Make update URL readonly (#7477)

The security risks look higher than the minor convinience
Modify https://github.com/FreshRSS/FreshRSS/pull/1024

app/Controllers/configureController.php

@@ -505,7 +505,6 @@ class FreshRSS_configure_Controller extends FreshRSS_ActionController {
 			$limits['cookie_duration'] = Minz_Request::paramInt('cookie-duration') ?: FreshRSS_Auth::DEFAULT_COOKIE_DURATION;
 			FreshRSS_Context::systemConf()->limits = $limits;
 			FreshRSS_Context::systemConf()->title = Minz_Request::paramString('instance-name') ?: 'FreshRSS';
-			FreshRSS_Context::systemConf()->auto_update_url = Minz_Request::paramString('auto-update-url');
 			FreshRSS_Context::systemConf()->force_email_validation = Minz_Request::paramBoolean('force-email-validation');
 			FreshRSS_Context::systemConf()->save();
 

app/Models/SystemConfiguration.php

@@ -9,7 +9,7 @@ declare(strict_types=1);
  * @property bool $api_enabled
  * @property string $archiving
  * @property 'form'|'http_auth'|'none' $auth_type
- * @property string $auto_update_url
+ * @property-read string $auto_update_url
  * @property-read array<int,mixed> $curl_options
  * @property string $default_user
  * @property string $email_validation_token

app/views/configure/system.phtml

@@ -40,8 +40,7 @@
 		<div class="form-group">
 			<label class="group-name" for="auto-update-url"><?= _t('admin.system.auto-update-url') ?></label>
 			<div class="group-controls">
-				<input type="text" id="auto-update-url" name="auto-update-url" value="<?= FreshRSS_Context::systemConf()->auto_update_url ?>"
-					data-leave-validation="<?= FreshRSS_Context::systemConf()->auto_update_url ?>"/>
+				<input type="text" id="auto-update-url" name="auto-update-url" disabled="disabled" value="<?= FreshRSS_Context::systemConf()->auto_update_url ?>" />
 			</div>
 		</div>