diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-09-11 11:52:06 +0200 |
|---|---|---|
| committer | Alexandre Alapetite <alexandre@alapetite.fr>
| 2016-09-11 11:52:06 +0200 |
| commit | 2757aeca52c204d6c9182fb99229e7e37dd09213 (patch) | |
| tree | 9f8ffb90da0f67d20838bb5aa58a7a504af81113 | |
| parent | 9f04e2bf3246ec5a65280908f017533d6f622a88 (diff) | |
| parent | c3589cac2d41501af1bd916c4689cf1ea4b58038 (diff) | |
Merge dev: custom ports for PostgreSQL too
https://github.com/FreshRSS/FreshRSS/issues/1241
https://github.com/FreshRSS/FreshRSS/pull/1244
| -rw-r--r-- | CHANGELOG.md | 7 | ||||
| -rw-r--r-- | app/Models/Feed.php | 6 | ||||
| -rw-r--r-- | app/install.php | 2 | ||||
| -rw-r--r-- | app/layout/aside_feed.phtml | 2 | ||||
| -rw-r--r-- | app/layout/aside_subscription.phtml | 2 | ||||
| -rw-r--r-- | app/layout/nav_menu.phtml | 2 | ||||
| -rw-r--r-- | app/views/configure/sharing.phtml | 4 | ||||
| -rw-r--r-- | app/views/feed/add.phtml | 6 | ||||
| -rw-r--r-- | app/views/helpers/feed/update.phtml | 6 | ||||
| -rw-r--r-- | app/views/helpers/index/normal/entry_bottom.phtml | 4 | ||||
| -rw-r--r-- | app/views/helpers/index/normal/entry_header.phtml | 4 | ||||
| -rw-r--r-- | app/views/index/normal.phtml | 2 | ||||
| -rw-r--r-- | data/persona/.gitignore | 1 | ||||
| -rw-r--r-- | data/persona/index.html | 13 | ||||
| -rw-r--r-- | lib/Minz/ModelPdo.php | 12 | ||||
| -rw-r--r-- | p/scripts/main.js | 2 | ||||
| -rw-r--r-- | p/themes/base-theme/template.css | 4 |
17 files changed, 41 insertions, 38 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1002873d2..b3c46bdb6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,13 @@ ## 2016-XX-XX FreshRSS 1.6.0-dev +* Features + * Support custom ports `localhost:3306` for database servers [#1241](https://github.com/FreshRSS/FreshRSS/issues/1241) +* Security + * Prevent `<a target="_blank">` attacks with `window.opener` [#1245](https://github.com/FreshRSS/FreshRSS/issues/1245) +* UI + * Download icon 💾 for podcasts [#1236](https://github.com/FreshRSS/FreshRSS/issues/1236) + ## 2016-08-29 FreshRSS 1.5.0 diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 6104b1e31..4403a23c4 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -309,11 +309,11 @@ class FreshRSS_Feed extends Minz_Model { $elinks[$elink] = '1'; $mime = strtolower($enclosure->get_type()); if (strpos($mime, 'image/') === 0) { - $content .= '<br /><img lazyload="" postpone="" src="' . $elink . '" alt="" />'; + $content .= '<p class="enclosure"><img lazyload="" src="' . $elink . '" alt="" /></p>'; } elseif (strpos($mime, 'audio/') === 0) { - $content .= '<br /><audio lazyload="" postpone="" preload="none" src="' . $elink . '" controls="controls" />'; + $content .= '<p class="enclosure"><audio preload="none" src="' . $elink . '" controls="controls"></audio> <a download="" href="' . $elink . '">💾</a></p>'; } elseif (strpos($mime, 'video/') === 0) { - $content .= '<br /><video lazyload="" postpone="" preload="none" src="' . $elink . '" controls="controls" />'; + $content .= '<p class="enclosure"><video preload="none" src="' . $elink . '" controls="controls"></video> <a download="" href="' . $elink . '">💾</a></p>'; } else { unset($elinks[$elink]); } diff --git a/app/install.php b/app/install.php index db16ca6b1..7f4e65034 100644 --- a/app/install.php +++ b/app/install.php @@ -725,7 +725,7 @@ function printStep3() { <div class="form-group"> <label class="group-name" for="host"><?php echo _t('install.bdd.host'); ?></label> <div class="group-controls"> - <input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}" value="<?php echo isset($_SESSION['bd_host']) ? $_SESSION['bd_host'] : $system_default_config->db['host']; ?>" tabindex="2" /> + <input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}(:[0-9]{2,5})?" value="<?php echo isset($_SESSION['bd_host']) ? $_SESSION['bd_host'] : $system_default_config->db['host']; ?>" tabindex="2" /> </div> </div> diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml index e8fdbf842..94c281b7f 100644 --- a/app/layout/aside_feed.phtml +++ b/app/layout/aside_feed.phtml @@ -79,7 +79,7 @@ <?php if (FreshRSS_Auth::hasAccess()) { ?> <li class="item"><a href="<?php echo _url('stats', 'repartition', 'id', '------'); ?>"><?php echo _t('index.menu.stats'); ?></a></li> <?php } ?> - <li class="item"><a target="_blank" href="http://example.net/"><?php echo _t('gen.action.see_website'); ?></a></li> + <li class="item"><a target="_blank" rel="noreferrer" href="http://example.net/"><?php echo _t('gen.action.see_website'); ?></a></li> <?php if (FreshRSS_Auth::hasAccess()) { ?> <li class="separator"></li> <li class="item"><a href="<?php echo _url('subscription', 'index', 'id', '------'); ?>"><?php echo _t('gen.action.manage'); ?></a></li> diff --git a/app/layout/aside_subscription.phtml b/app/layout/aside_subscription.phtml index fa10d63e8..e14afe2a7 100644 --- a/app/layout/aside_subscription.phtml +++ b/app/layout/aside_subscription.phtml @@ -10,7 +10,7 @@ </li> <li class="item"> - <a class="bookmarkClick" href="javascript:(function(){var%20url%20=%20location.href;window.open('<?php echo Minz_Url::display(array('c' => 'feed', 'a' => 'add'), 'html', true); ?>&url_rss='+encodeURIComponent(url), '_blank');})();"> + <a class="bookmarkClick" href="javascript:(function(){var%20url%20=%20location.href;var%20otherWindow=window.open('about:blank','_blank');otherWindow.opener=null;otherWindow.location='<?php echo Minz_Url::display(array('c' => 'feed', 'a' => 'add'), 'html', true); ?>&url_rss='+encodeURIComponent(url);})();"> <?php echo _t('sub.menu.bookmark'); ?> </a> </li> diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 23255f04f..d77c1abf9 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -152,7 +152,7 @@ $url_output['params']['token'] = FreshRSS_Context::$user_conf->token; } ?> - <a class="view_rss btn" target="_blank" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>"> + <a class="view_rss btn" target="_blank" rel="noreferrer" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>"> <?php echo _i('rss'); ?> </a> </div> diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml index 0dad5bf6d..ffcfb8b29 100644 --- a/app/views/configure/sharing.phtml +++ b/app/views/configure/sharing.phtml @@ -13,7 +13,7 @@ <input type="text" id="share_##key##_name" name="share[##key##][name]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_name'); ?>" size="64" /> <input type="url" id="share_##key##_url" name="share[##key##][url]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_url'); ?>" size="64" /> <a href="#" class="remove btn btn-attention" data-remove="group-share-##key##"><?php echo _i('close'); ?></a></div> - <a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a> + <a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a> </div></div>'> <input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" /> <legend><?php echo _t('conf.sharing'); ?></legend> @@ -38,7 +38,7 @@ <a href='#' class='remove btn btn-attention' data-remove="group-share-<?php echo $key; ?>"><?php echo _i('close'); ?></a> </div> <?php if ($share->formType() === 'advanced') { ?> - <a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a> + <a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a> <?php } ?> </div> </div> diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml index caf685d79..5cd59d298 100644 --- a/app/views/feed/add.phtml +++ b/app/views/feed/add.phtml @@ -30,7 +30,7 @@ <label class="group-name"><?php echo _t('sub.feed.website'); ?></label> <div class="group-controls"> <?php echo $this->feed->website(); ?> - <a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> </div> </div> <?php } ?> @@ -40,9 +40,9 @@ <div class="group-controls"> <div class="stick"> <input type="text" name="url_rss" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" /> - <a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> </div> - <a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a> </div> </div> <div class="form-group"> diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index b7e8f68cd..bf87a255a 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -37,7 +37,7 @@ <div class="group-controls"> <div class="stick"> <input type="text" name="website" id="website" class="extend" value="<?php echo $this->feed->website(); ?>" /> - <a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a> </div> </div> </div> @@ -46,10 +46,10 @@ <div class="group-controls"> <div class="stick"> <input type="text" name="url" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" /> - <a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a> </div> - <a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a> + <a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a> </div> </div> <div class="form-group"> diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml index 3af7436c3..a9d5a80ca 100644 --- a/app/views/helpers/index/normal/entry_bottom.phtml +++ b/app/views/helpers/index/normal/entry_bottom.phtml @@ -52,7 +52,7 @@ $share_options['title'] = $title; $share->update($share_options); ?><li class="item share"> - <a target="_blank" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a> + <a target="_blank" rel="noreferrer" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a> </li><?php } ?></ul> @@ -81,6 +81,6 @@ ?><li class="item date"><?php echo $this->entry->date(); ?></li><?php } if ($bottomline_link) { - ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php + ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> </ul> diff --git a/app/views/helpers/index/normal/entry_header.phtml b/app/views/helpers/index/normal/entry_header.phtml index dc544298f..86298e59f 100644 --- a/app/views/helpers/index/normal/entry_header.phtml +++ b/app/views/helpers/index/normal/entry_header.phtml @@ -27,7 +27,7 @@ } } ?><li class="item website"><a href="<?php echo _url('index', 'index', 'get', 'f_' . $this->feed->id()); ?>"><img class="favicon" src="<?php echo $this->feed->favicon(); ?>" alt="✇" /> <span><?php echo $this->feed->name(); ?></span></a></li> - <li class="item title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li> + <li class="item title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li> <?php if ($topline_date) { ?><li class="item date"><?php echo $this->entry->date(); ?> </li><?php } ?> - <?php if ($topline_link) { ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> + <?php if ($topline_link) { ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?> </ul> diff --git a/app/views/index/normal.phtml b/app/views/index/normal.phtml index 91ebcebd3..6fda11ed9 100644 --- a/app/views/index/normal.phtml +++ b/app/views/index/normal.phtml @@ -66,7 +66,7 @@ if (!empty($this->entries)) { ?><div class="flux_content"> <div class="content <?php echo $content_width; ?>"> - <h1 class="title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></h1> + <h1 class="title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></h1> <?php $author = $this->entry->author(); echo $author != '' ? '<div class="author">' . _t('gen.short.by_author', $author) . '</div>' : '', diff --git a/data/persona/.gitignore b/data/persona/.gitignore deleted file mode 100644 index 314f02b1b..000000000 --- a/data/persona/.gitignore +++ /dev/null @@ -1 +0,0 @@ -*.txt
\ No newline at end of file diff --git a/data/persona/index.html b/data/persona/index.html deleted file mode 100644 index 85faaa37e..000000000 --- a/data/persona/index.html +++ /dev/null @@ -1,13 +0,0 @@ -<!DOCTYPE html> -<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-GB" lang="en-GB"> -<head> -<meta charset="UTF-8" /> -<meta http-equiv="Refresh" content="0; url=/" /> -<title>Redirection</title> -<meta name="robots" content="noindex" /> -</head> - -<body> -<p><a href="/">Redirection</a></p> -</body> -</html> diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index 78b44ea7f..5bc18bf1f 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -53,15 +53,18 @@ class Minz_ModelPdo { self::$sharedCurrentUser = $currentUser; $driver_options = isset($conf->db['pdo_options']) && is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array(); + $dbServer = parse_url('db://' . $db['host']); try { switch ($db['type']) { case 'mysql': - $string = 'mysql:host=' . $db['host'] . ';dbname=' . $db['base'] . ';charset=utf8mb4'; + $string = 'mysql:host=' . $dbServer['host'] . ';dbname=' . $db['base'] . ';charset=utf8mb4'; + if (!empty($dbServer['port'])) { + $string .= ';port=' . $dbServer['port']; + } $driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8mb4'; $this->prefix = $db['prefix'] . $currentUser . '_'; $this->bd = new MinzPDOMySql($string, $db['user'], $db['password'], $driver_options); - //TODO Consider: $this->bd->exec("SET SESSION sql_mode = 'ANSI_QUOTES';"); break; case 'sqlite': $string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite'); @@ -70,7 +73,10 @@ class Minz_ModelPdo { $this->bd->exec('PRAGMA foreign_keys = ON;'); break; case 'pgsql': - $string = 'pgsql:host=' . $db['host'] . ';dbname=' . $db['base']; + $string = 'pgsql:host=' . $dbServer['host'] . ';dbname=' . $db['base']; + if (!empty($dbServer['port'])) { + $string .= ';port=' . $dbServer['port']; + } $this->prefix = $db['prefix'] . $currentUser . '_'; $this->bd = new MinzPDOPGSQL($string, $db['user'], $db['password'], $driver_options); $this->bd->exec("SET NAMES 'UTF8';"); diff --git a/p/scripts/main.js b/p/scripts/main.js index 8980fe2f6..74631451a 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -752,7 +752,7 @@ function init_stream(divStream) { }); divStream.on('click', '.flux .content a', function () { - $(this).attr('target', '_blank'); + $(this).attr('target', '_blank').attr('rel', 'noreferrer'); }); if (context.auto_mark_site) { diff --git a/p/themes/base-theme/template.css b/p/themes/base-theme/template.css index 8a12423be..5b3389129 100644 --- a/p/themes/base-theme/template.css +++ b/p/themes/base-theme/template.css @@ -807,6 +807,10 @@ input:checked + .slide-container .properties { display: none; } +.enclosure > [download] { + font-size: xx-large; + margin-left: .8em; +} /*=== MOBILE */ /*===========*/ |