Having this header leads to errors from sites such as LinkedIn. The usage of this header is also decreasing. Finaly, we were not sending the actual Referer but just the same URL as the one being fetched.
I suggest to remove for now, and see whether anyone needs it, in which case an option would be possible.
* Install CssXPath with composer
* Fix code style in tests
* fix pathnames for tests and linting
* add irrelevant files to .gitignore
* Alphabetic order
* let composer sort the packages alphabetically
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Install PHPMailer 6.5.1 with composer
* Fix folder name for phpmailer
* Update PHPMailer to v6.6.0, add LICENSE and README.md
* remove composer and autoload.php after install/update
* Fix path to PHPMailer for PHPStan
* Remove lib/composer.lock, lock PHPMailer at version 6.6.0
* Improve PSR-4 autoloading for PHPMailer
* Markdownlint ignore
* Delete some obvious comments
* ignores
* Support composer update --no-autoloader
* Automatic cleaning
With rules based on https://github.com/PHPMailer/PHPMailer/blob/master/README.md#minimal-installation
* Readme gitignore hint
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Little bug for cases with single quote in URL such as
```html
<img src="123?format='jpg'" />
```
Could probably be replaced by `loading="lazy"` in the future, and with a better DOM-aware method, for instance during SimplePie `add_attributes()`
* add HTTP_REMOTE_USER header for auth
* add ip whitelist for HTTP_REMOTE_USER header
* add IPv6 support for header auth
* fix formatting
* A few fixes
* Add some default trusted sources
* Fix IPv6 doc
* More standard header names
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* More PHP type hints for Fever
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/4201
Related to https://github.com/FreshRSS/FreshRSS/issues/4200
* Detail
* Draft
* Progress
* More draft
* Fix thumbnail PHP type hint
https://github.com/FreshRSS/FreshRSS/issues/4215
* More types
* A bit more
* Refactor FreshRSS_Entry::fromArray
* Progress
* Starts to work
* Categories
* Fonctional
* Layout update
* Fix relative URLs
* Cache system
* Forgotten files
* Remove a debug line
* Automatic form validation of XPath expressions
* data-leave-validation
* Fix reload action
* Simpler examples
* Fix column type for PostgreSQL
* Enforce HTTP encoding
* Readme
* Fix get full content
* target="_blank"
* gitignore
* htmlspecialchars_utf8
* Implement HTML <base>
And fix/revert `xml:base` support in SimplePie e49c578817
* SimplePie upstream PR merged
https://github.com/simplepie/simplepie/pull/723
* git update auto change to edge branch
For existing installations using automatic git update, checkout *edge* branch if it was still using *master* or *dev*.
* One more prune
* Fix several small issues
* theirs does not work here
* Use migration mechanism
* Better handling of Migration errors
* Test details
* Fix tests
* Do not use new migration system for now
Before, only standard shortcuts were supported. When other shortcuts were
configured, they were filtered out.
Now, those shortcuts are stored in the configuration and an alert message
is displayed to alert the user that he is using non-standard shortcuts.
See #3481
* Update Travis line length
* Also check whitespace in CSS files
* Fix line length ext.php
* More syntax, string templates
* Fix exclude-pattern
* Test JS files as well
Fix regression from https://github.com/FreshRSS/FreshRSS/pull/3407
Identifier must not be indented
PHP 5.6.36 (cli) (built: Apr 28 2018 21:14:51)
Copyright (c) 1997-2016 The PHP Group
Zend Engine v2.6.0, Copyright (c) 1998-2016 Zend Technologies
with Zend OPcache v7.0.6-dev, Copyright (c) 1999-2016, by Zend
Technologies
PHP Parse error: syntax error, unexpected end of file in
lib/lib_rss.php on line 608
Errors parsing lib/lib_rss.php
* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
* Better error message
* inconsistent dot with the other message
* Better error message
* add errorMessage()
* fix style
* html escape the error title
* also html escape error message
* remove spaces before parentheses
* rework the error message
* Minz-friendly
* Update message
Do not advise running this script as wrong user
* Update lib/lib_rss.php
Co-authored-by: Martin <spleefer90@gmail.com>
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Add constant for PHP requirements
This new constant is used for PHP version check.
This way, we won't forget to modify some part of the code base.
* Remove PHP version checks
Some checks were obsolete because they were checking unsupported
PHP versions.
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
* Extract autoloading process
The process sits in its own file now to ease future improvements.
* Change the autoload process
Before, the autoload process was too restricted. It was really dependant on our
code tree. It was hard to add more classes to be loaded automatically. On top
of that, it did not support autoloading classes following the PSR-4 recommendation.
Now, the autoload process is more open. It supports partially the PSR-4 recommendation,
there is no specific code to load Minz classes or PHPMailer classes. This is the
starting point to reorganize the codebase to introduce long waiting changes as seen
in #789. It would be a nice to later rework the tree, rename classes, and add namespace
in a fashion that follows the PSR-4. Then specific FRSS workarounds in the autoload
could be dropped.
When the user do not want to use a shortcut, he can let the shortcut value
empty. This will save an empty configuration thus disabling the shortcut.
The load default action allows to use default shortcut only for disabled
shortcuts.
See #3110
* Fix wrong getHeader refactoring
Fix regression introduced by
https://github.com/FreshRSS/FreshRSS/pull/2373
The refactoring required a call to init() even for static functions,
which is most of the time not done.
Removed premature abstraction of `$_SERVER`, which was the root cause of
the bug.
https://github.com/FreshRSS/FreshRSS/issues/2748#issuecomment-569898931
* Refactoring: Move serverIsPublic to Minz_Request
* Add mitigations for wrong configurations
Due to the regression, we have some existing configurations with a bad
base_url
* Forgot one instance
* Fix logging environment constants
* COPY_LOG_TO_SYSLOG was only working when Syslog was used
* FRESHRSS_ENV was not properly used to set logging level
* Simplify code
Always call `openlog()` even when it is not used
* Always specify syslog properties
https://github.com/FreshRSS/FreshRSS/pull/2745#discussion_r362207445
* $username is also needed further down
* No new line in syslog
