Merge 1.1.1-dev into /beta

https://github.com/FreshRSS/FreshRSS/issues/845

8 files changed, 93 insertions, 64 deletions

diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php
index ac7a1bed7..3e8ec1f43 100644
--- a/lib/Minz/ModelPdo.php
+++ b/lib/Minz/ModelPdo.php
@@ -134,4 +134,9 @@ class MinzPDO extends PDO {
 		MinzPDO::check($statement);
 		return parent::exec($statement);
 	}
+
+	public function query($statement) {
+		MinzPDO::check($statement);
+		return parent::query($statement);
+	}
 }
diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php
index 6db2e9c7a..b9eda82a5 100644
--- a/lib/Minz/Request.php
+++ b/lib/Minz/Request.php
@@ -85,44 +85,26 @@ class Minz_Request {
 	}
 
 	/**
-	 * Retourn le nom de domaine du site
-	 */
-	public static function getDomainName() {
-		return $_SERVER['HTTP_HOST'];
-	}
-
-	/**
 	 * Détermine la base de l'url
 	 * @return la base de l'url
 	 */
-	public static function getBaseUrl() {
+	public static function getBaseUrl($baseUrlSuffix = '') {
 		$conf = Minz_Configuration::get('system');
-		$defaultBaseUrl = $conf->base_url;
-		if (!empty($defaultBaseUrl)) {
-			return $defaultBaseUrl;
-		} elseif (isset($_SERVER['REQUEST_URI'])) {
-			return dirname($_SERVER['REQUEST_URI']) . '/';
-		} else {
-			return '/';
-		}
-	}
-
-	/**
-	 * Récupère l'URI de la requête
-	 * @return l'URI
-	 */
-	public static function getURI() {
-		if (isset($_SERVER['REQUEST_URI'])) {
-			$base_url = self::getBaseUrl();
-			$uri = $_SERVER['REQUEST_URI'];
-
-			$len_base_url = strlen($base_url);
-			$real_uri = substr($uri, $len_base_url);
+		$url = $conf->base_url;
+		if ($url == '' || !preg_match('%^https?://%i', $url)) {
+			$url = 'http';
+			$host = empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'];
+			$port = empty($_SERVER['SERVER_PORT']) ? 80 : $_SERVER['SERVER_PORT'];
+			if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') {
+				$url .= 's://' . $host . ($port == 443 ? '' : ':' . $port);
+			} else {
+				$url .= '://' . $host . ($port == 80 ? '' : ':' . $port);
+			}
+			$url .= isset($_SERVER['REQUEST_URI']) ? dirname($_SERVER['REQUEST_URI']) : '';
 		} else {
-			$real_uri = '';
+			$url = rtrim($url, '/\\') . $baseUrlSuffix;
 		}
-
-		return $real_uri;
+		return filter_var($url . '/', FILTER_SANITIZE_URL);
 	}
 
 	/**
diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php
index af555a277..879077d0f 100644
--- a/lib/Minz/Url.php
+++ b/lib/Minz/Url.php
@@ -10,7 +10,6 @@ class Minz_Url {
 	 *                    $url['c'] = controller
 	 *                    $url['a'] = action
 	 *                    $url['params'] = tableau des paramètres supplémentaires
-	 *                    $url['protocol'] = protocole à utiliser (http par défaut)
 	 *             ou comme une chaîne de caractère
 	 * @param $encodage pour indiquer comment encoder les & (& ou & pour html)
 	 * @return l'url formatée
@@ -19,28 +18,21 @@ class Minz_Url {
 		$isArray = is_array($url);
 
 		if ($isArray) {
-			$url = self::checkUrl ($url);
+			$url = self::checkUrl($url);
 		}
 
 		$url_string = '';
 
 		if ($absolute) {
-			if ($isArray && isset ($url['protocol'])) {
-				$protocol = $url['protocol'];
-			} elseif (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') {
-				$protocol = 'https:';
-			} else {
-				$protocol = 'http:';
-			}
-			$url_string = $protocol . '//' . Minz_Request::getDomainName () . Minz_Request::getBaseUrl ();
+			$url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH);
 		} else {
 			$url_string = $isArray ? '.' : PUBLIC_RELATIVE;
 		}
 
 		if ($isArray) {
-			$url_string .= self::printUri ($url, $encodage);
+			$url_string .= self::printUri($url, $encodage);
 		} else {
-			$url_string .= $url;
+			$url_string = Minz_Helper::htmlspecialchars_utf8($url_string . $url);
 		}
 
 		return $url_string;
diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php
index c4872b5be..54f4c5770 100644
--- a/lib/SimplePie/SimplePie.php
+++ b/lib/SimplePie/SimplePie.php
@@ -75,6 +75,12 @@ define('SIMPLEPIE_USERAGENT', SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION . ' (Feed
 define('SIMPLEPIE_LINKBACK', '<a href="' . SIMPLEPIE_URL . '" title="' . SIMPLEPIE_NAME . ' ' . SIMPLEPIE_VERSION . '">' . SIMPLEPIE_NAME . '</a>');
 
 /**
+ * Use syslog to report HTTP requests done by SimplePie.
+ * @see SimplePie::set_syslog()
+ */
+define('SIMPLEPIE_SYSLOG', true);	//FreshRSS
+
+/**
  * No Autodiscovery
  * @see SimplePie::set_autodiscovery_level()
  */
@@ -623,6 +629,12 @@ class SimplePie
 	public $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style');
 
 	/**
+	 * Use syslog to report HTTP requests done by SimplePie.
+	 * @see SimplePie::set_syslog()
+	 */
+	public $syslog_enabled = SIMPLEPIE_SYSLOG;
+
+	/**
 	 * The SimplePie class contains feed level data and options
 	 *
 	 * To use SimplePie, create the SimplePie object with no parameters. You can
@@ -1136,7 +1148,7 @@ class SimplePie
 		$this->sanitize->strip_attributes($attribs);
 	}
 
-	public function add_attributes($attribs = '')
+	public function add_attributes($attribs = '')	//FreshRSS
 	{
 		if ($attribs === '')
 		{
@@ -1146,6 +1158,14 @@ class SimplePie
 	}
 
 	/**
+	 * Use syslog to report HTTP requests done by SimplePie.
+	 */
+	public function set_syslog($value = SIMPLEPIE_SYSLOG)	//FreshRSS
+	{
+		$this->syslog_enabled = $value == true;
+	}
+
+	/**
 	 * Set the output encoding
 	 *
 	 * Allows you to override SimplePie's output to match that of your webpage.
@@ -1231,7 +1251,8 @@ class SimplePie
 		$this->enable_exceptions = $enable;
 	}
 
-	function cleanMd5($rss) {	//FreshRSS
+	function cleanMd5($rss)	//FreshRSS
+	{
 		return md5(preg_replace(array('#<(lastBuildDate|pubDate|updated|feedDate|dc:date|slash:comments)>[^<]+</\\1>#', '#<!--.+?-->#s'), '', $rss));
 	}
 
@@ -1329,7 +1350,8 @@ class SimplePie
 
 			list($headers, $sniffed) = $fetched;
 
-			if (isset($this->data['md5'])) {	//FreshRSS
+			if (isset($this->data['md5']))	//FreshRSS
+			{
 				$md5 = $this->data['md5'];
 			}
 		}
@@ -1455,7 +1477,8 @@ class SimplePie
 		{
 			// Load the Cache
 			$this->data = $cache->load();
-			if ($cache->mtime() + $this->cache_duration > time()) {	//FreshRSS
+			if ($cache->mtime() + $this->cache_duration > time())	//FreshRSS
+			{
 				$this->raw_data = false;
 				return true;	// If the cache is still valid, just return true
 			}
@@ -1529,11 +1552,17 @@ class SimplePie
 					{	//FreshRSS
 						$md5 = $this->cleanMd5($file->body);
 						if ($this->data['md5'] === $md5) {
-							// syslog(LOG_DEBUG, 'SimplePie MD5 cache match for ' . $this->feed_url);
+							if ($this->syslog_enabled)
+							{
+								syslog(LOG_DEBUG, 'SimplePie MD5 cache match for ' . SimplePie_Misc::url_remove_credentials($this->feed_url));
+							}
 							$cache->touch();
 							return true;	//Content unchanged even though server did not send a 304
 						} else {
-							// syslog(LOG_DEBUG, 'SimplePie MD5 cache no match for ' . $this->feed_url);
+							if ($this->syslog_enabled)
+							{
+								syslog(LOG_DEBUG, 'SimplePie MD5 cache no match for ' . SimplePie_Misc::url_remove_credentials($this->feed_url));
+							}
 							$this->data['md5'] = $md5;
 						}
 					}
diff --git a/lib/SimplePie/SimplePie/File.php b/lib/SimplePie/SimplePie/File.php
index 9625af2a9..1f9e3d502 100644
--- a/lib/SimplePie/SimplePie/File.php
+++ b/lib/SimplePie/SimplePie/File.php
@@ -66,7 +66,7 @@ class SimplePie_File
 	var $method = SIMPLEPIE_FILE_SOURCE_NONE;
 	var $permanent_url;	//FreshRSS
 
-	public function __construct($url, $timeout = 10, $redirects = 5, $headers = null, $useragent = null, $force_fsockopen = false)
+	public function __construct($url, $timeout = 10, $redirects = 5, $headers = null, $useragent = null, $force_fsockopen = false, $syslog_enabled = SIMPLEPIE_SYSLOG)
 	{
 		if (class_exists('idna_convert'))
 		{
@@ -79,7 +79,10 @@ class SimplePie_File
 		$this->useragent = $useragent;
 		if (preg_match('/^http(s)?:\/\//i', $url))
 		{
-			// syslog(LOG_INFO, 'SimplePie GET ' . $url);	//FreshRSS
+			if ($syslog_enabled)
+			{
+				syslog(LOG_INFO, 'SimplePie GET ' . SimplePie_Misc::url_remove_credentials($url));	//FreshRSS
+			}
 			if ($useragent === null)
 			{
 				$useragent = ini_get('user_agent');
diff --git a/lib/SimplePie/SimplePie/Misc.php b/lib/SimplePie/SimplePie/Misc.php
index 5a263a2e5..956a284cb 100644
--- a/lib/SimplePie/SimplePie/Misc.php
+++ b/lib/SimplePie/SimplePie/Misc.php
@@ -2240,5 +2240,15 @@ function embed_wmedia(width, height, link) {
 	{
 		// No-op
 	}
+
+	/**
+	 * Sanitize a URL by removing HTTP credentials.
+	 * @param $url the URL to sanitize.
+	 * @return the same URL without HTTP credentials.
+	 */
+	public static function url_remove_credentials($url)	//FreshRSS
+	{
+		return preg_replace('#^(https?://)[^/:@]+:[^/:@]+@#i', '$1', $url);
+	}
 }
 
diff --git a/lib/SimplePie/SimplePie/Sanitize.php b/lib/SimplePie/SimplePie/Sanitize.php
index 168a5e2e8..e7c9f925f 100644
--- a/lib/SimplePie/SimplePie/Sanitize.php
+++ b/lib/SimplePie/SimplePie/Sanitize.php
@@ -249,6 +249,7 @@ class SimplePie_Sanitize
 		{
 			if ($type & SIMPLEPIE_CONSTRUCT_MAYBE_HTML)
 			{
+				$data = htmlspecialchars_decode($data, ENT_QUOTES);	//FreshRSS 
 				if (preg_match('/(&(#(x[0-9a-fA-F]+|[0-9]+)|[a-zA-Z0-9]+)|<\/[A-Za-z][^\x09\x0A\x0B\x0C\x0D\x20\x2F\x3E]*' . SIMPLEPIE_PCRE_HTML_ATTRIBUTE . '>)/', $data))
 				{
 					$type |= SIMPLEPIE_CONSTRUCT_HTML;
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index e5fe73041..6342011c8 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -38,7 +38,7 @@ function classAutoloader($class) {
 				include(APP_PATH . '/Models/' . $components[1] . '.php');
 				return;
 			case 3:	//Controllers, Exceptions
-				@include(APP_PATH . '/' . $components[2] . 's/' . $components[1] . $components[2] . '.php');
+				include(APP_PATH . '/' . $components[2] . 's/' . $components[1] . $components[2] . '.php');
 				return;
 		}
 	} elseif (strpos($class, 'Minz') === 0) {
@@ -51,6 +51,21 @@ function classAutoloader($class) {
 spl_autoload_register('classAutoloader');
 //</Auto-loading>
 
+function idn_to_puny($url) {
+	if (function_exists('idn_to_ascii')) {
+		$parts = parse_url($url);
+		if (!empty($parts['host'])) {
+			$idn = $parts['host'];
+			$puny = idn_to_ascii($idn);
+			$pos = strpos($url, $idn);
+			if ($pos !== false) {
+				return substr_replace($url, $puny, $pos, strlen($idn));
+			}
+		}
+	}
+	return $url;
+}
+
 function checkUrl($url) {
 	if (empty ($url)) {
 		return '';
@@ -58,6 +73,7 @@ function checkUrl($url) {
 	if (!preg_match ('#^https?://#i', $url)) {
 		$url = 'http://' . $url;
 	}
+	$url = idn_to_puny($url);	//PHP bug #53474 IDN
 	if (filter_var($url, FILTER_VALIDATE_URL) ||
 		(version_compare(PHP_VERSION, '5.3.3', '<') && (strpos($url, '-') > 0) &&	//PHP bug #51192
 		 ($url === filter_var($url, FILTER_SANITIZE_URL)))) {
@@ -123,6 +139,7 @@ function customSimplePie() {
 	$limits = $system_conf->limits;
 	$simplePie = new SimplePie();
 	$simplePie->set_useragent(_t('gen.freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
+	$simplePie->set_syslog($system_conf->simplepie_syslog_enabled);
 	$simplePie->set_cache_location(CACHE_PATH);
 	$simplePie->set_cache_duration($limits['cache_duration']);
 	$simplePie->set_timeout($limits['timeout']);
@@ -180,7 +197,7 @@ function sanitizeHTML($data, $base = '') {
 function get_content_by_parsing ($url, $path) {
 	require_once (LIB_PATH . '/lib_phpQuery.php');
 
-	Minz_Log::notice('FreshRSS GET ' . url_remove_credentials($url));
+	Minz_Log::notice('FreshRSS GET ' . SimplePie_Misc::url_remove_credentials($url));
 	$html = file_get_contents ($url);
 
 	if ($html) {
@@ -429,13 +446,3 @@ function array_push_unique(&$array, $value) {
 function array_remove(&$array, $value) {
 	$array = array_diff($array, array($value));
 }
-
-
-/**
- * Sanitize a URL by removing HTTP credentials.
- * @param $url the URL to sanitize.
- * @return the same URL without HTTP credentials.
- */
-function url_remove_credentials($url) {
-	return preg_replace('/[^\/]*:[^:]*@/', '', $url);
-}