* bump default logout from 30 to 365 days
* * Change cookie duration to constant
* Change cookie duration to three months
* use class
* use 90 days (otherwise login form says 91.3 days)
* change class
* also this works now
* Better error message
* inconsistent dot with the other message
* Better error message
* add errorMessage()
* fix style
* html escape the error title
* also html escape error message
* remove spaces before parentheses
* rework the error message
* Minz-friendly
* Update message
Do not advise running this script as wrong user
* Update lib/lib_rss.php
Co-authored-by: Martin <spleefer90@gmail.com>
Co-authored-by: Martin Rys <martin@rys.pw>
Co-authored-by: Frans de Jonge <fransdejonge@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
This will simplify extension code by removing a lot of logic from
the extension itself when it's not needed. I've tested it on one
of my extension with all the other recent extension modifications
and I could remove half of the code needed before.
Before, only one extension could be configured at a time. Thus we
were loosing the configuration for other extensions when saving.
Now, each extension can be saved without overriding data.
See #3397
Before, the extension configuration was handled by its author. There
was discrepancies between extensions on how the configuration was
stored.
Now, we could rely on a single way of storing configuration. This won't
invalidate how the extensions are storing their configuration but will
allow authors to focus on what is important.
* Add constant for PHP requirements
This new constant is used for PHP version check.
This way, we won't forget to modify some part of the code base.
* Remove PHP version checks
Some checks were obsolete because they were checking unsupported
PHP versions.
* Possiblity to autoinstall in Docker Compose
#fix https://github.com/FreshRSS/FreshRSS/issues/3349
It is simply calling our existing CLI: do-install.php and
create-user.php
https://github.com/FreshRSS/FreshRSS/tree/master/cli
FreshRSS will typically be ready a few seconds before the database, so
introduce a tolerance when the database is not available / up (yet) by
trying a few times to connect. Also useful to avoid service interruption
when DB service is restarted.
Example:
```yml
freshrss-app:
image: freshrss/freshrss
container_name:
freshrss-app
hostname: freshrss-app
restart: unless-stopped
ports:
- "8080:80"
depends_on:
- freshrss-db
volumes:
- data:/var/www/FreshRSS/data
-
extensions:/var/www/FreshRSS/extensions
environment:
CRON_MIN:
'*/20'
FRESHRSS_ENV: development
FRESHRSS_INSTALL: |-
--api_enabled
--base_url https://rss.example.net
--db-base freshrss
--db-host freshrss-db
--db-password
freshrss
--db-type pgsql
--db-user freshrss
--default_user admin
--language en
FRESHRSS_USER: |-
--api_password freshrss
--email user@example.net
--language en
--password freshrss
--user admin
TZ:
Europe/Paris
```
* Minor type f in find
* shellcheck
When an extension defines an `autoload` method, it will be registered
automatically before enabling the extension.
For the extension creator, it's easier because there is no need to
register it manually.
* add two new hooks
I develop a new extension and i need 2 new hooks for it
* update EN documentation
* Correct typing errors
* Update app/views/helpers/javascript_vars.phtml
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Before, there were some guidelines on how to use the extension class and how to extend it. Those guidelines were defined as comments.
Now, those guidelines are enforced by the code itself. There is no need for those comments anymore.
Extensions must override some parent methods. The rule is just a
guideline because only described in comments. The idea is to
deprecate that flexibility and add it to the code. To warn users
beforehand, we log error message regarding incomplete extensions.
See #3333
Before, when clicking on the author link, the search was done on the
main stream in the normal view. It's fine until the feed is not visible
in the main stream.
Now, the current context is used along with the search.
See #3314
* Avoid manual intialisations of system or user configuration
More consistent use of Context
* Simplify FreshRSS_Context::initUser
* Remove a few manual get_user_configuration
* A bit of debugging
* Fix context user init
* Fix install
* Fix concurrency
Concurrent requests could lead to bad race condition
* Fix actualize cron
Fix case when system i initialised several times
Before, the temp path was not check during install. With some configuration,
FRSS was not working because of a non-writable temp directory. It happened
with XAMPP on MacOS X but it might be the case for other platforms.
Now, the temp path is checked during install to make sure it is writable.
See #3310
As FRSS always comes with Minz, there is no need to validate that
it is there during install. If it turns out we need to validate that,
we might need to validate other libraries as well.
Before, we had 5 classes in the ModelPdo file. It was bad for 2 reasons.
The first reason is that it is considered bad practice to have multiple
class in one file. This is especially true when using autoloading. On top
of that it is less readable considering the size of the file. The second
reason is that so far we were lucky. Everytime we needed to access the
database, it was through the ModelPdo class which loads all the other
classes. If we want to access directly the connection, it wont be loaded.
On top of that, the system is configured to work on a single database,
but as we have every connection definition in a single file, all classes
were loaded at the same time. Thus using memory and processing time for
nothing.
Now, we have a file for each class. To work with autoloading, classes
were slightly renamed to match autoloading rules.
Before, we had 5 classes in the ModelPdo file. It was bad for 2 reasons.
The first reason is that it is considered bad practice to have multiple
class in one file. This is especially true when using autoloading. On top
of that it is less readable considering the size of the file. The second
reason is that so far we were lucky. Everytime we needed to access the
database, it was through the ModelPdo class which loads all the other
classes. If we want to access directly the connection, it wont be loaded.
On top of that, the system is configured to work on a single database,
but as we have every connection definition in a single file, all classes
were loaded at the same time. Thus using memory and processing time for
nothing.
Now, we have a file for each class. To work with autoloading, classes
were slightly renamed to match autoloading rules.
* Extract autoloading process
The process sits in its own file now to ease future improvements.
* Change the autoload process
Before, the autoload process was too restricted. It was really dependant on our
code tree. It was hard to add more classes to be loaded automatically. On top
of that, it did not support autoloading classes following the PSR-4 recommendation.
Now, the autoload process is more open. It supports partially the PSR-4 recommendation,
there is no specific code to load Minz classes or PHPMailer classes. This is the
starting point to reorganize the codebase to introduce long waiting changes as seen
in #789. It would be a nice to later rework the tree, rename classes, and add namespace
in a fashion that follows the PSR-4. Then specific FRSS workarounds in the autoload
could be dropped.
* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
* Minz: support PHP8 lint
Fix PHP8 Fatal error: Declaration of MinzPDO::query($statement) must be
compatible with PDO::query(string $query, ?int $fetch_mode = null, mixed
...$fetch_mode_args) in /FreshRSS/lib/Minz/ModelPdo.php on line 159
Errors parsing /FreshRSS/lib/Minz/ModelPdo.php
* Fix argument name
* Please phpcs in Travis
* Update to support PHP 8
Replaced create_function calls with anonymous functions in lib/lib_phpQuery.php
Ref Issue: #3082
* Remove commented code blocks
* White space
* More PHP8 fixes
Fix: Fatal error: Array and string offset access syntax with curly
braces is no longer supported in /FreshRSS/lib/lib_phpQuery.php on line
2174, etc.
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* SimplePie: Fix HTTP 301 permanent redirection
When adding feeds it worked fine, but detecting permanent redirects for
existing feeds was sometimes broken (only when PHP open_basedir was not
set).
Indeed, using the built-in CURLOPT_FOLLOWLOCATION instead of the manual
method in SimplePie hides the list of HTTP redirects along the way, and
prevents the distinction of e.g. 301 vs. 302 redirects.
This patch disables CURLOPT_FOLLOWLOCATION in SimplePie, and fixes the
manual method at the same time.
The use of CURLOPT_FOLLOWLOCATION was nevertheless not systematic (only
when open_basedir was not set), so now there is only one logic
independent of open_basedir.
I will send a PR upstream to SimplePie.
How to test: pick a feed with 301 redirection such as HTTP to HTTPS,
e.g. http://ing.dk/rss/term/341
Manually change back to previous address (to simulate a feed that is
changing address)
Refresh feed and observe whether the 301 redirect is obeyed.
* Wrong blank
When the user do not want to use a shortcut, he can let the shortcut value
empty. This will save an empty configuration thus disabling the shortcut.
The load default action allows to use default shortcut only for disabled
shortcuts.
See #3110
`file_put_contents` can return 0 if there’s nothing to write in the
`applied_migrations.txt` file, which is equivalent to `false`. Since
there are no migrations yet, this is what happens. Because this value
(i.e. `0`) is tested next in the `app/install.php` file, the install
script was failing.
* Add a Minz_Migrator class
Until now, we updated the database structure somewhere in the code but
it wasn't always consistent and somehow complicated to find. Also, this
code was always checked for nothing.
The Migrator aims to improve and ease the creation of migrations. It
should improve the way we apply the updates, making the update server
almost useless.
References:
- example of migration (before Migrator): cc0db9af4f (diff-11a53443fa81512b128c66b065df0679R10)
- update server: https://github.com/FreshRSS/update.freshrss.org
- PR moving the code of the update server to the core: https://github.com/FreshRSS/FreshRSS/pull/1760
* Automatically apply migrations
For now, administrators are used to have nothing to do during an update
else than getting the new code. I suggest to keep this behaviour and
automatically apply migrations if we detect new ones.
Another solution would be to create a CLI command and ask admins to call
it after getting the new code. It could hide migrations errors to end
users, but admin can forget to apply migrations since there are not used
to it.
* Add documentation for Minz Migrator
* Execute migrations even if next ones are applied
* Change mechanism to prevent multiple update at once
* Use mkdir to create the lock and to test it exists
Reference: https://stackoverflow.com/a/731634
* Append .lock to applied_migrations_path
There are no needs to define another file to serve as a lock.
* Change migrations naming convention
* Apply suggestions from code review
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Perform a low-cost migration versions comparaison
* Clarify version numbers concerning the migration system
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Before, when the user was not logged in, pages where translated with the '_' user language.
Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.
* Fix PostgreSQL database auto-create with limited rights
#fix https://github.com/FreshRSS/FreshRSS/issues/3009
Install would fail if the user is not even allowed to connect to the default `postgres` database.
* Confused by custom Minz_PDOConnectionException
* New core-extensions to allow Docker volumes for third-party extensions
#Fix https://github.com/FreshRSS/FreshRSS/issues/2650
Split our extensions directory into two:
1) Core extensions shipped with FreshRSS in ./lib/core-extensions/
2) Third-party extensions modified by end-users in ./extensions/ which
can easily be mounted as a Docker volume
* Example of Docker Compose with extensions
* Back-compatibility + fix array merge bug
