Merge branch 'dev' into beta

author: Marien Fressinaud <dev@marienfressinaud.fr> 2015-11-04 20:17:29 +0100
committer: Marien Fressinaud <dev@marienfressinaud.fr> 2015-11-04 20:17:29 +0100
commit: a1267baa0b1caa801547ee674d9bb03c4b15d00b (patch)
tree: 78c5567578751752a3623574cbd768e602a46754 /app/Controllers
parent: 133e369afff02e5984fe4ce5109e33fd2fbccfc7 (diff)
parent: 4525e547faa8781e37f86125110f28248eb67fd3 (diff)
5 files changed, 17 insertions, 12 deletions
diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php
index aff184263..f58b008de 100644
--- a/app/Controllers/authController.php
+++ b/app/Controllers/authController.php
@@ -123,8 +123,8 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 
 			$conf = get_user_configuration($username);
 			if (is_null($conf)) {
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
+				return;
 			}
 
 			$ok = FreshRSS_FormAuth::checkCredentials(
@@ -151,8 +151,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 				                  ' user=' . $username .
 				                  ', nonce=' . $nonce .
 				                  ', c=' . $challenge);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 			}
 		} elseif (FreshRSS_Context::$system_conf->unsafe_autologin_enabled) {
 			$username = Minz_Request::param('u', '');
@@ -184,8 +183,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController {
 				                   array('c' => 'index', 'a' => 'index'));
 			} else {
 				Minz_Log::warning('Unsafe password mismatch for user ' . $username);
-				Minz_Request::bad(_t('feedback.auth.login.invalid'),
-				                  array('c' => 'auth', 'a' => 'login'));
+				Minz_Error::error(403, array(_t('feedback.auth.login.invalid')), false);
 			}
 		}
 	}
diff --git a/app/Controllers/configureController.php b/app/Controllers/configureController.php
index 0dc7ceab2..d0f0bd68b 100755
--- a/app/Controllers/configureController.php
+++ b/app/Controllers/configureController.php
@@ -317,6 +317,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 			$limits['max_categories'] = Minz_Request::param('max-categories', 16384);
 			FreshRSS_Context::$system_conf->limits = $limits;
 			FreshRSS_Context::$system_conf->title = Minz_Request::param('instance-name', 'FreshRSS');
+			FreshRSS_Context::$system_conf->auto_update_url = Minz_Request::param('auto-update-url', false);
 			FreshRSS_Context::$system_conf->save();
 
 			invalidateHttpCache();
diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php
index ec3dce777..4ec661115 100755
--- a/app/Controllers/feedController.php
+++ b/app/Controllers/feedController.php
@@ -307,9 +307,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
 
 			$pubSubHubbubEnabled = $pubsubhubbubEnabledGeneral && $feed->pubSubHubbubEnabled();
 			if ((!$simplePiePush) && (!$id) && $pubSubHubbubEnabled && ($feed->lastUpdate() > $pshbMinAge)) {
-				$text = 'Skip pull of feed using PubSubHubbub: ' . $url;
+				//$text = 'Skip pull of feed using PubSubHubbub: ' . $url;
 				//Minz_Log::debug($text);
-				file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND);
+				//file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . $text . "\n", FILE_APPEND);
 				continue;	//When PubSubHubbub is used, do not pull refresh so often
 			}
 
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php
index 421cf6f72..e3ae3669e 100755
--- a/app/Controllers/javascriptController.php
+++ b/app/Controllers/javascriptController.php
@@ -43,7 +43,12 @@ class FreshRSS_javascript_Controller extends Minz_ActionController {
 		} else {
 			Minz_Log::notice('Nonce failure due to invalid username!');
 		}
-		$this->view->nonce = '';	//Failure
-		$this->view->salt1 = '';
+		//Failure: Return random data.
+		$this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST);
+		$alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789';
+		for ($i = 22; $i > 0; $i--) {
+			$this->view->salt1 .= $alphabet[rand(0, 63)];
+		}
+		$this->view->nonce = sha1(rand());
 	}
 }
diff --git a/app/Controllers/updateController.php b/app/Controllers/updateController.php
index 84a33fe85..64c984b04 100644
--- a/app/Controllers/updateController.php
+++ b/app/Controllers/updateController.php
@@ -53,7 +53,8 @@ class FreshRSS_update_Controller extends Minz_ActionController {
 			return;
 		}
 
-		$c = curl_init(FRESHRSS_UPDATE_WEBSITE);
+		$auto_update_url = FreshRSS_Context::$system_conf->auto_update_url . '?v=' . FRESHRSS_VERSION;
+		$c = curl_init($auto_update_url);
 		curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
 		curl_setopt($c, CURLOPT_SSL_VERIFYPEER, true);
 		curl_setopt($c, CURLOPT_SSL_VERIFYHOST, 2);
@@ -70,7 +71,7 @@ class FreshRSS_update_Controller extends Minz_ActionController {
 			$this->view->message = array(
 				'status' => 'bad',
 				'title' => _t('gen.short.damn'),
-				'body' => _t('feedback.update.server_not_found', FRESHRSS_UPDATE_WEBSITE)
+				'body' => _t('feedback.update.server_not_found', $auto_update_url)
 			);
 			return;
 		}
author	Marien Fressinaud <dev@marienfressinaud.fr>	2015-11-04 20:17:29 +0100
committer	Marien Fressinaud <dev@marienfressinaud.fr>	2015-11-04 20:17:29 +0100
commit	a1267baa0b1caa801547ee674d9bb03c4b15d00b (patch)
tree	78c5567578751752a3623574cbd768e602a46754 /app/Controllers
parent	133e369afff02e5984fe4ce5109e33fd2fbccfc7 (diff)
parent	4525e547faa8781e37f86125110f28248eb67fd3 (diff)