diff options
Diffstat (limited to 'classes')
| -rwxr-xr-x | classes/article.php | 28 | ||||
| -rw-r--r-- | classes/handler/protected.php | 2 | ||||
| -rwxr-xr-x | classes/handler/public.php | 22 | ||||
| -rwxr-xr-x | classes/pref/feeds.php | 2 | ||||
| -rw-r--r-- | classes/pref/prefs.php | 8 | ||||
| -rw-r--r-- | classes/pref/system.php | 20 | ||||
| -rwxr-xr-x | classes/rpc.php | 17 |
7 files changed, 52 insertions, 47 deletions
diff --git a/classes/article.php b/classes/article.php index 6d3746968..7f5311668 100755 --- a/classes/article.php +++ b/classes/article.php @@ -5,7 +5,7 @@ class Article extends Handler_Protected { const ARTICLE_KIND_YOUTUBE = 3; function redirect() { - $id = clean($_REQUEST['id']); + $id = (int) clean($_REQUEST['id'] ?? 0); $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = ? AND id = ref_id AND owner_uid = ? @@ -13,11 +13,14 @@ class Article extends Handler_Protected { $sth->execute([$id, $_SESSION['uid']]); if ($row = $sth->fetch()) { - $article_url = $row['link']; - $article_url = str_replace("\n", "", $article_url); + $article_url = UrlHelper::validate(str_replace("\n", "", $row['link'])); - header("Location: $article_url"); - return; + if ($article_url) { + header("Location: $article_url"); + } else { + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "URL of article $id is blank."; + } } else { print_error(__("Article not found.")); @@ -595,6 +598,21 @@ class Article extends Handler_Protected { </div>"; } + function get_metadata_by_id() { + $id = clean($_REQUEST['id']); + + $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries + WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); + + if ($row = $sth->fetch()) { + $link = $row['link']; + $title = $row['title']; + + echo json_encode(["link" => $link, "title" => $title]); + } + } + static function get_article_enclosures($id) { $pdo = Db::pdo(); diff --git a/classes/handler/protected.php b/classes/handler/protected.php index 765b17480..8e9e5ca1d 100644 --- a/classes/handler/protected.php +++ b/classes/handler/protected.php @@ -2,6 +2,6 @@ class Handler_Protected extends Handler { function before($method) { - return parent::before($method) && $_SESSION['uid']; + return parent::before($method) && !empty($_SESSION['uid']); } } diff --git a/classes/handler/public.php b/classes/handler/public.php index fca471122..db8a924ad 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -163,7 +163,7 @@ class Handler_Public extends Handler { $tpl->addBlock('feed'); $tpl->generateOutputToString($tmp); - if (@!clean($_REQUEST["noxml"])) { + if (empty($_REQUEST["noxml"])) { header("Content-Type: text/xml; charset=utf-8"); } else { header("Content-Type: text/plain; charset=utf-8"); @@ -460,19 +460,17 @@ class Handler_Public extends Handler { function rss() { $feed = clean($_REQUEST["id"]); $key = clean($_REQUEST["key"]); - $is_cat = clean($_REQUEST["is_cat"]); - $limit = (int)clean($_REQUEST["limit"]); - $offset = (int)clean($_REQUEST["offset"]); + $is_cat = clean($_REQUEST["is_cat"] ?? false); + $limit = (int)clean($_REQUEST["limit"] ?? 0); + $offset = (int)clean($_REQUEST["offset"] ?? 0); - $search = clean($_REQUEST["q"]); - $view_mode = clean($_REQUEST["view-mode"]); - $order = clean($_REQUEST["order"]); - $start_ts = clean($_REQUEST["ts"]); + $search = clean($_REQUEST["q"] ?? ""); + $view_mode = clean($_REQUEST["view-mode"] ?? ""); + $order = clean($_REQUEST["order"] ?? ""); + $start_ts = (int)clean($_REQUEST["ts"] ?? 0); - $format = clean($_REQUEST['format']); - $orig_guid = clean($_REQUEST["orig_guid"]); - - if (!$format) $format = 'atom'; + $format = clean($_REQUEST['format'] ?? "atom"); + $orig_guid = clean($_REQUEST["orig_guid"] ?? false); if (SINGLE_USER_MODE) { UserHelper::authenticate("admin", null); diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 47e5689ec..ff9e69336 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -1394,7 +1394,7 @@ class Pref_Feeds extends Handler_Protected { print "<button dojoType='dijit.form.Button' class='alt-primary' onclick='CommonDialogs.generatedFeed(-2, false, \"$rss_url\", \"".__("Published articles")."\")'>". __('Display URL')."</button> - <button class='alt-danger' dojoType='dijit.form.Button' onclick='return Helpers.clearFeedAccessKeys()'>". + <button class='alt-danger' dojoType='dijit.form.Button' onclick='return Helpers.Feeds.clearFeedAccessKeys()'>". __('Clear all generated URLs')."</button> "; PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "prefFeedsPublishedGenerated"); diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index d40dc87c0..cfe63ce85 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -715,7 +715,7 @@ class Pref_Prefs extends Handler_Protected { print "</select>"; print " <button dojoType=\"dijit.form.Button\" class='alt-info' - onclick=\"Helpers.customizeCSS()\">" . __('Customize') . "</button>"; + onclick=\"Helpers.Prefs.customizeCSS()\">" . __('Customize') . "</button>"; print " <button dojoType='dijit.form.Button' onclick='window.open(\"https://tt-rss.org/wiki/Themes\")'> <i class='material-icons'>open_in_new</i> ".__("More themes...")."</button>"; @@ -830,10 +830,10 @@ class Pref_Prefs extends Handler_Protected { </div> </div>"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return Helpers.editProfiles()\">". + print "<button dojoType=\"dijit.form.Button\" onclick=\"return Helpers.Profiles.edit()\">". __('Manage profiles')."</button> "; - print "<button dojoType=\"dijit.form.Button\" class=\"alt-danger\" onclick=\"return Helpers.confirmReset()\">". + print "<button dojoType=\"dijit.form.Button\" class=\"alt-danger\" onclick=\"return Helpers.Prefs.confirmReset()\">". __('Reset to defaults')."</button>"; print " "; @@ -968,7 +968,7 @@ class Pref_Prefs extends Handler_Protected { if (count($tmppluginhost->get_all($plugin)) > 0) { if (in_array($name, $system_enabled) || in_array($name, $user_enabled)) { print " <button dojoType='dijit.form.Button' - onclick=\"Helpers.clearPluginData('$name')\"> + onclick=\"Helpers.Prefs.clearPluginData('$name')\"> <i class='material-icons'>clear</i> ".__("Clear data")."</button>"; } } diff --git a/classes/pref/system.php b/classes/pref/system.php index d91339698..a7512915a 100644 --- a/classes/pref/system.php +++ b/classes/pref/system.php @@ -25,6 +25,15 @@ class Pref_System extends Handler_Protected { $this->pdo->query("DELETE FROM ttrss_error_log"); } + function getphpinfo() { + ob_start(); + phpinfo(); + $info = ob_get_contents(); + ob_end_clean(); + + print preg_replace( '%^.*<body>(.*)</body>.*$%ms','$1', $info); + } + private function log_viewer(int $page, int $severity) { $errno_values = []; @@ -167,14 +176,11 @@ class Pref_System extends Handler_Protected { print "<div dojoType='dijit.layout.AccordionPane' title='<i class=\"material-icons\">info</i> ".__('PHP Information')."'>"; - ob_start(); - phpinfo(); - $info = ob_get_contents(); - ob_end_clean(); + print "<script type='dojo/method' event='onSelected' args='evt'> + Helpers.System.getPHPInfo(this); + </script>"; - print "<div class='phpinfo'>"; - print preg_replace( '%^.*<body>(.*)</body>.*$%ms','$1', $info); - print "</div>"; + print "<div class='phpinfo'>" . __("Loading, please wait...") . "</div>"; print "</div>"; # accordion pane diff --git a/classes/rpc.php b/classes/rpc.php index f8af1d660..f6b57775d 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -382,23 +382,6 @@ class RPC extends Handler_Protected { $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - function getlinktitlebyid() { - $id = clean($_REQUEST['id']); - - $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries - WHERE ref_id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $_SESSION['uid']]); - - if ($row = $sth->fetch()) { - $link = $row['link']; - $title = $row['title']; - - echo json_encode(array("link" => $link, "title" => $title)); - } else { - echo json_encode(array("error" => "ARTICLE_NOT_FOUND")); - } - } - function log() { $msg = clean($_REQUEST['msg']); $file = basename(clean($_REQUEST['file'])); |