From 3f286c4c2bb531156e16f3a1f809d36811ca1cd4 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sun, 12 Feb 2006 11:15:24 +0100
Subject: skip counters output when number of unread articles at backend equals
 frontend, move tools to utils/ folder

---
 sanity_check.php     |   7 ++
 utils/xml-export.php | 164 ++++++++++++++++++++++++++++++++++++++++++
 utils/xml-import.php | 198 +++++++++++++++++++++++++++++++++++++++++++++++++++
 xml-export.php       | 164 ------------------------------------------
 xml-import.php       | 198 ---------------------------------------------------
 5 files changed, 369 insertions(+), 362 deletions(-)
 create mode 100644 utils/xml-export.php
 create mode 100644 utils/xml-import.php
 delete mode 100644 xml-export.php
 delete mode 100644 xml-import.php

diff --git a/sanity_check.php b/sanity_check.php
index 322aa9bf1..21fc08199 100644
--- a/sanity_check.php
+++ b/sanity_check.php
@@ -12,4 +12,11 @@
 		subdirectory of TT-RSS tree.";
 		exit;
 	}
+
+	if (file_exists("xml-export.php") || file_exists("xml-import.php")) {
+		print "<b>Fatal Error</b>: XML Import/Export tools (<b>xml-export.php</b>
+		and <b>xml-import.php</b>) could be used maliciously. Please remove them 
+		from your TT-RSS instance.";
+		exit;
+	}
 ?>
diff --git a/utils/xml-export.php b/utils/xml-export.php
new file mode 100644
index 000000000..620331fba
--- /dev/null
+++ b/utils/xml-export.php
@@ -0,0 +1,164 @@
+<?
+	session_start();
+
+	define('MAX_SCHEMA_VERSION', 4);
+
+	require_once "config.php";
+	require_once "functions.php";
+	require_once "db.php";
+
+	if ($_GET["export"]) {
+		header("Content-Type: application/xml");
+	}
+?>
+
+<? if (!$_GET["export"]) { ?>
+
+<html>
+<head>
+	<title>XML Export</title>
+	<link rel="stylesheet" href="opml.css" type="text/css">
+</head>
+<body>
+<h1><img src="images/ttrss_logo.png"></h1>
+
+<div class="opmlBody">
+	<h2>XML Export</h2>
+	<form method="GET">
+		Limit to: <input type="checkbox" checked name="marked"> starred,
+		<input type="checkbox" name="unread"> unread.<br>
+		<p><input type="submit" class="button" name="export" value="Export"></p>
+	</form>
+</div>
+
+</body>
+</html>
+
+<? } else { ?>
+
+<xmldb>
+
+<?
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
+
+	if (!$link) {
+		if (DB_TYPE == "mysql") {
+			print mysql_error();
+		}
+		// PG seems to display its own errors just fine by default.		
+		return;
+	}
+
+	if (DB_TYPE == "pgsql") {
+		pg_query("set client_encoding = 'utf-8'");
+	}
+
+	$result = db_query($link, "SELECT schema_version FROM ttrss_version");
+
+	$schema_version = db_fetch_result($result, 0, "schema_version");
+
+/*	if ($schema_version != SCHEMA_VERSION) {
+		print "<error>Source database schema is invalid
+			(got version $schema_version; expected ".SCHEMA_VERSION.")</error>";
+		print "</xmldb>";
+		return;
+	} */
+
+	print "<schema_version>$schema_version</schema_version>";
+
+	if ($schema_version > 1) {
+		$owner_uid = $_SESSION["uid"];
+		print "<owner_uid>$owner_uid</owner_uid>";
+	}
+
+	print "<exported>" . time() . "</exported>";
+?>
+
+<?
+	if ($_GET["marked"]) {
+		$marked_qpart = "AND marked = true";
+	}
+
+	if ($_GET["unread"]) {
+		$unread_qpart = "AND unread = true";
+	}
+
+	if ($schema_version == 1) {
+
+		$result = db_query($link, "SELECT
+				ttrss_entries.title AS title,
+				content,
+				marked,
+				unread,
+				updated,
+				guid,
+				link,
+				SUBSTRING(date_entered,1,16) AS date_entered,
+				SUBSTRING(last_read,1,16) AS last_read, 
+				comments,
+				ttrss_feeds.feed_url AS feed_url,
+				ttrss_feeds.title AS feed_title
+			FROM 
+				ttrss_entries,ttrss_feeds
+			WHERE
+				feed_id = ttrss_feeds.id $marked_qpart $unread_qpart 
+			ORDER BY ttrss_entries.id");
+				
+	} else if ($schema_version >= 2 && $schema_version <= MAX_SCHEMA_VERSION) {
+
+		$result = db_query($link, "SELECT
+				ttrss_entries.title AS title,
+				content,
+				marked,
+				unread,
+				updated,
+				guid,
+				link,
+				SUBSTRING(date_entered,1,16) AS date_entered,
+				SUBSTRING(last_read,1,16) AS last_read, 
+				comments,
+				ttrss_feeds.feed_url AS feed_url,
+				ttrss_feeds.title AS feed_title
+			FROM 
+				ttrss_entries,ttrss_feeds,ttrss_user_entries
+			WHERE
+				ttrss_user_entries.owner_uid = '$owner_uid' AND
+				ref_id = ttrss_entries.id AND
+				feed_id = ttrss_feeds.id $marked_qpart $unread_qpart
+			ORDER BY ttrss_entries.id");
+
+	} else {
+
+		// BAD SCHEMA, NO COOKIE
+
+		print "<error>Source database schema is invalid
+			(got version $schema_version)</error>";
+	}
+
+	print "<total_articles>" . db_num_rows($result) . "</total_articles>";
+
+?>
+
+<articles>
+
+<?	
+	while ($line = db_fetch_assoc($result)) {
+		print "<article>";
+
+		foreach (array_keys($line) as $key) {
+			$line[$key] = str_replace("<![CDATA[", "", $line[$key]);
+			$line[$key] = str_replace("]]>", "", $line[$key]);
+	
+			print "<$key><![CDATA[".$line[$key]."]]></$key>";
+
+		}
+
+		print "</article>";
+	}
+
+?>
+</articles>
+
+</xmldb>
+
+<? } ?>
diff --git a/utils/xml-import.php b/utils/xml-import.php
new file mode 100644
index 000000000..6cae60e0d
--- /dev/null
+++ b/utils/xml-import.php
@@ -0,0 +1,198 @@
+<?
+	session_start();
+
+	require_once "config.php";
+	require_once "functions.php";
+	require_once "db.php";
+
+	define('MAX_SOURCE_SCHEMA_VERSION', 4);
+	define('TARGET_SCHEMA_VERSION', 4);
+
+	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
+
+	login_sequence($link);
+
+	if (!$link) {
+		if (DB_TYPE == "mysql") {
+			print mysql_error();
+		}
+		// PG seems to display its own errors just fine by default.		
+		return;
+	}
+
+	if (DB_TYPE == "pgsql") {
+		pg_query("set client_encoding = 'utf-8'");
+	}
+
+	$result = db_query($link, "SELECT schema_version FROM ttrss_version");
+
+	$schema_version = db_fetch_result($result, 0, "schema_version");
+
+	if ($schema_version != TARGET_SCHEMA_VERSION) {
+		print "Error: database schema is invalid
+			(got version $schema_version; expected ".TARGET_SCHEMA_VERSION.")";
+		return;
+	}
+
+	function import_article($link, $data) {
+
+		print "<p>Article: <b>".$data["title"].
+		"</b> (".$data["feed_title"].")<br>";
+
+		$owner_uid = $_SESSION["uid"];
+
+		db_query($link, "BEGIN");
+
+		$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '".
+			db_escape_string($data["feed_url"]) . "' AND owner_uid = '$owner_uid'");
+
+		if (db_num_rows($result) == 0) {
+			return false;
+		}
+
+		$feed_id = db_fetch_result($result, 0, "id");		
+
+		$result = db_query($link, "SELECT id FROM ttrss_entries WHERE
+			guid = '".$data["guid"]."'");
+
+		if (db_num_rows($result) == 0) {
+
+			print "Adding base entry...<br>";
+
+			$entry_title = db_escape_string($data["title"]);
+			$entry_guid = db_escape_string($data["guid"]);
+			$entry_link = db_escape_string($data["link"]);
+			$updated = db_escape_string($data["updated"]);
+			$date_entered = db_escape_string($data["date_entered"]);
+			$entry_content = db_escape_string($data["content"]);
+			$content_hash = "SHA1:" . sha1(strip_tags($entry_content));
+			$entry_comments = db_escape_string($data["comments"]);
+
+			$result = db_query($link,
+				"INSERT INTO ttrss_entries 
+					(title,
+					guid,
+					link,
+					updated,
+					content,
+					content_hash,
+					no_orig_date,
+					date_entered,
+					comments)
+				VALUES
+					('$entry_title', 
+					'$entry_guid', 
+					'$entry_link',
+					'$updated', 
+					'$entry_content', 
+					'$content_hash',
+					false, 
+					'$date_entered', 
+					'$entry_comments')");
+		}
+
+		$result = db_query($link, "SELECT id FROM ttrss_entries WHERE
+			guid = '".$data["guid"]."'");
+
+		if (db_num_rows($result) == 0) { return false; }
+
+		$entry_id = db_fetch_result($result, 0, "id");
+
+		print "Found base ID: $entry_id<br>";
+
+		$result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
+			ref_id = '$entry_id' AND owner_uid = '$owner_uid'");
+
+		if (db_num_rows($result) == 0) {
+			print "User table entry not found, creating...<br>";
+
+			$unread = sql_bool_to_string(db_escape_string($data["unread"]));
+			$marked = sql_bool_to_string(db_escape_string($data["marked"]));
+			$last_read = db_escape_string($data["last_read"]);
+
+			if (!$last_read) {
+				$last_read_qpart = 'NULL';
+			} else {
+				$last_read_qpart = "'$last_read'";
+			}
+
+			$result = db_query($link,
+				"INSERT INTO ttrss_user_entries 
+					(ref_id, owner_uid, feed_id, unread, marked, last_read) 
+				VALUES ('$entry_id', '$owner_uid', '$feed_id', $unread, $marked,
+					$last_read_qpart)");
+
+		} else {
+			print "User table entry already exists, nothing to do.<br>";
+		}
+
+		db_query($link, "COMMIT");
+
+	}
+
+?>
+<html>
+<head>
+	<title>XML Import</title>
+	<link rel="stylesheet" href="opml.css" type="text/css">
+</head>
+<body>
+
+	<h1><img src="images/ttrss_logo.png"></h1>
+
+	<div class="opmlBody">
+
+	<? if ($_REQUEST["op"] != "Import") { ?>
+	
+	<h2>Import XMLDB</h2>
+
+	<form	enctype="multipart/form-data" method="POST" action="xml-import.php">
+	File: <input name="xmldb" type="file">&nbsp;
+	<input class="button" name="op" type="submit" value="Import">
+	</form>
+
+	<? } else {
+
+		print "<h2>Importing data</h2>";
+
+		if (is_file($_FILES['xmldb']['tmp_name'])) {
+			$dom = domxml_open_file($_FILES['xmldb']['tmp_name']);
+//			$dom = domxml_open_file('xmldb.xml');
+
+			if ($dom) {
+				$root = $dom->document_element();
+
+				$schema_version = $root->get_elements_by_tagname('schema_version');
+				$schema_version = $schema_version[0]->get_content();
+
+				if ($schema_version > MAX_SOURCE_SCHEMA_VERSION) {
+					die("Incorrect source schema version");
+				}
+
+				$articles = $root->get_elements_by_tagname("article");
+
+				foreach ($articles as $article) {
+					$child_nodes = $article->child_nodes();
+
+					$article_data = array();
+
+					foreach ($child_nodes as $child) {
+						$article_data[$child->tagname()] = $child->get_content();
+					}
+
+					$is_imported = import_article($link, $article_data);
+				}
+
+				print "<p><a class=\"button\" href=\"prefs.php\">Return to preferences</a>";
+			} else {
+				print "Error: could not parse document.";
+			}
+		} else {
+			print "<p>Error: please upload XMLDB.</p>";
+		}
+
+	} ?>
+</div>
+</body>
+</html>
+
diff --git a/xml-export.php b/xml-export.php
deleted file mode 100644
index 620331fba..000000000
--- a/xml-export.php
+++ /dev/null
@@ -1,164 +0,0 @@
-<?
-	session_start();
-
-	define('MAX_SCHEMA_VERSION', 4);
-
-	require_once "config.php";
-	require_once "functions.php";
-	require_once "db.php";
-
-	if ($_GET["export"]) {
-		header("Content-Type: application/xml");
-	}
-?>
-
-<? if (!$_GET["export"]) { ?>
-
-<html>
-<head>
-	<title>XML Export</title>
-	<link rel="stylesheet" href="opml.css" type="text/css">
-</head>
-<body>
-<h1><img src="images/ttrss_logo.png"></h1>
-
-<div class="opmlBody">
-	<h2>XML Export</h2>
-	<form method="GET">
-		Limit to: <input type="checkbox" checked name="marked"> starred,
-		<input type="checkbox" name="unread"> unread.<br>
-		<p><input type="submit" class="button" name="export" value="Export"></p>
-	</form>
-</div>
-
-</body>
-</html>
-
-<? } else { ?>
-
-<xmldb>
-
-<?
-	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
-
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.		
-		return;
-	}
-
-	if (DB_TYPE == "pgsql") {
-		pg_query("set client_encoding = 'utf-8'");
-	}
-
-	$result = db_query($link, "SELECT schema_version FROM ttrss_version");
-
-	$schema_version = db_fetch_result($result, 0, "schema_version");
-
-/*	if ($schema_version != SCHEMA_VERSION) {
-		print "<error>Source database schema is invalid
-			(got version $schema_version; expected ".SCHEMA_VERSION.")</error>";
-		print "</xmldb>";
-		return;
-	} */
-
-	print "<schema_version>$schema_version</schema_version>";
-
-	if ($schema_version > 1) {
-		$owner_uid = $_SESSION["uid"];
-		print "<owner_uid>$owner_uid</owner_uid>";
-	}
-
-	print "<exported>" . time() . "</exported>";
-?>
-
-<?
-	if ($_GET["marked"]) {
-		$marked_qpart = "AND marked = true";
-	}
-
-	if ($_GET["unread"]) {
-		$unread_qpart = "AND unread = true";
-	}
-
-	if ($schema_version == 1) {
-
-		$result = db_query($link, "SELECT
-				ttrss_entries.title AS title,
-				content,
-				marked,
-				unread,
-				updated,
-				guid,
-				link,
-				SUBSTRING(date_entered,1,16) AS date_entered,
-				SUBSTRING(last_read,1,16) AS last_read, 
-				comments,
-				ttrss_feeds.feed_url AS feed_url,
-				ttrss_feeds.title AS feed_title
-			FROM 
-				ttrss_entries,ttrss_feeds
-			WHERE
-				feed_id = ttrss_feeds.id $marked_qpart $unread_qpart 
-			ORDER BY ttrss_entries.id");
-				
-	} else if ($schema_version >= 2 && $schema_version <= MAX_SCHEMA_VERSION) {
-
-		$result = db_query($link, "SELECT
-				ttrss_entries.title AS title,
-				content,
-				marked,
-				unread,
-				updated,
-				guid,
-				link,
-				SUBSTRING(date_entered,1,16) AS date_entered,
-				SUBSTRING(last_read,1,16) AS last_read, 
-				comments,
-				ttrss_feeds.feed_url AS feed_url,
-				ttrss_feeds.title AS feed_title
-			FROM 
-				ttrss_entries,ttrss_feeds,ttrss_user_entries
-			WHERE
-				ttrss_user_entries.owner_uid = '$owner_uid' AND
-				ref_id = ttrss_entries.id AND
-				feed_id = ttrss_feeds.id $marked_qpart $unread_qpart
-			ORDER BY ttrss_entries.id");
-
-	} else {
-
-		// BAD SCHEMA, NO COOKIE
-
-		print "<error>Source database schema is invalid
-			(got version $schema_version)</error>";
-	}
-
-	print "<total_articles>" . db_num_rows($result) . "</total_articles>";
-
-?>
-
-<articles>
-
-<?	
-	while ($line = db_fetch_assoc($result)) {
-		print "<article>";
-
-		foreach (array_keys($line) as $key) {
-			$line[$key] = str_replace("<![CDATA[", "", $line[$key]);
-			$line[$key] = str_replace("]]>", "", $line[$key]);
-	
-			print "<$key><![CDATA[".$line[$key]."]]></$key>";
-
-		}
-
-		print "</article>";
-	}
-
-?>
-</articles>
-
-</xmldb>
-
-<? } ?>
diff --git a/xml-import.php b/xml-import.php
deleted file mode 100644
index 6cae60e0d..000000000
--- a/xml-import.php
+++ /dev/null
@@ -1,198 +0,0 @@
-<?
-	session_start();
-
-	require_once "config.php";
-	require_once "functions.php";
-	require_once "db.php";
-
-	define('MAX_SOURCE_SCHEMA_VERSION', 4);
-	define('TARGET_SCHEMA_VERSION', 4);
-
-	$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
-
-	login_sequence($link);
-
-	if (!$link) {
-		if (DB_TYPE == "mysql") {
-			print mysql_error();
-		}
-		// PG seems to display its own errors just fine by default.		
-		return;
-	}
-
-	if (DB_TYPE == "pgsql") {
-		pg_query("set client_encoding = 'utf-8'");
-	}
-
-	$result = db_query($link, "SELECT schema_version FROM ttrss_version");
-
-	$schema_version = db_fetch_result($result, 0, "schema_version");
-
-	if ($schema_version != TARGET_SCHEMA_VERSION) {
-		print "Error: database schema is invalid
-			(got version $schema_version; expected ".TARGET_SCHEMA_VERSION.")";
-		return;
-	}
-
-	function import_article($link, $data) {
-
-		print "<p>Article: <b>".$data["title"].
-		"</b> (".$data["feed_title"].")<br>";
-
-		$owner_uid = $_SESSION["uid"];
-
-		db_query($link, "BEGIN");
-
-		$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '".
-			db_escape_string($data["feed_url"]) . "' AND owner_uid = '$owner_uid'");
-
-		if (db_num_rows($result) == 0) {
-			return false;
-		}
-
-		$feed_id = db_fetch_result($result, 0, "id");		
-
-		$result = db_query($link, "SELECT id FROM ttrss_entries WHERE
-			guid = '".$data["guid"]."'");
-
-		if (db_num_rows($result) == 0) {
-
-			print "Adding base entry...<br>";
-
-			$entry_title = db_escape_string($data["title"]);
-			$entry_guid = db_escape_string($data["guid"]);
-			$entry_link = db_escape_string($data["link"]);
-			$updated = db_escape_string($data["updated"]);
-			$date_entered = db_escape_string($data["date_entered"]);
-			$entry_content = db_escape_string($data["content"]);
-			$content_hash = "SHA1:" . sha1(strip_tags($entry_content));
-			$entry_comments = db_escape_string($data["comments"]);
-
-			$result = db_query($link,
-				"INSERT INTO ttrss_entries 
-					(title,
-					guid,
-					link,
-					updated,
-					content,
-					content_hash,
-					no_orig_date,
-					date_entered,
-					comments)
-				VALUES
-					('$entry_title', 
-					'$entry_guid', 
-					'$entry_link',
-					'$updated', 
-					'$entry_content', 
-					'$content_hash',
-					false, 
-					'$date_entered', 
-					'$entry_comments')");
-		}
-
-		$result = db_query($link, "SELECT id FROM ttrss_entries WHERE
-			guid = '".$data["guid"]."'");
-
-		if (db_num_rows($result) == 0) { return false; }
-
-		$entry_id = db_fetch_result($result, 0, "id");
-
-		print "Found base ID: $entry_id<br>";
-
-		$result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
-			ref_id = '$entry_id' AND owner_uid = '$owner_uid'");
-
-		if (db_num_rows($result) == 0) {
-			print "User table entry not found, creating...<br>";
-
-			$unread = sql_bool_to_string(db_escape_string($data["unread"]));
-			$marked = sql_bool_to_string(db_escape_string($data["marked"]));
-			$last_read = db_escape_string($data["last_read"]);
-
-			if (!$last_read) {
-				$last_read_qpart = 'NULL';
-			} else {
-				$last_read_qpart = "'$last_read'";
-			}
-
-			$result = db_query($link,
-				"INSERT INTO ttrss_user_entries 
-					(ref_id, owner_uid, feed_id, unread, marked, last_read) 
-				VALUES ('$entry_id', '$owner_uid', '$feed_id', $unread, $marked,
-					$last_read_qpart)");
-
-		} else {
-			print "User table entry already exists, nothing to do.<br>";
-		}
-
-		db_query($link, "COMMIT");
-
-	}
-
-?>
-<html>
-<head>
-	<title>XML Import</title>
-	<link rel="stylesheet" href="opml.css" type="text/css">
-</head>
-<body>
-
-	<h1><img src="images/ttrss_logo.png"></h1>
-
-	<div class="opmlBody">
-
-	<? if ($_REQUEST["op"] != "Import") { ?>
-	
-	<h2>Import XMLDB</h2>
-
-	<form	enctype="multipart/form-data" method="POST" action="xml-import.php">
-	File: <input name="xmldb" type="file">&nbsp;
-	<input class="button" name="op" type="submit" value="Import">
-	</form>
-
-	<? } else {
-
-		print "<h2>Importing data</h2>";
-
-		if (is_file($_FILES['xmldb']['tmp_name'])) {
-			$dom = domxml_open_file($_FILES['xmldb']['tmp_name']);
-//			$dom = domxml_open_file('xmldb.xml');
-
-			if ($dom) {
-				$root = $dom->document_element();
-
-				$schema_version = $root->get_elements_by_tagname('schema_version');
-				$schema_version = $schema_version[0]->get_content();
-
-				if ($schema_version > MAX_SOURCE_SCHEMA_VERSION) {
-					die("Incorrect source schema version");
-				}
-
-				$articles = $root->get_elements_by_tagname("article");
-
-				foreach ($articles as $article) {
-					$child_nodes = $article->child_nodes();
-
-					$article_data = array();
-
-					foreach ($child_nodes as $child) {
-						$article_data[$child->tagname()] = $child->get_content();
-					}
-
-					$is_imported = import_article($link, $article_data);
-				}
-
-				print "<p><a class=\"button\" href=\"prefs.php\">Return to preferences</a>";
-			} else {
-				print "Error: could not parse document.";
-			}
-		} else {
-			print "<p>Error: please upload XMLDB.</p>";
-		}
-
-	} ?>
-</div>
-</body>
-</html>
-
-- 
cgit v1.2.3