FreshRSS

mirror of https://github.com/FreshRSS/FreshRSS.git synced 2025-12-23 21:47:44 -05:00

Author	SHA1	Message	Date
Alexandre Alapetite	1a3912f25a	Improve configuration checks (#8334 ) Add a distinction between recommended and required extensions. Add check for recommended php-intl extension as follow-up of https://github.com/FreshRSS/FreshRSS/pull/8329#issuecomment-3677686581 Improve related checks such as ZIP. Reduce duplicated translations and tests.	2025-12-21 19:26:08 +01:00
Alexandre Alapetite	00cd5df294	Use native PHP #[Deprecated] (#8325 ) https://php.watch/versions/8.4/Deprecated And enfore it with PHPUnit + PHPStan. Especially useful for extensions.	2025-12-17 10:11:18 +01:00
Alexandre Alapetite	493bb88535	Safer handling of DB null content (#8319 ) https://github.com/FreshRSS/FreshRSS/discussions/8314#discussioncomment-15261119	2025-12-16 10:48:20 +01:00
Alexandre Alapetite	4b6127ee04	New links in transitions and jump to next transition (#8294 ) Easier to explain graphically: <img width="408" height="266" alt="image" src="https://github.com/user-attachments/assets/0e3724a1-155b-4a87-89b3-cfe8a18cb100" /> The jump to next section ⏭ works when the sorting criterion is a date. Need https://github.com/FreshRSS/FreshRSS/pull/8293	2025-12-13 11:38:33 +01:00
Alexandre Alapetite	a8a544a2a2	Fix search encoding and quoting (#8311 ) Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search. Fix also some cases with wrong quoting. Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439 Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293	2025-12-13 11:31:34 +01:00
Alexandre Alapetite	19975c22ec	Fix minor backslashes (#8292 )	2025-12-07 20:27:06 +01:00
Inverle	60cf5ea297	Improve anonymous authentication logic (#8165 ) * Improve anonymous authentication logic * forgot to git add * Fix incorrect token check Because an empty parameter could be just passed if token for the user wasn't set: `&token=`	2025-12-04 08:46:11 +01:00
dependabot[bot]	26bb2aa975	Update phpmailer/phpmailer requirement from 7.0.0 to 7.0.1 in /lib (#8272 ) * Update phpmailer/phpmailer requirement from 7.0.0 to 7.0.1 in /lib Updates the requirements on [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) to permit the latest version. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](https://github.com/PHPMailer/PHPMailer/compare/v7.0.0...v7.0.1) --- updated-dependencies: - dependency-name: phpmailer/phpmailer dependency-version: 7.0.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * composer update --no-autoloader --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-12-02 11:06:38 +01:00
Alexandre Alapetite	1c92d55917	Use native CSS instead of SCSS (#8241 ) I was tired of having to handle the SCSS themes differently. fix https://github.com/FreshRSS/FreshRSS/issues/7611 Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8200 Convert Ansum and Mapco themes from SCSS to native CSS. The changes are actually quite limited (mostly changing the syntax of the variables and a few other things) Require support for: * https://developer.mozilla.org/en-US/docs/Web/CSS/Guides/Nesting * https://developer.mozilla.org/en-US/docs/Web/CSS/Reference/Selectors/Nesting_selector * https://developer.mozilla.org/en-US/docs/Web/CSS/color_value/color-mix SCSS and SAAS tools and references are also removed. Tests welcome. The styles are left as individual CSS files as designed originally in SCSS. I expect proper HTTP caching and HTTP/2 to be sufficient instead of aggregating back to a single CSS, but might be done in another PR if needed. At the same time, fixed the fact that we had various whitespace styles in our JSON files, in particular in those themes, sometimes with 2 spaces, or 4 spaces, or tabs. Use tabs everywhere as defined in editorconfig. I would like to merge this one first to complete https://github.com/FreshRSS/FreshRSS/pull/8230 * RTLCSS stringMap https://github.com/FreshRSS/FreshRSS/pull/8241#discussion_r2553175514 https://github.com/MohammadYounes/rtlcss/issues/108#issuecomment-347033134	2025-11-23 13:15:10 +01:00
Inverle	cf4d8043d2	Rework saving of configuration files (#8220 ) * Attempt to restore user config if `file_put_contents()` fails * Second approach * Minor preference: `.tmp.php` Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Change boolean compare syntax Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * fix?	2025-11-16 18:42:27 +01:00
Alexandre Alapetite	947a8c015a	Exclude local networks for domain-wide Retry-After (#8195 ) * Exclude local networks for domain-wide Retry-After Retry-After will be applied by URL and not by domain for local networks. fix https://github.com/FreshRSS/FreshRSS/issues/7880 * Improved logic for detection of local domains * Support ip6-localhost and a couple more variants * On more: .lan * Resolve IP address * Add .intranet	2025-11-13 11:46:45 +01:00
Alexandre Alapetite	a18c35046d	Housekeeping lib_rss.php (#8193 ) * Housekeeping lib_rss.php `lib_rss.php` had become much too large, especially after https://github.com/FreshRSS/FreshRSS/pull/7924 Moved most functions to other places. Mostly no change of code otherwise (see comments). * Extension: composer run-script phpstan-third-party	2025-11-11 08:17:12 +01:00
Inverle	7d4854a0a4	Create separate `Retry-After` files for proxies (#8029 ) * Create separate `Retry-After` files for proxies Bad proxies are able to send a false `Retry-After` header and affect the availability of feeds (domain-wide) for other users. This PR starts including the address of the proxy if present in filenames for `Retry-After` to mitigate the issue. * Reduce code changes * Sync SimplePie fork https://github.com/FreshRSS/simplepie/pull/62 --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-11-04 12:48:31 +01:00
Inverle	500d05f3c5	Implement whitelist for SimplePie sanitizer (#7924 ) * Implement whitelist for SimplePie sanitizer ref: https://github.com/FreshRSS/FreshRSS/pull/7770#issuecomment-3140334326 https://github.com/FreshRSS/simplepie/pull/53 https://github.com/simplepie/simplepie/pull/947 * Remove `<plaintext>` from whitelist * Improve order * Remove some tags from whitelist * Revert partially * sync * Display contents of `<noscript>` and `<noembed>` * sync * Allow use of `<track>` * sync again * Sync to SimplePie fork https://github.com/FreshRSS/simplepie/pull/53 * Alphabetic order * Reduce list of stripped attributes * Temporarily strip some attributes --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-11-02 00:28:35 +01:00
dependabot[bot]	baf84575d4	Update phpmailer/phpmailer requirement from 6.11.1 to 7.0.0 in /lib (#8180 ) * Update phpmailer/phpmailer requirement from 6.11.1 to 7.0.0 in /lib Updates the requirements on [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) to permit the latest version. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.11.1...v7.0.0) --- updated-dependencies: - dependency-name: phpmailer/phpmailer dependency-version: 7.0.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * composer update --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-11-01 23:27:37 +01:00
maTh	b0a663f6ee	Fix/improve <textarea> (#8171 ) ## Feed configuration slider: ### Before: <img width="747" height="346" alt="grafik" src="https://github.com/user-attachments/assets/37056ef8-1163-48d1-a3dd-99e745418b2d" /> ### After: <img width="743" height="473" alt="grafik" src="https://github.com/user-attachments/assets/388a0ef6-633e-43ee-8ea5-5cbe7b40e6e4" /> ## CustomCSS, CustomJS extensions ### Before: <img width="762" height="504" alt="grafik" src="https://github.com/user-attachments/assets/279801fb-06a7-477a-81e7-c681087595a5" /> ### After: <img width="767" height="922" alt="grafik" src="https://github.com/user-attachments/assets/ca4cf304-03c7-4028-89d0-1c3094086176" /> And cleaning some CSS * UserCSS+JS: w100 h50 * clean textarea width height * feed config slider * Update base.rtl.css * fix class="valid-json" * padding + vertical-align * fix ansum mapco	2025-11-01 10:15:59 +01:00
Alexandre Alapetite	1abb261cea	CssXPath: Implement ~ subsequent-sibling (#8154 ) * CssXPath: Implement ~ Subsequent-sibling fix https://github.com/FreshRSS/FreshRSS/issues/8143 Upstream PR https://github.com/phpgt/CssXPath/pull/231 * Use CssXPath release v1.4.0 https://github.com/phpgt/CssXPath/releases/tag/v1.4.0	2025-10-25 11:22:09 +02:00
dependabot[bot]	f1c91c84dd	Bump phpstan/phpstan from 2.1.29 to 2.1.31 (#8156 ) * Bump phpstan/phpstan from 2.1.29 to 2.1.31 Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan-phar-composer-source) from 2.1.29 to 2.1.31. - [Commits](https://github.com/phpstan/phpstan-phar-composer-source/commits) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-version: 2.1.31 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> * Fixes --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-10-25 11:21:28 +02:00
Alexis Degrugillier	eee8b8c03f	Add support for extension compatibility (#8081 ) The compatibility does support only a minimum version of FreshRSS. If we need something a bit more clever in the future, it is possible to handle a rule with a bit more complexity. See https://github.com/FreshRSS/FreshRSS/issues/5903 * Update app/Controllers/extensionController.php Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> * Update app/i18n/pl/admin.php Co-authored-by: Inverle <inverle@proton.me> * Minor move phpstan-type --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: Inverle <inverle@proton.me>	2025-10-21 23:49:06 +02:00
Alexandre Alapetite	7e72033859	Filter on last user modified (#8093 ) Example: `userdate:PT1H` to select only articles modified by user during the last hour Fix https://github.com/FreshRSS/FreshRSS/issues/4280#issuecomment-3393078024 Useful for instance to bulk mark as unread recently marked articles by error: 1. Click on the toggle button to show the read articles (making sure the toggle for the unread articles is off) 2. Sort by User modified 9→1 3. Filter by user modified date, for instance to the last 3 hours by typing `userdate:PT3H` 4. Click in the drop-down menu Mark selection as unread P.S.: I have added at the same time a bunch of unit tests for date-related logic	2025-10-15 00:12:19 +02:00
Alexandre Alapetite	e070c3ed2b	Implement search form (#8103 ) * Add UI for advanced search To help users with the seach operators. Obviously not as powerful as a manually-written search query. Lack in particular negation and logical and for now, but I might try to do something about it. <img width="939" height="1438" alt="image" src="https://github.com/user-attachments/assets/0bcad39b-eff3-4f44-876b-a2552af2af00" /> * Consistency: allow multiple user queries like S:1,2 * Fix user query and add tests	2025-10-15 00:08:40 +02:00
Alexandre Alapetite	20ecbeb09c	Fix drag&drop of user query losing information (#8113 ) * Fix drag&drop of user query losing information Information about RSS sharing was lost after a drag&drop * Fix related type cast	2025-10-14 11:01:23 +02:00
Alexandre Alapetite	57e1a375cb	Strengthen some crypto (#8061 ) For login, tokens, nonces	2025-10-04 14:32:18 +02:00
Alexis Degrugillier	032316155c	Add a new hook in the UI (#8054 ) * Add a new hook in the UI The new hook allows extension to add their own tool bar to navigate between entries. For instance, if the user wants less or more buttons that what's available by default. See #7912 See #7913 * add link data to ease navigation	2025-10-02 15:33:53 +02:00
Alexandre Alapetite	e27ca6d9dd	SimplePie: apply HTTPS policy also on GUIDs and permalinks (#8037 ) * SimplePie: apply HTTPS policy also on GUIDs and permalinks Fix WordPress duplicates HTTP vs. HTTPS fix https://github.com/FreshRSS/FreshRSS/issues/5151 * Move code upstream * https://github.com/simplepie/simplepie/pull/951 * https://github.com/FreshRSS/simplepie/pull/59	2025-10-01 23:13:23 +02:00
Alexandre Alapetite	49c96fe3ec	Fix SimplePie support of HTTP trailer headers (#7983 ) * Fix SimplePie support of HTTP trailer headers fix https://github.com/FreshRSS/FreshRSS/discussions/7981 https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Trailer https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Server-Timing We need to use content-length to know where the body stops, but content-length is wrong is any compression was used. So let cURL perform the separation of HTTP headers and body instead of using the SimplePie parser. * Minor whitespace * Same change for lib_rss * Move changes to SimplePie repo https://github.com/FreshRSS/simplepie/pull/55 https://github.com/FreshRSS/simplepie/pull/57	2025-10-01 23:07:38 +02:00
dependabot[bot]	8e57e28a9a	Update phpmailer/phpmailer requirement from 6.10.0 to 6.11.1 in /lib (#8048 ) * Update phpmailer/phpmailer requirement from 6.10.0 to 6.11.1 in /lib Updates the requirements on [phpmailer/phpmailer](https://github.com/PHPMailer/PHPMailer) to permit the latest version. - [Release notes](https://github.com/PHPMailer/PHPMailer/releases) - [Changelog](https://github.com/PHPMailer/PHPMailer/blob/master/changelog.md) - [Commits](https://github.com/PHPMailer/PHPMailer/compare/v6.10.0...v6.11.1) --- updated-dependencies: - dependency-name: phpmailer/phpmailer dependency-version: 6.11.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> * composer update --no-autoloader --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-10-01 21:03:22 +02:00
Alexis Degrugillier	dac275ce3a	Add support for extension priority (#8038 ) Extension can now define their hook priority. This will allow to define the order in which hooks are triggered. See #7110 Closes #7110 Changes proposed in this pull request: - Add support for extension priority How to test the feature manually: 1. Create an extension with 2 hooks on the same hook type but different priority 2. The hooks must be prepending the title with different values 3. Validate that changing the hook priority changes the final title accordingly.	2025-10-01 11:01:31 +02:00
maTh	2bcc090622	configurable notification timeout (#7942 ) Ref #7931 Ref #5466 Ref #6409 added configuration in "Display" <img width="636" height="167" alt="grafik" src="https://github.com/user-attachments/assets/7bbc9f26-d91b-4dd2-b715-1d3f9b7a9ad3" /> * i18n: fr * Update app/i18n/pl/conf.php Co-authored-by: Inverle <inverle@proton.me> * make fix-all * max() * Minor whitespace (I am not a fan of excessive vertical indenting) --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: Inverle <inverle@proton.me>	2025-10-01 10:48:07 +02:00
Alexis Degrugillier	72884813e1	Add hook enums (#8036 ) - add an enum to handle hook types (enum are available since PHP 8.1) - change hook calls from string value to enum value	2025-09-30 22:59:41 +02:00
Inverle	9dd30f03ec	Improve restriction of curl params (#8009 ) Rework #7979 Forgot to change `httpGet()`, which is used in multiple places	2025-09-25 22:50:21 +02:00
Inverle	067479a9f1	Lazy-load `<track src>` (#7997 ) Follow-up of #7636 I found it's the only missing element that needs to be lazy loaded by putting HTML of https://github.com/cure53/HTTPLeaks/blob/main/leak.html into a feed	2025-09-23 22:12:44 +02:00
Alexandre Alapetite	92a73a2c4f	Minor forgotten str_starts_with (#7991 ) A couple of places, which have been forgotten when we moved to using `str_starts_with()` instead of `strpos()`.	2025-09-21 19:06:06 +02:00
Alexandre Alapetite	bc3e4c8fa4	Add option for CSP frame-ancestors (#7857 ) * Add option for CSP frame-ancestors https://github.com/FreshRSS/FreshRSS/discussions/7856 * Revert contentSelectorPreviewAction * Same for f.php and api * Fix double init in f.php * No sandbox for API page	2025-09-21 13:29:58 +02:00
KleinMann	d670bf1e72	Add `entry_before_update` and `entry_before_add` hooks (#7977 ) Discussion: https://github.com/FreshRSS/FreshRSS/discussions/7973 Changes proposed in this pull request: - Add new extension hook "entry_before_add" - Add new extension hook "entry_before_update" How to test the feature manually: 1. Create extension that uses the hooks and confirm they are invoked correctly. Extension to use for testing https://github.com/rnkln/freshrss-xExtension-Discord/pull/2	2025-09-18 23:44:17 +02:00
Inverle	055342118f	Restrict allowed curl parameters (#7979 ) For additional safety, also making sure in this PR that [`CURLOPT_COOKIEFILE`](https://curl.se/libcurl/c/CURLOPT_COOKIEFILE.html) is only allowed as an empty string during import.	2025-09-18 23:43:04 +02:00
Alexandre Alapetite	bb56f59fcf	SimplePie merge upstream (#7967 ) * https://github.com/simplepie/simplepie/pull/936 (Normalize encoding uppercase)	2025-09-15 13:40:14 +02:00
Alexandre Alapetite	b04104fd95	Bump SimplePie to 1.9.0 (#7955 ) Main change is https://github.com/simplepie/simplepie/pull/937 (PHP 8.5: Conditionally call deprecated functions) P.S. a sync with SimplePie upstream was already done recently, hence the limited changes: * https://github.com/FreshRSS/FreshRSS/pull/7775	2025-09-13 00:19:31 +02:00
Alexis Degrugillier	6ad625812a	Add a default language constant (#7933 ) This replace the use of `en` through out the code.	2025-09-09 22:01:04 +02:00
Alexis Degrugillier	23ba48c71f	Change how files are included (#7916 ) 1. `include`, `include_once`, `require` and `require_once` are expressions not functions, parentheses are not necessary. 2. to move up the directory tree, it's better to use the `dirname` function instead of relying on `/..`.	2025-09-05 15:56:46 +02:00
Inverle	c44bb029c0	Fix log CRLF injection (#7883 ) * Fix log CRLF injection * empty -> space Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-08-31 20:05:30 +02:00
Inverle	200eafb352	Regenerate session ID on login (#7829 ) Follow-up to #7762 * Regenerate session ID on login * Send only one cookie * Improvements * Delete old session file * Simplify * Make function consistent with others	2025-08-30 21:40:00 +02:00
Inverle	379a387dde	Disallow setting non-existent language (#7878 ) The set language is used inside paths and can lead to issues by including PHP files from other locations	2025-08-30 16:26:24 +02:00
Inverle	43248b461d	Fix curl response parsing (#7866 ) * Fix curl response parsing * Specify redirect count with `\SimplePie\HTTP\Parser::prepareHeaders()` instead Simply notify SimplePie of the redirect count before parsing * Better error check * Simplify	2025-08-30 15:13:10 +02:00
Alexandre Alapetite	ade9ba8817	Call cleanCache when refreshing feeds (#7827 ) Otherwise, it is only called when calling `httpGet()` which can be rare for users not using Web Scraping. https://github.com/FreshRSS/FreshRSS/discussions/7784#discussioncomment-14109207	2025-08-15 09:37:00 +02:00
Alexandre Alapetite	ddb9e91bf2	Fix some PHP 8.5 deprecations (#7826 ) https://github.com/php/php-src/blob/php-8.5.0beta1/NEWS https://php.net/function.curl-close > This function has no effect. Prior to PHP 8.0.0, this function was used to close the resource.	2025-08-15 09:36:45 +02:00
Alexandre Alapetite	531b9286d9	Fix regression on_http_response (#7824 ) Fix regression (bad merge) from https://github.com/FreshRSS/FreshRSS/pull/7775 * https://github.com/FreshRSS/simplepie/pull/50	2025-08-14 09:35:30 +02:00
Alexandre Alapetite	eaf69f591f	SimplePie Fix regex backtrack limit in clean_hash() (#7813 ) https://github.com/FreshRSS/simplepie/pull/48 and merge upstream https://github.com/FreshRSS/simplepie/pull/49 fix https://github.com/FreshRSS/FreshRSS/issues/7807 We had a risk of hitting `Backtrack limit was exhausted` in case of open XML comment `<!--` not closed and followed by a very long document. Fixed by: * Limiting the max length of the comment * Stopping at an apparent end of CDATA section `]]>` as it is likely an error It does not matter much if there are rare cases when the regex does not work perfectly, as it is only used for a cache hint.	2025-08-11 00:52:09 +02:00
Inverle	2b85a50ed7	Show warning when unsafe CSP policy is in use (#7804 ) * Show warning when unsafe CSP policy is in use * Fix bare markdown URL * i18n: fr * Minor i18n: fr * Add target="_blank" to i18n strings --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>	2025-08-09 21:47:39 +02:00
Inverle	d9197d7e32	New JS attribute: `data-auto-leave-validation` (#7785 ) Instead of a repeating pattern like: `<input type="text" value="something" data-leave-validation="something">`, you can now put a `data-auto-leave-validation="1"` attribute on a `<form>` for example, and it will automatically set the `data-leave-validation` attributes inside the form elements. `data_auto_leave_validation(parent)` from `extra.js` is called on slider open and page load. --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr> Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>	2025-08-08 17:39:38 +02:00

1 2 3 4 5 ...

929 Commits