* Increase import size
This is merely a temporary workaround to allow at least some medium size
imports
https://framateam.org/freshrss/pl/7wbt4tcyetrfmris9xdcbq7uuw
The import module should be rewritten to process files one by one and as
data streams instead of loading multiple copies of the whole dataset in
memory as is the case now :-(
https://github.com/FreshRSS/FreshRSS/issues/1890
Note that the new SQLite export/import is distinct from this case.
* Use parameter
* SQL allow recreating existing user
Taking advantage of https://github.com/FreshRSS/FreshRSS/pull/2554
In a case when FreshRSS data is lost, but database data still intact (in
particular MySQL or PostgreSQL), this patch allows recreating previous
users without error
* Better error retrieval
Especially when error occur during the prepare statement
Observed in Firefox 69: the favicon is sometimes refreshed with an old
favicon that does not have the number of unread items on it. Seems to
depend on load speed.
* PDO refactor
* Automatic prefix when using the syntax `_tableName`
* Uniformity: MySQL is now PDO::ATTR_EMULATE_PREPARES = false just like SQLite and PostgreSQL, with consequences such as only one statement per query
* Use PDO methods exec(), query(), prepare() + execute() in a more efficient way
* Remove auto-update SQL code for versions older than FreshRSS 1.5 (3 years old)
* The name of the default category is set in PHP instead of in the DB (simplies SQL and allows changing the name according to the FreshRSS language)
* Rename `->bd` to `->pdo` (less of a frenshism, and more informative)
* Fix some requests, which were not compatible with MySQL prepared statements
* Whitespace
* Fix syntax for PostgreSQL sequences
+ MySQL install
* Minor formatting
* Fix lastInsertId for PostgreSQL
* Use PHP 5.6+ const
Take advantage of https://github.com/FreshRSS/FreshRSS/pull/2527https://www.php.net/manual/en/migration56.new-features.php
* A bit of forgotten PHP 5.6 simplification for cURL
* Forgotten $s
* Mini fix custom user config
https://github.com/FreshRSS/FreshRSS/pull/2490/files#r326290346
* More work on install.php but not finished
* install.php working
* More cleaning of PDO in install
* Even more simplification
Take advantage of PDO->exec() to run multiple statements
* Disallow changing the name of the default category
https://github.com/FreshRSS/FreshRSS/pull/2522#discussion_r326967724
This feature is optional. It is based on the presence of a
`data/tos.html` file that an administrator can create. If this file
exists, FreshRSS will automatically add a "ToS" checkbox on the
registration page that users must check to be able to create their
account.
* new users inherit defaults from config-user.php
* installer creates ./data/config-user.php
* fixed typo
* .gitignore fix
* fixed style issues
* Fixed comments
* Update according to feedback
- rename file into `data/config-user.custom.php`
- make it optional (and so, don't copy it during installation)
* fixup! Update according to feedback
* CLI to export/import any database to/from SQLite
Require PHP 5.5+ https://github.com/FreshRSS/FreshRSS/pull/2495
* Travis
* Execution rights
* Fix wrong static fields
* Fix MySQL bad default buffering
https://stackoverflow.com/questions/6895098/pdo-mysql-memory-consumption-with-large-result-set/6935271#6935271https://php.net/manual/ref.pdo-mysql
* Fix count on progression
* Avoid static DB information
To ease working with two DBs at the same time
* Less static, simplify
Needs some testing
* Small corrections
* Special case for SQLite to SQLite
* Modify special case for SQLite
* Remove special case for SQLite
More uniform logic for the 3 databases.
Fix wrong DROP TABLE for SQLite.
* Drop indexes
* Revert "Drop indexes"
This reverts commit f28d2bae09.
* Fix deletion
* Fix classic export
* Update cli/README.md
Co-Authored-By: Marien Fressinaud <dev@marienfressinaud.fr>
* Addressing part of review
* Remove goto 😢
* Travis
* Comment for SQLite case
* Fix missing fields when inserting
* fix: Make sure $disable_aside is initialized
There was a warning for an uninitialized variable, hidden in production
but visible in development mode.
* fix: Allow to delete account when email isn't validated
* Add an email field to the profile page
I reuse the `mail_login` from the configuration. I'm not sure if it's
useful today (I would say it was used when Persona login was available).
A good improvement would be to rename `mail_login` into `email` so it
would be more intuitive to use.
* Add boolean to the conf to force email validation
This commit only adds a configuration item.
* Add email during registration if email must be validated
* Set email token to validate when email changes
* Block access to FreshRSS if email is not validated
* Send email when address is changed
* Allow to resend the validation email
* Allow the user to change its email while blocked
* Document the email validation feature
* fixup! Allow the user to change its email while blocked
* tec: Autoload PHPMailer lib
* Validate email address format
* Add feedback on validation email resend action
* Allow to logout when user is blocked
* fix: Change default email "from"
* Reorganize i18n keys
* Complete all the locales with default english
* Hide sidebar (profile page) if email is not validated
* Check email requirements on registration
* Allow admin to specify email when creating users
* Don't check email format if value is empty
* Remove trailing comma in userController
Co-Authored-By: Alexandre Alapetite <alexandre@alapetite.fr>
* Set PHPMailer validator to html5 before sending email
* fixup! Remove trailing comma in userController
* New environment variable to control development mode
Suggestion of new enviromnent variable, as discussed
https://github.com/FreshRSS/FreshRSS/pull/2492#issuecomment-523613920
* Update Docker/README.md
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
* Update Docker/README.md
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
* Update Docker/README.md
Co-Authored-By: Frans de Jonge <fransdejonge@gmail.com>
* Declare ENV in Dockerfile
Tested
* Prevent window opener vulnerability with space shortcut
This change fixes a vulnerability introduced by `window.open()` on untrusted sources. It reproduces the effect of `rel="noreferrer"` with JS.
Cross browser solution from: https://stackoverflow.com/a/40593743
## Reproduction
> tested with Firefox 68
1. Add this RSS feed
2. Open the 2nd link "À propos de la faille de sécurité liée à target="_blank" **using the space key shortcut**.
3. Click on the first of three links "http://bookmarks.ecyseo.net"
Current behaviour: the FreshRSS tab changes.
Expected behaviour: no effect on FreshRSS
* Test for popup blockers