From 8801fb017ccd6e2c052ab449eed3ee1eb5b7e982 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 8 Nov 2010 13:11:56 +0300
Subject: replace old-style published feed with universal secretkey-based
 approach used for all feeds; do not allow user/pass handling in generated
 feed urls; bump schema

---
 modules/backend-rpc.php | 33 +++++++++++++++++----------------
 1 file changed, 17 insertions(+), 16 deletions(-)

(limited to 'modules/backend-rpc.php')

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 4a82a888b..1bf41d299 100644
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -464,25 +464,11 @@
 			return;
 		}
 
-		if ($subop == "regenPubKey") {
-
-			print "<rpc-reply>";
-
-			set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
-
-			$new_link = article_publish_url($link);		
-
-			print "<link><![CDATA[$new_link]]></link>";
-
-			print "</rpc-reply>";
-
-			return;
-		}
-
 		if ($subop == "regenOPMLKey") {
 
 			print "<rpc-reply>";
-			set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
+			set_pref($link, " _PREFS_OPML_PUBLISH_KEY", 
+				sha1(uniqid(rand(), true)), $_SESSION["uid"]);
 			$new_link = opml_publish_url($link);		
 			print "<link><![CDATA[$new_link]]></link>";
 			print "</rpc-reply>";
@@ -1119,6 +1105,21 @@
 			return;
 		}
 
+		if ($subop == "regenFeedKey") {
+			$feed_id = db_escape_string($_REQUEST['id']);
+			$is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
+
+			print "<rpc-reply>";
+
+			$new_key = update_feed_access_key($link, $feed_id, $is_cat);
+
+			print "<link><![CDATA[$new_key]]></link>";
+
+			print "</rpc-reply>";
+
+			return;
+		}
+
 		print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
 	}
 ?>
-- 
cgit v1.2.3