romansixty / feed-on-feeds Goto Github PK

View Code? Open in Web Editor NEW

60.0 12.0 15.0 1.89 MB

FeedOnFeeds is a lightweight server-based RSS feed aggregator and reader

Home Page: http://feedonfeeds.com/

License: GNU General Public License v2.0

PHP 95.95% CSS 1.03% JavaScript 3.02% Hack 0.01%

rss-aggregator rss-reader php youtube mysql sqlite reddit rss rss-feed-scraper websub

feed-on-feeds's People

Contributors

Stargazers

Watchers

Forkers

makr0 tacman mickeyr fluffy-critter thylacine andymatic iantearle pyttsen gasteizko neosin sorenpeter misel228

feed-on-feeds's Issues

X-WAV podcast enclosures don't play.

(This didn't work in the original either - so its probaby never worked)

It shows a 'click for podcast' image and says (audio/x-wav) but clicking stuff does nothing...

YouTube replacement messes up playlist embeds

If a feed embeds a YouTube playlist rather than a video, the player replacement thing screws up the embed.

Example feed with some recent content of those sorts: https://novembeat.com/feed

original item:

    <entry>
        <title>Works: Gero Takke / Commodore Amigo</title>
        <link href="https://novembeat.com/works/79-Gero-Takke-Commodore-Amigo" rel="alternate" type="text/html" />
        <published>2020-11-16T09:59:15-08:00</published>
        <updated>2020-11-16T09:59:15-08:00</updated>
        <id>urn:uuid:1a19bf35-9b59-58ea-80ff-05584896a490</id>
        <author><name>Gero Takke</name></author>
        <content type="html"><![CDATA[

<p><a href="https://www.youtube.com/playlist?list=PLXwJEk7hkqgdLX4PeBL9xAZ8V0CevVC3g">YouTube playlist</a>:</p>
<iframe width="560" height="315" src="https://www.youtube.com/embed/videoseries?list=PLXwJEk7hkqgdLX4PeBL9xAZ8V0CevVC3g" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe>






        ]]></content>
        <category term="https://novembeat.com/" label="Novembeat" />
        <category term="https://novembeat.com/works/" label="Works" />
        
        

    </entry>

Replaced item:

<div class="body"><p><a href="https://www.youtube.com/playlist?list=PLXwJEk7hkqgdLX4PeBL9xAZ8V0CevVC3g" target="_blank">YouTube playlist</a>:</p>
<div class="youtube-video" data-ytid="videoseries" style="background-image: url('//i.ytimg.com/vi/videoseries/hqdefault.jpg')" onclick="embed_youtube(this);"></div></div>

After clicking on the image:

<div class="body"><p><a href="https://www.youtube.com/playlist?list=PLXwJEk7hkqgdLX4PeBL9xAZ8V0CevVC3g" target="_blank">YouTube playlist</a>:</p>
<iframe src="https://www.youtube.com/embed/videoseries?autoplay=1&amp;rel=0" allowfullscreen="1" width="560" height="315" frameborder="0"></iframe></div>

Themeing

What is the consensus of theming? Providing a theme folder to contain:

header.php
items.php
render.php
footer.php

I have already ported the JS to jquery. Just working on the latest functions.

FoF is double-decoding entities where it shouldn't be

Example item causing problems:
https://beesbuzz.biz/blog/6128-Federated-identity-with-Atom-and-WebSub

In the feed, all of the content is included in a CDATA segment, and its entities are then further encoded correctly, e.g.:

<h3>Favored approach: In-plain-sight encryption</h3>
<p>My favored approach to providing private content on feeds is to have private items be encrypted.</p><p>Every reader has a public and private key-pair; the publisher knows their public key.</p><p>Every protected entry has a randomly-generated symmetric nonce key, and the private content (<code>&lt;title&gt;</code>, <code>&lt;content&gt;</code>, enclosure links, etc.) are stored in the encrypted payload. (<code>&lt;id&gt;</code> probably needs to remain public for various reasons, and things like <code>&lt;published&gt;</code>/<code>&lt;updated&gt;</code>/<code>&lt;link rel=&quot;alternate&quot;&gt;</code> probably should as well.) The public payload can also include something like:</p><div class="highlight"><pre><span></span><span class="nt">&lt;title&gt;</span>Private content<span class="nt">&lt;/title&gt;</span>
<span class="nt">&lt;content</span> <span class="na">type=</span><span class="s">&quot;text/html&quot;</span><span class="nt">&gt;</span>This is a private entry. Check the original site to see if you have access, or use a feed reader which supports the [insert clever name here] protocol.<span class="nt">&lt;/content&gt;</span>
</pre></div>
<p>This nonce key is then added to the item, encrypted using every trusted reader&rsquo;s public key. (So, if there are 10 followers who are allowed to see the entry, there are 10 copies of the nonce key, each one encrypted by the public key.) Of course the CMS can manage this in any number of ways (e.g. having one or more protected groups of friends who can see things, with specific per-user inclusions and exclusions).</p><p>When a reader gets an encrypted entry, it tries to decrypt each of the encrypted nonce keys with its private key, and then when it gets a valid nonce key it uses that to decrypt the payload.</p><p>The plus sides to this approach:</p>

Unfortunately, something is decoding those <s et al, and so FeedOnFeeds (or maybe it's SimplePie) renders it as HTML, thus horking the layout of the rest of the entry:

<h3>Favored approach: In-plain-sight encryption</h3>
<p>My favored approach to providing private content on feeds is to have private items be encrypted.</p>
<p>Every reader has a public and private key-pair; the publisher knows their public key.</p>
<p>Every protected entry has a randomly-generated symmetric nonce key, and the private content (<code><title></code>, <code><content></code>, enclosure links, etc.) are stored in the encrypted payload. (<code><id></code> probably needs to remain public for various reasons, and things like <code><published></code>/<code><updated></code>/<code><link rel="alternate"></code> probably should as well.) The public payload can also include something like:</p>
<div class="highlight"><pre><span></span><span class="nt"><title></span>Private content<span class="nt"></title></span>
<span class="nt"><content</span> <span class="na">type=</span><span class="s">"text/html"</span><span class="nt">></span>This is a private entry. Check the original site to see if you have access, or use a feed reader which supports the [insert clever name here] protocol.<span class="nt"></content></span>
</pre></div>
<p>This nonce key is then added to the item, encrypted using every trusted reader’s public key. (So, if there are 10 followers who are allowed to see the entry, there are 10 copies of the nonce key, each one encrypted by the public key.) Of course the CMS can manage this in any number of ways (e.g. having one or more protected groups of friends who can see things, with specific per-user inclusions and exclusions).</p>
<p>When a reader gets an encrypted entry, it tries to decrypt each of the encrypted nonce keys with its private key, and then when it gets a valid nonce key it uses that to decrypt the payload.</p>
<p>The plus sides to this approach:</p>

(Also it seems that class attributes aren't getting filtered out either, I could have sworn the existing sanitization was supposed to do that...)

Is this the best feed-of-feeds to use a s a base for more development?

I've been using the original (version .5) for some time, I need to do some work on it and found this repo - is this the latest/greatest version?

PHP 8.x

Running FoF with PHP 8.0 or 8.1 shows a lot of Deprecation warnings and one Fatal Error in the PDO Log class. It inherits the PDO class but the function signatures and return types don't match.

The fatal error can be avoided by changing the query function signature to this.

public function query($query, $fetchMode = null, ...$fetchModeArgs)

But before I march ahead I wanted to discuss if I should just "bend" the code to make the warnings go away or if you have better ideas for a refactoring.

Fatal error: Declaration of PDOLog::query($query) must be compatible with PDO::query(string $query, ?int $fetchMode = null, mixed ...$fetchModeArgs): PDOStatement|false in /fof/classes/pdolog.php on line 20

Deprecated:  Return type of PDOLog::exec($statement) should either be compatible with PDO::exec(string $statement): int|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /fof/classes/pdolog.php on line 31

Deprecated:  Return type of PDOLog::query($query, ?int $fetchMode = null, mixed ...$fetchModeArgs) should either be compatible with PDO::query(string $query, ?int $fetchMode = null, mixed ...$fetchModeArgs): PDOStatement|false, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /fof/classes/pdolog.php on line 20

Deprecated:  Return type of PDOStatementLog::bindParam($parameter, &$variable, $data_type = PDO::PARAM_STR, $length = null, $driver_options = null) should either be compatible with PDOStatement::bindParam(string|int $param, mixed &$var, int $type = PDO::PARAM_STR, int $maxLength = 0, mixed $driverOptions = null): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /fof/classes/pdolog.php on line 51

Deprecated:  Return type of PDOStatementLog::bindValue($parameter, $value, $data_type = PDO::PARAM_STR) should either be compatible with PDOStatement::bindValue(string|int $param, mixed $value, int $type = PDO::PARAM_STR): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /fof/classes/pdolog.php on line 56

Deprecated:  Return type of PDOStatementLog::execute($input_parameters = null) should either be compatible with PDOStatement::execute(?array $params = null): bool, or the #[\ReturnTypeWillChange] attribute should be used to temporarily suppress the notice in /fof/classes/pdolog.php on line 61

Configure plugins as default enabled/disabled

It would be nice if certain plugins could be set to be disabled by default. For example, the new plain.php plugin (which also really should be a render plugin, not an item plugin) makes the default RSS-reading experience quite unpleasant, and isn't a very good thing to have enabled by default for new users.

Changelog / new features in README

Hi!
I see you have a fork of FoF... I have my own one for a long time too (not yet on github though)... :)
Can you please list new features compared to the original 0.5 from http://feedonfeeds.com/ in the README?

Call to a member function error() on a non-object

Keep seeing this appear in my error logs, cant figure out the source of the error. Can anyone help?

PHP Fatal error: Call to a member function error() on a non-object in /var/www/fof-main.php on line 929

File authorship information needs updating

Most of the files in the source only refer to Steve Minutillo's contributions and copyright, but there are a bunch of other people who have worked on it since then. And how much of the original code even remains at this point?

We should probably go through and update the copyright of the source files to include all the contributors thereof to properly credit everyone. How does this even work with the GPL, anyway?

Error FATAL: couldn't open logfile /var/fof-data//fof-install.log

Hi, I can't install this on my server :(

Warning: fopen(/var/fof-data//fof-install.log): failed to open stream: No such file or directory in /srv/users/mypathsite/public/fof/fof-main.php on line 85
FATAL: couldn't open logfile /var/fof-data//fof-install.log

In fof-config.php I have added Database connection information (localhost, database name user password), chose a backend: define('USE_MYSQL', 1); and tried with define('SQL_NO_TRIGGERS', 1); commented and uncommented..doesn't work, always errors :(

I try to install it also on locale with xampp but nothing, same error code.

How can I install it? Thank you in advance

PDO driver error ?

when i installing time .. ]
Its shows

Trouble encountered:
missing implementation for pdo driver
Trying to continue...

Help, I forgot the username and password

Hi, I need help, I forgot the username and password of my Feed on Feeds, how can I restore it / find it? Thank you in advance

Needs PHP 5.3.6 or higher as it uses 'saveHTML' with a parameter in plugin/item_targets.php

Install needs to checck for PHP 5.3.6 or higher (or the plugin does? if they are meant to be separately installable?).

First Screen shows...

[« previous 50] [all-at-once]

Warning: DOMDocument::saveHTML() expects exactly 0 parameters, 1 given in /usr/local/home/httpd/vhtdocs/idltd/apps/fof/plugins/item_targets.php on line 36

'j' paging-down gets stuck on longer entries now

I don't know how much of this is due to the recent-ish migration away from prototype or some of the styling changes or whatever, but now when I press j on some feed items, the paging stops working partway through.

One example entry that causes the problem is https://99percentinvisible.org/episode/raccoon-resistance/ which is on a blog which often has quite long posts. It seems that all of their posts cause this problem. On some of them my browser's developer console gets errors like:

TypeError: null is not an object (evaluating 'itemElement.nextElementSibling.id') on fof.js:261

I haven't looked at the new code yet but I suspect there's been some DOM change which causes this quirk.

It happens in Safari, and I haven't tried it in other browsers yet.

J paging (to mark and skip to the next entry) continues to work, at least.