Merge remote-tracking branch 'upstream/master' into changes

Author: crondog

.htaccess

@@ -37,45 +37,90 @@ RewriteRule (.*) public/$1 [L]
 
 # Default expires header if none specified (stay in browser cache for 7 days)
 <IfModule mod_expires.c>
-    ExpiresActive On
-    ExpiresDefault A604800
-
-    ExpiresByType application/javascript "access plus 2 hours"
-    ExpiresByType application/x-javascript "access plus 2 hours"
-    ExpiresByType text/javascript "access plus 2 hours"
-    ExpiresByType text/x-javascript "access plus 2 hours"
-    ExpiresByType text/css "access plus 2 hours"
-    ExpiresByType image/gif "access plus 2 hours"
-    ExpiresByType image/jpg "access plus 2 hours"
-    ExpiresByType image/png "access plus 2 hours"
-    ExpiresByType image/x-icon "access plus 2 hours"
-</IfModule>
 
-# set compression
-<IfModule mod_header.c>
-    <IfModule mod_deflate.c>
-        # Insert filter
-        SetOutputFilter DEFLATE
+    ExpiresActive on
+    ExpiresDefault                                      "access plus 1 week"
+
+  # CSS
+    ExpiresByType text/css                              "access plus 1 year"
+
+  # Data interchange
+    ExpiresByType application/json                      "access plus 0 seconds"
+    ExpiresByType application/xml                       "access plus 0 seconds"
+    ExpiresByType text/xml                              "access plus 0 seconds"
+
+  # Favicon (cannot be renamed!)
+    ExpiresByType image/x-icon                          "access plus 1 week"
 
-        # Netscape 4.x has some problems...
-        BrowserMatch ^Mozilla/4 gzip-only-text/html
+  # HTML components (HTCs)
+    ExpiresByType text/x-component                      "access plus 1 month"
 
-        # Netscape 4.06-4.08 have some more problems
-        BrowserMatch ^Mozilla/4\.0[678] no-gzip
+  # HTML
+    ExpiresByType text/html                             "access plus 0 seconds"
 
-        # MSIE masquerades as Netscape, but it is fine
-        # BrowserMatch \bMSIE !no-gzip !gzip-only-text/html
+  # JavaScript
+    ExpiresByType application/javascript                "access plus 1 year"
 
-        # NOTE: Due to a bug in mod_setenvif up to Apache 2.0.48
-        # the above regex won't work. You can use the following
-        # workaround to get the desired effect:
-        BrowserMatch \bMSI[E] !no-gzip !gzip-only-text/html
+  # Manifest files
+    ExpiresByType application/x-web-app-manifest+json   "access plus 0 seconds"
+    ExpiresByType text/cache-manifest                   "access plus 0 seconds"
 
-        # Don't compress images
-        SetEnvIfNoCase Request_URI \
-        \.(?:gif|jpe?g|png)$ no-gzip dont-vary
+  # Media
+    ExpiresByType audio/ogg                             "access plus 1 month"
+    ExpiresByType image/gif                             "access plus 1 month"
+    ExpiresByType image/jpeg                            "access plus 1 month"
+    ExpiresByType image/png                             "access plus 1 month"
+    ExpiresByType video/mp4                             "access plus 1 month"
+    ExpiresByType video/ogg                             "access plus 1 month"
+    ExpiresByType video/webm                            "access plus 1 month"
 
-        # Make sure proxies don't deliver the wrong content
-        Header append Vary User-Agent env=!dont-vary
+  # Web feeds
+    ExpiresByType application/atom+xml                  "access plus 1 hour"
+    ExpiresByType application/rss+xml                   "access plus 1 hour"
+
+  # Web fonts
+    ExpiresByType application/font-woff                 "access plus 1 month"
+    ExpiresByType application/vnd.ms-fontobject         "access plus 1 month"
+    ExpiresByType application/x-font-ttf                "access plus 1 month"
+    ExpiresByType font/opentype                         "access plus 1 month"
+    ExpiresByType image/svg+xml                         "access plus 1 month"
+
+</IfModule>
+
+
+<IfModule mod_deflate.c>
+
+    # Force compression for mangled headers.
+    # http://developer.yahoo.com/blogs/ydn/posts/2010/12/pushing-beyond-gzipping
+    <IfModule mod_setenvif.c>
+        <IfModule mod_headers.c>
+            SetEnvIfNoCase ^(Accept-EncodXng|X-cept-Encoding|X{15}|~{15}|-{15})$ ^((gzip|deflate)\s*,?\s*)+|[X~-]{4,13}$ HAVE_Accept-Encoding
+            RequestHeader append Accept-Encoding "gzip,deflate" env=HAVE_Accept-Encoding
+        </IfModule>
     </IfModule>
+
+    # Compress all output labeled with one of the following MIME-types
+    # (for Apache versions below 2.3.7, you don't need to enable `mod_filter`
+    #  and can remove the `<IfModule mod_filter.c>` and `</IfModule>` lines
+    #  as `AddOutputFilterByType` is still in the core directives).
+    <IfModule mod_filter.c>
+        AddOutputFilterByType DEFLATE application/atom+xml \
+                                      application/javascript \
+                                      application/json \
+                                      application/rss+xml \
+                                      application/vnd.ms-fontobject \
+                                      application/x-font-ttf \
+                                      application/x-web-app-manifest+json \
+                                      application/xhtml+xml \
+                                      application/xml \
+                                      font/opentype \
+                                      image/svg+xml \
+                                      image/x-icon \
+                                      text/css \
+                                      text/html \
+                                      text/plain \
+                                      text/x-component \
+                                      text/xml
+    </IfModule>
+
 </IfModule>

README.md

@@ -4,15 +4,15 @@ selfoss
 Copyright (c) 2013 Tobias Zeising, tobias.zeising@aditu.de  
 http://selfoss.aditu.de  
 Licensed under the GPLv3 license  
-Version 2.7-SNAPSHOT
+Version 2.8-SNAPSHOT
 
 
 INSTALLATION
 ------------
 
 1. Upload all files of this folder (IMPORTANT: also upload the invisible .htaccess files)
 2. Make the directories data/cache, data/favicons, data/logs, data/thumbnails, data/sqlite and public/ writeable
-3. Insert database access data in config.ini (see below -- you have not to change anything if you would like to use sqlite)
+3. Insert database access data in config.ini (see below -- you don't have to change anything if you want to use sqlite)
 3. You don't have to install the database, it will be created automatically
 4. Create cronjob for updating feeds and point it to http://yourselfossurl.com/update via wget or curl. You can also execute the update.php from commandline.
 
@@ -50,7 +50,19 @@ Visit the page http://yourselfossurl.com/opml for importing your OPML File. If y
 CHANGELOG
 ---------
 
-Version 2.7-SNAPSHOT
+Version 2.8-SNAPSHOT
+* new Polish translation (thanks a lot to Piotr Dymacz)
+* improved Expires section and Compression in .htaccess (thanks a lot to S Anand)
+* make api item listing, tags and sources stats accessible for non loggedin users in public mode
+* update fat free php framework version 3.0.8
+* new configuration parameter for default readability api key
+* new configuration parameter for allowing unauthorized access for the update job
+* new delicious support (thanks a lot to bbeardsley)
+* support ssl proxy (thanks a lot to zajad)
+* new readability support (thanks a lot to hayk)
+* pass original url to external sites except for opening the anonymized url (thanks a lot to bbeardsley)
+
+Version 2.7
 * new spout for instapaper (thanks a lot to janeczku)
 * new Hungarian translation (thanks a lot to Sancho)
 * fix keyboard shortcut on some browsers
@@ -59,6 +71,17 @@ Version 2.7-SNAPSHOT
 * fix bug on removing search terms (thanks a lot to ochristi)
 * translation for login page (thanks a lot to jicho)
 * new japanese language file (thanks a lot to wowo)
+* new shortcuts (thanks a lot to jicho)
+* fix issues with refreshing the items list and slow ajax requests (thanks a lot to Sean Rand)
+* don't leave behind sp-container divs when refreshing the tags (thanks a lot to Sean Rand)
+* clean up orphaned items of deleted sources (thanks a lot to Sean Rand)
+* update fat free php framework to newest versoin 3.0.6
+* only allow update for localhost or loggedin users (thanks a lot to Tiouss)
+* added Facebook page feed (thanks a lot to Thomas Muguet)
+* fix memory bug on icon generation (thanks a lot to Matthieu Codron)
+* new opml export (thanks a lot to Sean Rand)
+* new norwegian translation (thanks a lot to Kjetil Elde)
+* set default title if no one was given by the feed
 
 Version 2.6
 * fixed OPML import for other formats (thanks a lot to Remy Gardette)

_docs/website/favicon.ico

@@ -5,11 +5,20 @@
 $username = "ssilence";
 $repo_name = "selfoss";
 
+// use cache?
 $cacheFile = "rss.cache";
-if(file_exists($cacheFile) && (time() - filemtime($cacheFile) < 3600)) {
-    header("Content-Type: text/xml");
-    echo file_get_contents($cacheFile);
-    return;
+if(!file_exists($cacheFile))
+    touch($cacheFile);
+$maxTimestampValidity = 5400; // 1.5 hours
+$cacheFileContent = file_get_contents($cacheFile);
+if(strlen($cacheFileContent)>0) {
+    $cacheFileContent = json_decode($cacheFileContent, true);
+    if($cacheFileContent['timestamp'] + $maxTimestampValidity < time()) {
+        unlink($cacheFile);
+    } else {
+        header("Content-Type: application/xml;");
+        die($cacheFileContent['feed']);
+    }
 }
 
 function status_ok($curl) {
@@ -22,13 +31,14 @@ function status_ok($curl) {
 
 $curl = curl_init();
 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
+curl_setopt($curl, CURLOPT_USERAGENT, 'selfoss.aditu.de/feed.php (tobias.zeising@aditu.de)');
 
 curl_setopt($curl, CURLOPT_URL, $repo_url);
 $response = curl_exec($curl);
 
 if(!status_ok($curl)) {
     header("HTTP/1.1 404 Not Found");
-    exit("Repository doesn't exist or is private.");
+    exit("Repository doesn't exist or is private." . $response);
 }
 
 $repo = json_decode($response, true);
@@ -102,6 +112,10 @@ function escape(&$var) {
     $content = ob_get_contents();
     ob_end_clean();
     header("Content-Type: text/xml");
-    file_put_contents($cacheFile, $content);
+    $cacheFileContent = json_encode(array(
+        "timestamp" => time(),
+        "feed" => $content
+    ));
+    file_put_contents($cacheFile, $cacheFileContent);
     echo $content;
 ?>

_docs/website/feed.php

@@ -28,7 +28,7 @@ <h1 id="header-name"><span>selfoss</span></h1>
             <li class="documentation">documentation</li>
             <li class="about">about</li>
             <li class="forum"><a href="/forum">forum</a></li>
-            <li class="download"><a href="selfoss-2.6.zip">download</a></li>
+            <li class="download"><a href="selfoss-2.7.zip">download</a></li>
         </ul>
 
         <a id="header-fork" href="https://github.com/SSilence/selfoss"></a>
@@ -37,7 +37,7 @@ <h1 id="header-name"><span>selfoss</span></h1>
 
         <div id="header-just-updated"></div>
 
-        <a id="header-download" href="selfoss-2.6.zip"><span>download selfoss 2.6</span></a>
+        <a id="header-download" href="selfoss-2.7.zip"><span>download selfoss 2.7</span></a>
 
         <a id="header-donate" href="https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=LR67F3T9DMSC8"><span>donate</span></a>
 
@@ -265,6 +265,14 @@ <h2>Configuration</h2>
                         <td class="documentation-first-column">use_system_font</td>
                         <td>set use_system_font=1 if you have problems with special characters. Then instead of Open Sans the font Arial will be used.</td>
                     </tr>
+                    <tr>
+                        <td class="documentation-first-column">readability</td>
+                        <td>default API key for all feeds fetched by readability spout. You can also enter the readability API key in the spout parameters for every single feed.</td>
+                    </tr>
+                    <tr>
+                        <td class="documentation-first-column">allow_public_update_access</td>
+                        <td>set allow_public_update_access=1 for allowing public access for /update (anybody can access and start the update job).</td>
+                    </tr>
                 </table>
             </div>
 
@@ -329,6 +337,10 @@ <h2>Shortcuts</h2>
                         <td class="documentation-first-column">v</td>
                         <td>open url of current entry in new tab/window</td>
                     </tr>
+                    <tr>
+                        <td class="documentation-first-column">Shift + v</td>
+                        <td>open url of current entry in new tab/window and mark read</td>
+                    </tr>
                     <tr>
                         <td class="documentation-first-column">Ctrl + m</td>
                         <td>mark all as read</td>
@@ -339,7 +351,23 @@ <h2>Shortcuts</h2>
                     </tr>
                     <tr>
                         <td class="documentation-first-column">o</td>
-                        <td>open current item</td>
+                        <td>open / close current item</td>
+                    </tr>
+                    <tr>
+                        <td class="documentation-first-column">shift + o</td>
+                        <td>close all open items</td>
+                    </tr>
+                    <tr>
+                        <td class="documentation-first-column">shift + n</td>
+                        <td>open newest items page</td>
+                    </tr>
+                    <tr>
+                        <td class="documentation-first-column">shift + u</td>
+                        <td>open unread items page</td>
+                    </tr>
+                    <tr>
+                        <td class="documentation-first-column">shift + s</td>
+                        <td>open starred items page</td>
                     </tr>
                 </table>
             </div>
@@ -490,7 +518,7 @@ <h2  id="about">About</h2>
             |
             <a href="http://www.aditu.de">About me</a>
             |
-            <a href="http://blog.aditu.de">Blog</a>
+            <a href="http://www.aditu.de//#filter=.blog">Blog</a>
             |
             logo by <a href="http://blog.artcore-illustrations.de/aicons/">ArtCore</a>
         </p>

_docs/website/index.html

@@ -176,8 +176,17 @@ public function logout() {
      * @return void
      */
     public function update() {
+        // only allow access for localhost and loggedin users
+        if (\F3::get('allow_public_update_access')!=1 
+                && $_SERVER['REMOTE_ADDR'] !== $_SERVER['SERVER_ADDR'] 
+                && $_SERVER['REMOTE_ADDR'] !== "127.0.0.1"
+                && \F3::get('auth')->isLoggedin() != 1)
+            die("unallowed access");
+    
+        // update feeds
         $loader = new \helpers\ContentLoader();
         $loader->update();
+        
         echo "finished";
     }