From fc0ebf089189ca42875d31b1bec4aa1c27852506 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Fri, 19 Feb 2021 20:21:36 +0300
Subject: move bookmarklet-related methods out of public.php into the plugin

---
 classes/handler/public.php    | 321 +---------------------------------------
 classes/pluginhost.php        |   4 +-
 classes/userhelper.php        |   2 +-
 include/controls.php          |   4 +
 plugins/bookmarklets/init.php | 331 +++++++++++++++++++++++++++++++++++++++++-
 5 files changed, 335 insertions(+), 327 deletions(-)

diff --git a/classes/handler/public.php b/classes/handler/public.php
index de3165e2f..62543859c 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -98,7 +98,7 @@ class Handler_Public extends Handler {
 
 				$tpl->setVariable('ARTICLE_ID',
 					htmlspecialchars($orig_guid ? $line['link'] :
-							$this->make_article_tag_uri($line['id'], $line['date_entered'])), true);
+							$this->_make_article_tag_uri($line['id'], $line['date_entered'])), true);
 				$tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
 				$tpl->setVariable('ARTICLE_TITLE', htmlspecialchars($line['title']), true);
 				$tpl->setVariable('ARTICLE_EXCERPT', $line["content_preview"], true);
@@ -346,165 +346,6 @@ class Handler_Public extends Handler {
 		PluginHost::getInstance()->run_hooks(PluginHost::HOOK_UPDATE_TASK);
 	}
 
-	function sharepopup() {
-		if (SINGLE_USER_MODE) {
-			UserHelper::login_sequence();
-		}
-
-		header('Content-Type: text/html; charset=utf-8');
-		?>
-		<!DOCTYPE html>
-		<html>
-		<head>
-			<title><?= __("Share with Tiny Tiny RSS") ?></title>
-			<?php
-			echo javascript_tag("lib/dojo/dojo.js");
-			echo javascript_tag("js/utility.js");
-			echo javascript_tag("lib/dojo/tt-rss-layer.js");
-			?>
-			<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-			<link rel="shortcut icon" type="image/png" href="images/favicon.png">
-			<link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png">
-			<style type="text/css">
-				@media (prefers-color-scheme: dark) {
-					body {
-						background : #303030;
-					}
-				}
-
-				body.css_loading * {
-					display : none;
-				}
-			</style>
-		</head>
-		<body class='flat ttrss_utility share_popup css_loading'>
-		<script type="text/javascript">
-			const UtilityApp = {
-				init: function() {
-				  	require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form',
-						'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){
-						ready(function() {
-							parser.parse();
-
-							/* new Ajax.Autocompleter('labels_value', 'labels_choices',
-								"backend.php?op=rpc&method=completeLabels",
-								{ tokens: ',', paramName: "search" });
-							}); */
-				  	});
-				}
-			};
-		</script>
-		<div class="content">
-
-		<?php
-
-		$action = clean($_REQUEST["action"]);
-
-		if ($_SESSION["uid"]) {
-
-			if ($action == 'share') {
-
-				$title = strip_tags(clean($_REQUEST["title"]));
-				$url = strip_tags(clean($_REQUEST["url"]));
-				$content = strip_tags(clean($_REQUEST["content"]));
-				$labels = strip_tags(clean($_REQUEST["labels"]));
-
-				Article::_create_published_article($title, $url, $content, $labels,
-					$_SESSION["uid"]);
-
-				print "<script type='text/javascript'>";
-				print "window.close();";
-				print "</script>";
-
-			} else {
-				$title = htmlspecialchars(clean($_REQUEST["title"]));
-				$url = htmlspecialchars(clean($_REQUEST["url"]));
-
-				?>
-				<form id='share_form' name='share_form'>
-
-					<input type="hidden" name="op" value="sharepopup">
-					<input type="hidden" name="action" value="share">
-
-					<fieldset>
-						<label><?= __("Title:") ?></label>
-						<input style='width : 270px' dojoType='dijit.form.TextBox' name='title' value="<?= $title ?>">
-					</fieldset>
-
-					<fieldset>
-						<label><?= __("URL:") ?></label>
-						<input style='width : 270px' name='url' dojoType='dijit.form.TextBox' value="<?= $url ?>">
-					</fieldset>
-
-					<fieldset>
-						<label><?= __("Content:") ?></label>
-						<input style='width : 270px' name='content' dojoType='dijit.form.TextBox' value="">
-					</fieldset>
-
-					<fieldset>
-						<label><?= __("Labels:") ?></label>
-						<input style='width : 270px' name='labels' dojoType='dijit.form.TextBox' id="labels_value"
-						   placeholder='Alpha, Beta, Gamma' value="">
-						<div class="autocomplete" id="labels_choices"
-							 style="display : block"></div>
-					</fieldset>
-
-					<hr/>
-
-					<fieldset>
-						<button dojoType='dijit.form.Button' class="alt-primary" type="submit"><?= __('Share') ?></button>
-						<button dojoType='dijit.form.Button' onclick="return window.close()"><?= __('Cancel') ?></button>
-						<span class="text-muted small"><?= __("Shared article will appear in the Published feed.") ?></span>
-					</fieldset>
-
-				</form>
-				<?php
-
-			}
-
-		} else {
-
-			$return = urlencode(make_self_url());
-
-			?>
-
-			<?php print_error("Not logged in"); ?>
-
-			<form action="public.php?return=<?= $return ?>" method="post">
-
-				<input type="hidden" name="op" value="login">
-
-				<fieldset>
-					<label><?= __("Login:") ?></label>
-					<input name="login" id="login" dojoType="dijit.form.TextBox" type="text"
-						   onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()"
-						   required="1" value="<?= $_SESSION["fake_login"] ?>" />
-				</fieldset>
-
-				<fieldset>
-					<label><?= __("Password:") ?></label>
-
-					<input type="password" name="password" required="1"
-						   dojoType="dijit.form.TextBox"
-						   class="input input-text"
-						   value="<?= $_SESSION["fake_password"] ?>"/>
-				</fieldset>
-
-				<hr/>
-
-				<fieldset>
-					<label> </label>
-
-					<button dojoType="dijit.form.Button" type="submit" class="alt-primary"><?= __('Log in') ?></button>
-				</fieldset>
-
-			</form>
-			<?php
-		}
-
-		print "</div></body></html>";
-	}
-
 	function login() {
 		if (!SINGLE_USER_MODE) {
 
@@ -565,160 +406,6 @@ class Handler_Public extends Handler {
 		}
 	}
 
-	function subscribe() {
-		if (SINGLE_USER_MODE) {
-			UserHelper::login_sequence();
-		}
-
-		if (!empty($_SESSION["uid"])) {
-
-			$feed_url = clean($_REQUEST["feed_url"] ?? "");
-			$csrf_token = clean($_POST["csrf_token"] ?? "");
-
-			header('Content-Type: text/html; charset=utf-8');
-			?>
-			<!DOCTYPE html>
-			<html>
-			<head>
-				<title>Tiny Tiny RSS</title>
-				<?php
-					echo javascript_tag("js/utility.js");
-					echo javascript_tag("lib/dojo/dojo.js");
-					echo javascript_tag("lib/dojo/tt-rss-layer.js");
-				?>
-				<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
-				<link rel="shortcut icon" type="image/png" href="images/favicon.png">
-				<link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png">
-				<style type="text/css">
-					@media (prefers-color-scheme: dark) {
-						body {
-							background : #303030;
-						}
-					}
-
-					body.css_loading * {
-						display : none;
-					}
-				</style>
-			</head>
-			<body class='flat ttrss_utility css_loading'>
-			<script type="text/javascript">
-				const UtilityApp = {
-					init: function() {
-                        require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form',
-                            'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){
-                            ready(function() {
-                                parser.parse();
-                            });
-                        });
-					}
-				};
-			</script>
-			<div class="container">
-			<h1><?= __("Subscribe to feed...") ?></h1>
-			<div class='content'>
-			<?php
-
-			if (!$feed_url || !validate_csrf($csrf_token)) {
-				?>
-				<form method="post">
-					<input type="hidden" name="op" value="subscribe">
-					<?= \Controls\hidden_tag("csrf_token", $_SESSION["csrf_token"]) ?>
-					<fieldset>
-						<label>Feed or site URL:</label>
-						<input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url" value="<?= htmlspecialchars($feed_url) ?>">
-					</fieldset>
-
-					<button class="alt-primary" dojoType="dijit.form.Button" type="submit">
-						<?= __("Subscribe") ?>
-					</button>
-
-					<a href="index.php"><?= __("Return to Tiny Tiny RSS") ?></a>
-				</form>
-				<?php
-			} else {
-
-				$rc = Feeds::_subscribe($feed_url);
-				$feed_urls = false;
-
-				switch ($rc['code']) {
-					case 0:
-						print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
-						break;
-					case 1:
-						print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
-						break;
-					case 2:
-						print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
-						break;
-					case 3:
-						print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
-						break;
-					case 4:
-						$feed_urls = $rc["feeds"];
-						break;
-					case 5:
-						print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
-						break;
-				}
-
-				if ($feed_urls) {
-
-					print "<form action='public.php'>";
-					print "<input type='hidden' name='op' value='subscribe'>";
-					print \Controls\hidden_tag("csrf_token", $_SESSION["csrf_token"]);
-
-					print "<fieldset>";
-					print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>";
-					print "<select name='feed_url' dojoType='dijit.form.Select'>";
-
-					foreach ($feed_urls as $url => $name) {
-						$url = htmlspecialchars($url);
-						$name = htmlspecialchars($name);
-
-						print "<option value=\"$url\">$name</option>";
-					}
-
-					print "</select>";
-					print "</fieldset>";
-
-					print "<button class='alt-primary' dojoType='dijit.form.Button' type='submit'>".__("Subscribe to selected feed")."</button>";
-					print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>";
-
-					print "</form>";
-				}
-
-				$tp_uri = get_self_url_prefix() . "/prefs.php";
-
-				if ($rc['code'] <= 2){
-					$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
-					feed_url = ? AND owner_uid = ?");
-					$sth->execute([$feed_url, $_SESSION['uid']]);
-					$row = $sth->fetch();
-
-					$feed_id = $row["id"];
-				} else {
-					$feed_id = 0;
-				}
-
-				if ($feed_id) {
-					print "<form method='GET' action=\"$tp_uri\">
-					<input type='hidden' name='tab' value='feeds'>
-					<input type='hidden' name='method' value='editfeed'>
-					<input type='hidden' name='methodparam' value='$feed_id'>
-					<button dojoType='dijit.form.Button' class='alt-info' type='submit'>".__("Edit subscription options")."</button>
-					<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>
-					</form>";
-				}
-			}
-
-			print "</div></div></body></html>";
-
-		} else {
-			$this->render_login_form();
-		}
-	}
-
 	function index() {
 		header("Content-Type: text/plain");
 		print error_json(13);
@@ -928,7 +615,7 @@ class Handler_Public extends Handler {
 
 		if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
 			$_SESSION["login_error_msg"] = __("Your access level is insufficient to run this script.");
-			$this->render_login_form();
+			$this->_render_login_form();
 			exit;
 		}
 
@@ -1066,7 +753,7 @@ class Handler_Public extends Handler {
 		}
 	}
 
-	private function make_article_tag_uri($id, $timestamp) {
+	private function _make_article_tag_uri($id, $timestamp) {
 
 		$timestamp = date("Y-m-d", strtotime($timestamp));
 
@@ -1108,7 +795,7 @@ class Handler_Public extends Handler {
 		}
 	}
 
-	static function render_login_form() {
+	static function _render_login_form() {
 		header('Cache-Control: public');
 
 		require_once "login_form.php";
diff --git a/classes/pluginhost.php b/classes/pluginhost.php
index 065fa99c4..d50c5a706 100755
--- a/classes/pluginhost.php
+++ b/classes/pluginhost.php
@@ -599,7 +599,7 @@ class PluginHost {
 	}
 
 	// handled by classes/pluginhandler.php, requires valid session
-	function get_method_url(Plugin $sender, string $method, $params)  {
+	function get_method_url(Plugin $sender, string $method, $params = [])  {
 		return get_self_url_prefix() . "/backend.php?" .
 			http_build_query(
 				array_merge(
@@ -623,7 +623,7 @@ class PluginHost {
 	} */
 
 	// WARNING: endpoint in public.php, exposed to unauthenticated users
-	function get_public_method_url(Plugin $sender, string $method, $params)  {
+	function get_public_method_url(Plugin $sender, string $method, $params = [])  {
 		if ($sender->is_public_method($method)) {
 			return get_self_url_prefix() . "/public.php?" .
 				http_build_query(
diff --git a/classes/userhelper.php b/classes/userhelper.php
index 42d50a0f4..7fe1e5557 100644
--- a/classes/userhelper.php
+++ b/classes/userhelper.php
@@ -107,7 +107,7 @@ class UserHelper {
 				if (empty($_SESSION["uid"])) {
 					UserHelper::logout();
 
-					Handler_Public::render_login_form();
+					Handler_Public::_render_login_form();
 					exit;
 				}
 
diff --git a/include/controls.php b/include/controls.php
index a60b1e0b0..ae5fba739 100755
--- a/include/controls.php
+++ b/include/controls.php
@@ -16,6 +16,10 @@
       return hidden_tag("op", strtolower(get_class($plugin) . \PluginHost::PUBLIC_METHOD_DELIMITER . $method));
    } */
 
+   function public_method_tags(\Plugin $plugin, string $method) {
+      return hidden_tag("op", strtolower(get_class($plugin) . \PluginHost::PUBLIC_METHOD_DELIMITER . $method));
+   }
+
    function pluginhandler_tags(\Plugin $plugin, string $method) {
       return hidden_tag("op", "pluginhandler") .
                hidden_tag("plugin", strtolower(get_class($plugin))) .
diff --git a/plugins/bookmarklets/init.php b/plugins/bookmarklets/init.php
index a9dc3e69d..4c3bbf4cc 100644
--- a/plugins/bookmarklets/init.php
+++ b/plugins/bookmarklets/init.php
@@ -16,21 +16,338 @@ class Bookmarklets extends Plugin {
 		$host->add_hook($host::HOOK_PREFS_TAB, $this);
 	}
 
-	private function subscribe_to_feed_url() {
-		$url_path = get_self_url_prefix() .
-			"/public.php?op=subscribe&feed_url=%s";
-		return $url_path;
+	function is_public_method($method) {
+		return in_array($method, ["subscribe", "sharepopup"]);
 	}
 
+	function subscribe() {
+		if (SINGLE_USER_MODE) {
+			UserHelper::login_sequence();
+		}
+
+		if (!empty($_SESSION["uid"])) {
+
+			$feed_url = clean($_REQUEST["feed_url"] ?? "");
+			$csrf_token = clean($_POST["csrf_token"] ?? "");
+
+			header('Content-Type: text/html; charset=utf-8');
+			?>
+			<!DOCTYPE html>
+			<html>
+			<head>
+				<title><?= __("Subscribe to feed...") ?></title>
+				<?= javascript_tag("lib/dojo/dojo.js") ?>
+				<?= javascript_tag("js/utility.js") ?>
+				<?= javascript_tag("js/common.js") ?>
+				<?= javascript_tag("lib/dojo/tt-rss-layer.js") ?>
+				<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+				<link rel="shortcut icon" type="image/png" href="images/favicon.png">
+				<link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png">
+				<style type="text/css">
+					@media (prefers-color-scheme: dark) {
+						body {
+							background : #303030;
+						}
+					}
+
+					body.css_loading * {
+						display : none;
+					}
+				</style>
+			</head>
+			<body class='flat ttrss_utility css_loading'>
+			<script type="text/javascript">
+				const UtilityApp = {
+					init: function() {
+                        require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form',
+                            'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){
+                            ready(function() {
+                                parser.parse();
+                            });
+                        });
+					}
+				};
+			</script>
+			<div class="container">
+			<h1><?= __("Subscribe to feed...") ?></h1>
+			<div class='content'>
+			<?php
+
+			if (!$feed_url || !validate_csrf($csrf_token)) {
+				?>
+				<form method="post" action='public.php'>
+					<?= \Controls\public_method_tags($this, "subscribe") ?>
+					<?= \Controls\hidden_tag("csrf_token", $_SESSION["csrf_token"]) ?>
+
+					<fieldset>
+						<label>Feed or site URL:</label>
+						<input style="width: 300px" dojoType="dijit.form.ValidationTextBox" required="1" name="feed_url" value="<?= htmlspecialchars($feed_url) ?>">
+					</fieldset>
+
+					<button class="alt-primary" dojoType="dijit.form.Button" type="submit">
+						<?= __("Subscribe") ?>
+					</button>
+
+					<a href="index.php"><?= __("Return to Tiny Tiny RSS") ?></a>
+				</form>
+				<?php
+			} else {
+
+				$rc = Feeds::_subscribe($feed_url);
+				$feed_urls = false;
+
+				switch ($rc['code']) {
+					case 0:
+						print_warning(T_sprintf("Already subscribed to <b>%s</b>.", $feed_url));
+						break;
+					case 1:
+						print_notice(T_sprintf("Subscribed to <b>%s</b>.", $feed_url));
+						break;
+					case 2:
+						print_error(T_sprintf("Could not subscribe to <b>%s</b>.", $feed_url));
+						break;
+					case 3:
+						print_error(T_sprintf("No feeds found in <b>%s</b>.", $feed_url));
+						break;
+					case 4:
+						$feed_urls = $rc["feeds"];
+						break;
+					case 5:
+						print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
+						break;
+				}
+
+				if ($feed_urls) {
+
+					print "<form method='post' action='public.php'>";
+					print \Controls\public_method_tags($this, "subscribe");
+					print \Controls\hidden_tag("csrf_token", $_SESSION["csrf_token"]);
+
+					print "<fieldset>";
+					print "<label style='display : inline'>" . __("Multiple feed URLs found:") . "</label>";
+					print "<select name='feed_url' dojoType='dijit.form.Select'>";
+
+					foreach ($feed_urls as $url => $name) {
+						$url = htmlspecialchars($url);
+						$name = htmlspecialchars($name);
+
+						print "<option value=\"$url\">$name</option>";
+					}
+
+					print "</select>";
+					print "</fieldset>";
+
+					print "<button class='alt-primary' dojoType='dijit.form.Button' type='submit'>".__("Subscribe to selected feed")."</button>";
+					print "<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>";
+
+					print "</form>";
+				}
+
+				$tp_uri = get_self_url_prefix() . "/prefs.php";
+
+				if ($rc['code'] <= 2){
+					$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+					feed_url = ? AND owner_uid = ?");
+					$sth->execute([$feed_url, $_SESSION['uid']]);
+					$row = $sth->fetch();
+
+					$feed_id = $row["id"];
+				} else {
+					$feed_id = 0;
+				}
+
+				if ($feed_id) {
+					print "<form method='GET' action=\"$tp_uri\">
+					<input type='hidden' name='tab' value='feeds'>
+					<input type='hidden' name='method' value='editfeed'>
+					<input type='hidden' name='methodparam' value='$feed_id'>
+					<button dojoType='dijit.form.Button' class='alt-info' type='submit'>".__("Edit subscription options")."</button>
+					<a href='index.php'>".__("Return to Tiny Tiny RSS")."</a>
+					</form>";
+				}
+			}
+
+			print "</div></div></body></html>";
+		} else {
+			Handler_Public::_render_login_form();
+		}
+	}
+
+	function sharepopup() {
+		if (SINGLE_USER_MODE) {
+			UserHelper::login_sequence();
+		}
+
+		header('Content-Type: text/html; charset=utf-8');
+		?>
+		<!DOCTYPE html>
+		<html>
+		<head>
+			<title><?= __("Share with Tiny Tiny RSS") ?></title>
+			<?= javascript_tag("lib/dojo/dojo.js") ?>
+			<?= javascript_tag("js/utility.js") ?>
+			<?= javascript_tag("js/common.js") ?>
+			<?= javascript_tag("lib/dojo/tt-rss-layer.js") ?>
+			<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
+			<link rel="shortcut icon" type="image/png" href="images/favicon.png">
+			<link rel="icon" type="image/png" sizes="72x72" href="images/favicon-72px.png">
+			<style type="text/css">
+				@media (prefers-color-scheme: dark) {
+					body {
+						background : #303030;
+					}
+				}
+
+				body.css_loading * {
+					display : none;
+				}
+			</style>
+		</head>
+		<body class='flat ttrss_utility share_popup css_loading'>
+			<script type="text/javascript">
+				const UtilityApp = {
+					init: function() {
+						require(['dojo/parser', "dojo/ready", 'dijit/form/Button','dijit/form/CheckBox', 'dijit/form/Form',
+							'dijit/form/Select','dijit/form/TextBox','dijit/form/ValidationTextBox'], function(parser, ready){
+							ready(function() {
+								parser.parse();
+
+								/* new Ajax.Autocompleter('labels_value', 'labels_choices',
+									"backend.php?op=rpc&method=completeLabels",
+									{ tokens: ',', paramName: "search" }); */
+								});
+						});
+					}
+				};
+			</script>
+		<div class="content">
+
+		<?php
+			if ($_SESSION["uid"]) {
+
+				$action = clean($_REQUEST["action"] ?? "");
+
+				if ($action == 'share') {
+
+					$title = strip_tags(clean($_REQUEST["title"]));
+					$url = strip_tags(clean($_REQUEST["url"]));
+					$content = strip_tags(clean($_REQUEST["content"]));
+					$labels = strip_tags(clean($_REQUEST["labels"]));
+
+					Article::_create_published_article($title, $url, $content, $labels,
+						$_SESSION["uid"]);
+
+					print "<script type='text/javascript'>";
+					print "window.close();";
+					print "</script>";
+
+				} else {
+					$title = htmlspecialchars(clean($_REQUEST["title"]));
+					$url = htmlspecialchars(clean($_REQUEST["url"]));
+
+					?>
+					<form method='post' action='public.php'>
+
+						<?= \Controls\public_method_tags($this, "sharepopup") ?>
+						<?= \Controls\hidden_tag("csrf_token", $_SESSION["csrf_token"]) ?>
+						<?= \Controls\hidden_tag("action", "share") ?>
+
+						<fieldset>
+							<label><?= __("Title:") ?></label>
+							<input style='width : 270px' dojoType='dijit.form.TextBox' name='title' value="<?= $title ?>">
+						</fieldset>
+
+						<fieldset>
+							<label><?= __("URL:") ?></label>
+							<input style='width : 270px' name='url' dojoType='dijit.form.TextBox' value="<?= $url ?>">
+						</fieldset>
+
+						<fieldset>
+							<label><?= __("Content:") ?></label>
+							<input style='width : 270px' name='content' dojoType='dijit.form.TextBox' value="">
+						</fieldset>
+
+						<fieldset>
+							<label><?= __("Labels:") ?></label>
+							<input style='width : 270px' name='labels' dojoType='dijit.form.TextBox' id="labels_value"
+								placeholder='Alpha, Beta, Gamma' value="">
+							<!-- <div class="autocomplete" id="labels_choices"
+								style="display : block"></div> -->
+						</fieldset>
+
+						<hr/>
+
+						<fieldset>
+							<?= \Controls\submit_tag(__("Share")) ?>
+							<?= \Controls\button_tag(__("Cancel"), "", ["onclick" => "window.close()"]) ?>
+							<span class="text-muted small"><?= __("Shared article will appear in the Published feed.") ?></span>
+						</fieldset>
+
+					</form>
+					<?php
+
+				}
+
+			} else {
+				print_error("Not logged in");
+			?>
+
+			<form action="public.php?return=<?= urlencode(make_self_url()) ?>" method="post">
+
+				<input type="hidden" name="op" value="login">
+
+				<fieldset>
+					<label><?= __("Login:") ?></label>
+					<input name="login" id="login" dojoType="dijit.form.TextBox" type="text"
+							onchange="fetchProfiles()" onfocus="fetchProfiles()" onblur="fetchProfiles()"
+							required="1" value="<?= $_SESSION["fake_login"] ?>" />
+				</fieldset>
+
+				<fieldset>
+					<label><?= __("Password:") ?></label>
+
+					<input type="password" name="password" required="1"
+							dojoType="dijit.form.TextBox"
+							class="input input-text"
+							value="<?= $_SESSION["fake_password"] ?>"/>
+				</fieldset>
+
+				<hr/>
+
+				<fieldset>
+					<label> </label>
+
+					<button dojoType="dijit.form.Button" type="submit" class="alt-primary"><?= __('Log in') ?></button>
+				</fieldset>
+
+			</form>
+			<?php
+			}
+		?>
+		</div>
+		</body>
+		</html>";
+		<?php
+	}
+
+
 	function hook_prefs_tab($args) {
 		if ($args != "prefFeeds")
 			return;
 
-			$bm_subscribe_url = str_replace('%s', '', $this->subscribe_to_feed_url());
+			$bm_subscribe_url = $this->host->get_public_method_url($this, "subscribe");
+			$bm_share_url = $this->host->get_public_method_url($this, "sharepopup");
+
 			$confirm_str = str_replace("'", "\'", __('Subscribe to %s in Tiny Tiny RSS?'));
-			$bm_subscribe_url = htmlspecialchars("javascript:{if(confirm('$confirm_str'.replace('%s',window.location.href)))window.location.href='$bm_subscribe_url'+encodeURIComponent(window.location.href)}");
 
-			$bm_share_url = htmlspecialchars("javascript:(function(){var d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='".get_self_url_prefix()."/public.php?op=sharepopup',l=d.location,e=encodeURIComponent,g=f+'&title='+((e(s))?e(s):e(document.title))+'&url='+e(l.href);function a(){if(!w.open(g,'t','toolbar=0,resizable=0,scrollbars=1,status=1,width=500,height=250')){l.href=g;}}a();})()");
+			$bm_subscribe_url = htmlspecialchars("javascript:{if(confirm('$confirm_str'.replace('%s',window.location.href)))window.location.href='$bm_subscribe_url&feed_url='+encodeURIComponent(window.location.href)}");
+			$bm_share_url = htmlspecialchars("javascript:(function(){var d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='$bm_share_url',l=d.location,e=encodeURIComponent,g=f+'&title='+((e(s))?e(s):e(document.title))+'&url='+e(l.href);function a(){if(!w.open(g,'t','toolbar=0,resizable=0,scrollbars=1,status=1,width=500,height=250')){l.href=g;}}a();})()");
+
+			//$bm_subscribe_url = str_replace('%s', '', $this->subscribe_to_feed_url());
+			//$confirm_str = str_replace("'", "\'", __('Subscribe to %s in Tiny Tiny RSS?'));
+			//$bm_subscribe_url = htmlspecialchars("javascript:{if(confirm('$confirm_str'.replace('%s',window.location.href)))window.location.href='$bm_subscribe_url'+encodeURIComponent(window.location.href)}");
+
+			//$bm_share_url = htmlspecialchars("javascript:(function(){var d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='".get_self_url_prefix()."/public.php?op=sharepopup',l=d.location,e=encodeURIComponent,g=f+'&title='+((e(s))?e(s):e(document.title))+'&url='+e(l.href);function a(){if(!w.open(g,'t','toolbar=0,resizable=0,scrollbars=1,status=1,width=500,height=250')){l.href=g;}}a();})()");
 		?>
 
 		<div dojoType="dijit.layout.AccordionPane"
-- 
cgit v1.2.3