diff options
author | Andrew Dolgov <[email protected]> | 2021-02-13 10:10:44 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2021-02-13 10:10:44 +0300 |
commit | eec5871f5f0de01e7a4bf5ba69c81315a8ea88e3 (patch) | |
tree | 928772498847fd9d87357a13f8c36e669f8b30ae /classes | |
parent | d3940b625962048b6a7f951ba76f872ce2c1f6d2 (diff) |
fail better if requested article URL is blank
Diffstat (limited to 'classes')
-rwxr-xr-x | classes/article.php | 28 | ||||
-rwxr-xr-x | classes/rpc.php | 17 |
2 files changed, 23 insertions, 22 deletions
diff --git a/classes/article.php b/classes/article.php index 6d3746968..7f5311668 100755 --- a/classes/article.php +++ b/classes/article.php @@ -5,7 +5,7 @@ class Article extends Handler_Protected { const ARTICLE_KIND_YOUTUBE = 3; function redirect() { - $id = clean($_REQUEST['id']); + $id = (int) clean($_REQUEST['id'] ?? 0); $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = ? AND id = ref_id AND owner_uid = ? @@ -13,11 +13,14 @@ class Article extends Handler_Protected { $sth->execute([$id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - $article_url = $row['link']; - $article_url = str_replace("\n", "", $article_url); + $article_url = UrlHelper::validate(str_replace("\n", "", $row['link'])); - header("Location: $article_url"); - return; + if ($article_url) { + header("Location: $article_url"); + } else { + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "URL of article $id is blank."; + } } else { print_error(__("Article not found.")); @@ -595,6 +598,21 @@ class Article extends Handler_Protected { </div>"; } + function get_metadata_by_id() { + $id = clean($_REQUEST['id']); + + $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries + WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); + + if ($row = $sth->fetch()) { + $link = $row['link']; + $title = $row['title']; + + echo json_encode(["link" => $link, "title" => $title]); + } + } + static function get_article_enclosures($id) { $pdo = Db::pdo(); diff --git a/classes/rpc.php b/classes/rpc.php index f8af1d660..f6b57775d 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -382,23 +382,6 @@ class RPC extends Handler_Protected { $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - function getlinktitlebyid() { - $id = clean($_REQUEST['id']); - - $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries - WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $link = $row['link']; - $title = $row['title']; - - echo json_encode(array("link" => $link, "title" => $title)); - } else { - echo json_encode(array("error" => "ARTICLE_NOT_FOUND")); - } - } - function log() { $msg = clean($_REQUEST['msg']); $file = basename(clean($_REQUEST['file'])); |