diff options
Diffstat (limited to 'include/functions.php')
| -rw-r--r-- | include/functions.php | 53 |
1 files changed, 40 insertions, 13 deletions
diff --git a/include/functions.php b/include/functions.php index c326ac468..0f5464990 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1,6 +1,6 @@ <?php define('EXPECTED_CONFIG_VERSION', 26); - define('SCHEMA_VERSION', 138); + define('SCHEMA_VERSION', 139); define('LABEL_BASE_INDEX', -1024); define('PLUGIN_FEED_BASE_INDEX', -128); @@ -63,6 +63,11 @@ define_default('MAX_CONDITIONAL_INTERVAL', 3600*12); // max interval between forced unconditional updates for servers // not complying with http if-modified-since (seconds) + define_default('MAX_FETCH_REQUESTS_PER_HOST', 25); + // a maximum amount of allowed HTTP requests per destination host + // during a single update (i.e. within PHP process lifetime) + // this is used to not cause excessive load on the origin server on + // e.g. feed subscription when all articles are being processes /* tunables end here */ @@ -159,6 +164,12 @@ Debug::log($msg); } + function reset_fetch_domain_quota() { + global $fetch_domain_hits; + + $fetch_domain_hits = []; + } + // TODO: max_size currently only works for CURL transfers // TODO: multiple-argument way is deprecated, first parameter is a hash now function fetch_file_contents($options /* previously: 0: $url , 1: $type = false, 2: $login = false, 3: $pass = false, @@ -171,6 +182,7 @@ global $fetch_last_modified; global $fetch_effective_url; global $fetch_curl_used; + global $fetch_domain_hits; $fetch_last_error = false; $fetch_last_error_code = -1; @@ -180,6 +192,9 @@ $fetch_last_modified = ""; $fetch_effective_url = ""; + if (!is_array($fetch_domain_hits)) + $fetch_domain_hits = []; + if (!is_array($options)) { // falling back on compatibility shim @@ -215,6 +230,7 @@ $followlocation = isset($options["followlocation"]) ? $options["followlocation"] : true; $max_size = isset($options["max_size"]) ? $options["max_size"] : MAX_DOWNLOAD_FILE_SIZE; // in bytes $http_accept = isset($options["http_accept"]) ? $options["http_accept"] : false; + $http_referrer = isset($options["http_referrer"]) ? $options["http_referrer"] : false; $url = ltrim($url, ' '); $url = str_replace(' ', '%20', $url); @@ -222,6 +238,14 @@ if (strpos($url, "//") === 0) $url = 'http:' . $url; + $url_host = parse_url($url, PHP_URL_HOST); + $fetch_domain_hits[$url_host] += 1; + + if ($fetch_domain_hits[$url_host] > MAX_FETCH_REQUESTS_PER_HOST) { + user_error("Exceeded fetch request quota for $url_host: " . $fetch_domain_hits[$url_host], E_USER_WARNING); + #return false; + } + if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) { $fetch_curl_used = true; @@ -250,7 +274,9 @@ curl_setopt($ch, CURLOPT_USERAGENT, $useragent ? $useragent : SELF_USER_AGENT); curl_setopt($ch, CURLOPT_ENCODING, ""); - //curl_setopt($ch, CURLOPT_REFERER, $url); + + if ($http_referrer) + curl_setopt($ch, CURLOPT_REFERER, $http_referrer); if ($max_size) { curl_setopt($ch, CURLOPT_NOPROGRESS, false); @@ -378,6 +404,9 @@ if ($http_accept) array_push($context_options['http']['header'], "Accept: $http_accept"); + if ($http_referrer) + array_push($context_options['http']['header'], "Referer: $http_referrer"); + if (defined('_HTTP_PROXY')) { $context_options['http']['request_fulluri'] = true; $context_options['http']['proxy'] = _HTTP_PROXY; @@ -509,7 +538,7 @@ return ""; } - function authenticate_user($login, $password, $check_only = false) { + function authenticate_user($login, $password, $check_only = false, $service = false) { if (!SINGLE_USER_MODE) { $user_id = false; @@ -517,7 +546,7 @@ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_AUTH_USER) as $plugin) { - $user_id = (int) $plugin->authenticate($login, $password); + $user_id = (int) $plugin->authenticate($login, $password, $service); if ($user_id) { $auth_module = strtolower(get_class($plugin)); @@ -593,7 +622,7 @@ } function clean_filename($filename) { - return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename)); + return basename(preg_replace("/\.\.|[\/\\\]/", "", clean($filename))); } function make_password($length = 12) { @@ -1013,10 +1042,10 @@ __("Navigation") => array( "next_feed" => __("Open next feed"), "prev_feed" => __("Open previous feed"), - "next_article" => __("Open next article"), - "prev_article" => __("Open previous article"), - "next_article_noscroll" => __("Open next article (don't scroll long articles)"), - "prev_article_noscroll" => __("Open previous article (don't scroll long articles)"), + "next_article" => __("Open next article (scroll long articles)"), + "prev_article" => __("Open previous article (scroll long articles)"), + "next_article_noscroll" => __("Open next article"), + "prev_article_noscroll" => __("Open previous article"), "next_article_noexpand" => __("Move to next article (don't expand or mark read)"), "prev_article_noexpand" => __("Move to previous article (don't expand or mark read)"), "search_dialog" => __("Show search dialog")), @@ -1221,13 +1250,11 @@ } function iframe_whitelisted($entry) { - $whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com"); - @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); if ($src) { - foreach ($whitelist as $w) { - if ($src == $w || $src == "www.$w") + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_IFRAME_WHITELISTED) as $plugin) { + if ($plugin->hook_iframe_whitelisted($src)) return true; } } |