mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-02-01 00:51:13 -05:00
Code Issues Packages Projects Releases Wiki Activity
2,620 Commits 2 Branches 84 Tags
2f2a3853312df7ecd8700368ffb29b057ec79755
Commit Graph

58 Commits

Author SHA1 Message Date
Alexandre Alapetite
44be16d4fb X-Content-Type-Options: nosniff 
https://github.com/FreshRSS/FreshRSS/issues/1114
 2016-03-08 18:28:04 +01:00
Alexandre Alapetite
cbac2afd23 CSP compatibility with Firefox older than 45 
https://github.com/FreshRSS/FreshRSS/pull/1075
https://github.com/FreshRSS/FreshRSS/pull/1078
https://developer.mozilla.org/en-US/Firefox/Releases/45#Security
https://bugzilla.mozilla.org/show_bug.cgi?id=1045891
 2016-03-01 21:56:19 +01:00
Alexandre Alapetite
38c2d671e3 CSP different policies per controller 
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-21 21:25:23 +01:00
Alexandre Alapetite
cb913a3a76 CSP for statistics and forms 
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-21 19:15:23 +01:00
Alexandre Alapetite
e3dc7d46e1 CSP: Use inline JSON instead of one-time cookie 
Simpler, lighter
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-21 14:23:24 +01:00
Alexandre Alapetite
8cdf44c87b CSP allow iframes 
E.g. for YouTube videos, etc.
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-17 01:17:56 +01:00
Alexandre Alapetite
e4a459a6ed CSP no inline javascript draft 
https://github.com/FreshRSS/FreshRSS/issues/1075
 2016-02-16 23:53:39 +01:00
Alexandre Alapetite
79f0f2bbb4 Bug Page 403 ne peut s'afficher si Translate n'est pas instancié avant 
https://github.com/FreshRSS/FreshRSS/issues/821
 2015-05-10 18:21:21 +02:00
Marien Fressinaud
789d9fc6c8 Fix coding style in extension manager 
Yep, same as 8968288...
 2015-01-14 23:40:18 +01:00
Marien Fressinaud
67375537e4 Init auth before user configuration 
Add a lot of comments to explain how work the FRSS front controller and
the order of initializations.

Fix https://github.com/FreshRSS/FreshRSS/issues/745
 2015-01-09 19:34:02 +01:00
Marien Fressinaud
73023bc12b Merge branch 'dev' into 252-extensions 
Conflicts:
	app/FreshRSS.php
	app/Models/Configuration.php
	app/views/index/index.phtml
	app/views/index/normal.phtml
	lib/Minz/Configuration.php
	lib/Minz/Translate.php
	lib/lib_rss.php
 2015-01-08 14:18:32 +01:00
Marien Fressinaud
2fd8a80878 Add first test for a generic ConfigurationSetter 
We are blocked if a setter has to update several values.
ConfigurationSetter will be updated.

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-07 16:36:55 +01:00
Marien Fressinaud
4c128e05a4 Reorganize FreshRSS init 
See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-07 16:13:57 +01:00
Marien Fressinaud
0140448a56 Refactor FreshRSS_Share object to be more usable 
- FreshRSS_Share is the only object we manipulate
- Add a way to register new share options easily
- Move some i18n keys from index.php to gen.php

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-07 14:59:18 +01:00
Marien Fressinaud
ce10f48274 Fix a bug in i18n init 
See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-06 23:20:54 +01:00
Marien Fressinaud
addcea9cd4 Fix i18n loading and availableLanguages calls 
- Change the way to init i18n
- Add a availableLanguages() method to Minz_Translate

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-06 21:10:51 +01:00
Marien Fressinaud
d3a93ea290 BREAKING FEATURE: Remove general in config 
General attribute has been removed from system config.
Now subattributes (e.g. environment, salt, title, etc.) are directly accessible.

YOU HAVE TO FIX YOUR ./data/config.php file!

- Remove the general array
- Values inside this array must be kept
- To see what it must look like, please have a look to ./data/config.default.php
  (but keep your values!!).

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-06 18:53:36 +01:00
Marien Fressinaud
7cca47d1ab Change name of user configuration var in Context 
- FreshRSS_Context::$conf is replaced by FreshRSS_Context::$user_conf
- Introduce FreshRSS_Context::$system_conf
- Remove FreshRSS_Configuration object

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-05 22:45:03 +01:00
Marien Fressinaud
51a71ec4b9 New configuration system (not working yet) 
- Use only Minz_Configuration
- register() method to load a new configuration file
- get() to get a configuration
- new exceptions related to configuration
- fix a list configuration calls to have FRSS working

Current problems to resolve:

- How to handle configuration param verifications (i.e. check auth_type
  is a value from none, http_auth, persona or form)
- We must use $conf = Minz_Configuration::get('system'); $general_conf = $conf->general;
  to access global system configuration which is quite annoying. How to change that?

See https://github.com/FreshRSS/FreshRSS/issues/730
 2015-01-05 16:54:16 +01:00
Marien Fressinaud
2232d1e02a Load user extensions after all the global inits 
See https://github.com/FreshRSS/FreshRSS/issues/252
 2014-12-07 15:45:34 +01:00
Marien Fressinaud
4c888590e6 Improve system/user types for extensions 
- system extensions can only be managed by an administrator
- system extensions are loaded for all users (even if not logged)
- user extensions are loaded for logged users only
- system extensions loading is saved in global config.php file

See https://github.com/FreshRSS/FreshRSS/issues/252
 2014-12-06 16:41:06 +01:00
Marien Fressinaud
f1fd1091b9 Remove old code for extensions 2014-12-04 20:43:05 +01:00
Marien Fressinaud
1086ba4a2b Enable extensions for users 2014-12-04 19:47:43 +01:00
Marien Fressinaud
86f69ca396 First draft for the new extension feature 
- Only system extensions can be loaded for the moment by adding them in the config.php
  file.
- Remove previous system (it will be added properly in the new system in the next step).
 2014-12-04 19:33:29 +01:00
Marien Fressinaud
eb60b82959 Move back i18n init in FreshRSS.php 2014-10-22 18:06:28 +02:00
Marien Fressinaud
80cffa6de5 Views are in dedicated actions + improve Context 
- Seperate normal, global and rss outputs in dedicated actions (NOT WORKING YET!)
- Rewrite aside_flux and nav_menu to use Context object
- Improve Context object

See https://github.com/marienfressinaud/FreshRSS/issues/634
 2014-10-21 16:55:19 +02:00
Marien Fressinaud
1a22a87fb1 Use FreshRSS_Context::$conf only 
- Replace $this->view->conf in controllers
- Replace $this->conf in views
 2014-10-20 18:45:22 +02:00
Marien Fressinaud
ad92dd7dae First draft for Context object. 
See https://github.com/marienfressinaud/FreshRSS/issues/634
 2014-10-20 18:21:10 +02:00
Marien Fressinaud
1252b3dd86 Authentication system moved + Persona comes back! 
AuthController is dedicated to auhentication.
Persona is back, greater than ever!

See https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-07 16:37:10 +02:00
Marien Fressinaud
79aa5beaf4 Refactor authentication system. 
Big work, not finished. A lot of features have been removed.

See https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-06 23:29:20 +02:00
Marien Fressinaud
d8f4681382 Replace Minz_Log::record by corresponding methods 
Please not use Minz_Log::record anymore!

See https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-05 19:35:29 +02:00
Marien Fressinaud
65ab90d3c7 Coding style (views) 
See https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-05 19:11:43 +02:00
Marien Fressinaud
6c8b36f04e Let's begin the big refactoring! 
Minz_Translate::t\s? replaces by _t

See https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-05 15:55:20 +02:00
Alexandre Alapetite
febabccdd5 Primitive extension system 
https://github.com/marienfressinaud/FreshRSS/issues/252
I have been using this extension system for a little while, in
particular to include custom CSS and/or JavaScript (inclusion of PHP
code is not done yet).
There is very little code and it does not impact performances.
I hurry to post it before
https://github.com/marienfressinaud/FreshRSS/issues/655
 2014-10-05 12:14:22 +02:00
Alexandre Alapetite
de5c0bc009 Misc minor details + a few i18n corrections 
https://github.com/marienfressinaud/FreshRSS/issues/618
 2014-09-17 21:19:48 +02:00
Marien Fressinaud
fc7d2a0bf2 Move http referer test into lib_rss 
Rename method (coding style)
Change in app/FreshRSS.php
Improve test of app/install.php
 2014-09-17 14:21:56 +02:00
Marien Fressinaud
69c7c1aa48 Change loading of base-theme css 
If metadata.json indicates it should use "_template.css" or "_base.css",
base-theme/template|base.css is used. It facilitates theme maintenance.
 2014-09-15 15:55:35 +02:00
Alexandre Alapetite
a126d99b3c Bug referer for systems with non-standard HTTP port 
Now tests also for the scheme and port, which must be identical to the
ones in the referer.

https://github.com/marienfressinaud/FreshRSS/issues/565#issuecomment-53916915
https://github.com/marienfressinaud/FreshRSS/issues/554
 2014-08-30 18:31:50 +02:00
Alexandre Alapetite
ee1b8f6f72 Long term cookie to keep session open 
Token system
https://github.com/marienfressinaud/FreshRSS/issues/465
 2014-08-13 00:09:48 +02:00
Alexandre Alapetite
274c8096e3 Experimental: Removed lazyload.js and use postpone attribute instead 
https://github.com/marienfressinaud/FreshRSS/issues/316
The performance of lazyload.js was not good enough, and not really
needed anyway.
This change mostly affects mainly situations when the content of
articles is shown by default, not so much when they are collapsed
Using HTML5 lazyload and postpone attributes by default on all img,
audio, iframe, video.
http://www.w3.org/TR/resource-priorities/#attr-postpone
Postpone attribute is removed by JavaScript if the user does not want
the lazyload behaviour.
In the case when users do want the lazyload behaviour, in normal view
with articles hidden, we furthermore use the data-original approach to
be sure to support current browsers.
+Corrected some bugs with enclosures, and some images not appearing
before the first scroll.
+Now faster regex processing img and iframe at once (was not practical
with lazyload.js)
 2014-08-02 19:57:15 +02:00
Alexandre Alapetite
a0930a5ad6 Strict Referer domain against XSRF 
https://github.com/marienfressinaud/FreshRSS/issues/554
 2014-08-01 23:22:41 +02:00
Alexandre Alapetite
35be1769de Basic protection against XSRF using Referer 
https://github.com/marienfressinaud/FreshRSS/issues/554
Also edited the error controler to use the log message passed in
Minz_Error::error().
 2014-08-01 20:20:25 +02:00
Alexandre Alapetite
5e9c60752c Actualize : Tolère PHP lancé en CGI plutôt que CLI 
Corrige https://github.com/marienfressinaud/FreshRSS/issues/405
+ Message d'erreur en cas de problème de droits dans ./data/ (par
exemple si le cron utilise un mauvais utilisateur)
 2014-02-01 12:23:12 +01:00
Alexandre Alapetite
f121df42ee Montre toggle_aside seulement pour le mode normal 
Corrige https://github.com/marienfressinaud/FreshRSS/issues/373
Au passage, introduit une classe au niveau `body` avec le nom de la vue
en cours (pas utilisé pour l'instant)
 2014-01-22 22:22:36 +01:00
Alexandre Alapetite
fd26178d7c Lien pour ajouter des flux quand FreshRSS est vide 
https://github.com/marienfressinaud/FreshRSS/issues/355
+ Correction bug cache thèmes du précédant patch
 2014-01-13 23:31:07 +01:00
Alexandre Alapetite
f720d41cbf Mise à jour nom thèmes + chargement robuste des thèmes 
Renomme : default -> Origine
En cas de thème introuvable, charge le thème par défaut, sinon le
premier disponible.
https://github.com/marienfressinaud/FreshRSS/issues/120
 2014-01-13 22:27:22 +01:00
Alexandre Alapetite
015ff4caf6 Corrige chargement des icônes spéciales aux thèmes 
Corrige
https://github.com/marienfressinaud/FreshRSS/issues/327#issuecomment-32135077
 2014-01-12 23:32:15 +01:00
Alexandre Alapetite
d58886a937 Implémentation de l'indentification par mot de passe 
Implémentation de
https://github.com/marienfressinaud/FreshRSS/issues/104
 2014-01-12 03:10:31 +01:00
Alexandre Alapetite
ae386823ab Revert "Debug Persona temporaire" 
This reverts commit 1fb25addd0.
 2014-01-07 18:00:03 +01:00
Alexandre Alapetite
1fb25addd0 Debug Persona temporaire 
https://github.com/marienfressinaud/FreshRSS/issues/347
 2014-01-05 17:35:38 +01:00