* Puts CSP everywhere in `p/api`
* including the HTML query page ❗
* Also in `p/ext.php`
* Puts `X-Content-Type-Options: nosniff` everywhere
* Fixes custom icon configuration not showing `blob:` icon in statsController (idle feeds)
* Also removes `style-src 'unsafe-inline'` since it doesn't seem to be needed
* Improves CSP of `p/f.php`
* Add `sandbox` directive
* PHPStan 2.0
fix https://github.com/FreshRSS/FreshRSS/issues/6989https://github.com/phpstan/phpstan/releases/tag/2.0.0https://github.com/phpstan/phpstan/blob/2.0.x/UPGRADING.md
* More
* More
* Done
* fix i18n CLI
* Restore a PHPStan Next test
For work towards PHPStan Level 10
* 4 more on Level 10
* fix getTagsForEntry
* API at Level 10
* More Level 10
* Finish Minz at Level 10
* Finish CLI at Level 10
* Finish Controllers at Level 10
* More Level 10
* More
* Pass bleedingEdge
* Clean PHPStan options and add TODOs
* Level 10 for main config
* More
* Consitency array vs. list
* Sanitize themes get_infos
* Simplify TagDAO->getTagsForEntries()
* Finish reportAnyTypeWideningInVarTag
* Prepare checkBenevolentUnionTypes and checkImplicitMixed
* Fixes
* Refix
* Another fix
* Casing of __METHOD__ constant
* Pass PHPStan level 8
And prepare for PHPStan level 9 https://phpstan.org/user-guide/rule-levels
* Revert wrong replace in comment
* Fix PHPStan level 8
* Update PHPStan and other dev dependencies
* Remove obsolete comment
* noVariableVariables and towards bleedingEdge
https://github.com/phpstan/phpstan-strict-ruleshttps://phpstan.org/blog/what-is-bleeding-edge
* More bleedingEdge
* A bit more PHPStan level 9
* More PHPStan level 9
* Prepare for booleansInConditions
Ignore int and null
* Revert wrong line
* More fixes
* Fix keep_max_n_unread
* Stricter attribute functions
* Stricter callHooks and more PHPStan level 9
* More typing
* A tiny more
* Little's optimisations and booleans in conditions
* Apply strict type
* Apply strict type
* Apply strict type
* Fix multiple bugs with PHP 8.2 and 8.3
* Many declares missing, more errors fixed
* Apply strict type
* Another approach
* Stronger typing for Minz_Session
* Fix case of SQLite
---------
Co-authored-by: Luc <sanchezluc+freshrss@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Fix extension freshrss_user_maintenance in actualize_script
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/3440
The hook was called before registering all the extensions for the current user
* PHPStan Level 6 for extensions
And remove 5-year old legacy format of enabled extensions < FreshRSS 1.11.1
* Fix multiple bugs in extensions
* Minor typing
* Don't change signature of methods supposed to be overridden
* PHPStan Level 9 and compatibility Intelliphense
* Set as final the methods not supposed to be overriden
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
I published an article via WebSub, but I never received it. So I checked
my logs to find why and I found the following stacktrace:
```
29/Dec/2019:15:58:32 +0000 "POST /api/pshb.php" 500
NOTICE: PHP message: PHP Fatal error: Uncaught Error: Call to undefined function _t() in /path/app/Models/Category.php:83
Stack trace:
/path/app/Models/CategoryDAO.php(417): FreshRSS_Category->_id(1)
/path/app/Models/CategoryDAO.php(192): FreshRSS_CategoryDAO::daoToCategory(Array)
/path/app/Models/Feed.php(466): FreshRSS_CategoryDAO->searchById('1')
/path/app/Controllers/feedController.php(416): FreshRSS_Feed->cleanOldEntries()
/path/p/api/pshb.php(141): FreshRSS_feed_Controller::actualizeFeed(0, 'https://flus.io...', false, Object(SimplePie))
{main}
thrown in /path/app/Models/Category.php on line 83
```
The `_t` function should be loaded with the Minz_Translate class, but
the latter isn't initialized on WebSub endpoint.
In my opinion, we should not have to care about this kind of detail of
implementation and it reveals a deeper architectural misconception, but
for now the fix should be enough. It’s quite difficult to reproduce
locally though.
Feeds using SuperFeeder for PubSubHubbub push had timeout problems
during substription.
SuperFeeder bot was returning 422 "We could not verify your callback
Error: ETIMEDOUT"
It seems to be due to the the fact that SuperFeeder bot uses keep-alive
but expects the server to close the connection.
https://github.com/FreshRSS/FreshRSS/issues/312#issuecomment-73716936
https://github.com/FreshRSS/FreshRSS/issues/312
Show whether PubSubHubbub is enabled in the Web interface of feed
configuration.
When PubSubHubbub is used, do not pull refresh so often (hard-coded to
max once per 24h for now).
Improved logic for lease renewal, and some detection of lease problems.
Updated read-me and changelog.
