aboutsummaryrefslogtreecommitdiffstatshomepage
Commit message (Collapse)AuthorAge
* HTTP Auth disallow multiple headers (#7528)HEADedgeAlexandre Alapetite26 hours
| | | When using HTTP Auth methods (including OpenID Connect), exactly 1 HTTP header should be received, not more.
* Update CREDITS.md with myself (#7527)Dezponia40 hours
| | | Adding myself to CREDITS.md as requested in PR #7419 comment.
* ChangelogAlexandre Alapetite2 days
|
* Themes fix CSS .as-link (#7526)Alexandre Alapetite2 days
| | | | | | | * Themes fix CSS .as-link Add missing rules. fix https://github.com/FreshRSS/FreshRSS/pull/7489#issuecomment-2781146577 * More fixes
* Changelog minorAlexandre Alapetite3 days
|
* ChangelogAlexandre Alapetite3 days
|
* Improve favicon hash (#7505)Alexandre Alapetite3 days
| | | | | | | | | | | | * Favicon hash proxy Content provided through a proxy may be completely different, so the feed hash must account for that * Fix typing * Hash of Web site in priority for favicons * Continue * Revert some minor changes
* SimplePie: Fix support for feeds with XML preample + DTD (#7515)Alexandre Alapetite11 days
| | | | | | Regression from https://github.com/FreshRSS/FreshRSS/pull/4374 fix: https://github.com/FreshRSS/FreshRSS/issues/7514 https://github.com/FreshRSS/simplepie/pull/35 Upstream PR: https://github.com/simplepie/simplepie/pull/914
* Update CREDITS.md (#7509)Inverle2025-04-14
|
* Update Polish translation (#7508)Inverle2025-04-13
| | | | | | | | | | | * Update Polish translation * corrections * make fix-all --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* SimplePie forbit formaction attribute (#7506)Alexandre Alapetite2025-04-13
| | | Sanitize buttons with a form or formaction attribute.
* Fix regression ext.php (#7499)Alexandre Alapetite2025-04-08
| | | | fix https://github.com/FreshRSS/FreshRSS/issues/7498 Regression from https://github.com/FreshRSS/FreshRSS/pull/7495
* ChangelogAlexandre Alapetite2025-04-07
|
* Secure serving of user files from extensions (#7495)Alexandre Alapetite2025-04-07
| | | | | | | | * Secure serving of user files from extensions fix https://github.com/FreshRSS/FreshRSS/issues/4930 * More fixes * Typo
* Web scraping forbid security headers in cURL (#7496)Alexandre Alapetite2025-04-07
| | | Prevent using `Remote-User`, `X-WebAuth-User` during Web scraping.
* Disallow iframe srcdoc for now (#7494)Alexandre Alapetite2025-04-06
| | | | | We do not sanitize this attribute well enough, so striped for now. It is rarely used: I have not seen any use of it in any of my many test feeds. Can be added back when we can handle its inherent security issues better.
* Use HTTP POST for logout (#7489)Alexandre Alapetite2025-04-05
| | | | | | | | * Use HTTP POST for logout To avoid potential CSRF risks * Fixed button font issue * Minor whitespace
* Add :focus style to .dropdown-menu .item (#7491)Frans de Jonge2025-04-05
| | | | | So you can see keyboard focus. In reply to <https://github.com/FreshRSS/FreshRSS/pull/7489#issuecomment-2774759046>.
* fix regression mapco/ansum theme (#7490)maTh2025-04-03
| | | | | fix of https://github.com/FreshRSS/FreshRSS/pull/7489#discussion_r2023760515 Regression #7314
* Pass phpstan-strict-rules 2.0.4 (#7488)Alexandre Alapetite2025-04-02
| | | | New check for Boolean in while conditions Replace https://github.com/FreshRSS/FreshRSS/pull/7481
* Bump sass from 1.85.1 to 1.86.1 (#7487)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | | Bumps [sass](https://github.com/sass/dart-sass) from 1.85.1 to 1.86.1. - [Release notes](https://github.com/sass/dart-sass/releases) - [Changelog](https://github.com/sass/dart-sass/blob/main/CHANGELOG.md) - [Commits](https://github.com/sass/dart-sass/compare/1.85.1...1.86.1) --- updated-dependencies: - dependency-name: sass dependency-version: 1.86.1 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump stylelint from 16.16.0 to 16.17.0 in the stylelint group (#7486)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | | | | | | Bumps the stylelint group with 1 update: [stylelint](https://github.com/stylelint/stylelint). Updates `stylelint` from 16.16.0 to 16.17.0 - [Release notes](https://github.com/stylelint/stylelint/releases) - [Changelog](https://github.com/stylelint/stylelint/blob/main/CHANGELOG.md) - [Commits](https://github.com/stylelint/stylelint/compare/16.16.0...16.17.0) --- updated-dependencies: - dependency-name: stylelint dependency-version: 16.17.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: stylelint ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump the eslint group with 2 updates (#7485)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Bumps the eslint group with 2 updates: [eslint](https://github.com/eslint/eslint) and [@eslint/js](https://github.com/eslint/eslint/tree/HEAD/packages/js). Updates `eslint` from 9.22.0 to 9.23.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/compare/v9.22.0...v9.23.0) Updates `@eslint/js` from 9.22.0 to 9.23.0 - [Release notes](https://github.com/eslint/eslint/releases) - [Changelog](https://github.com/eslint/eslint/blob/main/CHANGELOG.md) - [Commits](https://github.com/eslint/eslint/commits/v9.23.0/packages/js) --- updated-dependencies: - dependency-name: eslint dependency-version: 9.23.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint - dependency-name: "@eslint/js" dependency-version: 9.23.0 dependency-type: direct:development update-type: version-update:semver-minor dependency-group: eslint ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump phpstan/phpstan-phpunit from 2.0.4 to 2.0.6 (#7484)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | Bumps [phpstan/phpstan-phpunit](https://github.com/phpstan/phpstan-phpunit) from 2.0.4 to 2.0.6. - [Release notes](https://github.com/phpstan/phpstan-phpunit/releases) - [Commits](https://github.com/phpstan/phpstan-phpunit/compare/2.0.4...2.0.6) --- updated-dependencies: - dependency-name: phpstan/phpstan-phpunit dependency-version: 2.0.6 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump squizlabs/php_codesniffer from 3.11.3 to 3.12.0 (#7483)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | | Bumps [squizlabs/php_codesniffer](https://github.com/PHPCSStandards/PHP_CodeSniffer) from 3.11.3 to 3.12.0. - [Release notes](https://github.com/PHPCSStandards/PHP_CodeSniffer/releases) - [Changelog](https://github.com/PHPCSStandards/PHP_CodeSniffer/blob/master/CHANGELOG.md) - [Commits](https://github.com/PHPCSStandards/PHP_CodeSniffer/compare/3.11.3...3.12.0) --- updated-dependencies: - dependency-name: squizlabs/php_codesniffer dependency-version: 3.12.0 dependency-type: direct:development update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump phpstan/phpstan from 2.1.8 to 2.1.11 (#7482)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | | Bumps [phpstan/phpstan](https://github.com/phpstan/phpstan) from 2.1.8 to 2.1.11. - [Release notes](https://github.com/phpstan/phpstan/releases) - [Changelog](https://github.com/phpstan/phpstan/blob/2.1.x/CHANGELOG.md) - [Commits](https://github.com/phpstan/phpstan/compare/2.1.8...2.1.11) --- updated-dependencies: - dependency-name: phpstan/phpstan dependency-version: 2.1.11 dependency-type: direct:development update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Bump peter-evans/dockerhub-description from 4.0.0 to 4.0.1 (#7480)dependabot[bot]2025-04-01
| | | | | | | | | | | | | | | | Bumps [peter-evans/dockerhub-description](https://github.com/peter-evans/dockerhub-description) from 4.0.0 to 4.0.1. - [Release notes](https://github.com/peter-evans/dockerhub-description/releases) - [Commits](https://github.com/peter-evans/dockerhub-description/compare/e98e4d1628a5f3be2be7c231e50981aee98723ae...0505d8b04853a30189aee66f5bb7fd1511bbac71) --- updated-dependencies: - dependency-name: peter-evans/dockerhub-description dependency-version: 4.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* Fix ext.php: Restrict valid paths in ext.php for extensions (#7479)Alexandre Alapetite2025-04-01
| | | | | | * Fix ext.php: Restrict valid paths in ext.php for extensions Rework https://github.com/FreshRSS/FreshRSS/pull/7474 * Fix wrong variable
* Update 10_filter.md to provide detailed explanations of the time syntax. (#7464)22cs2025-04-01
| | | | | | | | | | | * Update 10_filter.md to provide detailed explanations of the time syntax. * Update 03_Main_view.md to provide detailed explanations of the time syntax. * Reworded --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Catch extension exceptions in override (#7475)Alexandre Alapetite2025-04-01
| | | | | | * Catch extension exceptions in override https://github.com/FreshRSS/Extensions/pull/300#issuecomment-2768578464 * Fix error message
* Make update URL readonly (#7477)Alexandre Alapetite2025-04-01
| | | | The security risks look higher than the minor convinience Modify https://github.com/FreshRSS/FreshRSS/pull/1024
* Restrict valid paths in ext.php for extensions (#7474)Alexandre Alapetite2025-04-01
| | | | | * Restrict valid paths in ext.php for extensions * Disallow absolute paths as well
* Partial revert Referrer-Policy (#7478)Alexandre Alapetite2025-04-01
| | | | | https://github.com/FreshRSS/FreshRSS/pull/6303#issuecomment-2768907702 Was already implemented conditionally https://github.com/FreshRSS/FreshRSS/pull/1198
* Referrer-Policy: same-origin (#6303)maTh2025-04-01
| | | | | | | | | * Referrer-Policy: same-origin * same-origin for our own images --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update CREDITS.md (#7476)𝗛𝗼𝗹𝗶2025-04-01
| | | | | | | | | | | * Update CREDITS.md Credit for myself * Fix --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Improve Turkish Language (#7442)𝗛𝗼𝗹𝗶2025-04-01
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * Improve Turkish Language * fix * Update gen.php * Update app/i18n/tr/gen.php Co-authored-by: Frans de Jonge <fransdejonge@gmail.com> * Update sub.php * edit * edit * make fix-all * Mark lines as ignored * Typo * Update sub.php --------- Co-authored-by: Frans de Jonge <fransdejonge@gmail.com> Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Fix escaping of tag search (#7468)Alexandre Alapetite2025-04-01
| | | | | | * Fix escaping of tag search fix https://github.com/FreshRSS/FreshRSS/issues/7466 * Minor clarity
* Add CSP to favicons (#7471)Alexandre Alapetite2025-04-01
| | | E.g. for the case of SVGs
* Update bcrypt.js from 2.4.4 to 3.0.2 (#7449)Alexandre Alapetite2025-03-25
| | | | | https://github.com/dcodeIO/bcrypt.js/releases/tag/v3.0.0 Can be updated to the latest version with: `curl -L https://unpkg.com/bcryptjs/umd/index.js > p/scripts/vendor/bcrypt.js`
* JavaScript: new event to detect context loaded (#7452)hkcomori2025-03-25
| | | | | | | * Add JavaScript event: freshrss:globalContextLoaded * Update docs * Update docs: fix typo
* Credit myself (#7455)Glyn Normington2025-03-24
|
* Support multiple JSON fragments in HTML+XPath+JSON mode (#7369)Alexandre Alapetite2025-03-24
| | | | | | | * Support multiple JSON fragments in HTML+XPath+JSON mode fix https://github.com/FreshRSS/FreshRSS/discussions/7352#discussioncomment-12295475 E.g. HTML with one `<script type="application/ld+json">...</script>` per item. * Better help messages
* Clarify MINZ usage (#7426)Glyn Normington2025-03-24
| | | | | | | | | | | | | | | | | | | | | * Clarify MINZ usage MINZ (archived, read-only) is not a dependency of FreshRSS, which would be very concerning. Instead, FreshRSS copied MINZ and has evolved it since then under the same license. Ref: https://github.com/FreshRSS/FreshRSS/discussions/7425 * Move credits to README * Delete credits from web UI * Additional changes --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Themes: .btn padding + small adjustments (#7168)maTh2025-03-22
| | | | | | | | | | | | | | | | | Closes https://github.com/FreshRSS/FreshRSS/issues/6262 Changes proposed in this pull request: - CSS: the search button was too big/not flexible enough for the height because of the padding How to test the feature manually: 1. browser configuration: change the default font size from (`16`pt mostly) to `15` or `14` 2. go to subscription management -> `Subscription tools` 3. there should be no scroll bar (because the left hand side navigation is short and the content right hand side is short too) Side effect: All buttons will be a bit smaller as before (because `px` -> `rem`) It should not be an issue at all
* Fix CLI flag parsing (#7430)Alexandre Alapetite2025-03-22
| | | | | | | | * Fix CLI flag parsing fix https://github.com/FreshRSS/FreshRSS/issues/7428 * Fix other places * Forgotten debugging
* Fix API for labels with slash (#7437)Alexandre Alapetite2025-03-22
| | | fix https://github.com/FreshRSS/FreshRSS/issues/7435
* Update 02_Prerequisites.md (#7448)docxml2025-03-22
| | | | | | | | | | | * Update 02_Prerequisites.md Line numbers have varied over time * Same for fr --------- Co-authored-by: Alexandre Alapetite <alexandre@alapetite.fr>
* Update PHPStan 2.1.8 (#7431)Alexandre Alapetite2025-03-15
| | | Fixing minor breaking changes
* SimplePie sync upstream (#7434)Alexandre Alapetite2025-03-15
| | | https://github.com/FreshRSS/simplepie/pull/34
* fr update (#7432)Machou2025-03-14
| | | | | * Update admin.php * Update conf.php
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-29 22:50:53 +0000