Fix bugs in anomymous mode (#3305)

* Fix bugs in anomymous mode

Login bug (submit button not working) and refresh bug (JS null
exception, and then 403).

* Take advantage of existing variable

app/FreshRSS.php

@@ -76,8 +76,9 @@ class FreshRSS extends Minz_FrontController {
 			}
 			if (!(FreshRSS_Auth::isCsrfOk() ||
 				(Minz_Request::controllerName() === 'auth' && Minz_Request::actionName() === 'login') ||
-				(Minz_Request::controllerName() === 'user' && Minz_Request::actionName() === 'create' &&
-					!FreshRSS_Auth::hasAccess('admin'))
+				(Minz_Request::controllerName() === 'user' && Minz_Request::actionName() === 'create' && !FreshRSS_Auth::hasAccess('admin')) ||
+				(Minz_Request::controllerName() === 'feed' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous_refresh) ||
+				(Minz_Request::controllerName() === 'javascript' && Minz_Request::actionName() === 'actualize' && FreshRSS_Context::$system_conf->allow_anonymous)
 				)) {
 				// Token-based protection against XSRF attacks, except for the login or self-create user forms
 				self::initI18n();

p/scripts/extra.js

@@ -51,7 +51,7 @@ function init_crypto_form() {
 
 	forgetOpenCategories();
 
-	const submit_button = document.querySelector('button[type="submit"]');
+	const submit_button = document.getElementById('loginButton');
 	submit_button.disabled = false;
 
 	crypto_form.onsubmit = function (e) {

p/scripts/main.js

@@ -1170,7 +1170,12 @@ function updateFeed(feeds, feeds_count) {
 function init_actualize() {
 	let auto = false;
 
-	document.getElementById('actualize').onclick = function () {
+	const actualize = document.getElementById('actualize');
+	if (!actualize) {
+		return;
+	}
+
+	actualize.onclick = function () {
 		if (context.ajax_loading) {
 			return false;
 		}
@@ -1226,7 +1231,7 @@ function init_actualize() {
 
 	if (context.auto_actualize_feeds) {
 		auto = true;
-		document.getElementById('actualize').click();
+		actualize.click();
 	}
 }
 // </actualize>