diff options
Diffstat (limited to 'classes')
40 files changed, 2908 insertions, 4468 deletions
diff --git a/classes/api.php b/classes/api.php index 6a919be64..18f9c83b5 100755 --- a/classes/api.php +++ b/classes/api.php @@ -6,23 +6,38 @@ class API extends Handler { const STATUS_OK = 0; const STATUS_ERR = 1; + const E_API_DISABLED = "API_DISABLED"; + const E_NOT_LOGGED_IN = "NOT_LOGGED_IN"; + const E_LOGIN_ERROR = "LOGIN_ERROR"; + const E_INCORRECT_USAGE = "INCORRECT_USAGE"; + const E_UNKNOWN_METHOD = "UNKNOWN_METHOD"; + const E_OPERATION_FAILED = "E_OPERATION_FAILED"; + private $seq; - static function param_to_bool($p) { + private static function _param_to_bool($p) { return $p && ($p !== "f" && $p !== "false"); } + private function _wrap($status, $reply) { + print json_encode([ + "seq" => $this->seq, + "status" => $status, + "content" => $reply + ]); + } + function before($method) { if (parent::before($method)) { header("Content-Type: text/json"); if (empty($_SESSION["uid"]) && $method != "login" && $method != "isloggedin") { - $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_NOT_LOGGED_IN)); return false; } if (!empty($_SESSION["uid"]) && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) { - $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_API_DISABLED)); return false; } @@ -33,20 +48,14 @@ class API extends Handler { return false; } - function wrap($status, $reply) { - print json_encode(array("seq" => $this->seq, - "status" => $status, - "content" => $reply)); - } - function getVersion() { $rv = array("version" => get_version()); - $this->wrap(self::STATUS_OK, $rv); + $this->_wrap(self::STATUS_OK, $rv); } function getApiLevel() { $rv = array("level" => self::API_LEVEL); - $this->wrap(self::STATUS_OK, $rv); + $this->_wrap(self::STATUS_OK, $rv); } function login() { @@ -57,36 +66,36 @@ class API extends Handler { $password = clean($_REQUEST["password"]); $password_base64 = base64_decode(clean($_REQUEST["password"])); - if (SINGLE_USER_MODE) $login = "admin"; + if (Config::get(Config::SINGLE_USER_MODE)) $login = "admin"; if ($uid = UserHelper::find_user_by_login($login)) { if (get_pref("ENABLE_API_ACCESS", $uid)) { if (UserHelper::authenticate($login, $password, false, Auth_Base::AUTH_SERVICE_API)) { // try login with normal password - $this->wrap(self::STATUS_OK, array("session_id" => session_id(), + $this->_wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else if (UserHelper::authenticate($login, $password_base64, false, Auth_Base::AUTH_SERVICE_API)) { // else try with base64_decoded password - $this->wrap(self::STATUS_OK, array("session_id" => session_id(), + $this->_wrap(self::STATUS_OK, array("session_id" => session_id(), "api_level" => self::API_LEVEL)); } else { // else we are not logged in user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); - $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_LOGIN_ERROR)); } } else { - $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_API_DISABLED)); } } else { - $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_LOGIN_ERROR)); return; } } function logout() { - Pref_Users::logout_user(); - $this->wrap(self::STATUS_OK, array("status" => "OK")); + UserHelper::logout(); + $this->_wrap(self::STATUS_OK, array("status" => "OK")); } function isLoggedIn() { - $this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != '')); + $this->_wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != '')); } function getUnread() { @@ -94,33 +103,33 @@ class API extends Handler { $is_cat = clean($_REQUEST["is_cat"]); if ($feed_id) { - $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat))); + $this->_wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat))); } else { - $this->wrap(self::STATUS_OK, array("unread" => Feeds::getGlobalUnread())); + $this->_wrap(self::STATUS_OK, array("unread" => Feeds::_get_global_unread())); } } /* Method added for ttrss-reader for Android */ function getCounters() { - $this->wrap(self::STATUS_OK, Counters::getAllCounters()); + $this->_wrap(self::STATUS_OK, Counters::get_all()); } function getFeeds() { $cat_id = clean($_REQUEST["cat_id"]); - $unread_only = self::param_to_bool(clean($_REQUEST["unread_only"] ?? 0)); + $unread_only = self::_param_to_bool(clean($_REQUEST["unread_only"] ?? 0)); $limit = (int) clean($_REQUEST["limit"] ?? 0); $offset = (int) clean($_REQUEST["offset"] ?? 0); - $include_nested = self::param_to_bool(clean($_REQUEST["include_nested"] ?? false)); + $include_nested = self::_param_to_bool(clean($_REQUEST["include_nested"] ?? false)); - $feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested); + $feeds = $this->_api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested); - $this->wrap(self::STATUS_OK, $feeds); + $this->_wrap(self::STATUS_OK, $feeds); } function getCategories() { - $unread_only = self::param_to_bool(clean($_REQUEST["unread_only"] ?? false)); - $enable_nested = self::param_to_bool(clean($_REQUEST["enable_nested"] ?? false)); - $include_empty = self::param_to_bool(clean($_REQUEST['include_empty'] ?? false)); + $unread_only = self::_param_to_bool(clean($_REQUEST["unread_only"] ?? false)); + $enable_nested = self::_param_to_bool(clean($_REQUEST["enable_nested"] ?? false)); + $include_empty = self::_param_to_bool(clean($_REQUEST['include_empty'] ?? false)); // TODO do not return empty categories, return Uncategorized and standard virtual cats @@ -147,7 +156,7 @@ class API extends Handler { $unread = getFeedUnread($line["id"], true); if ($enable_nested) - $unread += Feeds::getCategoryChildrenUnread($line["id"]); + $unread += Feeds::_get_cat_children_unread($line["id"]); if ($unread || !$unread_only) { array_push($cats, array("id" => (int) $line["id"], @@ -160,18 +169,18 @@ class API extends Handler { } foreach (array(-2,-1,0) as $cat_id) { - if ($include_empty || !$this->isCategoryEmpty($cat_id)) { + if ($include_empty || !$this->_is_cat_empty($cat_id)) { $unread = getFeedUnread($cat_id, true); if ($unread || !$unread_only) { array_push($cats, array("id" => $cat_id, - "title" => Feeds::getCategoryTitle($cat_id), + "title" => Feeds::_get_cat_title($cat_id), "unread" => (int) $unread)); } } } - $this->wrap(self::STATUS_OK, $cats); + $this->_wrap(self::STATUS_OK, $cats); } function getHeadlines() { @@ -186,42 +195,42 @@ class API extends Handler { $offset = (int)clean($_REQUEST["skip"]); $filter = clean($_REQUEST["filter"] ?? ""); - $is_cat = self::param_to_bool(clean($_REQUEST["is_cat"] ?? false)); - $show_excerpt = self::param_to_bool(clean($_REQUEST["show_excerpt"] ?? false)); - $show_content = self::param_to_bool(clean($_REQUEST["show_content"])); + $is_cat = self::_param_to_bool(clean($_REQUEST["is_cat"] ?? false)); + $show_excerpt = self::_param_to_bool(clean($_REQUEST["show_excerpt"] ?? false)); + $show_content = self::_param_to_bool(clean($_REQUEST["show_content"])); /* all_articles, unread, adaptive, marked, updated */ $view_mode = clean($_REQUEST["view_mode"] ?? null); - $include_attachments = self::param_to_bool(clean($_REQUEST["include_attachments"] ?? false)); + $include_attachments = self::_param_to_bool(clean($_REQUEST["include_attachments"] ?? false)); $since_id = (int)clean($_REQUEST["since_id"] ?? 0); - $include_nested = self::param_to_bool(clean($_REQUEST["include_nested"] ?? false)); + $include_nested = self::_param_to_bool(clean($_REQUEST["include_nested"] ?? false)); $sanitize_content = !isset($_REQUEST["sanitize"]) || - self::param_to_bool($_REQUEST["sanitize"]); - $force_update = self::param_to_bool(clean($_REQUEST["force_update"] ?? false)); - $has_sandbox = self::param_to_bool(clean($_REQUEST["has_sandbox"] ?? false)); + self::_param_to_bool($_REQUEST["sanitize"]); + $force_update = self::_param_to_bool(clean($_REQUEST["force_update"] ?? false)); + $has_sandbox = self::_param_to_bool(clean($_REQUEST["has_sandbox"] ?? false)); $excerpt_length = (int)clean($_REQUEST["excerpt_length"] ?? 0); $check_first_id = (int)clean($_REQUEST["check_first_id"] ?? 0); - $include_header = self::param_to_bool(clean($_REQUEST["include_header"] ?? false)); + $include_header = self::_param_to_bool(clean($_REQUEST["include_header"] ?? false)); $_SESSION['hasSandbox'] = $has_sandbox; - list($override_order, $skip_first_id_check) = Feeds::order_to_override_query(clean($_REQUEST["order_by"] ?? null)); + list($override_order, $skip_first_id_check) = Feeds::_order_to_override_query(clean($_REQUEST["order_by"] ?? null)); /* do not rely on params below */ $search = clean($_REQUEST["search"] ?? ""); - list($headlines, $headlines_header) = $this->api_get_headlines($feed_id, $limit, $offset, + list($headlines, $headlines_header) = $this->_api_get_headlines($feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order, $include_attachments, $since_id, $search, $include_nested, $sanitize_content, $force_update, $excerpt_length, $check_first_id, $skip_first_id_check); if ($include_header) { - $this->wrap(self::STATUS_OK, array($headlines_header, $headlines)); + $this->_wrap(self::STATUS_OK, array($headlines_header, $headlines)); } else { - $this->wrap(self::STATUS_OK, $headlines); + $this->_wrap(self::STATUS_OK, $headlines); } } else { - $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } @@ -277,11 +286,11 @@ class API extends Handler { $num_updated = $sth->rowCount(); - $this->wrap(self::STATUS_OK, array("status" => "OK", + $this->_wrap(self::STATUS_OK, array("status" => "OK", "updated" => $num_updated)); } else { - $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } @@ -290,9 +299,9 @@ class API extends Handler { $article_ids = explode(",", clean($_REQUEST["article_id"])); $sanitize_content = !isset($_REQUEST["sanitize"]) || - self::param_to_bool($_REQUEST["sanitize"]); + self::_param_to_bool($_REQUEST["sanitize"]); - if ($article_ids) { + if (count($article_ids) > 0) { $article_qmarks = arr_qmarks($article_ids); @@ -311,22 +320,20 @@ class API extends Handler { while ($line = $sth->fetch()) { - $attachments = Article::get_article_enclosures($line['id']); - $article = array( "id" => $line["id"], "guid" => $line["guid"], "title" => $line["title"], "link" => $line["link"], - "labels" => Article::get_article_labels($line['id']), - "unread" => self::param_to_bool($line["unread"]), - "marked" => self::param_to_bool($line["marked"]), - "published" => self::param_to_bool($line["published"]), + "labels" => Article::_get_labels($line['id']), + "unread" => self::_param_to_bool($line["unread"]), + "marked" => self::_param_to_bool($line["marked"]), + "published" => self::_param_to_bool($line["published"]), "comments" => $line["comments"], "author" => $line["author"], "updated" => (int) strtotime($line["updated"]), "feed_id" => $line["feed_id"], - "attachments" => $attachments, + "attachments" => Article::_get_enclosures($line['id']), "score" => (int)$line["score"], "feed_title" => $line["feed_title"], "note" => $line["note"], @@ -336,7 +343,7 @@ class API extends Handler { if ($sanitize_content) { $article["content"] = Sanitizer::sanitize( $line["content"], - self::param_to_bool($line['hide_images']), + self::_param_to_bool($line['hide_images']), false, $line["site_url"], false, $line["id"]); } else { $article["content"] = $line["content"]; @@ -350,22 +357,23 @@ class API extends Handler { }, $hook_object); - $article['content'] = DiskCache::rewriteUrls($article['content']); + $article['content'] = DiskCache::rewrite_urls($article['content']); array_push($articles, $article); } - $this->wrap(self::STATUS_OK, $articles); + $this->_wrap(self::STATUS_OK, $articles); } else { - $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } function getConfig() { - $config = array( - "icons_dir" => ICONS_DIR, - "icons_url" => ICONS_URL); + $config = [ + "icons_dir" => Config::get(Config::ICONS_DIR), + "icons_url" => Config::get(Config::ICONS_URL) + ]; $config["daemon_is_running"] = file_is_locked("update_daemon.lock"); @@ -376,7 +384,7 @@ class API extends Handler { $config["num_feeds"] = $row["cf"]; - $this->wrap(self::STATUS_OK, $config); + $this->_wrap(self::STATUS_OK, $config); } function updateFeed() { @@ -386,7 +394,7 @@ class API extends Handler { RSSUtils::update_rss_feed($feed_id); } - $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->_wrap(self::STATUS_OK, array("status" => "OK")); } function catchupFeed() { @@ -397,15 +405,15 @@ class API extends Handler { if (!in_array($mode, ["all", "1day", "1week", "2week"])) $mode = "all"; - Feeds::catchup_feed($feed_id, $is_cat, $_SESSION["uid"], $mode); + Feeds::_catchup($feed_id, $is_cat, $_SESSION["uid"], $mode); - $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->_wrap(self::STATUS_OK, array("status" => "OK")); } function getPref() { $pref_name = clean($_REQUEST["pref_name"]); - $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name))); + $this->_wrap(self::STATUS_OK, array("value" => get_pref($pref_name))); } function getLabels() { @@ -419,7 +427,7 @@ class API extends Handler { $sth->execute([$_SESSION['uid']]); if ($article_id) - $article_labels = Article::get_article_labels($article_id); + $article_labels = Article::_get_labels($article_id); else $article_labels = array(); @@ -441,14 +449,14 @@ class API extends Handler { "checked" => $checked)); } - $this->wrap(self::STATUS_OK, $rv); + $this->_wrap(self::STATUS_OK, $rv); } function setArticleLabel() { $article_ids = explode(",", clean($_REQUEST["article_ids"])); $label_id = (int) clean($_REQUEST['label_id']); - $assign = self::param_to_bool(clean($_REQUEST['assign'])); + $assign = self::_param_to_bool(clean($_REQUEST['assign'])); $label = Labels::find_caption(Labels::feed_to_label_id($label_id), $_SESSION["uid"]); @@ -468,7 +476,7 @@ class API extends Handler { } } - $this->wrap(self::STATUS_OK, array("status" => "OK", + $this->_wrap(self::STATUS_OK, array("status" => "OK", "updated" => $num_updated)); } @@ -479,10 +487,10 @@ class API extends Handler { if ($plugin && method_exists($plugin, $method)) { $reply = $plugin->$method(); - $this->wrap($reply[0], $reply[1]); + $this->_wrap($reply[0], $reply[1]); } else { - $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method)); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_UNKNOWN_METHOD, "method" => $method)); } } @@ -491,14 +499,14 @@ class API extends Handler { $url = strip_tags(clean($_REQUEST["url"])); $content = strip_tags(clean($_REQUEST["content"])); - if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) { - $this->wrap(self::STATUS_OK, array("status" => 'OK')); + if (Article::_create_published_article($title, $url, $content, "", $_SESSION["uid"])) { + $this->_wrap(self::STATUS_OK, array("status" => 'OK')); } else { - $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_OPERATION_FAILED)); } } - static function api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested = false) { + private static function _api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested = false) { $feeds = array(); @@ -512,7 +520,7 @@ class API extends Handler { /* API only: -4 All feeds, including virtual feeds */ if ($cat_id == -4 || $cat_id == -2) { - $counters = Counters::getLabelCounters(true); + $counters = Counters::get_labels(); foreach (array_values($counters) as $cv) { @@ -539,7 +547,7 @@ class API extends Handler { $unread = getFeedUnread($i); if ($unread || !$unread_only) { - $title = Feeds::getFeedTitle($i); + $title = Feeds::_get_title($i); $row = array( "id" => $i, @@ -564,7 +572,7 @@ class API extends Handler { while ($line = $sth->fetch()) { $unread = getFeedUnread($line["id"], true) + - Feeds::getCategoryChildrenUnread($line["id"]); + Feeds::_get_cat_children_unread($line["id"]); if ($unread || !$unread_only) { $row = array( @@ -612,7 +620,7 @@ class API extends Handler { $unread = getFeedUnread($line["id"]); - $has_icon = Feeds::feedHasIcon($line['id']); + $has_icon = Feeds::_has_icon($line['id']); if ($unread || !$unread_only) { @@ -634,7 +642,7 @@ class API extends Handler { return $feeds; } - static function api_get_headlines($feed_id, $limit, $offset, + private static function _api_get_headlines($feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order, $include_attachments, $since_id, $search = "", $include_nested = false, $sanitize_content = true, @@ -652,7 +660,7 @@ class API extends Handler { if ($row = $sth->fetch()) { $last_updated = strtotime($row["last_updated"]); - $cache_images = self::param_to_bool($row["cache_images"]); + $cache_images = self::_param_to_bool($row["cache_images"]); if (!$cache_images && time() - $last_updated > 120) { RSSUtils::update_rss_feed($feed_id, true); @@ -678,7 +686,7 @@ class API extends Handler { "skip_first_id_check" => $skip_first_id_check ); - $qfh_ret = Feeds::queryFeedHeadlines($params); + $qfh_ret = Feeds::_get_headlines($params); $result = $qfh_ret[0]; $feed_title = $qfh_ret[1]; @@ -720,14 +728,14 @@ class API extends Handler { } } - if (!is_array($labels)) $labels = Article::get_article_labels($line["id"]); + if (!is_array($labels)) $labels = Article::_get_labels($line["id"]); $headline_row = array( "id" => (int)$line["id"], "guid" => $line["guid"], - "unread" => self::param_to_bool($line["unread"]), - "marked" => self::param_to_bool($line["marked"]), - "published" => self::param_to_bool($line["published"]), + "unread" => self::_param_to_bool($line["unread"]), + "marked" => self::_param_to_bool($line["marked"]), + "published" => self::_param_to_bool($line["published"]), "updated" => (int)strtotime($line["updated"]), "is_updated" => $is_updated, "title" => $line["title"], @@ -736,7 +744,7 @@ class API extends Handler { "tags" => $tags, ); - $enclosures = Article::get_article_enclosures($line['id']); + $enclosures = Article::_get_enclosures($line['id']); if ($include_attachments) $headline_row['attachments'] = $enclosures; @@ -749,13 +757,11 @@ class API extends Handler { if ($sanitize_content) { $headline_row["content"] = Sanitizer::sanitize( $line["content"], - self::param_to_bool($line['hide_images']), + self::_param_to_bool($line['hide_images']), false, $line["site_url"], false, $line["id"]); } else { $headline_row["content"] = $line["content"]; } - - $headline_row["content"] = DiskCache::rewriteUrls($headline_row['content']); } // unify label output to ease parsing @@ -768,7 +774,7 @@ class API extends Handler { $headline_row["comments_count"] = (int)$line["num_comments"]; $headline_row["comments_link"] = $line["comments"]; - $headline_row["always_display_attachments"] = self::param_to_bool($line["always_display_enclosures"]); + $headline_row["always_display_attachments"] = self::_param_to_bool($line["always_display_enclosures"]); $headline_row["author"] = $line["author"]; @@ -776,22 +782,28 @@ class API extends Handler { $headline_row["note"] = $line["note"]; $headline_row["lang"] = $line["lang"]; - $hook_object = ["headline" => &$headline_row]; + if ($show_content) { + $hook_object = ["headline" => &$headline_row]; - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE_API, - function ($result) use (&$headline_row) { - $headline_row = $result; - }, - $hook_object); + list ($flavor_image, $flavor_stream, $flavor_kind) = Article::_get_image($enclosures, + $line["content"], // unsanitized + $line["site_url"]); - list ($flavor_image, $flavor_stream, $flavor_kind) = Article::get_article_image($enclosures, $line["content"], $line["site_url"]); + $headline_row["flavor_image"] = $flavor_image; + $headline_row["flavor_stream"] = $flavor_stream; - $headline_row["flavor_image"] = $flavor_image; - $headline_row["flavor_stream"] = $flavor_stream; + /* optional */ + if ($flavor_kind) + $headline_row["flavor_kind"] = $flavor_kind; - /* optional */ - if ($flavor_kind) - $headline_row["flavor_kind"] = $flavor_kind; + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE_API, + function ($result) use (&$headline_row) { + $headline_row = $result; + }, + $hook_object); + + $headline_row["content"] = DiskCache::rewrite_urls($headline_row['content']); + } array_push($headlines, $headline_row); } @@ -811,9 +823,9 @@ class API extends Handler { if ($row = $sth->fetch()) { Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]); - $this->wrap(self::STATUS_OK, array("status" => "OK")); + $this->_wrap(self::STATUS_OK, array("status" => "OK")); } else { - $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_OPERATION_FAILED)); } } @@ -824,28 +836,28 @@ class API extends Handler { $password = clean($_REQUEST["password"]); if ($feed_url) { - $rc = Feeds::subscribe_to_feed($feed_url, $category_id, $login, $password); + $rc = Feeds::_subscribe($feed_url, $category_id, $login, $password); - $this->wrap(self::STATUS_OK, array("status" => $rc)); + $this->_wrap(self::STATUS_OK, array("status" => $rc)); } else { - $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } function getFeedTree() { - $include_empty = self::param_to_bool(clean($_REQUEST['include_empty'])); + $include_empty = self::_param_to_bool(clean($_REQUEST['include_empty'])); $pf = new Pref_Feeds($_REQUEST); $_REQUEST['mode'] = 2; $_REQUEST['force_show_empty'] = $include_empty; - $this->wrap(self::STATUS_OK, - array("categories" => $pf->makefeedtree())); + $this->_wrap(self::STATUS_OK, + array("categories" => $pf->_makefeedtree())); } // only works for labels or uncategorized for the time being - private function isCategoryEmpty($id) { + private function _is_cat_empty($id) { if ($id == -2) { $sth = $this->pdo->prepare("SELECT COUNT(id) AS count FROM ttrss_labels2 diff --git a/classes/article.php b/classes/article.php index 6d3746968..6baf8f068 100755 --- a/classes/article.php +++ b/classes/article.php @@ -5,7 +5,7 @@ class Article extends Handler_Protected { const ARTICLE_KIND_YOUTUBE = 3; function redirect() { - $id = clean($_REQUEST['id']); + $id = (int) clean($_REQUEST['id'] ?? 0); $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = ? AND id = ref_id AND owner_uid = ? @@ -13,18 +13,21 @@ class Article extends Handler_Protected { $sth->execute([$id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - $article_url = $row['link']; - $article_url = str_replace("\n", "", $article_url); + $article_url = UrlHelper::validate(str_replace("\n", "", $row['link'])); - header("Location: $article_url"); - return; + if ($article_url) { + header("Location: $article_url"); + } else { + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "URL of article $id is blank."; + } } else { print_error(__("Article not found.")); } } - static function create_published_article($title, $url, $content, $labels_str, + static function _create_published_article($title, $url, $content, $labels_str, $owner_uid) { $guid = 'SHA1:' . sha1("ttshared:" . $url . $owner_uid); // include owner_uid to prevent global GUID clash @@ -82,7 +85,7 @@ class Article extends Handler_Protected { content = ?, content_hash = ? WHERE id = ?"); $sth->execute([$content, $content_hash, $ref_id]); - if (DB_TYPE == "pgsql"){ + if (Config::get(Config::DB_TYPE) == "pgsql") { $sth = $pdo->prepare("UPDATE ttrss_entries SET tsvector_combined = to_tsvector( :ts_content) WHERE id = :id"); @@ -127,7 +130,7 @@ class Article extends Handler_Protected { if ($row = $sth->fetch()) { $ref_id = $row["id"]; - if (DB_TYPE == "pgsql"){ + if (Config::get(Config::DB_TYPE) == "pgsql"){ $sth = $pdo->prepare("UPDATE ttrss_entries SET tsvector_combined = to_tsvector( :ts_content) WHERE id = :id"); @@ -158,39 +161,15 @@ class Article extends Handler_Protected { return $rc; } - function editArticleTags() { - - $param = clean($_REQUEST['param']); - - $tags = self::get_article_tags($param); - - $tags_str = join(", ", $tags); - - print_hidden("id", "$param"); - print_hidden("op", "article"); - print_hidden("method", "setArticleTags"); - - print "<header class='horizontal'>" . __("Tags for this article (separated by commas):")."</header>"; - - print "<section>"; - print "<textarea dojoType='dijit.form.SimpleTextarea' rows='4' - style='height : 100px; font-size : 12px; width : 98%' id='tags_str' - name='tags_str'>$tags_str</textarea> - <div class='autocomplete' id='tags_choices' - style='display:none'></div>"; - print "</section>"; - - print "<footer>"; - print "<button dojoType='dijit.form.Button' - type='submit' class='alt-primary'>".__('Save')."</button> "; - print "<button dojoType='dijit.form.Button' - onclick='App.dialogOf(this).hide()'>".__('Cancel')."</button>"; - print "</footer>"; + function printArticleTags() { + $id = (int) clean($_REQUEST['id'] ?? 0); + print json_encode(["id" => $id, + "tags" => self::_get_tags($id)]); } function setScore() { - $ids = explode(",", clean($_REQUEST['id'])); + $ids = array_map("intval", clean($_REQUEST['ids'] ?? [])); $score = (int)clean($_REQUEST['score']); $ids_qmarks = arr_qmarks($ids); @@ -220,8 +199,10 @@ class Article extends Handler_Protected { $id = clean($_REQUEST["id"]); - $tags_str = clean($_REQUEST["tags_str"]); - $tags = array_unique(array_map('trim', explode(",", $tags_str))); + //$tags_str = clean($_REQUEST["tags_str"]); + //$tags = array_unique(array_map('trim', explode(",", $tags_str))); + + $tags = FeedItem_Common::normalize_categories(explode(",", clean($_REQUEST["tags_str"]))); $this->pdo->beginTransaction(); @@ -246,8 +227,6 @@ class Article extends Handler_Protected { (post_int_id, owner_uid, tag_name) VALUES (?, ?, ?)"); - $tags = FeedItem_Common::normalize_categories($tags); - foreach ($tags as $tag) { $csth->execute([$int_id, $_SESSION['uid'], $tag]); @@ -269,18 +248,12 @@ class Article extends Handler_Protected { $this->pdo->commit(); - $tags = self::get_article_tags($id); - $tags_str = $this->format_tags_string($tags); - $tags_str_full = join(", ", $tags); - - if (!$tags_str_full) $tags_str_full = __("no tags"); - - print json_encode(array("id" => (int)$id, - "content" => $tags_str, "content_full" => $tags_str_full)); + // get latest tags from the database, original $tags is sometimes JSON-encoded as a hash ({}) - ??? + print json_encode(["id" => (int)$id, "tags" => $this->_get_tags($id)]); } - function completeTags() { + /*function completeTags() { $search = clean($_REQUEST["search"]); $sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags @@ -295,17 +268,17 @@ class Article extends Handler_Protected { print "<li>" . $line["tag_name"] . "</li>"; } print "</ul>"; - } + }*/ function assigntolabel() { - return $this->labelops(true); + return $this->_label_ops(true); } function removefromlabel() { - return $this->labelops(false); + return $this->_label_ops(false); } - private function labelops($assign) { + private function _label_ops($assign) { $reply = array(); $ids = explode(",", clean($_REQUEST["ids"])); @@ -313,22 +286,17 @@ class Article extends Handler_Protected { $label = Labels::find_caption($label_id, $_SESSION["uid"]); - $reply["info-for-headlines"] = array(); + $reply["labels-for"] = []; if ($label) { - foreach ($ids as $id) { - if ($assign) Labels::add_article($id, $label, $_SESSION["uid"]); else Labels::remove_article($id, $label, $_SESSION["uid"]); - $labels = $this->get_article_labels($id, $_SESSION["uid"]); - - array_push($reply["info-for-headlines"], - array("id" => $id, "labels" => $this->format_article_labels($labels))); - + array_push($reply["labels-for"], + ["id" => (int)$id, "labels" => $this->_get_labels($id)]); } } @@ -337,163 +305,84 @@ class Article extends Handler_Protected { print json_encode($reply); } - function getArticleFeed($id) { - $sth = $this->pdo->prepare("SELECT feed_id FROM ttrss_user_entries - WHERE ref_id = ? AND owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - return $row["feed_id"]; - } else { - return 0; - } - } - - static function format_article_enclosures($id, $always_display_enclosures, - $article_content, $hide_images = false) { - - $result = self::get_article_enclosures($id); - $rv = ''; + static function _format_enclosures($id, + $always_display_enclosures, + $article_content, + $hide_images = false) { + + $enclosures = self::_get_enclosures($id); + $enclosures_formatted = ""; + + /*foreach ($enclosures as &$enc) { + array_push($enclosures, [ + "type" => $enc["content_type"], + "filename" => basename($enc["content_url"]), + "url" => $enc["content_url"], + "title" => $enc["title"], + "width" => (int) $enc["width"], + "height" => (int) $enc["height"] + ]); + }*/ PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_FORMAT_ENCLOSURES, - function ($result) use (&$rv) { + function ($result) use (&$enclosures_formatted, &$enclosures) { if (is_array($result)) { - $rv = $result[0]; - $result = $result[1]; + $enclosures_formatted = $result[0]; + $enclosures = $result[1]; } else { - $rv = $result; + $enclosures_formatted = $result; } }, - $rv, $result, $id, $always_display_enclosures, $article_content, $hide_images); + $enclosures_formatted, $enclosures, $id, $always_display_enclosures, $article_content, $hide_images); - if ($rv === '' && !empty($result)) { - $entries_html = array(); - $entries = array(); - $entries_inline = array(); - - foreach ($result as $line) { - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_ENCLOSURE_ENTRY, - function($result) use (&$line) { - $line = $result; - }, - $line, $id); - - $url = $line["content_url"]; - $ctype = $line["content_type"]; - $title = $line["title"]; - $width = $line["width"]; - $height = $line["height"]; - - if (!$ctype) $ctype = __("unknown type"); - - //$filename = substr($url, strrpos($url, "/")+1); - $filename = basename($url); - - $player = format_inline_player($url, $ctype); - - if ($player) array_push($entries_inline, $player); + if (!empty($enclosures_formatted)) { + return [ + 'formatted' => $enclosures_formatted, + 'entries' => [] + ]; + } -# $entry .= " <a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\" rel=\"noopener noreferrer\">" . -# $filename . " (" . $ctype . ")" . "</a>"; + $rv = [ + 'formatted' => '', + 'entries' => [] + ]; - $entry = "<div onclick=\"Article.popupOpenUrl('".htmlspecialchars($url)."')\" - dojoType=\"dijit.MenuItem\">$filename ($ctype)</div>"; + $rv['can_inline'] = isset($_SESSION["uid"]) && + empty($_SESSION["bw_limit"]) && + !get_pref("STRIP_IMAGES") && + ($always_display_enclosures || !preg_match("/<img/i", $article_content)); - array_push($entries_html, $entry); + $rv['inline_text_only'] = $hide_images && $rv['can_inline']; - $entry = array(); + foreach ($enclosures as $enc) { - $entry["type"] = $ctype; - $entry["filename"] = $filename; - $entry["url"] = $url; - $entry["title"] = $title; - $entry["width"] = $width; - $entry["height"] = $height; + // this is highly approximate + $enc["filename"] = basename($enc["content_url"]); - array_push($entries, $entry); - } + $rendered_enc = ""; + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ENCLOSURE, + function ($result) use (&$rendered_enc) { + $rendered_enc = $result; + }, + $enc, $id, $rv); - if ($_SESSION['uid'] && !get_pref("STRIP_IMAGES") && !$_SESSION["bw_limit"]) { - if ($always_display_enclosures || - !preg_match("/<img/i", $article_content)) { - - foreach ($entries as $entry) { - - $retval = null; - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ENCLOSURE, - function($result) use (&$retval) { - $retval = $result; - }, - $entry, $hide_images); - - if (!empty($retval)) { - $rv .= $retval; - } else { - - if (preg_match("/image/", $entry["type"])) { - - if (!$hide_images) { - $encsize = ''; - if ($entry['height'] > 0) - $encsize .= ' height="' . intval($entry['height']) . '"'; - if ($entry['width'] > 0) - $encsize .= ' width="' . intval($entry['width']) . '"'; - $rv .= "<p><img - alt=\"".htmlspecialchars($entry["filename"])."\" - src=\"" .htmlspecialchars($entry["url"]) . "\" - " . $encsize . " /></p>"; - } else { - $rv .= "<p><a target=\"_blank\" rel=\"noopener noreferrer\" - href=\"".htmlspecialchars($entry["url"])."\" - >" .htmlspecialchars($entry["url"]) . "</a></p>"; - } - - if ($entry['title']) { - $rv.= "<div class=\"enclosure_title\">${entry['title']}</div>"; - } - } - } - } - } - } + if ($rendered_enc) { + $rv['formatted'] .= $rendered_enc; + } else { + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_ENCLOSURE_ENTRY, + function ($result) use (&$enc) { + $enc = $result; + }, + $enc, $id, $rv); - if (count($entries_inline) > 0) { - //$rv .= "<hr clear='both'/>"; - foreach ($entries_inline as $entry) { $rv .= $entry; }; - $rv .= "<br clear='both'/>"; + array_push($rv['entries'], $enc); } - - $rv .= "<div class=\"attachments\" dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Attachments')."</span>"; - - $rv .= "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - - foreach ($entries as $entry) { - if ($entry["title"]) - $title = " — " . truncate_string($entry["title"], 30); - else - $title = ""; - - if ($entry["filename"]) - $filename = truncate_middle(htmlspecialchars($entry["filename"]), 60); - else - $filename = ""; - - $rv .= "<div onclick='Article.popupOpenUrl(\"".htmlspecialchars($entry["url"])."\")' - dojoType=\"dijit.MenuItem\">".$filename . $title."</div>"; - - }; - - $rv .= "</div>"; - $rv .= "</div>"; } return $rv; } - static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) { + static function _get_tags($id, $owner_uid = 0, $tag_cache = false) { $a_id = $id; @@ -543,59 +432,22 @@ class Article extends Handler_Protected { return $tags; } - static function format_tags_string($tags) { - if (!is_array($tags) || count($tags) == 0) { - return __("no tags"); - } else { - $maxtags = min(5, count($tags)); - $tags_str = ""; - - for ($i = 0; $i < $maxtags; $i++) { - $tags_str .= "<a class=\"tag\" href=\"#\" onclick=\"Feeds.open({feed:'".$tags[$i]."'})\">" . $tags[$i] . "</a>, "; - } - - $tags_str = mb_substr($tags_str, 0, mb_strlen($tags_str)-2); - - if (count($tags) > $maxtags) - $tags_str .= ", …"; - - return $tags_str; - } - } - - static function format_article_labels($labels) { - - if (!is_array($labels)) return ''; - - $labels_str = ""; - - foreach ($labels as $l) { - $labels_str .= sprintf("<div class='label' - style='color : %s; background-color : %s'>%s</div>", - $l[2], $l[3], $l[1]); - } - - return $labels_str; + function getmetadatabyid() { + $id = clean($_REQUEST['id']); - } + $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries + WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); - static function format_article_note($id, $note, $allow_edit = true) { + if ($row = $sth->fetch()) { + $link = $row['link']; + $title = $row['title']; - if ($allow_edit) { - $onclick = "onclick='Plugins.Note.edit($id)'"; - $note_class = 'editable'; - } else { - $onclick = ''; - $note_class = ''; + echo json_encode(["link" => $link, "title" => $title]); } - - return "<div class='article-note $note_class'> - <i class='material-icons'>note</i> - <div $onclick class='body'>$note</div> - </div>"; } - static function get_article_enclosures($id) { + static function _get_enclosures($id) { $pdo = Db::pdo(); @@ -607,10 +459,10 @@ class Article extends Handler_Protected { $cache = new DiskCache("images"); - while ($line = $sth->fetch()) { + while ($line = $sth->fetch(PDO::FETCH_ASSOC)) { if ($cache->exists(sha1($line["content_url"]))) { - $line["content_url"] = $cache->getUrl(sha1($line["content_url"])); + $line["content_url"] = $cache->get_url(sha1($line["content_url"])); } array_push($rv, $line); @@ -619,11 +471,11 @@ class Article extends Handler_Protected { return $rv; } - static function purge_orphans() { + static function _purge_orphans() { // purge orphaned posts in main content table - if (DB_TYPE == "mysql") + if (Config::get(Config::DB_TYPE) == "mysql") $limit_qpart = "LIMIT 5000"; else $limit_qpart = ""; @@ -638,7 +490,7 @@ class Article extends Handler_Protected { } } - static function catchupArticlesById($ids, $cmode, $owner_uid = false) { + static function _catchup_by_id($ids, $cmode, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -663,21 +515,7 @@ class Article extends Handler_Protected { $sth->execute(array_merge($ids, [$owner_uid])); } - static function getLastArticleId() { - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT ref_id AS id FROM ttrss_user_entries - WHERE owner_uid = ? ORDER BY ref_id DESC LIMIT 1"); - $sth->execute([$_SESSION['uid']]); - - if ($row = $sth->fetch()) { - return $row['id']; - } else { - return -1; - } - } - - static function get_article_labels($id, $owner_uid = false) { + static function _get_labels($id, $owner_uid = false) { $rv = array(); if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -724,7 +562,7 @@ class Article extends Handler_Protected { return $rv; } - static function get_article_image($enclosures, $content, $site_url) { + static function _get_image($enclosures, $content, $site_url) { $article_image = ""; $article_stream = ""; @@ -794,12 +632,59 @@ class Article extends Handler_Protected { $cache = new DiskCache("images"); if ($article_image && $cache->exists(sha1($article_image))) - $article_image = $cache->getUrl(sha1($article_image)); + $article_image = $cache->get_url(sha1($article_image)); if ($article_stream && $cache->exists(sha1($article_stream))) - $article_stream = $cache->getUrl(sha1($article_stream)); + $article_stream = $cache->get_url(sha1($article_stream)); return [$article_image, $article_stream, $article_kind]; } + // only cached, returns label ids (not label feed ids) + static function _labels_of(array $article_ids) { + if (count($article_ids) == 0) + return []; + + $id_qmarks = arr_qmarks($article_ids); + + $sth = Db::pdo()->prepare("SELECT DISTINCT label_cache FROM ttrss_entries e, ttrss_user_entries ue + WHERE ue.ref_id = e.id AND id IN ($id_qmarks)"); + + $sth->execute($article_ids); + + $rv = []; + + while ($row = $sth->fetch()) { + $labels = json_decode($row["label_cache"]); + + if (isset($labels) && is_array($labels)) { + foreach ($labels as $label) { + if (empty($label["no-labels"])) + array_push($rv, Labels::feed_to_label_id($label[0])); + } + } + } + + return array_unique($rv); + } + + static function _feeds_of(array $article_ids) { + if (count($article_ids) == 0) + return []; + + $id_qmarks = arr_qmarks($article_ids); + + $sth = Db::pdo()->prepare("SELECT DISTINCT feed_id FROM ttrss_entries e, ttrss_user_entries ue + WHERE ue.ref_id = e.id AND id IN ($id_qmarks)"); + + $sth->execute($article_ids); + + $rv = []; + + while ($row = $sth->fetch()) { + array_push($rv, $row["feed_id"]); + } + + return $rv; + } } diff --git a/classes/auth/base.php b/classes/auth/base.php index d54e9d8a2..f18cc2d2d 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -16,7 +16,7 @@ abstract class Auth_Base extends Plugin implements IAuthModule { // Auto-creates specified user if allowed by system configuration // Can be used instead of find_user_by_login() by external auth modules function auto_create_user(string $login, $password = false) { - if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) { + if ($login && Config::get(Config::AUTH_AUTO_CREATE)) { $user_id = UserHelper::find_user_by_login($login); if (!$user_id) { diff --git a/classes/backend.php b/classes/backend.php deleted file mode 100644 index aa1935f23..000000000 --- a/classes/backend.php +++ /dev/null @@ -1,90 +0,0 @@ -<?php -class Backend extends Handler_Protected { - /* function digestTest() { - if (isset($_SESSION['uid'])) { - header("Content-type: text/html"); - - $rv = Digest::prepare_headlines_digest($_SESSION['uid'], 1, 1000); - - print "<h1>HTML</h1>"; - print $rv[0]; - print "<h1>Plain text</h1>"; - print "<pre>".$rv[3]."</pre>"; - } else { - print error_json(6); - } - } */ - - function help() { - $topic = basename(clean($_REQUEST["topic"])); // only one for now - - if ($topic == "main") { - $info = RPC::get_hotkeys_info(); - $imap = RPC::get_hotkeys_map(); - $omap = array(); - - foreach ($imap[1] as $sequence => $action) { - if (!isset($omap[$action])) $omap[$action] = array(); - - array_push($omap[$action], $sequence); - } - - print "<ul class='panel panel-scrollable hotkeys-help' style='height : 300px'>"; - - $cur_section = ""; - foreach ($info as $section => $hotkeys) { - - if ($cur_section) print "<li> </li>"; - print "<li><h3>" . $section . "</h3></li>"; - $cur_section = $section; - - foreach ($hotkeys as $action => $description) { - - if (!empty($omap[$action])) { - foreach ($omap[$action] as $sequence) { - if (strpos($sequence, "|") !== false) { - $sequence = substr($sequence, - strpos($sequence, "|")+1, - strlen($sequence)); - } else { - $keys = explode(" ", $sequence); - - for ($i = 0; $i < count($keys); $i++) { - if (strlen($keys[$i]) > 1) { - $tmp = ''; - foreach (str_split($keys[$i]) as $c) { - switch ($c) { - case '*': - $tmp .= __('Shift') . '+'; - break; - case '^': - $tmp .= __('Ctrl') . '+'; - break; - default: - $tmp .= $c; - } - } - $keys[$i] = $tmp; - } - } - $sequence = join(" ", $keys); - } - - print "<li>"; - print "<div class='hk'><code>$sequence</code></div>"; - print "<div class='desc'>$description</div>"; - print "</li>"; - } - } - } - } - - print "</ul>"; - } - - print "<footer class='text-center'>"; - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit'>".__('Close this window')."</button>"; - print "</footer>"; - - } -} diff --git a/classes/config.php b/classes/config.php new file mode 100644 index 000000000..effbb78ad --- /dev/null +++ b/classes/config.php @@ -0,0 +1,167 @@ +<?php +class Config { + private const _ENVVAR_PREFIX = "TTRSS_"; + + const T_BOOL = 1; + const T_STRING = 2; + const T_INT = 3; + + // override defaults, defined below in _DEFAULTS[], via environment: DB_TYPE becomes TTRSS_DB_TYPE, etc + + const DB_TYPE = "DB_TYPE"; + const DB_HOST = "DB_HOST"; + const DB_USER = "DB_USER"; + const DB_NAME = "DB_NAME"; + const DB_PASS = "DB_PASS"; + const DB_PORT = "DB_PORT"; + const MYSQL_CHARSET = "MYSQL_CHARSET"; + const SELF_URL_PATH = "SELF_URL_PATH"; + const SINGLE_USER_MODE = "SINGLE_USER_MODE"; + const SIMPLE_UPDATE_MODE = "SIMPLE_UPDATE_MODE"; + const PHP_EXECUTABLE = "PHP_EXECUTABLE"; + const LOCK_DIRECTORY = "LOCK_DIRECTORY"; + const CACHE_DIR = "CACHE_DIR"; + const ICONS_DIR = "ICONS_DIR"; + const ICONS_URL = "ICONS_URL"; + const AUTH_AUTO_CREATE = "AUTH_AUTO_CREATE"; + const AUTH_AUTO_LOGIN = "AUTH_AUTO_LOGIN"; + const FORCE_ARTICLE_PURGE = "FORCE_ARTICLE_PURGE"; + const SESSION_COOKIE_LIFETIME = "SESSION_COOKIE_LIFETIME"; + const SMTP_FROM_NAME = "SMTP_FROM_NAME"; + const SMTP_FROM_ADDRESS = "SMTP_FROM_ADDRESS"; + const DIGEST_SUBJECT = "DIGEST_SUBJECT"; + const CHECK_FOR_UPDATES = "CHECK_FOR_UPDATES"; + const PLUGINS = "PLUGINS"; + const LOG_DESTINATION = "LOG_DESTINATION"; + const LOCAL_OVERRIDE_STYLESHEET = "LOCAL_OVERRIDE_STYLESHEET"; + const DAEMON_MAX_CHILD_RUNTIME = "DAEMON_MAX_CHILD_RUNTIME"; + const DAEMON_MAX_JOBS = "DAEMON_MAX_JOBS"; + const FEED_FETCH_TIMEOUT = "FEED_FETCH_TIMEOUT"; + const FEED_FETCH_NO_CACHE_TIMEOUT = "FEED_FETCH_NO_CACHE_TIMEOUT"; + const FILE_FETCH_TIMEOUT = "FILE_FETCH_TIMEOUT"; + const FILE_FETCH_CONNECT_TIMEOUT = "FILE_FETCH_CONNECT_TIMEOUT"; + const DAEMON_UPDATE_LOGIN_LIMIT = "DAEMON_UPDATE_LOGIN_LIMIT"; + const DAEMON_FEED_LIMIT = "DAEMON_FEED_LIMIT"; + const DAEMON_SLEEP_INTERVAL = "DAEMON_SLEEP_INTERVAL"; + const MAX_CACHE_FILE_SIZE = "MAX_CACHE_FILE_SIZE"; + const MAX_DOWNLOAD_FILE_SIZE = "MAX_DOWNLOAD_FILE_SIZE"; + const MAX_FAVICON_FILE_SIZE = "MAX_FAVICON_FILE_SIZE"; + const CACHE_MAX_DAYS = "CACHE_MAX_DAYS"; + const MAX_CONDITIONAL_INTERVAL = "MAX_CONDITIONAL_INTERVAL"; + const DAEMON_UNSUCCESSFUL_DAYS_LIMIT = "DAEMON_UNSUCCESSFUL_DAYS_LIMIT"; + const LOG_SENT_MAIL = "LOG_SENT_MAIL"; + const HTTP_PROXY = "HTTP_PROXY"; + const FORBID_PASSWORD_CHANGES = "FORBID_PASSWORD_CHANGES"; + const SESSION_NAME = "SESSION_NAME"; + + private const _DEFAULTS = [ + Config::DB_TYPE => [ "pgsql", Config::T_STRING ], + Config::DB_HOST => [ "db", Config::T_STRING ], + Config::DB_USER => [ "", Config::T_STRING ], + Config::DB_NAME => [ "", Config::T_STRING ], + Config::DB_PASS => [ "", Config::T_STRING ], + Config::DB_PORT => [ "5432", Config::T_STRING ], + Config::MYSQL_CHARSET => [ "UTF8", Config::T_STRING ], + Config::SELF_URL_PATH => [ "", Config::T_STRING ], + Config::SINGLE_USER_MODE => [ "", Config::T_BOOL ], + Config::SIMPLE_UPDATE_MODE => [ "", Config::T_BOOL ], + Config::PHP_EXECUTABLE => [ "/usr/bin/php", Config::T_STRING ], + Config::LOCK_DIRECTORY => [ "lock", Config::T_STRING ], + Config::CACHE_DIR => [ "cache", Config::T_STRING ], + Config::ICONS_DIR => [ "feed-icons", Config::T_STRING ], + Config::ICONS_URL => [ "feed-icons", Config::T_STRING ], + Config::AUTH_AUTO_CREATE => [ "true", Config::T_BOOL ], + Config::AUTH_AUTO_LOGIN => [ "true", Config::T_BOOL ], + Config::FORCE_ARTICLE_PURGE => [ 0, Config::T_INT ], + Config::SESSION_COOKIE_LIFETIME => [ 86400, Config::T_INT ], + Config::SMTP_FROM_NAME => [ "Tiny Tiny RSS", Config::T_STRING ], + Config::SMTP_FROM_ADDRESS => [ "noreply@localhost", Config::T_STRING ], + Config::DIGEST_SUBJECT => [ "[tt-rss] New headlines for last 24 hours", + Config::T_STRING ], + Config::CHECK_FOR_UPDATES => [ "true", Config::T_BOOL ], + Config::PLUGINS => [ "auth_internal", Config::T_STRING ], + Config::LOG_DESTINATION => [ "sql", Config::T_STRING ], + Config::LOCAL_OVERRIDE_STYLESHEET => [ "local-overrides.css", + Config::T_STRING ], + Config::DAEMON_MAX_CHILD_RUNTIME => [ 1800, Config::T_STRING ], + Config::DAEMON_MAX_JOBS => [ 2, Config::T_INT ], + Config::FEED_FETCH_TIMEOUT => [ 45, Config::T_INT ], + Config::FEED_FETCH_NO_CACHE_TIMEOUT => [ 15, Config::T_INT ], + Config::FILE_FETCH_TIMEOUT => [ 45, Config::T_INT ], + Config::FILE_FETCH_CONNECT_TIMEOUT => [ 15, Config::T_INT ], + Config::DAEMON_UPDATE_LOGIN_LIMIT => [ 30, Config::T_INT ], + Config::DAEMON_FEED_LIMIT => [ 500, Config::T_INT ], + Config::DAEMON_SLEEP_INTERVAL => [ 120, Config::T_INT ], + Config::MAX_CACHE_FILE_SIZE => [ 64*1024*1024, Config::T_INT ], + Config::MAX_DOWNLOAD_FILE_SIZE => [ 16*1024*1024, Config::T_INT ], + Config::MAX_FAVICON_FILE_SIZE => [ 1*1024*1024, Config::T_INT ], + Config::CACHE_MAX_DAYS => [ 7, Config::T_INT ], + Config::MAX_CONDITIONAL_INTERVAL => [ 3600*12, Config::T_INT ], + Config::DAEMON_UNSUCCESSFUL_DAYS_LIMIT => [ 30, Config::T_INT ], + Config::LOG_SENT_MAIL => [ "", Config::T_BOOL ], + Config::HTTP_PROXY => [ "", Config::T_STRING ], + Config::FORBID_PASSWORD_CHANGES => [ "", Config::T_BOOL ], + Config::SESSION_NAME => [ "ttrss_sid", Config::T_STRING ], + ]; + + private static $instance; + + private $params = []; + + public static function get_instance() { + if (self::$instance == null) + self::$instance = new self(); + + return self::$instance; + } + + function __construct() { + $ref = new ReflectionClass(get_class($this)); + + foreach ($ref->getConstants() as $const => $cvalue) { + if (isset($this::_DEFAULTS[$const])) { + $override = getenv($this::_ENVVAR_PREFIX . $const); + + list ($defval, $deftype) = $this::_DEFAULTS[$const]; + + $this->params[$cvalue] = [ $this->cast_to(!empty($override) ? $override : $defval, $deftype), $deftype ]; + } + } + } + + private function cast_to(string $value, int $type_hint) { + switch ($type_hint) { + case self::T_BOOL: + return sql_bool_to_bool($value); + case self::T_INT: + return (int) $value; + default: + return $value; + } + } + + private function _get(string $param) { + list ($value, $type_hint) = $this->params[$param]; + + return $this->cast_to($value, $type_hint); + } + + private function _add(string $param, string $default, int $type_hint) { + $override = getenv($this::_ENVVAR_PREFIX . $param); + + $this->params[$param] = [ $this->cast_to(!empty($override) ? $override : $default, $type_hint), $type_hint ]; + } + + static function add(string $param, string $default, int $type_hint = Config::T_STRING) { + $instance = self::get_instance(); + + return $instance->_add($param, $default, $type_hint); + } + + static function get(string $param) { + $instance = self::get_instance(); + + return $instance->_get($param); + } + +} diff --git a/classes/counters.php b/classes/counters.php index 59605df18..b4602825c 100644 --- a/classes/counters.php +++ b/classes/counters.php @@ -1,18 +1,27 @@ <?php class Counters { - static function getAllCounters() { - $data = self::getGlobalCounters(); - - $data = array_merge($data, self::getVirtCounters()); - $data = array_merge($data, self::getLabelCounters()); - $data = array_merge($data, self::getFeedCounters()); - $data = array_merge($data, self::getCategoryCounters()); + static function get_all() { + return array_merge( + self::get_global(), + self::get_virt(), + self::get_labels(), + self::get_feeds(), + self::get_cats() + ); + } - return $data; + static function get_conditional(array $feed_ids = null, array $label_ids = null) { + return array_merge( + self::get_global(), + self::get_virt(), + self::get_labels($label_ids), + self::get_feeds($feed_ids), + self::get_cats(is_array($feed_ids) ? Feeds::_cats_of($feed_ids, $_SESSION["uid"], true) : null) + ); } - static private function getCategoryChildrenCounters($cat_id, $owner_uid) { + static private function get_cat_children($cat_id, $owner_uid) { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories WHERE parent_cat = ? @@ -23,52 +32,86 @@ class Counters { $marked = 0; while ($line = $sth->fetch()) { - list ($tmp_unread, $tmp_marked) = self::getCategoryChildrenCounters($line["id"], $owner_uid); + list ($tmp_unread, $tmp_marked) = self::get_cat_children($line["id"], $owner_uid); - $unread += $tmp_unread + Feeds::getCategoryUnread($line["id"], $owner_uid); - $marked += $tmp_marked + Feeds::getCategoryMarked($line["id"], $owner_uid); + $unread += $tmp_unread + Feeds::_get_cat_unread($line["id"], $owner_uid); + $marked += $tmp_marked + Feeds::_get_cat_marked($line["id"], $owner_uid); } return [$unread, $marked]; } - static function getCategoryCounters() { + private static function get_cats(array $cat_ids = null) { $ret = []; /* Labels category */ $cv = array("id" => -2, "kind" => "cat", - "counter" => Feeds::getCategoryUnread(-2)); + "counter" => Feeds::_get_cat_unread(-2)); array_push($ret, $cv); $pdo = Db::pdo(); - $sth = $pdo->prepare("SELECT fc.id, - SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, - SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, - (SELECT COUNT(id) FROM ttrss_feed_categories fcc - WHERE fcc.parent_cat = fc.id) AS num_children - FROM ttrss_feed_categories fc - LEFT JOIN ttrss_feeds f ON (f.cat_id = fc.id) - LEFT JOIN ttrss_user_entries ue ON (ue.feed_id = f.id) - WHERE fc.owner_uid = :uid - GROUP BY fc.id - UNION - SELECT 0, - SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, - SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, - 0 - FROM ttrss_feeds f, ttrss_user_entries ue - WHERE f.cat_id IS NULL AND - ue.feed_id = f.id AND - ue.owner_uid = :uid"); - - $sth->execute(["uid" => $_SESSION['uid']]); + if (is_array($cat_ids)) { + if (count($cat_ids) == 0) + return []; + + $cat_ids_qmarks = arr_qmarks($cat_ids); + + $sth = $pdo->prepare("SELECT fc.id, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, + (SELECT COUNT(id) FROM ttrss_feed_categories fcc + WHERE fcc.parent_cat = fc.id) AS num_children + FROM ttrss_feed_categories fc + LEFT JOIN ttrss_feeds f ON (f.cat_id = fc.id) + LEFT JOIN ttrss_user_entries ue ON (ue.feed_id = f.id) + WHERE fc.owner_uid = ? AND fc.id IN ($cat_ids_qmarks) + GROUP BY fc.id + UNION + SELECT 0, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, + 0 + FROM ttrss_feeds f, ttrss_user_entries ue + WHERE f.cat_id IS NULL AND + ue.feed_id = f.id AND + ue.owner_uid = ?"); + + $sth->execute(array_merge( + [$_SESSION['uid']], + $cat_ids, + [$_SESSION['uid']] + )); + + } else { + $sth = $pdo->prepare("SELECT fc.id, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, + (SELECT COUNT(id) FROM ttrss_feed_categories fcc + WHERE fcc.parent_cat = fc.id) AS num_children + FROM ttrss_feed_categories fc + LEFT JOIN ttrss_feeds f ON (f.cat_id = fc.id) + LEFT JOIN ttrss_user_entries ue ON (ue.feed_id = f.id) + WHERE fc.owner_uid = :uid + GROUP BY fc.id + UNION + SELECT 0, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked, + 0 + FROM ttrss_feeds f, ttrss_user_entries ue + WHERE f.cat_id IS NULL AND + ue.feed_id = f.id AND + ue.owner_uid = :uid"); + + $sth->execute(["uid" => $_SESSION['uid']]); + } while ($line = $sth->fetch()) { if ($line["num_children"] > 0) { - list ($child_counter, $child_marked_counter) = self::getCategoryChildrenCounters($line["id"], $_SESSION["uid"]); + list ($child_counter, $child_marked_counter) = self::get_cat_children($line["id"], $_SESSION["uid"]); } else { $child_counter = 0; $child_marked_counter = 0; @@ -84,38 +127,53 @@ class Counters { array_push($ret, $cv); } - array_push($ret, $cv); - return $ret; } - - static function getFeedCounters($active_feed = false) { + private static function get_feeds(array $feed_ids = null) { $ret = []; $pdo = Db::pdo(); - $sth = $pdo->prepare("SELECT f.id, - f.title, - ".SUBSTRING_FOR_DATE."(f.last_updated,1,19) AS last_updated, - f.last_error, - SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, - SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked - FROM ttrss_feeds f, ttrss_user_entries ue - WHERE f.id = ue.feed_id AND ue.owner_uid = :uid - GROUP BY f.id"); - - $sth->execute(["uid" => $_SESSION['uid']]); + if (is_array($feed_ids)) { + if (count($feed_ids) == 0) + return []; + + $feed_ids_qmarks = arr_qmarks($feed_ids); + + $sth = $pdo->prepare("SELECT f.id, + f.title, + ".SUBSTRING_FOR_DATE."(f.last_updated,1,19) AS last_updated, + f.last_error, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked + FROM ttrss_feeds f, ttrss_user_entries ue + WHERE f.id = ue.feed_id AND ue.owner_uid = ? AND f.id IN ($feed_ids_qmarks) + GROUP BY f.id"); + + $sth->execute(array_merge([$_SESSION['uid']], $feed_ids)); + } else { + $sth = $pdo->prepare("SELECT f.id, + f.title, + ".SUBSTRING_FOR_DATE."(f.last_updated,1,19) AS last_updated, + f.last_error, + SUM(CASE WHEN unread THEN 1 ELSE 0 END) AS count, + SUM(CASE WHEN marked THEN 1 ELSE 0 END) AS count_marked + FROM ttrss_feeds f, ttrss_user_entries ue + WHERE f.id = ue.feed_id AND ue.owner_uid = :uid + GROUP BY f.id"); + + $sth->execute(["uid" => $_SESSION['uid']]); + } while ($line = $sth->fetch()) { $id = $line["id"]; - $last_error = htmlspecialchars($line["last_error"]); $last_updated = TimeHelper::make_local_datetime($line['last_updated'], false); - if (Feeds::feedHasIcon($id)) { - $has_img = filemtime(Feeds::getIconFile($id)); + if (Feeds::_has_icon($id)) { + $has_img = filemtime(Feeds::_get_icon_file($id)); } else { $has_img = false; } @@ -132,11 +190,8 @@ class Counters { "has_img" => (int) $has_img ]; - if ($last_error) - $cv["error"] = $last_error; - - if ($active_feed && $id == $active_feed) - $cv["title"] = truncate_string($line["title"], 30); + $cv["error"] = $line["last_error"]; + $cv["title"] = truncate_string($line["title"], 30); array_push($ret, $cv); @@ -145,11 +200,11 @@ class Counters { return $ret; } - static function getGlobalCounters($global_unread = -1) { + private static function get_global($global_unread = -1) { $ret = []; if ($global_unread == -1) { - $global_unread = Feeds::getGlobalUnread(); + $global_unread = Feeds::_get_global_unread(); } $cv = [ @@ -178,7 +233,7 @@ class Counters { return $ret; } - static function getVirtCounters() { + private static function get_virt() { $ret = []; @@ -187,7 +242,7 @@ class Counters { $count = getFeedUnread($i); if ($i == 0 || $i == -1 || $i == -2) - $auxctr = Feeds::getFeedArticles($i, false); + $auxctr = Feeds::_get_counters($i, false); else $auxctr = 0; @@ -222,23 +277,42 @@ class Counters { return $ret; } - static function getLabelCounters($descriptions = false) { + static function get_labels(array $label_ids = null) { $ret = []; $pdo = Db::pdo(); - $sth = $pdo->prepare("SELECT id, - caption, - SUM(CASE WHEN u1.unread = true THEN 1 ELSE 0 END) AS count_unread, - SUM(CASE WHEN u1.marked = true THEN 1 ELSE 0 END) AS count_marked, - COUNT(u1.unread) AS total - FROM ttrss_labels2 LEFT JOIN ttrss_user_labels2 ON - (ttrss_labels2.id = label_id) - LEFT JOIN ttrss_user_entries AS u1 ON u1.ref_id = article_id AND u1.owner_uid = :uid - WHERE ttrss_labels2.owner_uid = :uid - GROUP BY ttrss_labels2.id, ttrss_labels2.caption"); - $sth->execute([":uid" => $_SESSION['uid']]); + if (is_array($label_ids)) { + if (count($label_ids) == 0) + return []; + + $label_ids_qmarks = arr_qmarks($label_ids); + + $sth = $pdo->prepare("SELECT id, + caption, + SUM(CASE WHEN u1.unread = true THEN 1 ELSE 0 END) AS count_unread, + SUM(CASE WHEN u1.marked = true THEN 1 ELSE 0 END) AS count_marked, + COUNT(u1.unread) AS total + FROM ttrss_labels2 LEFT JOIN ttrss_user_labels2 ON + (ttrss_labels2.id = label_id) + LEFT JOIN ttrss_user_entries AS u1 ON u1.ref_id = article_id AND u1.owner_uid = ? + WHERE ttrss_labels2.owner_uid = ? AND ttrss_labels2.id IN ($label_ids_qmarks) + GROUP BY ttrss_labels2.id, ttrss_labels2.caption"); + $sth->execute(array_merge([$_SESSION["uid"], $_SESSION["uid"]], $label_ids)); + } else { + $sth = $pdo->prepare("SELECT id, + caption, + SUM(CASE WHEN u1.unread = true THEN 1 ELSE 0 END) AS count_unread, + SUM(CASE WHEN u1.marked = true THEN 1 ELSE 0 END) AS count_marked, + COUNT(u1.unread) AS total + FROM ttrss_labels2 LEFT JOIN ttrss_user_labels2 ON + (ttrss_labels2.id = label_id) + LEFT JOIN ttrss_user_entries AS u1 ON u1.ref_id = article_id AND u1.owner_uid = :uid + WHERE ttrss_labels2.owner_uid = :uid + GROUP BY ttrss_labels2.id, ttrss_labels2.caption"); + $sth->execute([":uid" => $_SESSION['uid']]); + } while ($line = $sth->fetch()) { @@ -248,12 +322,10 @@ class Counters { "id" => $id, "counter" => (int) $line["count_unread"], "auxcounter" => (int) $line["total"], - "markedcounter" => (int) $line["count_marked"] + "markedcounter" => (int) $line["count_marked"], + "description" => $line["caption"] ]; - if ($descriptions) - $cv["description"] = $line["caption"]; - array_push($ret, $cv); } diff --git a/classes/db.php b/classes/db.php index 6199c82bb..a760d4402 100755 --- a/classes/db.php +++ b/classes/db.php @@ -1,13 +1,9 @@ <?php class Db { - /* @var Db $instance */ private static $instance; - /* @var IDb $adapter */ - private $adapter; - private $link; /* @var PDO $pdo */ @@ -17,49 +13,17 @@ class Db // } - private function legacy_connect() { - - user_error("Legacy connect requested to " . DB_TYPE, E_USER_NOTICE); - - $er = error_reporting(E_ALL); - - switch (DB_TYPE) { - case "mysql": - $this->adapter = new Db_Mysqli(); - break; - case "pgsql": - $this->adapter = new Db_Pgsql(); - break; - default: - die("Unknown DB_TYPE: " . DB_TYPE); - } - - if (!$this->adapter) { - print("Error initializing database adapter for " . DB_TYPE); - exit(100); - } - - $this->link = $this->adapter->connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, defined('DB_PORT') ? DB_PORT : ""); - - if (!$this->link) { - print("Error connecting through adapter: " . $this->adapter->last_error()); - exit(101); - } - - error_reporting($er); - } - // this really shouldn't be used unless a separate PDO connection is needed // normal usage is Db::pdo()->prepare(...) etc public function pdo_connect() { - $db_port = defined('DB_PORT') && DB_PORT ? ';port=' . DB_PORT : ''; - $db_host = defined('DB_HOST') && DB_HOST ? ';host=' . DB_HOST : ''; + $db_port = Config::get(Config::DB_PORT) ? ';port=' . Config::get(Config::DB_PORT) : ''; + $db_host = Config::get(Config::DB_HOST) ? ';host=' . Config::get(Config::DB_HOST) : ''; try { - $pdo = new PDO(DB_TYPE . ':dbname=' . DB_NAME . $db_host . $db_port, - DB_USER, - DB_PASS); + $pdo = new PDO(Config::get(Config::DB_TYPE) . ':dbname=' . Config::get(Config::DB_NAME) . $db_host . $db_port, + Config::get(Config::DB_USER), + Config::get(Config::DB_PASS)); } catch (Exception $e) { print "<pre>Exception while creating PDO object:" . $e->getMessage() . "</pre>"; exit(101); @@ -67,18 +31,18 @@ class Db $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $pdo->query("set client_encoding = 'UTF-8'"); $pdo->query("set datestyle = 'ISO, european'"); $pdo->query("set TIME ZONE 0"); $pdo->query("set cpu_tuple_cost = 0.5"); - } else if (DB_TYPE == "mysql") { + } else if (Config::get(Config::DB_TYPE) == "mysql") { $pdo->query("SET time_zone = '+0:0'"); - if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) { - $pdo->query("SET NAMES " . MYSQL_CHARSET); + if (Config::get(Config::MYSQL_CHARSET)) { + $pdo->query("SET NAMES " . Config::get(Config::MYSQL_CHARSET)); } } @@ -92,17 +56,6 @@ class Db return self::$instance; } - public static function get() : Db { - if (self::$instance == null) - self::$instance = new self(); - - if (!self::$instance->adapter) { - self::$instance->legacy_connect(); - } - - return self::$instance->adapter; - } - public static function pdo() : PDO { if (self::$instance == null) self::$instance = new self(); @@ -115,7 +68,7 @@ class Db } public static function sql_random_function() { - if (DB_TYPE == "mysql") { + if (Config::get(Config::DB_TYPE) == "mysql") { return "RAND()"; } else { return "RANDOM()"; diff --git a/classes/db/mysqli.php b/classes/db/mysqli.php deleted file mode 100644 index a05b121fc..000000000 --- a/classes/db/mysqli.php +++ /dev/null @@ -1,85 +0,0 @@ -<?php -class Db_Mysqli implements IDb { - private $link; - private $last_error; - - function connect($host, $user, $pass, $db, $port) { - if ($port) - $this->link = mysqli_connect($host, $user, $pass, $db, $port); - else - $this->link = mysqli_connect($host, $user, $pass, $db); - - if ($this->link) { - $this->init(); - - return $this->link; - } else { - print("Unable to connect to database (as $user to $host, database $db): " . mysqli_connect_error()); - exit(102); - } - } - - function escape_string($s, $strip_tags = true) { - if ($strip_tags) $s = strip_tags($s); - - return mysqli_real_escape_string($this->link, $s); - } - - function query($query, $die_on_error = true) { - $result = @mysqli_query($this->link, $query); - if (!$result) { - $this->last_error = @mysqli_error($this->link); - - @mysqli_query($this->link, "ROLLBACK"); - user_error("Query $query failed: " . ($this->link ? $this->last_error : "No connection"), - $die_on_error ? E_USER_ERROR : E_USER_WARNING); - } - - return $result; - } - - function fetch_assoc($result) { - return mysqli_fetch_assoc($result); - } - - - function num_rows($result) { - return mysqli_num_rows($result); - } - - function fetch_result($result, $row, $param) { - if (mysqli_data_seek($result, $row)) { - $line = mysqli_fetch_assoc($result); - return $line[$param]; - } else { - return false; - } - } - - function close() { - return mysqli_close($this->link); - } - - function affected_rows($result) { - return mysqli_affected_rows($this->link); - } - - function last_error() { - return mysqli_error($this->link); - } - - function last_query_error() { - return $this->last_error; - } - - function init() { - $this->query("SET time_zone = '+0:0'"); - - if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) { - mysqli_set_charset($this->link, MYSQL_CHARSET); - } - - return true; - } - -} diff --git a/classes/db/pgsql.php b/classes/db/pgsql.php deleted file mode 100644 index 98fab6bea..000000000 --- a/classes/db/pgsql.php +++ /dev/null @@ -1,91 +0,0 @@ -<?php -class Db_Pgsql implements IDb { - private $link; - private $last_error; - - function connect($host, $user, $pass, $db, $port) { - $string = "dbname=$db user=$user"; - - if ($pass) { - $string .= " password=$pass"; - } - - if ($host) { - $string .= " host=$host"; - } - - if (is_numeric($port) && $port > 0) { - $string = "$string port=" . $port; - } - - $this->link = pg_connect($string); - - if (!$this->link) { - print("Unable to connect to database (as $user to $host, database $db):" . pg_last_error()); - exit(102); - } - - $this->init(); - - return $this->link; - } - - function escape_string($s, $strip_tags = true) { - if ($strip_tags) $s = strip_tags($s); - - return pg_escape_string($s); - } - - function query($query, $die_on_error = true) { - $result = @pg_query($this->link, $query); - - if (!$result) { - $this->last_error = @pg_last_error($this->link); - - @pg_query($this->link, "ROLLBACK"); - $query = htmlspecialchars($query); // just in case - user_error("Query $query failed: " . ($this->link ? $this->last_error : "No connection"), - $die_on_error ? E_USER_ERROR : E_USER_WARNING); - } - return $result; - } - - function fetch_assoc($result) { - return pg_fetch_assoc($result); - } - - - function num_rows($result) { - return pg_num_rows($result); - } - - function fetch_result($result, $row, $param) { - return pg_fetch_result($result, $row, $param); - } - - function close() { - return pg_close($this->link); - } - - function affected_rows($result) { - return pg_affected_rows($result); - } - - function last_error() { - return pg_last_error($this->link); - } - - function last_query_error() { - return $this->last_error; - } - - function init() { - $this->query("set client_encoding = 'UTF-8'"); - pg_set_client_encoding("UNICODE"); - $this->query("set datestyle = 'ISO, european'"); - $this->query("set TIME ZONE 0"); - $this->query("set cpu_tuple_cost = 0.5"); - - return true; - } -}
\ No newline at end of file diff --git a/classes/db/prefs.php b/classes/db/prefs.php index 24153b19a..44581dbcb 100644 --- a/classes/db/prefs.php +++ b/classes/db/prefs.php @@ -6,9 +6,8 @@ class Db_Prefs { function __construct() { $this->pdo = Db::pdo(); - $this->cache = array(); - - if (!empty($_SESSION["uid"])) $this->cache(); + $this->cache = []; + $this->cache_prefs(); } private function __clone() { @@ -22,31 +21,30 @@ class Db_Prefs { return self::$instance; } - function cache() { - $user_id = $_SESSION["uid"]; - $profile = $_SESSION["profile"] ?? false; + private function cache_prefs() { + if (!empty($_SESSION["uid"])) { + $profile = $_SESSION["profile"] ?? false; - if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; + if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; - $sth = $this->pdo->prepare("SELECT - value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name - FROM - ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types - WHERE - (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND - ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND - ttrss_prefs_types.id = type_id AND - owner_uid = :uid AND - ttrss_user_prefs.pref_name = ttrss_prefs.pref_name"); + $sth = $this->pdo->prepare("SELECT up.pref_name, pt.type_name, up.value + FROM ttrss_user_prefs up + JOIN ttrss_prefs p ON (up.pref_name = p.pref_name) + JOIN ttrss_prefs_types pt ON (p.type_id = pt.id) + WHERE + up.pref_name NOT LIKE '_MOBILE%' AND + (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND + owner_uid = :uid"); - $sth->execute([":profile" => $profile, ":uid" => $user_id]); + $sth->execute([":profile" => $profile, ":uid" => $_SESSION["uid"]]); - while ($line = $sth->fetch()) { - if ($user_id == $_SESSION["uid"]) { - $pref_name = $line["pref_name"]; + while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + $pref_name = $row["pref_name"]; - $this->cache[$pref_name]["type"] = $line["type_name"]; - $this->cache[$pref_name]["value"] = $line["value"]; + $this->cache[$pref_name] = [ + "type" => $row["type_name"], + "value" => $row["value"] + ]; } } } @@ -67,35 +65,37 @@ class Db_Prefs { if (!is_numeric($profile) || !$profile || get_schema_version() < 63) $profile = null; - $sth = $this->pdo->prepare("SELECT - value,ttrss_prefs_types.type_name as type_name - FROM - ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types + $sth = $this->pdo->prepare("SELECT up.pref_name, pt.type_name, up.value + FROM ttrss_user_prefs up + JOIN ttrss_prefs p ON (up.pref_name = p.pref_name) + JOIN ttrss_prefs_types pt ON (p.type_id = pt.id) WHERE + up.pref_name = :pref_name AND (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND - ttrss_user_prefs.pref_name = :pref_name AND - ttrss_prefs_types.id = type_id AND - owner_uid = :uid AND - ttrss_user_prefs.pref_name = ttrss_prefs.pref_name"); + owner_uid = :uid"); + $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]); - if ($row = $sth->fetch()) { + if ($row = $sth->fetch(PDO::FETCH_ASSOC)) { $value = $row["value"]; $type_name = $row["type_name"]; if ($user_id == ($_SESSION["uid"] ?? false)) { - $this->cache[$pref_name]["type"] = $type_name; - $this->cache[$pref_name]["value"] = $value; + $this->cache[$pref_name] = [ + "type" => $row["type_name"], + "value" => $row["value"] + ]; } return $this->convert($value, $type_name); } else if ($die_on_error) { - user_error("Fatal error, unknown preferences key: $pref_name (owner: $user_id)", E_USER_ERROR); - return null; + user_error("Failed retrieving preference $pref_name for user $user_id", E_USER_ERROR); } else { - return null; + user_error("Failed retrieving preference $pref_name for user $user_id", E_USER_WARNING); } + + return null; } function convert($value, $type_name) { diff --git a/classes/dbupdater.php b/classes/dbupdater.php index 3cc6e9125..e923c7fcb 100644 --- a/classes/dbupdater.php +++ b/classes/dbupdater.php @@ -11,16 +11,16 @@ class DbUpdater { $this->need_version = (int) $need_version; } - function getSchemaVersion() { + function get_schema_version() { $row = $this->pdo->query("SELECT schema_version FROM ttrss_version")->fetch(); return (int) $row['schema_version']; } - function isUpdateRequired() { - return $this->getSchemaVersion() < $this->need_version; + function is_update_required() { + return $this->get_schema_version() < $this->need_version; } - function getSchemaLines($version) { + function get_schema_lines($version) { $filename = "schema/versions/".$this->db_type."/$version.sql"; if (file_exists($filename)) { @@ -31,10 +31,10 @@ class DbUpdater { } } - function performUpdateTo($version, $html_output = true) { - if ($this->getSchemaVersion() == $version - 1) { + function update_to($version, $html_output = true) { + if ($this->get_schema_version() == $version - 1) { - $lines = $this->getSchemaLines($version); + $lines = $this->get_schema_lines($version); if (is_array($lines)) { @@ -63,7 +63,7 @@ class DbUpdater { } } - $db_version = $this->getSchemaVersion(); + $db_version = $this->get_schema_version(); if ($db_version == $version) { $this->pdo->commit(); diff --git a/classes/digest.php b/classes/digest.php index 7790424ca..a6a0c47de 100644 --- a/classes/digest.php +++ b/classes/digest.php @@ -1,12 +1,6 @@ <?php class Digest { - - /** - * Send by mail a digest of last articles. - * - * @return boolean Return false if digests are not enabled. - */ static function send_headlines_digests() { $user_limit = 15; // amount of users to process (e.g. emails to send out) @@ -14,9 +8,9 @@ class Digest Debug::log("Sending digests, batch of max $user_limit users, headline limit = $limit"); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $interval_qpart = "last_digest_sent < NOW() - INTERVAL '1 days'"; - } else /* if (DB_TYPE == "mysql") */ { + } else /* if (Config::get(Config::DB_TYPE) == "mysql") */ { $interval_qpart = "last_digest_sent < DATE_SUB(NOW(), INTERVAL 1 DAY)"; } @@ -54,11 +48,11 @@ class Digest $mailer = new Mailer(); - //$rc = $mail->quickMail($line["email"], $line["login"], DIGEST_SUBJECT, $digest, $digest_text); + //$rc = $mail->quickMail($line["email"], $line["login"], Config::get(Config::DIGEST_SUBJECT), $digest, $digest_text); $rc = $mailer->mail(["to_name" => $line["login"], "to_address" => $line["email"], - "subject" => DIGEST_SUBJECT, + "subject" => Config::get(Config::DIGEST_SUBJECT), "message" => $digest_text, "message_html" => $digest]); @@ -68,7 +62,7 @@ class Digest if ($rc && $do_catchup) { Debug::log("Marking affected articles as read..."); - Article::catchupArticlesById($affected_ids, 0, $line["id"]); + Article::_catchup_by_id($affected_ids, 0, $line["id"]); } } else { Debug::log("No headlines"); @@ -81,9 +75,7 @@ class Digest } } } - Debug::log("All done."); - } static function prepare_headlines_digest($user_id, $days = 1, $limit = 1000) { @@ -99,19 +91,19 @@ class Digest $tpl->setVariable('CUR_DATE', date('Y/m/d', $local_ts)); $tpl->setVariable('CUR_TIME', date('G:i', $local_ts)); - $tpl->setVariable('TTRSS_HOST', SELF_URL_PATH); + $tpl->setVariable('TTRSS_HOST', Config::get(Config::get(Config::SELF_URL_PATH))); $tpl_t->setVariable('CUR_DATE', date('Y/m/d', $local_ts)); $tpl_t->setVariable('CUR_TIME', date('G:i', $local_ts)); - $tpl_t->setVariable('TTRSS_HOST', SELF_URL_PATH); + $tpl_t->setVariable('TTRSS_HOST', Config::get(Config::get(Config::SELF_URL_PATH))); $affected_ids = array(); $days = (int) $days; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $interval_qpart = "ttrss_entries.date_updated > NOW() - INTERVAL '$days days'"; - } else /* if (DB_TYPE == "mysql") */ { + } else /* if (Config::get(Config::DB_TYPE) == "mysql") */ { $interval_qpart = "ttrss_entries.date_updated > DATE_SUB(NOW(), INTERVAL $days DAY)"; } @@ -164,7 +156,7 @@ class Digest $line['feed_title'] = $line['cat_title'] . " / " . $line['feed_title']; } - $article_labels = Article::get_article_labels($line["ref_id"], $user_id); + $article_labels = Article::_get_labels($line["ref_id"], $user_id); $article_labels_formatted = ""; if (is_array($article_labels) && count($article_labels) > 0) { @@ -210,5 +202,4 @@ class Digest return array($tmp, $headlines_count, $affected_ids, $tmp_t); } - } diff --git a/classes/diskcache.php b/classes/diskcache.php index 3fd099d3c..9c594acc5 100644 --- a/classes/diskcache.php +++ b/classes/diskcache.php @@ -191,23 +191,23 @@ class DiskCache { ]; public function __construct($dir) { - $this->dir = CACHE_DIR . "/" . basename(clean($dir)); + $this->dir = Config::get(Config::CACHE_DIR) . "/" . basename(clean($dir)); } - public function getDir() { + public function get_dir() { return $this->dir; } - public function makeDir() { + public function make_dir() { if (!is_dir($this->dir)) { return mkdir($this->dir); } } - public function isWritable($filename = "") { + public function is_writable($filename = "") { if ($filename) { - if (file_exists($this->getFullPath($filename))) - return is_writable($this->getFullPath($filename)); + if (file_exists($this->get_full_path($filename))) + return is_writable($this->get_full_path($filename)); else return is_writable($this->dir); } else { @@ -216,44 +216,44 @@ class DiskCache { } public function exists($filename) { - return file_exists($this->getFullPath($filename)); + return file_exists($this->get_full_path($filename)); } - public function getSize($filename) { + public function get_size($filename) { if ($this->exists($filename)) - return filesize($this->getFullPath($filename)); + return filesize($this->get_full_path($filename)); else return -1; } - public function getFullPath($filename) { + public function get_full_path($filename) { return $this->dir . "/" . basename(clean($filename)); } public function put($filename, $data) { - return file_put_contents($this->getFullPath($filename), $data); + return file_put_contents($this->get_full_path($filename), $data); } public function touch($filename) { - return touch($this->getFullPath($filename)); + return touch($this->get_full_path($filename)); } public function get($filename) { if ($this->exists($filename)) - return file_get_contents($this->getFullPath($filename)); + return file_get_contents($this->get_full_path($filename)); else return null; } - public function getMimeType($filename) { + public function get_mime_type($filename) { if ($this->exists($filename)) - return mime_content_type($this->getFullPath($filename)); + return mime_content_type($this->get_full_path($filename)); else return null; } - public function getFakeExtension($filename) { - $mimetype = $this->getMimeType($filename); + public function get_fake_extension($filename) { + $mimetype = $this->get_mime_type($filename); if ($mimetype) return isset($this->mimeMap[$mimetype]) ? $this->mimeMap[$mimetype] : ""; @@ -262,25 +262,25 @@ class DiskCache { } public function send($filename) { - $fake_extension = $this->getFakeExtension($filename); + $fake_extension = $this->get_fake_extension($filename); if ($fake_extension) $fake_extension = ".$fake_extension"; header("Content-Disposition: inline; filename=\"${filename}${fake_extension}\""); - return $this->send_local_file($this->getFullPath($filename)); + return $this->send_local_file($this->get_full_path($filename)); } - public function getUrl($filename) { - return get_self_url_prefix() . "/public.php?op=cached_url&file=" . basename($this->dir) . "/" . basename($filename); + public function get_url($filename) { + return get_self_url_prefix() . "/public.php?op=cached&file=" . basename($this->dir) . "/" . basename($filename); } // check for locally cached (media) URLs and rewrite to local versions // this is called separately after sanitize() and plugin render article hooks to allow // plugins work on original source URLs used before caching // NOTE: URLs should be already absolutized because this is called after sanitize() - static public function rewriteUrls($str) + static public function rewrite_urls($str) { $res = trim($str); if (!$res) return ''; @@ -301,7 +301,7 @@ class DiskCache { $cached_filename = sha1($url); if ($cache->exists($cached_filename)) { - $url = $cache->getUrl($cached_filename); + $url = $cache->get_url($cached_filename); $entry->setAttribute($attr, $url); $entry->removeAttribute("srcset"); @@ -318,7 +318,7 @@ class DiskCache { $cached_filename = sha1($matches[$i]["url"]); if ($cache->exists($cached_filename)) { - $matches[$i]["url"] = $cache->getUrl($cached_filename); + $matches[$i]["url"] = $cache->get_url($cached_filename); $need_saving = true; } @@ -339,7 +339,7 @@ class DiskCache { } static function expire() { - $dirs = array_filter(glob(CACHE_DIR . "/*"), "is_dir"); + $dirs = array_filter(glob(Config::get(Config::CACHE_DIR) . "/*"), "is_dir"); foreach ($dirs as $cache_dir) { $num_deleted = 0; @@ -349,7 +349,7 @@ class DiskCache { if ($files) { foreach ($files as $file) { - if (time() - filemtime($file) > 86400*CACHE_MAX_DAYS) { + if (time() - filemtime($file) > 86400*Config::get(Config::CACHE_MAX_DAYS)) { unlink($file); ++$num_deleted; @@ -396,7 +396,7 @@ class DiskCache { $tmppluginhost = new PluginHost(); - $tmppluginhost->load(PLUGINS, PluginHost::KIND_SYSTEM); + $tmppluginhost->load(Config::get(Config::PLUGINS), PluginHost::KIND_SYSTEM); //$tmppluginhost->load_data(); if ($tmppluginhost->run_hooks_until(PluginHost::HOOK_SEND_LOCAL_FILE, true, $filename)) diff --git a/classes/errors.php b/classes/errors.php new file mode 100644 index 000000000..be175418e --- /dev/null +++ b/classes/errors.php @@ -0,0 +1,12 @@ +<?php +class Errors { + const E_SUCCESS = "E_SUCCESS"; + const E_UNAUTHORIZED = "E_UNAUTHORIZED"; + const E_UNKNOWN_METHOD = "E_UNKNOWN_METHOD"; + const E_UNKNOWN_PLUGIN = "E_UNKNOWN_PLUGIN"; + const E_SCHEMA_MISMATCH = "E_SCHEMA_MISMATCH"; + + static function to_json(string $code) { + return json_encode(["error" => ["code" => $code]]); + } +} diff --git a/classes/feeditem.php b/classes/feeditem.php index 3a5e5dc09..e30df3086 100644 --- a/classes/feeditem.php +++ b/classes/feeditem.php @@ -9,7 +9,7 @@ abstract class FeedItem { abstract function get_comments_url(); abstract function get_comments_count(); abstract function get_categories(); - abstract function get_enclosures(); + abstract function _get_enclosures(); abstract function get_author(); abstract function get_language(); } diff --git a/classes/feeditem/atom.php b/classes/feeditem/atom.php index a03080981..3e092a048 100755 --- a/classes/feeditem/atom.php +++ b/classes/feeditem/atom.php @@ -119,7 +119,7 @@ class FeedItem_Atom extends FeedItem_Common { return $this->normalize_categories($cats); } - function get_enclosures() { + function _get_enclosures() { $links = $this->elem->getElementsByTagName("link"); $encs = array(); @@ -138,7 +138,7 @@ class FeedItem_Atom extends FeedItem_Common { } } - $encs = array_merge($encs, parent::get_enclosures()); + $encs = array_merge($encs, parent::_get_enclosures()); return $encs; } diff --git a/classes/feeditem/common.php b/classes/feeditem/common.php index 1e9d62228..8f2b9188b 100755 --- a/classes/feeditem/common.php +++ b/classes/feeditem/common.php @@ -78,7 +78,7 @@ abstract class FeedItem_Common extends FeedItem { } // this is common for both Atom and RSS types and deals with various media: elements - function get_enclosures() { + function _get_enclosures() { $encs = []; $enclosures = $this->xpath->query("media:content", $this->elem); @@ -179,7 +179,7 @@ abstract class FeedItem_Common extends FeedItem { $cat = preg_replace('/[,\'\"]/', "", $cat); - if (DB_TYPE == "mysql") { + if (Config::get(Config::DB_TYPE) == "mysql") { $cat = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $cat); } diff --git a/classes/feeditem/rss.php b/classes/feeditem/rss.php index 1f7953c51..f103ad787 100755 --- a/classes/feeditem/rss.php +++ b/classes/feeditem/rss.php @@ -112,7 +112,7 @@ class FeedItem_RSS extends FeedItem_Common { return $this->normalize_categories($cats); } - function get_enclosures() { + function _get_enclosures() { $enclosures = $this->elem->getElementsByTagName("enclosure"); $encs = array(); @@ -129,7 +129,7 @@ class FeedItem_RSS extends FeedItem_Common { array_push($encs, $enc); } - $encs = array_merge($encs, parent::get_enclosures()); + $encs = array_merge($encs, parent::_get_enclosures()); return $encs; } diff --git a/classes/feeds.php b/classes/feeds.php index 031a671ae..ba2719f48 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -16,110 +16,13 @@ class Feeds extends Handler_Protected { return array_search($method, $csrf_ignored) !== false; } - private function format_headline_subtoolbar($feed_site_url, $feed_title, - $feed_id, $is_cat, $search, - $error, $feed_last_updated) { - - $cat_q = $is_cat ? "&is_cat=$is_cat" : ""; - - if ($search) { - $search_q = "&q=$search"; - } else { - $search_q = ""; - } - - $reply = ""; - - $rss_link = htmlspecialchars(get_self_url_prefix() . - "/public.php?op=rss&id=${feed_id}${cat_q}${search_q}"); - - $reply .= "<span class='left'>"; - - $reply .= "<a href=\"#\" - title=\"".__("Show as feed")."\" - onclick='CommonDialogs.generatedFeed(\"$feed_id\", \"$is_cat\", \"$rss_link\")'> - <i class='icon-syndicate material-icons'>rss_feed</i></a>"; - - $reply .= "<span id='feed_title'>"; - - if ($feed_site_url) { - $last_updated = T_sprintf("Last updated: %s", $feed_last_updated); - - $reply .= "<a title=\"$last_updated\" target='_blank' href=\"$feed_site_url\">". - truncate_string(strip_tags($feed_title), 30)."</a>"; - } else { - $reply .= strip_tags($feed_title); - } - - if ($error) - $reply .= " <i title=\"" . htmlspecialchars($error) . "\" class='material-icons icon-error'>error</i>"; - - $reply .= "</span>"; - $reply .= "<span id='feed_current_unread' style='display: none'></span>"; - $reply .= "</span>"; - - $reply .= "<span class=\"right\">"; - $reply .= "<span id='selected_prompt'></span>"; - $reply .= " "; - - $reply .= "<div dojoType='fox.form.DropDownButton' title='".__('Select articles')."'> - <span>".__("Select...")."</span> - <div dojoType='dijit.Menu' style='display: none;'> - <div dojoType='dijit.MenuItem' onclick='Headlines.select(\"all\")'>".__('All')."</div> - <div dojoType='dijit.MenuItem' onclick='Headlines.select(\"unread\")'>".__('Unread')."</div> - <div dojoType='dijit.MenuItem' onclick='Headlines.select(\"invert\")'>".__('Invert')."</div> - <div dojoType='dijit.MenuItem' onclick='Headlines.select(\"none\")'>".__('None')."</div> - <div dojoType='dijit.MenuSeparator'></div> - <div dojoType='dijit.MenuItem' onclick='Headlines.selectionToggleUnread()'>".__('Toggle unread')."</div> - <div dojoType='dijit.MenuItem' onclick='Headlines.selectionToggleMarked()'>".__('Toggle starred')."</div> - <div dojoType='dijit.MenuItem' onclick='Headlines.selectionTogglePublished()'>".__('Toggle published')."</div> - <div dojoType='dijit.MenuSeparator'></div> - <div dojoType='dijit.MenuItem' onclick='Headlines.catchupSelection()'>".__('Mark as read')."</div> - <div dojoType='dijit.MenuItem' onclick='Article.selectionSetScore()'>".__('Set score')."</div>"; - - // TODO: move to mail plugin - if (PluginHost::getInstance()->get_plugin("mail")) { - $reply .= "<div dojoType='dijit.MenuItem' value='Plugins.Mail.send()'>".__('Forward by email')."</div>"; - } - - // TODO: move to mailto plugin - if (PluginHost::getInstance()->get_plugin("mailto")) { - $reply .= "<div dojoType='dijit.MenuItem' value='Plugins.Mailto.send()'>".__('Forward by email')."</div>"; - } - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_HEADLINE_TOOLBAR_SELECT_MENU_ITEM, - function ($result) use (&$reply) { - $reply .= $result; - }, - $feed_id, $is_cat); - - if ($feed_id == 0 && !$is_cat) { - $reply .= "<div dojoType='dijit.MenuSeparator'></div> - <div dojoType='dijit.MenuItem' class='text-error' onclick='Headlines.deleteSelection()'>".__('Delete permanently')."</div>"; - } - - $reply .= "</div>"; /* menu */ - - $reply .= "</div>"; /* dropdown */ - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_HEADLINE_TOOLBAR_BUTTON, - function ($result) use (&$reply) { - $reply .= $result; - }, - $feed_id, $is_cat); - - $reply .= "</span>"; - - return $reply; - } - - private function format_headlines_list($feed, $method, $view_mode, $limit, $cat_view, + private function _format_headlines_list($feed, $method, $view_mode, $limit, $cat_view, $offset, $override_order = false, $include_children = false, $check_first_id = false, $skip_first_id_check = false, $order_by = false) { $disable_cache = false; - $this->mark_timestamp("init"); + $this->_mark_timestamp("init"); $reply = []; $rgba_cache = []; @@ -138,7 +41,7 @@ class Feeds extends Handler_Protected { } if ($method_split[0] == "MarkAllReadGR") { - $this->catchup_feed($method_split[1], false); + $this->_catchup($method_split[1], false); } // FIXME: might break tag display? @@ -200,10 +103,10 @@ class Feeds extends Handler_Protected { "order_by" => $order_by ); - $qfh_ret = $this->queryFeedHeadlines($params); + $qfh_ret = $this->_get_headlines($params); } - $this->mark_timestamp("db query"); + $this->_mark_timestamp("db query"); $vfeed_group_enabled = get_pref("VFEED_GROUP_BY_FEED") && !(in_array($feed, self::NEVER_GROUP_FEEDS) && !$cat_view); @@ -222,10 +125,28 @@ class Feeds extends Handler_Protected { $reply['search_query'] = [$search, $search_language]; $reply['vfeed_group_enabled'] = $vfeed_group_enabled; - $reply['toolbar'] = $this->format_headline_subtoolbar($feed_site_url, - $feed_title, - $feed, $cat_view, $search, - $last_error, $last_updated); + $plugin_menu_items = ""; + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_HEADLINE_TOOLBAR_SELECT_MENU_ITEM, + function ($result) use (&$plugin_menu_items) { + $plugin_menu_items .= $result; + }, + $feed, $cat_view); + + $plugin_buttons = ""; + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_HEADLINE_TOOLBAR_BUTTON, + function ($result) use (&$plugin_buttons) { + $plugin_buttons .= $result; + }, + $feed, $cat_view); + + $reply['toolbar'] = [ + 'site_url' => $feed_site_url, + 'title' => strip_tags($feed_title), + 'error' => $last_error, + 'last_updated' => $last_updated, + 'plugin_menu_items' => $plugin_menu_items, + 'plugin_buttons' => $plugin_buttons, + ]; $reply['content'] = []; @@ -236,13 +157,13 @@ class Feeds extends Handler_Protected { }, $feed, $cat_view, $qfh_ret); - $this->mark_timestamp("object header"); + $this->_mark_timestamp("object header"); $headlines_count = 0; if ($result instanceof PDOStatement) { while ($line = $result->fetch(PDO::FETCH_ASSOC)) { - $this->mark_timestamp("article start: " . $line["id"] . " " . $line["title"]); + $this->_mark_timestamp("article start: " . $line["id"] . " " . $line["title"]); ++$headlines_count; @@ -260,12 +181,12 @@ class Feeds extends Handler_Protected { $line, $max_excerpt_length); } - $this->mark_timestamp(" hook_query_headlines"); + $this->_mark_timestamp(" hook_query_headlines"); $id = $line["id"]; // frontend doesn't expect pdo returning booleans as strings on mysql - if (DB_TYPE == "mysql") { + if (Config::get(Config::DB_TYPE) == "mysql") { foreach (["unread", "marked", "published"] as $k) { $line[$k] = $line[$k] === "1"; } @@ -293,19 +214,15 @@ class Feeds extends Handler_Protected { } } - if (!is_array($labels)) $labels = Article::get_article_labels($id); - - $labels_str = "<span class=\"HLLCTR-$id\">"; - $labels_str .= Article::format_article_labels($labels); - $labels_str .= "</span>"; + if (!is_array($labels)) $labels = Article::_get_labels($id); - $line["labels"] = $labels_str; + $line["labels"] = Article::_get_labels($id); if (count($topmost_article_ids) < 3) { array_push($topmost_article_ids, $id); } - $this->mark_timestamp(" labels"); + $this->_mark_timestamp(" labels"); $line["feed_title"] = $line["feed_title"] ?? ""; @@ -323,32 +240,27 @@ class Feeds extends Handler_Protected { }, $line); - $this->mark_timestamp(" pre-sanitize"); + $this->_mark_timestamp(" pre-sanitize"); $line["content"] = Sanitizer::sanitize($line["content"], $line['hide_images'], false, $line["site_url"], $highlight_words, $line["id"]); - $this->mark_timestamp(" sanitize"); + $this->_mark_timestamp(" sanitize"); PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE_CDM, function ($result, $plugin) use (&$line) { $line = $result; - $this->mark_timestamp(" hook_render_cdm: " . get_class($plugin)); + $this->_mark_timestamp(" hook_render_cdm: " . get_class($plugin)); }, $line); - $this->mark_timestamp(" hook_render_cdm"); + $this->_mark_timestamp(" hook_render_cdm"); - $line['content'] = DiskCache::rewriteUrls($line['content']); + $line['content'] = DiskCache::rewrite_urls($line['content']); - $this->mark_timestamp(" disk_cache_rewrite"); + $this->_mark_timestamp(" disk_cache_rewrite"); - if ($line['note']) - $line['note'] = Article::format_article_note($id, $line['note']); - else - $line['note'] = ""; - - $this->mark_timestamp(" note"); + $this->_mark_timestamp(" note"); if (!get_pref("CDM_EXPANDED")) { $line["cdm_excerpt"] = "<span class='collapse'> @@ -360,12 +272,14 @@ class Feeds extends Handler_Protected { } } - $this->mark_timestamp(" pre-enclosures"); + $this->_mark_timestamp(" pre-enclosures"); - $line["enclosures"] = Article::format_article_enclosures($id, $line["always_display_enclosures"], - $line["content"], $line["hide_images"]); + $line["enclosures"] = Article::_format_enclosures($id, + $line["always_display_enclosures"], + $line["content"], + $line["hide_images"]); - $this->mark_timestamp(" enclosures"); + $this->_mark_timestamp(" enclosures"); $line["updated_long"] = TimeHelper::make_local_datetime($line["updated"],true); $line["updated"] = TimeHelper::make_local_datetime($line["updated"], false, false, false, true); @@ -373,35 +287,31 @@ class Feeds extends Handler_Protected { $line['imported'] = T_sprintf("Imported at %s", TimeHelper::make_local_datetime($line["date_entered"], false)); - $this->mark_timestamp(" local-datetime"); + $this->_mark_timestamp(" local-datetime"); if ($line["tag_cache"]) $tags = explode(",", $line["tag_cache"]); else $tags = false; - $line["tags_str"] = Article::format_tags_string($tags); + $line["tags"] = Article::_get_tags($line["id"], false, $line["tag_cache"]); - $this->mark_timestamp(" tags"); + $this->_mark_timestamp(" tags"); - if (self::feedHasIcon($feed_id)) { - $line['feed_icon'] = "<img class=\"icon\" src=\"".ICONS_URL."/$feed_id.ico\" alt=\"\">"; - } else { - $line['feed_icon'] = "<i class='icon-no-feed material-icons'>rss_feed</i>"; - } + $line['has_icon'] = self::_has_icon($feed_id); //setting feed headline background color, needs to change text color based on dark/light $fav_color = $line['favicon_avg_color'] ?? false; - $this->mark_timestamp(" pre-color"); + $this->_mark_timestamp(" pre-color"); require_once "colors.php"; if (!isset($rgba_cache[$feed_id])) { if ($fav_color && $fav_color != 'fail') { - $rgba_cache[$feed_id] = _color_unpack($fav_color); + $rgba_cache[$feed_id] = \Colors\_color_unpack($fav_color); } else { - $rgba_cache[$feed_id] = _color_unpack($this->color_of($line['feed_title'])); + $rgba_cache[$feed_id] = \Colors\_color_unpack($this->_color_of($line['feed_title'])); } } @@ -409,7 +319,7 @@ class Feeds extends Handler_Protected { $line['feed_bg_color'] = 'rgba(' . implode(",", $rgba_cache[$feed_id]) . ',0.3)'; } - $this->mark_timestamp(" color"); + $this->_mark_timestamp(" color"); /* we don't need those */ @@ -419,11 +329,11 @@ class Feeds extends Handler_Protected { array_push($reply['content'], $line); - $this->mark_timestamp("article end"); + $this->_mark_timestamp("article end"); } } - $this->mark_timestamp("end of articles"); + $this->_mark_timestamp("end of articles"); if (!$headlines_count) { @@ -485,7 +395,7 @@ class Feeds extends Handler_Protected { } } - $this->mark_timestamp("end"); + $this->_mark_timestamp("end"); return array($topmost_article_ids, $headlines_count, $feed, $disable_cache, $reply); } @@ -494,6 +404,8 @@ class Feeds extends Handler_Protected { $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET last_read = NOW(), unread = false WHERE unread = true AND owner_uid = ?"); $sth->execute([$_SESSION['uid']]); + + print json_encode(array("message" => "UPDATE_COUNTERS")); } function view() { @@ -506,7 +418,7 @@ class Feeds extends Handler_Protected { $cat_view = $_REQUEST["cat"] == "true"; $next_unread_feed = $_REQUEST["nuf"] ?? 0; $offset = $_REQUEST["skip"] ?? 0; - $order_by = $_REQUEST["order_by"]; + $order_by = $_REQUEST["order_by"] ?? ""; $check_first_id = $_REQUEST["fid"] ?? 0; if (is_numeric($feed)) $feed = (int) $feed; @@ -515,7 +427,7 @@ class Feeds extends Handler_Protected { * when there's nothing to load - e.g. no stuff in fresh feed */ if ($feed == -5) { - print json_encode($this->generate_dashboard_feed()); + print json_encode($this->_generate_dashboard_feed()); return; } @@ -543,7 +455,7 @@ class Feeds extends Handler_Protected { } if ($sth && !$sth->fetch()) { - print json_encode($this->generate_error_feed(__("Feed not found."))); + print json_encode($this->_generate_error_feed(__("Feed not found."))); return; } @@ -566,9 +478,9 @@ class Feeds extends Handler_Protected { $reply['headlines'] = []; - list($override_order, $skip_first_id_check) = self::order_to_override_query($order_by); + list($override_order, $skip_first_id_check) = self::_order_to_override_query($order_by); - $ret = $this->format_headlines_list($feed, $method, + $ret = $this->_format_headlines_list($feed, $method, $view_mode, $limit, $cat_view, $offset, $override_order, true, $check_first_id, $skip_first_id_check, $order_by); @@ -589,18 +501,10 @@ class Feeds extends Handler_Protected { // this is parsed by handleRpcJson() on first viewfeed() to set cdm expanded, etc $reply['runtime-info'] = RPC::make_runtime_info(); - $reply_json = json_encode($reply); - - if (!$reply_json) { - $reply_json = json_encode(["error" => ["code" => 15, - "message" => json_last_error_msg()]]); - } - - print $reply_json; - + print json_encode($reply); } - private function generate_dashboard_feed() { + private function _generate_dashboard_feed() { $reply = array(); $reply['headlines']['id'] = -5; @@ -642,7 +546,7 @@ class Feeds extends Handler_Protected { return $reply; } - private function generate_error_feed($error) { + private function _generate_error_feed($error) { $reply = array(); $reply['headlines']['id'] = -7; @@ -658,131 +562,22 @@ class Feeds extends Handler_Protected { return $reply; } - function quickAddFeed() { - print "<form onsubmit='return false'>"; - - print_hidden("op", "rpc"); - print_hidden("method", "addfeed"); - - print "<div id='fadd_error_message' style='display : none' class='alert alert-danger'></div>"; - - print "<div id='fadd_multiple_notify' style='display : none'>"; - print_notice("Provided URL is a HTML page referencing multiple feeds, please select required feed from the dropdown menu below."); - print "<p></div>"; - - print "<section>"; - - print "<fieldset>"; - print "<div style='float : right'><img style='display : none' id='feed_add_spinner' src='images/indicator_white.gif'></div>"; - print "<input style='font-size : 16px; width : 500px;' - placeHolder=\"".__("Feed or site URL")."\" - dojoType='dijit.form.ValidationTextBox' required='1' name='feed' id='feedDlg_feedUrl'>"; - - print "</fieldset>"; - - print "<fieldset>"; - - if (get_pref('ENABLE_FEED_CATS')) { - print "<label class='inline'>" . __('Place in category:') . "</label> "; - print_feed_cat_select("cat", false, 'dojoType="fox.form.Select"'); - } - - print "</fieldset>"; - - print "</section>"; - - print '<div id="feedDlg_feedsContainer" style="display : none"> - <header>' . __('Available feeds') . '</header> - <section> - <fieldset> - <select id="feedDlg_feedContainerSelect" - dojoType="fox.form.Select" size="3"> - <script type="dojo/method" event="onChange" args="value"> - dijit.byId("feedDlg_feedUrl").attr("value", value); - </script> - </select> - </fieldset> - </section> - </div>'; - - print "<div id='feedDlg_loginContainer' style='display : none'> - <section> - <fieldset> - <input dojoType=\"dijit.form.TextBox\" name='login'\" - placeHolder=\"".__("Login")."\" - autocomplete=\"new-password\" - style=\"width : 10em;\"> - <input - placeHolder=\"".__("Password")."\" - dojoType=\"dijit.form.TextBox\" type='password' - autocomplete=\"new-password\" - style=\"width : 10em;\" name='pass'\"> - </fieldset> - </section> - </div>"; - - print "<section>"; - print "<label> - <label class='checkbox'><input type='checkbox' name='need_auth' dojoType='dijit.form.CheckBox' id='feedDlg_loginCheck' - onclick='App.displayIfChecked(this, \"feedDlg_loginContainer\")'> - ".__('This feed requires authentication.')."</label>"; - print "</section>"; - - print "<footer>"; - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit' - onclick='App.dialogOf(this).execute()'>".__('Subscribe')."</button>"; - - print "<button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - print "</footer>"; - - print "</form>"; + function subscribeToFeed() { + print json_encode([ + "cat_select" => \Controls\select_feeds_cats("cat") + ]); } function search() { - $this->params = explode(":", $_REQUEST["param"], 2); - - $active_feed_id = sprintf("%d", $this->params[0]); - $is_cat = $this->params[1] != "false"; - - print "<form onsubmit='return false'>"; - - print "<section>"; - - print "<fieldset>"; - print "<input dojoType='dijit.form.ValidationTextBox' id='search_query' - style='font-size : 16px; width : 540px;' - placeHolder=\"".T_sprintf("Search %s...", $this->getFeedTitle($active_feed_id, $is_cat))."\" - name='query' type='search' value=''>"; - print "</fieldset>"; - - if (DB_TYPE == "pgsql") { - print "<fieldset>"; - print "<label class='inline'>" . __("Language:") . "</label>"; - print_select("search_language", get_pref('DEFAULT_SEARCH_LANGUAGE'), Pref_Feeds::get_ts_languages(), - "dojoType='fox.form.Select' title=\"".__('Used for word stemming')."\""); - print "</fieldset>"; - } - - print "</section>"; - - print "<footer>"; - - if (count(PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SEARCH)) == 0) { - print "<button dojoType='dijit.form.Button' style='float : left' class='alt-info' onclick='window.open(\"https://tt-rss.org/wiki/SearchSyntax\")'> - <i class='material-icons'>help</i> ".__("Search syntax")."</button>"; - } - - print "<button dojoType='dijit.form.Button' class='alt-primary' - type='submit' onclick='App.dialogOf(this).execute()'>".__('Search')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>".__('Cancel')."</button>"; - - print "</footer>"; - - print "</form>"; + print json_encode([ + "show_language" => Config::get(Config::DB_TYPE) == "pgsql", + "show_syntax_help" => count(PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SEARCH)) == 0, + "all_languages" => Pref_Feeds::get_ts_languages(), + "default_language" => get_pref('DEFAULT_SEARCH_LANGUAGE') + ]); } - function update_debugger() { + function updatedebugger() { header("Content-type: text/html"); $xdebug = isset($_REQUEST["xdebug"]) ? (int)$_REQUEST["xdebug"] : 1; @@ -801,10 +596,6 @@ class Feeds extends Handler_Protected { print "Access denied."; return; } - - $refetch_checked = isset($_REQUEST["force_refetch"]) ? "checked" : ""; - $rehash_checked = isset($_REQUEST["force_rehash"]) ? "checked" : ""; - ?> <!DOCTYPE html> <html> @@ -820,16 +611,23 @@ class Feeds extends Handler_Protected { display : none; } </style> - <?php - echo javascript_tag("lib/prototype.js"); - echo javascript_tag("js/utility.js"); - echo javascript_tag("lib/dojo/dojo.js"); - echo javascript_tag("lib/dojo/tt-rss-layer.js"); - ?> + <script> + dojoConfig = { + async: true, + cacheBust: "<?= get_scripts_timestamp(); ?>", + packages: [ + { name: "fox", location: "../../js" }, + ] + }; + </script> + <?= javascript_tag("js/utility.js") ?> + <?= javascript_tag("js/common.js") ?> + <?= javascript_tag("lib/dojo/dojo.js") ?> + <?= javascript_tag("lib/dojo/tt-rss-layer.js") ?> </head> <body class="flat ttrss_utility feed_debugger css_loading"> <script type="text/javascript"> - require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Select', 'dijit/form/Form', + require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'fox/form/Select', 'dijit/form/Form', 'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'],function(parser, ready){ ready(function() { parser.parse(); @@ -838,32 +636,31 @@ class Feeds extends Handler_Protected { </script> <div class="container"> - <h1>Feed Debugger: <?php echo "$feed_id: " . $this->getFeedTitle($feed_id) ?></h1> + <h1>Feed Debugger: <?= "$feed_id: " . $this->_get_title($feed_id) ?></h1> <div class="content"> - <form method="post" action=""> - <input type="hidden" name="op" value="feeds"> - <input type="hidden" name="method" value="update_debugger"> - <input type="hidden" name="csrf_token" value="<?php echo $csrf_token ?>"> - <input type="hidden" name="action" value="do_update"> - <input type="hidden" name="feed_id" value="<?php echo $feed_id ?>"> + <form method="post" action="" dojoType="dijit.form.Form"> + <?= \Controls\hidden_tag("op", "feeds") ?> + <?= \Controls\hidden_tag("method", "updatedebugger") ?> + <?= \Controls\hidden_tag("csrf_token", $csrf_token) ?> + <?= \Controls\hidden_tag("action", "do_update") ?> + <?= \Controls\hidden_tag("feed_id", (string)$feed_id) ?> <fieldset> <label> - <?php print_select_hash("xdebug", $xdebug, - [Debug::$LOG_VERBOSE => "LOG_VERBOSE", Debug::$LOG_EXTENDED => "LOG_EXTENDED"], - 'dojoType="dijit.form.Select"'); + <?= \Controls\select_hash("xdebug", $xdebug, + [Debug::$LOG_VERBOSE => "LOG_VERBOSE", Debug::$LOG_EXTENDED => "LOG_EXTENDED"]); ?></label> </fieldset> <fieldset> - <label class="checkbox"><input dojoType="dijit.form.CheckBox" type="checkbox" name="force_refetch" value="1" <?php echo $refetch_checked ?>> Force refetch</label> + <label class="checkbox"><?= \Controls\checkbox_tag("force_refetch", isset($_REQUEST["force_refetch"])) ?> Force refetch</label> </fieldset> <fieldset class="narrow"> - <label class="checkbox"><input dojoType="dijit.form.CheckBox" type="checkbox" name="force_rehash" value="1" <?php echo $rehash_checked ?>> Force rehash</label> + <label class="checkbox"><?= \Controls\checkbox_tag("force_rehash", isset($_REQUEST["force_rehash"])) ?> Force rehash</label> </fieldset> - <button type="submit" dojoType="dijit.form.Button" class="alt-primary">Continue</button> + <?= \Controls\submit_tag("Continue") ?> </form> <hr> @@ -883,7 +680,7 @@ class Feeds extends Handler_Protected { } - static function catchup_feed($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) { + static function _catchup($feed, $cat_view, $owner_uid = false, $mode = 'all', $search = false) { if (!$owner_uid) $owner_uid = $_SESSION['uid']; @@ -903,7 +700,7 @@ class Feeds extends Handler_Protected { // fall back in case of no plugins if (empty($search_qpart)) { - list($search_qpart, $search_words) = self::search_to_sql($search[0], $search[1], $owner_uid); + list($search_qpart, $search_words) = self::_search_to_sql($search[0], $search[1], $owner_uid); } } else { $search_qpart = "true"; @@ -913,21 +710,21 @@ class Feeds extends Handler_Protected { switch ($mode) { case "1day": - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $date_qpart = "date_entered < NOW() - INTERVAL '1 day' "; } else { $date_qpart = "date_entered < DATE_SUB(NOW(), INTERVAL 1 DAY) "; } break; case "1week": - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $date_qpart = "date_entered < NOW() - INTERVAL '1 week' "; } else { $date_qpart = "date_entered < DATE_SUB(NOW(), INTERVAL 1 WEEK) "; } break; case "2week": - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $date_qpart = "date_entered < NOW() - INTERVAL '2 week' "; } else { $date_qpart = "date_entered < DATE_SUB(NOW(), INTERVAL 2 WEEK) "; @@ -943,7 +740,7 @@ class Feeds extends Handler_Protected { if ($feed >= 0) { if ($feed > 0) { - $children = self::getChildCategories($feed, $owner_uid); + $children = self::_get_child_cats($feed, $owner_uid); array_push($children, $feed); $children = array_map("intval", $children); @@ -1004,7 +801,7 @@ class Feeds extends Handler_Protected { $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE"); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $match_part = "date_entered > NOW() - INTERVAL '$intl hour' "; } else { $match_part = "date_entered > DATE_SUB(NOW(), @@ -1054,7 +851,7 @@ class Feeds extends Handler_Protected { } } - static function getFeedArticles($feed, $is_cat = false, $unread_only = false, + static function _get_counters($feed, $is_cat = false, $unread_only = false, $owner_uid = false) { $n_feed = (int) $feed; @@ -1073,7 +870,7 @@ class Feeds extends Handler_Protected { $match_part = ""; if ($is_cat) { - return self::getCategoryUnread($n_feed, $owner_uid); + return self::_get_cat_unread($n_feed, $owner_uid); } else if ($n_feed == -6) { return 0; } else if ($feed != "0" && $n_feed == 0) { @@ -1097,7 +894,7 @@ class Feeds extends Handler_Protected { $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $match_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' "; } else { $match_part .= " AND date_entered > DATE_SUB(NOW(), INTERVAL $intl HOUR) "; @@ -1119,7 +916,7 @@ class Feeds extends Handler_Protected { $label_id = Labels::feed_to_label_id($feed); - return self::getLabelUnread($label_id, $owner_uid); + return self::_get_label_unread($label_id, $owner_uid); } if ($match_part) { @@ -1154,6 +951,18 @@ class Feeds extends Handler_Protected { } } + function add() { + $feed = clean($_REQUEST['feed']); + $cat = clean($_REQUEST['cat']); + $need_auth = isset($_REQUEST['need_auth']); + $login = $need_auth ? clean($_REQUEST['login']) : ''; + $pass = $need_auth ? clean($_REQUEST['pass']) : ''; + + $rc = Feeds::_subscribe($feed, $cat, $login, $pass); + + print json_encode(array("result" => $rc)); + } + /** * @return array (code => Status code, message => error message if available) * @@ -1167,7 +976,7 @@ class Feeds extends Handler_Protected { * 5 - Couldn't download the URL content. * 6 - Content is an invalid XML. */ - static function subscribe_to_feed($url, $cat_id = 0, + static function _subscribe($url, $cat_id = 0, $auth_login = '', $auth_pass = '') { global $fetch_last_error; @@ -1196,8 +1005,8 @@ class Feeds extends Handler_Protected { return array("code" => 5, "message" => $fetch_last_error); } - if (mb_strpos($fetch_last_content_type, "html") !== false && self::is_html($contents)) { - $feedUrls = self::get_feeds_from_html($url, $contents); + if (mb_strpos($fetch_last_content_type, "html") !== false && self::_is_html($contents)) { + $feedUrls = self::_get_feeds_from_html($url, $contents); if (count($feedUrls) == 0) { return array("code" => 3); @@ -1240,42 +1049,36 @@ class Feeds extends Handler_Protected { } } - static function getIconFile($feed_id) { - return ICONS_DIR . "/$feed_id.ico"; + static function _get_icon_file($feed_id) { + return Config::get(Config::ICONS_DIR) . "/$feed_id.ico"; } - static function feedHasIcon($id) { - return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0; + static function _has_icon($id) { + return is_file(Config::get(Config::ICONS_DIR) . "/$id.ico") && filesize(Config::get(Config::ICONS_DIR) . "/$id.ico") > 0; } - static function getFeedIcon($id) { + static function _get_icon($id) { switch ($id) { case 0: return "archive"; - break; case -1: return "star"; - break; case -2: return "rss_feed"; - break; case -3: return "whatshot"; - break; case -4: return "inbox"; - break; case -6: return "restore"; - break; default: if ($id < LABEL_BASE_INDEX) { return "label"; } else { - $icon = self::getIconFile($id); + $icon = self::_get_icon_file($id); if ($icon && file_exists($icon)) { - return ICONS_URL . "/" . basename($icon) . "?" . filemtime($icon); + return Config::get(Config::ICONS_URL) . "/" . basename($icon) . "?" . filemtime($icon); } } break; @@ -1284,11 +1087,23 @@ class Feeds extends Handler_Protected { return false; } - static function getFeedTitle($id, $cat = false) { + static function _find_by_url($feed_url, $owner_uid) { + $sth = Db::pdo()->prepare("SELECT id FROM ttrss_feeds WHERE + feed_url = ? AND owner_uid = ?"); + $sth->execute([$feed_url, $owner_uid]); + + if ($row = $sth->fetch()) { + return $row["id"]; + } + + return false; + } + + static function _get_title($id, $cat = false) { $pdo = Db::pdo(); if ($cat) { - return self::getCategoryTitle($id); + return self::_get_cat_title($id); } else if ($id == -1) { return __("Starred articles"); } else if ($id == -2) { @@ -1331,7 +1146,7 @@ class Feeds extends Handler_Protected { } // only real cats - static function getCategoryMarked($cat, $owner_uid = false) { + static function _get_cat_marked($cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -1354,7 +1169,7 @@ class Feeds extends Handler_Protected { } } - static function getCategoryUnread($cat, $owner_uid = false) { + static function _get_cat_unread($cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -1388,7 +1203,7 @@ class Feeds extends Handler_Protected { } // only accepts real cats (>= 0) - static function getCategoryChildrenUnread($cat, $owner_uid = false) { + static function _get_cat_children_unread($cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; $pdo = Db::pdo(); @@ -1400,14 +1215,14 @@ class Feeds extends Handler_Protected { $unread = 0; while ($line = $sth->fetch()) { - $unread += self::getCategoryUnread($line["id"], $owner_uid); - $unread += self::getCategoryChildrenUnread($line["id"], $owner_uid); + $unread += self::_get_cat_unread($line["id"], $owner_uid); + $unread += self::_get_cat_children_unread($line["id"], $owner_uid); } return $unread; } - static function getGlobalUnread($user_id = false) { + static function _get_global_unread($user_id = false) { if (!$user_id) $user_id = $_SESSION["uid"]; @@ -1423,7 +1238,7 @@ class Feeds extends Handler_Protected { return $row["count"]; } - static function getCategoryTitle($cat_id) { + static function _get_cat_title($cat_id) { if ($cat_id == -1) { return __("Special"); @@ -1445,7 +1260,7 @@ class Feeds extends Handler_Protected { } } - static function getLabelUnread($label_id, $owner_uid = false) { + private static function _get_label_unread($label_id, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; $pdo = Db::pdo(); @@ -1462,7 +1277,7 @@ class Feeds extends Handler_Protected { } } - static function queryFeedHeadlines($params) { + static function _get_headlines($params) { $pdo = Db::pdo(); @@ -1508,10 +1323,10 @@ class Feeds extends Handler_Protected { // fall back in case of no plugins if (!$search_query_part) { - list($search_query_part, $search_words) = self::search_to_sql($search, $search_language, $owner_uid); + list($search_query_part, $search_words) = self::_search_to_sql($search, $search_language, $owner_uid); } - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $test_sth = $pdo->prepare("select $search_query_part FROM ttrss_entries, ttrss_user_entries WHERE id = ref_id limit 1"); @@ -1546,7 +1361,7 @@ class Feeds extends Handler_Protected { $unread = getFeedUnread($feed, $cat_view); if ($cat_view && $feed > 0 && $include_children) - $unread += self::getCategoryChildrenUnread($feed); + $unread += self::_get_cat_children_unread($feed); if ($unread > 0) { $view_query_part = " unread = true AND "; @@ -1590,7 +1405,7 @@ class Feeds extends Handler_Protected { if ($feed > 0) { if ($include_children) { # sub-cats - $subcats = self::getChildCategories($feed, $owner_uid); + $subcats = self::_get_child_cats($feed, $owner_uid); array_push($subcats, $feed); $subcats = array_map("intval", $subcats); @@ -1648,7 +1463,7 @@ class Feeds extends Handler_Protected { } else if ($feed == -6) { // recently read $query_strategy_part = "unread = false AND last_read IS NOT NULL"; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $query_strategy_part .= " AND last_read > NOW() - INTERVAL '1 DAY' "; } else { $query_strategy_part .= " AND last_read > DATE_SUB(NOW(), INTERVAL 1 DAY) "; @@ -1665,7 +1480,7 @@ class Feeds extends Handler_Protected { $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' "; } else { $query_strategy_part .= " AND date_entered > DATE_SUB(NOW(), INTERVAL $intl HOUR) "; @@ -1714,7 +1529,7 @@ class Feeds extends Handler_Protected { $feed_title = T_sprintf("Search results: %s", $search); } else { if ($cat_view) { - $feed_title = self::getCategoryTitle($feed); + $feed_title = self::_get_cat_title($feed); } else { if (is_numeric($feed) && $feed > 0) { $ssth = $pdo->prepare("SELECT title,site_url,last_error,last_updated @@ -1727,7 +1542,7 @@ class Feeds extends Handler_Protected { $last_error = $row["last_error"]; $last_updated = $row["last_updated"]; } else { - $feed_title = self::getFeedTitle($feed); + $feed_title = self::_get_title($feed); } } } @@ -1784,7 +1599,7 @@ class Feeds extends Handler_Protected { if ($feed == -3) $first_id_query_strategy_part = "true"; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $sanity_interval_qpart = "date_entered >= NOW() - INTERVAL '1 hour' AND"; $yyiw_qpart = "to_char(date_entered, 'IYYY-IW') AS yyiw"; @@ -1884,7 +1699,7 @@ class Feeds extends Handler_Protected { } else { // browsing by tag - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $distinct_columns = str_replace("desc", "", strtolower($order_by)); $distinct_qpart = "DISTINCT ON (id, $distinct_columns)"; } else { @@ -1942,7 +1757,7 @@ class Feeds extends Handler_Protected { } - static function getParentCategories($cat, $owner_uid) { + static function _get_parent_cats($cat, $owner_uid) { $rv = array(); $pdo = Db::pdo(); @@ -1952,14 +1767,14 @@ class Feeds extends Handler_Protected { $sth->execute([$cat, $owner_uid]); while ($line = $sth->fetch()) { - array_push($rv, $line["parent_cat"]); - $rv = array_merge($rv, self::getParentCategories($line["parent_cat"], $owner_uid)); + array_push($rv, (int)$line["parent_cat"]); + $rv = array_merge($rv, self::_get_parent_cats($line["parent_cat"], $owner_uid)); } return $rv; } - static function getChildCategories($cat, $owner_uid) { + static function _get_child_cats($cat, $owner_uid) { $rv = array(); $pdo = Db::pdo(); @@ -1970,13 +1785,41 @@ class Feeds extends Handler_Protected { while ($line = $sth->fetch()) { array_push($rv, $line["id"]); - $rv = array_merge($rv, self::getChildCategories($line["id"], $owner_uid)); + $rv = array_merge($rv, self::_get_child_cats($line["id"], $owner_uid)); + } + + return $rv; + } + + static function _cats_of(array $feeds, int $owner_uid, bool $with_parents = false) { + if (count($feeds) == 0) + return []; + + $pdo = Db::pdo(); + + $feeds_qmarks = arr_qmarks($feeds); + + $sth = $pdo->prepare("SELECT DISTINCT cat_id, fc.parent_cat FROM ttrss_feeds f LEFT JOIN ttrss_feed_categories fc + ON (fc.id = f.cat_id) + WHERE f.owner_uid = ? AND f.id IN ($feeds_qmarks)"); + $sth->execute(array_merge([$owner_uid], $feeds)); + + $rv = []; + + if ($row = $sth->fetch()) { + array_push($rv, (int)$row["cat_id"]); + + if ($with_parents && $row["parent_cat"]) + $rv = array_merge($rv, + self::_get_parent_cats($row["cat_id"], $owner_uid)); } + $rv = array_unique($rv); + return $rv; } - static function getFeedCategory($feed) { + static function _cat_of_feed($feed) { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT cat_id FROM ttrss_feeds @@ -1991,7 +1834,7 @@ class Feeds extends Handler_Protected { } - function color_of($name) { + private function _color_of($name) { $colormap = [ "#1cd7d7","#d91111","#1212d7","#8e16e5","#7b7b7b", "#39f110","#0bbea6","#ec0e0e","#1534f2","#b9e416", "#479af2","#f36b14","#10c7e9","#1e8fe7","#e22727" ]; @@ -2007,7 +1850,7 @@ class Feeds extends Handler_Protected { return $colormap[$sum]; } - static function get_feeds_from_html($url, $content) { + private static function _get_feeds_from_html($url, $content) { $url = UrlHelper::validate($url); $baseUrl = substr($url, 0, strrpos($url, '/') + 1); @@ -2035,11 +1878,11 @@ class Feeds extends Handler_Protected { return $feedUrls; } - static function is_html($content) { + static function _is_html($content) { return preg_match("/<html|DOCTYPE html/i", substr($content, 0, 8192)) !== 0; } - static function add_feed_category($feed_cat, $parent_cat_id = false, $order_id = 0) { + static function _add_cat($feed_cat, $parent_cat_id = false, $order_id = 0) { if (!$feed_cat) return false; @@ -2076,7 +1919,7 @@ class Feeds extends Handler_Protected { return false; } - static function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) { + static function _get_access_key($feed_id, $is_cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -2112,9 +1955,9 @@ class Feeds extends Handler_Protected { * @access public * @return mixed */ - static function purge_feed($feed_id, $purge_interval) { + static function _purge($feed_id, $purge_interval) { - if (!$purge_interval) $purge_interval = self::feed_purge_interval($feed_id); + if (!$purge_interval) $purge_interval = self::_get_purge_interval($feed_id); $pdo = Db::pdo(); @@ -2127,10 +1970,10 @@ class Feeds extends Handler_Protected { if ($row = $sth->fetch()) { $owner_uid = $row["owner_uid"]; - if (FORCE_ARTICLE_PURGE != 0) { - Debug::log("purge_feed: FORCE_ARTICLE_PURGE is set, overriding interval to " . FORCE_ARTICLE_PURGE, Debug::$LOG_VERBOSE); + if (Config::get(Config::FORCE_ARTICLE_PURGE) != 0) { + Debug::log("purge_feed: FORCE_ARTICLE_PURGE is set, overriding interval to " . Config::get(Config::FORCE_ARTICLE_PURGE), Debug::$LOG_VERBOSE); $purge_unread = true; - $purge_interval = FORCE_ARTICLE_PURGE; + $purge_interval = Config::get(Config::FORCE_ARTICLE_PURGE); } else { $purge_unread = get_pref("PURGE_UNREAD_ARTICLES", $owner_uid, false); } @@ -2149,7 +1992,7 @@ class Feeds extends Handler_Protected { else $query_limit = ""; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $sth = $pdo->prepare("DELETE FROM ttrss_user_entries USING ttrss_entries WHERE ttrss_entries.id = ref_id AND @@ -2182,7 +2025,7 @@ class Feeds extends Handler_Protected { return $rows_deleted; } - static function feed_purge_interval($feed_id) { + private static function _get_purge_interval($feed_id) { $pdo = Db::pdo(); @@ -2203,7 +2046,7 @@ class Feeds extends Handler_Protected { } } - static function search_to_sql($search, $search_language, $owner_uid) { + private static function _search_to_sql($search, $search_language, $owner_uid) { $keywords = str_getcsv(trim($search), " "); $query_keywords = array(); @@ -2332,7 +2175,7 @@ class Feeds extends Handler_Protected { array_push($query_keywords, "(".SUBSTRING_FOR_DATE."(updated,1,LENGTH('$k')) $not = '$k')"); } else { - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $k = mb_strtolower($k); array_push($search_query_leftover, $not ? "!$k" : $k); } else { @@ -2347,7 +2190,7 @@ class Feeds extends Handler_Protected { if (count($search_query_leftover) > 0) { - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { // if there's no joiners consider this a "simple" search and // concatenate everything with &, otherwise don't try to mess with tsquery syntax @@ -2371,7 +2214,7 @@ class Feeds extends Handler_Protected { return array($search_query_part, $search_words); } - static function order_to_override_query($order) { + static function _order_to_override_query($order) { $query = ""; $skip_first_id = false; @@ -2399,7 +2242,7 @@ class Feeds extends Handler_Protected { return [$query, $skip_first_id]; } - function mark_timestamp($label) { + private function _mark_timestamp($label) { if (empty($_REQUEST['timestamps'])) return; diff --git a/classes/handler/administrative.php b/classes/handler/administrative.php new file mode 100644 index 000000000..52dfed8b7 --- /dev/null +++ b/classes/handler/administrative.php @@ -0,0 +1,11 @@ +<?php +class Handler_Administrative extends Handler_Protected { + function before($method) { + if (parent::before($method)) { + if (($_SESSION["access_level"] ?? 0) >= 10) { + return true; + } + } + return false; + } +} diff --git a/classes/handler/protected.php b/classes/handler/protected.php index 765b17480..8e9e5ca1d 100644 --- a/classes/handler/protected.php +++ b/classes/handler/protected.php @@ -2,6 +2,6 @@ class Handler_Protected extends Handler { function before($method) { - return parent::before($method) && $_SESSION['uid']; + return parent::before($method) && !empty($_SESSION['uid']); } } diff --git a/classes/handler/public.php b/classes/handler/public.php index fca471122..42be6f713 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -12,7 +12,7 @@ class Handler_Public extends Handler { if (!$limit) $limit = 60; - list($override_order, $skip_first_id_check) = Feeds::order_to_override_query($order); + list($override_order, $skip_first_id_check) = Feeds::_order_to_override_query($order); if (!$override_order) { $override_order = "date_entered DESC, updated DESC"; @@ -43,7 +43,7 @@ class Handler_Public extends Handler { $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); $tmppluginhost = new PluginHost(); - $tmppluginhost->load(PLUGINS, PluginHost::KIND_ALL); + $tmppluginhost->load(Config::get(Config::PLUGINS), PluginHost::KIND_ALL); $tmppluginhost->load((string)$user_plugins, PluginHost::KIND_USER, $owner_uid); //$tmppluginhost->load_data(); @@ -55,7 +55,7 @@ class Handler_Public extends Handler { } } else { - $qfh_ret = Feeds::queryFeedHeadlines($params); + $qfh_ret = Feeds::_get_headlines($params); } $result = $qfh_ret[0]; @@ -65,7 +65,7 @@ class Handler_Public extends Handler { $feed_self_url = get_self_url_prefix() . "/public.php?op=rss&id=$feed&key=" . - Feeds::get_feed_access_key($feed, false, $owner_uid); + Feeds::_get_access_key($feed, false, $owner_uid); if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); @@ -82,7 +82,7 @@ class Handler_Public extends Handler { while ($line = $result->fetch()) { $line["content_preview"] = Sanitizer::sanitize(truncate_string(strip_tags($line["content"]), 100, '...')); - $line["tags"] = Article::get_article_tags($line["id"], $owner_uid); + $line["tags"] = Article::_get_tags($line["id"], $owner_uid); PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_QUERY_HEADLINES, function ($result) use (&$line) { @@ -98,7 +98,7 @@ class Handler_Public extends Handler { $tpl->setVariable('ARTICLE_ID', htmlspecialchars($orig_guid ? $line['link'] : - $this->make_article_tag_uri($line['id'], $line['date_entered'])), true); + $this->_make_article_tag_uri($line['id'], $line['date_entered'])), true); $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); $tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true); $tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true); @@ -106,7 +106,7 @@ class Handler_Public extends Handler { $content = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]); - $content = DiskCache::rewriteUrls($content); + $content = DiskCache::rewrite_urls($content); if ($line['note']) { $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . @@ -131,7 +131,7 @@ class Handler_Public extends Handler { $tpl->addBlock('category'); } - $enclosures = Article::get_article_enclosures($line["id"]); + $enclosures = Article::_get_enclosures($line["id"]); if (count($enclosures) > 0) { foreach ($enclosures as $e) { @@ -146,12 +146,12 @@ class Handler_Public extends Handler { $tpl->addBlock('enclosure'); } } else { - $tpl->setVariable('ARTICLE_ENCLOSURE_URL', null, true); - $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', null, true); - $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', null, true); + $tpl->setVariable('ARTICLE_ENCLOSURE_URL', "", true); + $tpl->setVariable('ARTICLE_ENCLOSURE_TYPE', "", true); + $tpl->setVariable('ARTICLE_ENCLOSURE_LENGTH', "", true); } - list ($og_image, $og_stream) = Article::get_article_image($enclosures, $line['content'], $feed_site_url); + list ($og_image, $og_stream) = Article::_get_image($enclosures, $line['content'], $feed_site_url); $tpl->setVariable('ARTICLE_OG_IMAGE', $og_image, true); @@ -163,7 +163,7 @@ class Handler_Public extends Handler { $tpl->addBlock('feed'); $tpl->generateOutputToString($tmp); - if (@!clean($_REQUEST["noxml"])) { + if (empty($_REQUEST["noxml"])) { header("Content-Type: text/xml; charset=utf-8"); } else { header("Content-Type: text/plain; charset=utf-8"); @@ -184,7 +184,7 @@ class Handler_Public extends Handler { while ($line = $result->fetch()) { $line["content_preview"] = Sanitizer::sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...')); - $line["tags"] = Article::get_article_tags($line["id"], $owner_uid); + $line["tags"] = Article::_get_tags($line["id"], $owner_uid); PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_QUERY_HEADLINES, function ($result) use (&$line) { @@ -207,8 +207,8 @@ class Handler_Public extends Handler { $article['content'] = Sanitizer::sanitize($line["content"], false, $owner_uid, $feed_site_url, false, $line["id"]); $article['updated'] = date('c', strtotime($line["updated"])); - if ($line['note']) $article['note'] = $line['note']; - if ($article['author']) $article['author'] = $line['author']; + if (!empty($line['note'])) $article['note'] = $line['note']; + if (!empty($line['author'])) $article['author'] = $line['author']; if (count($line["tags"]) > 0) { $article['tags'] = array(); @@ -218,7 +218,7 @@ class Handler_Public extends Handler { } } - $enclosures = Article::get_article_enclosures($line["id"]); + $enclosures = Article::_get_enclosures($line["id"]); if (count($enclosures) > 0) { $article['enclosures'] = array(); @@ -240,7 +240,7 @@ class Handler_Public extends Handler { } else { header("Content-Type: text/plain; charset=utf-8"); - print json_encode(array("error" => array("message" => "Unknown format"))); + print "Unknown format: $format."; } } @@ -251,11 +251,11 @@ class Handler_Public extends Handler { $uid = UserHelper::find_user_by_login($login); if ($uid) { - print Feeds::getGlobalUnread($uid); + print Feeds::_get_global_unread($uid); if ($fresh) { print ";"; - print Feeds::getFeedArticles(-3, false, true, $uid); + print Feeds::_get_counters(-3, false, true, $uid); } } else { print "-1;User not found"; @@ -286,195 +286,30 @@ class Handler_Public extends Handler { function logout() { if (validate_csrf($_POST["csrf_token"])) { - Pref_Users::logout_user(); + UserHelper::logout(); header("Location: index.php"); } else { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } - function share() { - $uuid = clean($_REQUEST["key"]); - - if ($uuid) { - $sth = $this->pdo->prepare("SELECT ref_id, owner_uid - FROM ttrss_user_entries WHERE uuid = ?"); - $sth->execute([$uuid]); - - if ($row = $sth->fetch()) { - header("Content-Type: text/html"); - - $id = $row["ref_id"]; - $owner_uid = $row["owner_uid"]; - - print $this->format_article($id, $owner_uid); - - return; - } - } - - header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); - print "Article not found."; - } - - private function format_article($id, $owner_uid) { - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT id,title,link,content,feed_id,comments,int_id,lang, - ".SUBSTRING_FOR_DATE."(updated,1,16) as updated, - (SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url, - (SELECT title FROM ttrss_feeds WHERE id = feed_id) as feed_title, - (SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) as hide_images, - (SELECT always_display_enclosures FROM ttrss_feeds WHERE id = feed_id) as always_display_enclosures, - num_comments, - tag_cache, - author, - guid, - note - FROM ttrss_entries,ttrss_user_entries - WHERE id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $owner_uid]); - - $rv = ''; - - if ($line = $sth->fetch()) { - - $line["tags"] = Article::get_article_tags($id, $owner_uid, $line["tag_cache"]); - unset($line["tag_cache"]); - - $line["content"] = Sanitizer::sanitize($line["content"], - $line['hide_images'], - $owner_uid, $line["site_url"], false, $line["id"]); - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE, - function ($result) use (&$line) { - $line = $result; - }, - $line); - - $line['content'] = DiskCache::rewriteUrls($line['content']); - - $enclosures = Article::get_article_enclosures($line["id"]); - - header("Content-Type: text/html"); - - $rv .= "<!DOCTYPE html> - <html><head> - <meta http-equiv='Content-Type' content='text/html; charset=utf-8'/> - <title>".$line["title"]."</title>". - javascript_tag("lib/prototype.js"). - javascript_tag("js/utility.js")." - <style type='text/css'> - @media (prefers-color-scheme: dark) { - body { - background : #222; - } - } - body.css_loading * { - display : none; - } - </style> - <link rel='shortcut icon' type='image/png' href='images/favicon.png'> - <link rel='icon' type='image/png' sizes='72x72' href='images/favicon-72px.png'>"; - - $rv .= "<meta property='og:title' content=\"".htmlspecialchars(html_entity_decode($line["title"], ENT_NOQUOTES | ENT_HTML401))."\"/>\n"; - $rv .= "<meta property='og:description' content=\"". - htmlspecialchars( - truncate_string( - preg_replace("/[\r\n\t]/", "", - preg_replace("/ {1,}/", " ", - strip_tags(html_entity_decode($line["content"], ENT_NOQUOTES | ENT_HTML401)) - ) - ), 500, "...") - )."\"/>\n"; - - $rv .= "</head>"; - - list ($og_image, $og_stream) = Article::get_article_image($enclosures, $line['content'], $line["site_url"]); - - if ($og_image) { - $rv .= "<meta property='og:image' content=\"" . htmlspecialchars($og_image) . "\"/>"; - } - - $rv .= "<body class='flat ttrss_utility ttrss_zoom css_loading'>"; - $rv .= "<div class='container'>"; - - if ($line["link"]) { - $rv .= "<h1><a target='_blank' rel='noopener noreferrer' - title=\"".htmlspecialchars($line['title'])."\" - href=\"" .htmlspecialchars($line["link"]) . "\">" . $line["title"] . "</a></h1>"; - } else { - $rv .= "<h1>" . $line["title"] . "</h1>"; - } - - $rv .= "<div class='content post'>"; - - /* header */ - - $rv .= "<div class='header'>"; - $rv .= "<div class='row'>"; # row - - //$entry_author = $line["author"] ? " - " . $line["author"] : ""; - $parsed_updated = TimeHelper::make_local_datetime($line["updated"], true, - $owner_uid, true); - - $rv .= "<div>".$line['author']."</div>"; - $rv .= "<div>$parsed_updated</div>"; - - $rv .= "</div>"; # row - - $rv .= "</div>"; # header - - /* content */ - - $lang = $line['lang'] ? $line['lang'] : "en"; - $rv .= "<div class='content' lang='$lang'>"; - - /* content body */ - - $rv .= $line["content"]; - - $rv .= Article::format_article_enclosures($id, - $line["always_display_enclosures"], - $line["content"], - $line["hide_images"]); - - $rv .= "</div>"; # content - - $rv .= "</div>"; # post - - } - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_FORMAT_ARTICLE, - function ($result) use (&$rv) { - $rv = $result; - }, - $rv, $line); - - return $rv; - - } - function rss() { $feed = clean($_REQUEST["id"]); $key = clean($_REQUEST["key"]); - $is_cat = clean($_REQUEST["is_cat"]); - $limit = (int)clean($_REQUEST["limit"]); - $offset = (int)clean($_REQUEST["offset"]); - - $search = clean($_REQUEST["q"]); - $view_mode = clean($_REQUEST["view-mode"]); - $order = clean($_REQUEST["order"]); - $start_ts = clean($_REQUEST["ts"]); + $is_cat = clean($_REQUEST["is_cat"] ?? false); + $limit = (int)clean($_REQUEST["limit"] ?? 0); + $offset = (int)clean($_REQUEST["offset"] ?? 0); - $format = clean($_REQUEST['format']); - $orig_guid = clean($_REQUEST["orig_guid"]); + $search = clean($_REQUEST["q"] ?? ""); + $view_mode = clean($_REQUEST["view-mode"] ?? ""); + $order = clean($_REQUEST["order"] ?? ""); + $start_ts = (int)clean($_REQUEST["ts"] ?? 0); - if (!$format) $format = 'atom'; + $format = clean($_REQUEST['format'] ?? "atom"); + $orig_guid = clean($_REQUEST["orig_guid"] ?? false); - if (SINGLE_USER_MODE) { + if (Config::get(Config::SINGLE_USER_MODE)) { UserHelper::authenticate("admin", null); } @@ -511,169 +346,8 @@ class Handler_Public extends Handler { PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK); } - function sharepopup() { - if (SINGLE_USER_MODE) { - UserHelper::login_sequence(); - } - - header('Content-Type: text/html; charset=utf-8'); - ?> - <!DOCTYPE html> - <html> - <head> - <title><?php echo __("Share with Tiny Tiny RSS") ?></title> - <?php - echo javascript_tag("lib/prototype.js"); - echo javascript_tag("lib/dojo/dojo.js"); - echo javascript_tag("js/utility.js"); - echo javascript_tag("lib/dojo/tt-rss-layer.js"); - echo javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,controls") - ?> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> - <link rel="shortcut icon" type="image/png" href="images/favicon.png"> - <link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png"> - <style type="text/css"> - @media (prefers-color-scheme: dark) { - body { - background : #303030; - } - } - - body.css_loading * { - display : none; - } - </style> - </head> - <body class='flat ttrss_utility share_popup css_loading'> - <script type="text/javascript"> - const UtilityApp = { - init: function() { - require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form', - 'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){ - ready(function() { - parser.parse(); - - new Ajax.Autocompleter('labels_value', 'labels_choices', - "backend.php?op=rpc&method=completeLabels", - { tokens: ',', paramName: "search" }); - }); - }); - } - }; - </script> - <div class="content"> - - <?php - - $action = clean($_REQUEST["action"]); - - if ($_SESSION["uid"]) { - - if ($action == 'share') { - - $title = strip_tags(clean($_REQUEST["title"])); - $url = strip_tags(clean($_REQUEST["url"])); - $content = strip_tags(clean($_REQUEST["content"])); - $labels = strip_tags(clean($_REQUEST["labels"])); - - Article::create_published_article($title, $url, $content, $labels, - $_SESSION["uid"]); - - print "<script type='text/javascript'>"; - print "window.close();"; - print "</script>"; - - } else { - $title = htmlspecialchars(clean($_REQUEST["title"])); - $url = htmlspecialchars(clean($_REQUEST["url"])); - - ?> - <form id='share_form' name='share_form'> - - <input type="hidden" name="op" value="sharepopup"> - <input type="hidden" name="action" value="share"> - - <fieldset> - <label><?php echo __("Title:") ?></label> - <input style='width : 270px' dojoType='dijit.form.TextBox' name='title' value="<?php echo $title ?>"> - </fieldset> - - <fieldset> - <label><?php echo __("URL:") ?></label> - <input style='width : 270px' name='url' dojoType='dijit.form.TextBox' value="<?php echo $url ?>"> - </fieldset> - - <fieldset> - <label><?php echo __("Content:") ?></label> - <input style='width : 270px' name='content' dojoType='dijit.form.TextBox' value=""> - </fieldset> - - <fieldset> - <label><?php echo __("Labels:") ?></label> - <input style='width : 270px' name='labels' dojoType='dijit.form.TextBox' id="labels_value" - placeholder='Alpha, Beta, Gamma' value=""> - <div class="autocomplete" id="labels_choices" - style="display : block"></div> - </fieldset> - - <hr/> - - <fieldset> - <button dojoType='dijit.form.Button' class="alt-primary" type="submit"><?php echo __('Share') ?></button> - <button dojoType='dijit.form.Button' onclick="return window.close()"><?php echo __('Cancel') ?></button> - <span class="text-muted small"><?php echo __("Shared article will appear in the Published feed.") ?></span> - </fieldset> - - </form> - <?php - - } - - } else { - - $return = urlencode(make_self_url()); - - ?> - - <?php print_error("Not logged in"); ?> - - <form action="public.php?return=<?php echo $return ?>" method="post"> - - <input type="hidden" name="op" value="login"> - - <fieldset> - <label><?php echo __("Login:") ?></label> - <input name="login" id="login" dojoType="dijit.form.TextBox" type="text" - onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()" - required="1" value="<?php echo $_SESSION["fake_login"] ?>" /> - </fieldset> - - <fieldset> - <label><?php echo __("Password:") ?></label> - - <input type="password" name="password" required="1" - dojoType="dijit.form.TextBox" - class="input input-text" - value="<?php echo $_SESSION["fake_password"] ?>"/> - </fieldset> - - <hr/> - - <fieldset> - <label> </label> - - <button dojoType="dijit.form.Button" type="submit" class="alt-primary"><?php echo __('Log in') ?></button> - </fieldset> - - </form> - <?php - } - - print "</div></body></html>"; - } - function login() { - if (!SINGLE_USER_MODE) { + if (!Config::get(Config::SINGLE_USER_MODE)) { $login = clean($_POST["login"]); $password = clean($_POST["password"]); @@ -681,7 +355,7 @@ class Handler_Public extends Handler { $safe_mode = checkbox_to_sql_bool(clean($_POST["safe_mode"] ?? false)); if ($remember_me) { - @session_set_cookie_params(SESSION_COOKIE_LIFETIME); + @session_set_cookie_params(Config::get(Config::SESSION_COOKIE_LIFETIME)); } else { @session_set_cookie_params(0); } @@ -724,7 +398,7 @@ class Handler_Public extends Handler { $return = clean($_REQUEST['return']); - if ($_REQUEST['return'] && mb_strpos($return, SELF_URL_PATH) === 0) { + if ($_REQUEST['return'] && mb_strpos($return, Config::get(Config::SELF_URL_PATH)) === 0) { header("Location: " . clean($_REQUEST['return'])); } else { header("Location: " . get_self_url_prefix()); @@ -732,164 +406,9 @@ class Handler_Public extends Handler { } } - function subscribe() { - if (SINGLE_USER_MODE) { - UserHelper::login_sequence(); - } - - if (!empty($_SESSION["uid"])) { - - $feed_url = clean($_REQUEST["feed_url"] ?? ""); - $csrf_token = clean($_POST["csrf_token"] ?? ""); - - header('Content-Type: text/html; charset=utf-8'); - ?> - <!DOCTYPE html> - <html> - <head> - <title>Tiny Tiny RSS</title> - <?php - echo javascript_tag("lib/prototype.js"); - echo javascript_tag("js/utility.js"); - echo javascript_tag("lib/dojo/dojo.js"); - echo javascript_tag("lib/dojo/tt-rss-layer.js"); - ?> - <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> - <link rel="shortcut icon" type="image/png" href="images/favicon.png"> - <link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png"> - <style type="text/css"> - @media (prefers-color-scheme: dark) { - body { - background : #303030; - } - } - - body.css_loading * { - display : none; - } - </style> - </head> - <body class='flat ttrss_utility css_loading'> - <script type="text/javascript"> - const UtilityApp = { - init: function() { - require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form', - 'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){ - ready(function() { - parser.parse(); - }); - }); - } - }; - </script> - <div class="container"> - <h1><?php echo __("Subscribe to feed...") ?></h1> - <div class='content'> - <?php - - if (!$feed_url || !validate_csrf($csrf_token)) { - ?> - <form method="post"> - <input type="hidden" name="op" value="subscribe"> - <?php print_hidden("csrf_token", $_SESSION["csrf_token"]) ?> - <fieldset> - <label>Feed or site URL:</label> - <input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url" value="<?php echo htmlspecialchars($feed_url) ?>"> - </fieldset> - - <button class="alt-primary" dojoType="dijit.form.Button" type="submit"> - <?php echo __("Subscribe") ?> - </button> - - <a href="index.php"><?php echo __("Return to Tiny Tiny RSS") ?></a> - </form> - <?php - } else { - - $rc = Feeds::subscribe_to_feed($feed_url); - $feed_urls = false; - - switch ($rc['code']) { - case 0: - print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url)); - break; - case 1: - print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url)); - break; - case 2: - print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url)); - break; - case 3: - print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url)); - break; - case 4: - $feed_urls = $rc["feeds"]; - break; - case 5: - print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url)); - break; - } - - if ($feed_urls) { - - print "<form action='public.php'>"; - print "<input type='hidden' name='op' value='subscribe'>"; - print_hidden("csrf_token", $_SESSION["csrf_token"]); - - print "<fieldset>"; - print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>"; - print "<select name='feed_url' dojoType='dijit.form.Select'>"; - - foreach ($feed_urls as $url => $name) { - $url = htmlspecialchars($url); - $name = htmlspecialchars($name); - - print "<option value=\"$url\">$name</option>"; - } - - print "</select>"; - print "</fieldset>"; - - print "<button class='alt-primary' dojoType='dijit.form.Button' type='submit'>".__("Subscribe to selected feed")."</button>"; - print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>"; - - print "</form>"; - } - - $tp_uri = get_self_url_prefix() . "/prefs.php"; - - if ($rc['code'] <= 2){ - $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE - feed_url = ? AND owner_uid = ?"); - $sth->execute([$feed_url, $_SESSION['uid']]); - $row = $sth->fetch(); - - $feed_id = $row["id"]; - } else { - $feed_id = 0; - } - - if ($feed_id) { - print "<form method='GET' action=\"$tp_uri\"> - <input type='hidden' name='tab' value='feeds'> - <input type='hidden' name='method' value='editfeed'> - <input type='hidden' name='methodparam' value='$feed_id'> - <button dojoType='dijit.form.Button' class='alt-info' type='submit'>".__("Edit subscription options")."</button> - <a href='index.php'>".__("Return to Tiny Tiny RSS")."</a> - </form>"; - } - } - - print "</div></div></body></html>"; - - } else { - $this->render_login_form(); - } - } - function index() { header("Content-Type: text/plain"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); } function forgotpass() { @@ -909,7 +428,6 @@ class Handler_Public extends Handler { <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> <?php echo stylesheet_tag("themes/light.css"); - echo javascript_tag("lib/prototype.js"); echo javascript_tag("lib/dojo/dojo.js"); echo javascript_tag("lib/dojo/tt-rss-layer.js"); ?> @@ -953,7 +471,7 @@ class Handler_Public extends Handler { WHERE id = ?"); $sth->execute([$id]); - Pref_Users::resetUserPassword($id, true); + UserHelper::reset_password($id, true); print "<p>"."Completed."."</p>"; @@ -1041,7 +559,7 @@ class Handler_Public extends Handler { $tpl->setVariable('LOGIN', $login); $tpl->setVariable('RESETPASS_LINK', $resetpass_link); - $tpl->setVariable('TTRSS_HOST', SELF_URL_PATH); + $tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH)); $tpl->addBlock('message'); @@ -1095,9 +613,9 @@ class Handler_Public extends Handler { function dbupdate() { startup_gettext(); - if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) { + if (!Config::get(Config::SINGLE_USER_MODE) && $_SESSION["access_level"] < 10) { $_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script."); - $this->render_login_form(); + $this->_render_login_form(); exit; } @@ -1107,12 +625,11 @@ class Handler_Public extends Handler { <head> <title>Database Updater</title> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> - <?php echo stylesheet_tag("themes/light.css") ?> + <?= stylesheet_tag("themes/light.css") ?> <link rel="shortcut icon" type="image/png" href="images/favicon.png"> <link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png"> <?php echo stylesheet_tag("themes/light.css"); - echo javascript_tag("lib/prototype.js"); echo javascript_tag("lib/dojo/dojo.js"); echo javascript_tag("lib/dojo/tt-rss-layer.js"); ?> @@ -1137,26 +654,26 @@ class Handler_Public extends Handler { </script> <div class="container"> - <h1><?php echo __("Database Updater") ?></h1> + <h1><?= __("Database Updater") ?></h1> <div class="content"> <?php - @$op = clean($_REQUEST["subop"]); - $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION); + @$op = clean($_REQUEST["subop"] ?? ""); + $updater = new DbUpdater(Db::pdo(), Config::get(Config::DB_TYPE), SCHEMA_VERSION); if ($op == "performupdate") { - if ($updater->isUpdateRequired()) { + if ($updater->is_update_required()) { print "<h2>" . T_sprintf("Performing updates to version %d", SCHEMA_VERSION) . "</h2>"; - for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) { + for ($i = $updater->get_schema_version() + 1; $i <= SCHEMA_VERSION; $i++) { print "<ul>"; print "<li class='text-info'>" . T_sprintf("Updating to version %d", $i) . "</li>"; print "<li>"; - $result = $updater->performUpdateTo($i, true); + $result = $updater->update_to($i, true); print "</li>"; if (!$result) { @@ -1187,12 +704,12 @@ class Handler_Public extends Handler { print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>"; } } else { - if ($updater->isUpdateRequired()) { + if ($updater->is_update_required()) { print "<h2>".T_sprintf("Tiny Tiny RSS database needs update to the latest version (%d to %d).", - $updater->getSchemaVersion(), SCHEMA_VERSION)."</h2>"; + $updater->get_schema_version(), SCHEMA_VERSION)."</h2>"; - if (DB_TYPE == "mysql") { + if (Config::get(Config::DB_TYPE) == "mysql") { print_error("<strong>READ THIS:</strong> Due to MySQL limitations, your database is not completely protected while updating. ". "Errors may put it in an inconsistent state requiring manual rollback. <strong>BACKUP YOUR DATABASE BEFORE CONTINUING.</strong>"); } else { @@ -1220,7 +737,28 @@ class Handler_Public extends Handler { <?php } - function cached_url() { + function publishOpml() { + $key = clean($_REQUEST["key"]); + $pdo = Db::pdo(); + + $sth = $pdo->prepare( "SELECT owner_uid + FROM ttrss_access_keys WHERE + access_key = ? AND feed_id = 'OPML:Publish'"); + $sth->execute([$key]); + + if ($row = $sth->fetch()) { + $owner_uid = $row['owner_uid']; + + $opml = new OPML($_REQUEST); + $opml->opml_export("published.opml", $owner_uid, true, false); + + } else { + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + echo "File not found."; + } + } + + function cached() { list ($cache_dir, $filename) = explode("/", $_GET["file"], 2); // we do not allow files with extensions at the moment @@ -1236,7 +774,7 @@ class Handler_Public extends Handler { } } - private function make_article_tag_uri($id, $timestamp) { + private function _make_article_tag_uri($id, $timestamp) { $timestamp = date("Y-m-d", strtotime($timestamp)); @@ -1264,21 +802,21 @@ class Handler_Public extends Handler { } else { user_error("PluginHandler[PUBLIC]: Requested private method '$method' of plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } else { user_error("PluginHandler[PUBLIC]: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); } } else { user_error("PluginHandler[PUBLIC]: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(14); + print Errors::to_json(Errors::E_UNKNOWN_PLUGIN); } } - static function render_login_form() { + static function _render_login_form() { header('Cache-Control: public'); require_once "login_form.php"; diff --git a/classes/idb.php b/classes/idb.php deleted file mode 100644 index 37fd69906..000000000 --- a/classes/idb.php +++ /dev/null @@ -1,13 +0,0 @@ -<?php -interface IDb { - function connect($host, $user, $pass, $db, $port); - function escape_string($s, $strip_tags = true); - function query($query, $die_on_error = true); - function fetch_assoc($result); - function num_rows($result); - function fetch_result($result, $row, $param); - function close(); - function affected_rows($result); - function last_error(); - function last_query_error(); -} diff --git a/classes/labels.php b/classes/labels.php index 786091650..570f24f4f 100644 --- a/classes/labels.php +++ b/classes/labels.php @@ -37,7 +37,18 @@ class Labels } } - static function get_all_labels($owner_uid) { + static function get_as_hash($owner_uid) { + $rv = []; + $labels = Labels::get_all($owner_uid); + + foreach ($labels as $i => $label) { + $rv[$label["id"]] = $labels[$i]; + } + + return $rv; + } + + static function get_all($owner_uid) { $rv = array(); $pdo = Db::pdo(); @@ -46,7 +57,7 @@ class Labels WHERE owner_uid = ? ORDER BY caption"); $sth->execute([$owner_uid]); - while ($line = $sth->fetch()) { + while ($line = $sth->fetch(PDO::FETCH_ASSOC)) { array_push($rv, $line); } @@ -60,7 +71,7 @@ class Labels self::clear_cache($id); if (!$labels) - $labels = Article::get_article_labels($id); + $labels = Article::_get_labels($id); $labels = json_encode($labels); diff --git a/classes/logger.php b/classes/logger.php index cdc6b240a..6cc33314d 100755 --- a/classes/logger.php +++ b/classes/logger.php @@ -42,7 +42,7 @@ class Logger { } function __construct() { - switch (LOG_DESTINATION) { + switch (Config::get(Config::LOG_DESTINATION)) { case "sql": $this->adapter = new Logger_SQL(); break; diff --git a/classes/mailer.php b/classes/mailer.php index 16be16523..93f778210 100644 --- a/classes/mailer.php +++ b/classes/mailer.php @@ -11,15 +11,15 @@ class Mailer { $subject = $params["subject"]; $message = $params["message"]; $message_html = $params["message_html"]; - $from_name = $params["from_name"] ? $params["from_name"] : SMTP_FROM_NAME; - $from_address = $params["from_address"] ? $params["from_address"] : SMTP_FROM_ADDRESS; + $from_name = $params["from_name"] ? $params["from_name"] : Config::get(Config::SMTP_FROM_NAME); + $from_address = $params["from_address"] ? $params["from_address"] : Config::get(Config::SMTP_FROM_ADDRESS); $additional_headers = $params["headers"] ? $params["headers"] : []; $from_combined = $from_name ? "$from_name <$from_address>" : $from_address; $to_combined = $to_name ? "$to_name <$to_address>" : $to_address; - if (defined('_LOG_SENT_MAIL') && _LOG_SENT_MAIL) + if (Config::get(Config::LOG_SENT_MAIL)) Logger::get()->log(E_USER_NOTICE, "Sending mail from $from_combined to $to_combined [$subject]: $message"); // HOOK_SEND_MAIL plugin instructions: diff --git a/classes/opml.php b/classes/opml.php index aa5e22b80..cbc1269e3 100644 --- a/classes/opml.php +++ b/classes/opml.php @@ -31,7 +31,7 @@ class OPML extends Handler_Protected { <body class='claro ttrss_utility'> <h1>".__('OPML Utility')."</h1><div class='content'>"; - Feeds::add_feed_category("Imported feeds"); + Feeds::_add_cat("Imported feeds"); $this->opml_notice(__("Importing OPML...")); @@ -205,7 +205,7 @@ class OPML extends Handler_Protected { if (!$tmp_line["match_on"]) { if ($cat_filter && $tmp_line["cat_id"] || $tmp_line["feed_id"]) { - $tmp_line["feed"] = Feeds::getFeedTitle( + $tmp_line["feed"] = Feeds::_get_title( $cat_filter ? $tmp_line["cat_id"] : $tmp_line["feed_id"], $cat_filter); } else { @@ -218,13 +218,13 @@ class OPML extends Handler_Protected { if (strpos($feed_id, "CAT:") === 0) { $feed_id = (int)substr($feed_id, 4); if ($feed_id) { - array_push($match, [Feeds::getCategoryTitle($feed_id), true, false]); + array_push($match, [Feeds::_get_cat_title($feed_id), true, false]); } else { array_push($match, [0, true, true]); } } else { if ($feed_id) { - array_push($match, [Feeds::getFeedTitle((int)$feed_id), false, false]); + array_push($match, [Feeds::_get_title((int)$feed_id), false, false]); } else { array_push($match, [0, false, true]); } @@ -523,7 +523,7 @@ class OPML extends Handler_Protected { $order_id = (int) $root_node->attributes->getNamedItem('ttrssSortOrder')->nodeValue; if (!$order_id) $order_id = 0; - Feeds::add_feed_category($cat_title, $parent_id, $order_id); + Feeds::_add_cat($cat_title, $parent_id, $order_id); $cat_id = $this->get_feed_category($cat_title, $parent_id); } @@ -594,7 +594,7 @@ class OPML extends Handler_Protected { } if (is_uploaded_file($_FILES['opml_file']['tmp_name'])) { - $tmp_file = (string)tempnam(CACHE_DIR . '/upload', 'opml'); + $tmp_file = (string)tempnam(Config::get(Config::CACHE_DIR) . '/upload', 'opml'); $result = move_uploaded_file($_FILES['opml_file']['tmp_name'], $tmp_file); @@ -634,13 +634,10 @@ class OPML extends Handler_Protected { print "$msg<br/>"; } - static function opml_publish_url(){ - - $url_path = get_self_url_prefix(); - $url_path .= "/opml.php?op=publish&key=" . - Feeds::get_feed_access_key('OPML:Publish', false, $_SESSION["uid"]); - - return $url_path; + static function get_publish_url(){ + return get_self_url_prefix() . + "/public.php?op=publishOpml&key=" . + Feeds::_get_access_key('OPML:Publish', false, $_SESSION["uid"]); } function get_feed_category($feed_cat, $parent_cat_id = false) { diff --git a/classes/plugin.php b/classes/plugin.php index 2416418cd..6c572467a 100644 --- a/classes/plugin.php +++ b/classes/plugin.php @@ -54,4 +54,8 @@ abstract class Plugin { return vsprintf($this->__($msgid), $args); } + + function csrf_ignore($method) { + return false; + } } diff --git a/classes/pluginhandler.php b/classes/pluginhandler.php index 9682e440f..75b823822 100644 --- a/classes/pluginhandler.php +++ b/classes/pluginhandler.php @@ -7,17 +7,23 @@ class PluginHandler extends Handler_Protected { function catchall($method) { $plugin_name = clean($_REQUEST["plugin"]); $plugin = PluginHost::getInstance()->get_plugin($plugin_name); + $csrf_token = ($_POST["csrf_token"] ?? ""); if ($plugin) { if (method_exists($plugin, $method)) { - $plugin->$method(); + if (validate_csrf($csrf_token) || $plugin->csrf_ignore($method)) { + $plugin->$method(); + } else { + user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNAUTHORIZED); + } } else { - user_error("PluginHandler: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING); - print error_json(13); + user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); } } else { - user_error("PluginHandler: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING); - print error_json(14); + user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING); + print Errors::to_json(Errors::E_UNKNOWN_PLUGIN); } } } diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 42f7f6bf9..b6f645a9c 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -18,6 +18,7 @@ class PluginHost { private static $instance; const API_VERSION = 2; + const PUBLIC_METHOD_DELIMITER = "--"; // Hooks marked with *1 are run in global context and available // to plugins loaded in config.php only @@ -47,14 +48,14 @@ class PluginHost { const HOOK_QUERY_HEADLINES = "hook_query_headlines"; // hook_query_headlines($row) (byref) const HOOK_HOUSE_KEEPING = "hook_house_keeping"; //*1 // GLOBAL: hook_house_keeping() const HOOK_SEARCH = "hook_search"; // hook_search($query) - const HOOK_FORMAT_ENCLOSURES = "hook_format_enclosures"; // hook_format_enclosures($rv, $result, $id, $always_display_enclosures, $article_content, $hide_images) (byref) + const HOOK_FORMAT_ENCLOSURES = "hook_format_enclosures"; // hook__format_enclosures($rv, $result, $id, $always_display_enclosures, $article_content, $hide_images) (byref) const HOOK_SUBSCRIBE_FEED = "hook_subscribe_feed"; // hook_subscribe_feed($contents, $url, $auth_login, $auth_pass) (byref) const HOOK_HEADLINES_BEFORE = "hook_headlines_before"; // hook_headlines_before($feed, $is_cat, $qfh_ret) - const HOOK_RENDER_ENCLOSURE = "hook_render_enclosure"; // hook_render_enclosure($entry, $hide_images) + const HOOK_RENDER_ENCLOSURE = "hook_render_enclosure"; // hook_render_enclosure($entry, $id, $rv) const HOOK_ARTICLE_FILTER_ACTION = "hook_article_filter_action"; // hook_article_filter_action($article, $action) const HOOK_ARTICLE_EXPORT_FEED = "hook_article_export_feed"; // hook_article_export_feed($line, $feed, $is_cat, $owner_uid) (byref) const HOOK_MAIN_TOOLBAR_BUTTON = "hook_main_toolbar_button"; // hook_main_toolbar_button() - const HOOK_ENCLOSURE_ENTRY = "hook_enclosure_entry"; // hook_enclosure_entry($row, $id) (byref) + const HOOK_ENCLOSURE_ENTRY = "hook_enclosure_entry"; // hook_enclosure_entry($entry, $id, $rv) (byref) const HOOK_FORMAT_ARTICLE = "hook_format_article"; // hook_format_article($html, $row) const HOOK_FORMAT_ARTICLE_CDM = "hook_format_article_cdm"; /* RIP */ const HOOK_FEED_BASIC_INFO = "hook_feed_basic_info"; // hook_feed_basic_info($basic_info, $fetch_url, $owner_uid, $feed_id, $auth_login, $auth_pass) (byref) @@ -107,8 +108,9 @@ class PluginHost { return false; } + // needed for compatibility with API 2 (?) function get_dbh() { - return Db::get(); + return false; } function get_pdo(): PDO { @@ -272,8 +274,8 @@ class PluginHost { $class = trim($class); $class_file = strtolower(basename(clean($class))); - if (!is_dir(__DIR__."/../plugins/$class_file") && - !is_dir(__DIR__."/../plugins.local/$class_file")) continue; + if (!is_dir(__DIR__ . "/../plugins/$class_file") && + !is_dir(__DIR__ . "/../plugins.local/$class_file")) continue; // try system plugin directory first $file = __DIR__ . "/../plugins/$class_file/init.php"; @@ -598,7 +600,7 @@ class PluginHost { } // handled by classes/pluginhandler.php, requires valid session - function get_method_url(Plugin $sender, string $method, $params) { + function get_method_url(Plugin $sender, string $method, $params = []) { return get_self_url_prefix() . "/backend.php?" . http_build_query( array_merge( @@ -610,16 +612,25 @@ class PluginHost { $params)); } + // shortcut syntax (disabled for now) + /* function get_method_url(Plugin $sender, string $method, $params) { + return get_self_url_prefix() . "/backend.php?" . + http_build_query( + array_merge( + [ + "op" => strtolower(get_class($sender) . self::PUBLIC_METHOD_DELIMITER . $method), + ], + $params)); + } */ + // WARNING: endpoint in public.php, exposed to unauthenticated users - function get_public_method_url(Plugin $sender, string $method, $params) { + function get_public_method_url(Plugin $sender, string $method, $params = []) { if ($sender->is_public_method($method)) { return get_self_url_prefix() . "/public.php?" . http_build_query( array_merge( [ - "op" => "pluginhandler", - "plugin" => strtolower(get_class($sender)), - "pmethod" => $method + "op" => strtolower(get_class($sender) . self::PUBLIC_METHOD_DELIMITER . $method), ], $params)); } else { diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 47e5689ec..086c52697 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -1,7 +1,7 @@ <?php class Pref_Feeds extends Handler_Protected { function csrf_ignore($method) { - $csrf_ignored = array("index", "getfeedtree", "savefeedorder", "uploadicon"); + $csrf_ignored = array("index", "getfeedtree", "savefeedorder"); return array_search($method, $csrf_ignored) !== false; } @@ -9,7 +9,7 @@ class Pref_Feeds extends Handler_Protected { public static function get_ts_languages() { $rv = []; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $dbh = Db::pdo(); $res = $dbh->query("SELECT cfgname FROM pg_ts_config"); @@ -22,11 +22,6 @@ class Pref_Feeds extends Handler_Protected { return $rv; } - function batch_edit_cbox($elem, $label = false) { - print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\" - onchange=\"App.dialogOf(this).toggleField(this, '$elem', '$label')\">"; - } - function renamecat() { $title = clean($_REQUEST['title']); $id = clean($_REQUEST['id']); @@ -98,7 +93,7 @@ class Pref_Feeds extends Handler_Protected { $feed['checkbox'] = false; $feed['unread'] = -1; $feed['error'] = $feed_line['last_error']; - $feed['icon'] = Feeds::getFeedIcon($feed_line['id']); + $feed['icon'] = Feeds::_get_icon($feed_line['id']); $feed['param'] = TimeHelper::make_local_datetime( $feed_line['last_updated'], true); $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0); @@ -110,10 +105,10 @@ class Pref_Feeds extends Handler_Protected { } function getfeedtree() { - print json_encode($this->makefeedtree()); + print json_encode($this->_makefeedtree()); } - function makefeedtree() { + function _makefeedtree() { if (clean($_REQUEST['mode'] ?? 0) != 2) $search = $_SESSION["prefs_feed_search"] ?? ""; @@ -266,7 +261,7 @@ class Pref_Feeds extends Handler_Protected { $feed['name'] = $feed_line['title']; $feed['checkbox'] = false; $feed['error'] = $feed_line['last_error']; - $feed['icon'] = Feeds::getFeedIcon($feed_line['id']); + $feed['icon'] = Feeds::_get_icon($feed_line['id']); $feed['param'] = TimeHelper::make_local_datetime( $feed_line['last_updated'], true); $feed['unread'] = -1; @@ -301,7 +296,7 @@ class Pref_Feeds extends Handler_Protected { $feed['name'] = $feed_line['title']; $feed['checkbox'] = false; $feed['error'] = $feed_line['last_error']; - $feed['icon'] = Feeds::getFeedIcon($feed_line['id']); + $feed['icon'] = Feeds::_get_icon($feed_line['id']); $feed['param'] = TimeHelper::make_local_datetime( $feed_line['last_updated'], true); $feed['unread'] = -1; @@ -446,7 +441,7 @@ class Pref_Feeds extends Handler_Protected { $sth->execute([$feed_id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - @unlink(ICONS_DIR . "/$feed_id.ico"); + @unlink(Config::get(Config::ICONS_DIR) . "/$feed_id.ico"); $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = NULL, favicon_last_checked = '1970-01-01' where id = ?"); @@ -458,10 +453,12 @@ class Pref_Feeds extends Handler_Protected { header("Content-type: text/html"); if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) { - $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon'); + $tmp_file = tempnam(Config::get(Config::CACHE_DIR) . '/upload', 'icon'); - $result = move_uploaded_file($_FILES['icon_file']['tmp_name'], - $tmp_file); + if (!$tmp_file) + return; + + $result = move_uploaded_file($_FILES['icon_file']['tmp_name'], $tmp_file); if (!$result) { return; @@ -474,7 +471,7 @@ class Pref_Feeds extends Handler_Protected { $feed_id = clean($_REQUEST["feed_id"]); $rc = 2; // failed - if (is_file($icon_file) && $feed_id) { + if ($icon_file && is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 65535) { $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds @@ -482,15 +479,19 @@ class Pref_Feeds extends Handler_Protected { $sth->execute([$feed_id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - @unlink(ICONS_DIR . "/$feed_id.ico"); - if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) { + $new_filename = Config::get(Config::ICONS_DIR) . "/$feed_id.ico"; + + if (file_exists($new_filename)) unlink($new_filename); + + if (rename($icon_file, $new_filename)) { + chmod($new_filename, 644); $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = '' WHERE id = ?"); $sth->execute([$feed_id]); - $rc = 0; + $rc = Feeds::_get_icon($feed_id); } } } else { @@ -498,7 +499,9 @@ class Pref_Feeds extends Handler_Protected { } } - if (is_file($icon_file)) @unlink($icon_file); + if ($icon_file && is_file($icon_file)) { + unlink($icon_file); + } print $rc; return; @@ -508,131 +511,25 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_id = clean($_REQUEST["id"]); + $feed_id = (int)clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); $sth->execute([$feed_id, $_SESSION['uid']]); - if ($row = $sth->fetch()) { - print '<div dojoType="dijit.layout.TabContainer" style="height : 450px"> - <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">'; - - $title = htmlspecialchars($row["title"]); - - print_hidden("id", "$feed_id"); - print_hidden("op", "pref-feeds"); - print_hidden("method", "editSave"); - - print "<header>".__("Feed")."</header>"; - print "<section>"; - - /* Title */ - - print "<fieldset>"; - - print "<input dojoType='dijit.form.ValidationTextBox' required='1' - placeHolder=\"".__("Feed Title")."\" - style='font-size : 16px; width: 500px' name='title' value=\"$title\">"; - - print "</fieldset>"; - - /* Feed URL */ - - $feed_url = htmlspecialchars($row["feed_url"]); - - print "<fieldset>"; - - print "<label>" . __('URL:') . "</label> "; - print "<input dojoType='dijit.form.ValidationTextBox' required='1' - placeHolder=\"".__("Feed URL")."\" - regExp='^(http|https)://.*' style='width : 300px' - name='feed_url' value=\"$feed_url\">"; - - if (!empty($row["last_error"])) { - print " <i class=\"material-icons\" - title=\"".htmlspecialchars($row["last_error"])."\">error</i>"; - } - - print "</fieldset>"; - - /* Category */ - - if (get_pref('ENABLE_FEED_CATS')) { - - $cat_id = $row["cat_id"]; - - print "<fieldset>"; - - print "<label>" . __('Place in category:') . "</label> "; - - print_feed_cat_select("cat_id", $cat_id, - 'dojoType="fox.form.Select"'); - - print "</fieldset>"; - } - - /* Site URL */ - - $site_url = htmlspecialchars($row["site_url"]); - - print "<fieldset>"; - - print "<label>" . __('Site URL:') . "</label> "; - print "<input dojoType='dijit.form.ValidationTextBox' required='1' - placeHolder=\"".__("Site URL")."\" - regExp='^(http|https)://.*' style='width : 300px' - name='site_url' value=\"$site_url\">"; + if ($row = $sth->fetch(PDO::FETCH_ASSOC)) { - print "</fieldset>"; - - /* FTS Stemming Language */ - - if (DB_TYPE == "pgsql") { - $feed_language = $row["feed_language"]; - - if (!$feed_language) - $feed_language = get_pref('DEFAULT_SEARCH_LANGUAGE'); - - print "<fieldset>"; - - print "<label>" . __('Language:') . "</label> "; - print_select("feed_language", $feed_language, $this::get_ts_languages(), - 'dojoType="fox.form.Select"'); - - print "</fieldset>"; - } - - print "</section>"; - - print "<header>".__("Update")."</header>"; - print "<section>"; - - /* Update Interval */ - - $update_interval = $row["update_interval"]; - - print "<fieldset>"; + ob_start(); + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED, $feed_id); + $plugin_data = trim((string)ob_get_contents()); + ob_end_clean(); - print "<label>".__("Interval:")."</label> "; + $row["icon"] = Feeds::_get_icon($feed_id); $local_update_intervals = $update_intervals; $local_update_intervals[0] .= sprintf(" (%s)", $update_intervals[get_pref("DEFAULT_UPDATE_INTERVAL")]); - print_select_hash("update_interval", $update_interval, $local_update_intervals, - 'dojoType="fox.form.Select"'); - - print "</fieldset>"; - - /* Purge intl */ - - $purge_interval = $row["purge_interval"]; - - print "<fieldset>"; - - print "<label>" . __('Article purging:') . "</label> "; - - if (FORCE_ARTICLE_PURGE == 0) { + if (Config::get(Config::FORCE_ARTICLE_PURGE) == 0) { $local_purge_intervals = $purge_intervals; $default_purge_interval = get_pref("PURGE_OLD_DAYS"); @@ -642,343 +539,142 @@ class Pref_Feeds extends Handler_Protected { $local_purge_intervals[0] .= " " . sprintf("(%s)", __("Disabled")); } else { - $purge_interval = FORCE_ARTICLE_PURGE; + $purge_interval = Config::get(Config::FORCE_ARTICLE_PURGE); $local_purge_intervals = [ T_nsprintf('%d day', '%d days', $purge_interval, $purge_interval) ]; } - print_select_hash("purge_interval", $purge_interval, $local_purge_intervals, - 'dojoType="fox.form.Select" ' . - ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"')); - - print "</fieldset>"; - - print "</section>"; - - $auth_login = htmlspecialchars($row["auth_login"]); - $auth_pass = htmlspecialchars($row["auth_pass"]); - - $auth_enabled = $auth_login !== '' || $auth_pass !== ''; - - $auth_style = $auth_enabled ? '' : 'display: none'; - print "<div id='feedEditDlg_loginContainer' style='$auth_style'>"; - print "<header>".__("Authentication")."</header>"; - print "<section>"; - - print "<fieldset>"; - - print "<input dojoType='dijit.form.TextBox' id='feedEditDlg_login' - placeHolder='".__("Login")."' - autocomplete='new-password' - name='auth_login' value=\"$auth_login\">"; - - print "</fieldset><fieldset>"; - - print "<input dojoType='dijit.form.TextBox' type='password' name='auth_pass' - autocomplete='new-password' - placeHolder='".__("Password")."' - value=\"$auth_pass\">"; - - print "<div dojoType='dijit.Tooltip' connectId='feedEditDlg_login' position='below'> - ".__('<b>Hint:</b> you need to fill in your login information if your feed requires authentication, except for Twitter feeds.')." - </div>"; - - print "</fieldset>"; - - print "</section></div>"; - - $auth_checked = $auth_enabled ? 'checked' : ''; - print "<label class='checkbox'> - <input type='checkbox' $auth_checked name='need_auth' dojoType='dijit.form.CheckBox' id='feedEditDlg_loginCheck' - onclick='App.displayIfChecked(this, \"feedEditDlg_loginContainer\")'> - ".__('This feed requires authentication.')."</label>"; - - print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Options').'">'; - - print "<section class='narrow'>"; - - $include_in_digest = $row["include_in_digest"]; - - if ($include_in_digest) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } - - print "<fieldset class='narrow'>"; - - print "<label class='checkbox'><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"include_in_digest\" - name=\"include_in_digest\" - $checked> ".__('Include in e-mail digest')."</label>"; - - print "</fieldset>"; - - $always_display_enclosures = $row["always_display_enclosures"]; - - if ($always_display_enclosures) { - $checked = "checked"; - } else { - $checked = ""; - } - - print "<fieldset class='narrow'>"; - - print "<label class='checkbox'><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"always_display_enclosures\" - name=\"always_display_enclosures\" - $checked> ".__('Always display image attachments')."</label>"; - - print "</fieldset>"; - - $hide_images = $row["hide_images"]; - - if ($hide_images) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } - - print "<fieldset class='narrow'>"; - - print "<label class='checkbox'><input dojoType='dijit.form.CheckBox' type='checkbox' id='hide_images' - name='hide_images' $checked> ".__('Do not embed media')."</label>"; - - print "</fieldset>"; - - $cache_images = $row["cache_images"]; - - if ($cache_images) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } - - print "<fieldset class='narrow'>"; - - print "<label class='checkbox'><input dojoType='dijit.form.CheckBox' type='checkbox' id='cache_images' - name='cache_images' $checked> ". __('Cache media')."</label>"; - - print "</fieldset>"; - - $mark_unread_on_update = $row["mark_unread_on_update"]; - - if ($mark_unread_on_update) { - $checked = "checked"; - } else { - $checked = ""; - } - - print "<fieldset class='narrow'>"; - - print "<label class='checkbox'><input dojoType='dijit.form.CheckBox' type='checkbox' id='mark_unread_on_update' - name='mark_unread_on_update' $checked> ".__('Mark updated articles as unread')."</label>"; - - print "</fieldset>"; - - print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Icon').'">'; - - /* Icon */ - - print "<img class='feedIcon feed-editor-icon' src=\"".Feeds::getFeedIcon($feed_id)."\">"; - - print "<form onsubmit='return false;' id='feed_icon_upload_form' - enctype='multipart/form-data' method='POST'> - <label class='dijitButton'>".__("Choose file...")." - <input style='display: none' id='icon_file' size='10' name='icon_file' type='file'> - </label> - <input type='hidden' name='op' value='pref-feeds'> - <input type='hidden' name='csrf_token' value='".$_SESSION['csrf_token']."'> - <input type='hidden' name='feed_id' value='$feed_id'> - <input type='hidden' name='method' value='uploadicon'> - <button dojoType='dijit.form.Button' onclick=\"return CommonDialogs.uploadFeedIcon();\" - type='submit'>".__('Replace')."</button> - <button class='alt-danger' dojoType='dijit.form.Button' onclick=\"return CommonDialogs.removeFeedIcon($feed_id);\" - type='submit'>".__('Remove')."</button> - </form>"; - - print "</section>"; - - print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Plugins').'">'; - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED, $feed_id); - - print "</div></div>"; - - $title = htmlspecialchars($title, ENT_QUOTES); - - print "<footer> - <button style='float : left' class='alt-danger' dojoType='dijit.form.Button' - onclick='App.dialogOf(this).unsubscribeFeed($feed_id, \"$title\")'>". - __('Unsubscribe')."</button> - <button dojoType='dijit.form.Button' class='alt-primary' type='submit'>".__('Save')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>".__('Cancel')."</button> - </footer>"; + print json_encode([ + "feed" => $row, + "cats" => [ + "enabled" => get_pref('ENABLE_FEED_CATS'), + "select" => \Controls\select_feeds_cats("cat_id", $row["cat_id"]), + ], + "plugin_data" => $plugin_data, + "force_purge" => (int)Config::get(Config::FORCE_ARTICLE_PURGE), + "intervals" => [ + "update" => $local_update_intervals, + "purge" => $local_purge_intervals, + ], + "lang" => [ + "enabled" => Config::get(Config::DB_TYPE) == "pgsql", + "default" => get_pref('DEFAULT_SEARCH_LANGUAGE'), + "all" => $this::get_ts_languages(), + ] + ]); } } + private function _batch_toggle_checkbox($name) { + return \Controls\checkbox_tag("", false, "", + ["data-control-for" => $name, "title" => __("Check to enable field"), "onchange" => "App.dialogOf(this).toggleField(this)"]); + } + function editfeeds() { global $purge_intervals; global $update_intervals; $feed_ids = clean($_REQUEST["ids"]); - print_notice("Enable the options you wish to apply using checkboxes on the right:"); - - print "<p>"; - - print_hidden("ids", "$feed_ids"); - print_hidden("op", "pref-feeds"); - print_hidden("method", "batchEditSave"); - - print "<header>".__("Feed")."</header>"; - print "<section>"; - - /* Category */ - - if (get_pref('ENABLE_FEED_CATS')) { - - print "<fieldset>"; - - print "<label>" . __('Place in category:') . "</label> "; - - print_feed_cat_select("cat_id", false, - 'disabled="1" dojoType="fox.form.Select"'); - - $this->batch_edit_cbox("cat_id"); - - print "</fieldset>"; - } - - /* FTS Stemming Language */ - - if (DB_TYPE == "pgsql") { - print "<fieldset>"; - - print "<label>" . __('Language:') . "</label> "; - print_select("feed_language", "", $this::get_ts_languages(), - 'disabled="1" dojoType="fox.form.Select"'); - - $this->batch_edit_cbox("feed_language"); - - print "</fieldset>"; - } - - print "</section>"; - - print "<header>".__("Update")."</header>"; - print "<section>"; - - /* Update Interval */ - - print "<fieldset>"; - - print "<label>".__("Interval:")."</label> "; - $local_update_intervals = $update_intervals; $local_update_intervals[0] .= sprintf(" (%s)", $update_intervals[get_pref("DEFAULT_UPDATE_INTERVAL")]); - print_select_hash("update_interval", "", $local_update_intervals, - 'disabled="1" dojoType="fox.form.Select"'); - - $this->batch_edit_cbox("update_interval"); - - print "</fieldset>"; - - /* Purge intl */ - - if (FORCE_ARTICLE_PURGE == 0) { - - print "<fieldset>"; - - print "<label>" . __('Article purging:') . "</label> "; - - $local_purge_intervals = $purge_intervals; - $default_purge_interval = get_pref("PURGE_OLD_DAYS"); - - if ($default_purge_interval > 0) - $local_purge_intervals[0] .= " " . T_sprintf("(%d days)", $default_purge_interval); - else - $local_purge_intervals[0] .= " " . sprintf("(%s)", __("Disabled")); - - print_select_hash("purge_interval", "", $local_purge_intervals, - 'disabled="1" dojoType="fox.form.Select"'); - - $this->batch_edit_cbox("purge_interval"); - - print "</fieldset>"; - } - - print "</section>"; - print "<header>".__("Authentication")."</header>"; - print "<section>"; - - print "<fieldset>"; - - print "<input dojoType='dijit.form.TextBox' - placeHolder=\"".__("Login")."\" disabled='1' - autocomplete='new-password' - name='auth_login' value=''>"; - - $this->batch_edit_cbox("auth_login"); - - print "<input dojoType='dijit.form.TextBox' type='password' name='auth_pass' - autocomplete='new-password' - placeHolder=\"".__("Password")."\" disabled='1' - value=''>"; - - $this->batch_edit_cbox("auth_pass"); - - print "</fieldset>"; - - print "</section>"; - print "<header>".__("Options")."</header>"; - print "<section>"; - - print "<fieldset class='narrow'>"; - print "<label class='checkbox'><input disabled='1' type='checkbox' id='include_in_digest' - name='include_in_digest' dojoType='dijit.form.CheckBox'> ".__('Include in e-mail digest')."</label>"; - - print " "; $this->batch_edit_cbox("include_in_digest", "include_in_digest_l"); - - print "</fieldset><fieldset class='narrow'>"; - - print "<label class='checkbox'><input disabled='1' type='checkbox' id='always_display_enclosures' - name='always_display_enclosures' dojoType='dijit.form.CheckBox'> ".__('Always display image attachments')."</label>"; - - print " "; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l"); - - print "</fieldset><fieldset class='narrow'>"; - - print "<label class='checkbox'><input disabled='1' type='checkbox' id='hide_images' - name='hide_images' dojoType='dijit.form.CheckBox'> ". __('Do not embed media')."</label>"; - - print " "; $this->batch_edit_cbox("hide_images", "hide_images_l"); - - print "</fieldset><fieldset class='narrow'>"; + $local_purge_intervals = $purge_intervals; + $default_purge_interval = get_pref("PURGE_OLD_DAYS"); - print "<label class='checkbox'><input disabled='1' type='checkbox' id='cache_images' - name='cache_images' dojoType='dijit.form.CheckBox'> ".__('Cache media')."</label>"; - - print " "; $this->batch_edit_cbox("cache_images", "cache_images_l"); - - print "</fieldset><fieldset class='narrow'>"; - - print "<label class='checkbox'><input disabled='1' type='checkbox' id='mark_unread_on_update' - name='mark_unread_on_update' dojoType='dijit.form.CheckBox'> ".__('Mark updated articles as unread')."</label>"; - - print " "; $this->batch_edit_cbox("mark_unread_on_update", "mark_unread_on_update_l"); - - print "</fieldset>"; - - print "</section>"; - - print "<footer> - <button dojoType='dijit.form.Button' type='submit' class='alt-primary' type='submit'>". - __('Save')."</button> - <button dojoType='dijit.form.Button' - onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button> - </footer>"; + if ($default_purge_interval > 0) + $local_purge_intervals[0] .= " " . T_sprintf("(%d days)", $default_purge_interval); + else + $local_purge_intervals[0] .= " " . sprintf("(%s)", __("Disabled")); + + $options = [ + "include_in_digest" => __('Include in e-mail digest'), + "always_display_enclosures" => __('Always display image attachments'), + "hide_images" => __('Do not embed media'), + "cache_images" => __('Cache media'), + "mark_unread_on_update" => __('Mark updated articles as unread') + ]; + + print_notice("Enable the options you wish to apply using checkboxes on the right."); + ?> + + <?= \Controls\hidden_tag("ids", $feed_ids) ?> + <?= \Controls\hidden_tag("op", "pref-feeds") ?> + <?= \Controls\hidden_tag("method", "batchEditSave") ?> + + <div dojoType="dijit.layout.TabContainer" style="height : 450px"> + <div dojoType="dijit.layout.ContentPane" title="<?= __('General') ?>"> + <section> + <?php if (get_pref('ENABLE_FEED_CATS')) { ?> + <fieldset> + <label><?= __('Place in category:') ?></label> + <?= \Controls\select_feeds_cats("cat_id", null, ['disabled' => '1']) ?> + <?= $this->_batch_toggle_checkbox("cat_id") ?> + </fieldset> + <?php } ?> + + <?php if (Config::get(Config::DB_TYPE) == "pgsql") { ?> + <fieldset> + <label><?= __('Language:') ?></label> + <?= \Controls\select_tag("feed_language", "", $this::get_ts_languages(), ["disabled"=> 1]) ?> + <?= $this->_batch_toggle_checkbox("feed_language") ?> + </fieldset> + <?php } ?> + </section> + + <hr/> + + <section> + <fieldset> + <label><?= __("Update interval:") ?></label> + <?= \Controls\select_hash("update_interval", "", $local_update_intervals, ["disabled" => 1]) ?> + <?= $this->_batch_toggle_checkbox("update_interval") ?> + </fieldset> + + <?php if (Config::get(Config::FORCE_ARTICLE_PURGE) == 0) { ?> + <fieldset> + <label><?= __('Article purging:') ?></label> + <?= \Controls\select_hash("purge_interval", "", $local_purge_intervals, ["disabled" => 1]) ?> + <?= $this->_batch_toggle_checkbox("purge_interval") ?> + </fieldset> + <?php } ?> + </section> + </div> + <div dojoType="dijit.layout.ContentPane" title="<?= __('Authentication') ?>"> + <section> + <fieldset> + <label><?= __("Login:") ?></label> + <input dojoType='dijit.form.TextBox' + disabled='1' autocomplete='new-password' name='auth_login' value=''> + <?= $this->_batch_toggle_checkbox("auth_login") ?> + </fieldset> + <fieldset> + <label><?= __("Password:") ?></label> + <input dojoType='dijit.form.TextBox' type='password' name='auth_pass' + autocomplete='new-password' disabled='1' value=''> + <?= $this->_batch_toggle_checkbox("auth_pass") ?> + </fieldset> + </section> + </div> + <div dojoType="dijit.layout.ContentPane" title="<?= __('Options') ?>"> + <?php + foreach ($options as $name => $caption) { + ?> + <fieldset class='narrow'> + <label class="checkbox text-muted"> + <?= \Controls\checkbox_tag($name, false, "", ["disabled" => "1"]) ?> + <?= $caption ?> + <?= $this->_batch_toggle_checkbox($name) ?> + </label> + </fieldset> + <?php } ?> + </div> + </div> - return; + <footer> + <?= \Controls\submit_tag(__("Save")) ?> + <?= \Controls\cancel_dialog_tag(__("Cancel")) ?> + </footer> + <?php } function batchEditSave() { @@ -989,7 +685,7 @@ class Pref_Feeds extends Handler_Protected { return $this->editsaveops(false); } - function editsaveops($batch) { + private function editsaveops($batch) { $feed_title = clean($_POST["title"]); $feed_url = clean($_POST["feed_url"]); @@ -1017,10 +713,6 @@ class Pref_Feeds extends Handler_Protected { $feed_language = clean($_POST["feed_language"]); if (!$batch) { - if (clean($_POST["need_auth"] ?? "") !== 'on') { - $auth_login = ''; - $auth_pass = ''; - } /* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?"); $sth->execute([$feed_id]); @@ -1189,7 +881,7 @@ class Pref_Feeds extends Handler_Protected { function addCat() { $feed_cat = clean($_REQUEST["cat"]); - Feeds::add_feed_category($feed_cat); + Feeds::_add_cat($feed_cat); } function importOpml() { @@ -1197,33 +889,15 @@ class Pref_Feeds extends Handler_Protected { $opml->opml_import($_SESSION["uid"]); } - function index() { - - print "<div dojoType='dijit.layout.AccordionContainer' region='center'>"; - print "<div style='padding : 0px' dojoType='dijit.layout.AccordionPane' - title=\"<i class='material-icons'>rss_feed</i> ".__('Feeds')."\">"; - - $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors - FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?"); - $sth->execute([$_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $num_errors = $row["num_errors"]; - } else { - $num_errors = 0; - } + private function index_feeds() { + $error_button = "<button dojoType='dijit.form.Button' + id='pref_feeds_errors_btn' style='display : none' + onclick='CommonDialogs.showFeedsWithErrors()'>". + __("Feeds with errors")."</button>"; - if ($num_errors > 0) { - $error_button = "<button dojoType=\"dijit.form.Button\" - onclick=\"CommonDialogs.showFeedsWithErrors()\" id=\"errorButton\">" . - __("Feeds with errors") . "</button>"; - } else { - $error_button = ""; - } - - $inactive_button = "<button dojoType=\"dijit.form.Button\" - id=\"pref_feeds_inactive_btn\" - style=\"display : none\" + $inactive_button = "<button dojoType='dijit.form.Button' + id='pref_feeds_inactive_btn' + style='display : none' onclick=\"dijit.byId('feedTree').showInactiveFeeds()\">" . __("Inactive feeds") . "</button>"; @@ -1235,175 +909,201 @@ class Pref_Feeds extends Handler_Protected { $feed_search = $_SESSION["prefs_feed_search"] ?? ""; } - print '<div dojoType="dijit.layout.BorderContainer" gutters="false">'; - - print "<div region='top' dojoType=\"fox.Toolbar\">"; #toolbar - - print "<div style='float : right; padding-right : 4px;'> - <input dojoType=\"dijit.form.TextBox\" id=\"feed_search\" size=\"20\" type=\"search\" - value=\"$feed_search\"> - <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('feedTree').reload()\">". - __('Search')."</button> - </div>"; - - print "<div dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('feedTree').model.setAllChecked(true)\" - dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').model.setAllChecked(false)\" - dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; - - print "<div dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Feeds')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"CommonDialogs.quickAddFeed()\" - dojoType=\"dijit.MenuItem\">".__('Subscribe to feed')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').editSelectedFeed()\" - dojoType=\"dijit.MenuItem\">".__('Edit selected feeds')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').resetFeedOrder()\" - dojoType=\"dijit.MenuItem\">".__('Reset sort order')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').batchSubscribe()\" - dojoType=\"dijit.MenuItem\">".__('Batch subscribe')."</div>"; - print "<div dojoType=\"dijit.MenuItem\" onclick=\"dijit.byId('feedTree').removeSelectedFeeds()\">" - .__('Unsubscribe')."</div> "; - print "</div></div>"; - - if (get_pref('ENABLE_FEED_CATS')) { - print "<div dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Categories')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('feedTree').createCategory()\" - dojoType=\"dijit.MenuItem\">".__('Add category')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').resetCatOrder()\" - dojoType=\"dijit.MenuItem\">".__('Reset sort order')."</div>"; - print "<div onclick=\"dijit.byId('feedTree').removeSelectedCategories()\" - dojoType=\"dijit.MenuItem\">".__('Remove selected')."</div>"; - print "</div></div>"; - - } - - print $error_button; - print $inactive_button; - - print "</div>"; # toolbar - - //print '</div>'; - print '<div style="padding : 0px" dojoType="dijit.layout.ContentPane" region="center">'; - - print "<div id=\"feedlistLoading\"> - <img src='images/indicator_tiny.gif'>". - __("Loading, please wait...")."</div>"; - - $auto_expand = $feed_search != "" ? "true" : "false"; - - print "<div dojoType=\"fox.PrefFeedStore\" jsId=\"feedStore\" - url=\"backend.php?op=pref-feeds&method=getfeedtree\"> - </div> - <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"feedModel\" store=\"feedStore\" - query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\" - childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\"> + ?> + + <div dojoType="dijit.layout.BorderContainer" gutters="false"> + <div region='top' dojoType="fox.Toolbar"> + <div style='float : right'> + <input dojoType="dijit.form.TextBox" id="feed_search" size="20" type="search" + value="<?= htmlspecialchars($feed_search) ?>"> + <button dojoType="dijit.form.Button" onclick="dijit.byId('feedTree').reload()"> + <?= __('Search') ?></button> + </div> + + <div dojoType="fox.form.DropDownButton"> + <span><?= __('Select') ?></span> + <div dojoType="dijit.Menu" style="display: none;"> + <div onclick="dijit.byId('feedTree').model.setAllChecked(true)" + dojoType="dijit.MenuItem"><?= __('All') ?></div> + <div onclick="dijit.byId('feedTree').model.setAllChecked(false)" + dojoType="dijit.MenuItem"><?= __('None') ?></div> + </div> + </div> + + <div dojoType="fox.form.DropDownButton"> + <span><?= __('Feeds') ?></span> + <div dojoType="dijit.Menu" style="display: none"> + <div onclick="CommonDialogs.subscribeToFeed()" + dojoType="dijit.MenuItem"><?= __('Subscribe to feed') ?></div> + <div onclick="dijit.byId('feedTree').editSelectedFeed()" + dojoType="dijit.MenuItem"><?= __('Edit selected feeds') ?></div> + <div onclick="dijit.byId('feedTree').resetFeedOrder()" + dojoType="dijit.MenuItem"><?= __('Reset sort order') ?></div> + <div onclick="dijit.byId('feedTree').batchSubscribe()" + dojoType="dijit.MenuItem"><?= __('Batch subscribe') ?></div> + <div dojoType="dijit.MenuItem" onclick="dijit.byId('feedTree').removeSelectedFeeds()"> + <?= __('Unsubscribe') ?></div> + </div> + </div> + + <?php if (get_pref('ENABLE_FEED_CATS')) { ?> + <div dojoType="fox.form.DropDownButton"> + <span><?= __('Categories') ?></span> + <div dojoType="dijit.Menu" style="display: none"> + <div onclick="dijit.byId('feedTree').createCategory()" + dojoType="dijit.MenuItem"><?= __('Add category') ?></div> + <div onclick="dijit.byId('feedTree').resetCatOrder()" + dojoType="dijit.MenuItem"><?= __('Reset sort order') ?></div> + <div onclick="dijit.byId('feedTree').removeSelectedCategories()" + dojoType="dijit.MenuItem"><?= __('Remove selected') ?></div> + </div> + </div> + <?php } ?> + <?= $error_button ?> + <?= $inactive_button ?> + </div> + <div style="padding : 0px" dojoType="dijit.layout.ContentPane" region="center"> + <div dojoType="fox.PrefFeedStore" jsId="feedStore" + url="backend.php?op=pref-feeds&method=getfeedtree"> + </div> + + <div dojoType="lib.CheckBoxStoreModel" jsId="feedModel" store="feedStore" + query="{id:'root'}" rootId="root" rootLabel="Feeds" childrenAttrs="items" + checkboxStrict="false" checkboxAll="false"> + </div> + + <div dojoType="fox.PrefFeedTree" id="feedTree" + dndController="dijit.tree.dndSource" + betweenThreshold="5" + autoExpand="<?= (!empty($feed_search) ? "true" : "false") ?>" + persist="true" + model="feedModel" + openOnClick="false"> + <script type="dojo/method" event="onClick" args="item"> + var id = String(item.id); + var bare_id = id.substr(id.indexOf(':')+1); + + if (id.match('FEED:')) { + CommonDialogs.editFeed(bare_id); + } else if (id.match('CAT:')) { + dijit.byId('feedTree').editCategory(bare_id, item); + } + </script> + <script type="dojo/method" event="onLoad" args="item"> + dijit.byId('feedTree').checkInactiveFeeds(); + dijit.byId('feedTree').checkErrorFeeds(); + </script> + </div> + </div> </div> - <div dojoType=\"fox.PrefFeedTree\" id=\"feedTree\" - dndController=\"dijit.tree.dndSource\" - betweenThreshold=\"5\" - autoExpand='$auto_expand' - model=\"feedModel\" openOnClick=\"false\"> - <script type=\"dojo/method\" event=\"onClick\" args=\"item\"> - var id = String(item.id); - var bare_id = id.substr(id.indexOf(':')+1); - - if (id.match('FEED:')) { - CommonDialogs.editFeed(bare_id); - } else if (id.match('CAT:')) { - dijit.byId('feedTree').editCategory(bare_id, item); - } - </script> - <script type=\"dojo/method\" event=\"onLoad\" args=\"item\"> - Element.hide(\"feedlistLoading\"); + <?php - dijit.byId('feedTree').checkInactiveFeeds(); - </script> - </div>"; - -# print "<div dojoType=\"dijit.Tooltip\" connectId=\"feedTree\" position=\"below\"> -# ".__('<b>Hint:</b> you can drag feeds and categories around.')." -# </div>"; - - print '</div>'; - print '</div>'; - - print "</div>"; # feeds pane + } - print "<div dojoType='dijit.layout.AccordionPane' - title='<i class=\"material-icons\">import_export</i> ".__('OPML')."'>"; + private function index_opml() { + ?> - print "<h3>" . __("Using OPML you can export and import your feeds, filters, labels and Tiny Tiny RSS settings.") . "</h3>"; + <h3><?= __("Using OPML you can export and import your feeds, filters, labels and Tiny Tiny RSS settings.") ?></h3> - print_notice("Only main settings profile can be migrated using OPML."); + <?php print_notice("Only main settings profile can be migrated using OPML.") ?> - print "<form id='opml_import_form' method='post' enctype='multipart/form-data' > - <label class='dijitButton'>".__("Choose file...")." - <input style='display : none' id='opml_file' name='opml_file' type='file'> + <form id='opml_import_form' method='post' enctype='multipart/form-data'> + <label class='dijitButton'><?= __("Choose file...") ?> + <input style='display : none' id='opml_file' name='opml_file' type='file'> </label> <input type='hidden' name='op' value='pref-feeds'> - <input type='hidden' name='csrf_token' value='".$_SESSION['csrf_token']."'> + <input type='hidden' name='csrf_token' value="<?= $_SESSION['csrf_token'] ?>"> <input type='hidden' name='method' value='importOpml'> - <button dojoType='dijit.form.Button' class='alt-primary' onclick=\"return Helpers.OPML.import();\" type=\"submit\">" . - __('Import OPML') . "</button>"; - - print "</form>"; + <button dojoType='dijit.form.Button' class='alt-primary' onclick="return Helpers.OPML.import()" type="submit"> + <?= __('Import OPML') ?> + </button> + </form> - print "<form dojoType='dijit.form.Form' id='opmlExportForm' style='display : inline-block'>"; + <hr/> - print "<button dojoType='dijit.form.Button' - onclick='Helpers.OPML.export()' >" . - __('Export OPML') . "</button>"; + <form dojoType='dijit.form.Form' id='opmlExportForm' style='display : inline-block'> + <button dojoType='dijit.form.Button' onclick='Helpers.OPML.export()'> + <?= __('Export OPML') ?> + </button> - print " <label class='checkbox'>"; - print_checkbox("include_settings", true, "1", ""); - print " " . __("Include settings"); - print "</label>"; - - print "</form>"; + <label class='checkbox'> + <?= \Controls\checkbox_tag("include_settings", true, "1") ?> + <?= __("Include settings") ?> + </label> + </form> - print "<p/>"; + <hr/> - print "<h2>" . __("Published OPML") . "</h2>"; + <h2><?= __("Published OPML") ?></h2> - print "<p>" . __('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.') . - " " . - __("Published OPML does not include your Tiny Tiny RSS settings, feeds that require authentication or feeds hidden from Popular feeds.") . "</p>"; + <p> + <?= __('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.') ?> + <?= __("Published OPML does not include your Tiny Tiny RSS settings, feeds that require authentication or feeds hidden from Popular feeds.") ?> + </p> - print "<button dojoType='dijit.form.Button' class='alt-primary' onclick=\"return CommonDialogs.publishedOPML()\">". - __('Display published OPML URL')."</button> "; + <button dojoType='dijit.form.Button' class='alt-primary' onclick="return Helpers.OPML.publish()"> + <?= __('Display published OPML URL') ?> + </button> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefFeedsOPML"); + } - print "</div>"; # pane - - print "<div dojoType=\"dijit.layout.AccordionPane\" - title=\"<i class='material-icons'>share</i> ".__('Published & shared articles / Generated feeds')."\">"; + private function index_shared() { + ?> - print "<h3>" . __('Published articles can be subscribed by anyone who knows the following URL:') . "</h3>"; + <h3><?= __('Published articles can be subscribed by anyone who knows the following URL:') ?></h3> - $rss_url = htmlspecialchars(get_self_url_prefix() . - "/public.php?op=rss&id=-2&view-mode=all_articles");; + <button dojoType='dijit.form.Button' class='alt-primary' + onclick="CommonDialogs.generatedFeed(-2, false)"> + <?= __('Display URL') ?> + </button> - print "<button dojoType='dijit.form.Button' class='alt-primary' - onclick='CommonDialogs.generatedFeed(-2, false, \"$rss_url\", \"".__("Published articles")."\")'>". - __('Display URL')."</button> - <button class='alt-danger' dojoType='dijit.form.Button' onclick='return Helpers.clearFeedAccessKeys()'>". - __('Clear all generated URLs')."</button> "; + <button class='alt-danger' dojoType='dijit.form.Button' onclick='return Helpers.Feeds.clearFeedAccessKeys()'> + <?= __('Clear all generated URLs') ?> + </button> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefFeedsPublishedGenerated"); + } - print "</div>"; #pane - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefFeeds"); - - print "</div>"; #container + function index() { + ?> + + <div dojoType='dijit.layout.TabContainer' tabPosition='left-h'> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' + title="<i class='material-icons'>rss_feed</i> <?= __('My feeds') ?>"> + <?php $this->index_feeds() ?> + </div> + + <div dojoType='dijit.layout.ContentPane' + title="<i class='material-icons'>import_export</i> <?= __('OPML') ?>"> + <?php $this->index_opml() ?> + </div> + + <div dojoType="dijit.layout.ContentPane" + title="<i class='material-icons'>share</i> <?= __('Sharing') ?>"> + <?php $this->index_shared() ?> + </div> + + <?php + ob_start(); + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefFeeds"); + $plugin_data = trim((string)ob_get_contents()); + ob_end_clean(); + ?> + + <?php if ($plugin_data) { ?> + <div dojoType='dijit.layout.ContentPane' + title="<i class='material-icons'>extension</i> <?= __('Plugins') ?>"> + + <div dojoType='dijit.layout.AccordionContainer' region='center'> + <?= $plugin_data ?> + </div> + </div> + <?php } ?> + </div> + <?php } private function feedlist_init_cat($cat_id) { @@ -1412,9 +1112,9 @@ class Pref_Feeds extends Handler_Protected { $obj['id'] = 'CAT:' . $cat_id; $obj['items'] = array(); - $obj['name'] = Feeds::getCategoryTitle($cat_id); + $obj['name'] = Feeds::_get_cat_title($cat_id); $obj['type'] = 'category'; - $obj['unread'] = -1; //(int) Feeds::getCategoryUnread($cat_id); + $obj['unread'] = -1; //(int) Feeds::_get_cat_unread($cat_id); $obj['bare_id'] = $cat_id; return $obj; @@ -1425,7 +1125,7 @@ class Pref_Feeds extends Handler_Protected { $feed_id = (int) $feed_id; if (!$title) - $title = Feeds::getFeedTitle($feed_id, false); + $title = Feeds::_get_title($feed_id, false); if ($unread === false) $unread = getFeedUnread($feed_id, false); @@ -1436,7 +1136,7 @@ class Pref_Feeds extends Handler_Protected { $obj['type'] = 'feed'; $obj['error'] = $error; $obj['updated'] = $updated; - $obj['icon'] = Feeds::getFeedIcon($feed_id); + $obj['icon'] = Feeds::_get_icon($feed_id); $obj['bare_id'] = $feed_id; $obj['auxcounter'] = 0; @@ -1445,7 +1145,7 @@ class Pref_Feeds extends Handler_Protected { function inactiveFeeds() { - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $interval_qpart = "NOW() - INTERVAL '3 months'"; } else { $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; @@ -1464,56 +1164,14 @@ class Pref_Feeds extends Handler_Protected { ORDER BY last_article"); $sth->execute([$_SESSION['uid']]); - print "<div dojoType='fox.Toolbar'>"; - print "<div dojoType='fox.form.DropDownButton'>". - "<span>" . __('Select')."</span>"; - print "<div dojoType='dijit.Menu' style='display: none'>"; - print "<div onclick=\"Tables.select('inactive-feeds-list', true)\" - dojoType='dijit.MenuItem'>".__('All')."</div>"; - print "<div onclick=\"Tables.select('inactive-feeds-list', false)\" - dojoType='dijit.MenuItem'>".__('None')."</div>"; - print "</div></div>"; - print "</div>"; #toolbar - - print "<div class='panel panel-scrollable'>"; - print "<table width='100%' id='inactive-feeds-list'>"; - - $lnum = 1; - - while ($line = $sth->fetch()) { - - $feed_id = $line["id"]; - - print "<tr data-row-id='$feed_id'>"; - - print "<td width='5%' align='center'><input - onclick='Tables.onRowChecked(this);' dojoType='dijit.form.CheckBox' - type='checkbox'></td>"; - print "<td>"; - - print "<a href='#' ". - "title=\"".__("Click to edit feed")."\" ". - "onclick=\"CommonDialogs.editFeed(".$line["id"].")\">". - htmlspecialchars($line["title"])."</a>"; - - print "</td><td class='text-muted' align='right'>"; - print TimeHelper::make_local_datetime($line['last_article'], false); - print "</td>"; - print "</tr>"; + $rv = []; - ++$lnum; + while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + $row['last_article'] = TimeHelper::make_local_datetime($row['last_article'], false); + array_push($rv, $row); } - print "</table>"; - print "</div>"; - - print "<footer> - <button style='float : left' class='alt-danger' dojoType='dijit.form.Button' onclick='App.dialogOf(this).removeSelected()'>" - .__('Unsubscribe from selected feeds')."</button> - <button dojoType='dijit.form.Button' class='alt-primary' type='submit'>" - .__('Close this window')."</button> - </footer>"; - + print json_encode($rv); } function feedsWithErrors() { @@ -1521,58 +1179,13 @@ class Pref_Feeds extends Handler_Protected { FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?"); $sth->execute([$_SESSION['uid']]); - print "<div dojoType=\"fox.Toolbar\">"; - print "<div dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"Tables.select('error-feeds-list', true)\" - dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"Tables.select('error-feeds-list', false)\" - dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; - print "</div>"; #toolbar - - print "<div class='panel panel-scrollable'>"; - print "<table width='100%' id='error-feeds-list'>"; - - $lnum = 1; - - while ($line = $sth->fetch()) { - - $feed_id = $line["id"]; - - print "<tr data-row-id='$feed_id'>"; - - print "<td width='5%' align='center'><input - onclick='Tables.onRowChecked(this);' dojoType=\"dijit.form.CheckBox\" - type=\"checkbox\"></td>"; - print "<td>"; - - print "<a class=\"visibleLink\" href=\"#\" ". - "title=\"".__("Click to edit feed")."\" ". - "onclick=\"CommonDialogs.editFeed(".$line["id"].")\">". - htmlspecialchars($line["title"])."</a>: "; - - print "<span class=\"text-muted\">"; - print htmlspecialchars($line["last_error"]); - print "</span>"; - - print "</td>"; - print "</tr>"; + $rv = []; - ++$lnum; + while ($row = $sth->fetch()) { + array_push($rv, $row); } - print "</table>"; - print "</div>"; - - print "<footer>"; - print "<button style='float : left' class='alt-danger' dojoType='dijit.form.Button' onclick='App.dialogOf(this).removeSelected()'>" - .__('Unsubscribe from selected feeds')."</button> "; - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit'>". - __('Close this window')."</button>"; - - print "</footer>"; + print json_encode($rv); } private function remove_feed_category($id, $owner_uid) { @@ -1613,8 +1226,8 @@ class Pref_Feeds extends Handler_Protected { $pdo->commit(); - if (file_exists(ICONS_DIR . "/$id.ico")) { - unlink(ICONS_DIR . "/$id.ico"); + if (file_exists(Config::get(Config::ICONS_DIR) . "/$id.ico")) { + unlink(Config::get(Config::ICONS_DIR) . "/$id.ico"); } } else { @@ -1623,52 +1236,10 @@ class Pref_Feeds extends Handler_Protected { } function batchSubscribe() { - print "<form onsubmit='return false'>"; - - print_hidden("op", "pref-feeds"); - print_hidden("method", "batchaddfeeds"); - - print "<header class='horizontal'>".__("One valid feed per line (no detection is done)")."</header>"; - print "<section>"; - - print "<textarea - style='font-size : 12px; width : 98%; height: 200px;' - dojoType='fox.form.ValidationTextArea' required='1' name='feeds'></textarea>"; - - if (get_pref('ENABLE_FEED_CATS')) { - print "<fieldset>"; - print "<label>" . __('Place in category:') . "</label> "; - print_feed_cat_select("cat", false, 'dojoType="fox.form.Select"'); - print "</fieldset>"; - } - - print "</section>"; - - print "<div id='feedDlg_loginContainer' style='display : none'>"; - - print "<header>" . __("Authentication") . "</header>"; - print "<section>"; - - print "<input dojoType='dijit.form.TextBox' name='login' placeHolder=\"".__("Login")."\"> - <input placeHolder=\"".__("Password")."\" dojoType=\"dijit.form.TextBox\" type='password' - autocomplete='new-password' name='pass''></div>"; - - print "</section>"; - print "</div>"; - - print "<fieldset class='narrow'> - <label class='checkbox'><input type='checkbox' name='need_auth' dojoType='dijit.form.CheckBox' - onclick='App.displayIfChecked(this, \"feedDlg_loginContainer\")'> ". - __('Feeds require authentication.')."</label></div>"; - print "</fieldset>"; - - print "<footer> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).execute()' type='submit' class='alt-primary'>". - __('Subscribe')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>".__('Cancel')."</button> - </footer>"; - - print "</form>"; + print json_encode([ + "enable_cats" => (int)get_pref('ENABLE_FEED_CATS'), + "cat_select" => \Controls\select_feeds_cats("cat") + ]); } function batchAddFeeds() { @@ -1703,14 +1274,14 @@ class Pref_Feeds extends Handler_Protected { } function getOPMLKey() { - print json_encode(["link" => OPML::opml_publish_url()]); + print json_encode(["link" => OPML::get_publish_url()]); } function regenOPMLKey() { $this->update_feed_access_key('OPML:Publish', false, $_SESSION["uid"]); - print json_encode(["link" => OPML::opml_publish_url()]); + print json_encode(["link" => OPML::get_publish_url()]); } function regenFeedKey() { @@ -1722,11 +1293,23 @@ class Pref_Feeds extends Handler_Protected { print json_encode(["link" => $new_key]); } - function getFeedKey() { + function getsharedurl() { $feed_id = clean($_REQUEST['id']); - $is_cat = clean($_REQUEST['is_cat']); - - print json_encode(["link" => Feeds::get_feed_access_key($feed_id, $is_cat, $_SESSION["uid"])]); + $is_cat = clean($_REQUEST['is_cat']) == "true"; + $search = clean($_REQUEST['search']); + + $link = get_self_url_prefix() . "/public.php?" . http_build_query([ + 'op' => 'rss', + 'id' => $feed_id, + 'is_cat' => (int)$is_cat, + 'q' => $search, + 'key' => Feeds::_get_access_key($feed_id, $is_cat, $_SESSION["uid"]) + ]); + + print json_encode([ + "title" => Feeds::_get_title($feed_id, $is_cat), + "link" => $link + ]); } private function update_feed_access_key($feed_id, $is_cat, $owner_uid) { @@ -1736,7 +1319,7 @@ class Pref_Feeds extends Handler_Protected { WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?"); $sth->execute([$feed_id, bool_to_sql_bool($is_cat), $owner_uid]); - return Feeds::get_feed_access_key($feed_id, $is_cat, $owner_uid); + return Feeds::_get_access_key($feed_id, $is_cat, $owner_uid); } // Silent @@ -1760,29 +1343,4 @@ class Pref_Feeds extends Handler_Protected { return $c; } - function getinactivefeeds() { - if (DB_TYPE == "pgsql") { - $interval_qpart = "NOW() - INTERVAL '3 months'"; - } else { - $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; - } - - $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_inactive FROM ttrss_feeds WHERE - (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE - ttrss_entries.id = ref_id AND - ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND - ttrss_feeds.owner_uid = ?"); - $sth->execute([$_SESSION['uid']]); - - if ($row = $sth->fetch()) { - print (int)$row["num_inactive"]; - } - } - - static function subscribe_to_feed_url() { - $url_path = get_self_url_prefix() . - "/public.php?op=subscribe&feed_url=%s"; - return $url_path; - } - } diff --git a/classes/pref/filters.php b/classes/pref/filters.php index a24a05b05..fda4a6513 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -162,7 +162,7 @@ class Pref_Filters extends Handler_Protected { print json_encode($rv); } - private function getfilterrules_list($filter_id) { + private function _get_rules_list($filter_id) { $sth = $this->pdo->prepare("SELECT reg_exp, inverse, match_on, @@ -189,10 +189,10 @@ class Pref_Filters extends Handler_Protected { if (strpos($feed_id, "CAT:") === 0) { $feed_id = (int)substr($feed_id, 4); - array_push($feeds_fmt, Feeds::getCategoryTitle($feed_id)); + array_push($feeds_fmt, Feeds::_get_cat_title($feed_id)); } else { if ($feed_id) - array_push($feeds_fmt, Feeds::getFeedTitle((int)$feed_id)); + array_push($feeds_fmt, Feeds::_get_title((int)$feed_id)); else array_push($feeds_fmt, __("All feeds")); } @@ -203,9 +203,9 @@ class Pref_Filters extends Handler_Protected { } else { $where = $line["cat_filter"] ? - Feeds::getCategoryTitle($line["cat_id"]) : + Feeds::_get_cat_title($line["cat_id"]) : ($line["feed_id"] ? - Feeds::getFeedTitle($line["feed_id"]) : __("All feeds")); + Feeds::_get_title($line["feed_id"]) : __("All feeds")); } # $where = $line["cat_id"] . "/" . $line["feed_id"]; @@ -250,7 +250,7 @@ class Pref_Filters extends Handler_Protected { while ($line = $sth->fetch()) { - $name = $this->getFilterName($line["id"]); + $name = $this->_get_name($line["id"]); $match_ok = false; if ($filter_search) { @@ -292,7 +292,7 @@ class Pref_Filters extends Handler_Protected { $filter['checkbox'] = false; $filter['last_triggered'] = $line["last_triggered"] ? TimeHelper::make_local_datetime($line["last_triggered"], false) : null; $filter['enabled'] = sql_bool_to_bool($line["enabled"]); - $filter['rules'] = $this->getfilterrules_list($line['id']); + $filter['rules'] = $this->_get_rules_list($line['id']); if (!$filter_search || $match_ok) { array_push($folder['items'], $filter); @@ -319,170 +319,94 @@ class Pref_Filters extends Handler_Protected { $sth->execute([$filter_id, $_SESSION['uid']]); if (empty($filter_id) || $row = $sth->fetch()) { + $rv = [ + "id" => $filter_id, + "enabled" => $row["enabled"] ?? true, + "match_any_rule" => $row["match_any_rule"] ?? false, + "inverse" => $row["inverse"] ?? false, + "title" => $row["title"] ?? "", + "rules" => [], + "actions" => [], + "filter_types" => [], + "action_types" => [], + "plugin_actions" => [], + "labels" => Labels::get_all($_SESSION["uid"]) + ]; + + $res = $this->pdo->query("SELECT id,description + FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); + + while ($line = $res->fetch()) { + $rv["filter_types"][$line["id"]] = __($line["description"]); + } - $enabled = $row["enabled"] ?? true; - $match_any_rule = $row["match_any_rule"] ?? false; - $inverse = $row["inverse"] ?? false; - $title = htmlspecialchars($row["title"] ?? ""); - - print "<form onsubmit='return false'>"; - - print_hidden("op", "pref-filters"); + $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions + ORDER BY name"); - if ($filter_id) { - print_hidden("id", "$filter_id"); - print_hidden("method", "editSave"); - } else { - print_hidden("method", "add"); + while ($line = $res->fetch()) { + $rv["action_types"][$line["id"]] = __($line["description"]); } - print_hidden("csrf_token", $_SESSION['csrf_token']); - - print "<header>".__("Caption")."</header> - <section> - <input required='true' dojoType='dijit.form.ValidationTextBox' style='width : 20em;' name=\"title\" value=\"$title\"> - </section> - <header class='horizontal'>".__("Match")."</header> - <section> - <div dojoType='fox.Toolbar'> - <div dojoType='fox.form.DropDownButton'> - <span>" . __('Select')."</span> - <div dojoType='dijit.Menu' style='display: none;'> - <!-- can't use App.dialogOf() here because DropDownButton is not a child of the Dialog --> - <div onclick='dijit.byId(\"filterEditDlg\").selectRules(true)' - dojoType='dijit.MenuItem'>".__('All')."</div> - <div onclick='dijit.byId(\"filterEditDlg\").selectRules(false)' - dojoType='dijit.MenuItem'>".__('None')."</div> - </div> - </div> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).addRule()'>". - __('Add')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).deleteRule()'>". - __('Delete')."</button> - </div>"; + $filter_actions = PluginHost::getInstance()->get_filter_actions(); - print "<ul id='filterDlg_Matches'>"; + foreach ($filter_actions as $fclass => $factions) { + foreach ($factions as $faction) { + + $rv["plugin_actions"][$fclass . ":" . $faction["action"]] = + $fclass . ": " . $faction["description"]; + } + } if ($filter_id) { $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules WHERE filter_id = ? ORDER BY reg_exp, id"); - $rules_sth->execute([$filter_id]); + $rules_sth->execute([$filter_id]); - while ($line = $rules_sth->fetch()) { - if ($line["match_on"]) { - $line["feed_id"] = json_decode($line["match_on"], true); + while ($rrow = $rules_sth->fetch(PDO::FETCH_ASSOC)) { + if ($rrow["match_on"]) { + $rrow["feed_id"] = json_decode($rrow["match_on"], true); } else { - if ($line["cat_filter"]) { - $feed_id = "CAT:" . (int)$line["cat_id"]; + if ($rrow["cat_filter"]) { + $feed_id = "CAT:" . (int)$rrow["cat_id"]; } else { - $feed_id = (int)$line["feed_id"]; + $feed_id = (int)$rrow["feed_id"]; } - $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array() + $rrow["feed_id"] = ["" . $feed_id]; // set item type to string for in_array() } - unset($line["cat_filter"]); - unset($line["cat_id"]); - unset($line["filter_id"]); - unset($line["id"]); - if (!$line["inverse"]) unset($line["inverse"]); - unset($line["match_on"]); + unset($rrow["cat_filter"]); + unset($rrow["cat_id"]); + unset($rrow["filter_id"]); + unset($rrow["id"]); + if (!$rrow["inverse"]) unset($rrow["inverse"]); + unset($rrow["match_on"]); - $data = htmlspecialchars((string)json_encode($line)); + $rrow["name"] = $this->_get_rule_name($rrow); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='Lists.onRowChecked(this)'> - <span onclick='App.dialogOf(this).editRule(this)'>".$this->getRuleName($line)."</span>". - format_hidden("rule[]", $data)."</li>"; + array_push($rv["rules"], $rrow); } - } - print "</ul> - </section>"; - - print "<header class='horizontal'>".__("Apply actions")."</header> - <section> - <div dojoType='fox.Toolbar'> - <div dojoType='fox.form.DropDownButton'> - <span>".__('Select')."</span> - <div dojoType='dijit.Menu' style='display: none'> - <div onclick='dijit.byId(\"filterEditDlg\").selectActions(true)' - dojoType='dijit.MenuItem'>".__('All')."</div> - <div onclick='dijit.byId(\"filterEditDlg\").selectActions(false)' - dojoType='dijit.MenuItem'>".__('None')."</div> - </div> - </div> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).addAction()'>". - __('Add')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).deleteAction()'>". - __('Delete')."</button> - </div>"; - - print "<ul id='filterDlg_Actions'>"; - - if ($filter_id) { $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions WHERE filter_id = ? ORDER BY id"); $actions_sth->execute([$filter_id]); - while ($line = $actions_sth->fetch()) { - $line["action_param_label"] = $line["action_param"]; + while ($arow = $actions_sth->fetch(PDO::FETCH_ASSOC)) { + $arow["action_param_label"] = $arow["action_param"]; - unset($line["filter_id"]); - unset($line["id"]); + unset($arow["filter_id"]); + unset($arow["id"]); - $data = htmlspecialchars((string)json_encode($line)); + $arow["name"] = $this->_get_action_name($arow); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='Lists.onRowChecked(this)'> - <span onclick='App.dialogOf(this).editAction(this)'>".$this->getActionName($line)."</span>". - format_hidden("action[]", $data)."</li>"; + array_push($rv["actions"], $arow); } } - - print "</ul>"; - - print "</section>"; - - print "<header>".__("Options")."</header> - <section>"; - - print "<fieldset class='narrow'> - <label class='checkbox'>".format_checkbox('enabled', $enabled)." ".__('Enabled')."</label></fieldset>"; - - print "<fieldset class='narrow'> - <label class='checkbox'>".format_checkbox('match_any_rule', $match_any_rule)." ".__('Match any rule')."</label> - </fieldset>"; - - print "<fieldset class='narrow'><label class='checkbox'>".format_checkbox('inverse', $inverse)." ".__('Inverse matching')."</label> - </fieldset>"; - - print "</section> - <footer>"; - - if ($filter_id) { - print "<div style='float : left'> - <button dojoType='dijit.form.Button' class='alt-danger' onclick='App.dialogOf(this).removeFilter()'>". - __('Remove')."</button> - </div> - <button dojoType='dijit.form.Button' class='alt-info' onclick='App.dialogOf(this).test()'>". - __('Test')."</button> - <button dojoType='dijit.form.Button' type='submit' class='alt-primary' onclick='App.dialogOf(this).execute()'>". - __('Save')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - } else { - print "<button dojoType='dijit.form.Button' class='alt-info' onclick='App.dialogOf(this).test()'>". - __('Test')."</button> - <button dojoType='dijit.form.Button' type='submit' class='alt-primary' onclick='App.dialogOf(this).execute()'>". - __('Create')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - } - - print "</footer></form>"; + print json_encode($rv); } } - private function getRuleName($rule) { + private function _get_rule_name($rule) { if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true); $feeds = $rule["feed_id"]; @@ -494,10 +418,10 @@ class Pref_Filters extends Handler_Protected { if (strpos($feed_id, "CAT:") === 0) { $feed_id = (int)substr($feed_id, 4); - array_push($feeds_fmt, Feeds::getCategoryTitle($feed_id)); + array_push($feeds_fmt, Feeds::_get_cat_title($feed_id)); } else { if ($feed_id) - array_push($feeds_fmt, Feeds::getFeedTitle((int)$feed_id)); + array_push($feeds_fmt, Feeds::_get_title((int)$feed_id)); else array_push($feeds_fmt, __("All feeds")); } @@ -523,10 +447,10 @@ class Pref_Filters extends Handler_Protected { } function printRuleName() { - print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true)); + print $this->_get_rule_name(json_decode(clean($_REQUEST["rule"]), true)); } - private function getActionName($action) { + private function _get_action_name($action) { $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_actions WHERE id = ?"); $sth->execute([(int)$action["action_id"]]); @@ -561,13 +485,13 @@ class Pref_Filters extends Handler_Protected { } function printActionName() { - print $this->getActionName(json_decode(clean($_REQUEST["action"]), true)); + print $this->_get_action_name(json_decode(clean($_REQUEST["action"]), true)); } function editSave() { $filter_id = clean($_REQUEST["id"]); $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"] ?? false)); - $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"])); + $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"] ?? false)); $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"] ?? false)); $title = clean($_REQUEST["title"]); @@ -581,7 +505,7 @@ class Pref_Filters extends Handler_Protected { $sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]); - $this->saveRulesAndActions($filter_id); + $this->_save_rules_and_actions($filter_id); $this->pdo->commit(); } @@ -596,8 +520,7 @@ class Pref_Filters extends Handler_Protected { $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - private function saveRulesAndActions($filter_id) - { + private function _save_rules_and_actions($filter_id) { $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?"); $sth->execute([$filter_id]); @@ -674,11 +597,11 @@ class Pref_Filters extends Handler_Protected { } } - function add() { - $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"])); - $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"])); + function add () { + $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"] ?? false)); + $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"] ?? false)); $title = clean($_REQUEST["title"]); - $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"])); + $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"] ?? false)); $this->pdo->beginTransaction(); @@ -696,7 +619,7 @@ class Pref_Filters extends Handler_Protected { if ($row = $sth->fetch()) { $filter_id = $row['id']; - $this->saveRulesAndActions($filter_id); + $this->_save_rules_and_actions($filter_id); } $this->pdo->commit(); @@ -710,257 +633,73 @@ class Pref_Filters extends Handler_Protected { $filter_search = ($_SESSION["prefs_filter_search"] ?? ""); } - print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>"; - print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>"; - print "<div dojoType='fox.Toolbar'>"; - - print "<div style='float : right; padding-right : 4px;'> - <input dojoType=\"dijit.form.TextBox\" id=\"filter_search\" size=\"20\" type=\"search\" - value=\"$filter_search\"> - <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('filterTree').reload()\">". - __('Search')."</button> - </div>"; - - print "<div dojoType=\"fox.form.DropDownButton\">". - "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" - dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" - dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"return Filters.edit()\">". - __('Create filter')."</button> "; + ?> + <div dojoType='dijit.layout.BorderContainer' gutters='false'> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'> + <div dojoType='fox.Toolbar'> - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterTree').joinSelectedFilters()\">". - __('Combine')."</button> "; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterTree').editSelectedFilter()\">". - __('Edit')."</button> "; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterTree').resetFilterOrder()\">". - __('Reset sort order')."</button> "; - - - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterTree').removeSelectedFilters()\">". - __('Remove')."</button> "; - - print "</div>"; # toolbar - print "</div>"; # toolbar-frame - print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'>"; + <div style='float : right; padding-right : 4px;'> + <input dojoType="dijit.form.TextBox" id="filter_search" size="20" type="search" + value="<?= htmlspecialchars($filter_search) ?>"> + <button dojoType="dijit.form.Button" onclick="dijit.byId('filterTree').reload()"> + <?= __('Search') ?></button> + </div> - print "<div id='filterlistLoading'> - <img src='images/indicator_tiny.gif'>". - __("Loading, please wait...")."</div>"; + <div dojoType="fox.form.DropDownButton"> + <span><?= __('Select') ?></span> + <div dojoType="dijit.Menu" style="display: none;"> + <div onclick="dijit.byId('filterTree').model.setAllChecked(true)" + dojoType="dijit.MenuItem"><?= __('All') ?></div> + <div onclick="dijit.byId('filterTree').model.setAllChecked(false)" + dojoType="dijit.MenuItem"><?= __('None') ?></div> + </div> + </div> - print "<div dojoType=\"fox.PrefFilterStore\" jsId=\"filterStore\" - url=\"backend.php?op=pref-filters&method=getfiltertree\"> - </div> - <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\" - query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Filters\" - childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\"> + <button dojoType="dijit.form.Button" onclick="return Filters.edit()"> + <?= __('Create filter') ?></button> + <button dojoType="dijit.form.Button" onclick="return dijit.byId('filterTree').joinSelectedFilters()"> + <?= __('Combine') ?></button> + <button dojoType="dijit.form.Button" onclick="return dijit.byId('filterTree').resetFilterOrder()"> + <?= __('Reset sort order') ?></button> + <button dojoType="dijit.form.Button" onclick="return dijit.byId('filterTree').removeSelectedFilters()"> + <?= __('Remove') ?></button> + + </div> + </div> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'> + <div dojoType="fox.PrefFilterStore" jsId="filterStore" + url="backend.php?op=pref-filters&method=getfiltertree"> + </div> + <div dojoType="lib.CheckBoxStoreModel" jsId="filterModel" store="filterStore" + query="{id:'root'}" rootId="root" rootLabel="Filters" + childrenAttrs="items" checkboxStrict="false" checkboxAll="false"> + </div> + <div dojoType="fox.PrefFilterTree" id="filterTree" dndController="dijit.tree.dndSource" + betweenThreshold="5" model="filterModel" openOnClick="true"> + <script type="dojo/method" event="onClick" args="item"> + var id = String(item.id); + var bare_id = id.substr(id.indexOf(':')+1); + + if (id.match('FILTER:')) { + Filters.edit(bare_id); + } + </script> + </div> + </div> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefFilters") ?> </div> - <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" - dndController=\"dijit.tree.dndSource\" - betweenThreshold=\"5\" - model=\"filterModel\" openOnClick=\"true\"> - <script type=\"dojo/method\" event=\"onLoad\" args=\"item\"> - Element.hide(\"filterlistLoading\"); - </script> - <script type=\"dojo/method\" event=\"onClick\" args=\"item\"> - var id = String(item.id); - var bare_id = id.substr(id.indexOf(':')+1); - - if (id.match('FILTER:')) { - Filters.edit(bare_id); - } - </script> - - </div>"; - - print "</div>"; #pane - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefFilters"); - - print "</div>"; #container - + <?php } - function newrule() { - $rule = json_decode(clean($_REQUEST["rule"]), true); - - if ($rule) { - $reg_exp = htmlspecialchars($rule["reg_exp"]); - $filter_type = $rule["filter_type"]; - $feed_id = $rule["feed_id"]; - $inverse_checked = isset($rule["inverse"]) ? "checked" : ""; - } else { - $reg_exp = ""; - $filter_type = 1; - $feed_id = ["0"]; - $inverse_checked = ""; - } - - print "<form name='filter_new_rule_form' id='filter_new_rule_form' onsubmit='return false;'>"; - - $res = $this->pdo->query("SELECT id,description - FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); - - $filter_types = array(); - - while ($line = $res->fetch()) { - $filter_types[$line["id"]] = __($line["description"]); - } - - print "<header>".__("Match")."</header>"; - - print "<section>"; - - print "<textarea dojoType='fox.form.ValidationTextArea' - required='true' id='filterDlg_regExp' - ValidRegExp='true' - rows='4' - style='font-size : 14px; width : 490px; word-break: break-all' - name='reg_exp'>$reg_exp</textarea>"; + function editrule() { + $feed_ids = explode(",", clean($_REQUEST["ids"])); - print "<div dojoType='dijit.Tooltip' id='filterDlg_regExp_tip' connectId='filterDlg_regExp' position='below'></div>"; - - print "<fieldset>"; - print "<label class='checkbox'><input id='filterDlg_inverse' dojoType='dijit.form.CheckBox' - name='inverse' $inverse_checked/> ". - __("Inverse regular expression matching")."</label>"; - print "</fieldset>"; - - print "<fieldset>"; - print "<label style='display : inline'>". __("on field") . "</label> "; - print_select_hash("filter_type", $filter_type, $filter_types, - 'dojoType="fox.form.Select"'); - print "<label style='padding-left : 10px; display : inline'>" . __("in") . "</label> "; - - print "</fieldset>"; - - print "<fieldset>"; - print "<span id='filterDlg_feeds'>"; - print_feed_multi_select("feed_id", - $feed_id, - 'style="width : 500px; height : 300px" dojoType="dijit.form.MultiSelect"'); - print "</span>"; - - print "</fieldset>"; - - print "</section>"; - - print "<footer>"; - - print "<button dojoType='dijit.form.Button' style='float : left' class='alt-info' onclick='window.open(\"https://tt-rss.org/wiki/ContentFilters\")'> - <i class='material-icons'>help</i> ".__("More info...")."</button>"; - - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick='App.dialogOf(this).execute()'>". - ($rule ? __("Save rule") : __('Add rule'))."</button> "; - - print "<button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - - print "</footer>"; - - print "</form>"; + print json_encode([ + "multiselect" => $this->_feed_multi_select("feed_id", $feed_ids, 'required="1" style="width : 100%; height : 300px" dojoType="fox.form.ValidationMultiSelect"') + ]); } - function newaction() { - $action = json_decode(clean($_REQUEST["action"]), true); - - if ($action) { - $action_param = $action["action_param"]; - $action_id = (int)$action["action_id"]; - } else { - $action_param = ""; - $action_id = 0; - } - - print "<form name='filter_new_action_form' id='filter_new_action_form' onsubmit='return false;'>"; - - print "<header>".__("Perform Action")."</header>"; - - print "<section>"; - - print "<select name='action_id' dojoType='fox.form.Select' - onchange='Filters.filterDlgCheckAction(this)'>"; - - $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions - ORDER BY name"); - - while ($line = $res->fetch()) { - $is_selected = ($line["id"] == $action_id) ? "selected='1'" : ""; - printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"])); - } - - print "</select>"; - - $param_box_hidden = ($action_id == 7 || $action_id == 4 || $action_id == 6 || $action_id == 9) ? - "" : "display : none"; - - $param_hidden = ($action_id == 4 || $action_id == 6) ? - "" : "display : none"; - - $label_param_hidden = ($action_id == 7) ? "" : "display : none"; - $plugin_param_hidden = ($action_id == 9) ? "" : "display : none"; - - print "<span id='filterDlg_paramBox' style=\"$param_box_hidden\">"; - print " "; - //print " " . __("with parameters:") . " "; - print "<input dojoType='dijit.form.TextBox' - id='filterDlg_actionParam' style=\"$param_hidden\" - name='action_param' value=\"$action_param\">"; - - print_label_select("action_param_label", $action_param, - "id='filterDlg_actionParamLabel' style=\"$label_param_hidden\" - dojoType='fox.form.Select'"); - - $filter_actions = PluginHost::getInstance()->get_filter_actions(); - $filter_action_hash = array(); - - foreach ($filter_actions as $fclass => $factions) { - foreach ($factions as $faction) { - - $filter_action_hash[$fclass . ":" . $faction["action"]] = - $fclass . ": " . $faction["description"]; - } - } - - if (count($filter_action_hash) == 0) { - $filter_plugin_disabled = "disabled"; - - $filter_action_hash["no-data"] = __("No actions available"); - - } else { - $filter_plugin_disabled = ""; - } - - print_select_hash("filterDlg_actionParamPlugin", $action_param, $filter_action_hash, - "style=\"$plugin_param_hidden\" dojoType='fox.form.Select' $filter_plugin_disabled", - "action_param_plugin"); - - print "</span>"; - - print " "; // tiny layout hack - - print "</section>"; - - print "<footer>"; - - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick='App.dialogOf(this).execute()'>". - ($action ? __("Save action") : __('Add action'))."</button> "; - - print "<button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - - print "</footer>"; - - print "</form>"; - } - - private function getFilterName($id) { + private function _get_name($id) { $sth = $this->pdo->prepare( "SELECT title,match_any_rule,f.inverse AS inverse,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions @@ -989,7 +728,7 @@ class Pref_Filters extends Handler_Protected { $actions = ""; if ($line = $sth->fetch()) { - $actions = $this->getActionName($line); + $actions = $this->_get_action_name($line); $num_actions -= 1; } @@ -1031,12 +770,12 @@ class Pref_Filters extends Handler_Protected { $this->pdo->commit(); - $this->optimizeFilter($base_id); + $this->_optimize($base_id); } } - private function optimizeFilter($id) { + private function _optimize($id) { $this->pdo->beginTransaction(); @@ -1090,4 +829,111 @@ class Pref_Filters extends Handler_Protected { $this->pdo->commit(); } + + private function _feed_multi_select($id, $default_ids = [], + $attributes = "", $include_all_feeds = true, + $root_id = null, $nest_level = 0) { + + $pdo = Db::pdo(); + + $rv = ""; + + // print_r(in_array("CAT:6",$default_ids)); + + if (!$root_id) { + $rv .= "<select multiple=\true\" id=\"$id\" name=\"$id\" $attributes>"; + if ($include_all_feeds) { + $is_selected = (in_array("0", $default_ids)) ? "selected=\"1\"" : ""; + $rv .= "<option $is_selected value=\"0\">".__('All feeds')."</option>"; + } + } + + if (get_pref('ENABLE_FEED_CATS')) { + + if (!$root_id) $root_id = null; + + $sth = $pdo->prepare("SELECT id,title, + (SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE + c2.parent_cat = ttrss_feed_categories.id) AS num_children + FROM ttrss_feed_categories + WHERE owner_uid = :uid AND + (parent_cat = :root_id OR (:root_id IS NULL AND parent_cat IS NULL)) ORDER BY title"); + + $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]); + + while ($line = $sth->fetch()) { + + for ($i = 0; $i < $nest_level; $i++) + $line["title"] = " " . $line["title"]; + + $is_selected = in_array("CAT:".$line["id"], $default_ids) ? "selected=\"1\"" : ""; + + $rv .= sprintf("<option $is_selected value='CAT:%d'>%s</option>", + $line["id"], htmlspecialchars($line["title"])); + + if ($line["num_children"] > 0) + $rv .= $this->_feed_multi_select($id, $default_ids, $attributes, + $include_all_feeds, $line["id"], $nest_level+1); + + $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds + WHERE cat_id = ? AND owner_uid = ? ORDER BY title"); + + $f_sth->execute([$line['id'], $_SESSION['uid']]); + + while ($fline = $f_sth->fetch()) { + $is_selected = (in_array($fline["id"], $default_ids)) ? "selected=\"1\"" : ""; + + $fline["title"] = " " . $fline["title"]; + + for ($i = 0; $i < $nest_level; $i++) + $fline["title"] = " " . $fline["title"]; + + $rv .= sprintf("<option $is_selected value='%d'>%s</option>", + $fline["id"], htmlspecialchars($fline["title"])); + } + } + + if (!$root_id) { + $is_selected = in_array("CAT:0", $default_ids) ? "selected=\"1\"" : ""; + + $rv .= sprintf("<option $is_selected value='CAT:0'>%s</option>", + __("Uncategorized")); + + $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds + WHERE cat_id IS NULL AND owner_uid = ? ORDER BY title"); + $f_sth->execute([$_SESSION['uid']]); + + while ($fline = $f_sth->fetch()) { + $is_selected = in_array($fline["id"], $default_ids) ? "selected=\"1\"" : ""; + + $fline["title"] = " " . $fline["title"]; + + for ($i = 0; $i < $nest_level; $i++) + $fline["title"] = " " . $fline["title"]; + + $rv .= sprintf("<option $is_selected value='%d'>%s</option>", + $fline["id"], htmlspecialchars($fline["title"])); + } + } + + } else { + $sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds + WHERE owner_uid = ? ORDER BY title"); + $sth->execute([$_SESSION['uid']]); + + while ($line = $sth->fetch()) { + + $is_selected = (in_array($line["id"], $default_ids)) ? "selected=\"1\"" : ""; + + $rv .= sprintf("<option $is_selected value='%d'>%s</option>", + $line["id"], htmlspecialchars($line["title"])); + } + } + + if (!$root_id) { + $rv .= "</select>"; + } + + return $rv; + } } diff --git a/classes/pref/labels.php b/classes/pref/labels.php index a787ce388..5bc094d55 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -10,72 +10,12 @@ class Pref_Labels extends Handler_Protected { function edit() { $label_id = clean($_REQUEST['id']); - $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE + $sth = $this->pdo->prepare("SELECT id, caption, fg_color, bg_color FROM ttrss_labels2 WHERE id = ? AND owner_uid = ?"); $sth->execute([$label_id, $_SESSION['uid']]); - if ($line = $sth->fetch()) { - - print_hidden("id", "$label_id"); - print_hidden("op", "pref-labels"); - print_hidden("method", "save"); - - print "<form onsubmit='return false;'>"; - - print "<header>".__("Caption")."</header>"; - - print "<section>"; - - $fg_color = $line['fg_color']; - $bg_color = $line['bg_color'] ? $line['bg_color'] : '#fff7d5'; - - print "<input style='font-size : 16px; color : $fg_color; background : $bg_color; transition : background 0.1s linear' - id='labelEdit_caption' name='caption' dojoType='dijit.form.ValidationTextBox' - required='true' value=\"".htmlspecialchars($line['caption'])."\">"; - - print "</section>"; - - print "<header>" . __("Colors") . "</header>"; - print "<section>"; - - print "<table>"; - print "<tr><th style='text-align : left'>".__("Foreground:")."</th><th style='text-align : left'>".__("Background:")."</th></tr>"; - print "<tr><td style='padding-right : 10px'>"; - - print "<input dojoType='dijit.form.TextBox' - style='display : none' id='labelEdit_fgColor' - name='fg_color' value='$fg_color'>"; - print "<input dojoType='dijit.form.TextBox' - style='display : none' id='labelEdit_bgColor' - name='bg_color' value='$bg_color'>"; - - print "<div dojoType='dijit.ColorPalette'> - <script type='dojo/method' event='onChange' args='fg_color'> - dijit.byId('labelEdit_fgColor').attr('value', fg_color); - dijit.byId('labelEdit_caption').domNode.setStyle({color: fg_color}); - </script> - </div>"; - - print "</td><td>"; - - print "<div dojoType='dijit.ColorPalette'> - <script type='dojo/method' event='onChange' args='bg_color'> - dijit.byId('labelEdit_bgColor').attr('value', bg_color); - dijit.byId('labelEdit_caption').domNode.setStyle({backgroundColor: bg_color}); - </script> - </div>"; - - print "</td></tr></table>"; - print "</section>"; - - print "<footer>"; - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary' onclick='App.dialogOf(this).execute()'>". - __('Save')."</button>"; - print "<button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - print "</footer>"; - - print "</form>"; + if ($line = $sth->fetch(PDO::FETCH_ASSOC)) { + print json_encode($line); } } @@ -197,7 +137,7 @@ class Pref_Labels extends Handler_Protected { $sth->execute([$caption, $old_caption, $_SESSION['uid']]); - print clean($_REQUEST["value"]); + print clean($_REQUEST["caption"]); } else { print $old_caption; } @@ -225,88 +165,64 @@ class Pref_Labels extends Handler_Protected { $output = clean($_REQUEST["output"]); if ($caption) { - if (Labels::create($caption)) { if (!$output) { print T_sprintf("Created label <b>%s</b>", htmlspecialchars($caption)); } } - - if ($output == "select") { - header("Content-Type: text/xml"); - - print "<rpc-reply><payload>"; - - print_label_select("select_label", - $caption, ""); - - print "</payload></rpc-reply>"; - } } - - return; } function index() { - - print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>"; - print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>"; - print "<div dojoType='fox.Toolbar'>"; - - print "<div dojoType='fox.form.DropDownButton'>". - "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(true)\" - dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(false)\" - dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; - - print"<button dojoType=\"dijit.form.Button\" onclick=\"CommonDialogs.addLabel()\">". - __('Create label')."</button dojoType=\"dijit.form.Button\"> "; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelTree').removeSelected()\">". - __('Remove')."</button dojoType=\"dijit.form.Button\"> "; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelTree').resetColors()\">". - __('Clear colors')."</button dojoType=\"dijit.form.Button\">"; - - - print "</div>"; #toolbar - print "</div>"; #pane - print "<div style='padding : 0px' dojoType=\"dijit.layout.ContentPane\" region=\"center\">"; - - print "<div id=\"labellistLoading\"> - <img src='images/indicator_tiny.gif'>". - __("Loading, please wait...")."</div>"; - - print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"labelStore\" - url=\"backend.php?op=pref-labels&method=getlabeltree\"> + ?> + <div dojoType='dijit.layout.BorderContainer' gutters='false'> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'> + <div dojoType='fox.Toolbar'> + <div dojoType='fox.form.DropDownButton'> + <span><?= __('Select') ?></span> + <div dojoType='dijit.Menu' style='display: none'> + <div onclick="dijit.byId('labelTree').model.setAllChecked(true)" + dojoType='dijit.MenuItem'><?=('All') ?></div> + <div onclick="dijit.byId('labelTree').model.setAllChecked(false)" + dojoType='dijit.MenuItem'><?=('None') ?></div> + </div> + </div> + + <button dojoType='dijit.form.Button' onclick='CommonDialogs.addLabel()'> + <?=('Create label') ?></button dojoType='dijit.form.Button'> + + <button dojoType='dijit.form.Button' onclick="dijit.byId('labelTree').removeSelected()"> + <?=('Remove') ?></button dojoType='dijit.form.Button'> + + <button dojoType='dijit.form.Button' onclick="dijit.byId('labelTree').resetColors()"> + <?=('Clear colors') ?></button dojoType='dijit.form.Button'> + + </div> + </div> + + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'> + <div dojoType='dojo.data.ItemFileWriteStore' jsId='labelStore' + url='backend.php?op=pref-labels&method=getlabeltree'> + </div> + + <div dojoType='lib.CheckBoxStoreModel' jsId='labelModel' store='labelStore' + query="{id:'root'}" rootId='root' + childrenAttrs='items' checkboxStrict='false' checkboxAll='false'> + </div> + + <div dojoType='fox.PrefLabelTree' id='labelTree' model='labelModel' openOnClick='true'> + <script type='dojo/method' event='onClick' args='item'> + var id = String(item.id); + var bare_id = id.substr(id.indexOf(':')+1); + + if (id.match('LABEL:')) { + dijit.byId('labelTree').editLabel(bare_id); + } + </script> + </div> + </div> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefLabels") ?> </div> - <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"labelModel\" store=\"labelStore\" - query=\"{id:'root'}\" rootId=\"root\" - childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\"> - </div> - <div dojoType=\"fox.PrefLabelTree\" id=\"labelTree\" - model=\"labelModel\" openOnClick=\"true\"> - <script type=\"dojo/method\" event=\"onLoad\" args=\"item\"> - Element.hide(\"labellistLoading\"); - </script> - <script type=\"dojo/method\" event=\"onClick\" args=\"item\"> - var id = String(item.id); - var bare_id = id.substr(id.indexOf(':')+1); - - if (id.match('LABEL:')) { - dijit.byId('labelTree').editLabel(bare_id); - } - </script> - </div>"; - - print "</div>"; #pane - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefLabels"); - - print "</div>"; #container - + <?php } } diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index d40dc87c0..0d0dcadbc 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -4,6 +4,7 @@ class Pref_Prefs extends Handler_Protected { private $pref_help = []; private $pref_item_map = []; + private $pref_help_bottom = []; private $pref_blacklist = []; private $profile_blacklist = []; @@ -122,8 +123,8 @@ class Pref_Prefs extends Handler_Protected { function changepassword() { - if (defined('_TTRSS_DEMO_INSTANCE')) { - print "ERROR: ".format_error("Disabled in demo version."); + if (Config::get(Config::FORBID_PASSWORD_CHANGES)) { + print "ERROR: ".format_error("Access forbidden."); return; } @@ -235,7 +236,7 @@ class Pref_Prefs extends Handler_Protected { $tpl->setVariable('LOGIN', $row["login"]); $tpl->setVariable('NEWMAIL', $email); - $tpl->setVariable('TTRSS_HOST', SELF_URL_PATH); + $tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH)); $tpl->addBlock('message'); @@ -267,39 +268,12 @@ class Pref_Prefs extends Handler_Protected { AND owner_uid = :uid"); $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]); - $this->initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); + $this->_init_user_prefs($_SESSION["uid"], $_SESSION["profile"]); echo __("Your preferences are now set to default values."); } - function index() { - - global $access_level_names; - - $_SESSION["prefs_op_result"] = ""; - - print "<div dojoType='dijit.layout.AccordionContainer' region='center'>"; - print "<div dojoType='dijit.layout.AccordionPane' - title=\"<i class='material-icons'>person</i> ".__('Personal data / Authentication')."\">"; - - print "<div dojoType='dijit.layout.TabContainer'>"; - print "<div dojoType='dijit.layout.ContentPane' title=\"".__('Personal data')."\">"; - - print "<form dojoType='dijit.form.Form' id='changeUserdataForm'>"; - - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Saving data...', true); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - notify_callback2(transport); - } }); - - } - </script>"; + private function index_auth_personal() { $sth = $this->pdo->prepare("SELECT email,full_name,otp_enabled, access_level FROM ttrss_users @@ -311,179 +285,196 @@ class Pref_Prefs extends Handler_Protected { $full_name = htmlspecialchars($row["full_name"]); $otp_enabled = sql_bool_to_bool($row["otp_enabled"]); - print "<fieldset>"; - print "<label>".__('Full name:')."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' name='full_name' required='1' value='$full_name'>"; - print "</fieldset>"; + ?> + <form dojoType='dijit.form.Form'> - print "<fieldset>"; - print "<label>".__('E-mail:')."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' name='email' required='1' value='$email'>"; - print "</fieldset>"; - - if (!SINGLE_USER_MODE && !empty($_SESSION["hide_hello"])) { - - $access_level = $row["access_level"]; - print "<fieldset>"; - print "<label>".__('Access level:')."</label>"; - print $access_level_names[$access_level]; - print "</fieldset>"; - } + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "changeemail") ?> - print_hidden("op", "pref-prefs"); - print_hidden("method", "changeemail"); + <script type="dojo/method" event="onSubmit" args="evt"> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Saving data...', true); + xhr.post("backend.php", this.getValues(), (reply) => { + Notify.info(reply); + }) + } + </script> - print "<hr/>"; + <fieldset> + <label><?= __('Full name:') ?></label> + <input dojoType='dijit.form.ValidationTextBox' name='full_name' required='1' value="<?= $full_name ?>"> + </fieldset> - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>". - __("Save data")."</button>"; + <fieldset> + <label><?= __('E-mail:') ?></label> + <input dojoType='dijit.form.ValidationTextBox' name='email' required='1' value="<?= $email ?>"> + </fieldset> - print "</form>"; + <hr/> - print "</div>"; # content pane + <button dojoType='dijit.form.Button' type='submit' class='alt-primary'> + <?= __("Save data") ?> + </button> + </form> + <?php + } + private function index_auth_password() { if ($_SESSION["auth_module"]) { $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); } else { $authenticator = false; } - print "<div dojoType='dijit.layout.ContentPane' title=\"" . __('Password') . "\">"; + $otp_enabled = $this->is_otp_enabled(); if ($authenticator && method_exists($authenticator, "change_password")) { + ?> - print "<div style='display : none' id='pwd_change_infobox'></div>"; - - print "<form dojoType='dijit.form.Form'>"; - - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Changing password...', true); + <div style='display : none' id='pwd_change_infobox'></div> - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (transport.responseText.indexOf('ERROR: ') == 0) { + <form dojoType='dijit.form.Form'> - $('pwd_change_infobox').innerHTML = - transport.responseText.replace('ERROR: ', ''); + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "changepassword") ?> - } else { - $('pwd_change_infobox').innerHTML = - transport.responseText.replace('ERROR: ', ''); + <!-- TODO: return JSON the backend call --> + <script type="dojo/method" event="onSubmit" args="evt"> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Saving data...', true); + xhr.post("backend.php", this.getValues(), (reply) => { + Notify.close(); + if (reply.indexOf('ERROR: ') == 0) { - var warn = $('default_pass_warning'); - if (warn) Element.hide(warn); - } + App.byId('pwd_change_infobox').innerHTML = + reply.replace('ERROR: ', ''); - new Effect.Appear('pwd_change_infobox'); + } else { + App.byId('pwd_change_infobox').innerHTML = + reply.replace('ERROR: ', ''); - }}); - this.reset(); - } - </script>"; + const warn = App.byId('default_pass_warning'); + if (warn) Element.hide(warn); + } - if ($otp_enabled) { - print_notice(__("Changing your current password will disable OTP.")); - } + Element.show('pwd_change_infobox'); + }) + } + </script> - print "<fieldset>"; - print "<label>" . __("Old password:") . "</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='old_password'>"; - print "</fieldset>"; + <?php if ($otp_enabled) { + print_notice(__("Changing your current password will disable OTP.")); + } ?> - print "<fieldset>"; - print "<label>" . __("New password:") . "</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' regexp='^[^<>]+' required='1' name='new_password'>"; - print "</fieldset>"; + <fieldset> + <label><?= __("Old password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='old_password'> + </fieldset> - print "<fieldset>"; - print "<label>" . __("Confirm password:") . "</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' regexp='^[^<>]+' required='1' name='confirm_password'>"; - print "</fieldset>"; + <fieldset> + <label><?= __("New password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' type='password' regexp='^[^<>]+' required='1' name='new_password'> + </fieldset> - print_hidden("op", "pref-prefs"); - print_hidden("method", "changepassword"); + <fieldset> + <label><?= __("Confirm password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' type='password' regexp='^[^<>]+' required='1' name='confirm_password'> + </fieldset> - print "<hr/>"; + <hr/> - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>" . - __("Change password") . "</button>"; + <button dojoType='dijit.form.Button' type='submit' class='alt-primary'> + <?= __("Change password") ?> + </button> + </form> - print "</form>"; + <?php } else { print_notice(T_sprintf("Authentication module used for this session (<b>%s</b>) does not provide an ability to set passwords.", $_SESSION["auth_module"])); } + } - print "</div>"; # content pane + private function index_auth_app_passwords() { + print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP."); + ?> - print "<div dojoType='dijit.layout.ContentPane' title=\"" . __('App passwords') . "\">"; + <div id='app_passwords_holder'> + <?php $this->appPasswordList() ?> + </div> - print_notice("You can create separate passwords for API clients. Using one is required if you enable OTP."); + <hr> - print "<div id='app_passwords_holder'>"; - $this->appPasswordList(); - print "</div>"; + <button style='float : left' class='alt-primary' dojoType='dijit.form.Button' onclick="Helpers.AppPasswords.generate()"> + <?= __('Generate new password') ?> + </button> - print "<hr>"; + <button style='float : left' class='alt-danger' dojoType='dijit.form.Button' + onclick="Helpers.AppPasswords.removeSelected()"> + <?= __('Remove selected passwords') ?> + </button> - print "<button style='float : left' class='alt-primary' dojoType='dijit.form.Button' - onclick=\"Helpers.AppPasswords.generate()\">" . - __('Generate new password') . "</button> "; + <?php + } - print "<button style='float : left' class='alt-danger' dojoType='dijit.form.Button' - onclick=\"Helpers.AppPasswords.removeSelected()\">" . - __('Remove selected passwords') . "</button>"; + private function is_otp_enabled() { + $sth = $this->pdo->prepare("SELECT otp_enabled FROM ttrss_users + WHERE id = ?"); + $sth->execute([$_SESSION["uid"]]); - print "</div>"; # content pane + if ($row = $sth->fetch()) { + return sql_bool_to_bool($row["otp_enabled"]); + } - print "<div dojoType='dijit.layout.ContentPane' title=\"".__('One time passwords / Authenticator')."\">"; + return false; + } - if ($_SESSION["auth_module"] == "auth_internal") { + private function index_auth_2fa() { + $otp_enabled = $this->is_otp_enabled(); + if ($_SESSION["auth_module"] == "auth_internal") { if ($otp_enabled) { - print_warning("One time passwords are currently enabled. Enter your current password below to disable."); + ?> + + <form dojoType='dijit.form.Form'> + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "otpdisable") ?> + + <!-- TODO: return JSON from the backend call --> + <script type="dojo/method" event="onSubmit" args="evt"> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Saving data...', true); + xhr.post("backend.php", this.getValues(), (reply) => { + Notify.close(); + + if (reply.indexOf('ERROR: ') == 0) { + Notify.error(reply.replace('ERROR: ', '')); + } else { + window.location.reload(); + } + }) + } + </script> - print "<form dojoType='dijit.form.Form'>"; - - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Disabling OTP', true); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (transport.responseText.indexOf('ERROR: ') == 0) { - Notify.error(transport.responseText.replace('ERROR: ', '')); - } else { - window.location.reload(); - } - }}); - this.reset(); - } - </script>"; - - print "<fieldset>"; - print "<label>".__("Your password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='password'>"; - print "</fieldset>"; + <fieldset> + <label><?= __("Your password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='password'> + </fieldset> - print_hidden("op", "pref-prefs"); - print_hidden("method", "otpdisable"); + <hr/> - print "<hr/>"; + <button dojoType='dijit.form.Button' type='submit' class='alt-danger'> + <?= __("Disable OTP") ?> + </button> - print "<button dojoType='dijit.form.Button' type='submit'>". - __("Disable OTP")."</button>"; + </form> - print "</form>"; + <?php } else { @@ -492,7 +483,6 @@ class Pref_Prefs extends Handler_Protected { if (function_exists("imagecreatefromstring")) { print "<h3>" . __("Scan the following code by the Authenticator application or copy the key manually") . "</h3>"; - $csrf_token_hash = sha1($_SESSION["csrf_token"]); print "<img alt='otp qr-code' src='backend.php?op=pref-prefs&method=otpqrcode&csrf_token_hash=$csrf_token_hash'>"; } else { @@ -500,108 +490,87 @@ class Pref_Prefs extends Handler_Protected { print "<h3>" . __("Use the following OTP key with a compatible Authenticator application") . "</h3>"; } - print "<form dojoType='dijit.form.Form' id='changeOtpForm'>"; - $otp_secret = $this->otpsecret(); + ?> + + <form dojoType='dijit.form.Form'> + + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "otpenable") ?> + + <fieldset> + <label><?= __("OTP Key:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' disabled='disabled' value="<?= $otp_secret ?>" size='32'> + </fieldset> + + <!-- TODO: return JSON from the backend call --> + <script type="dojo/method" event="onSubmit" args="evt"> + evt.preventDefault(); + if (this.validate()) { + Notify.progress('Saving data...', true); + xhr.post("backend.php", this.getValues(), (reply) => { + Notify.close(); + + if (reply.indexOf('ERROR:') == 0) { + Notify.error(reply.replace('ERROR:', '')); + } else { + window.location.reload(); + } + }) + } + </script> - print "<fieldset>"; - print "<label>".__("OTP Key:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' disabled='disabled' value='$otp_secret' size='32'>"; - print "</fieldset>"; - - print_hidden("op", "pref-prefs"); - print_hidden("method", "otpenable"); - - print "<script type='dojo/method' event='onSubmit' args='evt'> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Saving data...', true); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (transport.responseText.indexOf('ERROR:') == 0) { - Notify.error(transport.responseText.replace('ERROR:', '')); - } else { - window.location.reload(); - } - } }); - - } - </script>"; - - print "<fieldset>"; - print "<label>".__("Your password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' type='password' required='1' - name='password'>"; - print "</fieldset>"; + <fieldset> + <label><?= __("Your password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' type='password' required='1' name='password'> + </fieldset> - print "<fieldset>"; - print "<label>".__("One time password:")."</label>"; - print "<input dojoType='dijit.form.ValidationTextBox' autocomplete='off' - required='1' name='otp'>"; - print "</fieldset>"; + <fieldset> + <label><?= __("One time password:") ?></label> + <input dojoType='dijit.form.ValidationTextBox' autocomplete='off' required='1' name='otp'> + </fieldset> - print "<hr/>"; - print "<button dojoType='dijit.form.Button' type='submit' class='alt-primary'>". - __("Enable OTP")."</button>"; + <hr/> - print "</form>"; + <button dojoType='dijit.form.Button' type='submit' class='alt-primary'> + <?= __("Enable OTP") ?> + </button> + </form> + <?php } - } else { print_notice("OTP is only available when using <b>auth_internal</b> authentication module."); } + } - print "</div>"; # content pane - - print "</div>"; # tab container - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefPrefsAuth"); - - print "</div>"; #pane - - print "<div dojoType='dijit.layout.AccordionPane' selected='true' - title=\"<i class='material-icons'>settings</i> ".__('Preferences')."\">"; - - print "<form dojoType='dijit.form.Form' id='changeSettingsForm'>"; - - print "<script type='dojo/method' event='onSubmit' args='evt, quit'> - if (evt) evt.preventDefault(); - if (this.validate()) { - console.log(dojo.objectToQuery(this.getValues())); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - var msg = transport.responseText; - if (quit) { - document.location.href = 'index.php'; - } else { - if (msg == 'PREFS_NEED_RELOAD') { - window.location.reload(); - } else { - Notify.info(msg); - } - } - } }); - } - </script>"; - - print '<div dojoType="dijit.layout.BorderContainer" gutters="false">'; - - print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; + function index_auth() { + ?> + <div dojoType='dijit.layout.TabContainer'> + <div dojoType='dijit.layout.ContentPane' title="<?= __('Personal data') ?>"> + <?php $this->index_auth_personal() ?> + </div> + <div dojoType='dijit.layout.ContentPane' title="<?= __('Password') ?>"> + <?php $this->index_auth_password() ?> + </div> + <div dojoType='dijit.layout.ContentPane' title="<?= __('App passwords') ?>"> + <?php $this->index_auth_app_passwords() ?> + </div> + <div dojoType='dijit.layout.ContentPane' title="<?= __('Authenticator (OTP)') ?>"> + <?php $this->index_auth_2fa() ?> + </div> + </div> + <?php + } + private function index_prefs_list() { $profile = $_SESSION["profile"] ?? null; if ($profile) { print_notice(__("Some preferences are only available in default profile.")); - - $this->initialize_user_prefs($_SESSION["uid"], $profile); + $this->_init_user_prefs($_SESSION["uid"], $profile); } else { - $this->initialize_user_prefs($_SESSION["uid"]); + $this->_init_user_prefs($_SESSION["uid"]); } $prefs_available = []; @@ -632,7 +601,7 @@ class Pref_Prefs extends Handler_Protected { } $pref_name = $line["pref_name"]; - $short_desc = $this->getShortDesc($pref_name); + $short_desc = $this->_get_short_desc($pref_name); if (!$short_desc) continue; @@ -640,7 +609,7 @@ class Pref_Prefs extends Handler_Protected { $prefs_available[$pref_name] = [ 'type_name' => $line["type_name"], 'value' => $line['value'], - 'help_text' => $this->getHelpText($pref_name), + 'help_text' => $this->_get_help_text($pref_name), 'short_desc' => $short_desc ]; } @@ -656,11 +625,13 @@ class Pref_Prefs extends Handler_Protected { continue; } - if ($pref_name == "DEFAULT_SEARCH_LANGUAGE" && DB_TYPE != "pgsql") { + if ($pref_name == "DEFAULT_SEARCH_LANGUAGE" && Config::get(Config::DB_TYPE) != "pgsql") { continue; } - if (isset($prefs_available[$pref_name]) &&$item = $prefs_available[$pref_name]) { + if (isset($prefs_available[$pref_name])) { + + $item = $prefs_available[$pref_name]; print "<fieldset class='prefs'>"; @@ -672,14 +643,14 @@ class Pref_Prefs extends Handler_Protected { $type_name = $item['type_name']; if ($pref_name == "USER_LANGUAGE") { - print_select_hash($pref_name, $value, get_translations(), - "style='width : 220px; margin : 0px' dojoType='fox.form.Select'"); + print \Controls\select_hash($pref_name, $value, get_translations(), + ["style" => 'width : 220px; margin : 0px']); } else if ($pref_name == "USER_TIMEZONE") { $timezones = explode("\n", file_get_contents("lib/timezones.txt")); - print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"'); + print \Controls\select_tag($pref_name, $value, $timezones, ["dojoType" => "dijit.form.FilteringSelect"]); } else if ($pref_name == "BLACKLISTED_TAGS") { # TODO: other possible <textarea> prefs go here @@ -715,7 +686,7 @@ class Pref_Prefs extends Handler_Protected { print "</select>"; print " <button dojoType=\"dijit.form.Button\" class='alt-info' - onclick=\"Helpers.customizeCSS()\">" . __('Customize') . "</button>"; + onclick=\"Helpers.Prefs.customizeCSS()\">" . __('Customize') . "</button>"; print " <button dojoType='dijit.form.Button' onclick='window.open(\"https://tt-rss.org/wiki/Themes\")'> <i class='material-icons'>open_in_new</i> ".__("More themes...")."</button>"; @@ -724,70 +695,60 @@ class Pref_Prefs extends Handler_Protected { global $update_intervals_nodefault; - print_select_hash($pref_name, $value, $update_intervals_nodefault, - 'dojoType="fox.form.Select"'); + print \Controls\select_hash($pref_name, $value, $update_intervals_nodefault); + } else if ($pref_name == "DEFAULT_SEARCH_LANGUAGE") { - print_select($pref_name, $value, Pref_Feeds::get_ts_languages(), - 'dojoType="fox.form.Select"'); + print \Controls\select_tag($pref_name, $value, Pref_Feeds::get_ts_languages()); } else if ($type_name == "bool") { array_push($listed_boolean_prefs, $pref_name); - $checked = ($value == "true") ? "checked=\"checked\"" : ""; - - if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { - $disabled = "disabled=\"1\""; - $checked = "checked=\"checked\""; + if ($pref_name == "PURGE_UNREAD_ARTICLES" && Config::get(Config::FORCE_ARTICLE_PURGE) != 0) { + $is_disabled = true; + $is_checked = true; } else { - $disabled = ""; + $is_disabled = false; + $is_checked = ($value == "true"); } - print "<input type='checkbox' name='$pref_name' $checked $disabled - dojoType='dijit.form.CheckBox' id='CB_$pref_name' value='1'>"; + print \Controls\checkbox_tag($pref_name, $is_checked, "true", + ["disabled" => $is_disabled], "CB_$pref_name"); } else if (in_array($pref_name, ['FRESH_ARTICLE_MAX_AGE', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT'])) { - $regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : ''; - - if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) { - $disabled = "disabled='1'"; - $value = FORCE_ARTICLE_PURGE; + if ($pref_name == "PURGE_OLD_DAYS" && Config::get(Config::FORCE_ARTICLE_PURGE) != 0) { + $attributes = ["disabled" => true, "required" => true]; + $value = Config::get(Config::FORCE_ARTICLE_PURGE); } else { - $disabled = ""; + $attributes = ["required" => true]; } if ($type_name == 'integer') - print "<input dojoType=\"dijit.form.NumberSpinner\" - required='1' $disabled - name=\"$pref_name\" value=\"$value\">"; + print \Controls\number_spinner_tag($pref_name, $value, $attributes); else - print "<input dojoType=\"dijit.form.TextBox\" - required='1' $regexp $disabled - name=\"$pref_name\" value=\"$value\">"; + print \Controls\input_tag($pref_name, $value, "text", $attributes); } else if ($pref_name == "SSL_CERT_SERIAL") { - print "<input dojoType='dijit.form.ValidationTextBox' - id='SSL_CERT_SERIAL' readonly='1' - name=\"$pref_name\" value=\"$value\">"; + print \Controls\input_tag($pref_name, $value, "text", ["readonly" => true], "SSL_CERT_SERIAL"); $cert_serial = htmlspecialchars(get_ssl_certificate_id()); - $has_serial = ($cert_serial) ? "false" : "true"; + $has_serial = ($cert_serial) ? true : false; - print "<button dojoType='dijit.form.Button' disabled='$has_serial' - onclick=\"dijit.byId('SSL_CERT_SERIAL').attr('value', '$cert_serial')\">" . - __('Register') . "</button>"; + print \Controls\button_tag(__('Register'), "", [ + "disabled" => !$has_serial, + "onclick" => "dijit.byId('SSL_CERT_SERIAL').attr('value', '$cert_serial')"]); - print "<button dojoType='dijit.form.Button' class='alt-danger' - onclick=\"dijit.byId('SSL_CERT_SERIAL').attr('value', '')\">" . - __('Clear') . "</button>"; + print \Controls\button_tag(__('Clear'), "", [ + "class" => "alt-danger", + "onclick" => "dijit.byId('SSL_CERT_SERIAL').attr('value', '')"]); - print "<button dojoType='dijit.form.Button' class='alt-info' - onclick='window.open(\"https://tt-rss.org/wiki/SSL%20Certificate%20Authentication\")'> - <i class='material-icons'>help</i> ".__("More info...")."</button>"; + print \Controls\button_tag(\Controls\icon("help") . " " . __("More info..."), "", [ + "class" => "alt-info", + "onclick" => "window.open('https://tt-rss.org/wiki/SSL%20Certificate%20Authentication')"]); } else if ($pref_name == 'DIGEST_PREFERRED_TIME') { print "<input dojoType=\"dijit.form.ValidationTextBox\" @@ -808,204 +769,252 @@ class Pref_Prefs extends Handler_Protected { } } } + print \Controls\hidden_tag("boolean_prefs", htmlspecialchars(join(",", $listed_boolean_prefs))); + } - $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs)); - - print_hidden("boolean_prefs", "$listed_boolean_prefs"); - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefPrefsPrefsInside"); - - print '</div>'; # inside pane - print '<div dojoType="dijit.layout.ContentPane" region="bottom">'; - - print_hidden("op", "pref-prefs"); - print_hidden("method", "saveconfig"); + private function index_prefs() { + ?> + <form dojoType='dijit.form.Form' id='changeSettingsForm'> + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "saveconfig") ?> - print "<div dojoType=\"fox.form.ComboButton\" type=\"submit\" class=\"alt-primary\"> - <span>".__('Save configuration')."</span> - <div dojoType=\"dijit.DropDownMenu\"> - <div dojoType=\"dijit.MenuItem\" - onclick=\"dijit.byId('changeSettingsForm').onSubmit(null, true)\">". - __("Save and exit preferences")."</div> + <script type="dojo/method" event="onSubmit" args="evt, quit"> + if (evt) evt.preventDefault(); + if (this.validate()) { + xhr.post("backend.php", this.getValues(), (reply) => { + if (quit) { + document.location.href = 'index.php'; + } else { + if (reply == 'PREFS_NEED_RELOAD') { + window.location.reload(); + } else { + Notify.info(reply); + } + } + }) + } + </script> + + <div dojoType="dijit.layout.BorderContainer" gutters="false"> + <div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto"> + <?php $this->index_prefs_list() ?> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefPrefsPrefsInside") ?> + </div> + <div dojoType="dijit.layout.ContentPane" region="bottom"> + + <div dojoType="fox.form.ComboButton" type="submit" class="alt-primary"> + <span><?= __('Save configuration') ?></span> + <div dojoType="dijit.DropDownMenu"> + <div dojoType="dijit.MenuItem" onclick="dijit.byId('changeSettingsForm').onSubmit(null, true)"> + <?= __("Save and exit preferences") ?> + </div> + </div> + </div> + + <button dojoType="dijit.form.Button" onclick="return Helpers.Profiles.edit()"> + <?= __('Manage profiles') ?> + </button> + + <button dojoType="dijit.form.Button" class="alt-danger" onclick="return Helpers.Prefs.confirmReset()"> + <?= __('Reset to defaults') ?> + </button> + + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefPrefsPrefsOutside") ?> + </div> </div> - </div>"; - - print "<button dojoType=\"dijit.form.Button\" onclick=\"return Helpers.editProfiles()\">". - __('Manage profiles')."</button> "; - - print "<button dojoType=\"dijit.form.Button\" class=\"alt-danger\" onclick=\"return Helpers.confirmReset()\">". - __('Reset to defaults')."</button>"; - - print " "; - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefPrefsPrefsOutside"); - - print "</form>"; - print '</div>'; # inner pane - print '</div>'; # border container - - print "</div>"; #pane - - print "<div dojoType=\"dijit.layout.AccordionPane\" - title=\"<i class='material-icons'>extension</i> ".__('Plugins')."\">"; - - print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">"; - - print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\"> - evt.preventDefault(); - if (this.validate()) { - Notify.progress('Saving data...', true); - - new Ajax.Request('backend.php', { - parameters: dojo.objectToQuery(this.getValues()), - onComplete: function(transport) { - Notify.close(); - if (confirm(__('Selected plugins have been enabled. Reload?'))) { - window.location.reload(); - } - } }); - - } - </script>"; - - print_hidden("op", "pref-prefs"); - print_hidden("method", "setplugins"); - - print '<div dojoType="dijit.layout.BorderContainer" gutters="false">'; - print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; - - if (ini_get("open_basedir") && function_exists("curl_init") && !defined("NO_CURL")) { - print_warning("Your PHP configuration has open_basedir restrictions enabled. Some plugins relying on CURL for functionality may not work correctly."); - } - - if ($_SESSION["safe_mode"]) { - print_error("You have logged in using safe mode, no user plugins will be actually enabled until you login again."); - } - - $feed_handler_whitelist = [ "Af_Comics" ]; - - $feed_handlers = array_merge( - PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FEED_FETCHED), - PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FEED_PARSED), - PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FETCH_FEED)); - - $feed_handlers = array_filter($feed_handlers, function($plugin) use ($feed_handler_whitelist) { - return in_array(get_class($plugin), $feed_handler_whitelist) === false; }); - - if (count($feed_handlers) > 0) { - print_error( - T_sprintf("The following plugins use per-feed content hooks. This may cause excessive data usage and origin server load resulting in a ban of your instance: <b>%s</b>" , - implode(", ", array_map(function($plugin) { return get_class($plugin); }, $feed_handlers)) - ) . " (<a href='https://tt-rss.org/wiki/FeedHandlerPlugins' target='_blank'>".__("More info...")."</a>)" - ); - } + </form> + <?php + } - print "<h2>".__("System plugins")."</h2>"; + private function index_plugins_system() { print_notice("System plugins are enabled in <strong>config.php</strong> for all users."); - $system_enabled = array_map("trim", explode(",", PLUGINS)); - $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS"))); + $system_enabled = array_map("trim", explode(",", (string)Config::get(Config::PLUGINS))); $tmppluginhost = new PluginHost(); $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"], true); - //$tmppluginhost->load_data(true); foreach ($tmppluginhost->get_plugins() as $name => $plugin) { $about = $plugin->about(); if ($about[3] ?? false) { - if (in_array($name, $system_enabled)) { - $checked = "checked='1'"; - } else { - $checked = ""; - } - - print "<fieldset class='prefs plugin'> - <label>$name:</label> - <label class='checkbox description text-muted' id='PLABEL-$name'> - <input disabled='1' - dojoType='dijit.form.CheckBox' $checked type='checkbox'> - ".htmlspecialchars($about[1]). "</label>"; - - if ($about[4] ?? false) { - print "<button dojoType='dijit.form.Button' class='alt-info' - onclick='window.open(\"".htmlspecialchars($about[4])."\")'> - <i class='material-icons'>open_in_new</i> ".__("More info...")."</button>"; - } - - print "<div dojoType='dijit.Tooltip' connectId='PLABEL-$name' position='after'>". - htmlspecialchars(T_sprintf("v%.2f, by %s", $about[0], $about[2])). - "</div>"; - - print "</fieldset>"; - + $is_checked = in_array($name, $system_enabled) ? "checked" : ""; + ?> + <fieldset class='prefs plugin'> + <label><?= $name ?>:</label> + <label class='checkbox description text-muted' id="PLABEL-<?= htmlspecialchars($name) ?>"> + <input disabled='1' dojoType='dijit.form.CheckBox' <?= $is_checked ?> type='checkbox'><?= htmlspecialchars($about[1]) ?> + </label> + + <?php if ($about[4] ?? false) { ?> + <button dojoType='dijit.form.Button' class='alt-info' + onclick='window.open("<?= htmlspecialchars($about[4]) ?>")'> + <i class='material-icons'>open_in_new</i> <?= __("More info...") ?></button> + <?php } ?> + + <div dojoType='dijit.Tooltip' connectId='PLABEL-<?= htmlspecialchars($name) ?>' position='after'> + <?= htmlspecialchars(T_sprintf("v%.2f, by %s", $about[0], $about[2])) ?> + </div> + </fieldset> + <?php } } + } - print "<h2>".__("User plugins")."</h2>"; + private function index_plugins_user() { + $system_enabled = array_map("trim", explode(",", (string)Config::get(Config::PLUGINS))); + $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS"))); + + $tmppluginhost = new PluginHost(); + $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"], true); foreach ($tmppluginhost->get_plugins() as $name => $plugin) { $about = $plugin->about(); if (empty($about[3]) || $about[3] == false) { - $checked = ""; - $disabled = ""; + $is_checked = ""; + $is_disabled = ""; if (in_array($name, $system_enabled)) { - $checked = "checked='1'"; - $disabled = "disabled='1'"; + $is_checked = "checked='1'"; + $is_disabled = "disabled='1'"; } else if (in_array($name, $user_enabled)) { - $checked = "checked='1'"; + $is_checked = "checked='1'"; } - print "<fieldset class='prefs plugin'> - <label>$name:</label> - <label class='checkbox description text-muted' id='PLABEL-$name'> - <input name='plugins[]' value='$name' dojoType='dijit.form.CheckBox' $checked $disabled type='checkbox'> - ".htmlspecialchars($about[1])."</label>"; - - if (count($tmppluginhost->get_all($plugin)) > 0) { - if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) { - print " <button dojoType='dijit.form.Button' - onclick=\"Helpers.clearPluginData('$name')\"> - <i class='material-icons'>clear</i> ".__("Clear data")."</button>"; + ?> + + <fieldset class='prefs plugin'> + <label><?= $name ?>:</label> + <label class='checkbox description text-muted' id="PLABEL-<?= htmlspecialchars($name) ?>"> + <input name='plugins[]' value="<?= htmlspecialchars($name) ?>" + dojoType='dijit.form.CheckBox' <?= $is_checked ?> <?= $is_disabled ?> type='checkbox'> + <?= htmlspecialchars($about[1]) ?> + </input> + </label> + + <?php if (count($tmppluginhost->get_all($plugin)) > 0) { + if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) { ?> + <button dojoType='dijit.form.Button' + onclick='Helpers.Prefs.clearPluginData("<?= htmlspecialchars($name) ?>")'> + <i class='material-icons'>clear</i> <?= __("Clear data") ?></button> + <?php } + } ?> + + <?php if ($about[4] ?? false) { ?> + <button dojoType='dijit.form.Button' class='alt-info' + onclick='window.open("<?= htmlspecialchars($about[4]) ?>")'> + <i class='material-icons'>open_in_new</i> <?= __("More info...") ?></button> + <?php } ?> + + <div dojoType='dijit.Tooltip' connectId="PLABEL-<?= htmlspecialchars($name) ?>" position='after'> + <?= htmlspecialchars(T_sprintf("v%.2f, by %s", $about[0], $about[2])) ?> + </div> + + </fieldset> + <?php + } + } + } + + function index_plugins() { + ?> + <form dojoType="dijit.form.Form" id="changePluginsForm"> + <script type="dojo/method" event="onSubmit" args="evt"> + evt.preventDefault(); + if (this.validate()) { + xhr.post("backend.php", this.getValues(), () => { + Notify.close(); + if (confirm(__('Selected plugins have been enabled. Reload?'))) { + window.location.reload(); + } + }) } - } + </script> - if ($about[4] ?? false) { - print " <button dojoType='dijit.form.Button' class='alt-info' - onclick='window.open(\"".htmlspecialchars($about[4])."\")'> - <i class='material-icons'>open_in_new</i> ".__("More info...")."</button>"; - } + <?= \Controls\hidden_tag("op", "pref-prefs") ?> + <?= \Controls\hidden_tag("method", "setplugins") ?> - print "<div dojoType='dijit.Tooltip' connectId='PLABEL-$name' position='after'>". - htmlspecialchars(T_sprintf("v%.2f, by %s", $about[0], $about[2])). - "</div>"; + <div dojoType="dijit.layout.BorderContainer" gutters="false"> + <div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto"> + <?php + if (!empty($_SESSION["safe_mode"])) { + print_error("You have logged in using safe mode, no user plugins will be actually enabled until you login again."); + } - print "</fieldset>"; - } - } + $feed_handler_whitelist = [ "Af_Comics" ]; - print "</div>"; #content-pane - print '<div dojoType="dijit.layout.ContentPane" region="bottom">'; + $feed_handlers = array_merge( + PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FEED_FETCHED), + PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FEED_PARSED), + PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FETCH_FEED)); - print "<button dojoType='dijit.form.Button' style='float : left' class='alt-info' onclick='window.open(\"https://tt-rss.org/wiki/Plugins\")'> - <i class='material-icons'>help</i> ".__("More info...")."</button>"; + $feed_handlers = array_filter($feed_handlers, function($plugin) use ($feed_handler_whitelist) { + return in_array(get_class($plugin), $feed_handler_whitelist) === false; }); - print "<button dojoType='dijit.form.Button' class='alt-primary' type='submit'>". - __("Enable selected plugins")."</button>"; - print "</div>"; #pane + if (count($feed_handlers) > 0) { + print_error( + T_sprintf("The following plugins use per-feed content hooks. This may cause excessive data usage and origin server load resulting in a ban of your instance: <b>%s</b>" , + implode(", ", array_map(function($plugin) { return get_class($plugin); }, $feed_handlers)) + ) . " (<a href='https://tt-rss.org/wiki/FeedHandlerPlugins' target='_blank'>".__("More info...")."</a>)" + ); + } + ?> - print "</div>"; #pane - print "</div>"; #border-container + <h2><?= __("System plugins") ?></h2> - print "</form>"; + <?php $this->index_plugins_system() ?> - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefPrefs"); + <h2><?= __("User plugins") ?></h2> - print "</div>"; #container + <?php $this->index_plugins_user() ?> + </div> + <div dojoType="dijit.layout.ContentPane" region="bottom"> + <button dojoType='dijit.form.Button' style='float : left' class='alt-info' onclick='window.open("https://tt-rss.org/wiki/Plugins")'> + <i class='material-icons'>help</i> <?= __("More info...") ?> + </button> + <button dojoType='dijit.form.Button' class='alt-primary' type='submit'> + <?= __("Enable selected plugins") ?> + </button> + </div> + </div> + </form> + <?php + } + + function index() { + ?> + <div dojoType='dijit.layout.AccordionContainer' region='center'> + <div dojoType='dijit.layout.AccordionPane' title="<i class='material-icons'>person</i> <?= __('Personal data / Authentication')?>"> + <script type='dojo/method' event='onSelected' args='evt'> + if (this.domNode.querySelector('.loading')) + window.setTimeout(() => { + xhr.post("backend.php", {op: 'pref-prefs', method: 'index_auth'}, (reply) => { + this.attr('content', reply); + }); + }, 100); + </script> + <span class='loading'><?= __("Loading, please wait...") ?></span> + </div> + <div dojoType='dijit.layout.AccordionPane' selected='true' title="<i class='material-icons'>settings</i> <?= __('Preferences') ?>"> + <?php $this->index_prefs() ?> + </div> + <div dojoType='dijit.layout.AccordionPane' title="<i class='material-icons'>extension</i> <?= __('Plugins') ?>"> + <script type='dojo/method' event='onSelected' args='evt'> + if (this.domNode.querySelector('.loading')) + window.setTimeout(() => { + xhr.post("backend.php", {op: 'pref-prefs', method: 'index_plugins'}, (reply) => { + this.attr('content', reply); + }); + }, 200); + </script> + <span class='loading'><?= __("Loading, please wait...") ?></span> + </div> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefPrefs") ?> + </div> + <?php } function toggleAdvanced() { @@ -1054,7 +1063,7 @@ class Pref_Prefs extends Handler_Protected { } } else { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } @@ -1126,7 +1135,7 @@ class Pref_Prefs extends Handler_Protected { $tpl->readTemplateFromFile("otp_disabled_template.txt"); $tpl->setVariable('LOGIN', $row["login"]); - $tpl->setVariable('TTRSS_HOST', SELF_URL_PATH); + $tpl->setVariable('TTRSS_HOST', Config::get(Config::SELF_URL_PATH)); $tpl->addBlock('message'); @@ -1171,112 +1180,107 @@ class Pref_Prefs extends Handler_Protected { print json_encode(["value" => $value]); } - function editPrefProfiles() { - print "<div dojoType='fox.Toolbar'>"; - - print "<div dojoType='fox.form.DropDownButton'>". - "<span>" . __('Select')."</span>"; - print "<div dojoType='dijit.Menu' style='display: none'>"; - print "<div onclick=\"Tables.select('pref-profiles-list', true)\" - dojoType='dijit.MenuItem'>".__('All')."</div>"; - print "<div onclick=\"Tables.select('pref-profiles-list', false)\" - dojoType='dijit.MenuItem'>".__('None')."</div>"; - print "</div></div>"; - - print "<div style='float : right'>"; - - print "<input name='newprofile' dojoType='dijit.form.ValidationTextBox' - required='1'> - <button dojoType='dijit.form.Button' - onclick=\"dijit.byId('profileEditDlg').addProfile()\">". - __('Create profile')."</button></div>"; - - print "</div>"; + function activateprofile() { + $_SESSION["profile"] = (int) clean($_REQUEST["id"]); - $sth = $this->pdo->prepare("SELECT title,id FROM ttrss_settings_profiles - WHERE owner_uid = ? ORDER BY title"); - $sth->execute([$_SESSION['uid']]); + // default value + if (!$_SESSION["profile"]) $_SESSION["profile"] = null; + } - print "<form onsubmit='return false'>"; + function remprofiles() { + $ids = explode(",", clean($_REQUEST["ids"])); - print "<div class='panel panel-scrollable'>"; + foreach ($ids as $id) { + if ($_SESSION["profile"] != $id) { + $sth = $this->pdo->prepare("DELETE FROM ttrss_settings_profiles WHERE id = ? AND + owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); + } + } + } - print "<table width='100%' id='pref-profiles-list'>"; + function addprofile() { + $title = clean($_REQUEST["title"]); - print "<tr>"; # data-row-id='0' <-- no point, shouldn't be removed + if ($title) { + $this->pdo->beginTransaction(); - print "<td><input onclick='Tables.onRowChecked(this);' dojoType='dijit.form.CheckBox' type='checkbox'></td>"; + $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles + WHERE title = ? AND owner_uid = ?"); + $sth->execute([$title, $_SESSION['uid']]); - if (!isset($_SESSION["profile"])) { - $is_active = __("(active)"); - } else { - $is_active = ""; - } + if (!$sth->fetch()) { - print "<td width='100%'><span>" . __("Default profile") . " $is_active</span></td>"; + $sth = $this->pdo->prepare("INSERT INTO ttrss_settings_profiles (title, owner_uid) + VALUES (?, ?)"); - print "</tr>"; + $sth->execute([$title, $_SESSION['uid']]); - while ($line = $sth->fetch()) { + $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE + title = ? AND owner_uid = ?"); + $sth->execute([$title, $_SESSION['uid']]); - $profile_id = $line["id"]; + if ($row = $sth->fetch()) { + $profile_id = $row['id']; - print "<tr data-row-id='$profile_id'>"; + if ($profile_id) { + Pref_Prefs::_init_user_prefs($_SESSION["uid"], $profile_id); + } + } + } - $edit_title = htmlspecialchars($line["title"]); + $this->pdo->commit(); + } + } - print "<td><input onclick='Tables.onRowChecked(this);' dojoType='dijit.form.CheckBox' type='checkbox'></td>"; + function saveprofile() { + $id = clean($_REQUEST["id"]); + $title = clean($_REQUEST["title"]); - if (isset($_SESSION["profile"]) && $_SESSION["profile"] == $line["id"]) { - $is_active = __("(active)"); - } else { - $is_active = ""; - } + if ($id == 0) { + print __("Default profile"); + return; + } - print "<td><span dojoType='dijit.InlineEditBox' - width='300px' autoSave='false' - profile-id='$profile_id'>" . $edit_title . - "<script type='dojo/method' event='onChange' args='item'> - var elem = this; - dojo.xhrPost({ - url: 'backend.php', - content: {op: 'rpc', method: 'saveprofile', - value: this.value, - id: this.srcNodeRef.getAttribute('profile-id')}, - load: function(response) { - elem.attr('value', response); - } - }); - </script> - </span> $is_active</td>"; + if ($title) { + $sth = $this->pdo->prepare("UPDATE ttrss_settings_profiles + SET title = ? WHERE id = ? AND + owner_uid = ?"); - print "</tr>"; + $sth->execute([$title, $id, $_SESSION['uid']]); + print $title; } + } - print "</table>"; - print "</div>"; + // TODO: this maybe needs to be unified with Public::getProfiles() + function getProfiles() { + $rv = []; - print "<footer> - <button style='float : left' class='alt-danger' dojoType='dijit.form.Button' onclick='App.dialogOf(this).removeSelected()'>". - __('Remove selected profiles')."</button> - <button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick='App.dialogOf(this).execute()'>". - __('Activate profile')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button>"; - print "</footer>"; + $sth = $this->pdo->prepare("SELECT title,id FROM ttrss_settings_profiles + WHERE owner_uid = ? ORDER BY title"); + $sth->execute([$_SESSION['uid']]); - print "</form>"; + array_push($rv, ["title" => __("Default profile"), + "id" => 0, + "active" => empty($_SESSION["profile"]) + ]); + while ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + $row["active"] = isset($_SESSION["profile"]) && $_SESSION["profile"] == $row["id"]; + array_push($rv, $row); + }; + + print json_encode($rv); } - private function getShortDesc($pref_name) { + private function _get_short_desc($pref_name) { if (isset($this->pref_help[$pref_name][0])) { return $this->pref_help[$pref_name][0]; } return ""; } - private function getHelpText($pref_name) { + private function _get_help_text($pref_name) { if (isset($this->pref_help[$pref_name][1])) { return $this->pref_help[$pref_name][1]; } @@ -1284,56 +1288,54 @@ class Pref_Prefs extends Handler_Protected { } private function appPasswordList() { - print "<div dojoType='fox.Toolbar'>"; - print "<div dojoType='fox.form.DropDownButton'>" . - "<span>" . __('Select') . "</span>"; - print "<div dojoType='dijit.Menu' style='display: none'>"; - print "<div onclick=\"Tables.select('app-password-list', true)\" - dojoType=\"dijit.MenuItem\">" . __('All') . "</div>"; - print "<div onclick=\"Tables.select('app-password-list', false)\" - dojoType=\"dijit.MenuItem\">" . __('None') . "</div>"; - print "</div></div>"; - print "</div>"; #toolbar - - print "<div class='panel panel-scrollable'>"; - print "<table width='100%' id='app-password-list'>"; - print "<tr>"; - print "<th width='2%'></th>"; - print "<th align='left'>".__("Description")."</th>"; - print "<th align='right'>".__("Created")."</th>"; - print "<th align='right'>".__("Last used")."</th>"; - print "</tr>"; - - $sth = $this->pdo->prepare("SELECT id, title, created, last_used - FROM ttrss_app_passwords WHERE owner_uid = ?"); - $sth->execute([$_SESSION['uid']]); - - while ($row = $sth->fetch()) { - - $row_id = $row["id"]; - - print "<tr data-row-id='$row_id'>"; - - print "<td align='center'> - <input onclick='Tables.onRowChecked(this)' dojoType='dijit.form.CheckBox' type='checkbox'></td>"; - print "<td>" . htmlspecialchars($row["title"]) . "</td>"; - - print "<td align='right' class='text-muted'>"; - print TimeHelper::make_local_datetime($row['created'], false); - print "</td>"; - - print "<td align='right' class='text-muted'>"; - print TimeHelper::make_local_datetime($row['last_used'], false); - print "</td>"; - - print "</tr>"; - } - - print "</table>"; - print "</div>"; + ?> + <div dojoType='fox.Toolbar'> + <div dojoType='fox.form.DropDownButton'> + <span><?= __('Select') ?></span> + <div dojoType='dijit.Menu' style='display: none'> + <div onclick="Tables.select('app-password-list', true)" + dojoType="dijit.MenuItem"><?= __('All') ?></div> + <div onclick="Tables.select('app-password-list', false)" + dojoType="dijit.MenuItem"><?= __('None') ?></div> + </div> + </div> + </div> + + <div class='panel panel-scrollable'> + <table width='100%' id='app-password-list'> + <tr> + <th width='2%'> </th> + <th align='left'><?= __("Description") ?></th> + <th align='right'><?= __("Created") ?></th> + <th align='right'><?= __("Last used") ?></th> + </tr> + <?php + $sth = $this->pdo->prepare("SELECT id, title, created, last_used + FROM ttrss_app_passwords WHERE owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); + + while ($row = $sth->fetch()) { ?> + <tr data-row-id='<?= $row['id'] ?>'> + <td align='center'> + <input onclick='Tables.onRowChecked(this)' dojoType='dijit.form.CheckBox' type='checkbox'> + </td> + <td> + <?= htmlspecialchars($row["title"]) ?> + </td> + <td align='right' class='text-muted'> + <?= TimeHelper::make_local_datetime($row['created'], false) ?> + </td> + <td align='right' class='text-muted'> + <?= TimeHelper::make_local_datetime($row['last_used'], false) ?> + </td> + </tr> + <?php } ?> + </table> + </div> + <?php } - private function encryptAppPassword($password) { + private function _encrypt_app_password($password) { $salt = substr(bin2hex(get_random_bytes(24)), 0, 24); return "SSHA-512:".hash('sha512', $salt . $password). ":$salt"; @@ -1352,7 +1354,7 @@ class Pref_Prefs extends Handler_Protected { function generateAppPassword() { $title = clean($_REQUEST['title']); $new_password = make_password(16); - $new_password_hash = $this->encryptAppPassword($new_password); + $new_password_hash = $this->_encrypt_app_password($new_password); print_warning(T_sprintf("Generated password <strong>%s</strong> for %s. Please remember it for future reference.", $new_password, $title)); @@ -1366,7 +1368,7 @@ class Pref_Prefs extends Handler_Protected { $this->appPasswordList(); } - static function initialize_user_prefs($uid, $profile = false) { + static function _init_user_prefs($uid, $profile = false) { if (get_schema_version() < 63) $profile_qpart = ""; diff --git a/classes/pref/system.php b/classes/pref/system.php index d91339698..67f7133c6 100644 --- a/classes/pref/system.php +++ b/classes/pref/system.php @@ -1,20 +1,9 @@ <?php -class Pref_System extends Handler_Protected { +class Pref_System extends Handler_Administrative { private $log_page_limit = 15; - function before($method) { - if (parent::before($method)) { - if ($_SESSION["access_level"] < 10) { - print __("Your access level is insufficient to open this tab."); - return false; - } - return true; - } - return false; - } - function csrf_ignore($method) { $csrf_ignored = array("index"); @@ -25,7 +14,16 @@ class Pref_System extends Handler_Protected { $this->pdo->query("DELETE FROM ttrss_error_log"); } - private function log_viewer(int $page, int $severity) { + function getphpinfo() { + ob_start(); + phpinfo(); + $info = ob_get_contents(); + ob_end_clean(); + + print preg_replace( '%^.*<body>(.*)</body>.*$%ms','$1', (string)$info); + } + + private function _log_viewer(int $page, int $severity) { $errno_values = []; switch ($severity) { @@ -62,125 +60,121 @@ class Pref_System extends Handler_Protected { $total_pages = 0; } - print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>"; - - print "<div region='top' dojoType='fox.Toolbar'>"; - - print "<button dojoType='dijit.form.Button' - onclick='Helpers.EventLog.refresh()'>".__('Refresh')."</button>"; - - $prev_page_disabled = $page <= 0 ? "disabled" : ""; - - print "<button dojoType='dijit.form.Button' $prev_page_disabled - onclick='Helpers.EventLog.prevPage()'>".__('<<')."</button>"; - - print "<button dojoType='dijit.form.Button' disabled>".T_sprintf('Page %d of %d', $page+1, $total_pages+1)."</button>"; - - $next_page_disabled = $page >= $total_pages ? "disabled" : ""; - - print "<button dojoType='dijit.form.Button' $next_page_disabled - onclick='Helpers.EventLog.nextPage()'>".__('>>')."</button>"; - - print "<button dojoType='dijit.form.Button' - onclick='Helpers.EventLog.clear()'>".__('Clear')."</button>"; - - print "<div class='pull-right'>"; - - print __("Severity:") . " "; - print_select_hash("severity", $severity, - [ - E_USER_ERROR => __("Errors"), - E_USER_WARNING => __("Warnings"), - E_USER_NOTICE => __("Everything") - ], 'dojoType="fox.form.Select" onchange="Helpers.EventLog.refresh()"'); - - print "</div>"; # pull-right - - print "</div>"; # toolbar - - print '<div style="padding : 0px" dojoType="dijit.layout.ContentPane" region="center">'; - - print "<table width='100%' class='event-log'>"; - - print "<tr class='title'> - <td width='5%'>".__("Error")."</td> - <td>".__("Filename")."</td> - <td>".__("Message")."</td> - <td width='5%'>".__("User")."</td> - <td width='5%'>".__("Date")."</td> - </tr>"; - - $sth = $this->pdo->prepare("SELECT - errno, errstr, filename, lineno, created_at, login, context - FROM - ttrss_error_log LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id) - WHERE - $errno_filter_qpart - ORDER BY - ttrss_error_log.id DESC - LIMIT $limit OFFSET $offset"); - - $sth->execute($errno_values); - - while ($line = $sth->fetch()) { - print "<tr>"; - - foreach ($line as $k => $v) { - $line[$k] = htmlspecialchars($v); - } - - print "<td class='errno'>" . Logger::$errornames[$line["errno"]] . " (" . $line["errno"] . ")</td>"; - print "<td class='filename'>" . $line["filename"] . ":" . $line["lineno"] . "</td>"; - print "<td class='errstr'>" . $line["errstr"] . "\n" . $line["context"] . "</td>"; - print "<td class='login'>" . $line["login"] . "</td>"; - - print "<td class='timestamp'>" . - TimeHelper::make_local_datetime($line["created_at"], false) . "</td>"; - - print "</tr>"; - } - - print "</table>"; + ?> + <div dojoType='dijit.layout.BorderContainer' gutters='false'> + <div region='top' dojoType='fox.Toolbar'> + + <button dojoType='dijit.form.Button' onclick='Helpers.EventLog.refresh()'> + <?= __('Refresh') ?> + </button> + + <button dojoType='dijit.form.Button' <?= ($page <= 0 ? "disabled" : "") ?> + onclick='Helpers.EventLog.prevPage()'> + <?= __('<<') ?> + </button> + + <button dojoType='dijit.form.Button' disabled> + <?= T_sprintf('Page %d of %d', $page+1, $total_pages+1) ?> + </button> + + <button dojoType='dijit.form.Button' <?= ($page >= $total_pages ? "disabled" : "") ?> + onclick='Helpers.EventLog.nextPage()'> + <?= __('>>') ?> + </button> + + <button dojoType='dijit.form.Button' + onclick='Helpers.EventLog.clear()'> + <?= __('Clear') ?> + </button> + + <div class='pull-right'> + <label><?= __("Severity:") ?></label> + + <?= \Controls\select_hash("severity", $severity, + [ + E_USER_ERROR => __("Errors"), + E_USER_WARNING => __("Warnings"), + E_USER_NOTICE => __("Everything") + ], ["onchange"=> "Helpers.EventLog.refresh()"], "severity") ?> + </div> + </div> + + <div style="padding : 0px" dojoType="dijit.layout.ContentPane" region="center"> + + <table width='100%' class='event-log'> + + <tr class='title'> + <td width='5%'><?= __("Error") ?></td> + <td><?= __("Filename") ?></td> + <td><?= __("Message") ?></td> + <td width='5%'><?= __("User") ?></td> + <td width='5%'><?= __("Date") ?></td> + </tr> + + <?php + $sth = $this->pdo->prepare("SELECT + errno, errstr, filename, lineno, created_at, login, context + FROM + ttrss_error_log LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id) + WHERE + $errno_filter_qpart + ORDER BY + ttrss_error_log.id DESC + LIMIT $limit OFFSET $offset"); + + $sth->execute($errno_values); + + while ($line = $sth->fetch()) { + foreach ($line as $k => $v) { $line[$k] = htmlspecialchars($v); } + ?> + <tr> + <td class='errno'> + <?= Logger::$errornames[$line["errno"]] . " (" . $line["errno"] . ")" ?> + </td> + <td class='filename'><?= $line["filename"] . ":" . $line["lineno"] ?></td> + <td class='errstr'><?= $line["errstr"] . "\n" . $line["context"] ?></td> + <td class='login'><?= $line["login"] ?></td> + <td class='timestamp'> + <?= TimeHelper::make_local_datetime($line["created_at"], false) ?> + </td> + </tr> + <?php } ?> + </table> + </div> + </div> + <?php } function index() { $severity = (int) ($_REQUEST["severity"] ?? E_USER_WARNING); $page = (int) ($_REQUEST["page"] ?? 0); - - print "<div dojoType='dijit.layout.AccordionContainer' region='center'>"; - print "<div dojoType='dijit.layout.AccordionPane' style='padding : 0' - title='<i class=\"material-icons\">report</i> ".__('Event Log')."'>"; - - if (LOG_DESTINATION == "sql") { - - $this->log_viewer($page, $severity); - - } else { - print_notice("Please set LOG_DESTINATION to 'sql' in config.php to enable database logging."); - } - - print "</div>"; # content pane - print "</div>"; # container - print "</div>"; # accordion pane - - print "<div dojoType='dijit.layout.AccordionPane' - title='<i class=\"material-icons\">info</i> ".__('PHP Information')."'>"; - - ob_start(); - phpinfo(); - $info = ob_get_contents(); - ob_end_clean(); - - print "<div class='phpinfo'>"; - print preg_replace( '%^.*<body>(.*)</body>.*$%ms','$1', $info); - print "</div>"; - - print "</div>"; # accordion pane - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefSystem"); - - print "</div>"; #container + ?> + <div dojoType='dijit.layout.AccordionContainer' region='center'> + <div dojoType='dijit.layout.AccordionPane' style='padding : 0' title='<i class="material-icons">report</i> <?= __('Event Log') ?>'> + <?php + if (Config::get(Config::LOG_DESTINATION) == "sql") { + $this->_log_viewer($page, $severity); + } else { + print_notice("Please set Config::get(Config::LOG_DESTINATION) to 'sql' in config.php to enable database logging."); + } + ?> + </div> + + <div dojoType='dijit.layout.AccordionPane' title='<i class="material-icons">info</i> <?= __('PHP Information') ?>'> + <script type='dojo/method' event='onSelected' args='evt'> + if (this.domNode.querySelector('.loading')) + window.setTimeout(() => { + xhr.post("backend.php", {op: 'pref-system', method: 'getphpinfo'}, (reply) => { + this.attr('content', `<div class='phpinfo'>${reply}</div>`); + }); + }, 200); + </script> + <span class='loading'><?= __("Loading, please wait...") ?></span> + </div> + + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefSystem") ?> + </div> + <?php } - } diff --git a/classes/pref/users.php b/classes/pref/users.php index 5c622a9b1..13f808cb3 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -1,18 +1,7 @@ <?php -class Pref_Users extends Handler_Protected { - function before($method) { - if (parent::before($method)) { - if ($_SESSION["access_level"] < 10) { - print __("Your access level is insufficient to open this tab."); - return false; - } - return true; - } - return false; - } - +class Pref_Users extends Handler_Administrative { function csrf_ignore($method) { - $csrf_ignored = array("index", "userdetails"); + $csrf_ignored = array("index"); return array_search($method, $csrf_ignored) !== false; } @@ -20,105 +9,17 @@ class Pref_Users extends Handler_Protected { function edit() { global $access_level_names; - print "<form id='user_edit_form' onsubmit='return false' dojoType='dijit.form.Form'>"; - - print '<div dojoType="dijit.layout.TabContainer" style="height : 400px"> - <div dojoType="dijit.layout.ContentPane" title="'.__('Edit user').'">'; - - //print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">"; - - $id = (int) clean($_REQUEST["id"]); - - print_hidden("id", "$id"); - print_hidden("op", "pref-users"); - print_hidden("method", "editSave"); + $id = (int)clean($_REQUEST["id"]); - $sth = $this->pdo->prepare("SELECT * FROM ttrss_users WHERE id = ?"); + $sth = $this->pdo->prepare("SELECT id, login, access_level, email FROM ttrss_users WHERE id = ?"); $sth->execute([$id]); - if ($row = $sth->fetch()) { - - $login = $row["login"]; - $access_level = $row["access_level"]; - $email = $row["email"]; - - $sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : ""; - - print "<header>".__("User")."</header>"; - print "<section>"; - - if ($sel_disabled) { - print_hidden("login", "$login"); - } - - print "<fieldset>"; - print "<label>" . __("Login:") . "</label>"; - print "<input style='font-size : 16px' - dojoType='dijit.form.ValidationTextBox' required='1' - $sel_disabled name='login' value=\"$login\">"; - print "</fieldset>"; - - print "</section>"; - - print "<header>".__("Authentication")."</header>"; - print "<section>"; - - print "<fieldset>"; - - print "<label>" . __('Access level: ') . "</label> "; - - if (!$sel_disabled) { - print_select_hash("access_level", $access_level, $access_level_names, - "dojoType=\"fox.form.Select\" $sel_disabled"); - } else { - print_select_hash("", $access_level, $access_level_names, - "dojoType=\"fox.form.Select\" $sel_disabled"); - print_hidden("access_level", "$access_level"); - } - - print "</fieldset>"; - print "<fieldset>"; - - print "<label>" . __("New password:") . "</label> "; - print "<input dojoType='dijit.form.TextBox' type='password' size='20' placeholder='Change password' - name='password'>"; - - print "</fieldset>"; - - print "</section>"; - - print "<header>".__("Options")."</header>"; - print "<section>"; - - print "<fieldset>"; - print "<label>" . __("E-mail:") . "</label> "; - print "<input dojoType='dijit.form.TextBox' size='30' name='email' - value=\"$email\">"; - print "</fieldset>"; - - print "</section>"; - - print "</table>"; - + if ($row = $sth->fetch(PDO::FETCH_ASSOC)) { + print json_encode([ + "user" => $row, + "access_level_names" => $access_level_names + ]); } - - print '</div>'; #tab - print "<div href=\"backend.php?op=pref-users&method=userdetails&id=$id\" - dojoType=\"dijit.layout.ContentPane\" title=\"".__('User details')."\">"; - - print '</div>'; - print '</div>'; - - print "<footer> - <button dojoType='dijit.form.Button' class='alt-primary' type='submit' onclick='App.dialogOf(this).execute()'>". - __('Save')."</button> - <button dojoType='dijit.form.Button' onclick='App.dialogOf(this).hide()'>". - __('Cancel')."</button> - </footer>"; - - print "</form>"; - - return; } function userdetails() { @@ -135,7 +36,6 @@ class Pref_Users extends Handler_Protected { $sth->execute([$id]); if ($row = $sth->fetch()) { - print "<table width='100%'>"; $last_login = TimeHelper::make_local_datetime( $row["last_login"], true); @@ -145,47 +45,62 @@ class Pref_Users extends Handler_Protected { $stored_articles = $row["stored_articles"]; - print "<tr><td>".__('Registered')."</td><td>$created</td></tr>"; - print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>"; - $sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds WHERE owner_uid = ?"); $sth->execute([$id]); $row = $sth->fetch(); - $num_feeds = $row["num_feeds"]; - - print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>"; - print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>"; - print "</table>"; + $num_feeds = $row["num_feeds"]; - print "<h1>".__('Subscribed feeds')."</h1>"; + ?> - $sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds - WHERE owner_uid = ? ORDER BY title"); - $sth->execute([$id]); + <fieldset> + <label><?= __('Registered') ?>:</label> + <?= $created ?> + </fieldset> - print "<ul class=\"panel panel-scrollable list list-unstyled\">"; + <fieldset> + <label><?= __('Last logged in') ?>:</label> + <?= $last_login ?> + </fieldset> - while ($line = $sth->fetch()) { + <fieldset> + <label><?= __('Subscribed feeds') ?>:</label> + <?= $num_feeds ?> + </fieldset> - $icon_file = ICONS_URL."/".$line["id"].".ico"; + <fieldset> + <label><?= __('Stored articles') ?>:</label> + <?= $stored_articles ?> + </fieldset> - if (file_exists($icon_file) && filesize($icon_file) > 0) { - $feed_icon = "<img class=\"icon\" src=\"$icon_file\">"; - } else { - $feed_icon = "<img class=\"icon\" src=\"images/blank_icon.gif\">"; - } + <?php + $sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds + WHERE owner_uid = ? ORDER BY title"); + $sth->execute([$id]); + ?> - print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>"; + <ul class="panel panel-scrollable list list-unstyled"> + <?php while ($row = $sth->fetch()) { ?> + <li> + <?php + $icon_file = Config::get(Config::ICONS_URL) . "/" . $row["id"] . ".ico"; + $icon = file_exists($icon_file) ? $icon_file : "images/blank_icon.gif"; + ?> - } + <img class="icon" src="<?= $icon_file ?>"> - print "</ul>"; + <a target="_blank" href="<?= htmlspecialchars($row["site_url"]) ?>"> + <?= htmlspecialchars($row["title"]) ?> + </a> + </li> + <?php } ?> + </ul> + <?php } else { - print "<h1>".__('User not found')."</h1>"; + print_error(__('User not found')); } } @@ -197,6 +112,12 @@ class Pref_Users extends Handler_Protected { $email = clean($_REQUEST["email"]); $password = clean($_REQUEST["password"]); + // no blank usernames + if (!$login) return; + + // forbid renaming admin + if ($uid == 1) $login = "admin"; + if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); @@ -246,67 +167,25 @@ class Pref_Users extends Handler_Protected { if ($new_uid = UserHelper::find_user_by_login($login)) { - $new_uid = $row['id']; - print T_sprintf("Added user %s with password %s", $login, $tmp_user_pwd); - $this->initialize_user($new_uid); - } else { - print T_sprintf("Could not create user %s", $login); - } } else { print T_sprintf("User %s already exists.", $login); } } - static function resetUserPassword($uid, $format_output = false) { - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?"); - $sth->execute([$uid]); - - if ($row = $sth->fetch()) { - - $login = $row["login"]; - - $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); - $tmp_user_pwd = make_password(); - - $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - - $sth = $pdo->prepare("UPDATE ttrss_users - SET pwd_hash = ?, salt = ?, otp_enabled = false - WHERE id = ?"); - $sth->execute([$pwd_hash, $new_salt, $uid]); - - $message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>"); - - if ($format_output) - print_notice($message); - else - print $message; - - } - } - function resetPass() { - $uid = clean($_REQUEST["id"]); - self::resetUserPassword($uid); + UserHelper::reset_password(clean($_REQUEST["id"])); } function index() { global $access_level_names; - print "<div dojoType='dijit.layout.BorderContainer' gutters='false'>"; - print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'>"; - print "<div dojoType='fox.Toolbar'>"; - $user_search = clean($_REQUEST["search"] ?? ""); if (array_key_exists("search", $_REQUEST)) { @@ -315,146 +194,111 @@ class Pref_Users extends Handler_Protected { $user_search = ($_SESSION["prefs_user_search"] ?? ""); } - print "<div style='float : right; padding-right : 4px;'> - <input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search' - value=\"$user_search\"> - <button dojoType='dijit.form.Button' onclick='Users.reload()'>". - __('Search')."</button> - </div>"; - $sort = clean($_REQUEST["sort"] ?? ""); if (!$sort || $sort == "undefined") { $sort = "login"; } - print "<div dojoType='fox.form.DropDownButton'>". - "<span>" . __('Select')."</span>"; - print "<div dojoType='dijit.Menu' style='display: none'>"; - print "<div onclick=\"Tables.select('users-list', true)\" - dojoType='dijit.MenuItem'>".__('All')."</div>"; - print "<div onclick=\"Tables.select('users-list', false)\" - dojoType='dijit.MenuItem'>".__('None')."</div>"; - print "</div></div>"; - - print "<button dojoType='dijit.form.Button' onclick='Users.add()'>".__('Create user')."</button>"; - - print " - <button dojoType='dijit.form.Button' onclick='Users.editSelected()'>". - __('Edit')."</button dojoType=\"dijit.form.Button\"> - <button dojoType='dijit.form.Button' onclick='Users.removeSelected()'>". - __('Remove')."</button dojoType=\"dijit.form.Button\"> - <button dojoType='dijit.form.Button' onclick='Users.resetSelected()'>". - __('Reset password')."</button dojoType=\"dijit.form.Button\">"; - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar"); - - print "</div>"; #toolbar - print "</div>"; #pane - print "<div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'>"; - - $sort = $this->validate_field($sort, + $sort = $this->_validate_field($sort, ["login", "access_level", "created", "num_feeds", "created", "last_login"], "login"); if ($sort != "login") $sort = "$sort DESC"; - $sth = $this->pdo->prepare("SELECT - tu.id, - login,access_level,email, - ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, - ".SUBSTRING_FOR_DATE."(created,1,16) as created, - (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds - FROM - ttrss_users tu - WHERE - (:search = '' OR login LIKE :search) AND tu.id > 0 - ORDER BY $sort"); - $sth->execute([":search" => $user_search ? "%$user_search%" : ""]); - - print "<table width='100%' class='users-list' id='users-list'>"; - - print "<tr class='title'> - <td align='center' width='5%'> </td> - <td width='20%'><a href='#' onclick=\"Users.reload('login')\">".__('Login')."</a></td> - <td width='20%'><a href='#' onclick=\"Users.reload('access_level')\">".__('Access Level')."</a></td> - <td width='10%'><a href='#' onclick=\"Users.reload('num_feeds')\">".__('Subscribed feeds')."</a></td> - <td width='20%'><a href='#' onclick=\"Users.reload('created')\">".__('Registered')."</a></td> - <td width='20%'><a href='#' onclick=\"Users.reload('last_login')\">".__('Last login')."</a></td></tr>"; - - $lnum = 0; - - while ($line = $sth->fetch()) { - - $uid = $line["id"]; - - print "<tr data-row-id='$uid' onclick='Users.edit($uid)'>"; - - $line["login"] = htmlspecialchars($line["login"]); - $line["created"] = TimeHelper::make_local_datetime($line["created"], false); - $line["last_login"] = TimeHelper::make_local_datetime($line["last_login"], false); - - print "<td align='center'><input onclick='Tables.onRowChecked(this); event.stopPropagation();' - dojoType='dijit.form.CheckBox' type='checkbox'></td>"; - - print "<td title='".__('Click to edit')."'><i class='material-icons'>person</i> " . $line["login"] . "</td>"; - - print "<td>" . $access_level_names[$line["access_level"]] . "</td>"; - print "<td>" . $line["num_feeds"] . "</td>"; - print "<td>" . $line["created"] . "</td>"; - print "<td>" . $line["last_login"] . "</td>"; - - print "</tr>"; - - ++$lnum; - } - - print "</table>"; - - if ($lnum == 0) { - if (!$user_search) { - print_warning(__('No users defined.')); - } else { - print_warning(__('No matching users found.')); - } - } - - print "</div>"; #pane - - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers"); - - print "</div>"; #container - - } + ?> + + <div dojoType='dijit.layout.BorderContainer' gutters='false'> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='top'> + <div dojoType='fox.Toolbar'> + + <div style='float : right'> + <input dojoType='dijit.form.TextBox' id='user_search' size='20' type='search' + value="<?= htmlspecialchars($user_search) ?>"> + <button dojoType='dijit.form.Button' onclick='Users.reload()'> + <?= __('Search') ?> + </button> + </div> + + <div dojoType='fox.form.DropDownButton'> + <span><?= __('Select') ?></span> + <div dojoType='dijit.Menu' style='display: none'> + <div onclick="Tables.select('users-list', true)" + dojoType='dijit.MenuItem'><?= __('All') ?></div> + <div onclick="Tables.select('users-list', false)" + dojoType='dijit.MenuItem'><?= __('None') ?></div> + </div> + </div> + + <button dojoType='dijit.form.Button' onclick='Users.add()'> + <?= __('Create user') ?> + </button> + + <button dojoType='dijit.form.Button' onclick='Users.removeSelected()'> + <?= __('Remove') ?> + </button> + + <button dojoType='dijit.form.Button' onclick='Users.resetSelected()'> + <?= __('Reset password') ?> + </button> + + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefUsersToolbar") ?> + + </div> + </div> + <div style='padding : 0px' dojoType='dijit.layout.ContentPane' region='center'> + + <table width='100%' class='users-list' id='users-list'> + + <tr class='title'> + <td align='center' width='5%'> </td> + <td width='20%'><a href='#' onclick="Users.reload('login')"><?= ('Login') ?></a></td> + <td width='20%'><a href='#' onclick="Users.reload('access_level')"><?= ('Access Level') ?></a></td> + <td width='10%'><a href='#' onclick="Users.reload('num_feeds')"><?= ('Subscribed feeds') ?></a></td> + <td width='20%'><a href='#' onclick="Users.reload('created')"><?= ('Registered') ?></a></td> + <td width='20%'><a href='#' onclick="Users.reload('last_login')"><?= ('Last login') ?></a></td> + </tr> + + <?php + $sth = $this->pdo->prepare("SELECT + tu.id, + login,access_level,email, + ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, + ".SUBSTRING_FOR_DATE."(created,1,16) as created, + (SELECT COUNT(id) FROM ttrss_feeds WHERE owner_uid = tu.id) AS num_feeds + FROM + ttrss_users tu + WHERE + (:search = '' OR login LIKE :search) AND tu.id > 0 + ORDER BY $sort"); + $sth->execute([":search" => $user_search ? "%$user_search%" : ""]); + + while ($row = $sth->fetch()) { ?> + + <tr data-row-id='<?= $row["id"] ?>' onclick='Users.edit(<?= $row["id"] ?>)' title="<?= __('Click to edit') ?>"> + <td align='center'> + <input onclick='Tables.onRowChecked(this); event.stopPropagation();' + dojoType='dijit.form.CheckBox' type='checkbox'> + </td> + + <td><i class='material-icons'>person</i> <?= htmlspecialchars($row["login"]) ?></td> + <td><?= $access_level_names[$row["access_level"]] ?></td> + <td><?= $row["num_feeds"] ?></td> + <td><?= TimeHelper::make_local_datetime($row["created"], false) ?></td> + <td><?= TimeHelper::make_local_datetime($row["last_login"], false) ?></td> + </tr> + <?php } ?> + </table> + </div> + <?php PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "prefUsers") ?> + </div> + <?php + } - function validate_field($string, $allowed, $default = "") { + private function _validate_field($string, $allowed, $default = "") { if (in_array($string, $allowed)) return $string; else return $default; } - // this is called after user is created to initialize default feeds, labels - // or whatever else - // user preferences are checked on every login, not here - static function initialize_user($uid) { - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url) - values (?, 'Tiny Tiny RSS: Forum', - 'https://tt-rss.org/forum/rss.php')"); - $sth->execute([$uid]); - } - - static function logout_user() { - if (session_status() === PHP_SESSION_ACTIVE) - session_destroy(); - - if (isset($_COOKIE[session_name()])) { - setcookie(session_name(), '', time()-42000, '/'); - - } - session_commit(); - } - } diff --git a/classes/rpc.php b/classes/rpc.php index f8af1d660..8945823c6 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -1,96 +1,11 @@ <?php class RPC extends Handler_Protected { - function csrf_ignore($method) { - $csrf_ignored = array("completelabels", "saveprofile"); + /*function csrf_ignore($method) { + $csrf_ignored = array("completelabels"); return array_search($method, $csrf_ignored) !== false; - } - - function setprofile() { - $_SESSION["profile"] = (int) clean($_REQUEST["id"]); - - // default value - if (!$_SESSION["profile"]) $_SESSION["profile"] = null; - } - - function remprofiles() { - $ids = explode(",", clean($_REQUEST["ids"])); - - foreach ($ids as $id) { - if ($_SESSION["profile"] != $id) { - $sth = $this->pdo->prepare("DELETE FROM ttrss_settings_profiles WHERE id = ? AND - owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - } - } - } - - // Silent - function addprofile() { - $title = clean($_REQUEST["title"]); - - if ($title) { - $this->pdo->beginTransaction(); - - $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles - WHERE title = ? AND owner_uid = ?"); - $sth->execute([$title, $_SESSION['uid']]); - - if (!$sth->fetch()) { - - $sth = $this->pdo->prepare("INSERT INTO ttrss_settings_profiles (title, owner_uid) - VALUES (?, ?)"); - - $sth->execute([$title, $_SESSION['uid']]); - - $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE - title = ? AND owner_uid = ?"); - $sth->execute([$title, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $profile_id = $row['id']; - - if ($profile_id) { - Pref_Prefs::initialize_user_prefs($_SESSION["uid"], $profile_id); - } - } - } - - $this->pdo->commit(); - } - } - - function saveprofile() { - $id = clean($_REQUEST["id"]); - $title = clean($_REQUEST["value"]); - - if ($id == 0) { - print __("Default profile"); - return; - } - - if ($title) { - $sth = $this->pdo->prepare("UPDATE ttrss_settings_profiles - SET title = ? WHERE id = ? AND - owner_uid = ?"); - - $sth->execute([$title, $id, $_SESSION['uid']]); - print $title; - } - } - - function addfeed() { - $feed = clean($_REQUEST['feed']); - $cat = clean($_REQUEST['cat']); - $need_auth = isset($_REQUEST['need_auth']); - $login = $need_auth ? clean($_REQUEST['login']) : ''; - $pass = $need_auth ? clean($_REQUEST['pass']) : ''; - - $rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass); - - print json_encode(array("result" => $rc)); - } + }*/ function togglepref() { $key = clean($_REQUEST["key"]); @@ -131,7 +46,7 @@ class RPC extends Handler_Protected { WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?"); $sth->execute(array_merge($ids, [$_SESSION['uid']])); - Article::purge_orphans(); + Article::_purge_orphans(); print json_encode(array("message" => "UPDATE_COUNTERS")); } @@ -149,67 +64,100 @@ class RPC extends Handler_Protected { print json_encode(array("message" => "UPDATE_COUNTERS")); } + function getRuntimeInfo() { + $reply = [ + 'runtime-info' => $this->make_runtime_info() + ]; + + print json_encode($reply); + } + function getAllCounters() { @$seq = (int) $_REQUEST['seq']; + $feed_id_count = (int)$_REQUEST["feed_id_count"]; + $label_id_count = (int)$_REQUEST["label_id_count"]; + + // it seems impossible to distinguish empty array [] from a null - both become unset in $_REQUEST + // so, count is >= 0 means we had an array, -1 means null + // we need null because it means "return all counters"; [] would return nothing + if ($feed_id_count == -1) + $feed_ids = null; + else + $feed_ids = array_map("intval", clean($_REQUEST["feed_ids"] ?? [])); + + if ($label_id_count == -1) + $label_ids = null; + else + $label_ids = array_map("intval", clean($_REQUEST["label_ids"] ?? [])); + + // @phpstan-ignore-next-line + $counters = is_array($feed_ids) ? Counters::get_conditional($feed_ids, $label_ids) : Counters::get_all(); + $reply = [ - 'counters' => Counters::getAllCounters(), + 'counters' => $counters, 'seq' => $seq ]; - if ($seq % 2 == 0) - $reply['runtime-info'] = $this->make_runtime_info(); - print json_encode($reply); } /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */ function catchupSelected() { - $ids = explode(",", clean($_REQUEST["ids"])); + $ids = array_map("intval", clean($_REQUEST["ids"] ?? [])); $cmode = (int)clean($_REQUEST["cmode"]); - Article::catchupArticlesById($ids, $cmode); + if (count($ids) > 0) + Article::_catchup_by_id($ids, $cmode); - print json_encode(array("message" => "UPDATE_COUNTERS", "ids" => $ids)); + print json_encode(["message" => "UPDATE_COUNTERS", + "labels" => Article::_labels_of($ids), + "feeds" => Article::_feeds_of($ids)]); } function markSelected() { - $ids = explode(",", clean($_REQUEST["ids"])); + $ids = array_map("intval", clean($_REQUEST["ids"] ?? [])); $cmode = (int)clean($_REQUEST["cmode"]); - $this->markArticlesById($ids, $cmode); + if (count($ids) > 0) + $this->markArticlesById($ids, $cmode); - print json_encode(array("message" => "UPDATE_COUNTERS")); + print json_encode(["message" => "UPDATE_COUNTERS", "feeds" => Article::_feeds_of($ids)]); } function publishSelected() { - $ids = explode(",", clean($_REQUEST["ids"])); + $ids = array_map("intval", clean($_REQUEST["ids"] ?? [])); $cmode = (int)clean($_REQUEST["cmode"]); - $this->publishArticlesById($ids, $cmode); + if (count($ids) > 0) + $this->publishArticlesById($ids, $cmode); - print json_encode(array("message" => "UPDATE_COUNTERS")); + print json_encode(["message" => "UPDATE_COUNTERS", "feeds" => Article::_feeds_of($ids)]); } function sanityCheck() { - $_SESSION["hasAudio"] = clean($_REQUEST["hasAudio"]) === "true"; $_SESSION["hasSandbox"] = clean($_REQUEST["hasSandbox"]) === "true"; - $_SESSION["hasMp3"] = clean($_REQUEST["hasMp3"]) === "true"; $_SESSION["clientTzOffset"] = clean($_REQUEST["clientTzOffset"]); - $reply = array(); + $error = Errors::E_SUCCESS; + + if (get_schema_version(true) != SCHEMA_VERSION) { + $error = Errors::E_SCHEMA_MISMATCH; + } - $reply['error'] = sanity_check(); + if ($error == Errors::E_SUCCESS) { + $reply = []; - if ($reply['error']['code'] == 0) { $reply['init-params'] = $this->make_init_params(); $reply['runtime-info'] = $this->make_runtime_info(); - } - print json_encode($reply); + print json_encode($reply); + } else { + print Errors::to_json($error); + } } - function completeLabels() { + /*function completeLabels() { $search = clean($_REQUEST["search"]); $sth = $this->pdo->prepare("SELECT DISTINCT caption FROM @@ -224,19 +172,19 @@ class RPC extends Handler_Protected { print "<li>" . $line["caption"] . "</li>"; } print "</ul>"; - } + }*/ function catchupFeed() { $feed_id = clean($_REQUEST['feed_id']); $is_cat = clean($_REQUEST['is_cat']) == "true"; - $mode = clean($_REQUEST['mode']); + $mode = clean($_REQUEST['mode'] ?? ''); $search_query = clean($_REQUEST['search_query']); $search_lang = clean($_REQUEST['search_lang']); - Feeds::catchup_feed($feed_id, $is_cat, false, $mode, [$search_query, $search_lang]); + Feeds::_catchup($feed_id, $is_cat, false, $mode, [$search_query, $search_lang]); // return counters here synchronously so that frontend can figure out next unread feed properly - print json_encode(['counters' => Counters::getAllCounters()]); + print json_encode(['counters' => Counters::get_all()]); //print json_encode(array("message" => "UPDATE_COUNTERS")); } @@ -244,8 +192,9 @@ class RPC extends Handler_Protected { function setpanelmode() { $wide = (int) clean($_REQUEST["wide"]); + // FIXME should this use SESSION_COOKIE_LIFETIME and be renewed periodically? setcookie("ttrss_widescreen", (string)$wide, - time() + COOKIE_LIFETIME_LONG); + time() + 86400*365); print json_encode(array("wide" => $wide)); } @@ -253,7 +202,7 @@ class RPC extends Handler_Protected { static function updaterandomfeed_real() { // Test if the feed need a update (update interval exceded). - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $update_limit_qpart = "AND (( ttrss_feeds.update_interval = 0 AND ttrss_feeds.last_updated < NOW() - CAST((ttrss_user_prefs.value || ' minutes') AS INTERVAL) @@ -278,7 +227,7 @@ class RPC extends Handler_Protected { } // Test if feed is currently being updated by another process. - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < NOW() - INTERVAL '5 minutes')"; } else { $updstart_thresh_qpart = "AND (ttrss_feeds.last_update_started IS NULL OR ttrss_feeds.last_update_started < DATE_SUB(NOW(), INTERVAL 5 MINUTE))"; @@ -324,7 +273,7 @@ class RPC extends Handler_Protected { } // Purge orphans and cleanup tags - Article::purge_orphans(); + Article::_purge_orphans(); //cleanup_tags(14, 50000); if ($num_updated > 0) { @@ -382,23 +331,6 @@ class RPC extends Handler_Protected { $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - function getlinktitlebyid() { - $id = clean($_REQUEST['id']); - - $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries - WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $link = $row['link']; - $title = $row['title']; - - echo json_encode(array("link" => $link, "title" => $title)); - } else { - echo json_encode(array("error" => "ARTICLE_NOT_FOUND")); - } - } - function log() { $msg = clean($_REQUEST['msg']); $file = basename(clean($_REQUEST['file'])); @@ -410,10 +342,7 @@ class RPC extends Handler_Protected { $msg, 'client-js:' . $file, $line, $context); echo json_encode(array("message" => "HOST_ERROR_LOGGED")); - } else { - echo json_encode(array("error" => "MESSAGE_NOT_FOUND")); } - } function checkforupdates() { @@ -424,7 +353,7 @@ class RPC extends Handler_Protected { get_version($git_commit, $git_timestamp); - if (defined('CHECK_FOR_UPDATES') && CHECK_FOR_UPDATES && $_SESSION["access_level"] >= 10 && $git_timestamp) { + if (Config::get(Config::CHECK_FOR_UPDATES) && $_SESSION["access_level"] >= 10 && $git_timestamp) { $content = @UrlHelper::fetch(["url" => "https://tt-rss.org/version.json"]); if ($content) { @@ -455,9 +384,9 @@ class RPC extends Handler_Protected { } $params["safe_mode"] = !empty($_SESSION["safe_mode"]); - $params["check_for_updates"] = CHECK_FOR_UPDATES; - $params["icons_url"] = ICONS_URL; - $params["cookie_lifetime"] = SESSION_COOKIE_LIFETIME; + $params["check_for_updates"] = Config::get(Config::CHECK_FOR_UPDATES); + $params["icons_url"] = Config::get(Config::ICONS_URL); + $params["cookie_lifetime"] = Config::get(Config::SESSION_COOKIE_LIFETIME); $params["default_view_mode"] = get_pref("_DEFAULT_VIEW_MODE"); $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT"); $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY"); @@ -486,16 +415,11 @@ class RPC extends Handler_Protected { $params["self_url_prefix"] = get_self_url_prefix(); $params["max_feed_id"] = (int) $max_feed_id; $params["num_feeds"] = (int) $num_feeds; - $params["hotkeys"] = $this->get_hotkeys_map(); - $params["widescreen"] = (int) ($_COOKIE["ttrss_widescreen"] ?? 0); - - $params['simple_update'] = SIMPLE_UPDATE_MODE; - + $params['simple_update'] = Config::get(Config::SIMPLE_UPDATE_MODE); $params["icon_indicator_white"] = $this->image_to_base64("images/indicator_white.gif"); - - $params["labels"] = Labels::get_all_labels($_SESSION["uid"]); + $params["labels"] = Labels::get_all($_SESSION["uid"]); return $params; } @@ -526,10 +450,10 @@ class RPC extends Handler_Protected { $data["max_feed_id"] = (int) $max_feed_id; $data["num_feeds"] = (int) $num_feeds; $data['cdm_expanded'] = get_pref('CDM_EXPANDED'); - $data["labels"] = Labels::get_all_labels($_SESSION["uid"]); + $data["labels"] = Labels::get_all($_SESSION["uid"]); - if (LOG_DESTINATION == 'sql' && $_SESSION['access_level'] >= 10) { - if (DB_TYPE == 'pgsql') { + if (Config::get(Config::LOG_DESTINATION) == 'sql' && $_SESSION['access_level'] >= 10) { + if (Config::get(Config::DB_TYPE) == 'pgsql') { $log_interval = "created_at > NOW() - interval '1 hour'"; } else { $log_interval = "created_at > DATE_SUB(NOW(), INTERVAL 1 HOUR)"; @@ -538,7 +462,7 @@ class RPC extends Handler_Protected { $sth = $pdo->prepare("SELECT COUNT(id) AS cid FROM ttrss_error_log WHERE - errno != 1024 AND + errno NOT IN (".E_USER_NOTICE.", ".E_USER_DEPRECATED.") AND $log_interval AND errstr NOT LIKE '%imagecreatefromstring(): Data is not in a recognized format%'"); $sth->execute(); @@ -548,13 +472,13 @@ class RPC extends Handler_Protected { } } - if (file_exists(LOCK_DIRECTORY . "/update_daemon.lock")) { + if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/update_daemon.lock")) { $data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock"); if (time() - ($_SESSION["daemon_stamp_check"] ?? 0) > 30) { - $stamp = (int) @file_get_contents(LOCK_DIRECTORY . "/update_daemon.stamp"); + $stamp = (int) @file_get_contents(Config::get(Config::LOCK_DIRECTORY) . "/update_daemon.stamp"); if ($stamp) { $stamp_delta = time() - $stamp; @@ -737,4 +661,73 @@ class RPC extends Handler_Protected { return array($prefixes, $hotkeys); } + function hotkeyHelp() { + $info = self::get_hotkeys_info(); + $imap = self::get_hotkeys_map(); + $omap = array(); + + foreach ($imap[1] as $sequence => $action) { + if (!isset($omap[$action])) $omap[$action] = array(); + + array_push($omap[$action], $sequence); + } + + ?> + <ul class='panel panel-scrollable hotkeys-help' style='height : 300px'> + <?php + + foreach ($info as $section => $hotkeys) { + ?> + <li><h3><?= $section ?></h3></li> + <?php + + foreach ($hotkeys as $action => $description) { + + if (!empty($omap[$action])) { + foreach ($omap[$action] as $sequence) { + if (strpos($sequence, "|") !== false) { + $sequence = substr($sequence, + strpos($sequence, "|")+1, + strlen($sequence)); + } else { + $keys = explode(" ", $sequence); + + for ($i = 0; $i < count($keys); $i++) { + if (strlen($keys[$i]) > 1) { + $tmp = ''; + foreach (str_split($keys[$i]) as $c) { + switch ($c) { + case '*': + $tmp .= __('Shift') . '+'; + break; + case '^': + $tmp .= __('Ctrl') . '+'; + break; + default: + $tmp .= $c; + } + } + $keys[$i] = $tmp; + } + } + $sequence = join(" ", $keys); + } + + ?> + <li> + <div class='hk'><code><?= $sequence ?></code></div> + <div class='desc'><?= $description ?></div> + </li> + <?php + } + } + } + } + ?> + </ul> + <footer class='text-center'> + <?= \Controls\submit_tag(__('Close this window')) ?> + </footer> + <?php + } } diff --git a/classes/rssutils.php b/classes/rssutils.php index 9dd7c4ab1..6479d9f97 100755 --- a/classes/rssutils.php +++ b/classes/rssutils.php @@ -34,9 +34,9 @@ class RSSUtils { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ?"); - // check icon files once every CACHE_MAX_DAYS days - $icon_files = array_filter(glob(ICONS_DIR . "/*.ico"), - function($f) { return filemtime($f) < time() - 86400*CACHE_MAX_DAYS; }); + // check icon files once every Config::get(Config::CACHE_MAX_DAYS) days + $icon_files = array_filter(glob(Config::get(Config::ICONS_DIR) . "/*.ico"), + function($f) { return filemtime($f) < time() - 86400 * Config::get(Config::CACHE_MAX_DAYS); }); foreach ($icon_files as $icon) { $feed_id = basename($icon, ".ico"); @@ -52,26 +52,28 @@ class RSSUtils { } } - static function update_daemon_common($limit = DAEMON_FEED_LIMIT, $options = []) { + static function update_daemon_common($limit = null, $options = []) { $schema_version = get_schema_version(); + if (!$limit) $limit = Config::get(Config::DAEMON_FEED_LIMIT); + if ($schema_version != SCHEMA_VERSION) { die("Schema version is wrong, please upgrade the database.\n"); } $pdo = Db::pdo(); - if (!SINGLE_USER_MODE && DAEMON_UPDATE_LOGIN_LIMIT > 0) { - if (DB_TYPE == "pgsql") { - $login_thresh_qpart = "AND ttrss_users.last_login >= NOW() - INTERVAL '".DAEMON_UPDATE_LOGIN_LIMIT." days'"; + if (!Config::get(Config::SINGLE_USER_MODE) && Config::get(Config::DAEMON_UPDATE_LOGIN_LIMIT) > 0) { + if (Config::get(Config::DB_TYPE) == "pgsql") { + $login_thresh_qpart = "AND ttrss_users.last_login >= NOW() - INTERVAL '".Config::get(Config::DAEMON_UPDATE_LOGIN_LIMIT)." days'"; } else { - $login_thresh_qpart = "AND ttrss_users.last_login >= DATE_SUB(NOW(), INTERVAL ".DAEMON_UPDATE_LOGIN_LIMIT." DAY)"; + $login_thresh_qpart = "AND ttrss_users.last_login >= DATE_SUB(NOW(), INTERVAL ".Config::get(Config::DAEMON_UPDATE_LOGIN_LIMIT)." DAY)"; } } else { $login_thresh_qpart = ""; } - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $update_limit_qpart = "AND (( ttrss_feeds.update_interval = 0 AND ttrss_user_prefs.value != '-1' @@ -96,7 +98,7 @@ class RSSUtils { } // Test if feed is currently being updated by another process. - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $updstart_thresh_qpart = "AND (last_update_started IS NULL OR last_update_started < NOW() - INTERVAL '10 minutes')"; } else { $updstart_thresh_qpart = "AND (last_update_started IS NULL OR last_update_started < DATE_SUB(NOW(), INTERVAL 10 MINUTE))"; @@ -106,7 +108,7 @@ class RSSUtils { // Update the least recently updated feeds first $query_order = "ORDER BY last_updated"; - if (DB_TYPE == "pgsql") $query_order .= " NULLS FIRST"; + if (Config::get(Config::DB_TYPE) == "pgsql") $query_order .= " NULLS FIRST"; $query = "SELECT DISTINCT ttrss_feeds.feed_url, ttrss_feeds.last_updated FROM @@ -182,7 +184,7 @@ class RSSUtils { if (self::function_enabled('passthru')) { $exit_code = 0; - passthru(PHP_EXECUTABLE . " update.php --update-feed " . $tline["id"] . " --pidlock feed-" . $tline["id"] . " $quiet $log $log_level", $exit_code); + passthru(Config::get(Config::PHP_EXECUTABLE) . " update.php --update-feed " . $tline["id"] . " --pidlock feed-" . $tline["id"] . " $quiet $log $log_level", $exit_code); Debug::log(sprintf("<= %.4f (sec) exit code: %d", microtime(true) - $fstarted, $exit_code)); @@ -275,7 +277,7 @@ class RSSUtils { $pluginhost = new PluginHost(); $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); - $pluginhost->load(PLUGINS, PluginHost::KIND_ALL); + $pluginhost->load(Config::get(Config::PLUGINS), PluginHost::KIND_ALL); $pluginhost->load((string)$user_plugins, PluginHost::KIND_USER, $owner_uid); //$pluginhost->load_data(); @@ -288,7 +290,7 @@ class RSSUtils { if (!$basic_info) { $feed_data = UrlHelper::fetch($fetch_url, false, $auth_login, $auth_pass, false, - FEED_FETCH_TIMEOUT, + Config::get(Config::FEED_FETCH_TIMEOUT), 0); $feed_data = trim($feed_data); @@ -395,12 +397,12 @@ class RSSUtils { $date_feed_processed = date('Y-m-d H:i'); - $cache_filename = CACHE_DIR . "/feeds/" . sha1($fetch_url) . ".xml"; + $cache_filename = Config::get(Config::CACHE_DIR) . "/feeds/" . sha1($fetch_url) . ".xml"; $pluginhost = new PluginHost(); $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); - $pluginhost->load(PLUGINS, PluginHost::KIND_ALL); + $pluginhost->load(Config::get(Config::PLUGINS), PluginHost::KIND_ALL); $pluginhost->load((string)$user_plugins, PluginHost::KIND_USER, $owner_uid); //$pluginhost->load_data(); @@ -455,7 +457,7 @@ class RSSUtils { Debug::log("not using CURL due to open_basedir restrictions", Debug::$LOG_VERBOSE); } - if (time() - strtotime($last_unconditional) > MAX_CONDITIONAL_INTERVAL) { + if (time() - strtotime($last_unconditional) > Config::get(Config::MAX_CONDITIONAL_INTERVAL)) { Debug::log("maximum allowed interval for conditional requests exceeded, forcing refetch", Debug::$LOG_VERBOSE); $force_refetch = true; @@ -469,7 +471,7 @@ class RSSUtils { "url" => $fetch_url, "login" => $auth_login, "pass" => $auth_pass, - "timeout" => $no_cache ? FEED_FETCH_NO_CACHE_TIMEOUT : FEED_FETCH_TIMEOUT, + "timeout" => $no_cache ? Config::get(Config::FEED_FETCH_NO_CACHE_TIMEOUT) : Config::get(Config::FEED_FETCH_TIMEOUT), "last_modified" => $force_refetch ? "" : $stored_last_modified ]); @@ -488,7 +490,7 @@ class RSSUtils { } // cache vanilla feed data for re-use - if ($feed_data && !$auth_pass && !$auth_login && is_writable(CACHE_DIR . "/feeds")) { + if ($feed_data && !$auth_pass && !$auth_login && is_writable(Config::get(Config::CACHE_DIR) . "/feeds")) { $new_rss_hash = sha1($feed_data); if ($new_rss_hash != $rss_hash) { @@ -561,7 +563,7 @@ class RSSUtils { Debug::log("language: $feed_language", Debug::$LOG_VERBOSE); Debug::log("processing feed data...", Debug::$LOG_VERBOSE); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $favicon_interval_qpart = "favicon_last_checked < NOW() - INTERVAL '12 hour'"; } else { $favicon_interval_qpart = "favicon_last_checked < DATE_SUB(NOW(), INTERVAL 12 HOUR)"; @@ -591,10 +593,10 @@ class RSSUtils { /* terrible hack: if we crash on floicon shit here, we won't check * the icon avgcolor again (unless the icon got updated) */ - $favicon_file = ICONS_DIR . "/$feed.ico"; + $favicon_file = Config::get(Config::ICONS_DIR) . "/$feed.ico"; $favicon_modified = file_exists($favicon_file) ? filemtime($favicon_file) : -1; - Debug::log("checking favicon...", Debug::$LOG_VERBOSE); + Debug::log("checking favicon for feed $feed...", Debug::$LOG_VERBOSE); self::check_feed_favicon($site_url, $feed); $favicon_modified_new = file_exists($favicon_file) ? filemtime($favicon_file) : -1; @@ -610,7 +612,7 @@ class RSSUtils { id = ?"); $sth->execute([$feed]); - $favicon_color = calculate_avg_color($favicon_file); + $favicon_color = \Colors\calculate_avg_color($favicon_file); $favicon_colorstring = ",favicon_avg_color = " . $pdo->quote($favicon_color); @@ -723,9 +725,9 @@ class RSSUtils { if ($row = $sth->fetch()) { $base_entry_id = $row["id"]; $entry_stored_hash = $row["content_hash"]; - $article_labels = Article::get_article_labels($base_entry_id, $owner_uid); + $article_labels = Article::_get_labels($base_entry_id, $owner_uid); - $existing_tags = Article::get_article_tags($base_entry_id, $owner_uid); + $existing_tags = Article::_get_tags($base_entry_id, $owner_uid); $entry_tags = array_unique(array_merge($entry_tags, $existing_tags)); } else { $base_entry_id = false; @@ -739,7 +741,7 @@ class RSSUtils { $enclosures = array(); - $encs = $item->get_enclosures(); + $encs = $item->_get_enclosures(); if (is_array($encs)) { foreach ($encs as $e) { @@ -755,7 +757,7 @@ class RSSUtils { $e->type, $e->length, $e->title, $e->width, $e->height); // Yet another episode of "mysql utf8_general_ci is gimped" - if (DB_TYPE == "mysql" && MYSQL_CHARSET != "UTF8MB4") { + if (Config::get(Config::DB_TYPE) == "mysql" && Config::get(Config::MYSQL_CHARSET) != "UTF8MB4") { for ($i = 0; $i < count($e_item); $i++) { if (is_string($e_item[$i])) { $e_item[$i] = self::strip_utf8mb4($e_item[$i]); @@ -833,7 +835,7 @@ class RSSUtils { Debug::log("plugin data: $entry_plugin_data", Debug::$LOG_VERBOSE); // Workaround: 4-byte unicode requires utf8mb4 in MySQL. See https://tt-rss.org/forum/viewtopic.php?f=1&t=3377&p=20077#p20077 - if (DB_TYPE == "mysql" && MYSQL_CHARSET != "UTF8MB4") { + if (Config::get(Config::DB_TYPE) == "mysql" && Config::get(Config::MYSQL_CHARSET) != "UTF8MB4") { foreach ($article as $k => $v) { // i guess we'll have to take the risk of 4byte unicode labels & tags here if (is_string($article[$k])) { @@ -1079,7 +1081,7 @@ class RSSUtils { Debug::log("resulting RID: $entry_ref_id, IID: $entry_int_id", Debug::$LOG_VERBOSE); - if (DB_TYPE == "pgsql") + if (Config::get(Config::DB_TYPE) == "pgsql") $tsvector_qpart = "tsvector_combined = to_tsvector(:ts_lang, :ts_content),"; else $tsvector_qpart = ""; @@ -1107,7 +1109,7 @@ class RSSUtils { ":lang" => $entry_language, ":id" => $ref_id]; - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $params[":ts_lang"] = $feed_language; $params[":ts_content"] = mb_substr(strip_tags($entry_title . " " . $entry_content), 0, 900000); } @@ -1239,7 +1241,7 @@ class RSSUtils { Debug::log("purging feed...", Debug::$LOG_VERBOSE); - Feeds::purge_feed($feed, 0); + Feeds::_purge($feed, 0); $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_updated = NOW(), @@ -1281,7 +1283,7 @@ class RSSUtils { static function cache_enclosures($enclosures, $site_url) { $cache = new DiskCache("images"); - if ($cache->isWritable()) { + if ($cache->is_writable()) { foreach ($enclosures as $enc) { if (preg_match("/(image|audio|video)/", $enc[1])) { @@ -1298,7 +1300,7 @@ class RSSUtils { $file_content = UrlHelper::fetch(array("url" => $src, "http_referrer" => $src, - "max_size" => MAX_CACHE_FILE_SIZE)); + "max_size" => Config::get(Config::MAX_CACHE_FILE_SIZE))); if ($file_content) { $cache->put($local_filename, $file_content); @@ -1328,14 +1330,14 @@ class RSSUtils { $file_content = UrlHelper::fetch(array("url" => $url, "http_referrer" => $url, - "max_size" => MAX_CACHE_FILE_SIZE)); + "max_size" => Config::get(Config::MAX_CACHE_FILE_SIZE))); if ($file_content) { $cache->put($local_filename, $file_content); } else { Debug::log("cache_media: failed with $fetch_last_error_code: $fetch_last_error"); } - } else if ($cache->isWritable($local_filename)) { + } else if ($cache->is_writable($local_filename)) { $cache->touch($local_filename); } } @@ -1344,7 +1346,7 @@ class RSSUtils { static function cache_media($html, $site_url) { $cache = new DiskCache("images"); - if ($html && $cache->isWritable()) { + if ($html && $cache->is_writable()) { $doc = new DOMDocument(); if (@$doc->loadHTML($html)) { $xpath = new DOMXPath($doc); @@ -1375,7 +1377,7 @@ class RSSUtils { $pdo = Db::pdo(); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $pdo->query("DELETE FROM ttrss_error_log WHERE created_at < NOW() - INTERVAL '7 days'"); } else { @@ -1396,8 +1398,8 @@ class RSSUtils { $num_deleted = 0; - if (is_writable(LOCK_DIRECTORY)) { - $files = glob(LOCK_DIRECTORY . "/*.lock"); + if (is_writable(Config::get(Config::LOCK_DIRECTORY))) { + $files = glob(Config::get(Config::LOCK_DIRECTORY) . "/*.lock"); if ($files) { foreach ($files as $file) { @@ -1581,17 +1583,17 @@ class RSSUtils { } static function disable_failed_feeds() { - if (defined('DAEMON_UNSUCCESSFUL_DAYS_LIMIT') && DAEMON_UNSUCCESSFUL_DAYS_LIMIT > 0) { + if (Config::get(Config::DAEMON_UNSUCCESSFUL_DAYS_LIMIT) > 0) { $pdo = Db::pdo(); $pdo->beginTransaction(); - $days = DAEMON_UNSUCCESSFUL_DAYS_LIMIT; + $days = Config::get(Config::DAEMON_UNSUCCESSFUL_DAYS_LIMIT); - if (DB_TYPE == "pgsql") { + if (Config::get(Config::DB_TYPE) == "pgsql") { $interval_query = "last_successful_update < NOW() - INTERVAL '$days days' AND last_updated > NOW() - INTERVAL '1 days'"; - } else /* if (DB_TYPE == "mysql") */ { + } else /* if (Config::get(Config::DB_TYPE) == "mysql") */ { $interval_query = "last_successful_update < DATE_SUB(NOW(), INTERVAL $days DAY) AND last_updated > DATE_SUB(NOW(), INTERVAL 1 DAY)"; } @@ -1604,10 +1606,10 @@ class RSSUtils { while ($row = $sth->fetch()) { Logger::get()->log(E_USER_NOTICE, sprintf("Auto disabling feed %d (%s, UID: %d) because it failed to update for %d days.", - $row["id"], clean($row["title"]), $row["owner_uid"], DAEMON_UNSUCCESSFUL_DAYS_LIMIT)); + $row["id"], clean($row["title"]), $row["owner_uid"], Config::get(Config::DAEMON_UNSUCCESSFUL_DAYS_LIMIT))); Debug::log(sprintf("Auto-disabling feed %d (%s) (failed to update for %d days).", $row["id"], - clean($row["title"]), DAEMON_UNSUCCESSFUL_DAYS_LIMIT)); + clean($row["title"]), Config::get(Config::DAEMON_UNSUCCESSFUL_DAYS_LIMIT))); } $sth = $pdo->prepare("UPDATE ttrss_feeds SET update_interval = -1 WHERE @@ -1636,65 +1638,74 @@ class RSSUtils { self::cleanup_feed_icons(); self::disable_failed_feeds(); - Article::purge_orphans(); + Article::_purge_orphans(); self::cleanup_counters_cache(); PluginHost::getInstance()->run_hooks(PluginHost::HOOK_HOUSE_KEEPING); } static function check_feed_favicon($site_url, $feed) { - # print "FAVICON [$site_url]: $favicon_url\n"; - - $icon_file = ICONS_DIR . "/$feed.ico"; + $icon_file = Config::get(Config::ICONS_DIR) . "/$feed.ico"; - if (!file_exists($icon_file)) { - $favicon_url = self::get_favicon_url($site_url); + $favicon_url = self::get_favicon_url($site_url); + if (!$favicon_url) { + Debug::log("couldn't find favicon URL in $site_url", Debug::$LOG_VERBOSE); + return false; + } - if ($favicon_url) { - // Limiting to "image" type misses those served with text/plain - $contents = UrlHelper::fetch($favicon_url); // , "image"); + // Limiting to "image" type misses those served with text/plain + $contents = UrlHelper::fetch([ + 'url' => $favicon_url, + 'max_size' => Config::get(Config::MAX_FAVICON_FILE_SIZE), + //'type' => 'image', + ]); + if (!$contents) { + Debug::log("fetching favicon $favicon_url failed", Debug::$LOG_VERBOSE); + return false; + } - if ($contents) { - // Crude image type matching. - // Patterns gleaned from the file(1) source code. - if (preg_match('/^\x00\x00\x01\x00/', $contents)) { - // 0 string \000\000\001\000 MS Windows icon resource - //error_log("check_feed_favicon: favicon_url=$favicon_url isa MS Windows icon resource"); - } - elseif (preg_match('/^GIF8/', $contents)) { - // 0 string GIF8 GIF image data - //error_log("check_feed_favicon: favicon_url=$favicon_url isa GIF image"); - } - elseif (preg_match('/^\x89PNG\x0d\x0a\x1a\x0a/', $contents)) { - // 0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data - //error_log("check_feed_favicon: favicon_url=$favicon_url isa PNG image"); - } - elseif (preg_match('/^\xff\xd8/', $contents)) { - // 0 beshort 0xffd8 JPEG image data - //error_log("check_feed_favicon: favicon_url=$favicon_url isa JPG image"); - } - elseif (preg_match('/^BM/', $contents)) { - // 0 string BM PC bitmap (OS2, Windows BMP files) - //error_log("check_feed_favicon, favicon_url=$favicon_url isa BMP image"); - } - else { - //error_log("check_feed_favicon: favicon_url=$favicon_url isa UNKNOWN type"); - $contents = ""; - } - } + // Crude image type matching. + // Patterns gleaned from the file(1) source code. + if (preg_match('/^\x00\x00\x01\x00/', $contents)) { + // 0 string \000\000\001\000 MS Windows icon resource + //error_log("check_feed_favicon: favicon_url=$favicon_url isa MS Windows icon resource"); + } + elseif (preg_match('/^GIF8/', $contents)) { + // 0 string GIF8 GIF image data + //error_log("check_feed_favicon: favicon_url=$favicon_url isa GIF image"); + } + elseif (preg_match('/^\x89PNG\x0d\x0a\x1a\x0a/', $contents)) { + // 0 string \x89PNG\x0d\x0a\x1a\x0a PNG image data + //error_log("check_feed_favicon: favicon_url=$favicon_url isa PNG image"); + } + elseif (preg_match('/^\xff\xd8/', $contents)) { + // 0 beshort 0xffd8 JPEG image data + //error_log("check_feed_favicon: favicon_url=$favicon_url isa JPG image"); + } + elseif (preg_match('/^BM/', $contents)) { + // 0 string BM PC bitmap (OS2, Windows BMP files) + //error_log("check_feed_favicon, favicon_url=$favicon_url isa BMP image"); + } + else { + //error_log("check_feed_favicon: favicon_url=$favicon_url isa UNKNOWN type"); + Debug::log("favicon $favicon_url type is unknown (not updating)", Debug::$LOG_VERBOSE); + return false; + } - if ($contents) { - $fp = @fopen($icon_file, "w"); + Debug::log("setting contents of $icon_file", Debug::$LOG_VERBOSE); - if ($fp) { - fwrite($fp, $contents); - fclose($fp); - chmod($icon_file, 0644); - } - } - } - return $icon_file; + $fp = @fopen($icon_file, "w"); + if (!$fp) { + Debug::log("failed to open $icon_file for writing", Debug::$LOG_VERBOSE); + return false; } + + fwrite($fp, $contents); + fclose($fp); + chmod($icon_file, 0644); + clearstatcache(); + + return $icon_file; } static function is_gzipped($feed_data) { @@ -1706,7 +1717,7 @@ class RSSUtils { $filters = array(); $feed_id = (int) $feed_id; - $cat_id = (int)Feeds::getFeedCategory($feed_id); + $cat_id = (int)Feeds::_cat_of_feed($feed_id); if ($cat_id == 0) $null_cat_qpart = "cat_id IS NULL OR"; @@ -1720,7 +1731,7 @@ class RSSUtils { $sth->execute([$owner_uid]); $check_cats = array_merge( - Feeds::getParentCategories($cat_id, $owner_uid), + Feeds::_get_parent_cats($cat_id, $owner_uid), [$cat_id]); $check_cats_str = join(",", $check_cats); diff --git a/classes/urlhelper.php b/classes/urlhelper.php index 8717d02c3..bf2e22a76 100644 --- a/classes/urlhelper.php +++ b/classes/urlhelper.php @@ -123,9 +123,9 @@ class UrlHelper { 'protocol_version'=> 1.1) ); - if (defined('_HTTP_PROXY')) { + if (Config::get(Config::HTTP_PROXY)) { $context_options['http']['request_fulluri'] = true; - $context_options['http']['proxy'] = _HTTP_PROXY; + $context_options['http']['proxy'] = Config::get(Config::HTTP_PROXY); } $context = stream_context_create($context_options); @@ -209,7 +209,7 @@ class UrlHelper { $last_modified = isset($options["last_modified"]) ? $options["last_modified"] : ""; $useragent = isset($options["useragent"]) ? $options["useragent"] : false; $followlocation = isset($options["followlocation"]) ? $options["followlocation"] : true; - $max_size = isset($options["max_size"]) ? $options["max_size"] : MAX_DOWNLOAD_FILE_SIZE; // in bytes + $max_size = isset($options["max_size"]) ? $options["max_size"] : Config::get(Config::MAX_DOWNLOAD_FILE_SIZE); // in bytes $http_accept = isset($options["http_accept"]) ? $options["http_accept"] : false; $http_referrer = isset($options["http_referrer"]) ? $options["http_referrer"] : false; @@ -231,7 +231,7 @@ class UrlHelper { return false; } - if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) { + if (function_exists('curl_init') && !ini_get("open_basedir")) { $fetch_curl_used = true; @@ -250,8 +250,8 @@ class UrlHelper { if (count($curl_http_headers) > 0) curl_setopt($ch, CURLOPT_HTTPHEADER, $curl_http_headers); - curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout ? $timeout : FILE_FETCH_CONNECT_TIMEOUT); - curl_setopt($ch, CURLOPT_TIMEOUT, $timeout ? $timeout : FILE_FETCH_TIMEOUT); + curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout ? $timeout : Config::get(Config::FILE_FETCH_CONNECT_TIMEOUT)); + curl_setopt($ch, CURLOPT_TIMEOUT, $timeout ? $timeout : Config::get(Config::FILE_FETCH_TIMEOUT)); curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("open_basedir") && $followlocation); curl_setopt($ch, CURLOPT_MAXREDIRS, 20); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); @@ -283,8 +283,8 @@ class UrlHelper { curl_setopt($ch, CURLOPT_COOKIEJAR, "/dev/null"); } - if (defined('_HTTP_PROXY')) { - curl_setopt($ch, CURLOPT_PROXY, _HTTP_PROXY); + if (Config::get(Config::HTTP_PROXY)) { + curl_setopt($ch, CURLOPT_PROXY, Config::get(Config::HTTP_PROXY)); } if ($post_query) { @@ -395,7 +395,7 @@ class UrlHelper { ), 'method' => 'GET', 'ignore_errors' => true, - 'timeout' => $timeout ? $timeout : FILE_FETCH_TIMEOUT, + 'timeout' => $timeout ? $timeout : Config::get(Config::FILE_FETCH_TIMEOUT), 'protocol_version'=> 1.1) ); @@ -408,16 +408,16 @@ class UrlHelper { if ($http_referrer) array_push($context_options['http']['header'], "Referer: $http_referrer"); - if (defined('_HTTP_PROXY')) { + if (Config::get(Config::HTTP_PROXY)) { $context_options['http']['request_fulluri'] = true; - $context_options['http']['proxy'] = _HTTP_PROXY; + $context_options['http']['proxy'] = Config::get(Config::HTTP_PROXY); } $context = stream_context_create($context_options); $old_error = error_get_last(); - $fetch_effective_url = self::resolve_redirects($url, $timeout ? $timeout : FILE_FETCH_CONNECT_TIMEOUT); + $fetch_effective_url = self::resolve_redirects($url, $timeout ? $timeout : Config::get(Config::FILE_FETCH_CONNECT_TIMEOUT)); if (!self::validate($fetch_effective_url, true)) { $fetch_last_error = "URL received after redirection failed extended validation."; diff --git a/classes/userhelper.php b/classes/userhelper.php index c9c4dd102..82a2fe05f 100644 --- a/classes/userhelper.php +++ b/classes/userhelper.php @@ -2,7 +2,7 @@ class UserHelper { static function authenticate(string $login = null, string $password = null, bool $check_only = false, string $service = null) { - if (!SINGLE_USER_MODE) { + if (!Config::get(Config::SINGLE_USER_MODE)) { $user_id = false; $auth_module = false; @@ -41,7 +41,7 @@ class UserHelper { $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']); $_SESSION["pwd_hash"] = $row["pwd_hash"]; - Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + Pref_Prefs::_init_user_prefs($_SESSION["uid"]); return true; } @@ -64,7 +64,7 @@ class UserHelper { $_SESSION["ip_address"] = UserHelper::get_user_ip(); - Pref_Prefs::initialize_user_prefs($_SESSION["uid"]); + Pref_Prefs::_init_user_prefs($_SESSION["uid"]); return true; } @@ -88,26 +88,26 @@ class UserHelper { static function login_sequence() { $pdo = Db::pdo(); - if (SINGLE_USER_MODE) { + if (Config::get(Config::SINGLE_USER_MODE)) { @session_start(); self::authenticate("admin", null); startup_gettext(); self::load_user_plugins($_SESSION["uid"]); } else { - if (!validate_session()) $_SESSION["uid"] = false; + if (!\Sessions\validate_session()) $_SESSION["uid"] = false; if (empty($_SESSION["uid"])) { - if (AUTH_AUTO_LOGIN && self::authenticate(null, null)) { + if (Config::get(Config::AUTH_AUTO_LOGIN) && self::authenticate(null, null)) { $_SESSION["ref_schema_version"] = get_schema_version(true); } else { self::authenticate(null, null, true); } if (empty($_SESSION["uid"])) { - Pref_Users::logout_user(); + UserHelper::logout(); - Handler_Public::render_login_form(); + Handler_Public::_render_login_form(); exit; } @@ -157,4 +157,46 @@ class UserHelper { return false; } + + static function logout() { + if (session_status() === PHP_SESSION_ACTIVE) + session_destroy(); + + if (isset($_COOKIE[session_name()])) { + setcookie(session_name(), '', time()-42000, '/'); + + } + session_commit(); + } + + static function reset_password($uid, $format_output = false) { + + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT login FROM ttrss_users WHERE id = ?"); + $sth->execute([$uid]); + + if ($row = $sth->fetch()) { + + $login = $row["login"]; + + $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250); + $tmp_user_pwd = make_password(); + + $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); + + $sth = $pdo->prepare("UPDATE ttrss_users + SET pwd_hash = ?, salt = ?, otp_enabled = false + WHERE id = ?"); + $sth->execute([$pwd_hash, $new_salt, $uid]); + + $message = T_sprintf("Changed password of user %s to %s", "<strong>$login</strong>", "<strong>$tmp_user_pwd</strong>"); + + if ($format_output) + print_notice($message); + else + print $message; + + } + } } |