mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-03-11 10:59:30 -04:00
Code Issues Packages Projects Releases Wiki Activity
6,948 Commits 3 Branches 84 Tags
b07ec816b023c911f76c4149d00a2ffbdcab1d16
Commit Graph

6948 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michael Meier
b07ec816b0 Switch to using CURLOPT_ACCEPT_ENCODING instead of the deprecated CURLOPT_ENCODING (#8376) 
* Replace deprecated CURLOPT_ENCODING

The CURLOPT_ENCODING setting has been deprecated in favor of
CURLOPT_ACCEPT_ENCODING.

Signed-off-by: Michael Meier <mmeier1986@gmail.com>

* Sync with our SimplePie fork PR
https://github.com/FreshRSS/simplepie/pull/67
https://github.com/simplepie/simplepie/pull/960
https://github.com/simplepie/simplepie/pull/962

* Our SimplePie PR merged

---------

Signed-off-by: Michael Meier <mmeier1986@gmail.com>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2026-01-03 18:43:15 +01:00
Bartłomiej Dmitruk
26c1102567 Merge commit from fork 
* Fix Path Traversal vulnerability in UserDAO methods

* Add tests and changelog for UserDAO path traversal fix

* make fix-all

* Fix PHPStan

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2026-01-03 18:09:44 +01:00
Alexandre Alapetite
15814cfd35 Add remote user in Apache logs, also for API (#8392) 
* API: add remote user in Apache logs
fix https://github.com/FreshRSS/FreshRSS/discussions/8385

Example:
```
2026-01-01T18:38:28.645486326Z 0.0.0.0 - alex [01/Jan/2026:19:38:28 +0100] "GET /api/greader.php/reader/api/0/subscription/list?output=json HTTP/1.1" 200 9798 "-" "curl/8.14.1"
```

* Fallback mod_rewrite

* Log remote user with same priority as FreshRSS_http_Util::httpAuthUser()
 2026-01-03 17:48:33 +01:00
Alexandre Alapetite
2527033057 Fix unwanted expansion of user queries in some cases (#8395) 
fix https://github.com/FreshRSS/FreshRSS/issues/8378
 2026-01-03 16:52:33 +01:00
Alexandre Alapetite
f0769d6e55 Changelog 2026-01-02 15:45:27 +01:00
dependabot[bot]
8aae2f6365 Bump markdownlint-cli from 0.46.0 to 0.47.0 (#8388) 
Bumps [markdownlint-cli](https://github.com/igorshubovych/markdownlint-cli) from 0.46.0 to 0.47.0.
- [Release notes](https://github.com/igorshubovych/markdownlint-cli/releases)
- [Commits](https://github.com/igorshubovych/markdownlint-cli/compare/v0.46.0...v0.47.0)

---
updated-dependencies:
- dependency-name: markdownlint-cli
  dependency-version: 0.47.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 20:12:02 +01:00
dependabot[bot]
eb1ebf1b6f Bump the eslint group across 1 directory with 3 updates (#8393) 
Bumps the eslint group with 2 updates in the / directory: [eslint](https://github.com/eslint/eslint) and [globals](https://github.com/sindresorhus/globals).


Updates `eslint` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/compare/v9.39.1...v9.39.2)

Updates `@eslint/js` from 9.39.1 to 9.39.2
- [Release notes](https://github.com/eslint/eslint/releases)
- [Commits](https://github.com/eslint/eslint/commits/v9.39.2/packages/js)

Updates `globals` from 16.5.0 to 17.0.0
- [Release notes](https://github.com/sindresorhus/globals/releases)
- [Commits](https://github.com/sindresorhus/globals/compare/v16.5.0...v17.0.0)

---
updated-dependencies:
- dependency-name: eslint
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: "@eslint/js"
  dependency-version: 9.39.2
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: eslint
- dependency-name: globals
  dependency-version: 17.0.0
  dependency-type: direct:development
  update-type: version-update:semver-major
  dependency-group: eslint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 19:50:35 +01:00
dependabot[bot]
cc1457ea2c Bump ruby/setup-ruby from 1.268.0 to 1.278.0 (#8390) 
* Bump ruby/setup-ruby from 1.268.0 to 1.278.0

Bumps [ruby/setup-ruby](https://github.com/ruby/setup-ruby) from 1.268.0 to 1.278.0.
- [Release notes](https://github.com/ruby/setup-ruby/releases)
- [Changelog](https://github.com/ruby/setup-ruby/blob/master/release.rb)
- [Commits](8aeb6ff803...4c24fa5ec0)

---
updated-dependencies:
- dependency-name: ruby/setup-ruby
  dependency-version: 1.278.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Remove comment with link to release tag

Not worth updating every time dependabot makes a commit

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Inverle <inverle@proton.me>
 2026-01-01 19:48:18 +01:00
dependabot[bot]
f91f582698 Bump stylelint-order from 7.0.0 to 7.0.1 in the stylelint group (#8387) 
Bumps the stylelint group with 1 update: [stylelint-order](https://github.com/hudochenkov/stylelint-order).


Updates `stylelint-order` from 7.0.0 to 7.0.1
- [Release notes](https://github.com/hudochenkov/stylelint-order/releases)
- [Changelog](https://github.com/hudochenkov/stylelint-order/blob/master/CHANGELOG.md)
- [Commits](https://github.com/hudochenkov/stylelint-order/compare/7.0.0...7.0.1)

---
updated-dependencies:
- dependency-name: stylelint-order
  dependency-version: 7.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: stylelint
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 19:47:16 +01:00
dependabot[bot]
99078d503b Bump phpstan/phpstan-phpunit from 2.0.10 to 2.0.11 (#8389) 
Bumps [phpstan/phpstan-phpunit](https://github.com/phpstan/phpstan-phpunit) from 2.0.10 to 2.0.11.
- [Release notes](https://github.com/phpstan/phpstan-phpunit/releases)
- [Commits](https://github.com/phpstan/phpstan-phpunit/compare/2.0.10...2.0.11)

---
updated-dependencies:
- dependency-name: phpstan/phpstan-phpunit
  dependency-version: 2.0.11
  dependency-type: direct:development
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 19:46:57 +01:00
dependabot[bot]
353025719e Bump actions/cache from 4 to 5 (#8391) 
Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](https://github.com/actions/cache/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2026-01-01 19:46:22 +01:00
Rob Loach
1e5ab5d7b7 changelog: Add entry for updated .gitignore (#8380) 
* changelog: Add entry for updated .gitignore

Adds an entry for https://github.com/FreshRSS/FreshRSS/pull/8372

* Fix Markdown

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-12-31 20:45:48 +01:00
Rob Loach
0754b4a53a gitignore: Ignore all the installed extensions (#8372) 
Have the `extensions/.gitignore` ignore all installed extensions so that they don't show up in `git status`
 2025-12-31 11:51:02 +01:00
Inverle
19bdfc0267 Fix refreshing feeds with token while anonymous refresh is disabled (#8371) 
Closes https://github.com/FreshRSS/FreshRSS/issues/8369
Regression from https://github.com/FreshRSS/FreshRSS/pull/8165
 2025-12-30 23:41:09 +01:00
Alexandre Alapetite
579f945af7 Fix encoding of filter actions for labels (#8368) 
fix https://github.com/FreshRSS/FreshRSS/issues/8367
Forgotten from https://github.com/FreshRSS/FreshRSS/pull/8324
 2025-12-29 15:29:46 +01:00
Alexandre Alapetite
7c0370b4ea Do not include hidden feeds when counting unread articles in categories (#8357) 
fix https://github.com/FreshRSS/FreshRSS/issues/8347
 2025-12-27 16:26:02 +01:00
Alexandre Alapetite
40533684bb Changelog 2025-12-26 20:27:31 +01:00
Alexandre Alapetite
b8c955583c Speed: disable labels count for Ajax requests (#8352) 
fix https://github.com/FreshRSS/FreshRSS/issues/8342
 2025-12-26 09:47:36 +01:00
Alexandre Alapetite
6fb5263633 DB: auto-add lastUserModified column also during markRead (#8346) 
fix https://github.com/FreshRSS/FreshRSS/issues/8345
 2025-12-25 11:31:07 +01:00
Alexandre Alapetite
ae2ab45266 Handle fetch of text/plain as <pre> (#8340) 
* Handle fetch of text/plain as <pre>
fix https://github.com/FreshRSS/FreshRSS/issues/8328

* class="text-plain"
 2025-12-24 21:38:38 +01:00
Inverle
7e5d2d0727 Change Content-Disposition: inline to attachment in f.php (#8344) 
Some [misconfigured instances](https://github.com/FreshRSS/FreshRSS/issues/7835) may be stripping out the CSP header that `f.php` sends, which can be mitigated by forcing the browser to download the image instead of displaying it and executing JS code from unsanitized SVGs for example.

Contributes to https://github.com/FreshRSS/FreshRSS/pull/8263 and https://github.com/FreshRSS/FreshRSS/pull/7924
(improving security when CSP is not present)
 2025-12-24 21:35:34 +01:00
Alexandre Alapetite
3b7ce27be4 Start 1.28.1-dev 🎄 2025-12-24 20:28:59 +01:00
Alexandre Alapetite
fdd82820f1 Release 1.28.0 🎄 1.28.0 2025-12-24 20:01:47 +01:00
Alexandre Alapetite
00c61cf34c Fix serialisation of dates in searches (#8341) 
Dates should not be expanded/resolved in string serialisations of search expressions, as it otherwise break relative user queries such as `P30D`.
Fix of https://github.com/FreshRSS/FreshRSS/pull/8293
 2025-12-24 01:19:06 +01:00
Alexandre Alapetite
3cd7168612 Capy Reader update (#8339) 
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8184
One more  for synchronisation, which has become better.
✔️ User labels properly implemented https://github.com/jocmp/capyreader/issues/786#issuecomment-3685125608
First client to pass all my criteria since defunct News+.
 2025-12-23 11:59:36 +01:00
Alexandre Alapetite
6d57a9de47 Fix parsing of literal "or" in regex (#8338) 
fix https://github.com/FreshRSS/FreshRSS/issues/7879
 2025-12-23 11:58:51 +01:00
Alexandre Alapetite
cf3ca70765 Changelog 2025-12-21 21:29:34 +01:00
Alexandre Alapetite
1a3912f25a Improve configuration checks (#8334) 
Add a distinction between recommended and required extensions.
Add check for recommended php-intl extension as follow-up of https://github.com/FreshRSS/FreshRSS/pull/8329#issuecomment-3677686581
Improve related checks such as ZIP.
Reduce duplicated translations and tests.
 2025-12-21 19:26:08 +01:00
Inverle
672411ca70 Fix dropdown menus in sidebar going under the navigation bar (#8336) 
Missed in #8335 because I was testing without having the navigation bar enabled.

<img width="674" height="198" alt="image" src="https://github.com/user-attachments/assets/a1db7f95-f1d9-47e5-a572-20892e6c7abc" />
 2025-12-21 15:37:23 +01:00
Inverle
f387abe2c4 Display sidebar dropdowns above if no space below (#8335) 
Closes https://github.com/FreshRSS/FreshRSS/issues/7801
 2025-12-21 14:02:27 +01:00
Alexandre Alapetite
af1e5cb9bc More uniform SQL search and PHP search (#8329) 
* More uniform SQL search and PHP search
The behaviour depends though on the database.
Improve https://github.com/FreshRSS/FreshRSS/discussions/8265#discussioncomment-15278980

* Try to use transliterator_transliterate function instead
 2025-12-20 11:06:39 +01:00
stag
f71636955f Add stag-enterprises to credits (#8331) 
https://github.com/FreshRSS/FreshRSS/pull/8330#issuecomment-3667491619
 2025-12-18 15:17:52 +01:00
stag
43a8e1e2d9 Allow negative category sort numbers (#8330) 
Closes https://github.com/FreshRSS/FreshRSS/issues/8304
Remove the min=1 attribute so negative numbers can be used to force categories to the bottom
 2025-12-17 23:46:03 +01:00
Alexandre Alapetite
00cd5df294 Use native PHP #[Deprecated] (#8325) 
https://php.watch/versions/8.4/Deprecated
And enfore it with PHPUnit + PHPStan.
Especially useful for extensions.
 2025-12-17 10:11:18 +01:00
Alexandre Alapetite
4bd5035914 Rework encoding of search filters (#8324) 
Rework:
* https://github.com/FreshRSS/FreshRSS/pull/8222

now that we have:
* https://github.com/FreshRSS/FreshRSS/pull/8293

Follow-up of:
* https://github.com/FreshRSS/FreshRSS/pull/8311

* More simplification

* Deprecate getRawInput
 2025-12-17 10:07:52 +01:00
Alexandre Alapetite
6952a13958 Handle null in base64_encode (#8321) 
* Handle null in base64_encode
https://github.com/FreshRSS/FreshRSS/discussions/8314#discussioncomment-15269370

* PHPDoc
 2025-12-16 18:53:00 +01:00
Alexandre Alapetite
1c50193644 Fix array unique gaps (#8322) 
https://github.com/FreshRSS/FreshRSS/discussions/8265#discussioncomment-15270212
 2025-12-16 17:52:16 +01:00
Alexandre Alapetite
73debc1a31 Changelog 2025-12-16 11:34:59 +01:00
Alexandre Alapetite
493bb88535 Safer handling of DB null content (#8319) 
https://github.com/FreshRSS/FreshRSS/discussions/8314#discussioncomment-15261119
 2025-12-16 10:48:20 +01:00
Andy Valencia
19666d70ed Bump to API level 4 for Fever; add with_ids so we can mass-change rea… (#8312) 
* Bump to API level 4 for Fever; add with_ids so we can mass-change read/unread/saved/unsaved on lists of articles.
As discussed in https://github.com/FreshRSS/FreshRSS/issues/8305

A small enhancement to the Fever API to vastly increase efficiency when bulk marking items.
-

How to test the feature manually:

The client at:

https://sources.vsta.org:7100/FeedMonkey/file?name=js/Fever.js&ci=tip

has code to talk to this API enhancement (when the API level says it's supported).  In particular walkArticles().

* Update indentation per PR check on Github

* make fix-all

* Line length

* Fix many typing issues

* is_numeric

* Update comment

---------

Co-authored-by: Andy Valencia <ajv-899-334-8894@vsta.org>
Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-12-16 08:36:29 +01:00
Alexandre Alapetite
476e57b046 Reverse hash and nonce (#8320) 
Safer password evaluation
 2025-12-15 22:06:05 +01:00
Alexandre Alapetite
00f2f043ac GitHub Actions: --no-progress (#8315) 2025-12-15 15:12:36 +01:00
Inverle
36118117f0 Improve scrolling into filter in sidebar (#8307) 
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8281

todo:
* [x] Include labels (prefix `t_`) too
* [x] Keep sidebar scrollTop when using the nav menu
* [ ] ~~Make this work in the reader view's sidebar too~~ for separate PR
* [x] Prevent whole page from scrolling on `scrollIntoView()` call, just scroll in the sidebar (probably related: https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3647414618)

This TODO will be done in a separate PR since it requires optimizing the sidebar toggle code.
edit: it does work on Chrome already though, but only if `#stream` isn't too large / breaks randomly (Firefox is slower it seems)
 2025-12-15 15:12:12 +01:00
Zexin Yuan
e6cb6e65a4 Improve simplified chinese translation (#8313) 
* Improve simplified chinese translation

* Update translation progress

* Add yzx9 to contributors
 2025-12-13 12:25:14 +01:00
Alexandre Alapetite
4b6127ee04 New links in transitions and jump to next transition (#8294) 
Easier to explain graphically:

<img width="408" height="266" alt="image" src="https://github.com/user-attachments/assets/0e3724a1-155b-4a87-89b3-cfe8a18cb100" />

The jump to next section ⏭ works when the sorting criterion is a date.

Need https://github.com/FreshRSS/FreshRSS/pull/8293
 2025-12-13 11:38:33 +01:00
Alexandre Alapetite
a8a544a2a2 Fix search encoding and quoting (#8311) 
Revised the encoding approach for searches: the HTML encoding is done just before its use for DB search.
Fix also some cases with wrong quoting.
Fix https://github.com/FreshRSS/FreshRSS/pull/8306#issuecomment-3643865439
Follow-up of https://github.com/FreshRSS/FreshRSS/pull/8293
 2025-12-13 11:31:34 +01:00
Alexandre Alapetite
b66d4ade41 Improve Docker + compatibility Arch (#8299) 
* Better comments in our Docker images
* Make `cli/access-permissions.sh` compatible with other Apache groups such as `http` for Linux Arch
* Better `/Docker/entrypoint.sh` supporting various Apache configuration paths (and slightly faster).
* Add test image for Linux Arch (not sure we will keep it)

See
* https://github.com/FreshRSS/FreshRSS/pull/8279#issuecomment-3620674818
 2025-12-12 22:07:19 +01:00
X.
73b37cdebe Translate English phrases to Chinese in gen.php (#8308) 
* Translate English phrases to Chinese in gen.php

* make fix-all

---------

Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
 2025-12-12 08:28:27 +01:00
Alexandre Alapetite
190f8ecaf4 Changelog 
https://github.com/FreshRSS/FreshRSS/pull/8193#issuecomment-3642094344
 2025-12-11 19:30:06 +01:00
Inverle
7dd04b00cf Scroll into filtered feed/category on page load (#8281) 
Previously if you were to go to for example *Subscription management* and filter a feed, the feed wouldn't be visible in a sidebar with lots of feeds, since you'd have to scroll to it first. Now, this is no longer the case.
Note that if the navigation comes from the sidebar itself, the original behavior remains. (scroll into previous `scrollTop` value of sidebar)
Also improves experience of using shift+j/k (see https://github.com/FreshRSS/FreshRSS/pull/8057)
 2025-12-11 18:33:39 +01:00