Implement custom feed favicons

[Inverle]

Closes #3789, #6503

Icon setting when no custom icon is set yet:

• Change... button opens a file dialog, and after selecting a file shows the chosen icon in the preview on the left. Submit must be clicked after selecting the icon.
• Reset to default changes the preview icon to the default one, and also requires Submit to be clicked to apply the changes.

Full list of changes:

• CSP now includes blob: in img-src for
  • indexAction() and feedAction() in subscriptionController.php
  • all of the view actions in indexController.php
• Introduce new attribute customFavicon (boolean) for feeds that indicates if the feed has a custom favicon
  • hashFavicon() in Feed.php is dependent on this attribute
    • hashFavicon() has a new parameter called skipCache (boolean) that allows the reset of the favicon hash for the Feed object
    • resetFaviconHash() just calls hashFavicon(skipCache: true)
• f.php URLs now have the format of /f.php?h=XXXXX&t=cachebuster, where the t parameter is only used for serving custom favicons
  • if t parameter is set, f.php returns a Cache-Control: immutable header
• stripos and strpos were changed to str_contains in various places (refactor)
• JS for handling the custom favicon configuration logic is in extra.js inside init_update_feed() which is called when feed configuration is opened from the aside or when the subscription management page with the feed is loaded
  • Server-side code for uploading the icon in subscriptionController.php under feedAction()
  • Errors that may occur during the setting of a custom favicon:
    • Unsupported image file type (handled only server-side with isImgMime())
    • When the file is bigger than 1 MiB (default), handled both client-side and server-side
    • Standard feed error when updateFeed() fails
• JS vars javascript_vars.phtml are no longer escaped with htmlspecialchars(), instead with json encoding,
• CSS for disabled buttons was added
• Max favicon file size is configurable with the max_favicon_upload_size option in config.php (not exposed via UI)
• Custom favicons are currently deleted only when they are either reset to the default icon, or the feed gets deleted. They do not get deleted when the user deletes their account without removing their feeds first.
• faviconPrepare() and faviconRebuild() are not allowed to be called when the customFavicon attribute is true
• New i18n strings:
  • 'sub.feed.icon' => 'Icon'
  • 'sub.feed.change_favicon' => 'Change…'
  • 'sub.feed.reset_favicon' => 'Reset to default'
  • 'sub.feed.favicon_changed_by_ext' => 'The icon has been set by the <b>%s</b> extension.'
  • 'feedback.sub.feed.favicon.too_large' => 'Uploaded icon is too large. The maximum file size is <em>%s</em>.'
  • 'feedback.sub.feed.favicon.unsupported_format' => 'Unsupported image file format!'
• Extension hook custom_favicon_hash
  • setCustomFavicon() method
  • resetCustomFavicon() method
  • customFaviconExt and customFaviconDisallowDel attributes
  • example of usage: Automatic feed channel icons feature for xExtension-YouTube Extensions#337
• Extension hook custom_favicon_btn_url
  • Allows extensions to implement a button for setting a custom favicon for individual feeds by providing an URL. The URL will be sent a POST request with the extAction field set to either query_icon_info or update_icon, along with an id field which describes the feed's ID.

[Inverle]

todo:

• test on postgresql, mysql and sqlite: works on all of them
• check if the new customFavicon column gets added after applying the PR to an existing installation: works on postgresql, mysql and sqlite <--- PR is no longer using a new column (outdated TODO entry)
• make custom favicon display correctly on shared HTML query page: breaks when bookmarking just one feed, and is not related to this PR ([Bug] Favicon doesn't display in user query with a single feed #7652)
• use a view for the new action so that there is no [notice] --- File not found: /views/javascript/originalIconUrl.phtml message
• consider better styling for disabled button

[Alkarex]

I am wondering what is most demanded between uploading a favicon and providing an URL.
Maybe you could ask for feedback in e.g., #3789, #6503

[Inverle]

I am wondering what is most demanded between uploading a favicon and providing an URL.

We could have both (though what would be the use case for providing an URL instead of just downloading the desired favicon and uploading it?)

[Alkarex]

though what would be the use case for providing an URL instead of just downloading the desired favicon and uploading it?

I am not sure, but it could be interesting to have a bit of user feedback

[johnsturgeon]

It's already limited to 1MiB but we could reduce it to 512KiB maybe

IMO 1MiB is enough to keep folks from pushing icons that are orders of magnitude too large. I think the idea of a 'limit' is really to prevent something bad from happening, and there might be scenarios where a file pushes over 500k

[Inverle]

#7792