diff options
| author | Andrew Dolgov <[email protected]> | 2010-11-08 13:11:56 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2010-11-08 13:15:00 +0300 |
| commit | 8801fb017ccd6e2c052ab449eed3ee1eb5b7e982 (patch) | |
| tree | 97ce0dfd050cb22fc999c546bb9a9b8ce5277e89 /modules | |
| parent | 811bea05221c3704037eaba860a70f42eb45994b (diff) | |
replace old-style published feed with universal secretkey-based approach used for all feeds; do not allow user/pass handling in generated feed urls; bump schema
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/backend-rpc.php | 33 | ||||
| -rw-r--r-- | modules/popup-dialog.php | 60 | ||||
| -rw-r--r-- | modules/pref-feeds.php | 12 |
3 files changed, 56 insertions, 49 deletions
diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 4a82a888b..1bf41d299 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -464,25 +464,11 @@ return; } - if ($subop == "regenPubKey") { - - print "<rpc-reply>"; - - set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]); - - $new_link = article_publish_url($link); - - print "<link><![CDATA[$new_link]]></link>"; - - print "</rpc-reply>"; - - return; - } - if ($subop == "regenOPMLKey") { print "<rpc-reply>"; - set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]); + set_pref($link, " _PREFS_OPML_PUBLISH_KEY", + sha1(uniqid(rand(), true)), $_SESSION["uid"]); $new_link = opml_publish_url($link); print "<link><![CDATA[$new_link]]></link>"; print "</rpc-reply>"; @@ -1119,6 +1105,21 @@ return; } + if ($subop == "regenFeedKey") { + $feed_id = db_escape_string($_REQUEST['id']); + $is_cat = (bool) db_escape_string($_REQUEST['is_cat']); + + print "<rpc-reply>"; + + $new_key = update_feed_access_key($link, $feed_id, $is_cat); + + print "<link><![CDATA[$new_key]]></link>"; + + print "</rpc-reply>"; + + return; + } + print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>"; } ?> diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php index 54f4a3e61..61efd4c99 100644 --- a/modules/popup-dialog.php +++ b/modules/popup-dialog.php @@ -158,33 +158,6 @@ return; } - if ($id == "pubUrl") { - - print "<div id=\"infoBoxTitle\">".__('Published Articles')."</div>"; - print "<div class=\"infoBoxContents\">"; - - $url_path = article_publish_url($link); - - print __("Your Published articles feed URL is:"); - - print "<div class=\"tagCloudContainer\">"; - print "<a id='pub_feed_url' href='$url_path' target='_blank'>$url_path</a>"; - print "</div>"; - - print "<div align='center'>"; - - print "<button onclick=\"return pubRegenKey()\">". - __('Generate new URL')."</button> "; - - print "<input class=\"button\" - type=\"submit\" onclick=\"return closeInfoBox()\" - value=\"".__('Close this window')."\">"; - - print "</div></div>"; - - return; - } - if ($id == "pubOPMLUrl") { print "<div id=\"infoBoxTitle\">".__('Public OPML URL')."</div>"; @@ -777,6 +750,39 @@ return; } + if ($id == "generatedFeed") { + + print "<div id=\"infoBoxTitle\">".__('View as RSS')."</div>"; + print "<div class=\"infoBoxContents\">"; + + $params = explode(":", $param, 3); + $feed_id = db_escape_string($params[0]); + $is_cat = (bool) $params[1]; + + $key = get_feed_access_key($link, $feed_id, $is_cat); + + $url_path = htmlspecialchars($params[2]) . "&key=" . $key; + + print __("You can view this feed as RSS using the following URL:"); + + print "<div class=\"tagCloudContainer\">"; + print "<a id='gen_feed_url' href='$url_path' target='_blank'>$url_path</a>"; + print "</div>"; + + print "<div align='center'>"; + + print "<button onclick=\"return genUrlChangeKey('$feed_id', '$is_cat')\">". + __('Generate new URL')."</button> "; + + print "<input class=\"button\" + type=\"submit\" onclick=\"return closeInfoBox()\" + value=\"".__('Close this window')."\">"; + + print "</div></div>"; + + return; + } + print "<div id='infoBoxTitle'>Internal Error</div> <div id='infoBoxContents'> <p>Unknown dialog <b>$id</b></p> diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php index 7a436cfd2..de9166fe4 100644 --- a/modules/pref-feeds.php +++ b/modules/pref-feeds.php @@ -1447,7 +1447,8 @@ __('Export OPML')."</button>"; if (!get_pref($link, "_PREFS_OPML_PUBLISH_KEY")){ - set_pref($link, "_PREFS_OPML_PUBLISH_KEY", generate_publish_key()); + set_pref($link, "_PREFS_OPML_PUBLISH_KEY", + sha1(uniqid(rand(), true))); } print "<p>".__('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.'); @@ -1489,13 +1490,12 @@ print "<h3>".__("Published articles")."</h3>"; - if (!get_pref($link, "_PREFS_PUBLISH_KEY")) { - set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key()); - } - print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>"; - print "<button onclick=\"return displayDlg('pubUrl')\">". + $rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() . + "/backend.php?op=rss&id=-2&view-mode=all_articles");; + + print "<button onclick=\"return displayDlg('generatedFeed', '$rss_url')\">". __('Display URL')."</button> "; |