6 files changed, 106 insertions, 58 deletions

diff --git a/include/functions.php b/include/functions.php
index d783bd853..35124ba08 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1,6 +1,6 @@
 <?php
 	define('EXPECTED_CONFIG_VERSION', 26);
-	define('SCHEMA_VERSION', 126);
+	define('SCHEMA_VERSION', 127);
 
 	define('LABEL_BASE_INDEX', -1024);
 	define('PLUGIN_FEED_BASE_INDEX', -128);
@@ -14,6 +14,8 @@
 	$fetch_curl_used = false;
 	$suppress_debugging = false;
 
+	libxml_disable_entity_loader(true);
+
 	mb_internal_encoding("UTF-8");
 	date_default_timezone_set('UTC');
 	if (defined('E_DEPRECATED')) {
@@ -357,6 +359,9 @@
 		$url = ltrim($url, ' ');
 		$url = str_replace(' ', '%20', $url);
 
+		if (strpos($url, "//") === 0)
+			$url = 'http:' . $url;
+
 		if (!defined('NO_CURL') && function_exists('curl_init')) {
 
 			$fetch_curl_used = true;
@@ -403,10 +408,6 @@
 				curl_setopt($ch, CURLOPT_POSTFIELDS, $post_query);
 			}
 
-			if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
-				curl_setopt($ch, CURLOPT_SSLVERSION, 3);
-			}
-
 			if ($login && $pass)
 				curl_setopt($ch, CURLOPT_USERPWD, "$login:$pass");
 
@@ -805,10 +806,6 @@
 	function initialize_user($uid) {
 
 		db_query("insert into ttrss_feeds (owner_uid,title,feed_url)
-			values ('$uid', 'Tiny Tiny RSS: New Releases',
-			'http://tt-rss.org/releases.rss')");
-
-		db_query("insert into ttrss_feeds (owner_uid,title,feed_url)
 			values ('$uid', 'Tiny Tiny RSS: Forum',
 				'http://tt-rss.org/forum/rss.php')");
 	}
diff --git a/include/functions2.php b/include/functions2.php
index 69f447e8c..17d8acb3e 100644
--- a/include/functions2.php
+++ b/include/functions2.php
@@ -17,7 +17,10 @@
 		$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
 		$params["bw_limit"] = (int) $_SESSION["bw_limit"];
 		$params["label_base_index"] = (int) LABEL_BASE_INDEX;
-		$params["theme"] = get_pref("USER_CSS_THEME", false, false);
+
+		$theme = get_pref( "USER_CSS_THEME", false, false);
+		$params["theme"] = theme_valid("$theme") ? $theme : "";
+
 		$params["plugins"] = implode(", ", PluginHost::getInstance()->get_plugin_names());
 
 		$params["php_platform"] = PHP_OS;
@@ -200,6 +203,26 @@
 		return array($prefixes, $hotkeys);
 	}
 
+	function check_for_update() {
+		if (defined("GIT_VERSION_TIMESTAMP")) {
+			$content = @fetch_file_contents("http://tt-rss.org/version.json");
+
+			if ($content) {
+				$content = json_decode($content, true);
+
+				if ($content && isset($content["changeset"])) {
+					if ((int)GIT_VERSION_TIMESTAMP < (int)$content["changeset"]["timestamp"] &&
+						GIT_VERSION_HEAD != $content["changeset"]["id"]) {
+
+						return $content["changeset"]["id"];
+					}
+				}
+			}
+		}
+
+		return "";
+	}
+
 	function make_runtime_info() {
 		$data = array();
 
@@ -218,6 +241,15 @@
 		$data['dep_ts'] = calculate_dep_timestamp();
 		$data['reload_on_ts_change'] = !defined('_NO_RELOAD_ON_TS_CHANGE');
 
+
+		if (CHECK_FOR_UPDATES && $_SESSION["last_version_check"] + 86400 + rand(-1000, 1000) < time()) {
+			$update_result = @check_for_update();
+
+			$data["update_result"] = $update_result;
+
+			$_SESSION["last_version_check"] = time();
+		}
+
 		if (file_exists(LOCK_DIRECTORY . "/update_daemon.lock")) {
 
 			$data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock");
@@ -245,15 +277,6 @@
 			}
 		}
 
-		if ($_SESSION["last_version_check"] + 86400 + rand(-1000, 1000) < time()) {
-				$new_version_details = @check_for_update();
-
-				$data['new_version_available'] = (int) ($new_version_details != false);
-
-				$_SESSION["last_version_check"] = time();
-				$_SESSION["version_data"] = $new_version_details;
-		}
-
 		return $data;
 	}
 
@@ -826,6 +849,21 @@
 
 	}
 
+	function iframe_whitelisted($entry) {
+		$whitelist = array("youtube.com", "youtu.be", "vimeo.com");
+
+		@$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
+
+		if ($src) {
+			foreach ($whitelist as $w) {
+				if ($src == $w || $src == "www.$w")
+					return true;
+			}
+		}
+
+		return false;
+	}
+
 	function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
 		if (!$owner) $owner = $_SESSION["uid"];
 
@@ -894,8 +932,15 @@
 
 		$entries = $xpath->query('//iframe');
 		foreach ($entries as $entry) {
-			$entry->setAttribute('sandbox', 'allow-scripts');
-
+			if (!iframe_whitelisted($entry)) {
+				$entry->setAttribute('sandbox', 'allow-scripts');
+			} else {
+				if ($_SERVER['HTTPS'] == "on") {
+					$entry->setAttribute("src",
+						str_replace("http://", "https://",
+							$entry->getAttribute("src")));
+				}
+			}
 		}
 
 		$allowed_elements = array('a', 'address', 'audio', 'article', 'aside',
@@ -994,25 +1039,6 @@
 		return $doc;
 	}
 
-	function check_for_update() {
-		if (CHECK_FOR_NEW_VERSION && $_SESSION['access_level'] >= 10) {
-			$version_url = "http://tt-rss.org/version.php?ver=" . VERSION .
-				"&iid=" . sha1(SELF_URL_PATH);
-
-			$version_data = @fetch_file_contents($version_url);
-
-			if ($version_data) {
-				$version_data = json_decode($version_data, true);
-				if ($version_data && $version_data['version']) {
-					if (version_compare(VERSION_STATIC, $version_data['version']) == -1) {
-						return $version_data;
-					}
-				}
-			}
-		}
-		return false;
-	}
-
 	function catchupArticlesById($ids, $cmode, $owner_uid = false) {
 
 		if (!$owner_uid) $owner_uid = $_SESSION["uid"];
@@ -1958,8 +1984,8 @@
 	}
 
 	function getLastArticleId() {
-		$result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries
-			WHERE owner_uid = " . $_SESSION["uid"]);
+		$result = db_query("SELECT ref_id AS id FROM ttrss_user_entries
+			WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1");
 
 		if (db_num_rows($result) == 1) {
 			return db_fetch_result($result, 0, "id");
@@ -2243,10 +2269,6 @@
 			curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY);
 		}
 
-		if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
-			curl_setopt($curl, CURLOPT_SSLVERSION, 3);
-		}
-
 		$html = curl_exec($curl);
 
 		$status = curl_getinfo($curl);
@@ -2404,4 +2426,21 @@
 		return LABEL_BASE_INDEX - 1 + abs($feed);
 	}
 
+	function theme_valid($file) {
+		if ($file == "default.css" || $file == "night.css") return true; // needed for array_filter
+		$file = "themes/" . basename($file);
+
+		if (file_exists($file) && is_readable($file)) {
+			$fh = fopen($file, "r");
+
+			if ($fh) {
+				$header = fgets($fh);
+				fclose($fh);
+
+				return strpos($header, "supports-version:" . VERSION_STATIC) !== FALSE;
+			}
+		}
+
+		return false;
+	}
 ?>
diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index 6d9247a7b..9d3d89c7f 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -481,7 +481,7 @@
 
 			if (!$registered_title || $registered_title == "[Unknown]") {
 
-				$feed_title = db_escape_string($rss->get_title());
+				$feed_title = db_escape_string(mb_substr($rss->get_title(), 0, 199));
 
 				if ($feed_title) {
 					_debug("registering title: $feed_title", $debug_enabled);
@@ -683,6 +683,7 @@
 					"link" => $entry_link,
 					"tags" => $entry_tags,
 					"author" => $entry_author,
+					"force_catchup" => false, // ugly hack for the time being
 					"language" => $entry_language, // read only
 					"feed" => array("id" => $feed,
 						"fetch_url" => $fetch_url,
@@ -707,7 +708,11 @@
 					db_query("UPDATE ttrss_entries SET date_updated = NOW()
 						WHERE id = '$base_entry_id'");
 
-					continue;
+                    // if we allow duplicate posts, we have to continue to
+                    // create the user entries for this feed
+                    if (!get_pref("ALLOW_DUPLICATE_POSTS", $owner_uid, false)) {
+                        continue;
+                    }
 				}
 
 				_debug("hash differs, applying plugin filters:", $debug_enabled);
@@ -733,6 +738,9 @@
 				$entry_author = db_escape_string($article["author"]);
 				$entry_link = db_escape_string($article["link"]);
 				$entry_content = $article["content"]; // escaped below
+				$entry_force_catchup = $article["force_catchup"];
+
+				_debug("force catchup: $entry_force_catchup");
 
 				if ($cache_images && is_writable(CACHE_DIR . '/images'))
 					cache_images($entry_content, $site_url, $debug_enabled);
@@ -857,7 +865,7 @@
 
 						_debug("user record not found, creating...", $debug_enabled);
 
-						if ($score >= -500 && !find_article_filter($article_filters, 'catchup')) {
+						if ($score >= -500 && !find_article_filter($article_filters, 'catchup') && !$entry_force_catchup) {
 							$unread = 'true';
 							$last_read_qpart = 'NULL';
 						} else {
@@ -879,7 +887,7 @@
 
 						// N-grams
 
-						if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_DUPLICATE_THRESHOLD')) {
+						/* if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_DUPLICATE_THRESHOLD')) {
 
 							$result = db_query("SELECT COUNT(*) AS similar FROM
 									ttrss_entries,ttrss_user_entries
@@ -894,7 +902,7 @@
 							if ($ngram_similar > 0) {
 								$unread = 'false';
 							}
-						}
+						} */
 
 						$last_marked = ($marked == 'true') ? 'NOW()' : 'NULL';
 						$last_published = ($published == 'true') ? 'NOW()' : 'NULL';
diff --git a/include/sanity_config.php b/include/sanity_config.php
index 76fba4b81..6120e5fe0 100644
--- a/include/sanity_config.php
+++ b/include/sanity_config.php
@@ -1,3 +1,3 @@
-<?php # This file has been generated at:  Fri Sep 27 13:42:37 MSK 2013
+<?php # This file has been generated at:  Tue Feb 3 14:45:46 MSK 2015
 define('GENERATED_CONFIG_CHECK', 26);
-$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_NEW_VERSION', 'DETECT_ARTICLE_LANGUAGE', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
+$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'SMTP_SECURE', 'CHECK_FOR_UPDATES', 'DETECT_ARTICLE_LANGUAGE', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'LOG_DESTINATION', 'CONFIG_VERSION'); ?>
diff --git a/include/sessions.php b/include/sessions.php
index 66214afe7..30d502641 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -39,7 +39,7 @@
 	function validate_session() {
 		if (SINGLE_USER_MODE) return true;
 
-		if (VERSION_STATIC != $_SESSION["version"]) return false;
+		//if (VERSION_STATIC != $_SESSION["version"]) return false;
 
 		$check_ip = $_SESSION['ip_address'];
 
@@ -62,17 +62,17 @@
 			return false;
 		}
 
-		if ($_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
+		if (isset($_SESSION["ref_schema_version"]) && $_SESSION["ref_schema_version"] != session_get_schema_version(true)) {
 			$_SESSION["login_error_msg"] =
 				__("Session failed to validate (schema version changed)");
 			return false;
 		}
 
-		if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
+		/* if (sha1($_SERVER['HTTP_USER_AGENT']) != $_SESSION["user_agent"]) {
 			$_SESSION["login_error_msg"] =
 				__("Session failed to validate (user agent changed)");
 			return false;
-		}
+		} */
 
 		if ($_SESSION["uid"]) {
 			$result = Db::get()->query(
diff --git a/include/version.php b/include/version.php
index 8d7cf2de7..34c11e6e7 100644
--- a/include/version.php
+++ b/include/version.php
@@ -1,5 +1,5 @@
 <?php
-	define('VERSION_STATIC', '1.13');
+	define('VERSION_STATIC', '1.15.3');
 
 	function get_version() {
 		date_default_timezone_set('UTC');
@@ -8,6 +8,10 @@
 		if (is_dir("$root_dir/.git") && file_exists("$root_dir/.git/refs/heads/master")) {
 
 			$suffix = substr(trim(file_get_contents("$root_dir/.git/refs/heads/master")), 0, 7);
+			$timestamp = filemtime("$root_dir/.git/refs/heads/master");
+
+			define("GIT_VERSION_HEAD", $suffix);
+			define("GIT_VERSION_TIMESTAMP", $timestamp);
 
 			return VERSION_STATIC . ".$suffix";
 		} else {