This feature is optional. It is based on the presence of a
`data/tos.html` file that an administrator can create. If this file
exists, FreshRSS will automatically add a "ToS" checkbox on the
registration page that users must check to be able to create their
account.
* new users inherit defaults from config-user.php
* installer creates ./data/config-user.php
* fixed typo
* .gitignore fix
* fixed style issues
* Fixed comments
* Update according to feedback
- rename file into `data/config-user.custom.php`
- make it optional (and so, don't copy it during installation)
* fixup! Update according to feedback
* CLI to export/import any database to/from SQLite
Require PHP 5.5+ https://github.com/FreshRSS/FreshRSS/pull/2495
* Travis
* Execution rights
* Fix wrong static fields
* Fix MySQL bad default buffering
https://stackoverflow.com/questions/6895098/pdo-mysql-memory-consumption-with-large-result-set/6935271#6935271https://php.net/manual/ref.pdo-mysql
* Fix count on progression
* Avoid static DB information
To ease working with two DBs at the same time
* Less static, simplify
Needs some testing
* Small corrections
* Special case for SQLite to SQLite
* Modify special case for SQLite
* Remove special case for SQLite
More uniform logic for the 3 databases.
Fix wrong DROP TABLE for SQLite.
* Drop indexes
* Revert "Drop indexes"
This reverts commit f28d2bae09.
* Fix deletion
* Fix classic export
* Update cli/README.md
Co-Authored-By: Marien Fressinaud <dev@marienfressinaud.fr>
* Addressing part of review
* Remove goto 😢
* Travis
* Comment for SQLite case
* Fix missing fields when inserting
* fix: Make sure $disable_aside is initialized
There was a warning for an uninitialized variable, hidden in production
but visible in development mode.
* fix: Allow to delete account when email isn't validated
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
* Prevent window opener vulnerability with space shortcut
This change fixes a vulnerability introduced by `window.open()` on untrusted sources. It reproduces the effect of `rel="noreferrer"` with JS.
Cross browser solution from: https://stackoverflow.com/a/40593743
## Reproduction
> tested with Firefox 68
1. Add this RSS feed
2. Open the 2nd link "À propos de la faille de sécurité liée à target="_blank" **using the space key shortcut**.
3. Click on the first of three links "http://bookmarks.ecyseo.net"
Current behaviour: the FreshRSS tab changes.
Expected behaviour: no effect on FreshRSS
* Test for popup blockers
* Require PHP 5.5+
https://github.com/FreshRSS/FreshRSS/issues/2469#issuecomment-522255093
I think it would be reasonable to require PHP 5.5+ for the core of
FreshRSS after all.
As Frenzie said, WordPress currently requires PHP 5.6.20+, and it is the
most popular PHP application.
We would loose about 20% of the PHP servers according to
https://w3techs.com/technologies/details/pl-php/5/all but I expect this
number to drop fast after the release of CentOS 8 (CentOS accounts for
17% of Linux servers
https://w3techs.com/technologies/details/os-linux/all/all ).
Distributions:
* no impact on Ubuntu, Fedora, Alpine, OpenWRT, FreeBSD, OpenSuze,
Mageia, as all active versions have PHP > 7
* no impact on OpenSuze, Synology, as all active versions have PHP > 5.5
* we drop Debian 8 Jessie (-2020) - we keep supporting Debian 9 Stretch
(2017-06) - current is Debian 10 Buster
* we drop Red Hat 7 (-2024) - we keep supporting RHEL 8 (2019-05)
* we drop CentOS 7 (-2024) - we will support CentOS 8 (to be released
soonish)
When dropping older versions, I can better like when it is for a good
reason, and there is actually one with PHP 5.5, namely generators
(yield) https://php.net/language.generators.overview which I consider
using.
* Version note for JSON.php
* hex2bin
* Update .travis.yml
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
* Don't manually pull the base image
* Remove sudo before each docker
cause the user is usually added to the docker group
If not you can read it up here:
https://docs.docker.com/install/linux/linux-postinstall/
* Simplify cd
* Add Minz_View::_path method (replace change_view)
The `_path` method is more powerful since it allows to choose the file
extension. It is also Minz_Request-agnostic, which is useful to reuse
the Minz_View class in other places.
`change_view` is now deprecated and a warning is logged if we use it.
* Provide a Minz_Mailer to send emails
It uses PHPMailer under the hood and only supports PHP >= 5.5
* [CI] Run stylelint
Perform some basic CSS sanity checking and style enforcement.
I removed vendor prefixed linear-gradient and transform because those are from the IE9 era. With IE11 as a minimum and soon obsolete requirement it doesn't make much sense anymore.
* Remove as-link override
* Don't require newline after comment
* Also apply those newline rules to SCSS
* refine opening/closing braces, allow for single-line
The access was checked several times in some actions and had incoherent
behaviours. Also, the `firstAction` condition was a bit tricky to
understand.
This PR duplicates conditions across all the controller actions and
remove the `firstAction` which becomes useless.
