* Minz allow parallel sessions
#fix https://github.com/FreshRSS/FreshRSS/issues/3093
* Array optimisation
* Array optimisation missing
* Reduce direct access to $_SESSION except in install process
* Fix session start headers warning
* Use cookie only the first time the session is started:
`PHP Warning: session_start(): Cannot start session when headers
already sent in /var/www/FreshRSS/lib/Minz/Session.php on line 39`
* New concept of volatile session for API calls
Optimisation: do not use cookies or local storage at all for API calls
without a Web session
Fix warning:
```
PHP Warning: session_destroy(): Trying to destroy uninitialized session
in Unknown on line 0
```
* Only call Minz_Session::init once in our index
It was called twice (once indirectly via FreshRSS->init())
* Whitespace
* Mutex for notifications
Implement mutex for notifications
https://github.com/FreshRSS/FreshRSS/pull/3208#discussion_r499509809
* Typo
* Install script is not ready for using Minz_Session
* Minz: support PHP8 lint
Fix PHP8 Fatal error: Declaration of MinzPDO::query($statement) must be
compatible with PDO::query(string $query, ?int $fetch_mode = null, mixed
...$fetch_mode_args) in /FreshRSS/lib/Minz/ModelPdo.php on line 159
Errors parsing /FreshRSS/lib/Minz/ModelPdo.php
* Fix argument name
* Please phpcs in Travis
* Update to support PHP 8
Replaced create_function calls with anonymous functions in lib/lib_phpQuery.php
Ref Issue: #3082
* Remove commented code blocks
* White space
* More PHP8 fixes
Fix: Fatal error: Array and string offset access syntax with curly
braces is no longer supported in /FreshRSS/lib/lib_phpQuery.php on line
2174, etc.
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* SimplePie: Fix HTTP 301 permanent redirection
When adding feeds it worked fine, but detecting permanent redirects for
existing feeds was sometimes broken (only when PHP open_basedir was not
set).
Indeed, using the built-in CURLOPT_FOLLOWLOCATION instead of the manual
method in SimplePie hides the list of HTTP redirects along the way, and
prevents the distinction of e.g. 301 vs. 302 redirects.
This patch disables CURLOPT_FOLLOWLOCATION in SimplePie, and fixes the
manual method at the same time.
The use of CURLOPT_FOLLOWLOCATION was nevertheless not systematic (only
when open_basedir was not set), so now there is only one logic
independent of open_basedir.
I will send a PR upstream to SimplePie.
How to test: pick a feed with 301 redirection such as HTTP to HTTPS,
e.g. http://ing.dk/rss/term/341
Manually change back to previous address (to simulate a feed that is
changing address)
Refresh feed and observe whether the 301 redirect is obeyed.
* Wrong blank
When the user do not want to use a shortcut, he can let the shortcut value
empty. This will save an empty configuration thus disabling the shortcut.
The load default action allows to use default shortcut only for disabled
shortcuts.
See #3110
`file_put_contents` can return 0 if there’s nothing to write in the
`applied_migrations.txt` file, which is equivalent to `false`. Since
there are no migrations yet, this is what happens. Because this value
(i.e. `0`) is tested next in the `app/install.php` file, the install
script was failing.
* Add a Minz_Migrator class
Until now, we updated the database structure somewhere in the code but
it wasn't always consistent and somehow complicated to find. Also, this
code was always checked for nothing.
The Migrator aims to improve and ease the creation of migrations. It
should improve the way we apply the updates, making the update server
almost useless.
References:
- example of migration (before Migrator): cc0db9af4f (diff-11a53443fa81512b128c66b065df0679R10)
- update server: https://github.com/FreshRSS/update.freshrss.org
- PR moving the code of the update server to the core: https://github.com/FreshRSS/FreshRSS/pull/1760
* Automatically apply migrations
For now, administrators are used to have nothing to do during an update
else than getting the new code. I suggest to keep this behaviour and
automatically apply migrations if we detect new ones.
Another solution would be to create a CLI command and ask admins to call
it after getting the new code. It could hide migrations errors to end
users, but admin can forget to apply migrations since there are not used
to it.
* Add documentation for Minz Migrator
* Execute migrations even if next ones are applied
* Change mechanism to prevent multiple update at once
* Use mkdir to create the lock and to test it exists
Reference: https://stackoverflow.com/a/731634
* Append .lock to applied_migrations_path
There are no needs to define another file to serve as a lock.
* Change migrations naming convention
* Apply suggestions from code review
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Perform a low-cost migration versions comparaison
* Clarify version numbers concerning the migration system
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
Before, when the user was not logged in, pages where translated with the '_' user language.
Now, they are translated with the user preferred language if there is one supported by FreshRSS or with the system default language.
* Fix PostgreSQL database auto-create with limited rights
#fix https://github.com/FreshRSS/FreshRSS/issues/3009
Install would fail if the user is not even allowed to connect to the default `postgres` database.
* Confused by custom Minz_PDOConnectionException
* New core-extensions to allow Docker volumes for third-party extensions
#Fix https://github.com/FreshRSS/FreshRSS/issues/2650
Split our extensions directory into two:
1) Core extensions shipped with FreshRSS in ./lib/core-extensions/
2) Third-party extensions modified by end-users in ./extensions/ which
can easily be mounted as a Docker volume
* Example of Docker Compose with extensions
* Back-compatibility + fix array merge bug
* Fix wrong getHeader refactoring
Fix regression introduced by
https://github.com/FreshRSS/FreshRSS/pull/2373
The refactoring required a call to init() even for static functions,
which is most of the time not done.
Removed premature abstraction of `$_SERVER`, which was the root cause of
the bug.
https://github.com/FreshRSS/FreshRSS/issues/2748#issuecomment-569898931
* Refactoring: Move serverIsPublic to Minz_Request
* Add mitigations for wrong configurations
Due to the regression, we have some existing configurations with a bad
base_url
* Forgot one instance
* Fix logging environment constants
* COPY_LOG_TO_SYSLOG was only working when Syslog was used
* FRESHRSS_ENV was not properly used to set logging level
* Simplify code
Always call `openlog()` even when it is not used
* Always specify syslog properties
https://github.com/FreshRSS/FreshRSS/pull/2745#discussion_r362207445
* $username is also needed further down
* No new line in syslog
For a moment, PHP wasn't able to connect to my database. I tried to
understand what happened, unfortunately, the logs were not very helpful
(it basically showed me information that I had in my configuration
file).
I changed the dsn string by the message from the raised exception, I
think it will be more useful.
Other call of Minz_PDOConnectionException are passing error messages
instead of string connection, so I took the opportunity to rename the
constructor argument.
For an extension, I needed to call a script from an external domain.
Unfortunately, the CSP headers didn't allow this domain and I had to
patch manually the FreshRSS FrontController for my extension. It's
obviously not a long-term solution since it has nothing to do in the
core of FRSS, and I don't want to apply this patch manually at each
update.
With this patch, I allow changing the CSP header from inside the
controller actions. It allows extensions to modify headers. It's also an
opportunity to remove a bit of code from the FrontController. I wasn't
happy with the previous implementation anyhow.
Reference: https://github.com/flusio/xExtension-Flus/commit/ed12d56#diff-ff12e33ed31b23bda327499fa6e84eccR143
I split the code into more manageable chunks to make it more readable.
It's now easier to get a grasp on it. In the process, I tried to use
the yoda style notation to avoid unintentional variable assignement.
I also tried to exit early to avoid many "if" levels.
I have also added a better way to handle headers and a way to extract
languages from the request. It will be easier to choose which language
to use for i18n.
* Remove magicQuotesOff (#2697)
Magic quotes have been deprecated since PHP 5.4 and as of PHP 7.4 `get_magic_quotes_gpc()` displays a warning.
* Remove unused Minz_Helper::stripslashes_r
`Minz_Helper::stripslashes_r` is no longer used.
It's last user was `Minz_Request::magicQuotesOff`
* New environment variable COPY_LOG_TO_SYSLOG
False by default.
Makes it easy to monitor all logs from Syslog or STDERR (e.g. docker
logs).
* Suggestion of native constants
* Change archiving config page layout
I've changed some wording and moved actions into a
maintenance section.
* Update purge action
Now we have more control on the purge action. The configuration allows
us to choose what to keep and what to discard in a more precise way.
At the moment, the configuration applies for all feeds.
* Add purge configuration on feed level
Now the extend purge configuration is available on feed level.
It is stored as attributes and will be used in the purge action.
* Update purge action
Now the purge action uses the feed configuration if it exists and
defaults on user configuration if not.
* Add empty option in period list
* Fix configuration warnings
* Add archiving configuration on categories
See #2369
* Add user info back
* Add explanations in UI
* Fixes for SQLite + error + misc.
* Fix invalid feed reference
* Short array syntax
Only for new code, so far
* Fix prefix error
* Query performance, default values
Work in progress
* Fix default values and confirm before leaving
Form cancel and confirm changes before leaving were broken.
And start taking advantage of the short echo syntax `<?= ?>` as we have
moved to PHP 5.4+
* More work
* Tuning SQL
* Fix MariaDB + performance issue
* SQL performance
* Fix SQLite bug
* Fix some attributes JSON encoding bugs
Especially for SQLite export/import
* More uniform, fix bugs
More uniform between global, category, feed settings
* Drop special cases for old articles during refresh
Instead will use lastSeen date with the new archiving logic.
This was generating problems anyway
https://github.com/FreshRSS/FreshRSS/issues/2154
* Draft drop index keep_history
Not needed anymore
* MySQL typo
Now properly tested with MySQL, PostgreSQL, SQLite
* More work for legacy values
Important to avoid overriding user's preference and risking deleting
data erroneously
* Fix PHP 7.3 / 7.4 warnings
@aledeg "Trying to use values of type null, bool, int, float or resource
as an array (such as $null["key"]) will now generate a notice. "
https://php.net/migration74.incompatible
* Reintroduce min articles and take care of legacy parameters
* A few changes forgotten
* Draft of migration + DROP of feed.keep_history
* Fix several errors
And give up using const for SQL to allow multiple database types (and we
cannot redefine a const)
* Add keep_min to categories + factorise archiving logic
* Legacy fix
* Fix bug yield from
* Minor: Use JSON_UNESCAPED_SLASHE for attributes
And make more uniform
* Fix sign and missing variable
* Fine tune the logic
* PDO refactor
* Automatic prefix when using the syntax `_tableName`
* Uniformity: MySQL is now PDO::ATTR_EMULATE_PREPARES = false just like SQLite and PostgreSQL, with consequences such as only one statement per query
* Use PDO methods exec(), query(), prepare() + execute() in a more efficient way
* Remove auto-update SQL code for versions older than FreshRSS 1.5 (3 years old)
* The name of the default category is set in PHP instead of in the DB (simplies SQL and allows changing the name according to the FreshRSS language)
* Rename `->bd` to `->pdo` (less of a frenshism, and more informative)
* Fix some requests, which were not compatible with MySQL prepared statements
* Whitespace
* Fix syntax for PostgreSQL sequences
+ MySQL install
* Minor formatting
* Fix lastInsertId for PostgreSQL
* Use PHP 5.6+ const
Take advantage of https://github.com/FreshRSS/FreshRSS/pull/2527https://www.php.net/manual/en/migration56.new-features.php
* A bit of forgotten PHP 5.6 simplification for cURL
* Forgotten $s
* Mini fix custom user config
https://github.com/FreshRSS/FreshRSS/pull/2490/files#r326290346
* More work on install.php but not finished
* install.php working
* More cleaning of PDO in install
* Even more simplification
Take advantage of PDO->exec() to run multiple statements
* Disallow changing the name of the default category
https://github.com/FreshRSS/FreshRSS/pull/2522#discussion_r326967724
* CLI to export/import any database to/from SQLite
Require PHP 5.5+ https://github.com/FreshRSS/FreshRSS/pull/2495
* Travis
* Execution rights
* Fix wrong static fields
* Fix MySQL bad default buffering
https://stackoverflow.com/questions/6895098/pdo-mysql-memory-consumption-with-large-result-set/6935271#6935271https://php.net/manual/ref.pdo-mysql
* Fix count on progression
* Avoid static DB information
To ease working with two DBs at the same time
* Less static, simplify
Needs some testing
* Small corrections
* Special case for SQLite to SQLite
* Modify special case for SQLite
* Remove special case for SQLite
More uniform logic for the 3 databases.
Fix wrong DROP TABLE for SQLite.
* Drop indexes
* Revert "Drop indexes"
This reverts commit f28d2bae09.
* Fix deletion
* Fix classic export
* Update cli/README.md
Co-Authored-By: Marien Fressinaud <dev@marienfressinaud.fr>
* Addressing part of review
* Remove goto 😢
* Travis
* Comment for SQLite case
* Fix missing fields when inserting
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
