summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/Favicon/DataAccess.php2
-rw-r--r--lib/Minz/Log.php6
-rw-r--r--lib/Minz/ModelPdo.php101
-rw-r--r--lib/Minz/Url.php2
-rw-r--r--lib/SimplePie/SimplePie/Content/Type/Sniffer.php15
-rw-r--r--lib/favicons.php40
-rw-r--r--lib/lib_install.php115
-rw-r--r--lib/lib_rss.php21
8 files changed, 252 insertions, 50 deletions
diff --git a/lib/Favicon/DataAccess.php b/lib/Favicon/DataAccess.php
index 17f26b333..ae7509881 100644
--- a/lib/Favicon/DataAccess.php
+++ b/lib/Favicon/DataAccess.php
@@ -16,7 +16,7 @@ class DataAccess {
public function retrieveHeader($url) {
$this->set_context();
$headers = @get_headers($url, 1);
- return array_change_key_case($headers);
+ return $headers ? array_change_key_case($headers) : array();
}
public function saveCache($file, $data) {
diff --git a/lib/Minz/Log.php b/lib/Minz/Log.php
index 2a9e10993..9559a0bd4 100644
--- a/lib/Minz/Log.php
+++ b/lib/Minz/Log.php
@@ -42,7 +42,11 @@ class Minz_Log {
|| ($env === 'production'
&& ($level >= Minz_Log::NOTICE)))) {
if ($file_name === null) {
- $file_name = join_path(USERS_PATH, Minz_Session::param('currentUser', '_'), 'log.txt');
+ $username = Minz_Session::param('currentUser', '');
+ if ($username == '') {
+ $username = '_';
+ }
+ $file_name = join_path(USERS_PATH, $username, 'log.txt');
}
switch ($level) {
diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php
index 845aecaae..6e8d60bc9 100644
--- a/lib/Minz/ModelPdo.php
+++ b/lib/Minz/ModelPdo.php
@@ -36,55 +36,61 @@ class Minz_ModelPdo {
* HOST, BASE, USER et PASS définies dans le fichier de configuration
*/
public function __construct($currentUser = null) {
- if (self::$useSharedBd && self::$sharedBd != null && $currentUser === null) {
+ if ($currentUser === null) {
+ $currentUser = Minz_Session::param('currentUser');
+ }
+ if (self::$useSharedBd && self::$sharedBd != null &&
+ ($currentUser == null || $currentUser === self::$sharedCurrentUser)) {
$this->bd = self::$sharedBd;
$this->prefix = self::$sharedPrefix;
$this->current_user = self::$sharedCurrentUser;
return;
}
+ $this->current_user = $currentUser;
+ self::$sharedCurrentUser = $currentUser;
$conf = Minz_Configuration::get('system');
$db = $conf->db;
- if ($currentUser === null) {
- $currentUser = Minz_Session::param('currentUser', '_');
- }
- $this->current_user = $currentUser;
- self::$sharedCurrentUser = $currentUser;
-
$driver_options = isset($conf->db['pdo_options']) && is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array();
+ $dbServer = parse_url('db://' . $db['host']);
try {
- $type = $db['type'];
- if ($type === 'mysql') {
- $string = 'mysql:host=' . $db['host']
- . ';dbname=' . $db['base']
- . ';charset=utf8mb4';
- $driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8mb4';
- $this->prefix = $db['prefix'] . $currentUser . '_';
- } elseif ($type === 'sqlite') {
- $string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite');
- //$driver_options[PDO::ATTR_ERRMODE] = PDO::ERRMODE_EXCEPTION;
- $this->prefix = '';
- } else {
- throw new Minz_PDOConnectionException(
- 'Invalid database type!',
- $db['user'], Minz_Exception::ERROR
- );
- }
- self::$sharedDbType = $type;
- self::$sharedPrefix = $this->prefix;
-
- $this->bd = new MinzPDO(
- $string,
- $db['user'],
- $db['password'],
- $driver_options
- );
- if ($type === 'sqlite') {
- $this->bd->exec('PRAGMA foreign_keys = ON;');
+ switch ($db['type']) {
+ case 'mysql':
+ $string = 'mysql:host=' . $dbServer['host'] . ';dbname=' . $db['base'] . ';charset=utf8mb4';
+ if (!empty($dbServer['port'])) {
+ $string .= ';port=' . $dbServer['port'];
+ }
+ $driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8mb4';
+ $this->prefix = $db['prefix'] . $currentUser . '_';
+ $this->bd = new MinzPDOMySql($string, $db['user'], $db['password'], $driver_options);
+ break;
+ case 'sqlite':
+ $string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite');
+ $this->prefix = '';
+ $this->bd = new MinzPDOMSQLite($string, $db['user'], $db['password'], $driver_options);
+ $this->bd->exec('PRAGMA foreign_keys = ON;');
+ break;
+ case 'pgsql':
+ $string = 'pgsql:host=' . $dbServer['host'] . ';dbname=' . $db['base'];
+ if (!empty($dbServer['port'])) {
+ $string .= ';port=' . $dbServer['port'];
+ }
+ $this->prefix = $db['prefix'] . $currentUser . '_';
+ $this->bd = new MinzPDOPGSQL($string, $db['user'], $db['password'], $driver_options);
+ $this->bd->exec("SET NAMES 'UTF8';");
+ break;
+ default:
+ throw new Minz_PDOConnectionException(
+ 'Invalid database type!',
+ $db['user'], Minz_Exception::ERROR
+ );
+ break;
}
self::$sharedBd = $this->bd;
+ self::$sharedDbType = $db['type'];
+ self::$sharedPrefix = $this->prefix;
} catch (Exception $e) {
throw new Minz_PDOConnectionException(
$string,
@@ -119,18 +125,43 @@ class MinzPDO extends PDO {
}
}
+ protected function compatibility($statement) {
+ return $statement;
+ }
+
public function prepare($statement, $driver_options = array()) {
MinzPDO::check($statement);
+ $statement = $this->compatibility($statement);
return parent::prepare($statement, $driver_options);
}
public function exec($statement) {
MinzPDO::check($statement);
+ $statement = $this->compatibility($statement);
return parent::exec($statement);
}
public function query($statement) {
MinzPDO::check($statement);
+ $statement = $this->compatibility($statement);
return parent::query($statement);
}
}
+
+class MinzPDOMySql extends MinzPDO {
+ public function lastInsertId($name = null) {
+ return parent::lastInsertId(); //We discard the name, only used by PostgreSQL
+ }
+}
+
+class MinzPDOMSQLite extends MinzPDO {
+ public function lastInsertId($name = null) {
+ return parent::lastInsertId(); //We discard the name, only used by PostgreSQL
+ }
+}
+
+class MinzPDOPGSQL extends MinzPDO {
+ protected function compatibility($statement) {
+ return str_replace(array('`', ' LIKE '), array('"', ' ILIKE '), $statement);
+ }
+}
diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php
index c7c67123e..99c0443c1 100644
--- a/lib/Minz/Url.php
+++ b/lib/Minz/Url.php
@@ -78,6 +78,8 @@ class Minz_Url {
}
if (isset($url['params'])) {
+ unset($url['params']['c']);
+ unset($url['params']['a']);
foreach ($url['params'] as $key => $param) {
$uri .= $separator . urlencode($key) . '=' . urlencode($param);
$separator = $and;
diff --git a/lib/SimplePie/SimplePie/Content/Type/Sniffer.php b/lib/SimplePie/SimplePie/Content/Type/Sniffer.php
index a32f47f59..ec0bf0952 100644
--- a/lib/SimplePie/SimplePie/Content/Type/Sniffer.php
+++ b/lib/SimplePie/SimplePie/Content/Type/Sniffer.php
@@ -109,9 +109,7 @@ class SimplePie_Content_Type_Sniffer
{
return $this->unknown();
}
- elseif (substr($official, -4) === '+xml'
- || $official === 'text/xml'
- || $official === 'application/xml')
+ elseif (substr($official, -4) === '+xml')
{
return $official;
}
@@ -126,7 +124,9 @@ class SimplePie_Content_Type_Sniffer
return $official;
}
}
- elseif ($official === 'text/html')
+ elseif ($official === 'text/html'
+ || $official === 'text/xml'
+ || $official === 'application/xml')
{
return $this->feed_or_html();
}
@@ -256,7 +256,12 @@ class SimplePie_Content_Type_Sniffer
public function feed_or_html()
{
$len = strlen($this->file->body);
- $pos = strspn($this->file->body, "\x09\x0A\x0D\x20");
+ $pos = 0;
+ if (isset($this->file->body[2]) && $this->file->body[0] === "\xEF" &&
+ $this->file->body[1] === "\xBB" && $this->file->body[2] === "\xBF") {
+ $pos += 3; //UTF-8 BOM
+ }
+ $pos += strspn($this->file->body, "\x09\x0A\x0D\x20", $pos);
while ($pos < $len)
{
diff --git a/lib/favicons.php b/lib/favicons.php
new file mode 100644
index 000000000..6709f6745
--- /dev/null
+++ b/lib/favicons.php
@@ -0,0 +1,40 @@
+<?php
+
+include(LIB_PATH . '/Favicon/Favicon.php');
+include(LIB_PATH . '/Favicon/DataAccess.php');
+
+$favicons_dir = DATA_PATH . '/favicons/';
+$default_favicon = PUBLIC_PATH . '/themes/icons/default_favicon.ico';
+
+function download_favicon($website, $dest) {
+ global $favicons_dir, $default_favicon;
+
+ syslog(LOG_DEBUG, 'FreshRSS Favicon discovery GET ' . $website);
+ $favicon_getter = new \Favicon\Favicon();
+ $favicon_getter->setCacheDir($favicons_dir);
+ $favicon_url = $favicon_getter->get($website);
+
+ if ($favicon_url === false) {
+ return @copy($default_favicon, $dest);
+ }
+
+ syslog(LOG_DEBUG, 'FreshRSS Favicon GET ' . $favicon_url);
+ $c = curl_init($favicon_url);
+ curl_setopt($c, CURLOPT_HEADER, false);
+ curl_setopt($c, CURLOPT_RETURNTRANSFER, true);
+ curl_setopt($c, CURLOPT_BINARYTRANSFER, true);
+ $img_raw = curl_exec($c);
+ $status_code = curl_getinfo($c, CURLINFO_HTTP_CODE);
+ curl_close($c);
+
+ if ($status_code === 200) {
+ $file = fopen($dest, 'w');
+ if ($file !== false) {
+ fwrite($file, $img_raw);
+ fclose($file);
+ return true;
+ }
+ }
+
+ return false;
+}
diff --git a/lib/lib_install.php b/lib/lib_install.php
new file mode 100644
index 000000000..0e7b7f036
--- /dev/null
+++ b/lib/lib_install.php
@@ -0,0 +1,115 @@
+<?php
+
+define('BCRYPT_COST', 9);
+
+Minz_Configuration::register('default_system', join_path(DATA_PATH, 'config.default.php'));
+Minz_Configuration::register('default_user', join_path(USERS_PATH, '_', 'config.default.php'));
+
+function checkRequirements() {
+ $php = version_compare(PHP_VERSION, '5.3.3') >= 0;
+ $minz = file_exists(join_path(LIB_PATH, 'Minz'));
+ $curl = extension_loaded('curl');
+ $pdo_mysql = extension_loaded('pdo_mysql');
+ $pdo_sqlite = extension_loaded('pdo_sqlite');
+ $pdo_pgsql = extension_loaded('pdo_pgsql');
+ $pdo = $pdo_mysql || $pdo_sqlite || $pdo_pgsql;
+ $pcre = extension_loaded('pcre');
+ $ctype = extension_loaded('ctype');
+ $dom = class_exists('DOMDocument');
+ $xml = function_exists('xml_parser_create');
+ $json = function_exists('json_encode');
+ $data = DATA_PATH && is_writable(DATA_PATH);
+ $cache = CACHE_PATH && is_writable(CACHE_PATH);
+ $users = USERS_PATH && is_writable(USERS_PATH);
+ $favicons = is_writable(join_path(DATA_PATH, 'favicons'));
+ $http_referer = is_referer_from_same_domain();
+
+ return array(
+ 'php' => $php ? 'ok' : 'ko',
+ 'minz' => $minz ? 'ok' : 'ko',
+ 'curl' => $curl ? 'ok' : 'ko',
+ 'pdo-mysql' => $pdo_mysql ? 'ok' : 'ko',
+ 'pdo-sqlite' => $pdo_sqlite ? 'ok' : 'ko',
+ 'pdo-pgsql' => $pdo_pgsql ? 'ok' : 'ko',
+ 'pdo' => $pdo ? 'ok' : 'ko',
+ 'pcre' => $pcre ? 'ok' : 'ko',
+ 'ctype' => $ctype ? 'ok' : 'ko',
+ 'dom' => $dom ? 'ok' : 'ko',
+ 'xml' => $xml ? 'ok' : 'ko',
+ 'json' => $json ? 'ok' : 'ko',
+ 'data' => $data ? 'ok' : 'ko',
+ 'cache' => $cache ? 'ok' : 'ko',
+ 'users' => $users ? 'ok' : 'ko',
+ 'favicons' => $favicons ? 'ok' : 'ko',
+ 'http_referer' => $http_referer ? 'ok' : 'ko',
+ 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $xml &&
+ $data && $cache && $users && $favicons && $http_referer ?
+ 'ok' : 'ko'
+ );
+}
+
+function generateSalt() {
+ return sha1(uniqid(mt_rand(), true).implode('', stat(__FILE__)));
+}
+
+function checkDb(&$dbOptions) {
+ $dsn = '';
+ try {
+ $driver_options = null;
+ switch ($dbOptions['type']) {
+ case 'mysql':
+ include_once(APP_PATH . '/SQL/install.sql.mysql.php');
+ $driver_options = array(
+ PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'
+ );
+ try { // on ouvre une connexion juste pour créer la base si elle n'existe pas
+ $dsn = 'mysql:host=' . $dbOptions['host'] . ';';
+ $c = new PDO($dsn, $dbOptions['user'], $dbOptions['password'], $driver_options);
+ $sql = sprintf(SQL_CREATE_DB, $dbOptions['base']);
+ $res = $c->query($sql);
+ } catch (PDOException $e) {
+ syslog(LOG_DEBUG, 'FreshRSS MySQL warning: ' . $e->getMessage());
+ }
+ // on écrase la précédente connexion en sélectionnant la nouvelle BDD
+ $dsn = 'mysql:host=' . $dbOptions['host'] . ';dbname=' . $dbOptions['base'];
+ break;
+ case 'sqlite':
+ include_once(APP_PATH . '/SQL/install.sql.sqlite.php');
+ $dsn = 'sqlite:' . join_path(USERS_PATH, $dbOptions['default_user'], 'db.sqlite');
+ $driver_options = array(
+ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+ );
+ break;
+ case 'pgsql':
+ include_once(APP_PATH . '/SQL/install.sql.pgsql.php');
+ $driver_options = array(
+ PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
+ );
+ try { // on ouvre une connexion juste pour créer la base si elle n'existe pas
+ $dsn = 'pgsql:host=' . $dbOptions['host'] . ';dbname=postgres';
+ $c = new PDO($dsn, $dbOptions['user'], $dbOptions['password'], $driver_options);
+ $sql = sprintf(SQL_CREATE_DB, $dbOptions['base']);
+ $res = $c->query($sql);
+ } catch (PDOException $e) {
+ syslog(LOG_DEBUG, 'FreshRSS PostgreSQL warning: ' . $e->getMessage());
+ }
+ // on écrase la précédente connexion en sélectionnant la nouvelle BDD
+ $dsn = 'pgsql:host=' . $dbOptions['host'] . ';dbname=' . $dbOptions['base'];
+ break;
+ default:
+ return false;
+ }
+ } catch (PDOException $e) {
+ $dsn = '';
+ $dbOptions['error'] = $e->getMessage();
+ }
+ $dbOptions['dsn'] = $dsn;
+ $dbOptions['options'] = $driver_options;
+ return $dsn != '';
+}
+
+function deleteInstall() {
+ $path = join_path(DATA_PATH, 'do-install.txt');
+ @unlink($path);
+ return !file_exists($path);
+}
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 82ddced2c..143b55bee 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -83,6 +83,9 @@ function checkUrl($url) {
}
}
+function safe_ascii($text) {
+ return filter_var($text, FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
+}
/**
* Test if a given server address is publicly accessible.
@@ -165,7 +168,7 @@ function customSimplePie() {
$system_conf = Minz_Configuration::get('system');
$limits = $system_conf->limits;
$simplePie = new SimplePie();
- $simplePie->set_useragent(_t('gen.freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
+ $simplePie->set_useragent('FreshRSS/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION);
$simplePie->set_syslog($system_conf->simplepie_syslog_enabled);
$simplePie->set_cache_location(CACHE_PATH);
$simplePie->set_cache_duration($limits['cache_duration']);
@@ -182,10 +185,9 @@ function customSimplePie() {
'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur',
'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'sizes', 'srcset')));
$simplePie->add_attributes(array(
- 'img' => array('lazyload' => '', 'postpone' => ''), //http://www.w3.org/TR/resource-priorities/
- 'audio' => array('lazyload' => '', 'postpone' => '', 'preload' => 'none'),
- 'iframe' => array('lazyload' => '', 'postpone' => '', 'sandbox' => 'allow-scripts allow-same-origin'),
- 'video' => array('lazyload' => '', 'postpone' => '', 'preload' => 'none'),
+ 'audio' => array('preload' => 'none'),
+ 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'),
+ 'video' => array('preload' => 'none'),
));
$simplePie->set_url_replacements(array(
'a' => 'href',
@@ -280,9 +282,12 @@ function uSecString() {
return str_pad($t['usec'], 6, '0');
}
-function invalidateHttpCache() {
- Minz_Session::_param('touch', uTimeString());
- return touch(join_path(DATA_PATH, 'users', Minz_Session::param('currentUser', '_'), 'log.txt'));
+function invalidateHttpCache($username = '') {
+ if (($username == '') || (!ctype_alnum($username))) {
+ Minz_Session::_param('touch', uTimeString());
+ $username = Minz_Session::param('currentUser', '_');
+ }
+ return touch(join_path(DATA_PATH, 'users', $username, 'log.txt'));
}
function listUsers() {
generated by cgit v1.2.3 (git 2.39.1) at 2026-02-10 12:13:37 +0000