diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-11-11 08:17:12 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-11-11 08:17:12 +0100 |
| commit | a18c35046daee15e7ac5f85db290d54541a03e3c (patch) | |
| tree | ec638cf7c93537a4f81b27216097d8509252eb81 /app/Models | |
| parent | 5e622c60fa5c40793138807280319f7e84d00cc6 (diff) | |
Housekeeping lib_rss.php (#8193)
* Housekeeping lib_rss.php
`lib_rss.php` had become much too large, especially after https://github.com/FreshRSS/FreshRSS/pull/7924
Moved most functions to other places.
Mostly no change of code otherwise (see comments).
* Extension: composer run-script phpstan-third-party
Diffstat (limited to 'app/Models')
| -rw-r--r-- | app/Models/Auth.php | 10 | ||||
| -rw-r--r-- | app/Models/Category.php | 4 | ||||
| -rw-r--r-- | app/Models/Entry.php | 4 | ||||
| -rw-r--r-- | app/Models/Feed.php | 32 | ||||
| -rw-r--r-- | app/Models/FeedDAO.php | 2 | ||||
| -rw-r--r-- | app/Models/SimplePieCustom.php | 295 | ||||
| -rw-r--r-- | app/Models/SimplePieResponse.php | 4 | ||||
| -rw-r--r-- | app/Models/UserConfiguration.php | 28 | ||||
| -rw-r--r-- | app/Models/UserQuery.php | 18 |
9 files changed, 370 insertions, 27 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php index 888215730..6bf4a2b3f 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -16,7 +16,7 @@ class FreshRSS_Auth { * This method initializes authentication system. */ public static function init(): bool { - if (isset($_SESSION['REMOTE_USER']) && $_SESSION['REMOTE_USER'] !== httpAuthUser()) { + if (isset($_SESSION['REMOTE_USER']) && $_SESSION['REMOTE_USER'] !== FreshRSS_http_Util::httpAuthUser()) { //HTTP REMOTE_USER has changed self::removeAccess(); } @@ -67,7 +67,7 @@ class FreshRSS_Auth { } return $current_user != ''; case 'http_auth': - $current_user = httpAuthUser(); + $current_user = FreshRSS_http_Util::httpAuthUser(); if ($current_user == '') { return false; } @@ -115,7 +115,7 @@ class FreshRSS_Auth { break; case 'http_auth': $current_user = Minz_User::name() ?? ''; - self::$login_ok = strcasecmp($current_user, httpAuthUser()) === 0; + self::$login_ok = strcasecmp($current_user, FreshRSS_http_Util::httpAuthUser()) === 0; break; case 'none': self::$login_ok = true; @@ -127,7 +127,7 @@ class FreshRSS_Auth { Minz_Session::_params([ 'loginOk' => self::$login_ok, - 'REMOTE_USER' => httpAuthUser(), + 'REMOTE_USER' => FreshRSS_http_Util::httpAuthUser(), ]); return self::$login_ok; } @@ -175,7 +175,7 @@ class FreshRSS_Auth { if ($token_param != '') { $username = Minz_Request::paramString('user'); if ($username != '') { - $conf = get_user_configuration($username); + $conf = FreshRSS_UserConfiguration::getForUser($username); if ($conf == null) { $username = ''; } diff --git a/app/Models/Category.php b/app/Models/Category.php index 554e002fb..4d7740ed1 100644 --- a/app/Models/Category.php +++ b/app/Models/Category.php @@ -176,7 +176,7 @@ class FreshRSS_Category extends Minz_Model { * @throws FreshRSS_Context_Exception */ public function cacheFilename(string $url): string { - $simplePie = customSimplePie($this->attributes(), $this->curlOptions()); + $simplePie = new FreshRSS_SimplePieCustom($this->attributes(), $this->curlOptions()); $filename = $simplePie->get_cache_filename($url); return CACHE_PATH . '/' . $filename . '.opml.xml'; } @@ -188,7 +188,7 @@ class FreshRSS_Category extends Minz_Model { } $ok = true; $cachePath = $this->cacheFilename($url); - $opml = httpGet($url, $cachePath, 'opml', $this->attributes(), $this->curlOptions())['body']; + $opml = FreshRSS_http_Util::httpGet($url, $cachePath, 'opml', $this->attributes(), $this->curlOptions())['body']; if ($opml == '') { Minz_Log::warning('Error getting dynamic OPML for category ' . $this->id() . '! ' . \SimplePie\Misc::url_remove_credentials($url)); diff --git a/app/Models/Entry.php b/app/Models/Entry.php index 3cf6382dd..fa12ceb66 100644 --- a/app/Models/Entry.php +++ b/app/Models/Entry.php @@ -904,7 +904,7 @@ HTML; } $cachePath = $feed->cacheFilename($url . '#' . $feed->pathEntries()); - $response = httpGet($url, $cachePath, 'html', $feed->attributes(), $feed->curlOptions()); + $response = FreshRSS_http_Util::httpGet($url, $cachePath, 'html', $feed->attributes(), $feed->curlOptions()); $html = $response['body']; if ($html !== '') { $doc = new DOMDocument(); @@ -979,7 +979,7 @@ HTML; } unset($xpath, $doc); - $html = sanitizeHTML($html, $base); + $html = FreshRSS_SimplePieCustom::sanitizeHTML($html, $base); if ($path_entries_filter !== '') { // Remove unwanted elements again after sanitizing, for CSS selectors to also match sanitized content diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 2a1ec3f63..cd5fa508d 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -455,7 +455,7 @@ class FreshRSS_Feed extends Minz_Model { $this->hashFavicon = ''; $url = $value; if ($validate) { - $url = checkUrl($url); + $url = FreshRSS_http_Util::checkUrl($url); } if ($url == false) { throw new FreshRSS_BadUrl_Exception($value); @@ -488,7 +488,7 @@ class FreshRSS_Feed extends Minz_Model { public function _website(string $value, bool $validate = true): void { $this->hashFavicon = ''; if ($validate) { - $value = checkUrl($value); + $value = FreshRSS_http_Util::checkUrl($value); } if ($value == false) { $value = ''; @@ -541,7 +541,7 @@ class FreshRSS_Feed extends Minz_Model { * @throws Minz_FileNotExistException * @throws FreshRSS_Feed_Exception */ - public function load(bool $loadDetails = false, bool $noCache = false): ?\SimplePie\SimplePie { + public function load(bool $loadDetails = false, bool $noCache = false): ?FreshRSS_SimplePieCustom { if ($this->url != '') { /** * @throws Minz_FileNotExistException @@ -556,7 +556,7 @@ class FreshRSS_Feed extends Minz_Model { throw new FreshRSS_Feed_Exception('For that domain, will first retry after ' . date('c', $retryAfter) . '. ' . $this->url(includeCredentials: false), code: 503); } - $simplePie = customSimplePie($this->attributes(), $this->curlOptions()); + $simplePie = new FreshRSS_SimplePieCustom($this->attributes(), $this->curlOptions()); $url = htmlspecialchars_decode($this->url, ENT_QUOTES); if (str_ends_with($url, '#force_feed')) { $simplePie->force_feed(true); @@ -595,9 +595,9 @@ class FreshRSS_Feed extends Minz_Model { } $links = $simplePie->get_links('self'); - $this->selfUrl = empty($links[0]) ? '' : (checkUrl($links[0]) ?: ''); + $this->selfUrl = empty($links[0]) ? '' : (FreshRSS_http_Util::checkUrl($links[0]) ?: ''); $links = $simplePie->get_links('hub'); - $this->hubUrl = empty($links[0]) ? '' : (checkUrl($links[0]) ?: ''); + $this->hubUrl = empty($links[0]) ? '' : (FreshRSS_http_Util::checkUrl($links[0]) ?: ''); if ($loadDetails) { // si on a utilisé l’auto-discover, notre url va avoir changé @@ -693,7 +693,7 @@ class FreshRSS_Feed extends Minz_Model { * The default value of 5% rounded was chosen to allow 1 invalid GUID for feeds of 10 articles, which is a frequently observed amount of articles. * @return list<string> */ - public function loadGuids(\SimplePie\SimplePie $simplePie, float $invalidGuidsTolerance = 0.05): array { + public function loadGuids(FreshRSS_SimplePieCustom $simplePie, float $invalidGuidsTolerance = 0.05): array { $invalidGuids = 0; $testGuids = []; $guids = []; @@ -747,7 +747,7 @@ class FreshRSS_Feed extends Minz_Model { } /** @return Traversable<FreshRSS_Entry> */ - public function loadEntries(\SimplePie\SimplePie $simplePie): Traversable { + public function loadEntries(FreshRSS_SimplePieCustom $simplePie): Traversable { $items = $simplePie->get_items(); if (empty($items)) { return; @@ -889,8 +889,8 @@ class FreshRSS_Feed extends Minz_Model { * returns a SimplePie initialized already with that content * @param string $feedContent the content of the feed, typically generated via FreshRSS_View::renderToString() */ - private function simplePieFromContent(string $feedContent): \SimplePie\SimplePie { - $simplePie = customSimplePie(); + private function simplePieFromContent(string $feedContent): FreshRSS_SimplePieCustom { + $simplePie = new FreshRSS_SimplePieCustom(); $simplePie->enable_cache(false); $simplePie->set_raw_data($feedContent); $simplePie->init(); @@ -956,7 +956,7 @@ class FreshRSS_Feed extends Minz_Model { return null; } - public function loadJson(): ?\SimplePie\SimplePie { + public function loadJson(): ?FreshRSS_SimplePieCustom { if ($this->url == '') { return null; } @@ -966,7 +966,7 @@ class FreshRSS_Feed extends Minz_Model { } $httpAccept = $this->kind() === FreshRSS_Feed::KIND_HTML_XPATH_JSON_DOTNOTATION ? 'html' : 'json'; - $content = httpGet($feedSourceUrl, $this->cacheFilename(), $httpAccept, $this->attributes(), $this->curlOptions())['body']; + $content = FreshRSS_http_Util::httpGet($feedSourceUrl, $this->cacheFilename(), $httpAccept, $this->attributes(), $this->curlOptions())['body']; if (strlen($content) <= 0) { return null; } @@ -995,7 +995,7 @@ class FreshRSS_Feed extends Minz_Model { return $this->simplePieFromContent($feedContent); } - public function loadHtmlXpath(): ?\SimplePie\SimplePie { + public function loadHtmlXpath(): ?FreshRSS_SimplePieCustom { if ($this->url == '') { return null; } @@ -1024,7 +1024,7 @@ class FreshRSS_Feed extends Minz_Model { } $httpAccept = $this->kind() === FreshRSS_Feed::KIND_XML_XPATH ? 'xml' : 'html'; - $html = httpGet($feedSourceUrl, $this->cacheFilename(), $httpAccept, $this->attributes(), $this->curlOptions())['body']; + $html = FreshRSS_http_Util::httpGet($feedSourceUrl, $this->cacheFilename(), $httpAccept, $this->attributes(), $this->curlOptions())['body']; if (strlen($html) <= 0) { return null; } @@ -1230,7 +1230,7 @@ class FreshRSS_Feed extends Minz_Model { * @throws FreshRSS_Context_Exception */ public function cacheFilename(string $url = ''): string { - $simplePie = customSimplePie($this->attributes(), $this->curlOptions()); + $simplePie = new FreshRSS_SimplePieCustom($this->attributes(), $this->curlOptions()); if ($url !== '') { $filename = $simplePie->get_cache_filename($url); return CACHE_PATH . '/' . $filename . '.html'; @@ -1385,7 +1385,7 @@ class FreshRSS_Feed extends Minz_Model { Minz_Log::warning('Invalid JSON for WebSub: ' . $this->url); return false; } - $callbackUrl = checkUrl(Minz_Request::getBaseUrl() . '/api/pshb.php?k=' . $hubJson['key']); + $callbackUrl = FreshRSS_http_Util::checkUrl(Minz_Request::getBaseUrl() . '/api/pshb.php?k=' . $hubJson['key']); if ($callbackUrl == '') { Minz_Log::warning('Invalid callback for WebSub: ' . $this->url); return false; diff --git a/app/Models/FeedDAO.php b/app/Models/FeedDAO.php index 346aa1924..2e0d5781a 100644 --- a/app/Models/FeedDAO.php +++ b/app/Models/FeedDAO.php @@ -71,7 +71,7 @@ SQL; $valuesTmp['category'], mb_strcut(trim($valuesTmp['name']), 0, FreshRSS_DatabaseDAO::LENGTH_INDEX_UNICODE, 'UTF-8'), $valuesTmp['website'], - sanitizeHTML($valuesTmp['description'], ''), + FreshRSS_SimplePieCustom::sanitizeHTML($valuesTmp['description'], ''), $valuesTmp['lastUpdate'], isset($valuesTmp['priority']) ? (int)$valuesTmp['priority'] : FreshRSS_Feed::PRIORITY_MAIN_STREAM, mb_strcut($valuesTmp['pathEntries'], 0, 4096, 'UTF-8'), diff --git a/app/Models/SimplePieCustom.php b/app/Models/SimplePieCustom.php new file mode 100644 index 000000000..372ce6d3d --- /dev/null +++ b/app/Models/SimplePieCustom.php @@ -0,0 +1,295 @@ +<?php +declare(strict_types=1); + +final class FreshRSS_SimplePieCustom extends \SimplePie\SimplePie +{ + /** + * @param array<string,mixed> $attributes + * @param array<int,mixed> $curl_options + * @throws FreshRSS_Context_Exception + */ + public function __construct(array $attributes = [], array $curl_options = []) { + parent::__construct(); + $limits = FreshRSS_Context::systemConf()->limits; + $this->get_registry()->register(\SimplePie\File::class, FreshRSS_SimplePieResponse::class); + $this->set_useragent(FRESHRSS_USERAGENT); + $this->set_cache_name_function('sha1'); + $this->set_cache_location(CACHE_PATH); + $this->set_cache_duration($limits['cache_duration'], $limits['cache_duration_min'], $limits['cache_duration_max']); + $this->enable_order_by_date(false); + + $feed_timeout = empty($attributes['timeout']) || !is_numeric($attributes['timeout']) ? 0 : (int)$attributes['timeout']; + $this->set_timeout($feed_timeout > 0 ? $feed_timeout : $limits['timeout']); + + $curl_options = array_replace(FreshRSS_Context::systemConf()->curl_options, $curl_options); + if (isset($attributes['ssl_verify'])) { + $curl_options[CURLOPT_SSL_VERIFYHOST] = empty($attributes['ssl_verify']) ? 0 : 2; + $curl_options[CURLOPT_SSL_VERIFYPEER] = (bool)$attributes['ssl_verify']; + if (empty($attributes['ssl_verify'])) { + $curl_options[CURLOPT_SSL_CIPHER_LIST] = 'DEFAULT@SECLEVEL=1'; + } + } + $attributes['curl_params'] = FreshRSS_http_Util::sanitizeCurlParams(is_array($attributes['curl_params'] ?? null) ? $attributes['curl_params'] : []); + if (!empty($attributes['curl_params']) && is_array($attributes['curl_params'])) { + foreach ($attributes['curl_params'] as $co => $v) { + if (is_int($co)) { + $curl_options[$co] = $v; + } + } + } + if (!empty($curl_options[CURLOPT_PROXYTYPE]) && ($curl_options[CURLOPT_PROXYTYPE] < 0 || $curl_options[CURLOPT_PROXYTYPE] === 3)) { + // 3 is legacy for NONE + unset($curl_options[CURLOPT_PROXYTYPE]); + if (isset($curl_options[CURLOPT_PROXY])) { + unset($curl_options[CURLOPT_PROXY]); + } + } + $this->set_curl_options($curl_options); + + $this->strip_comments(true); + $this->rename_attributes(['id', 'class']); + $this->allow_aria_attr(true); + $this->allow_data_attr(true); + $this->allowed_html_attributes([ + // HTML + 'dir', + 'draggable', + 'hidden', + 'lang', + 'role', + 'title', + // MathML + 'displaystyle', + 'mathsize', + 'scriptlevel', + ]); + $this->allowed_html_elements_with_attributes([ + // HTML + 'a' => ['href', 'hreflang', 'type'], + 'abbr' => [], + 'acronym' => [], + 'address' => [], + // 'area' => [], // TODO: support <area> after rewriting ids with a format like #ugc-<insert original id here> (maybe) + 'article' => [], + 'aside' => [], + 'audio' => ['controlslist', 'loop', 'muted', 'src'], + 'b' => [], + 'bdi' => [], + 'bdo' => [], + 'big' => [], + 'blink' => [], + 'blockquote' => ['cite'], + 'br' => ['clear'], + 'button' => ['disabled'], + 'canvas' => ['width', 'height'], + 'caption' => ['align'], + 'center' => [], + 'cite' => [], + 'code' => [], + 'col' => ['span', 'align', 'valign', 'width'], + 'colgroup' => ['span', 'align', 'valign', 'width'], + 'data' => ['value'], + 'datalist' => [], + 'dd' => [], + 'del' => ['cite', 'datetime'], + 'details' => ['open'], + 'dfn' => [], + 'dialog' => [], + 'dir' => [], + 'div' => ['align'], + 'dl' => [], + 'dt' => [], + 'em' => [], + 'fieldset' => ['disabled'], + 'figcaption' => [], + 'figure' => [], + 'footer' => [], + 'h1' => [], + 'h2' => [], + 'h3' => [], + 'h4' => [], + 'h5' => [], + 'h6' => [], + 'header' => [], + 'hgroup' => [], + 'hr' => ['align', 'noshade', 'size', 'width'], + 'i' => [], + 'iframe' => ['src', 'align', 'frameborder', 'longdesc', 'marginheight', 'marginwidth', 'scrolling'], + 'image' => ['src', 'alt', 'width', 'height', 'align', 'border', 'hspace', 'longdesc', 'vspace'], + 'img' => ['src', 'alt', 'width', 'height', 'align', 'border', 'hspace', 'longdesc', 'vspace'], + 'ins' => ['cite', 'datetime'], + 'kbd' => [], + 'label' => [], + 'legend' => [], + 'li' => ['value', 'type'], + 'main' => [], + // 'map' => [], // TODO: support <map> after rewriting ids with a format like #ugc-<insert original id here> (maybe) + 'mark' => [], + 'marquee' => ['behavior', 'direction', 'height', 'hspace', 'loop', 'scrollamount', 'scrolldelay', 'truespeed', 'vspace', 'width'], + 'menu' => [], + 'meter' => ['value', 'min', 'max', 'low', 'high', 'optimum'], + 'nav' => [], + 'nobr' => [], + // 'noembed' => [], // <embed> is not allowed, so we want to display the contents of <noembed> + 'noframes' => [], + // 'noscript' => [], // From the perspective of the feed content, JS isn't allowed so we want to display the contents of <noscript> + 'ol' => ['reversed', 'start', 'type'], + 'optgroup' => ['disabled', 'label'], + 'option' => ['disabled', 'label', 'selected', 'value'], + 'output' => [], + 'p' => ['align'], + 'picture' => [], + // 'plaintext' => [], // Can't be closed. See: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/plaintext + 'pre' => ['width', 'wrap'], + 'progress' => ['max', 'value'], + 'q' => ['cite'], + 'rb' => [], + 'rp' => [], + 'rt' => [], + 'rtc' => [], + 'ruby' => [], + 's' => [], + 'samp' => [], + 'search' => [], + 'section' => [], + 'select' => ['disabled', 'multiple', 'size'], + 'small' => [], + 'source' => ['type', 'src', 'media', 'height', 'width'], + 'span' => [], + 'strike' => [], + 'strong' => [], + 'sub' => [], + 'summary' => [], + 'sup' => [], + 'table' => ['align', 'border', 'cellpadding', 'cellspacing', 'rules', 'summary', 'width'], + 'tbody' => ['align', 'char', 'charoff', 'valign'], + 'td' => ['colspan', 'headers', 'rowspan', 'abbr', 'align', 'height', 'scope', 'valign', 'width'], + 'textarea' => ['cols', 'disabled', 'maxlength', 'minlength', 'placeholder', 'readonly', 'rows', 'wrap'], + 'tfoot' => ['align', 'valign'], + 'th' => ['abbr', 'colspan', 'rowspan', 'scope', 'align', 'height', 'valign', 'width'], + 'thead' => ['align', 'valign'], + 'time' => ['datetime'], + 'tr' => ['align', 'valign'], + 'track' => ['default', 'kind', 'srclang', 'label', 'src'], + 'tt' => [], + 'u' => [], + 'ul' => ['type'], + 'var' => [], + 'video' => ['src', 'poster', 'controlslist', 'height', 'loop', 'muted', 'playsinline', 'width'], + 'wbr' => [], + 'xmp' => [], + // MathML + 'maction' => ['actiontype', 'selection'], + 'math' => ['display'], + 'menclose' => ['notation'], + 'merror' => [], + 'mfenced' => ['close', 'open', 'separators'], + 'mfrac' => ['denomalign', 'linethickness', 'numalign'], + 'mi' => ['mathvariant'], + 'mmultiscripts' => ['subscriptshift', 'superscriptshift'], + 'mn' => [], + 'mo' => ['accent', 'fence', 'form', 'largeop', 'lspace', 'maxsize', 'minsize', 'movablelimits', 'rspace', 'separator', 'stretchy', 'symmetric'], + 'mover' => ['accent'], + 'mpadded' => ['depth', 'height', 'lspace', 'voffset', 'width'], + 'mphantom' => [], + 'mprescripts' => [], + 'mroot' => [], + 'mrow' => [], + 'ms' => [], + 'mspace' => ['depth', 'height', 'width'], + 'msqrt' => [], + 'msub' => [], + 'msubsup' => ['subscriptshift', 'superscriptshift'], + 'msup' => ['superscriptshift'], + 'mtable' => ['align', 'columnalign', 'columnlines', 'columnspacing', 'frame', 'framespacing', 'rowalign', 'rowlines', 'rowspacing', 'width'], + 'mtd' => ['columnspan', 'rowspan', 'columnalign', 'rowalign'], + 'mtext' => [], + 'mtr' => ['columnalign', 'rowalign'], + 'munder' => ['accentunder'], + 'munderover' => ['accent', 'accentunder'], + // TODO: Support SVG after sanitizing and URL rewriting of xlink:href + ]); + $this->strip_attributes([ + 'data-auto-leave-validation', + 'data-leave-validation', + 'data-no-leave-validation', + 'data-original', + ]); + $this->add_attributes([ + 'audio' => ['controls' => 'controls', 'preload' => 'none'], + 'iframe' => [ + 'allow' => 'accelerometer; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share', + 'sandbox' => 'allow-scripts allow-same-origin', + ], + 'video' => ['controls' => 'controls', 'preload' => 'none'], + ]); + $this->set_url_replacements([ + 'a' => 'href', + 'area' => 'href', + 'audio' => 'src', + 'blockquote' => 'cite', + 'del' => 'cite', + 'form' => 'action', + 'iframe' => 'src', + 'img' => [ + 'longdesc', + 'src', + ], + 'image' => [ + 'longdesc', + 'src', + ], + 'input' => 'src', + 'ins' => 'cite', + 'q' => 'cite', + 'source' => 'src', + 'track' => 'src', + 'video' => [ + 'poster', + 'src', + ], + ]); + $https_domains = []; + $force = @file(FRESHRSS_PATH . '/force-https.default.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (is_array($force)) { + $https_domains = array_merge($https_domains, $force); + } + $force = @file(DATA_PATH . '/force-https.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (is_array($force)) { + $https_domains = array_merge($https_domains, $force); + } + + // Remove whitespace and comments starting with # / ; + $https_domains = preg_replace('%\\s+|[\/#;].*$%', '', $https_domains) ?? $https_domains; + $https_domains = array_filter($https_domains, fn(string $v) => $v !== ''); + + $this->set_https_domains($https_domains); + } + + public static function sanitizeHTML(string $data, string $base = '', ?int $maxLength = null): string { + if ($data === '' || ($maxLength !== null && $maxLength <= 0)) { + return ''; + } + if ($maxLength !== null) { + $data = mb_strcut($data, 0, $maxLength, 'UTF-8'); + } + /** @var FreshRSS_SimplePieCustom|null $simplePie */ + static $simplePie = null; + if ($simplePie === null) { + $simplePie = new static(); + $simplePie->enable_cache(false); + $simplePie->init(); + } + $sanitized = $simplePie->sanitize->sanitize($data, \SimplePie\SimplePie::CONSTRUCT_HTML, $base); + if (!is_string($sanitized)) { + return ''; + } + $result = html_only_entity_decode($sanitized); + if ($maxLength !== null && strlen($result) > $maxLength) { + //Sanitizing has made the result too long so try again shorter + $data = mb_strcut($result, 0, (2 * $maxLength) - strlen($result) - 2, 'UTF-8'); + return self::sanitizeHTML($data, $base, $maxLength); + } + return $result; + } +} diff --git a/app/Models/SimplePieResponse.php b/app/Models/SimplePieResponse.php index 27dc41b74..42625ccf3 100644 --- a/app/Models/SimplePieResponse.php +++ b/app/Models/SimplePieResponse.php @@ -5,7 +5,9 @@ final class FreshRSS_SimplePieResponse extends \SimplePie\File { #[\Override] protected function on_http_response($response, array $curl_options = []): void { - syslog(LOG_INFO, 'FreshRSS SimplePie GET ' . $this->get_status_code() . ' ' . \SimplePie\Misc::url_remove_credentials($this->get_final_requested_uri())); + if (FreshRSS_Context::systemConf()->simplepie_syslog_enabled) { + syslog(LOG_INFO, 'FreshRSS SimplePie GET ' . $this->get_status_code() . ' ' . \SimplePie\Misc::url_remove_credentials($this->get_final_requested_uri())); + } if (in_array($this->get_status_code(), [429, 503], true)) { $parser = new \SimplePie\HTTP\Parser(is_string($response) ? $response : ''); diff --git a/app/Models/UserConfiguration.php b/app/Models/UserConfiguration.php index eaa08d92d..d98d85fe3 100644 --- a/app/Models/UserConfiguration.php +++ b/app/Models/UserConfiguration.php @@ -108,4 +108,32 @@ final class FreshRSS_UserConfiguration extends Minz_Configuration { } return $default_user_conf; } + + /** + * Register and return the configuration for a given user. + * + * Note this function has been created to generate temporary configuration + * objects. If you need a long-time configuration, please don't use this function. + * + * @param string $username the name of the user of which we want the configuration. + * @return FreshRSS_UserConfiguration|null object, or null if the configuration cannot be loaded. + * @throws Minz_ConfigurationNamespaceException + */ + public static function getForUser(string $username): ?FreshRSS_UserConfiguration { + if (!FreshRSS_user_Controller::checkUsername($username)) { + return null; + } + $namespace = 'user_' . $username; + try { + FreshRSS_UserConfiguration::register($namespace, + USERS_PATH . '/' . $username . '/config.php', + FRESHRSS_PATH . '/config-user.default.php'); + } catch (Minz_FileNotExistException $e) { + Minz_Log::warning($e->getMessage(), ADMIN_LOG); + return null; + } + + $user_conf = FreshRSS_UserConfiguration::get($namespace); + return $user_conf; + } } diff --git a/app/Models/UserQuery.php b/app/Models/UserQuery.php index 26264fa24..6050436f4 100644 --- a/app/Models/UserQuery.php +++ b/app/Models/UserQuery.php @@ -350,4 +350,22 @@ class FreshRSS_UserQuery { public function setImageUrl(string $imageUrl): void { $this->imageUrl = $imageUrl; } + + /** + * Remove queries where $get is appearing. + * @param string $get the get attribute which should be removed. + * @param array<int,array{get?:string,name?:string,order?:string,search?:string,state?:int,url?:string,token?:string, + * shareRss?:bool,shareOpml?:bool,description?:string,imageUrl?:string}> $queries an array of queries. + * @return array<int,array{get?:string,name?:string,order?:string,search?:string,state?:int,url?:string,token?:string, + * shareRss?:bool,shareOpml?:bool,description?:string,imageUrl?:string}> without queries where $get is appearing. + */ + public static function remove_query_by_get(string $get, array $queries): array { + $final_queries = []; + foreach ($queries as $query) { + if (empty($query['get']) || $query['get'] !== $get) { + $final_queries[] = $query; + } + } + return $final_queries; + } } |