diff options
Diffstat (limited to 'app/Controllers/javascriptController.php')
| -rwxr-xr-x | app/Controllers/javascriptController.php | 30 |
1 files changed, 19 insertions, 11 deletions
diff --git a/app/Controllers/javascriptController.php b/app/Controllers/javascriptController.php index 3d741e298..00a7b5c38 100755 --- a/app/Controllers/javascriptController.php +++ b/app/Controllers/javascriptController.php @@ -1,14 +1,14 @@ <?php class FreshRSS_javascript_Controller extends Minz_ActionController { - public function firstAction () { - $this->view->_useLayout (false); + public function firstAction() { + $this->view->_useLayout(false); } - public function actualizeAction () { - header('Content-Type: text/javascript; charset=UTF-8'); - $feedDAO = new FreshRSS_FeedDAO (); - $this->view->feeds = $feedDAO->listFeedsOrderUpdate(); + public function actualizeAction() { + header('Content-Type: application/json; charset=UTF-8'); + $feedDAO = FreshRSS_Factory::createFeedDao(); + $this->view->feeds = $feedDAO->listFeedsOrderUpdate(FreshRSS_Context::$user_conf->ttl_default); } public function nbUnreadsPerFeedAction() { @@ -28,19 +28,27 @@ class FreshRSS_javascript_Controller extends Minz_ActionController { $user = isset($_GET['user']) ? $_GET['user'] : ''; if (ctype_alnum($user)) { try { - $conf = new FreshRSS_Configuration($user); + $salt = FreshRSS_Context::$system_conf->salt; + $conf = get_user_configuration($user); $s = $conf->passwordHash; if (strlen($s) >= 60) { $this->view->salt1 = substr($s, 0, 29); //CRYPT_BLOWFISH Salt: "$2a$", a two digit cost parameter, "$", and 22 characters from the alphabet "./0-9A-Za-z". - $this->view->nonce = sha1(Minz_Configuration::salt() . uniqid(mt_rand(), true)); + $this->view->nonce = sha1($salt . uniqid(mt_rand(), true)); Minz_Session::_param('nonce', $this->view->nonce); return; //Success } } catch (Minz_Exception $me) { - Minz_Log::record('Nonce failure: ' . $me->getMessage(), Minz_Log::WARNING); + Minz_Log::warning('Nonce failure: ' . $me->getMessage()); } + } else { + Minz_Log::notice('Nonce failure due to invalid username!'); + } + //Failure: Return random data. + $this->view->salt1 = sprintf('$2a$%02d$', FreshRSS_user_Controller::BCRYPT_COST); + $alphabet = './ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789'; + for ($i = 22; $i > 0; $i--) { + $this->view->salt1 .= $alphabet[rand(0, 63)]; } - $this->view->nonce = ''; //Failure - $this->view->salt1 = ''; + $this->view->nonce = sha1(rand()); } } |