From ae5a8572d50fbbd52bdd88cce6bb80b79dbaaf1a Mon Sep 17 00:00:00 2001
From: Thomas Citharel <tcit@tcit.fr>
Date: Fri, 27 Jan 2017 10:26:31 +0100
Subject: postgres fixes

---
 app/Models/EntryDAO.php | 2 +-
 app/Models/FeedDAO.php  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app')

diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php
index 397471baa..afcde3d7f 100644
--- a/app/Models/EntryDAO.php
+++ b/app/Models/EntryDAO.php
@@ -649,7 +649,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
 			$values[] = intval($id);
 			break;
 		case 'A':
-			$where .= '1 ';
+			$where .= '1=1 ';
 			break;
 		default:
 			throw new FreshRSS_EntriesGetter_Exception('Bad type in Entry->listByType: [' . $type . ']!');
diff --git a/app/Models/FeedDAO.php b/app/Models/FeedDAO.php
index 68398efd5..0168aebd9 100644
--- a/app/Models/FeedDAO.php
+++ b/app/Models/FeedDAO.php
@@ -67,7 +67,7 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
 
 		$set = '';
 		foreach ($valuesTmp as $key => $v) {
-			$set .= $key . '=?, ';
+			$set .= '`' . $key . '`=?, ';
 
 			if ($key == 'httpAuth') {
 				$valuesTmp[$key] = base64_encode($v);
-- 
cgit v1.2.3


From 1736cf00b5d0286c233de8de446848d0e613a94e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 28 Jan 2017 14:08:13 +0100
Subject: No version number for anonymous users

https://github.com/FreshRSS/FreshRSS/issues/1404
---
 app/views/index/about.phtml | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/views/index/about.phtml b/app/views/index/about.phtml
index 3fdb5160d..649729952 100644
--- a/app/views/index/about.phtml
+++ b/app/views/index/about.phtml
@@ -13,8 +13,10 @@
 		<dt><?php echo _t('index.about.license'); ?></dt>
 		<dd><?php echo _t('index.about.agpl3'); ?></dd>
 
+		<?php if (FreshRSS_Auth::hasAccess()): ?>
 		<dt><?php echo _t('index.about.version'); ?></dt>
 		<dd><?php echo FRESHRSS_VERSION; ?></dd>
+		<?php endif; ?>
 	</dl>
 
 	<p><?php echo _t('index.about.freshrss_description'); ?></p>
-- 
cgit v1.2.3


From fcc9229fb772be6f99512021454e4a14760301a5 Mon Sep 17 00:00:00 2001
From: tintouli <danc@no-log.org>
Date: Sat, 4 Feb 2017 13:20:25 +0100
Subject: Share to sites based on Known (http://withknown.com)

---
 app/i18n/cz/gen.php | 1 +
 app/i18n/de/gen.php | 1 +
 app/i18n/en/gen.php | 1 +
 app/i18n/fr/gen.php | 1 +
 app/i18n/it/gen.php | 1 +
 app/i18n/nl/gen.php | 3 ++-
 app/i18n/ru/gen.php | 1 +
 app/i18n/tr/gen.php | 1 +
 data/shares.php     | 6 ++++++
 9 files changed, 15 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php
index 3db3a31da..b98ee0a64 100644
--- a/app/i18n/cz/gen.php
+++ b/app/i18n/cz/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Upozornění!',
diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php
index c73aedbfe..9747ec1b8 100644
--- a/app/i18n/de/gen.php
+++ b/app/i18n/de/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Achtung!',
diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php
index 3f86cfd19..2a098209f 100644
--- a/app/i18n/en/gen.php
+++ b/app/i18n/en/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Warning!',
diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php
index b5dc098ae..688e6878e 100644
--- a/app/i18n/fr/gen.php
+++ b/app/i18n/fr/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Sites basés sur Known',
 	),
 	'short' => array(
 		'attention' => 'Attention !',
diff --git a/app/i18n/it/gen.php b/app/i18n/it/gen.php
index a9a8709d3..bc4b82c09 100644
--- a/app/i18n/it/gen.php
+++ b/app/i18n/it/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Siti basati su Known',
 	),
 	'short' => array(
 		'attention' => 'Attenzione!',
diff --git a/app/i18n/nl/gen.php b/app/i18n/nl/gen.php
index 83811ce68..a5e793a2b 100644
--- a/app/i18n/nl/gen.php
+++ b/app/i18n/nl/gen.php
@@ -163,8 +163,9 @@ return array(
 		'shaarli' => 'Shaarli',
 		'twitter' => 'Twitter',
 		'wallabag' => 'wallabag v1',
-		'wallabagv2' => 'wallabag v2',             
+		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Attentie!',
diff --git a/app/i18n/ru/gen.php b/app/i18n/ru/gen.php
index bc42afaa8..47d2993a3 100644
--- a/app/i18n/ru/gen.php
+++ b/app/i18n/ru/gen.php
@@ -165,6 +165,7 @@ return array(
 		'twitter' => 'Twitter',
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Warning!',
diff --git a/app/i18n/tr/gen.php b/app/i18n/tr/gen.php
index bcc839daf..fa7dfc135 100644
--- a/app/i18n/tr/gen.php
+++ b/app/i18n/tr/gen.php
@@ -165,6 +165,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
+		'Known' => 'Known based sites',
 	),
 	'short' => array(
 		'attention' => 'Tehlike!',
diff --git a/data/shares.php b/data/shares.php
index 1295a26ac..4db0d36f0 100644
--- a/data/shares.php
+++ b/data/shares.php
@@ -89,4 +89,10 @@ return array(
                 'transform' => array('rawurlencode'),
                 'form' => 'simple',
         ),
+	'Known' => array(
+		'url' => '~URL~/share?share_url=~LINK~&share_title=~TITLE~',
+		'transform' => array('rawurlencode'),
+		'help' => 'https://withknown.com/',
+		'form' => 'advanced',
+	),
 );
-- 
cgit v1.2.3


From 8d2b76334cd60356c85810bf4902124105d54ad4 Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 14:27:45 +0100
Subject: Possibility to register user having a '-', a '_' or a '.' in username

---
 app/Controllers/userController.php | 6 ++++--
 app/Models/Auth.php                | 5 +++--
 app/install.php                    | 2 +-
 app/views/auth/formLogin.phtml     | 2 +-
 app/views/user/manage.phtml        | 2 +-
 cli/_cli.php                       | 4 +++-
 cli/delete-user.php                | 3 ++-
 cli/do-install.php                 | 3 ++-
 8 files changed, 17 insertions(+), 10 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 9d6ae18e6..6199ff218 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -103,8 +103,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
+        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum($new_user_name);
+		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -187,7 +188,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-		$ok = ctype_alnum($username);
+        $aValid = array('-', '_', '.');
+		$ok = ctype_alnum(str_replace($aValid, '', $username));
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index b3255cfbd..e63a24b27 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,7 +182,8 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		if (!ctype_alnum($username) ||
+		$aValid = array('-', '_', '.');
+		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
@@ -211,7 +212,7 @@ class FreshRSS_FormAuth {
 			// Token has expired (> 1 month) or does not exist.
 			// TODO: 1 month -> use a configuration instead
 			@unlink($token_file);
-			return array(); 	
+			return array();
 		}
 
 		$credentials = @file_get_contents($token_file);
diff --git a/app/install.php b/app/install.php
index 986a7dc60..1b23254de 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index a8213b7ae..6cfe6764a 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index a32247d14..334650e56 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z.\-_]{1,16}" placeholder="demo" />
 			</div>
 		</div>
 
diff --git a/cli/_cli.php b/cli/_cli.php
index 7d1a7c6b2..885199659 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -20,7 +20,9 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-	if (!ctype_alnum($username)) {
+    $aValid = array('-', '_', '.');
+    
+	if (!ctype_alnum(str_replace($aValid, '', $username))) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 
diff --git a/cli/delete-user.php b/cli/delete-user.php
index 6f0e86e17..82605fb27 100755
--- a/cli/delete-user.php
+++ b/cli/delete-user.php
@@ -9,8 +9,9 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
+$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum($username)) {
+if (!ctype_alnum(str_replace($aValid, '', $username))) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/do-install.php b/cli/do-install.php
index 100d4947f..eb46c7e93 100755
--- a/cli/do-install.php
+++ b/cli/do-install.php
@@ -47,7 +47,8 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-if (!ctype_alnum($options['default_user'])) {
+$aValid = array('-', '_', '.');
+if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }
 
-- 
cgit v1.2.3


From 4eeae5171b885b6dda392f5dd68d6dd78a0c7858 Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 18:54:59 +0100
Subject: use function with preg_match to check username

---
 app/Controllers/userController.php | 11 +++++++----
 app/Models/Auth.php                |  3 +--
 cli/_cli.php                       |  4 +---
 cli/create-user.php                |  3 +--
 cli/delete-user.php                |  3 +--
 cli/do-install.php                 |  3 +--
 6 files changed, 12 insertions(+), 15 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 6199ff218..246be1bfe 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,6 +34,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	public static function checkUsername($username) {
+		$match = '/^[a-zA-Z_]{1,38}$/';
+		return preg_match($match, $username) === 1;
+	}
+
 	/**
 	 * This action displays the user profile page.
 	 */
@@ -103,9 +108,8 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		if (!is_array($userConfig)) {
 			$userConfig = array();
 		}
-        $aValid = array('-', '_', '.');
 
-		$ok = ($new_user_name != '') && ctype_alnum(str_replace($aValid, '', $new_user_name));
+		$ok = self::checkUsername($new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -188,8 +192,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		$db = FreshRSS_Context::$system_conf->db;
 		require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php');
 
-        $aValid = array('-', '_', '.');
-		$ok = ctype_alnum(str_replace($aValid, '', $username));
+		$ok = self::checkUsername($username);
 		if ($ok) {
 			$default_user = FreshRSS_Context::$system_conf->default_user;
 			$ok &= (strcasecmp($username, $default_user) !== 0);	//It is forbidden to delete the default user
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index e63a24b27..476627e10 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -182,8 +182,7 @@ class FreshRSS_Auth {
 
 class FreshRSS_FormAuth {
 	public static function checkCredentials($username, $hash, $nonce, $challenge) {
-		$aValid = array('-', '_', '.');
-		if (!ctype_alnum(str_replace($aValid, '', $username)) ||
+		if (!FreshRSS_user_Controller::checkUsername($username) ||
 				!ctype_graph($challenge) ||
 				!ctype_alnum($nonce)) {
 			Minz_Log::debug('Invalid credential parameters:' .
diff --git a/cli/_cli.php b/cli/_cli.php
index 885199659..f5e36eabc 100644
--- a/cli/_cli.php
+++ b/cli/_cli.php
@@ -20,9 +20,7 @@ function fail($message) {
 }
 
 function cliInitUser($username) {
-    $aValid = array('-', '_', '.');
-    
-	if (!ctype_alnum(str_replace($aValid, '', $username))) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
 		fail('FreshRSS error: invalid username: ' . $username . "\n");
 	}
 
diff --git a/cli/create-user.php b/cli/create-user.php
index e5b4493e3..c9e350c14 100755
--- a/cli/create-user.php
+++ b/cli/create-user.php
@@ -16,9 +16,8 @@ if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username ( --password 'password' --api-password 'api_password'" .
 		" --language en --email user@example.net --token 'longRandomString --no-default-feeds' )");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/delete-user.php b/cli/delete-user.php
index 82605fb27..baa81b893 100755
--- a/cli/delete-user.php
+++ b/cli/delete-user.php
@@ -9,9 +9,8 @@ $options = getopt('', array(
 if (empty($options['user'])) {
 	fail('Usage: ' . basename(__FILE__) . " --user username");
 }
-$aValid = array('-', '_', '.');
 $username = $options['user'];
-if (!ctype_alnum(str_replace($aValid, '', $username))) {
+if (!FreshRSS_user_Controller::checkUsername($username)) {
 	fail('FreshRSS error: invalid username “' . $username . '”');
 }
 
diff --git a/cli/do-install.php b/cli/do-install.php
index eb46c7e93..064a64ab2 100755
--- a/cli/do-install.php
+++ b/cli/do-install.php
@@ -47,8 +47,7 @@ if ($requirements['all'] !== 'ok') {
 	fail($message);
 }
 
-$aValid = array('-', '_', '.');
-if (!ctype_alnum(str_replace($aValid, '', $options['default_user']))) {
+if (!FreshRSS_user_Controller::checkUsername($options['default_user'])) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $options['default_user']);
 }
 
-- 
cgit v1.2.3


From ef2001959188f721a0928fb3ff59ebd6a5a31b1a Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Thu, 16 Feb 2017 18:55:19 +0100
Subject: delete - and . from accepted char

---
 app/install.php                | 2 +-
 app/views/auth/formLogin.phtml | 2 +-
 app/views/auth/register.phtml  | 2 +-
 app/views/user/manage.phtml    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/install.php b/app/install.php
index 1b23254de..8c65a0977 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index 6cfe6764a..24cb14c6e 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z.\-_]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index 1f9976391..d7997f5f5 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -5,7 +5,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
-			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z]{1,16}" />
+			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" />
 		</div>
 
 		<div>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index 334650e56..10bee5507 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z.\-_]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" placeholder="demo" />
 			</div>
 		</div>
 
-- 
cgit v1.2.3


From 5d78a7a0344ce73ae0a60b163461efabefb2571f Mon Sep 17 00:00:00 2001
From: postblue <postblue@postblue.info>
Date: Sat, 18 Feb 2017 11:20:48 +0100
Subject: Adding locales

---
 app/i18n/cz/gen.php | 1 +
 app/i18n/de/gen.php | 1 +
 app/i18n/en/gen.php | 1 +
 app/i18n/fr/gen.php | 1 +
 app/i18n/it/gen.php | 1 +
 app/i18n/nl/gen.php | 1 +
 app/i18n/ru/gen.php | 1 +
 app/i18n/tr/gen.php | 1 +
 8 files changed, 8 insertions(+)

(limited to 'app')

diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php
index b98ee0a64..e6aadfc02 100644
--- a/app/i18n/cz/gen.php
+++ b/app/i18n/cz/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Upozornění!',
diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php
index 9747ec1b8..4b171a04d 100644
--- a/app/i18n/de/gen.php
+++ b/app/i18n/de/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Achtung!',
diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php
index 2a098209f..1ee5336bd 100644
--- a/app/i18n/en/gen.php
+++ b/app/i18n/en/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Warning!',
diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php
index 688e6878e..43825f798 100644
--- a/app/i18n/fr/gen.php
+++ b/app/i18n/fr/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Sites basés sur Known',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Attention !',
diff --git a/app/i18n/it/gen.php b/app/i18n/it/gen.php
index bc4b82c09..ec6de84de 100644
--- a/app/i18n/it/gen.php
+++ b/app/i18n/it/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Siti basati su Known',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Attenzione!',
diff --git a/app/i18n/nl/gen.php b/app/i18n/nl/gen.php
index a5e793a2b..11e82cb4d 100644
--- a/app/i18n/nl/gen.php
+++ b/app/i18n/nl/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Attentie!',
diff --git a/app/i18n/ru/gen.php b/app/i18n/ru/gen.php
index 47d2993a3..c913b8720 100644
--- a/app/i18n/ru/gen.php
+++ b/app/i18n/ru/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabag' => 'wallabag v1',
 		'wallabagv2' => 'wallabag v2',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Warning!',
diff --git a/app/i18n/tr/gen.php b/app/i18n/tr/gen.php
index fa7dfc135..4da0206ec 100644
--- a/app/i18n/tr/gen.php
+++ b/app/i18n/tr/gen.php
@@ -166,6 +166,7 @@ return array(
 		'wallabagv2' => 'wallabag v2',
 		'jdh' => 'Journal du hacker',
 		'Known' => 'Known based sites',
+		'gnusocial' => 'GNU social',
 	),
 	'short' => array(
 		'attention' => 'Tehlike!',
-- 
cgit v1.2.3


From 648fcb63b5170d07ad6d157249be398912da658f Mon Sep 17 00:00:00 2001
From: Clément <clement@selfhost.fr>
Date: Sun, 19 Feb 2017 15:00:26 +0100
Subject: correct check username pattern

---
 app/Controllers/userController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 246be1bfe..718207734 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -35,7 +35,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	public static function checkUsername($username) {
-		$match = '/^[a-zA-Z_]{1,38}$/';
+		$match = '/^[0-9a-zA-Z_]{1,38}$/';
 		return preg_match($match, $username) === 1;
 	}
 
-- 
cgit v1.2.3


From 59d6f3593cb1dead402813207ab8d860ea684ddc Mon Sep 17 00:00:00 2001
From: Dennis Schwerdel <schwerdel@googlemail.com>
Date: Thu, 23 Feb 2017 21:22:56 +0100
Subject: Add config option to disable and hide self-update

---
 app/Controllers/updateController.php | 2 +-
 app/layout/aside_configure.phtml     | 2 ++
 app/layout/header.phtml              | 2 ++
 data/config.default.php              | 3 +++
 4 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/app/Controllers/updateController.php b/app/Controllers/updateController.php
index 8f939dbdb..b4e8a0bff 100644
--- a/app/Controllers/updateController.php
+++ b/app/Controllers/updateController.php
@@ -162,7 +162,7 @@ class FreshRSS_update_Controller extends Minz_ActionController {
 	}
 
 	public function applyAction() {
-		if (!file_exists(UPDATE_FILENAME) || !is_writable(FRESHRSS_PATH)) {
+		if (!file_exists(UPDATE_FILENAME) || !is_writable(FRESHRSS_PATH) || Minz_Configuration::get('system')->disable_update) {
 			Minz_Request::forward(array('c' => 'update'), true);
 		}
 
diff --git a/app/layout/aside_configure.phtml b/app/layout/aside_configure.phtml
index d956ec21f..94f5b1f6c 100644
--- a/app/layout/aside_configure.phtml
+++ b/app/layout/aside_configure.phtml
@@ -41,9 +41,11 @@
 	                          Minz_Request::actionName() === 'checkInstall' ? ' active' : ''; ?>">
 		<a href="<?php echo _url('update', 'checkInstall'); ?>"><?php echo _t('gen.menu.check_install'); ?></a>
 	</li>
+	<?php if (!Minz_Configuration::get('system')->disable_update) { ?>
 	<li class="item<?php echo Minz_Request::controllerName() === 'update' &&
 	                          Minz_Request::actionName() === 'index' ? ' active' : ''; ?>">
 		<a href="<?php echo _url('update', 'index'); ?>"><?php echo _t('gen.menu.update'); ?></a>
 	</li>
 	<?php } ?>
+	<?php } ?>
 </ul>
diff --git a/app/layout/header.phtml b/app/layout/header.phtml
index 238c664b0..e589ed7ef 100644
--- a/app/layout/header.phtml
+++ b/app/layout/header.phtml
@@ -71,8 +71,10 @@ if (FreshRSS_Auth::accessNeedsAction()) {
 				<li class="item"><a href="<?php echo _url('user', 'manage'); ?>"><?php echo _t('gen.menu.user_management'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('auth', 'index'); ?>"><?php echo _t('gen.menu.authentication'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('update', 'checkInstall'); ?>"><?php echo _t('gen.menu.check_install'); ?></a></li>
+				<?php if (!Minz_Configuration::get('system')->disable_update) { ?>
 				<li class="item"><a href="<?php echo _url('update', 'index'); ?>"><?php echo _t('gen.menu.update'); ?></a></li>
 				<?php } ?>
+				<?php } ?>
 				<li class="separator"></li>
 				<li class="item"><a href="<?php echo _url('stats', 'index'); ?>"><?php echo _t('gen.menu.stats'); ?></a></li>
 				<li class="item"><a href="<?php echo _url('index', 'logs'); ?>"><?php echo _t('gen.menu.logs'); ?></a></li>
diff --git a/data/config.default.php b/data/config.default.php
index 433207a9c..748df1884 100644
--- a/data/config.default.php
+++ b/data/config.default.php
@@ -146,4 +146,7 @@ return array(
 
 	# List of enabled FreshRSS extensions.
 	'extensions_enabled' => array(),
+
+	# Disable self-update,
+	'disable_update' => false,
 );
-- 
cgit v1.2.3


From 8a6b38115456f592c8a246f9abbb84f4449721c0 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 11:51:54 +0100
Subject: Sanitize Web site URL

https://github.com/FreshRSS/FreshRSS/issues/1434
---
 app/Controllers/subscriptionController.php | 4 ++--
 lib/lib_rss.php                            | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/subscriptionController.php b/app/Controllers/subscriptionController.php
index 03d3ee15e..aa9f18663 100644
--- a/app/Controllers/subscriptionController.php
+++ b/app/Controllers/subscriptionController.php
@@ -90,8 +90,8 @@ class FreshRSS_subscription_Controller extends Minz_ActionController {
 			$values = array(
 				'name' => Minz_Request::param('name', ''),
 				'description' => sanitizeHTML(Minz_Request::param('description', '', true)),
-				'website' => Minz_Request::param('website', ''),
-				'url' => Minz_Request::param('url', ''),
+				'website' => checkUrl(Minz_Request::param('website', '')),
+				'url' => checkUrl(Minz_Request::param('url', '')),
 				'category' => $cat,
 				'pathEntries' => Minz_Request::param('path_entries', ''),
 				'priority' => intval(Minz_Request::param('priority', 0)),
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 560e5b256..78c9cabea 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -69,10 +69,10 @@ function idn_to_puny($url) {
 }
 
 function checkUrl($url) {
-	if (empty ($url)) {
+	if ($url == '') {
 		return '';
 	}
-	if (!preg_match ('#^https?://#i', $url)) {
+	if (!preg_match('#^https?://#i', $url)) {
 		$url = 'http://' . $url;
 	}
 	$url = idn_to_puny($url);	//PHP bug #53474 IDN
-- 
cgit v1.2.3


From 271a1fdc8900a8b2c32675c22dce1cc458209de4 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 12:39:08 +0100
Subject: Missing checkUsername and const patten

https://github.com/FreshRSS/FreshRSS/pull/1423

https://github.com/YunoHost-Apps/freshrss_ynh/issues/27#issuecomment-279792363
---
 app/Controllers/javascriptController.php | 2 +-
 app/Controllers/userController.php       | 9 +++++++--
 app/Models/Feed.php                      | 2 +-
 app/Models/UserDAO.php                   | 2 +-
 app/install.php                          | 2 +-
 app/views/auth/formLogin.phtml           | 2 +-
 app/views/auth/register.phtml            | 2 +-
 app/views/user/manage.phtml              | 2 +-
 cli/reconfigure.php                      | 2 +-
 lib/lib_rss.php                          | 2 +-
 p/api/greader.php                        | 2 +-
 11 files changed, 17 insertions(+), 12 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 00a7b5c38..6336106a9 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -26,7 +26,7 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		header('Pragma: no-cache');
 
 		$user = isset($_GET['user']) ? $_GET['user'] : '';
-		if (ctype_alnum($user)) {
+		if (FreshRSS_user_Controller::checkUsername($user)) {
 			try {
 				$salt = FreshRSS_Context::$system_conf->salt;
 				$conf = get_user_configuration($user);
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 718207734..13a6fce67 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -34,9 +34,14 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		return $passwordHash == '' ? '' : $passwordHash;
 	}
 
+	/**
+	 * The username is also used as folder name, and part of SQL table name.
+	 * '_' is a reserved internal username.
+	 */
+	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
+
 	public static function checkUsername($username) {
-		$match = '/^[0-9a-zA-Z_]{1,38}$/';
-		return preg_match($match, $username) === 1;
+		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
 	}
 
 	/**
diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 97cb1c47e..7a9cf8612 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -442,7 +442,7 @@ class FreshRSS_Feed extends Minz_Model {
 				file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND);
 			}
 			$currentUser = Minz_Session::param('currentUser');
-			if (ctype_alnum($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) {
+			if (FreshRSS_user_Controller::checkUsername($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) {
 				touch($path . '/' . $currentUser . '.txt');
 			}
 		}
diff --git a/app/Models/UserDAO.php b/app/Models/UserDAO.php
index 32bc6de2f..a60caf395 100644
--- a/app/Models/UserDAO.php
+++ b/app/Models/UserDAO.php
@@ -85,7 +85,7 @@ class FreshRSS_UserDAO extends Minz_ModelPdo {
 	}
 
 	public static function touch($username = '') {
-		if (($username == '') || (!ctype_alnum($username))) {
+		if (!FreshRSS_user_Controller::checkUsername($username)) {
 			$username = Minz_Session::param('currentUser', '_');
 		}
 		return touch(join_path(DATA_PATH , 'users', $username, 'config.php'));
diff --git a/app/install.php b/app/install.php
index 8c65a0977..58674e3a7 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index 24cb14c6e..2f881dde7 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="[0-9a-zA-Z_]{1,16}" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index d7997f5f5..fce7e1388 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -5,7 +5,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
-			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" />
+			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" />
 		</div>
 
 		<div>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index 10bee5507..9238a01b9 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="[0-9a-zA-Z_]{1,16}" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" placeholder="demo" />
 			</div>
 		</div>
 
diff --git a/cli/reconfigure.php b/cli/reconfigure.php
index 5294dd2df..da451b3ef 100755
--- a/cli/reconfigure.php
+++ b/cli/reconfigure.php
@@ -45,7 +45,7 @@ foreach ($dBparams as $dBparam) {
 }
 $config->db = $db;
 
-if (!ctype_alnum($config->default_user)) {
+if (!FreshRSS_user_Controller::checkUsername($config->default_user)) {
 	fail('FreshRSS invalid default username (must be ASCII alphanumeric): ' . $config->default_user);
 }
 
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 560e5b256..cdd08719d 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -285,7 +285,7 @@ function uSecString() {
 }
 
 function invalidateHttpCache($username = '') {
-	if (($username == '') || (!ctype_alnum($username))) {
+	if (!FreshRSS_user_Controller::checkUsername($username)) {
 		Minz_Session::_param('touch', uTimeString());
 		$username = Minz_Session::param('currentUser', '_');
 	}
diff --git a/p/api/greader.php b/p/api/greader.php
index 4965ffd3b..01eca6d4f 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -152,7 +152,7 @@ function authorizationToUser() {
 		$headerAuthX = explode('/', $headerAuth, 2);
 		if (count($headerAuthX) === 2) {
 			$user = $headerAuthX[0];
-			if (ctype_alnum($user)) {
+			if (FreshRSS_user_Controller::checkUsername($user)) {
 				FreshRSS_Context::$user_conf = get_user_configuration($user);
 				if (FreshRSS_Context::$user_conf == null) {
 					Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.');
-- 
cgit v1.2.3


From be2bf83e3c516a6f8f1822c879df8798e50e514b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 12:56:57 +0100
Subject: Remove maxlength for usernames

pattern is already used
---
 app/install.php                | 2 +-
 app/views/auth/formLogin.phtml | 2 +-
 app/views/auth/register.phtml  | 2 +-
 app/views/user/manage.phtml    | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

(limited to 'app')

diff --git a/app/install.php b/app/install.php
index 58674e3a7..9a88e0f37 100644
--- a/app/install.php
+++ b/app/install.php
@@ -553,7 +553,7 @@ function printStep2() {
 		<div class="form-group">
 			<label class="group-name" for="default_user"><?php echo _t('install.default_user'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="default_user" name="default_user" required="required" size="16" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
+				<input type="text" id="default_user" name="default_user" required="required" size="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" value="<?php echo isset($_SESSION['default_user']) ? $_SESSION['default_user'] : ''; ?>" placeholder="<?php echo httpAuthUser() == '' ? 'alice' : httpAuthUser(); ?>" tabindex="3" />
 			</div>
 		</div>
 
diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml
index 2f881dde7..99be6059c 100644
--- a/app/views/auth/formLogin.phtml
+++ b/app/views/auth/formLogin.phtml
@@ -9,7 +9,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label for="username"><?php echo _t('gen.auth.username'); ?></label>
-			<input type="text" id="username" name="username" size="16" required="required" maxlength="16" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" autofocus="autofocus" />
+			<input type="text" id="username" name="username" size="16" required="required" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" autofocus="autofocus" />
 		</div>
 		<div>
 			<label for="passwordPlain"><?php echo _t('gen.auth.password'); ?></label>
diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml
index fce7e1388..23bda25ce 100644
--- a/app/views/auth/register.phtml
+++ b/app/views/auth/register.phtml
@@ -5,7 +5,7 @@
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<div>
 			<label class="group-name" for="new_user_name"><?php echo _t('gen.auth.username'), '<br />', _i('help'), ' ', _t('gen.auth.username.format'); ?></label>
-			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" />
+			<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" />
 		</div>
 
 		<div>
diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml
index 9238a01b9..793a3a0bd 100644
--- a/app/views/user/manage.phtml
+++ b/app/views/user/manage.phtml
@@ -22,7 +22,7 @@
 		<div class="form-group">
 			<label class="group-name" for="new_user_name"><?php echo _t('admin.user.username'); ?></label>
 			<div class="group-controls">
-				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" maxlength="16" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" placeholder="demo" />
+				<input id="new_user_name" name="new_user_name" type="text" size="16" required="required" autocomplete="off" pattern="<?php echo FreshRSS_user_Controller::USERNAME_PATTERN; ?>" placeholder="demo" />
 			</div>
 		</div>
 
-- 
cgit v1.2.3


From 0bd4b2c74204a2f9360816ab22aac0da4c459824 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 25 Feb 2017 13:08:06 +0100
Subject: Changelog 1423

---
 CHANGELOG.md                       | 2 ++
 app/Controllers/userController.php | 2 +-
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'app')

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 4738b7360..885b625f2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -15,6 +15,8 @@
 	* Allow empty strings in CLI do-install [#1435](https://github.com/FreshRSS/FreshRSS/pull/1435)
 * Security
 	* No version number for anonymous users [#1404](https://github.com/FreshRSS/FreshRSS/issues/1404)
+* Misc.
+	* Relaxed requirements for username to `/^[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}/$` [#1423](https://github.com/FreshRSS/FreshRSS/pull/1423)
 
 
 ## 2016-12-26 FreshRSS 1.6.2
diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 13a6fce67..593e24cf2 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -35,7 +35,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	/**
-	 * The username is also used as folder name, and part of SQL table name.
+	 * The username is also used as folder name, file name, and part of SQL table name.
 	 * '_' is a reserved internal username.
 	 */
 	const USERNAME_PATTERN = '[0-9a-zA-Z]|[0-9a-zA-Z_]{2,38}';
-- 
cgit v1.2.3


From 9c012e6c81e435736bfef78e0669cd236ed9d73b Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Thu, 2 Mar 2017 22:57:02 +0100
Subject: Fix SQLite CLI install

https://github.com/FreshRSS/FreshRSS/issues/1445
https://github.com/FreshRSS/FreshRSS/issues/1443
https://github.com/FreshRSS/FreshRSS/issues/1443
---
 app/Controllers/userController.php | 7 +++++--
 lib/lib_rss.php                    | 9 ++-------
 2 files changed, 7 insertions(+), 9 deletions(-)

(limited to 'app')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 593e24cf2..f910cecd9 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -115,6 +115,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 		}
 
 		$ok = self::checkUsername($new_user_name);
+		$homeDir = join_path(DATA_PATH, 'users', $new_user_name);
 
 		if ($ok) {
 			$languages = Minz_Translate::availableLanguages();
@@ -124,7 +125,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 
 			$ok &= !in_array(strtoupper($new_user_name), array_map('strtoupper', listUsers()));	//Not an existing user, case-insensitive
 
-			$configPath = join_path(DATA_PATH, 'users', $new_user_name, 'config.php');
+			$configPath = join_path($homeDir, 'config.php');
 			$ok &= !file_exists($configPath);
 		}
 		if ($ok) {
@@ -141,7 +142,9 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			}
 		}
 		if ($ok) {
-			mkdir(join_path(DATA_PATH, 'users', $new_user_name));
+			if (!is_dir($homeDir)) {
+				mkdir($homeDir);
+			}
 			$userConfig['passwordHash'] = $passwordHash;
 			$userConfig['apiPasswordHash'] = $apiPasswordHash;
 			$ok &= (file_put_contents($configPath, "<?php\n return " . var_export($userConfig, true) . ';') !== false);
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index aaeeb431f..2d593b6a2 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -295,17 +295,12 @@ function invalidateHttpCache($username = '') {
 function listUsers() {
 	$final_list = array();
 	$base_path = join_path(DATA_PATH, 'users');
-	$dir_list = array_values(array_diff(
-		scandir($base_path),
-		array('..', '.', '_')
-	));
-
+	$dir_list = scandir($base_path);
 	foreach ($dir_list as $file) {
-		if (is_dir(join_path($base_path, $file))) {
+		if ($file[0] !== '.' && is_dir(join_path($base_path, $file)) && file_exists(join_path($base_path, $file, 'config.php'))) {
 			$final_list[] = $file;
 		}
 	}
-
 	return $final_list;
 }
 
-- 
cgit v1.2.3


From 9e698108febebba511638d9cad5a228cb8936e3a Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sat, 4 Mar 2017 11:21:57 +0100
Subject: Do not mark as read in anonymous mode

And avoid HTTP 403 https://github.com/FreshRSS/FreshRSS/issues/1431
---
 app/views/helpers/javascript_vars.phtml | 1 +
 p/scripts/main.js                       | 1 +
 2 files changed, 2 insertions(+)

(limited to 'app')

diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml
index 745baa195..059224305 100644
--- a/app/views/helpers/javascript_vars.phtml
+++ b/app/views/helpers/javascript_vars.phtml
@@ -3,6 +3,7 @@ $mark = FreshRSS_Context::$user_conf->mark_when;
 $s = FreshRSS_Context::$user_conf->shortcuts;
 echo htmlspecialchars(json_encode(array(
 	'context' => array(
+		'anonymous' => !FreshRSS_Auth::hasAccess(),
 		'auto_remove_article' => !!FreshRSS_Context::isAutoRemoveAvailable(),
 		'hide_posts' => !(FreshRSS_Context::$user_conf->display_posts || Minz_Request::actionName() === 'reader'),
 		'display_order' => Minz_Request::param('order', FreshRSS_Context::$user_conf->sort_order),
diff --git a/p/scripts/main.js b/p/scripts/main.js
index d464b0863..5dbb95c91 100644
--- a/p/scripts/main.js
+++ b/p/scripts/main.js
@@ -117,6 +117,7 @@ function incUnreadsFeed(article, feed_id, nb) {
 var pending_entries = {};
 function mark_read(active, only_not_read) {
 	if ((active.length === 0) || (!active.attr('id')) ||
+		context.anonymous ||
 		(only_not_read && !active.hasClass("not_read"))) {
 		return false;
 	}
-- 
cgit v1.2.3