diff options
author | Art4 <[email protected]> | 2015-02-19 23:17:43 +0100 |
---|---|---|
committer | Art4 <[email protected]> | 2015-02-19 23:17:43 +0100 |
commit | d9c042c4c536f1afbf206aeea09b0b127b7b6418 (patch) | |
tree | 9d7ef18c6d9d4c8f8f4d1c9a5dbfceeb9fd5acf4 /include | |
parent | cf42b79120290ee5866136a0c4656e6999f06045 (diff) | |
parent | 4ca621a36016de1fbb5447e1c1de0b607ba94a7c (diff) |
Merge branch 'master' into patch-1
Conflicts:
locale/de_DE/LC_MESSAGES/messages.po
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 15 | ||||
-rw-r--r-- | include/functions2.php | 113 | ||||
-rw-r--r-- | include/rssfuncs.php | 18 | ||||
-rw-r--r-- | include/sanity_config.php | 4 | ||||
-rw-r--r-- | include/sessions.php | 8 | ||||
-rw-r--r-- | include/version.php | 6 |
6 files changed, 106 insertions, 58 deletions
diff --git a/include/functions.php b/include/functions.php index d783bd853..35124ba08 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1,6 +1,6 @@ <?php define('EXPECTED_CONFIG_VERSION', 26); - define('SCHEMA_VERSION', 126); + define('SCHEMA_VERSION', 127); define('LABEL_BASE_INDEX', -1024); define('PLUGIN_FEED_BASE_INDEX', -128); @@ -14,6 +14,8 @@ $fetch_curl_used = false; $suppress_debugging = false; + libxml_disable_entity_loader(true); + mb_internal_encoding("UTF-8"); date_default_timezone_set('UTC'); if (defined('E_DEPRECATED')) { @@ -357,6 +359,9 @@ $url = ltrim($url, ' '); $url = str_replace(' ', '%20', $url); + if (strpos($url, "//") === 0) + $url = 'http:' . $url; + if (!defined('NO_CURL') && function_exists('curl_init')) { $fetch_curl_used = true; @@ -403,10 +408,6 @@ curl_setopt($ch, CURLOPT_POSTFIELDS, $post_query); } - if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) { - curl_setopt($ch, CURLOPT_SSLVERSION, 3); - } - if ($login && $pass) curl_setopt($ch, CURLOPT_USERPWD, "$login:$pass"); @@ -805,10 +806,6 @@ function initialize_user($uid) { db_query("insert into ttrss_feeds (owner_uid,title,feed_url) - values ('$uid', 'Tiny Tiny RSS: New Releases', - 'http://tt-rss.org/releases.rss')"); - - db_query("insert into ttrss_feeds (owner_uid,title,feed_url) values ('$uid', 'Tiny Tiny RSS: Forum', 'http://tt-rss.org/forum/rss.php')"); } diff --git a/include/functions2.php b/include/functions2.php index 69f447e8c..17d8acb3e 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -17,7 +17,10 @@ $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY"); $params["bw_limit"] = (int) $_SESSION["bw_limit"]; $params["label_base_index"] = (int) LABEL_BASE_INDEX; - $params["theme"] = get_pref("USER_CSS_THEME", false, false); + + $theme = get_pref( "USER_CSS_THEME", false, false); + $params["theme"] = theme_valid("$theme") ? $theme : ""; + $params["plugins"] = implode(", ", PluginHost::getInstance()->get_plugin_names()); $params["php_platform"] = PHP_OS; @@ -200,6 +203,26 @@ return array($prefixes, $hotkeys); } + function check_for_update() { + if (defined("GIT_VERSION_TIMESTAMP")) { + $content = @fetch_file_contents("http://tt-rss.org/version.json"); + + if ($content) { + $content = json_decode($content, true); + + if ($content && isset($content["changeset"])) { + if ((int)GIT_VERSION_TIMESTAMP < (int)$content["changeset"]["timestamp"] && + GIT_VERSION_HEAD != $content["changeset"]["id"]) { + + return $content["changeset"]["id"]; + } + } + } + } + + return ""; + } + function make_runtime_info() { $data = array(); @@ -218,6 +241,15 @@ $data['dep_ts'] = calculate_dep_timestamp(); $data['reload_on_ts_change'] = !defined('_NO_RELOAD_ON_TS_CHANGE'); + + if (CHECK_FOR_UPDATES && $_SESSION["last_version_check"] + 86400 + rand(-1000, 1000) < time()) { + $update_result = @check_for_update(); + + $data["update_result"] = $update_result; + + $_SESSION["last_version_check"] = time(); + } + if (file_exists(LOCK_DIRECTORY . "/update_daemon.lock")) { $data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock"); @@ -245,15 +277,6 @@ } } - if ($_SESSION["last_version_check"] + 86400 + rand(-1000, 1000) < time()) { - $new_version_details = @check_for_update(); - - $data['new_version_available'] = (int) ($new_version_details != false); - - $_SESSION["last_version_check"] = time(); - $_SESSION["version_data"] = $new_version_details; - } - return $data; } @@ -826,6 +849,21 @@ } + function iframe_whitelisted($entry) { + $whitelist = array("youtube.com", "youtu.be", "vimeo.com"); + + @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); + + if ($src) { + foreach ($whitelist as $w) { + if ($src == $w || $src == "www.$w") + return true; + } + } + + return false; + } + function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner) $owner = $_SESSION["uid"]; @@ -894,8 +932,15 @@ $entries = $xpath->query('//iframe'); foreach ($entries as $entry) { - $entry->setAttribute('sandbox', 'allow-scripts'); - + if (!iframe_whitelisted($entry)) { + $entry->setAttribute('sandbox', 'allow-scripts'); + } else { + if ($_SERVER['HTTPS'] == "on") { + $entry->setAttribute("src", + str_replace("http://", "https://", + $entry->getAttribute("src"))); + } + } } $allowed_elements = array('a', 'address', 'audio', 'article', 'aside', @@ -994,25 +1039,6 @@ return $doc; } - function check_for_update() { - if (CHECK_FOR_NEW_VERSION && $_SESSION['access_level'] >= 10) { - $version_url = "http://tt-rss.org/version.php?ver=" . VERSION . - "&iid=" . sha1(SELF_URL_PATH); - - $version_data = @fetch_file_contents($version_url); - - if ($version_data) { - $version_data = json_decode($version_data, true); - if ($version_data && $version_data['version']) { - if (version_compare(VERSION_STATIC, $version_data['version']) == -1) { - return $version_data; - } - } - } - } - return false; - } - function catchupArticlesById($ids, $cmode, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -1958,8 +1984,8 @@ } function getLastArticleId() { - $result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries - WHERE owner_uid = " . $_SESSION["uid"]); + $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries + WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1"); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "id"); @@ -2243,10 +2269,6 @@ curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY); } - if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) { - curl_setopt($curl, CURLOPT_SSLVERSION, 3); - } - $html = curl_exec($curl); $status = curl_getinfo($curl); @@ -2404,4 +2426,21 @@ return LABEL_BASE_INDEX - 1 + abs($feed); } + function theme_valid($file) { + if ($file == "default.css" || $file == "night.css") return true; // needed for array_filter + $file = "themes/" . basename($file); + + if (file_exists($file) && is_readable($file)) { + $fh = fopen($file, "r"); + + if ($fh) { + $header = fgets($fh); + fclose($fh); + + return strpos($header, "supports-version:" . VERSION_STATIC) !== FALSE; + } + } + + return false; + } ?> diff --git a/include/rssfuncs.php b/include/rssfuncs.php index 6d9247a7b..9d3d89c7f 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -481,7 +481,7 @@ if (!$registered_title || $registered_title == "[Unknown]") { - $feed_title = db_escape_string($rss->get_title()); + $feed_title = db_escape_string(mb_substr($rss->get_title(), 0, 199)); if ($feed_title) { _debug("registering title: $feed_title", $debug_enabled); @@ -683,6 +683,7 @@ "link" => $entry_link, "tags" => $entry_tags, "author" => $entry_author, + "force_catchup" => false, // ugly hack for the time being "language" => $entry_language, // read only "feed" => array("id" => $feed, "fetch_url" => $fetch_url, @@ -707,7 +708,11 @@ db_query("UPDATE ttrss_entries SET date_updated = NOW() WHERE id = '$base_entry_id'"); - continue; + // if we allow duplicate posts, we have to continue to + // create the user entries for this feed + if (!get_pref("ALLOW_DUPLICATE_POSTS", $owner_uid, false)) { + continue; + } } _debug("hash differs, applying plugin filters:", $debug_enabled); @@ -733,6 +738,9 @@ $entry_author = db_escape_string($article["author"]); $entry_link = db_escape_string($article["link"]); $entry_content = $article["content"]; // escaped below + $entry_force_catchup = $article["force_catchup"]; + + _debug("force catchup: $entry_force_catchup"); if ($cache_images && is_writable(CACHE_DIR . '/images')) cache_images($entry_content, $site_url, $debug_enabled); @@ -857,7 +865,7 @@ _debug("user record not found, creating...", $debug_enabled); - if ($score >= -500 && !find_article_filter($article_filters, 'catchup')) { + if ($score >= -500 && !find_article_filter($article_filters, 'catchup') && !$entry_force_catchup) { $unread = 'true'; $last_read_qpart = 'NULL'; } else { @@ -879,7 +887,7 @@ // N-grams - if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_DUPLICATE_THRESHOLD')) { + /* if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_DUPLICATE_THRESHOLD')) { $result = db_query("SELECT COUNT(*) AS similar FROM ttrss_entries,ttrss_user_entries @@ -894,7 +902,7 @@ if ($ngram_similar > 0) { $unread = 'false'; } - } + } */ $last_marked = ($marked == 'true') ? 'NOW()' : 'NULL'; $last_published = ($published == 'true') ? 'NOW()' : 'NULL'; diff --git a/include/sanity_config.php b/include/sanity_config.php index 76fba4b81..6120e5fe0 100644 --- a/include/sanity_config.php +++ b/include/sanity_config.php @@ -1,3 +1,3 @@ -<?php # This file has been generated at: Fri Sep 27 13:42:37 MSK 2013 +<?php # This file has been generated at: Tue Feb 3 14:45:46 MSK 2015 define('GENERATED_CONFIG_CHECK', 26); -$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_NEW_VERSION', 'DETECT_ARTICLE_LANGUAGE', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?> +$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'DETECT_ARTICLE_LANGUAGE', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?> diff --git a/include/sessions.php b/include/sessions.php index 66214afe7..30d502641 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -39,7 +39,7 @@ function validate_session() { if (SINGLE_USER_MODE) return true; - if (VERSION_STATIC != $_SESSION["version"]) return false; + //if (VERSION_STATIC != $_SESSION["version"]) return false; $check_ip = $_SESSION['ip_address']; @@ -62,17 +62,17 @@ return false; } - if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) { + if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version(true)) { $_SESSION["login_error_msg"] = __("Session failed to validate (schema version changed)"); return false; } - if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) { + /* if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) { $_SESSION["login_error_msg"] = __("Session failed to validate (user agent changed)"); return false; - } + } */ if ($_SESSION["uid"]) { $result = Db::get()->query( diff --git a/include/version.php b/include/version.php index 8d7cf2de7..34c11e6e7 100644 --- a/include/version.php +++ b/include/version.php @@ -1,5 +1,5 @@ <?php - define('VERSION_STATIC', '1.13'); + define('VERSION_STATIC', '1.15.3'); function get_version() { date_default_timezone_set('UTC'); @@ -8,6 +8,10 @@ if (is_dir("$root_dir/.git") && file_exists("$root_dir/.git/refs/heads/master")) { $suffix = substr(trim(file_get_contents("$root_dir/.git/refs/heads/master")), 0, 7); + $timestamp = filemtime("$root_dir/.git/refs/heads/master"); + + define("GIT_VERSION_HEAD", $suffix); + define("GIT_VERSION_TIMESTAMP", $timestamp); return VERSION_STATIC . ".$suffix"; } else { |