diff options
| author | Rasmus Lerdorf <[email protected]> | 2013-05-07 00:35:10 -0700 |
|---|---|---|
| committer | Rasmus Lerdorf <[email protected]> | 2013-05-07 00:35:10 -0700 |
| commit | 6f7798b6434f5ef6073447998c436901b507e3df (patch) | |
| tree | 0dfe18b247ee81f7dbd2f4df37631dcd040edef8 /classes | |
| parent | 2c967d60237c5890549b9c9fa680ee7adec10e6a (diff) | |
Fixing bugs found by static analysis
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/api.php | 77 | ||||
| -rw-r--r-- | classes/article.php | 2 | ||||
| -rw-r--r-- | classes/auth/base.php | 2 | ||||
| -rw-r--r-- | classes/db/pdo.php | 2 | ||||
| -rw-r--r-- | classes/handler/public.php | 17 | ||||
| -rw-r--r-- | classes/pluginhost.php | 4 | ||||
| -rw-r--r-- | classes/pref/filters.php | 2 | ||||
| -rw-r--r-- | classes/pref/prefs.php | 2 | ||||
| -rw-r--r-- | classes/rpc.php | 4 | ||||
| -rw-r--r-- | classes/ttrssmailer.php | 2 |
10 files changed, 56 insertions, 58 deletions
diff --git a/classes/api.php b/classes/api.php index badd0b564..f5e4a0c5c 100644 --- a/classes/api.php +++ b/classes/api.php @@ -14,12 +14,12 @@ class API extends Handler { header("Content-Type: text/json"); if (!$_SESSION["uid"] && $method != "login" && $method != "isloggedin") { - print $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN')); + $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN')); return false; } if ($_SESSION["uid"] && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) { - print $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED')); + $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED')); return false; } @@ -38,12 +38,12 @@ class API extends Handler { function getVersion() { $rv = array("version" => VERSION); - print $this->wrap(self::STATUS_OK, $rv); + $this->wrap(self::STATUS_OK, $rv); } function getApiLevel() { $rv = array("level" => self::API_LEVEL); - print $this->wrap(self::STATUS_OK, $rv); + $this->wrap(self::STATUS_OK, $rv); } function login() { @@ -65,33 +65,33 @@ class API extends Handler { } if (!$uid) { - print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); return; } if (get_pref("ENABLE_API_ACCESS", $uid)) { if (authenticate_user($login, $password)) { // try login with normal password - print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), + $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password - print $this->wrap(self::STATUS_OK, array("session_id" => session_id(), + $this->wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in - print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); } } else { - print $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); + $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); } } function logout() { logout_user(); - print $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->wrap(self::STATUS_OK, array("status" => "OK")); } function isLoggedIn() { - print $this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != '')); + $this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != '')); } function getUnread() { @@ -99,15 +99,15 @@ class API extends Handler { $is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]); if ($feed_id) { - print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat))); + $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat))); } else { - print $this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread())); + $this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread())); } } /* Method added for ttrss-reader for Android */ function getCounters() { - print $this->wrap(self::STATUS_OK, getAllCounters()); + $this->wrap(self::STATUS_OK, getAllCounters()); } function getFeeds() { @@ -119,7 +119,7 @@ class API extends Handler { $feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested); - print $this->wrap(self::STATUS_OK, $feeds); + $this->wrap(self::STATUS_OK, $feeds); } function getCategories() { @@ -176,7 +176,7 @@ class API extends Handler { } } - print $this->wrap(self::STATUS_OK, $cats); + $this->wrap(self::STATUS_OK, $cats); } function getHeadlines() { @@ -219,9 +219,9 @@ class API extends Handler { $include_attachments, $since_id, $search, $search_mode, $include_nested, $sanitize_content); - print $this->wrap(self::STATUS_OK, $headlines); + $this->wrap(self::STATUS_OK, $headlines); } else { - print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); } } @@ -293,11 +293,11 @@ class API extends Handler { } } - print $this->wrap(self::STATUS_OK, array("status" => "OK", + $this->wrap(self::STATUS_OK, array("status" => "OK", "updated" => $num_updated)); } else { - print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); } } @@ -352,7 +352,7 @@ class API extends Handler { } } - print $this->wrap(self::STATUS_OK, $articles); + $this->wrap(self::STATUS_OK, $articles); } @@ -370,7 +370,7 @@ class API extends Handler { $config["num_feeds"] = (int)$num_feeds; - print $this->wrap(self::STATUS_OK, $config); + $this->wrap(self::STATUS_OK, $config); } function updateFeed() { @@ -380,7 +380,7 @@ class API extends Handler { update_rss_feed($feed_id, true); - print $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->wrap(self::STATUS_OK, array("status" => "OK")); } function catchupFeed() { @@ -389,13 +389,13 @@ class API extends Handler { catchup_feed($feed_id, $is_cat); - print $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->wrap(self::STATUS_OK, array("status" => "OK")); } function getPref() { $pref_name = $this->dbh->escape_string($_REQUEST["pref_name"]); - print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name))); + $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name))); } function getLabels() { @@ -432,7 +432,7 @@ class API extends Handler { "checked" => $checked)); } - print $this->wrap(self::STATUS_OK, $rv); + $this->wrap(self::STATUS_OK, $rv); } function setArticleLabel() { @@ -460,7 +460,7 @@ class API extends Handler { } } - print $this->wrap(self::STATUS_OK, array("status" => "OK", + $this->wrap(self::STATUS_OK, array("status" => "OK", "updated" => $num_updated)); } @@ -471,10 +471,10 @@ class API extends Handler { if ($plugin && method_exists($plugin, $method)) { $reply = $plugin->$method(); - print $this->wrap($reply[0], $reply[1]); + $this->wrap($reply[0], $reply[1]); } else { - print $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method)); + $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method)); } } @@ -484,9 +484,9 @@ class API extends Handler { $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"])); if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) { - print $this->wrap(self::STATUS_OK, array("status" => 'OK')); + $this->wrap(self::STATUS_OK, array("status" => 'OK')); } else { - print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed')); + $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed')); } } @@ -714,9 +714,9 @@ class API extends Handler { if ($this->dbh->num_rows($result) != 0) { Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]); - print $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->wrap(self::STATUS_OK, array("status" => "OK")); } else { - print $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND")); + $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND")); } } @@ -727,12 +727,11 @@ class API extends Handler { $password = $this->dbh->escape_string($_REQUEST["password"]); if ($feed_url) { - $rc = subscribe_to_feed($feed_url, $category_id, - $login, $password, false); + $rc = subscribe_to_feed($feed_url, $category_id, $login, $password); - print $this->wrap(self::STATUS_OK, array("status" => $rc)); + $this->wrap(self::STATUS_OK, array("status" => $rc)); } else { - print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); } } @@ -746,9 +745,9 @@ class API extends Handler { if ($pf){ $data = $pf->makefeedtree(); - print $this->wrap(self::STATUS_OK, array("categories" => $data)); + $this->wrap(self::STATUS_OK, array("categories" => $data)); } else { - print $this->wrap(self::STATUS_ERR, array("error" => + $this->wrap(self::STATUS_ERR, array("error" => 'UNABLE_TO_INSTANTIATE_OBJECT')); } diff --git a/classes/article.php b/classes/article.php index 1198eefa9..e9f86f298 100644 --- a/classes/article.php +++ b/classes/article.php @@ -215,7 +215,7 @@ class Article extends Handler_Protected { $this->dbh->query("UPDATE ttrss_user_entries SET score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); - print json_encode(array("id" => $id, + print json_encode(array("id" => $ids, "score_pic" => get_score_pic($score))); } diff --git a/classes/auth/base.php b/classes/auth/base.php index 83f99d109..c77df5157 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -16,7 +16,7 @@ class Auth_Base { // Auto-creates specified user if allowed by system configuration // Can be used instead of find_user_by_login() by external auth modules - function auto_create_user($login) { + function auto_create_user($login, $password) { if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) { $user_id = $this->find_user_by_login($login); diff --git a/classes/db/pdo.php b/classes/db/pdo.php index 59499139d..126f5150a 100644 --- a/classes/db/pdo.php +++ b/classes/db/pdo.php @@ -79,7 +79,7 @@ class Db_PDO implements IDb { } function last_error() { - return join(" ", $pdo->errorInfo()); + return join(" ", $this->pdo->errorInfo()); } function init() { diff --git a/classes/handler/public.php b/classes/handler/public.php index d5933a18c..7fa744107 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -382,9 +382,9 @@ class Handler_Public extends Handler { header('Content-Type: text/html; charset=utf-8'); print "<html><head><title>Tiny Tiny RSS</title>"; - print stylesheet_tag("utility.css"); - print javascript_tag("lib/prototype.js"); - print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"); + stylesheet_tag("utility.css"); + javascript_tag("lib/prototype.js"); + javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls"); print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> </head><body id='sharepopup'>"; @@ -643,6 +643,7 @@ class Handler_Public extends Handler { $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"])); $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]); $from = $this->dbh->escape_string($_REQUEST["from"]); + $feed_urls = array(); /* only read authentication information from POST */ @@ -666,8 +667,10 @@ class Handler_Public extends Handler { break; case 4: print_notice(__("Multiple feed URLs found.")); - - $feed_urls = get_feeds_from_html($feed_url); + $contents = @fetch_file_contents($url, false, $auth_login, $auth_pass); + if (is_html($contents)) { + $feed_urls = get_feeds_from_html($url, $contents); + } break; case 5: print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); @@ -732,8 +735,8 @@ class Handler_Public extends Handler { header('Content-Type: text/html; charset=utf-8'); print "<html><head><title>Tiny Tiny RSS</title>"; - print stylesheet_tag("utility.css"); - print javascript_tag("lib/prototype.js"); + stylesheet_tag("utility.css"); + javascript_tag("lib/prototype.js"); print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> </head><body id='forgotpass'>"; diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 8e2aefcf1..bc5dc96be 100644 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -186,7 +186,7 @@ class PluginHost { } } - function del_handler($handler, $method) { + function del_handler($handler, $method, $sender) { $handler = str_replace("-", "_", strtolower($handler)); $method = strtolower($method); @@ -252,8 +252,6 @@ class PluginHost { function load_data($force = false) { if ($this->owner_uid) { - $plugin = $this->dbh->escape_string($plugin); - $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage WHERE owner_uid = '".$this->owner_uid."'"); diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 4dbee5906..bcc7b5aec 100644 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -83,8 +83,6 @@ class Pref_Filters extends Handler_Protected { } } - $feed_title = getFeedTitle($feed); - $qfh_ret = queryFeedHeadlines(-4, 30, "", false, false, false, "date_entered DESC", 0, $_SESSION["uid"], $filter); diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index ba83a9900..fb6795957 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -747,7 +747,7 @@ class Pref_Prefs extends Handler_Protected { $system_enabled = array_map("trim", explode(",", PLUGINS)); $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS"))); - $tmppluginhost = new PluginHost(Db::get()); + $tmppluginhost = new PluginHost(); $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]); $tmppluginhost->load_data(true); diff --git a/classes/rpc.php b/classes/rpc.php index 2b07bbf91..46583feb5 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -291,7 +291,7 @@ class RPC extends Handler_Protected { $reply = array(); - if ($seq) $reply['seq'] = $seq; + if (!empty($_REQUEST['seq'])) $reply['seq'] = (int) $_REQUEST['seq']; if ($last_article_id != getLastArticleId()) { $reply['counters'] = getAllCounters(); @@ -464,7 +464,7 @@ class RPC extends Handler_Protected { $id = 0; } - print_feed_cat_select("cat_id", $id); + print_feed_cat_select("cat_id", $id, ''); } // Silent diff --git a/classes/ttrssmailer.php b/classes/ttrssmailer.php index fd7f969aa..1e8d07723 100644 --- a/classes/ttrssmailer.php +++ b/classes/ttrssmailer.php @@ -28,7 +28,7 @@ class ttrssMailer extends PHPMailer { $this->Host = $pair[0];
$this->Port = $pair[1];
- if (!$Port) $Port = 25;
+ if (!$this->Port) $this->Port = 25;
} else {
$this->Host = '';
$this->Port = '';
|