* Show warning when unsafe CSP policy is in use
* Fix bare markdown URL
* i18n: fr
* Minor i18n: fr
* Add target="_blank" to i18n strings
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Instead of a repeating pattern like: `<input type="text" value="something" data-leave-validation="something">`, you can now put a `data-auto-leave-validation="1"` attribute on a `<form>` for example, and it will automatically set the `data-leave-validation` attributes inside the form elements.
`data_auto_leave_validation(parent)` from `extra.js` is called on slider open and page load.
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
* Add Persian (fa) translations for FreshRSS
* Fix Persian translation and syntax issues
* Apply fix-all for Persian translation2
* Fix syntax errors and update Persian translations
* Mark untranslated strings as IGNORE and fix remaining TODOs
* make fix-all
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Implement sudo mode / reauthentication
* i18n: fr
* generate flags
* Improvements
* Remove HMAC check
* Don't require reauth to access logs when signed in as admin
* Notify user of bad login via notification instead
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Show translation status in README.md
* Fix colon
* markdownlint: Allow tag `<translations>`
* Use mostly Unicode flags instead
* Only `oc.svg` remains in an image format
* `check.translation.php` still supports `.png` even though there aren't any PNGs as of right now
* Fix CodeSniffer
* Attempt approach with generating local SVGs
* Fixes for local SVG approach
* Cleanup old code
* PHPStan fix
* Remove decimal precision from percentages
* Suggestions + better error messages
* codesniffer fix v2
* Revert `ghSearchUrl` change
* Generate readme
* Fix syntax highlight, maybe
* Regenerate
* Update help message
* Use existing translation files instead of .txt
* Add test against wrong Unicode flag
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Closes#3789, #6503
Icon setting when no custom icon is set yet:
- `Change...` button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. `Submit` must be clicked after selecting the icon.
- `Reset to default` changes the preview icon to the default one, and also requires `Submit` to be clicked to apply the changes.
Full list of changes:
- CSP now includes `blob:` in `img-src` for
- `indexAction()` and `feedAction()` in `subscriptionController.php`
- all of the view actions in `indexController.php`
- Introduce new attribute `customFavicon (boolean)` for feeds that indicates if the feed has a custom favicon
- `hashFavicon()` in `Feed.php` is dependent on this attribute
- `hashFavicon()` has a new parameter called `skipCache (boolean)` that allows the reset of the favicon hash for the Feed object
- `resetFaviconHash()` just calls `hashFavicon(skipCache: true)`
- `f.php` URLs now have the format of `/f.php?h=XXXXX&t=cachebuster`, where the `t` parameter is only used for serving custom favicons
- if `t` parameter is set, `f.php` returns a `Cache-Control: immutable` header
- `stripos` and `strpos` were changed to `str_contains` in various places (refactor)
- JS for handling the custom favicon configuration logic is in `extra.js` inside `init_update_feed()` which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded
- Server-side code for uploading the icon in `subscriptionController.php` under `feedAction()`
- Errors that may occur during the setting of a custom favicon:
- Unsupported image file type (handled only server-side with `isImgMime()`)
- When the file is bigger than 1 MiB (default), handled both client-side and server-side
- Standard feed error when `updateFeed()` fails
- JS vars `javascript_vars.phtml` are no longer escaped with `htmlspecialchars()`, instead with json encoding,
- CSS for disabled buttons was added
- Max favicon file size is configurable with the `max_favicon_upload_size` option in `config.php` (not exposed via UI)
- Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first.
- ` faviconPrepare()` and `faviconRebuild()` are not allowed to be called when the `customFavicon` attribute is `true`
- New i18n strings:
- `'sub.feed.icon' => 'Icon'`
- `'sub.feed.change_favicon' => 'Change…'`
- `'sub.feed.reset_favicon' => 'Reset to default'`
- `'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'`
- `'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'`
- `'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'`
- Extension hook `custom_favicon_hash`
- `setCustomFavicon()` method
- `resetCustomFavicon()` method
- `customFaviconExt` and `customFaviconDisallowDel` attributes
- example of usage: https://github.com/FreshRSS/Extensions/pull/337
- Extension hook `custom_favicon_btn_url`
- Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the `extAction` field set to either `query_icon_info` or `update_icon`, along with an `id` field which describes the feed's ID.
* + Exposed the reading modes for extensions through Minz. Now extensions can add a custom view mode. Graceful fallback to normal view in case the extension was disabled without resetting the view_mode through the uninstall method. In that case the user will be informed via Minz_Request::setBadNotification that the view has been reset to normal.
+ Added translation strings for de, en and en-us for the notification
* + Added missing, generated translations
* Simplify indexAction, performance
* Minor settings htmlspecialchars
* i18n: fr
* Minor wording
* Doc
* Fix i18n
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Add API endpoint for extensions
Useful for https://github.com/FreshRSS/FreshRSS/issues/7572
* Support PATH_INFO
Now also support being invoked like `/api/misc.php/Extension%20Name/`
* More documentation
* Update 10_filter.md to provide detailed explanations of the time syntax.
* Update 03_Main_view.md to provide detailed explanations of the time syntax.
* Reworded
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Add documentation for OIDC login via Pocket IT
* Images for the Pocket ID OIDC docs
* Update 16_OpenID-Connect.md
* Recompress images (too big)
* Fix typo and reduce long lines
* Remove advise on changing username
Which only work to some extent with SQLite (breaking a few minor things such as WebSub, API) and not at all with other databases
---------
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* New feed mode: HTML + XPath + JSON dot notation (JSON in HTML)
Same as `JSON+DotNotation` but first extracting the JSON string from an HTML document thanks to an XPath expression.
Example: `//script[@type='application/json']`
fix https://github.com/FreshRSS/FreshRSS/discussions/6876
* JavaScript UI to show/hide new field
* Casing xPathToJson
* Slight renaming
* Apache protect more non-public folders
* Also protect root
* Do the same for /p/
* Simplify Require all denied
In case of Apache 2.2, it will just make an error 500 instead of 403
* .htaccess.dist
* Simplify
* Better comment
