replace old-style published feed with universal secretkey-based approach used for all feeds; do not allow user/pass handling in generated feed urls; bump schema

author: Andrew Dolgov <[email protected]> 2010-11-08 13:11:56 +0300
committer: Andrew Dolgov <[email protected]> 2010-11-08 13:15:00 +0300
commit: 8801fb017ccd6e2c052ab449eed3ee1eb5b7e982 (patch)
tree: 97ce0dfd050cb22fc999c546bb9a9b8ce5277e89 /functions.php
parent: 811bea05221c3704037eaba860a70f42eb45994b (diff)
1 files changed, 76 insertions, 24 deletions
diff --git a/functions.php b/functions.php
index c81026ae4..059e968af 100644
--- a/functions.php
+++ b/functions.php
@@ -4203,12 +4203,19 @@
 				$search_q = "";
 			}
 
-			$rss_link = "backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q";
+			$rss_link = htmlspecialchars(get_self_url_prefix() . 
+				"/backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q");
+
+			#print "
+			#	<a target=\"_blank\"
+			#		title=\"".__("View as RSS feed")."\"
+			#		href=\"$rss_link\">
+			#		<img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
 
 			print "
-				<a target=\"_blank\"
+				<a href=\"#\"
 					title=\"".__("View as RSS feed")."\"
-					href=\"$rss_link\">
+					onclick=\"displayDlg('generatedFeed', '$feed_id:$is_cat:$rss_link')\">
 					<img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
 
 			print "</div>";
@@ -5110,9 +5117,9 @@
 
 		$vgroup_last_feed = $vgr_last_feed;
 
-		if ($feed == -2) {
+/*		if ($feed == -2) {
 			$feed_site_url = article_publish_url($link);
-		}
+		} */
 
 		/// STOP //////////////////////////////////////////////////////////////////////////////////
 
@@ -5730,15 +5737,10 @@
 		return $tag;
 	}
 
-	function generate_publish_key() {
-		return sha1(uniqid(rand(), true));
-	}
-
-	function article_publish_url($link) {
+	function get_self_url_prefix() {
 
 		$url_path = "";
-		
-
+	
 		if ($_SERVER['HTTPS'] != "on") {
 			$url_path = "http://";
 		} else {
@@ -5746,22 +5748,13 @@
 		}
 
 		$url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
-		$url_path .= "/backend.php?op=publish&key=" . 
-			get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
 
 		return $url_path;
-	}
-        function opml_publish_url($link){
-		$url_path = "";
-		
 
-		if ($_SERVER['HTTPS'] != "on") {
-			$url_path = "http://";
-		} else {
-			$url_path = "https://";
-		}
+	}
+	function opml_publish_url($link){
 
-		$url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
+		$url_path = get_self_url_prefix();
 		$url_path .= "/opml.php?op=publish&key=" . 
 			get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
 
@@ -6368,6 +6361,13 @@
 
 		if (db_affected_rows($link, $result) != 0 && $caption) {
 
+			/* Remove access key for the label */
+
+			$ext_id = -11 - $id;
+
+			db_query($link, "DELETE FROM ttrss_access_keys WHERE
+				feed_id = '$ext_id' AND owner_uid = $owner_uid");
+
 			/* Disable filters that reference label being removed */
 	
 			db_query($link, "UPDATE ttrss_filters SET
@@ -6559,6 +6559,11 @@
 				orig_feed_id = '$id' WHERE feed_id = '$id' AND 
 					marked = true AND owner_uid = $owner_uid");
 
+			/* Remove access key for the feed */
+
+			db_query($link, "DELETE FROM ttrss_access_keys WHERE
+				feed_id = '$id' AND owner_uid = $owner_uid");
+
 			/* remove the feed */
 
 			db_query($link, "DELETE FROM ttrss_feeds 
@@ -6899,4 +6904,51 @@
 		if (!in_array($email, $_SESSION['stored_emails']))
 			array_push($_SESSION['stored_emails'], $email);
 	}
+
+	function update_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
+		if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+
+		$sql_is_cat = bool_to_sql_bool($is_cat);
+
+		$result = db_query($link, "SELECT access_key FROM ttrss_access_keys 
+			WHERE feed_id = '$feed_id'	AND is_cat = $sql_is_cat 
+			AND owner_uid = " . $owner_uid);
+
+		if (db_num_rows($result) == 1) {
+			$key = db_escape_string(sha1(uniqid(rand(), true)));
+
+			db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key'
+				WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat 
+				AND owner_uid = " . $owner_uid);
+
+			return $key;
+
+		} else {
+			return get_feed_access_key($link, $feed_id, $is_cat, $owner_uid);
+		}
+	}
+
+	function get_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
+
+		if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+
+		$sql_is_cat = bool_to_sql_bool($is_cat);
+
+		$result = db_query($link, "SELECT access_key FROM ttrss_access_keys 
+			WHERE feed_id = '$feed_id'	AND is_cat = $sql_is_cat 
+			AND owner_uid = " . $owner_uid);
+
+		if (db_num_rows($result) == 1) {
+			return db_fetch_result($result, 0, "access_key");
+		} else {
+			$key = db_escape_string(sha1(uniqid(rand(), true)));
+
+			$result = db_query($link, "INSERT INTO ttrss_access_keys 
+				(access_key, feed_id, is_cat, owner_uid)
+				VALUES ('$key', '$feed_id', $sql_is_cat, '$owner_uid')");
+
+			return $key;
+		}
+		return false;
+	}
 ?>
author	Andrew Dolgov <[email protected]>	2010-11-08 13:11:56 +0300
committer	Andrew Dolgov <[email protected]>	2010-11-08 13:15:00 +0300
commit	8801fb017ccd6e2c052ab449eed3ee1eb5b7e982 (patch)
tree	97ce0dfd050cb22fc999c546bb9a9b8ce5277e89 /functions.php
parent	811bea05221c3704037eaba860a70f42eb45994b (diff)