . '000000'; + if (strcmp($id_max, FreshRSS_Context::$id_max) > 0) { + FreshRSS_Context::$id_max = $id_max; + } } - } - $this->view->entries = $entries; - } catch (FreshRSS_EntriesGetter_Exception $e) { - Minz_Log::notice($e->getMessage()); - Minz_Error::error(404); - } + $this->view->entries = $entries; + } catch (FreshRSS_EntriesGetter_Exception $e) { + Minz_Log::notice($e->getMessage()); + Minz_Error::error(404); + } - $this->view->categories = FreshRSS_Context::$categories; + $this->view->categories = FreshRSS_Context::$categories; - $this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title(); - $title = FreshRSS_Context::$name; - if (FreshRSS_Context::$get_unread > 0) { - $title = '(' . FreshRSS_Context::$get_unread . ') ' . $title; - } - Minz_View::prependTitle($title . ' · '); + $this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title(); + $title = FreshRSS_Context::$name; + if (FreshRSS_Context::$get_unread > 0) { + $title = '(' . FreshRSS_Context::$get_unread . ') ' . $title; + } + Minz_View::prependTitle($title . ' · '); + }; } /** diff --git a/app/FreshRSS.php b/app/FreshRSS.php index bafa970da..562d8e2cd 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -34,7 +34,7 @@ class FreshRSS extends Minz_FrontController { // Auth has to be initialized before using currentUser session parameter // because it's this part which create this parameter. - $this->initAuth(); + self::initAuth(); // Then, register the user configuration and use the configuration setter // created above. @@ -46,10 +46,7 @@ class FreshRSS extends Minz_FrontController { // Finish to initialize the other FreshRSS / Minz components. FreshRSS_Context::init(); - $this->initI18n(); - FreshRSS_Share::load(join_path(DATA_PATH, 'shares.php')); - $this->loadStylesAndScripts(); - $this->loadNotifications(); + self::initI18n(); // Enable extensions for the current (logged) user. if (FreshRSS_Auth::hasAccess()) { $ext_list = FreshRSS_Context::$user_conf->extensions_enabled; @@ -57,7 +54,7 @@ class FreshRSS extends Minz_FrontController { } } - private function initAuth() { + private static function initAuth() { FreshRSS_Auth::init(); if (Minz_Request::isPost() && !is_referer_from_same_domain()) { // Basic protection against XSRF attacks @@ -74,12 +71,12 @@ class FreshRSS extends Minz_FrontController { } } - private function initI18n() { + private static function initI18n() { Minz_Session::_param('language', FreshRSS_Context::$user_conf->language); Minz_Translate::init(FreshRSS_Context::$user_conf->language); } - private function loadStylesAndScripts() { + private static function loadStylesAndScripts() { $theme = FreshRSS_Themes::load(FreshRSS_Context::$user_conf->theme); if ($theme) { foreach($theme['files'] as $file) { @@ -91,9 +88,9 @@ class FreshRSS extends Minz_FrontController { $filename = $file; } $filetime = @filemtime(PUBLIC_PATH . '/themes/' . $theme_id . '/' . $filename); - Minz_View::appendStyle(Minz_Url::display( - '/themes/' . $theme_id . '/' . $filename . '?' . $filetime - )); + $url = '/themes/' . $theme_id . '/' . $filename . '?' . $filetime; + header('Link: <' . Minz_Url::display($url, '', 'root') . '>;rel=preload', false); //HTTP2 + Minz_View::appendStyle(Minz_Url::display($url)); } } @@ -110,6 +107,14 @@ class FreshRSS extends Minz_FrontController { } } + private static function loadNotifications() { + $notif = Minz_Session::param('notification'); + if ($notif) { + Minz_View::_param('notification', $notif); + Minz_Session::_param('notification'); + } + } + public static function preLayout() { switch (Minz_Request::controllerName()) { case 'index': @@ -123,13 +128,9 @@ class FreshRSS extends Minz_FrontController { break; } header("X-Content-Type-Options: nosniff"); - } - private function loadNotifications() { - $notif = Minz_Session::param('notification'); - if ($notif) { - Minz_View::_param('notification', $notif); - Minz_Session::_param('notification'); - } + FreshRSS_Share::load(join_path(DATA_PATH, 'shares.php')); + self::loadStylesAndScripts(); + self::loadNotifications(); } } diff --git a/app/Models/Themes.php b/app/Models/Themes.php index e3b260261..5a6ec0a05 100644 --- a/app/Models/Themes.php +++ b/app/Models/Themes.php @@ -116,7 +116,3 @@ class FreshRSS_Themes extends Minz_Model { ''; } } - -function _i($icon, $url_only = false) { - return FreshRSS_Themes::icon($icon, $url_only); -} diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index 99a3717bc..6906fa05f 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -1,17 +1,32 @@ - + - + + + + + + + + + + + +callbackBeforeContent)) { + call_user_func($this->callbackBeforeContent); + } +?> + - - - rss_title)) { + } if (isset($this->rss_title)) { $url_rss = $url_base; $url_rss['a'] = 'rss'; ?> - - - - - - - - - - -allow_robots) { ?> +allow_robots) { ?> diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 81457df9e..f80b707d6 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -137,12 +137,11 @@ class Minz_Request { /** * Return the base_url from configuration and add a suffix if given. * - * @param $base_url_suffix a string to add at base_url (default: empty string) * @return the base_url with a suffix. */ - public static function getBaseUrl($base_url_suffix = '') { + public static function getBaseUrl() { $conf = Minz_Configuration::get('system'); - $url = rtrim($conf->base_url, '/\\') . $base_url_suffix; + $url = rtrim($conf->base_url, '/\\'); return filter_var($url, FILTER_SANITIZE_URL); } diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index 382437e9a..c7c67123e 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -24,11 +24,15 @@ class Minz_Url { $url_string = ''; if ($absolute) { - $url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH); - if ($url_string === PUBLIC_TO_INDEX_PATH) { + $url_string = Minz_Request::getBaseUrl(); + if ($url_string == '') { $url_string = Minz_Request::guessBaseUrl(); - } else { - $url_string .= '/'; + } + if ($isArray) { + $url_string .= PUBLIC_TO_INDEX_PATH; + } + if ($absolute === 'root') { + $url_string = parse_url($url_string, PHP_URL_PATH); } } else { $url_string = $isArray ? '.' : PUBLIC_RELATIVE; diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 135115ea5..f89baf9b1 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -548,3 +548,7 @@ function base64url_encode($data) { function base64url_decode($data) { return base64_decode(strtr($data, '-_', '+/')); } + +function _i($icon, $url_only = false) { + return FreshRSS_Themes::icon($icon, $url_only); +} -- cgit v1.2.3

averageHour); ?>

averageDayOfWeek); ?>

averageMonth); ?>