From 961407b4e0546dd38a696a650898fcefbe2d6c8c Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Aug 2016 13:36:11 +0200 Subject: [PATCH 1/8] Variable initialization PHP warning when not feed is iddle https://github.com/FreshRSS/FreshRSS/issues/1227#issuecomment-242702464 --- app/Models/StatsDAO.php | 1 + 1 file changed, 1 insertion(+) diff --git a/app/Models/StatsDAO.php b/app/Models/StatsDAO.php index 5ca333396..4f83ff577 100644 --- a/app/Models/StatsDAO.php +++ b/app/Models/StatsDAO.php @@ -168,6 +168,7 @@ SQL; $stm->execute(); $res = $stm->fetchAll(PDO::FETCH_NAMED); + $repartition = array(); foreach ($res as $value) { $repartition[(int) $value['period']] = (int) $value['count']; } From 1a0f11ee3862d54b561185d9db3ff1f1a3947fff Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Aug 2016 13:57:18 +0200 Subject: [PATCH 2/8] PSHB base_url bug https://github.com/FreshRSS/FreshRSS/issues/1227 Bug if base_url does not end with / --- app/Models/Feed.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 986cc5015..9855ca742 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -446,7 +446,7 @@ class FreshRSS_Feed extends Minz_Model { Minz_Log::warning('Invalid JSON for PubSubHubbub: ' . $this->url); return false; } - $callbackUrl = checkUrl(FreshRSS_Context::$system_conf->base_url . 'api/pshb.php?k=' . $hubJson['key']); + $callbackUrl = checkUrl(Minz_Request::getBaseUrl() . '/api/pshb.php?k=' . $hubJson['key']); if ($callbackUrl == '') { Minz_Log::warning('Invalid callback for PubSubHubbub: ' . $this->url); return false; From 67ca4a9ac610efc889dc7ca8f500b25a1cb3f378 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Aug 2016 14:00:06 +0200 Subject: [PATCH 3/8] Changelog PSHB callback --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index f8fccae3f..93d3dcd3b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -20,6 +20,7 @@ * Fixed JavaScript bug when articles were not always marked as read [#1123](https://github.com/FreshRSS/FreshRSS/issues/1123) * Fixed Apache Etag issue that prevented caching [#1199](https://github.com/FreshRSS/FreshRSS/pull/1199) * Fixed OPML import of categories [#1202](https://github.com/FreshRSS/FreshRSS/issues/1202) + * Fixed PubSubHubbub callback address bug on some configurations [1229](https://github.com/FreshRSS/FreshRSS/pull/1229) * UI * Use sticky category column [#1172](https://github.com/FreshRSS/FreshRSS/pull/1172) * Updated to jQuery 3.1.0 and several JavaScript fixes (e.g. drag & drop) [#1197](https://github.com/FreshRSS/FreshRSS/pull/1197) From ccecebc2b467ae381a2364a70ae2a916bdcf22be Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Aug 2016 16:35:54 +0200 Subject: [PATCH 4/8] SimplePie error message XML PCRE https://github.com/FreshRSS/FreshRSS/issues/1227 --- app/Models/Feed.php | 2 +- lib/SimplePie/SimplePie.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 9855ca742..6104b1e31 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -241,7 +241,7 @@ class FreshRSS_Feed extends Minz_Model { if ((!$mtime) || $feed->error()) { $errorMessage = $feed->error(); - throw new FreshRSS_Feed_Exception(($errorMessage == '' ? 'Feed error' : $errorMessage) . ' [' . $url . ']'); + throw new FreshRSS_Feed_Exception(($errorMessage == '' ? 'Unknown error for feed' : $errorMessage) . ' [' . $url . ']'); } $links = $feed->get_links('self'); diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index 8af55c9fd..8026fb149 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -1304,6 +1304,7 @@ class SimplePie // Check absolute bare minimum requirements. if (!extension_loaded('xml') || !extension_loaded('pcre')) { + $this->error = 'XML and PCRE extensions not loaded!'; return false; } // Then check the xml extension is sane (i.e., libxml 2.7.x issue on PHP < 5.2.9 and libxml 2.7.0 to 2.7.2 on any version) if we don't have xmlreader. From 531f6ada99958553983c258fae444382efa18804 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Aug 2016 16:37:35 +0200 Subject: [PATCH 5/8] SimplePie better message --- lib/SimplePie/SimplePie.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index 8026fb149..0f2fdbb87 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -1304,7 +1304,7 @@ class SimplePie // Check absolute bare minimum requirements. if (!extension_loaded('xml') || !extension_loaded('pcre')) { - $this->error = 'XML and PCRE extensions not loaded!'; + $this->error = 'XML or PCRE extensions not loaded!'; return false; } // Then check the xml extension is sane (i.e., libxml 2.7.x issue on PHP < 5.2.9 and libxml 2.7.0 to 2.7.2 on any version) if we don't have xmlreader. From 1a53058ef0887df6dfb91ae269ef76ee5d3f9a31 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 29 Aug 2016 09:44:18 +0200 Subject: [PATCH 6/8] HTTP security: prevent reflection abuse https://msdn.microsoft.com/en-us/library/gg622941(v=vs.85).aspx --- p/api/pshb.php | 1 + 1 file changed, 1 insertion(+) diff --git a/p/api/pshb.php b/p/api/pshb.php index 136b98fc9..650767114 100644 --- a/p/api/pshb.php +++ b/p/api/pshb.php @@ -5,6 +5,7 @@ require(LIB_PATH . '/lib_rss.php'); //Includes class autoloader define('MAX_PAYLOAD', 3145728); header('Content-Type: text/plain; charset=UTF-8'); +header('X-Content-Type-Options: nosniff'); function logMe($text) { file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND); From d552703f67da5568a5e826bc453f572e03d081cd Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 29 Aug 2016 19:46:41 +0200 Subject: [PATCH 7/8] Release version 1.5.0 --- CHANGELOG.md | 2 +- constants.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 93d3dcd3b..e8a06eac0 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## 2016-08-XX FreshRSS 1.5.0-dev +## 2016-08-29 FreshRSS 1.5.0 * Compatibility * Require at least MySQL 5.5.3+ [#1153](https://github.com/FreshRSS/FreshRSS/issues/1153) diff --git a/constants.php b/constants.php index 8a6ce8a66..80a22c8f0 100644 --- a/constants.php +++ b/constants.php @@ -1,5 +1,5 @@ Date: Wed, 31 Aug 2016 15:56:07 +0200 Subject: [PATCH 8/8] Start 1.6.0-dev --- CHANGELOG.md | 3 +++ constants.php | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e8a06eac0..1002873d2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog +## 2016-XX-XX FreshRSS 1.6.0-dev + + ## 2016-08-29 FreshRSS 1.5.0 * Compatibility diff --git a/constants.php b/constants.php index 80a22c8f0..2a8486ad1 100644 --- a/constants.php +++ b/constants.php @@ -1,5 +1,5 @@