From b7fdfbb89421322e0ec15beb10f4260f33afd31e Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Tue, 9 Mar 2021 08:41:47 +0100
Subject: SimplePie prevent cache pollution (#3502)

* SimplePie prevent cache polution
#fix https://github.com/FreshRSS/FreshRSS/pull/3367#issuecomment-766250249
#fix https://github.com/FreshRSS/FreshRSS/pull/3494#issuecomment-790113663

* Fix bug

* Minor improvement

* Update cache filename in FreshRSS (1/2)

* cacheFilename temp

* New SimplePie get_cache_filename()

* Fix typos

* Update lib/SimplePie/SimplePie.php

Typo

* Include user-agent and timeout

* fix array_merge

* Declaration

* force_feed was lost in a commit
---
 app/Models/Feed.php         |  4 +++-
 lib/SimplePie/SimplePie.php | 35 +++++++++++++++++++++++++++++++++--
 lib/lib_rss.php             |  1 +
 3 files changed, 37 insertions(+), 3 deletions(-)

diff --git a/app/Models/Feed.php b/app/Models/Feed.php
index 7f52ba52f..af9c54719 100644
--- a/app/Models/Feed.php
+++ b/app/Models/Feed.php
@@ -497,7 +497,9 @@ class FreshRSS_Feed extends Minz_Model {
 	}
 
 	protected function cacheFilename() {
-		return CACHE_PATH . '/' . md5($this->url) . '.spc';
+		$simplePie = customSimplePie($this->attributes());
+		$filename = $simplePie->get_cache_filename($this->url);
+		return CACHE_PATH . '/' . $filename . '.spc';
 	}
 
 	public function clearCache() {
diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php
index c5bcbb469..6a542e2c5 100644
--- a/lib/SimplePie/SimplePie.php
+++ b/lib/SimplePie/SimplePie.php
@@ -920,6 +920,37 @@ class SimplePie
 		$this->cache_location = (string) $location;
 	}
 
+	/**
+	 * Return the filename (i.e. hash, without path and without extension) of the file to cache a given URL.
+	 */
+	public function get_cache_filename($url)
+	{
+		// Append custom parameters to the URL to avoid cache pollution in case of multiple calls with different parameters.
+		$url .= $this->force_feed ? '#force_feed' : '';
+		$options = array();
+		if ($this->timeout != 10)
+		{
+			$options[CURLOPT_TIMEOUT] = $this->timeout;
+		}
+		if ($this->useragent !== SIMPLEPIE_USERAGENT)
+		{
+			$options[CURLOPT_USERAGENT] = $this->useragent;
+		}
+		if (!empty($this->curl_options))
+		{
+			foreach ($this->curl_options as $k => $v)
+			{
+				$options[$k] = $v;
+			}
+		}
+		if (!empty($options))
+		{
+			ksort($options);
+			$url .= '#' . urlencode(var_export($options, true));
+		}
+		return call_user_func($this->cache_name_function, $url);
+	}
+
 	/**
 	 * Set whether feed items should be sorted into reverse chronological order
 	 *
@@ -1429,8 +1460,8 @@ class SimplePie
 			// Decide whether to enable caching
 			if ($this->cache && $parsed_feed_url['scheme'] !== '')
 			{
-				$url = $this->feed_url . ($this->force_feed ? '#force_feed' : '');
-				$cache = $this->registry->call('Cache', 'get_handler', array($this->cache_location, call_user_func($this->cache_name_function, $url), 'spc'));
+				$filename = $this->get_cache_filename($this->feed_url);
+				$cache = $this->registry->call('Cache', 'get_handler', array($this->cache_location, $filename, 'spc'));
 			}
 
 			// Fetch the data via SimplePie_File into $this->raw_data
diff --git a/lib/lib_rss.php b/lib/lib_rss.php
index 13fce3d8c..0181d30de 100644
--- a/lib/lib_rss.php
+++ b/lib/lib_rss.php
@@ -173,6 +173,7 @@ function customSimplePie($attributes = array()) {
 	$simplePie = new SimplePie();
 	$simplePie->set_useragent(FRESHRSS_USERAGENT);
 	$simplePie->set_syslog(FreshRSS_Context::$system_conf->simplepie_syslog_enabled);
+	$simplePie->set_cache_name_function('sha1');
 	$simplePie->set_cache_location(CACHE_PATH);
 	$simplePie->set_cache_duration($limits['cache_duration']);
 
-- 
cgit v1.2.3