* More robust application of access permissions
We were in particular missing directory traversal `+X` in our current recommendations.
Extracted to own shell script so it can easily be invoked.
Update access permissions in Docker to account to be more robust.
#fix https://github.com/FreshRSS/FreshRSS/discussions/5037
* Minor simplification
* Restrict mkdir permissions
Default mkdir permissions are 0777, which is not good for security, so downgrade to 0770.
* Easier full-text search possibility
Contributes to https://github.com/FreshRSS/FreshRSS/issues/1331
Avoid concats in searches to make text indexes easier to build
* Fix tests
* Documentation
* Custom logo HTML
Add option for custom HTML logo/title in the main Web UI view.
Can potentially be different per user.
#fix https://github.com/FreshRSS/FreshRSS/pull/3830/files#r850472247
* logo_html in main config
With new `./data/config.custom.php` to provide custom values before install
* Docker documentation
* whitespace
* Auto relax CSP to allow images for HTML logo
* Documentation
* Update 05_Backup.md
* Update 05_Backup.md
* Update docs/en/admins/05_Backup.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/05_Backup.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/05_Backup.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/05_Backup.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* add HTTP_REMOTE_USER header for auth
* add ip whitelist for HTTP_REMOTE_USER header
* add IPv6 support for header auth
* fix formatting
* A few fixes
* Add some default trusted sources
* Fix IPv6 doc
* More standard header names
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* first draft
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update 15_extensions.md
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update docs/en/admins/15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Update 15_extensions.md
* Update 15_extensions.md
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Use typographic quotes
* A few fixes
* Fix
* Fix not saved
* Implement feedback
* Detail
* Revert spoken English fixes
Left for a future dedicated discussion
* More reverts
* Final reverts
* Final minor
* Draft 1 of Default User page
* Draft1 of User Management page
* Update 01_Index.md
* Update 12_User_management.md
* fix failing pipeline
* Apply suggestions from code review
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Improved markdownlint
* Relaxed rules slighlty
* `npm run markdownlint` for automatic tests
* `npm run markdownlint_fix` for automatic syntax fixing
* Applied the fixes on all our Markdown files
* Remove file data/do-install.txt
This file was painful during update because we had to remember to delete
it each time. It added a security issue by allowing an attacker to
reinstall FreshRSS during the update process.
The (more powerful) file data/applied_migrations.txt has been introduced
in 8619cf6fa to replace do-install.txt. We had to wait for at least one
release in order to make sure existing instances of FreshRSS created the
migration file. It should be ok now.
* Replace i18n install.not_deleted key
* Update documentation to update FreshRSS
* adding self CREDITS.md
* add "theme" to link for easier navigation
* add documentation about themes and the files that go in them
* add admin documentation for themes
* fix markdown styling
* fix CSSJanus usage
* remove outdated mailing list information
* add information about normal view
* add information about global and reader view
* fix import section header
* reorder documentation to reflect menu's order
* clarify setting as default in normal view
* add info about reading section for config
* fix heading levels, add info about archive + profile sections
* unfix heading levels
* move section on feed-specific settings to the subscription management page
* update information about adding feeds, add information about feed management
* fix link to security page in installation
* fix broken links
* fix broken link to install page
* add lighttpd from project readme
* add php modules to step 4, add horizontal line to better separate steps from footnotes visually
* fix broken link
* add index page for easier access of other pages
* move first steps document
* make dedicated bug reporting page
* make index page for linking to other pages
* moved fever API to relevant location, linked to index
* remove outdated mailing list information
* add information about normal view
* add information about global and reader view
* fix import section header
* reorder documentation to reflect menu's order
* clarify setting as default in normal view
* add info about reading section for config
* fix heading levels, add info about archive + profile sections
* unfix heading levels
* move section on feed-specific settings to the subscription management page
* update information about adding feeds, add information about feed management
* fix link to security page in installation
* fix broken links
* fix broken link to install page
* add lighttpd from project readme
* add php modules to step 4, add horizontal line to better separate steps from footnotes visually
* fix broken link
* add index page for easier access of other pages
* move first steps document
* make dedicated bug reporting page
* make index page for linking to other pages
* moved fever API to relevant location, linked to index
* re-fix link
* remove mention of defunct mailing list
* grammar fix
* replace stream with feed
* add optional items, replace stream with feed
* replace stream with feed
* fix word choice
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* fix word choice
better reflect age of project
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* grammar fixes
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* remove double headings
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* change single quote to double quote for consistency
* add subreddit link
* change php module list to Dockerfile link
* fix link to developer index, change html links to md for consistency
* update css selector terms
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
There is a CLI command to export from any database to a SQLite database
and also a CLI command to import a SQLite database to any database than
need to be documented.
See #961
* Add auto-registration when using http_auth
* Document HTTP auth auto-registration
* Check email variable for HTTP auth auto-registration
* Auto-create HTTP users by default
* Fix Context init
(I will provide in another PR a better fix requiring a bit of global refactoring)
* Init language
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Change default TAG in Makefile
We are going to drop the `dev` branch. The Docker tag `dev-*` are based
on this branch and so there will be no longer be generated. We must use
images based on the `master` branch (i.e. `latest`, `alpine` and `arm`).
* Remove references to dev branch in documentation
* Synchronize French documentation
* Update Readme.conf
Add information in Readme.conf to hopefully stop bug reports about intended behavior.
* Update README.md
Co-Authored-By: pattems <patrick@crandol.com>
* Update README.md
Co-Authored-By: pattems <patrick@crandol.com>
* Update README.md
Co-Authored-By: pattems <patrick@crandol.com>
* Update README.md
Co-Authored-By: pattems <patrick@crandol.com>
* Update Readme
* Update Documentation Section
* Add main Documentation link near top of Document
* Make Documentation header a link
* Fix spelling mistake I didn't catch
* Apply suggestions from code review
Co-Authored-By: pattems <patrick@crandol.com>
* Changes per Frenzie comments
* Move non-disclaiming disclaimer
* English Admin Documentation Update
* Add Backup section
* Update wording in Index
* Move Footnotes to End
* Move Footnote
* Add content for todos
* Fix typos
* Fix a bunch of typos
* Remove a duplicated file (forgotten during dev merge)
* Improve the documentation a bit
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
