mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-15 10:43:55 -04:00
Code Issues Packages Projects Releases Wiki Activity
7,003 Commits 3 Branches 85 Tags
6b5304b8258fa12e2aecf28e5b99111bd94de288
Commit Graph

7003 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Alexandre Alapetite
3776e1e48f Improve favicon hash (#7505) 
* Favicon hash proxy
Content provided through a proxy may be completely different, so the feed hash must account for that

* Fix typing

* Hash of Web site in priority for favicons

* Continue

* Revert some minor changes
 2025-04-26 14:19:54 +02:00
Alexandre Alapetite
d1f9b6c232 SimplePie: Fix support for feeds with XML preample + DTD (#7515) 
Regression from https://github.com/FreshRSS/FreshRSS/pull/4374
fix: https://github.com/FreshRSS/FreshRSS/issues/7514
https://github.com/FreshRSS/simplepie/pull/35
Upstream PR: https://github.com/simplepie/simplepie/pull/914
 2025-04-18 14:59:46 +02:00
Inverle
30b3180ed4 Update CREDITS.md (#7509) 2025-04-14 00:26:08 +02:00
Inverle
4dbd98b1d5 Update Polish translation (#7508) 
* Update Polish translation

* corrections

* make fix-all

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-04-13 23:45:30 +02:00
Alexandre Alapetite
f58dea6a5a SimplePie forbit formaction attribute (#7506) 
Sanitize buttons with a form or formaction attribute.
 2025-04-13 00:01:09 +02:00
Alexandre Alapetite
be73c6d669 Fix regression ext.php (#7499) 
fix https://github.com/FreshRSS/FreshRSS/issues/7498
Regression from https://github.com/FreshRSS/FreshRSS/pull/7495
 2025-04-08 10:25:42 +02:00
Alexandre Alapetite
a585b935d5 Changelog 2025-04-07 10:15:03 +02:00
Alexandre Alapetite
0c33d27139 Secure serving of user files from extensions (#7495) 
* Secure serving of user files from extensions
fix https://github.com/FreshRSS/FreshRSS/issues/4930

* More fixes

* Typo
 2025-04-07 08:47:42 +02:00
Alexandre Alapetite
d3d9acca9f Web scraping forbid security headers in cURL (#7496) 
Prevent using `Remote-User`, `X-WebAuth-User` during Web scraping.
 2025-04-07 08:33:13 +02:00
Alexandre Alapetite
54e2f9107d Disallow iframe srcdoc for now (#7494) 
We do not sanitize this attribute well enough, so striped for now.
It is rarely used: I have not seen any use of it in any of my many test feeds.
Can be added back when we can handle its inherent security issues better.
 2025-04-06 00:47:45 +02:00
Alexandre Alapetite
d858053a7c Use HTTP POST for logout (#7489) 
* Use HTTP POST for logout
To avoid potential CSRF risks

* Fixed button font issue

* Minor whitespace
 2025-04-05 23:15:37 +02:00
Frans de Jonge
711a14fd9c Add :focus style to .dropdown-menu .item (#7491) 
So you can see keyboard focus.

In reply to <https://github.com/FreshRSS/FreshRSS/pull/7489#issuecomment-2774759046>.
 2025-04-05 22:23:54 +02:00
maTh
92c9293865 fix regression mapco/ansum theme (#7490) 
fix of https://github.com/FreshRSS/FreshRSS/pull/7489#discussion_r2023760515

Regression #7314
 2025-04-03 22:50:29 +02:00
Alexandre Alapetite
78dfb44060 Pass phpstan-strict-rules 2.0.4 (#7488) 
New check for Boolean in while conditions
Replace https://github.com/FreshRSS/FreshRSS/pull/7481
 2025-04-02 00:46:28 +02:00
dependabot[bot]
ca2693441c Bump sass from 1.85.1 to 1.86.1 (#7487) 
Bumps [sass](https://github.com/sass/dart-sass) from 1.85.1 to 1.86.1.
- [Release notes](https://github.com/sass/dart-sass/releases)
- [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md)
- [Commits](https://github.com/sass/dart-sass/compare/1.85.1...1.86.1)

---
updated-dependencies:
- dependency-name: sass
  dependency-version: 1.86.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 21:18:05 +02:00
dependabot[bot]
632c545b96 Bump stylelint from 16.16.0 to 16.17.0 in the stylelint group (#7486) 
Bumps the stylelint group with 1 update: [stylelint](https://github.com/stylelint/stylelint).


Updates `stylelint` from 16.16.0 to 16.17.0
- [Release notes](https://github.com/stylelint/stylelint/releases)
- [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/stylelint/stylelint/compare/16.16.0...16.17.0)

---
updated-dependencies:
- dependency-name: stylelint
  dependency-version: 16.17.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: stylelint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 21:14:38 +02:00
dependabot[bot]
647b79b645 Bump the eslint group with 2 updates (#7485) 
Bumps the eslint group with 2 updates: [eslint](https://github.com/eslint/eslint) and [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js).


Updates `eslint` from 9.22.0 to 9.23.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/compare/v9.22.0...v9.23.0)

Updates `@eslint/js` from 9.22.0 to 9.23.0
- [Release notes](https://github.com/eslint/eslint/releases)
- [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md)
- [Commits](https://github.com/eslint/eslint/commits/v9.23.0/packages/js)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.23.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 21:14:19 +02:00
dependabot[bot]
d1c2ab3d86 Bump phpstan/phpstan-phpunit from 2.0.4 to 2.0.6 (#7484) 
Bumps [phpstan/phpstan-phpunit](https://github.com/phpstan/phpstan-phpunit) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/phpstan/phpstan-phpunit/releases)
- [Commits](https://github.com/phpstan/phpstan-phpunit/compare/2.0.4...2.0.6)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-phpunit
  dependency-version: 2.0.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 21:14:01 +02:00
dependabot[bot]
f7be03d56a Bump squizlabs/php_codesniffer from 3.11.3 to 3.12.0 (#7483) 
Bumps [squizlabs/php_codesniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.11.3 to 3.12.0.
- [Release notes](https://github.com/PHPCSStandards/PHP_CodeSniffer/releases)
- [Changelog](https://github.com/PHPCSStandards/PHP_CodeSniffer/blob/master/CHANGELOG.md)
- [Commits](https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.11.3...3.12.0)

---
updated-dependencies:
- dependency-name: squizlabs/php_codesniffer
  dependency-version: 3.12.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 21:13:46 +02:00
dependabot[bot]
453a46af4e Bump phpstan/phpstan from 2.1.8 to 2.1.11 (#7482) 
Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 2.1.8 to 2.1.11.
- [Release notes](https://github.com/phpstan/phpstan/releases)
- [Changelog](https://github.com/phpstan/phpstan/blob/2.1.x/CHANGELOG.md)
- [Commits](https://github.com/phpstan/phpstan/compare/2.1.8...2.1.11)

---
updated-dependencies:
- dependency-name: phpstan/phpstan
  dependency-version: 2.1.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 20:59:44 +02:00
dependabot[bot]
e167150739 Bump peter-evans/dockerhub-description from 4.0.0 to 4.0.1 (#7480) 
Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 4.0.0 to 4.0.1.
- [Release notes](https://github.com/peter-evans/dockerhub-description/releases)
- [Commits](e98e4d1628...0505d8b048)

---
updated-dependencies:
- dependency-name: peter-evans/dockerhub-description
  dependency-version: 4.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-04-01 20:32:56 +02:00
Alexandre Alapetite
d3aaefb1f6 Fix ext.php: Restrict valid paths in ext.php for extensions (#7479) 
* Fix ext.php: Restrict valid paths in ext.php for extensions
Rework https://github.com/FreshRSS/FreshRSS/pull/7474

* Fix wrong variable
 2025-04-01 19:13:27 +02:00
22cs
89b0e1168e Update 10_filter.md to provide detailed explanations of the time syntax. (#7464) 
* Update 10_filter.md to provide detailed explanations of the time syntax.

* Update 03_Main_view.md to provide detailed explanations of the time syntax.

* Reworded

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-04-01 17:55:39 +02:00
Alexandre Alapetite
3336631a84 Catch extension exceptions in override (#7475) 
* Catch extension exceptions in override
https://github.com/FreshRSS/Extensions/pull/300#issuecomment-2768578464

* Fix error message
 2025-04-01 17:55:20 +02:00
Alexandre Alapetite
dbdadbb410 Make update URL readonly (#7477) 
The security risks look higher than the minor convinience
Modify https://github.com/FreshRSS/FreshRSS/pull/1024
 2025-04-01 17:54:52 +02:00
Alexandre Alapetite
5cb73fa220 Restrict valid paths in ext.php for extensions (#7474) 
* Restrict valid paths in ext.php for extensions

* Disallow absolute paths as well
 2025-04-01 17:53:33 +02:00
Alexandre Alapetite
aa3867ae12 Partial revert Referrer-Policy (#7478) 
https://github.com/FreshRSS/FreshRSS/pull/6303#issuecomment-2768907702
Was already implemented conditionally
https://github.com/FreshRSS/FreshRSS/pull/1198
 2025-04-01 12:38:37 +02:00
maTh
1f624bc5e2 Referrer-Policy: same-origin (#6303) 
* Referrer-Policy: same-origin

* same-origin for our own images

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-04-01 12:23:56 +02:00
𝗛𝗼𝗹𝗶
238d5a48e4 Update CREDITS.md (#7476) 
* Update CREDITS.md

Credit for myself

* Fix

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-04-01 11:55:31 +02:00
𝗛𝗼𝗹𝗶
4c6bd24eec Improve Turkish Language (#7442) 
* Improve Turkish Language

* fix

* Update gen.php

* Update app/i18n/tr/gen.php

Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>

* Update sub.php

* edit

* edit

* make fix-all

* Mark lines as ignored

* Typo

* Update sub.php

---------

Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-04-01 11:30:09 +02:00
Alexandre Alapetite
d81dbc44b8 Fix escaping of tag search (#7468) 
* Fix escaping of tag search
fix https://github.com/FreshRSS/FreshRSS/issues/7466

* Minor clarity
 2025-04-01 09:39:16 +02:00
Alexandre Alapetite
426e3054c2 Add CSP to favicons (#7471) 
E.g. for the case of SVGs
 2025-04-01 09:27:33 +02:00
Alexandre Alapetite
d0b9611319 Update bcrypt.js from 2.4.4 to 3.0.2 (#7449) 
https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0
Can be updated to the latest version with:
`curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js`
 2025-03-25 10:19:51 +01:00
hkcomori
9e8c306b3e JavaScript: new event to detect context loaded (#7452) 
* Add JavaScript event: freshrss:globalContextLoaded

* Update docs

* Update docs: fix typo
 2025-03-25 10:18:33 +01:00
Glyn Normington
a130f96646 Credit myself (#7455) 2025-03-24 20:16:06 +01:00
Alexandre Alapetite
9114b9a06a Support multiple JSON fragments in HTML+XPath+JSON mode (#7369) 
* Support multiple JSON fragments in HTML+XPath+JSON mode
fix https://github.com/FreshRSS/FreshRSS/discussions/7352#discussioncomment-12295475
E.g. HTML with one `<script type="application/ld+json">...</script>` per item.

* Better help messages
 2025-03-24 14:08:43 +01:00
Glyn Normington
b0a3ae1e7a Clarify MINZ usage (#7426) 
* Clarify MINZ usage

MINZ (archived, read-only) is not a dependency
of FreshRSS, which would be very concerning.

Instead, FreshRSS copied MINZ and has evolved
it since then under the same license.

Ref: https://github.com/FreshRSS/FreshRSS/discussions/7425

* Move credits to README

* Delete credits from web UI

* Additional changes

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-03-24 14:04:10 +01:00
maTh
0217c83979 Themes: .btn padding + small adjustments (#7168) 
Closes https://github.com/FreshRSS/FreshRSS/issues/6262

Changes proposed in this pull request:

- CSS: the search button was too big/not flexible enough for the height because of the padding


How to test the feature manually:

1. browser configuration: change the default font size from (`16`pt mostly) to `15` or `14`
2. go to subscription management -> `Subscription tools`
3. there should be no scroll bar (because the left hand side navigation is short and the content right hand side is short too)

Side effect: All buttons will be a bit smaller as before (because `px` -> `rem`) It should not be an issue at all
 2025-03-22 23:31:08 +01:00
Alexandre Alapetite
64bbb42553 Fix CLI flag parsing (#7430) 
* Fix CLI flag parsing
fix https://github.com/FreshRSS/FreshRSS/issues/7428

* Fix other places

* Forgotten debugging
 2025-03-22 23:17:52 +01:00
Alexandre Alapetite
72ad6e528c Fix API for labels with slash (#7437) 
fix https://github.com/FreshRSS/FreshRSS/issues/7435
 2025-03-22 23:16:59 +01:00
docxml
2567f76950 Update 02_Prerequisites.md (#7448) 
* Update 02_Prerequisites.md

Line numbers have varied over time

* Same for fr

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-03-22 23:16:20 +01:00
Alexandre Alapetite
68cb248bd5 Update PHPStan 2.1.8 (#7431) 
Fixing minor breaking changes
 2025-03-15 11:58:48 +01:00
Alexandre Alapetite
a607407f4b SimplePie sync upstream (#7434) 
https://github.com/FreshRSS/simplepie/pull/34
 2025-03-15 11:53:34 +01:00
Machou
f49e5cc7fe fr update (#7432) 
* Update admin.php

* Update conf.php
 2025-03-14 23:45:28 +01:00
Alexandre Alapetite
8483802407 Changelog 2025-03-13 23:15:53 +01:00
maTh
7de384bf9c Mark as read button: config for the size (#7314) 
* settings

* i18n: mark_read_button

* big, small, none

* fix

* Fixes

* make fix-all

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-03-13 23:10:48 +01:00
Alexandre Alapetite
a7361a3e7c Implement JSON string concatenation with & operator (#7414) 
Inspired by [JSONata syntax](https://docs.jsonata.org/expressions).
fix https://github.com/FreshRSS/FreshRSS/issues/6565
 2025-03-13 22:40:41 +01:00
Dezponia
df545b513b Add check for Apache mod_filter to ensure "AddOutputFilterByType" works. (#7419) 
* Update .htaccess

Add check for Apache mod_filter to ensure "AddOutputFilterByType" works.

* Explicit enabling mod_filter in our Docker images

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-03-13 22:40:26 +01:00
Alexandre Alapetite
e61f00cb64 Start FreshRSS 1.26.2 2025-03-13 22:39:11 +01:00
Alexandre Alapetite
0dc96b0214 Release 1.26.1 1.26.1 2025-03-13 22:24:02 +01:00