10 files changed, 79 insertions, 71 deletions

diff --git a/classes/article.php b/classes/article.php
index 70ecd2653..90ca129b9 100644
--- a/classes/article.php
+++ b/classes/article.php
@@ -1,5 +1,5 @@
 <?php

-class Article extends Handler {

+class Article extends Protected_Handler {

 

 	function redirect() {

 		$id = db_escape_string($_REQUEST['id']);

diff --git a/classes/dlg.php b/classes/dlg.php
index 3a66bf129..dce583e01 100644
--- a/classes/dlg.php
+++ b/classes/dlg.php
@@ -1,7 +1,7 @@
 <?php
-class Dlg extends Handler {
+class Dlg extends Protected_Handler {
 	private $param;
-	
+
 	function before() {
 		if (parent::before()) {
 			header("Content-Type: text/xml; charset=utf-8");
@@ -11,14 +11,14 @@ class Dlg extends Handler {
 		}
 		return false;
 	}
-	
+
 	function after() {
 		print "</dlg>";
 	}
 
 	function importOpml() {
 		header("Content-Type: text/html"); # required for iframe
-		
+
 		print "<div class=\"prefFeedOPMLHolder\">";
 		$owner_uid = $_SESSION["uid"];
 
@@ -534,7 +534,7 @@ class Dlg extends Handler {
 	}
 
 	function inactiveFeeds() {
-	
+
 		if (DB_TYPE == "pgsql") {
 			$interval_qpart = "NOW() - INTERVAL '3 months'";
 		} else {
@@ -714,7 +714,7 @@ class Dlg extends Handler {
 	}
 
 	function printTagSelect() {
-	
+
 		print "<title>" . __('Select item(s) by tags') . "</title>";
 		print "<content><![CDATA[";
 
@@ -851,7 +851,7 @@ class Dlg extends Handler {
 	}
 
 	function generatedFeed() {
-	
+
 		print "<title>".__('View as RSS')."</title>";
 		print "<content><![CDATA[";
 
@@ -884,7 +884,7 @@ class Dlg extends Handler {
 	}
 
 	function newVersion() {
-	
+
 		$version_data = check_for_update($this->link);
 		$version = $version_data['version'];
 		$id = $version_data['version_id'];
diff --git a/classes/feeds.php b/classes/feeds.php
index a654c92ae..f4d19c00c 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -1,11 +1,11 @@
 <?php

-class Feeds extends Handler {

-	

+class Feeds extends Protected_Handler {

+

 	function catchupAll() {

 		db_query($this->link, "UPDATE ttrss_user_entries SET

 						last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);

 		ccache_zero_all($this->link, $_SESSION["uid"]);

-	}	

+	}

 

 	function collapse() {

 		$cat_id = db_escape_string($_REQUEST["cid"]);

@@ -15,36 +15,36 @@ class Feeds extends Handler {
 

 	function index() {

 		$root = (bool)$_REQUEST["root"];

-	

+

 		if (!$root) {

 			print json_encode(outputFeedList($this->link));

 		} else {

-		

+

 			$feeds = outputFeedList($this->link, false);

-		

+

 			$root = array();

 			$root['id'] = 'root';

 			$root['name'] = __('Feeds');

 			$root['items'] = $feeds['items'];

-		

+

 			$fl = array();

 			$fl['identifier'] = 'id';

 			$fl['label'] = 'name';

 			$fl['items'] = array($root);

-		

+

 			print json_encode($fl);

 		}

-	}	

-	

+	}

+

 	function view() {

 		$timing_info = getmicrotime();

-		

+

 		$reply = array();

-		

+

 		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);

-		

+

 		$omode = db_escape_string($_REQUEST["omode"]);

-		

+

 		$feed = db_escape_string($_REQUEST["feed"]);

 		$method = db_escape_string($_REQUEST["m"]);

 		$view_mode = db_escape_string($_REQUEST["view_mode"]);

@@ -54,19 +54,19 @@ class Feeds extends Handler {
 		@$offset = db_escape_string($_REQUEST["skip"]);

 		@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);

 		$order_by = db_escape_string($_REQUEST["order_by"]);

-		

+

 		if (is_numeric($feed)) $feed = (int) $feed;

-		

+

 		/* Feed -5 is a special case: it is used to display auxiliary information

 		 * when there's nothing to load - e.g. no stuff in fresh feed */

-		

+

 		if ($feed == -5) {

 			print json_encode(generate_dashboard_feed($this->link));

 			return;

 		}

-		

+

 		$result = false;

-		

+

 		if ($feed < -10) {

 			$label_feed = -11-$feed;

 			$result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE

@@ -78,45 +78,45 @@ class Feeds extends Handler {
 			$result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE

 							id = '$feed' AND owner_uid = " . $_SESSION['uid']);

 		}

-		

+

 		if ($result && db_num_rows($result) == 0) {

 			print json_encode(generate_error_feed($this->link, __("Feed not found.")));

 			return;

 		}

-		

+

 		/* Updating a label ccache means recalculating all of the caches

 		 * so for performance reasons we don't do that here */

-		

+

 		if ($feed >= 0) {

 			ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view);

 		}

-		

+

 		set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode);

 		set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit);

 		set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by);

-		

+

 		if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) {

 			db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW()

 							WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);

 		}

-		

+

 		$reply['headlines'] = array();

-		

+

 		if (!$next_unread_feed)

 			$reply['headlines']['id'] = $feed;

 		else

 			$reply['headlines']['id'] = $next_unread_feed;

-		

+

 		$reply['headlines']['is_cat'] = (bool) $cat_view;

-		

+

 		$override_order = false;

-		

+

 		if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {

 			$date_sort_field = "updated";

 		} else {

 			$date_sort_field = "date_entered";

 		}

-		

+

 		switch ($order_by) {

 			case "date":

 				if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {

@@ -125,7 +125,7 @@ class Feeds extends Handler {
 					$override_order = "$date_sort_field DESC";

 				}

 				break;

-		

+

 			case "title":

 				if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {

 					$override_order = "title DESC, $date_sort_field";

@@ -133,7 +133,7 @@ class Feeds extends Handler {
 					$override_order = "title, $date_sort_field DESC";

 				}

 				break;

-		

+

 			case "score":

 				if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {

 					$override_order = "score, $date_sort_field";

@@ -142,46 +142,46 @@ class Feeds extends Handler {
 				}

 				break;

 		}

-		

+

 		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info);

-		

+

 		$ret = format_headlines_list($this->link, $feed, $method,

 			$view_mode, $limit, $cat_view, $next_unread_feed, $offset,

 			$vgroup_last_feed, $override_order);

-		

+

 		$topmost_article_ids = $ret[0];

 		$headlines_count = $ret[1];

 		$returned_feed = $ret[2];

 		$disable_cache = $ret[3];

 		$vgroup_last_feed = $ret[4];

-		

+

 		$reply['headlines']['content'] =& $ret[5]['content'];

 		$reply['headlines']['toolbar'] =& $ret[5]['toolbar'];

-		

+

 		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info);

-		

+

 		$reply['headlines-info'] = array("count" => (int) $headlines_count,

 						"vgroup_last_feed" => $vgroup_last_feed,

 						"disable_cache" => (bool) $disable_cache);

-		

+

 		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info);

-		

+

 		if (is_array($topmost_article_ids) && !get_pref($this->link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) {

 			$articles = array();

-		

+

 			foreach ($topmost_article_ids as $id) {

 				array_push($articles, format_article($this->link, $id, false));

 			}

-		

+

 			$reply['articles'] = $articles;

 		}

-		

+

 		if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info);

-		

+

 		$reply['runtime-info'] = make_runtime_info($this->link);

-		

+

 		print json_encode($reply);

-		

+

 	}

 }

-?>
\ No newline at end of file
+?>

diff --git a/classes/pref_feeds.php b/classes/pref_feeds.php
index bf15bf25a..783d29f79 100644
--- a/classes/pref_feeds.php
+++ b/classes/pref_feeds.php
@@ -1,5 +1,5 @@
 <?php
-class Pref_Feeds extends Handler {
+class Pref_Feeds extends Protected_Handler {
 	function batch_edit_cbox($elem, $label = false) {
 		print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\"
 			onchange=\"dijit.byId('feedEditDlg').toggleField(this, '$elem', '$label')\">";
@@ -529,7 +529,7 @@ class Pref_Feeds extends Handler {
 		global $purge_intervals;
 		global $update_intervals;
 		global $update_methods;
-			
+
 		$feed_ids = db_escape_string($_REQUEST["ids"]);
 
 		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"ids\" value=\"$feed_ids\">";
@@ -688,13 +688,13 @@ class Pref_Feeds extends Handler {
 	function batchEditSave() {
 		return editsaveops(true);
 	}
-		
+
 	function editSave() {
 		return editsaveops(false);
 	}
-	
-	function editsaveops($batch) {	
-		
+
+	function editsaveops($batch) {
+
 		$feed_title = db_escape_string(trim($_POST["title"]));
 		$feed_link = db_escape_string(trim($_POST["feed_url"]));
 		$upd_intl = (int) db_escape_string($_POST["update_interval"]);
diff --git a/classes/pref_filters.php b/classes/pref_filters.php
index 754e8d211..fdae5f59e 100644
--- a/classes/pref_filters.php
+++ b/classes/pref_filters.php
@@ -1,5 +1,5 @@
 <?php
-class Pref_Filters extends Handler {
+class Pref_Filters extends Protected_Handler {
 
 	function filter_test($filter_type, $reg_exp,
 			$action_id, $action_param, $filter_param, $inverse, $feed_id) {
diff --git a/classes/pref_labels.php b/classes/pref_labels.php
index 5de4443f7..0d60731f3 100644
--- a/classes/pref_labels.php
+++ b/classes/pref_labels.php
@@ -1,5 +1,5 @@
 <?php
-class Pref_Labels extends Handler {
+class Pref_Labels extends Protected_Handler {
 
 	function edit() {
 		$label_id = db_escape_string($_REQUEST['id']);
diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php
index 896268275..5a216d2b1 100644
--- a/classes/pref_prefs.php
+++ b/classes/pref_prefs.php
@@ -1,5 +1,5 @@
 <?php
-class Pref_Prefs extends Handler {
+class Pref_Prefs extends Protected_Handler {
 
 	function changepassword() {
 
diff --git a/classes/pref_users.php b/classes/pref_users.php
index 5f762b50e..63e1fd22c 100644
--- a/classes/pref_users.php
+++ b/classes/pref_users.php
@@ -1,5 +1,5 @@
 <?php
-class Pref_Users extends Handler {
+class Pref_Users extends Protected_Handler {
 
 		function before() {
 			if (parent::before()) {
diff --git a/classes/protected_handler.php b/classes/protected_handler.php
new file mode 100644
index 000000000..e8a6d40a7
--- /dev/null
+++ b/classes/protected_handler.php
@@ -0,0 +1,8 @@
+<?php
+class Protected_Handler extends Handler {
+
+	function before() {
+		return parent::before() && $_SESSION['uid'];
+	}
+}
+?>
diff --git a/classes/rpc.php b/classes/rpc.php
index 8f03381f8..c6fc8c263 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -1,9 +1,9 @@
 <?php
-class RPC extends Handler {
+class RPC extends Protected_Handler {
 
 	function setprofile() {
 		$id = db_escape_string($_REQUEST["id"]);
-		
+
 		$_SESSION["profile"] = $id;
 		$_SESSION["prefs_cache"] = array();
 	}
@@ -215,7 +215,7 @@ class RPC extends Handler {
 
 		 if ($last_article_id != getLastArticleId($this->link)) {
 				$omode = $_REQUEST["omode"];
-	
+
 			if ($omode != "T")
 				$reply['counters'] = getAllCounters($this->link, $omode);
 			else
@@ -403,11 +403,11 @@ class RPC extends Handler {
 	function assigntolabel() {
 		return labelops(true);
 	}
-	
+
 	function removefromlabel() {
 		return labelops(false);
 	}
-	
+
 	function labelops($assign) {
 		$reply = array();