diff options
| author | Andrew Dolgov <[email protected]> | 2021-02-13 10:10:44 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2021-02-13 10:10:44 +0300 |
| commit | eec5871f5f0de01e7a4bf5ba69c81315a8ea88e3 (patch) | |
| tree | 928772498847fd9d87357a13f8c36e669f8b30ae | |
| parent | d3940b625962048b6a7f951ba76f872ce2c1f6d2 (diff) | |
fail better if requested article URL is blank
| -rwxr-xr-x | classes/article.php | 28 | ||||
| -rwxr-xr-x | classes/rpc.php | 17 | ||||
| -rw-r--r-- | js/Article.js | 4 | ||||
| -rw-r--r-- | js/CommonFilters.js | 2 |
4 files changed, 27 insertions, 24 deletions
diff --git a/classes/article.php b/classes/article.php index 6d3746968..7f5311668 100755 --- a/classes/article.php +++ b/classes/article.php @@ -5,7 +5,7 @@ class Article extends Handler_Protected { const ARTICLE_KIND_YOUTUBE = 3; function redirect() { - $id = clean($_REQUEST['id']); + $id = (int) clean($_REQUEST['id'] ?? 0); $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = ? AND id = ref_id AND owner_uid = ? @@ -13,11 +13,14 @@ class Article extends Handler_Protected { $sth->execute([$id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - $article_url = $row['link']; - $article_url = str_replace("\n", "", $article_url); + $article_url = UrlHelper::validate(str_replace("\n", "", $row['link'])); - header("Location: $article_url"); - return; + if ($article_url) { + header("Location: $article_url"); + } else { + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "URL of article $id is blank."; + } } else { print_error(__("Article not found.")); @@ -595,6 +598,21 @@ class Article extends Handler_Protected { </div>"; } + function get_metadata_by_id() { + $id = clean($_REQUEST['id']); + + $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries + WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); + + if ($row = $sth->fetch()) { + $link = $row['link']; + $title = $row['title']; + + echo json_encode(["link" => $link, "title" => $title]); + } + } + static function get_article_enclosures($id) { $pdo = Db::pdo(); diff --git a/classes/rpc.php b/classes/rpc.php index f8af1d660..f6b57775d 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -382,23 +382,6 @@ class RPC extends Handler_Protected { $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - function getlinktitlebyid() { - $id = clean($_REQUEST['id']); - - $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries - WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $link = $row['link']; - $title = $row['title']; - - echo json_encode(array("link" => $link, "title" => $title)); - } else { - echo json_encode(array("error" => "ARTICLE_NOT_FOUND")); - } - } - function log() { $msg = clean($_REQUEST['msg']); $file = basename(clean($_REQUEST['file'])); diff --git a/js/Article.js b/js/Article.js index 61368dfed..f8b0415b9 100644 --- a/js/Article.js +++ b/js/Article.js @@ -123,11 +123,13 @@ const Article = { Article.setActive(0); }, displayUrl: function (id) { - const query = {op: "rpc", method: "getlinktitlebyid", id: id}; + const query = {op: "article", method: "get_metadata_by_id", id: id}; xhrJson("backend.php", query, (reply) => { if (reply && reply.link) { prompt(__("Article URL:"), reply.link); + } else { + alert(__("No URL could be displayed for this article.")); } }); }, diff --git a/js/CommonFilters.js b/js/CommonFilters.js index 802cf478d..15403b8c4 100644 --- a/js/CommonFilters.js +++ b/js/CommonFilters.js @@ -332,7 +332,7 @@ const Filters = { } else { - const query = {op: "rpc", method: "getlinktitlebyid", id: Article.getActive()}; + const query = {op: "article", method: "get_metadata_by_id", id: Article.getActive()}; xhrPost("backend.php", query, (transport) => { const reply = JSON.parse(transport.responseText); |