From eceb7756cfcf117c2a18984291181a84697ed3cd Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sun, 10 Aug 2014 20:29:43 +0200 Subject: Add possibility to keep logged in with form Add an option to keep logged in. Change lifetime of session cookie to 1 year. See https://github.com/marienfressinaud/FreshRSS/issues/465 --- app/Controllers/indexController.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 3119073b8..18b99d0df 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -298,6 +298,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { public function formLoginAction () { if (Minz_Request::isPost()) { $ok = false; + $keep_logged_in = Minz_Request::param('keep_logged_in', false); $nonce = Minz_Session::param('nonce'); $username = Minz_Request::param('username', ''); $c = Minz_Request::param('challenge', ''); @@ -312,6 +313,11 @@ class FreshRSS_index_Controller extends Minz_ActionController { if ($ok) { Minz_Session::_param('currentUser', $username); Minz_Session::_param('passwordHash', $s); + if ($keep_logged_in) { + // New cookie with a lifetime of 1 year! + Minz_Session::keepCookie(31536000); + Minz_Session::regenerateID(); + } } else { Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING); } @@ -371,6 +377,9 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Session::_param('currentUser'); Minz_Session::_param('mail'); Minz_Session::_param('passwordHash'); + Minz_Session::keepCookie(0); + Minz_Session::regenerateID(); + Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); } } -- cgit v1.2.3 From 93a77f84d45ee4eccda7c837dc08f17360f3de0f Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sun, 10 Aug 2014 21:08:10 +0200 Subject: Change cookie lifetime to 1 month. See https://github.com/marienfressinaud/FreshRSS/issues/465 --- app/Controllers/indexController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 18b99d0df..b907c8eed 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -314,8 +314,8 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Session::_param('currentUser', $username); Minz_Session::_param('passwordHash', $s); if ($keep_logged_in) { - // New cookie with a lifetime of 1 year! - Minz_Session::keepCookie(31536000); + // New cookie with a lifetime of 1 month. + Minz_Session::keepCookie(2592000); Minz_Session::regenerateID(); } } else { -- cgit v1.2.3 From 94570aaf5a23dfc02bf1120d168ec30c2ab3f044 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 11 Aug 2014 19:02:27 +0200 Subject: Improve system import/export Miss checking presence of zip extension during import See https://github.com/marienfressinaud/FreshRSS/issues/494 --- app/Controllers/importExportController.php | 10 +++++++++- app/i18n/en.php | 2 ++ app/i18n/fr.php | 2 ++ app/views/importExport/index.phtml | 4 +++- 4 files changed, 16 insertions(+), 2 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 2b3353d93..dd6c23322 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -39,7 +39,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { // We try to list all files according to their type // A zip file is first opened and then its files are listed $list = array(); - if ($type_file === 'zip') { + if ($type_file === 'zip' && extension_loaded('zip')) { $zip = zip_open($file['tmp_name']); while (($zipfile = zip_read($zip)) !== false) { @@ -56,6 +56,14 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } zip_close($zip); + } elseif ($type_file === 'zip') { + // Zip extension is not loaded + Minz_Session::_param('notification', array( + 'type' => 'bad', + 'content' => _t('no_zip_extension') + )); + + Minz_Request::forward(array('c' => 'importExport'), true); } elseif ($type_file !== 'unknown') { $list_files[$type_file][] = file_get_contents( $file['tmp_name'] diff --git a/app/i18n/en.php b/app/i18n/en.php index 748d9a81b..0c87f52be 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -182,7 +182,9 @@ return array ( 'focus_search' => 'Access search box', 'file_to_import' => 'File to import
(OPML, Json or Zip)', + 'file_to_import_no_zip' => 'File to import
(OPML or Json)', 'import' => 'Import', + 'no_zip_extension' => 'Zip extension is not present on your server.', 'export' => 'Export', 'export_opml' => 'Export list of feeds (OPML)', 'export_starred' => 'Export your favourites', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index ba8c8686a..57ddebc20 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -182,7 +182,9 @@ return array ( 'focus_search' => 'Accéder à la recherche', 'file_to_import' => 'Fichier à importer
(OPML, Json ou Zip)', + 'file_to_import_no_zip' => 'Fichier à importer
(OPML ou Json)', 'import' => 'Importer', + 'no_zip_extension' => 'L’extension Zip n’est pas présente sur votre serveur.', 'export' => 'Exporter', 'export_opml' => 'Exporter la liste des flux (OPML)', 'export_starred' => 'Exporter les favoris', diff --git a/app/views/importExport/index.phtml b/app/views/importExport/index.phtml index e1458e916..35371faca 100644 --- a/app/views/importExport/index.phtml +++ b/app/views/importExport/index.phtml @@ -6,7 +6,9 @@
- +
-- cgit v1.2.3 From 8ffd59f34ac458827f2a0217e4630caf69705853 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Mon, 11 Aug 2014 19:18:12 +0200 Subject: Improve import system Catch errors of zip_open and log it. A notification is shown to indicate something went wrong. See https://github.com/marienfressinaud/FreshRSS/issues/494 --- app/Controllers/importExportController.php | 14 ++++++++++++++ app/i18n/en.php | 1 + app/i18n/fr.php | 1 + 3 files changed, 16 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index dd6c23322..15871ed80 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -42,6 +42,20 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { if ($type_file === 'zip' && extension_loaded('zip')) { $zip = zip_open($file['tmp_name']); + if (!is_resource($zip)) { + Minz_Log::error( + 'Zip file cannot be imported. Error code: ' . $zip + ); + + // zip_open cannot open file: something is wrong + Minz_Session::_param('notification', array( + 'type' => 'bad', + 'content' => _t('zip_error') + )); + + Minz_Request::forward(array('c' => 'importExport'), true); + } + while (($zipfile = zip_read($zip)) !== false) { $type_zipfile = $this->guessFileType( zip_entry_name($zipfile) diff --git a/app/i18n/en.php b/app/i18n/en.php index 0c87f52be..416ca851f 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -184,6 +184,7 @@ return array ( 'file_to_import' => 'File to import
(OPML, Json or Zip)', 'file_to_import_no_zip' => 'File to import
(OPML or Json)', 'import' => 'Import', + 'zip_error' => 'An error occured during Zip import.', 'no_zip_extension' => 'Zip extension is not present on your server.', 'export' => 'Export', 'export_opml' => 'Export list of feeds (OPML)', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index 57ddebc20..d68006a87 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -184,6 +184,7 @@ return array ( 'file_to_import' => 'Fichier à importer
(OPML, Json ou Zip)', 'file_to_import_no_zip' => 'Fichier à importer
(OPML ou Json)', 'import' => 'Importer', + 'zip_error' => 'Une erreur est survenue durant l’import du fichier Zip.', 'no_zip_extension' => 'L’extension Zip n’est pas présente sur votre serveur.', 'export' => 'Exporter', 'export_opml' => 'Exporter la liste des flux (OPML)', -- cgit v1.2.3 From 1b20f6bd025a08a7a741b2751d837f736758eb2d Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 12 Aug 2014 20:59:27 +0200 Subject: New wrappers Minz_Request::good() and bad() 1. Set a notification message in session variable 2. Redirect to a specific url First use in importExportController.php See https://github.com/marienfressinaud/FreshRSS/conversations/576 --- app/Controllers/importExportController.php | 57 ++++++------------------------ lib/Minz/Request.php | 25 +++++++++++++ 2 files changed, 35 insertions(+), 47 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 15871ed80..92b39b575 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -43,17 +43,9 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $zip = zip_open($file['tmp_name']); if (!is_resource($zip)) { - Minz_Log::error( - 'Zip file cannot be imported. Error code: ' . $zip - ); - // zip_open cannot open file: something is wrong - Minz_Session::_param('notification', array( - 'type' => 'bad', - 'content' => _t('zip_error') - )); - - Minz_Request::forward(array('c' => 'importExport'), true); + Minz_Log::error('Zip file cannot be imported. Error code: ' . $zip); + Minz_Request::bad(_t('zip_error'), array('c' => 'importExport')); } while (($zipfile = zip_read($zip)) !== false) { @@ -72,12 +64,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { zip_close($zip); } elseif ($type_file === 'zip') { // Zip extension is not loaded - Minz_Session::_param('notification', array( - 'type' => 'bad', - 'content' => _t('no_zip_extension') - )); - - Minz_Request::forward(array('c' => 'importExport'), true); + Minz_Request::bad(_t('no_zip_extension'), array('c' => 'importExport')); } elseif ($type_file !== 'unknown') { $list_files[$type_file][] = file_get_contents( $file['tmp_name'] @@ -100,35 +87,16 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } // And finally, we get import status and redirect to the home page - $notif = null; - if ($error === true) { - $content_notif = Minz_Translate::t( - 'feeds_imported_with_errors' - ); - } else { - $content_notif = Minz_Translate::t( - 'feeds_imported' - ); - } - - Minz_Session::_param('notification', array( - 'type' => 'good', - 'content' => $content_notif - )); Minz_Session::_param('actualize_feeds', true); - Minz_Request::forward(array( - 'c' => 'index', - 'a' => 'index' - ), true); + $content_notif = $error === true ? _t('feeds_imported_with_errors') : + _t('feeds_imported'); + Minz_Request::good($content_notif); } // What are you doing? you have to call this controller // with a POST request! - Minz_Request::forward(array( - 'c' => 'importExport', - 'a' => 'index' - )); + Minz_Request::forward(array('c' => 'importExport')); } private function guessFileType($filename) { @@ -362,17 +330,12 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $nb_files = count($export_files); if ($nb_files > 1) { - // If there are more than 1 file to export, we need an .zip + // If there are more than 1 file to export, we need a zip archive. try { $this->exportZip($export_files); } catch (Exception $e) { # Oops, there is no Zip extension! - $notif = array( - 'type' => 'bad', - 'content' => _t('export_no_zip_extension') - ); - Minz_Session::_param('notification', $notif); - Minz_Request::forward(array('c' => 'importExport'), true); + Minz_Request::bad(_t('export_no_zip_extension'), array('c' => 'importExport')); } } elseif ($nb_files === 1) { // Only one file? Guess its type and export it. @@ -386,7 +349,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $this->exportFile($filename, $export_files[$filename], $type); } else { - Minz_Request::forward(array('c' => 'importExport'), true); + Minz_Request::forward(array('c' => 'importExport')); } } } diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 755784522..2f745a04c 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -146,6 +146,31 @@ class Minz_Request { } } + + /** + * Wrappers good notifications + redirection + * @param $msg notification content + * @param $url url array to where we should be forwarded + */ + public static function good($msg, $url = array()) { + Minz_Session::_param('notification', array( + 'type' => 'good', + 'content' => $msg + )); + + Minz_Request::forward($url, true); + } + + public static function bad($msg, $url = array()) { + Minz_Session::_param('notification', array( + 'type' => 'bad', + 'content' => $msg + )); + + Minz_Request::forward($url, true); + } + + /** * Permet de récupérer une variable de type $_GET * @param $param nom de la variable -- cgit v1.2.3 From 7900c5e550acafaf0b877635840a8a270eb06078 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 12 Aug 2014 21:56:34 +0200 Subject: Move htmlspecialchars_utf8 from Request to Helper And remove html_chars_utf8 to use htmlspecialchars_utf8 instead in importExportController --- app/Controllers/importExportController.php | 10 +++++----- lib/Minz/Helper.php | 11 +++++++++++ lib/Minz/Request.php | 8 +------- lib/lib_rss.php | 4 ---- 4 files changed, 17 insertions(+), 16 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 92b39b575..a8e2c2bc2 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -166,15 +166,15 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } // We get different useful information - $url = html_chars_utf8($feed_elt['xmlUrl']); - $name = html_chars_utf8($feed_elt['text']); + $url = Minz_Helper::htmlspecialchars_utf8($feed_elt['xmlUrl']); + $name = Minz_Helper::htmlspecialchars_utf8($feed_elt['text']); $website = ''; if (isset($feed_elt['htmlUrl'])) { - $website = html_chars_utf8($feed_elt['htmlUrl']); + $website = Minz_Helper::htmlspecialchars_utf8($feed_elt['htmlUrl']); } $description = ''; if (isset($feed_elt['description'])) { - $description = html_chars_utf8($feed_elt['description']); + $description = Minz_Helper::htmlspecialchars_utf8($feed_elt['description']); } $error = false; @@ -200,7 +200,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { private function addCategoryOpml($cat_elt, $parent_cat) { // Create a new Category object - $cat = new FreshRSS_Category(html_chars_utf8($cat_elt['text'])); + $cat = new FreshRSS_Category(Minz_Helper::htmlspecialchars_utf8($cat_elt['text'])); $id = $this->catDAO->addCategoryObject($cat); $error = ($id === false); diff --git a/lib/Minz/Helper.php b/lib/Minz/Helper.php index b058211d3..13bfdd93e 100644 --- a/lib/Minz/Helper.php +++ b/lib/Minz/Helper.php @@ -19,4 +19,15 @@ class Minz_Helper { return stripslashes($var); } } + + /** + * Wrapper for htmlspecialchars. + * Force UTf-8 value and can be used on array too. + */ + public static function htmlspecialchars_utf8($p) { + if (is_array($p)) { + return array_map('self::htmlspecialchars_utf8', $p); + } + return htmlspecialchars($p, ENT_COMPAT, 'UTF-8'); + } } diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index f3ecaf55c..52f53012f 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -27,19 +27,13 @@ class Minz_Request { public static function params() { return self::$params; } - static function htmlspecialchars_utf8($p) { - if (is_array($p)) { - return array_map('self::htmlspecialchars_utf8', $p); - } - return htmlspecialchars($p, ENT_COMPAT, 'UTF-8'); - } public static function param($key, $default = false, $specialchars = false) { if (isset(self::$params[$key])) { $p = self::$params[$key]; if (is_object($p) || $specialchars) { return $p; } else { - return self::htmlspecialchars_utf8($p); + return Minz_Helper::htmlspecialchars_utf8($p); } } else { return $default; diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 86c0a4ae4..823f53716 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -230,7 +230,3 @@ function cryptAvailable() { } return false; } - -function html_chars_utf8($str) { - return htmlspecialchars($str, ENT_COMPAT, 'UTF-8'); -} -- cgit v1.2.3 From 775ff40780935471dcd74b0d81c04b80e3e4603c Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 12 Aug 2014 22:55:43 +0200 Subject: Improve import system Catch more errors Code refactoring --- app/Controllers/importExportController.php | 125 ++++++++++++++++------------- app/i18n/en.php | 1 + app/i18n/fr.php | 1 + 3 files changed, 70 insertions(+), 57 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index a8e2c2bc2..c7f47fc13 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -24,35 +24,49 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } public function importAction() { - if (Minz_Request::isPost() && $_FILES['file']['error'] == 0) { - @set_time_limit(300); + if (!Minz_Request::isPost()) { + // What are you doing? you have to call this controller + // with a POST request! + Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); + } - $file = $_FILES['file']; - $type_file = $this->guessFileType($file['name']); + $file = $_FILES['file']; + $status_file = $file['error']; - $list_files = array( - 'opml' => array(), - 'json_starred' => array(), - 'json_feed' => array() - ); + if ($status_file !== 0) { + Minz_Log::error('File cannot be imported. Error code: ' . $status_file); + Minz_Request::bad(_t('file_cannot_be_imported'), + array('c' => 'importExport', 'a' => 'index')); + } - // We try to list all files according to their type - // A zip file is first opened and then its files are listed - $list = array(); - if ($type_file === 'zip' && extension_loaded('zip')) { - $zip = zip_open($file['tmp_name']); + @set_time_limit(300); - if (!is_resource($zip)) { - // zip_open cannot open file: something is wrong - Minz_Log::error('Zip file cannot be imported. Error code: ' . $zip); - Minz_Request::bad(_t('zip_error'), array('c' => 'importExport')); - } + $type_file = $this->guessFileType($file['name']); - while (($zipfile = zip_read($zip)) !== false) { - $type_zipfile = $this->guessFileType( - zip_entry_name($zipfile) - ); + $list_files = array( + 'opml' => array(), + 'json_starred' => array(), + 'json_feed' => array() + ); + // We try to list all files according to their type + // A zip file is first opened and then its files are listed + $list = array(); + if ($type_file === 'zip' && extension_loaded('zip')) { + $zip = zip_open($file['tmp_name']); + + if (!is_resource($zip)) { + // zip_open cannot open file: something is wrong + Minz_Log::error('Zip archive cannot be imported. Error code: ' . $zip); + Minz_Request::bad(_t('zip_error'), array('c' => 'importExport')); + } + + while (($zipfile = zip_read($zip)) !== false) { + if (!is_resource($zipfile)) { + // zip_entry() can also return an error code! + Minz_Log::error('Zip file cannot be imported. Error code: ' . $zipfile); + } else { + $type_zipfile = $this->guessFileType(zip_entry_name($zipfile)); if ($type_file !== 'unknown') { $list_files[$type_zipfile][] = zip_entry_read( $zipfile, @@ -60,43 +74,39 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { ); } } - - zip_close($zip); - } elseif ($type_file === 'zip') { - // Zip extension is not loaded - Minz_Request::bad(_t('no_zip_extension'), array('c' => 'importExport')); - } elseif ($type_file !== 'unknown') { - $list_files[$type_file][] = file_get_contents( - $file['tmp_name'] - ); } - // Import different files. - // OPML first(so categories and feeds are imported) - // Starred articles then so the "favourite" status is already set - // And finally all other files. - $error = false; - foreach ($list_files['opml'] as $opml_file) { - $error = $this->importOpml($opml_file); - } - foreach ($list_files['json_starred'] as $article_file) { - $error = $this->importArticles($article_file, true); - } - foreach ($list_files['json_feed'] as $article_file) { - $error = $this->importArticles($article_file); - } - - // And finally, we get import status and redirect to the home page - Minz_Session::_param('actualize_feeds', true); + zip_close($zip); + } elseif ($type_file === 'zip') { + // Zip extension is not loaded + Minz_Request::bad(_t('no_zip_extension'), array('c' => 'importExport')); + } elseif ($type_file !== 'unknown') { + $list_files[$type_file][] = file_get_contents( + $file['tmp_name'] + ); + } - $content_notif = $error === true ? _t('feeds_imported_with_errors') : - _t('feeds_imported'); - Minz_Request::good($content_notif); + // Import different files. + // OPML first(so categories and feeds are imported) + // Starred articles then so the "favourite" status is already set + // And finally all other files. + $error = false; + foreach ($list_files['opml'] as $opml_file) { + $error = $this->importOpml($opml_file); + } + foreach ($list_files['json_starred'] as $article_file) { + $error = $this->importArticles($article_file, true); } + foreach ($list_files['json_feed'] as $article_file) { + $error = $this->importArticles($article_file); + } + + // And finally, we get import status and redirect to the home page + Minz_Session::_param('actualize_feeds', true); - // What are you doing? you have to call this controller - // with a POST request! - Minz_Request::forward(array('c' => 'importExport')); + $content_notif = $error === true ? _t('feeds_imported_with_errors') : + _t('feeds_imported'); + Minz_Request::good($content_notif); } private function guessFileType($filename) { @@ -335,7 +345,8 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $this->exportZip($export_files); } catch (Exception $e) { # Oops, there is no Zip extension! - Minz_Request::bad(_t('export_no_zip_extension'), array('c' => 'importExport')); + Minz_Request::bad(_t('export_no_zip_extension'), + array('c' => 'importExport', 'a' => 'index')); } } elseif ($nb_files === 1) { // Only one file? Guess its type and export it. @@ -349,7 +360,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $this->exportFile($filename, $export_files[$filename], $type); } else { - Minz_Request::forward(array('c' => 'importExport')); + Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); } } } diff --git a/app/i18n/en.php b/app/i18n/en.php index 416ca851f..f4a15e747 100644 --- a/app/i18n/en.php +++ b/app/i18n/en.php @@ -184,6 +184,7 @@ return array ( 'file_to_import' => 'File to import
(OPML, Json or Zip)', 'file_to_import_no_zip' => 'File to import
(OPML or Json)', 'import' => 'Import', + 'file_cannot_be_uploaded' => 'File cannot be uploaded!', 'zip_error' => 'An error occured during Zip import.', 'no_zip_extension' => 'Zip extension is not present on your server.', 'export' => 'Export', diff --git a/app/i18n/fr.php b/app/i18n/fr.php index d68006a87..4675e17ee 100644 --- a/app/i18n/fr.php +++ b/app/i18n/fr.php @@ -184,6 +184,7 @@ return array ( 'file_to_import' => 'Fichier à importer
(OPML, Json ou Zip)', 'file_to_import_no_zip' => 'Fichier à importer
(OPML ou Json)', 'import' => 'Importer', + 'file_cannot_be_uploaded' => 'Le fichier ne peut pas être téléchargé!', 'zip_error' => 'Une erreur est survenue durant l’import du fichier Zip.', 'no_zip_extension' => 'L’extension Zip n’est pas présente sur votre serveur.', 'export' => 'Exporter', -- cgit v1.2.3 From ee1b8f6f72e8c2cbd3e0ad7b4322a4bb6863c028 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 13 Aug 2014 00:09:48 +0200 Subject: Long term cookie to keep session open Token system https://github.com/marienfressinaud/FreshRSS/issues/465 --- app/Controllers/indexController.php | 41 +++++++++++++++++++++++++++++-------- app/FreshRSS.php | 28 ++++++++++++++++++++++--- data/tokens/.gitignore | 1 + data/tokens/index.html | 13 ++++++++++++ lib/Minz/Session.php | 19 ++++++++++++----- 5 files changed, 86 insertions(+), 16 deletions(-) create mode 100644 data/tokens/.gitignore create mode 100644 data/tokens/index.html (limited to 'app/Controllers') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index b907c8eed..dd5b91e47 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -295,10 +295,39 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Session::_param('passwordHash'); } + private static function makeLongTermCookie($username, $passwordHash) { + do { + $token = sha1(Minz_Configuration::salt() . $username . uniqid(mt_rand(), true)); + $tokenFile = DATA_PATH . '/tokens/' . $token . '.txt'; + } while (file_exists($tokenFile)); + if (@file_put_contents($tokenFile, $username . "\t" . $passwordHash) === false) { + return false; + } + $expire = time() + 2629744; //1 month //TODO: Use a configuration instead + Minz_Session::setLongTermCookie('FreshRSS_login', $token, $expire); + Minz_Session::_param('token', $token); + return $token; + } + + private static function deleteLongTermCookie() { + Minz_Session::deleteLongTermCookie('FreshRSS_login'); + $token = Minz_Session::param('token', null); + if (ctype_alnum($token)) { + @unlink(DATA_PATH . '/tokens/' . $token . '.txt'); + } + Minz_Session::_param('token'); + if (rand(0, 10) === 1) { + self::purgeTokens(); + } + } + + private static function purgeTokens() { + //TODO: Delete old token files + } + public function formLoginAction () { if (Minz_Request::isPost()) { $ok = false; - $keep_logged_in = Minz_Request::param('keep_logged_in', false); $nonce = Minz_Session::param('nonce'); $username = Minz_Request::param('username', ''); $c = Minz_Request::param('challenge', ''); @@ -313,10 +342,8 @@ class FreshRSS_index_Controller extends Minz_ActionController { if ($ok) { Minz_Session::_param('currentUser', $username); Minz_Session::_param('passwordHash', $s); - if ($keep_logged_in) { - // New cookie with a lifetime of 1 month. - Minz_Session::keepCookie(2592000); - Minz_Session::regenerateID(); + if (Minz_Request::param('keep_logged_in', false)) { + self::makeLongTermCookie($username, $s); } } else { Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING); @@ -377,9 +404,7 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Session::_param('currentUser'); Minz_Session::_param('mail'); Minz_Session::_param('passwordHash'); - Minz_Session::keepCookie(0); - Minz_Session::regenerateID(); - + self::deleteLongTermCookie(); Minz_Request::forward(array('c' => 'index', 'a' => 'index'), true); } } diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 7c333b090..30f711e20 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -20,13 +20,35 @@ class FreshRSS extends Minz_FrontController { $this->loadNotifications(); } + private static function getCredentialsFromLongTermCookie() { + $token = Minz_Session::getLongTermCookie('FreshRSS_login'); + if (!ctype_alnum($token)) { + return array(); + } + $tokenFile = DATA_PATH . '/tokens/' . $token . '.txt'; + $mtime = @filemtime($tokenFile); + if ($mtime + 2629744 < time()) { //1 month //TODO: Use a configuration instead + @unlink($tokenFile); + return array(); //Expired or token does not exist + } + $credentials = @file_get_contents($tokenFile); + return $credentials === false ? array() : explode("\t", $credentials, 2); + } + private function accessControl($currentUser) { if ($currentUser == '') { switch (Minz_Configuration::authType()) { case 'form': - $currentUser = Minz_Configuration::defaultUser(); - Minz_Session::_param('passwordHash'); - $loginOk = false; + $credentials = self::getCredentialsFromLongTermCookie(); + if (isset($credentials[1])) { + $currentUser = trim($credentials[0]); + Minz_Session::_param('passwordHash', trim($credentials[1])); + } + $loginOk = $currentUser != ''; + if (!$loginOk) { + $currentUser = Minz_Configuration::defaultUser(); + Minz_Session::_param('passwordHash'); + } break; case 'http_auth': $currentUser = httpAuthUser(); diff --git a/data/tokens/.gitignore b/data/tokens/.gitignore new file mode 100644 index 000000000..2211df63d --- /dev/null +++ b/data/tokens/.gitignore @@ -0,0 +1 @@ +*.txt diff --git a/data/tokens/index.html b/data/tokens/index.html new file mode 100644 index 000000000..85faaa37e --- /dev/null +++ b/data/tokens/index.html @@ -0,0 +1,13 @@ + + + + + +Redirection + + + + +

Redirection

+ + diff --git a/lib/Minz/Session.php b/lib/Minz/Session.php index 906acc03c..af4de75bb 100644 --- a/lib/Minz/Session.php +++ b/lib/Minz/Session.php @@ -65,11 +65,8 @@ class Minz_Session { * @param $l la durée de vie */ public static function keepCookie($l) { - $cookie_dir = dirname( - empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI'] - ) . '/'; - session_set_cookie_params($l, $cookie_dir, $_SERVER['HTTP_HOST'], - false, true); + $cookie_dir = empty($_SERVER['REQUEST_URI']) ? '' : $_SERVER['REQUEST_URI']; + session_set_cookie_params($l, $cookie_dir, '', false, true); } @@ -81,4 +78,16 @@ class Minz_Session { session_regenerate_id(true); } + public static function deleteLongTermCookie($name) { + setcookie($name, '', 1, '', '', false, true); + } + + public static function setLongTermCookie($name, $value, $expire) { + setcookie($name, $value, $expire, '', '', false, true); + } + + public static function getLongTermCookie($name) { + return isset($_COOKIE[$name]) ? $_COOKIE[$name] : null; + } + } -- cgit v1.2.3 From 359ccc8e4c20a60506c680e5054dbe8416fef4a9 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 13 Aug 2014 00:25:52 +0200 Subject: Long term cookie minor change https://github.com/marienfressinaud/FreshRSS/issues/465 --- app/Controllers/indexController.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'app/Controllers') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index dd5b91e47..834db496c 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -344,6 +344,8 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Session::_param('passwordHash', $s); if (Minz_Request::param('keep_logged_in', false)) { self::makeLongTermCookie($username, $s); + } else { + self::deleteLongTermCookie(); } } else { Minz_Log::record('Password mismatch for user ' . $username . ', nonce=' . $nonce . ', c=' . $c, Minz_Log::WARNING); -- cgit v1.2.3 From 5c2f3349fa4341533aad6294c896b32c4befd58f Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 13 Aug 2014 20:09:23 +0200 Subject: Long term cookie: purge old tokens https://github.com/marienfressinaud/FreshRSS/issues/465 --- app/Controllers/indexController.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'app/Controllers') diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index 834db496c..9202f2b85 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -322,7 +322,12 @@ class FreshRSS_index_Controller extends Minz_ActionController { } private static function purgeTokens() { - //TODO: Delete old token files + $oldest = time() - 2629744; //1 month //TODO: Use a configuration instead + foreach (new DirectoryIterator(DATA_PATH . '/tokens/') as $fileInfo) { + if ($fileInfo->getExtension() === 'txt' && $fileInfo->getMTime() < $oldest) { + @unlink($fileInfo->getPathname()); + } + } } public function formLoginAction () { -- cgit v1.2.3 From 0f1133ddfe8e3967470ea50f235e12ad04dc71a7 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sun, 17 Aug 2014 21:03:01 +0200 Subject: Fix some forward() actions See https://github.com/marienfressinaud/FreshRSS/issues/494 --- app/Controllers/importExportController.php | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index c7f47fc13..2f5fcc137 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -34,8 +34,8 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $status_file = $file['error']; if ($status_file !== 0) { - Minz_Log::error('File cannot be imported. Error code: ' . $status_file); - Minz_Request::bad(_t('file_cannot_be_imported'), + Minz_Log::error('File cannot be uploaded. Error code: ' . $status_file); + Minz_Request::bad(_t('file_cannot_be_uploaded'), array('c' => 'importExport', 'a' => 'index')); } @@ -50,7 +50,6 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { ); // We try to list all files according to their type - // A zip file is first opened and then its files are listed $list = array(); if ($type_file === 'zip' && extension_loaded('zip')) { $zip = zip_open($file['tmp_name']); @@ -58,7 +57,8 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { if (!is_resource($zip)) { // zip_open cannot open file: something is wrong Minz_Log::error('Zip archive cannot be imported. Error code: ' . $zip); - Minz_Request::bad(_t('zip_error'), array('c' => 'importExport')); + Minz_Request::bad(_t('zip_error'), + array('c' => 'importExport', 'a' => 'index')); } while (($zipfile = zip_read($zip)) !== false) { @@ -79,14 +79,13 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { zip_close($zip); } elseif ($type_file === 'zip') { // Zip extension is not loaded - Minz_Request::bad(_t('no_zip_extension'), array('c' => 'importExport')); + Minz_Request::bad(_t('no_zip_extension'), + array('c' => 'importExport', 'a' => 'index')); } elseif ($type_file !== 'unknown') { - $list_files[$type_file][] = file_get_contents( - $file['tmp_name'] - ); + $list_files[$type_file][] = file_get_contents($file['tmp_name']); } - // Import different files. + // Import file contents. // OPML first(so categories and feeds are imported) // Starred articles then so the "favourite" status is already set // And finally all other files. @@ -103,7 +102,6 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { // And finally, we get import status and redirect to the home page Minz_Session::_param('actualize_feeds', true); - $content_notif = $error === true ? _t('feeds_imported_with_errors') : _t('feeds_imported'); Minz_Request::good($content_notif); -- cgit v1.2.3 From e3bb80de17c79cf32a2e3a606f216aebf48f92e5 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sun, 17 Aug 2014 22:14:13 +0200 Subject: Refactor import / export source code See https://github.com/marienfressinaud/FreshRSS/issues/494 --- app/Controllers/importExportController.php | 107 ++++++++++++++--------------- 1 file changed, 53 insertions(+), 54 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 2f5fcc137..2197c3af5 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -5,7 +5,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { if (!$this->view->loginOk) { Minz_Error::error( 403, - array('error' => array(Minz_Translate::t('access_denied'))) + array('error' => array(_t('access_denied'))) ); } @@ -20,13 +20,11 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $this->view->categories = $this->catDAO->listCategories(); $this->view->feeds = $this->feedDAO->listFeeds(); - Minz_View::prependTitle(Minz_Translate::t('import_export') . ' · '); + Minz_View::prependTitle(_t('import_export') . ' · '); } public function importAction() { if (!Minz_Request::isPost()) { - // What are you doing? you have to call this controller - // with a POST request! Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); } @@ -309,57 +307,53 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } public function exportAction() { - if (Minz_Request::isPost()) { - $this->view->_useLayout(false); + if (!Minz_Request::isPost()) { + Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); + } - $export_opml = Minz_Request::param('export_opml', false); - $export_starred = Minz_Request::param('export_starred', false); - $export_feeds = Minz_Request::param('export_feeds', array ()); + $this->view->_useLayout(false); - $export_files = array (); - if ($export_opml) { - $export_files['feeds.opml'] = $this->generateOpml(); - } + $export_opml = Minz_Request::param('export_opml', false); + $export_starred = Minz_Request::param('export_starred', false); + $export_feeds = Minz_Request::param('export_feeds', array()); - if ($export_starred) { - $export_files['starred.json'] = $this->generateArticles('starred'); - } + $export_files = array(); + if ($export_opml) { + $export_files['feeds.opml'] = $this->generateOpml(); + } - foreach ($export_feeds as $feed_id) { - $feed = $this->feedDAO->searchById($feed_id); - if ($feed) { - $filename = 'feed_' . $feed->category() . '_' - . $feed->id() . '.json'; - $export_files[$filename] = $this->generateArticles( - 'feed', $feed - ); - } - } + if ($export_starred) { + $export_files['starred.json'] = $this->generateArticles('starred'); + } - $nb_files = count($export_files); - if ($nb_files > 1) { - // If there are more than 1 file to export, we need a zip archive. - try { - $this->exportZip($export_files); - } catch (Exception $e) { - # Oops, there is no Zip extension! - Minz_Request::bad(_t('export_no_zip_extension'), - array('c' => 'importExport', 'a' => 'index')); - } - } elseif ($nb_files === 1) { - // Only one file? Guess its type and export it. - $filename = key($export_files); - $type = null; - if (substr_compare($filename, '.opml', -5) === 0) { - $type = "text/xml"; - } elseif (substr_compare($filename, '.json', -5) === 0) { - $type = "text/json"; - } + foreach ($export_feeds as $feed_id) { + $feed = $this->feedDAO->searchById($feed_id); + if ($feed) { + $filename = 'feed_' . $feed->category() . '_' + . $feed->id() . '.json'; + $export_files[$filename] = $this->generateArticles( + 'feed', $feed + ); + } + } - $this->exportFile($filename, $export_files[$filename], $type); - } else { - Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); + $nb_files = count($export_files); + if ($nb_files > 1) { + // If there are more than 1 file to export, we need a zip archive. + try { + $this->exportZip($export_files); + } catch (Exception $e) { + # Oops, there is no Zip extension! + Minz_Request::bad(_t('export_no_zip_extension'), + array('c' => 'importExport', 'a' => 'index')); } + } elseif ($nb_files === 1) { + // Only one file? Guess its type and export it. + $filename = key($export_files); + $type = $this->guessFileType($filename); + $this->exportFile('freshrss_' . $filename, $export_files[$filename], $type); + } else { + Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); } } @@ -378,7 +372,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $this->view->categories = $this->catDAO->listCategories(); if ($type == 'starred') { - $this->view->list_title = Minz_Translate::t('starred_list'); + $this->view->list_title = _t('starred_list'); $this->view->type = 'starred'; $unread_fav = $this->entryDAO->countUnreadReadFavorites(); $this->view->entries = $this->entryDAO->listWhere( @@ -386,9 +380,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { $unread_fav['all'] ); } elseif ($type == 'feed' && !is_null($feed)) { - $this->view->list_title = Minz_Translate::t( - 'feed_list', $feed->name() - ); + $this->view->list_title = _t('feed_list', $feed->name()); $this->view->type = 'feed/' . $feed->id(); $this->view->entries = $this->entryDAO->listWhere( 'f', $feed->id(), FreshRSS_Entry::STATE_ALL, 'ASC', @@ -424,11 +416,18 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } private function exportFile($filename, $content, $type) { - if (is_null($type)) { + if ($type === 'unknown') { return; } - header('Content-Type: ' . $type . '; charset=utf-8'); + $content_type = ''; + if ($type === 'opml') { + $content_type = "text/opml"; + } elseif ($type === 'json_feed' || $type === 'json_starred') { + $content_type = "text/json"; + } + + header('Content-Type: ' . $content_type . '; charset=utf-8'); header('Content-disposition: attachment; filename=' . $filename); print($content); } -- cgit v1.2.3 From 393fce3e8aaef1b00ab34bf35b7e8b329a5e3dc5 Mon Sep 17 00:00:00 2001 From: Alexis Degrugillier Date: Tue, 19 Aug 2014 08:55:44 -0400 Subject: Add a feed selector in repartition statistics. Before we could choose the feed in the statistics only from the feed options in the main view. Now with the new drop-down list, it is possible to choose it from the statistics page. The rendering needs to be polished to be nicer. --- app/Controllers/statsController.php | 2 ++ app/views/stats/repartition.phtml | 39 +++++++++++++++++++++++++------------ p/scripts/main.js | 7 +++++++ 3 files changed, 36 insertions(+), 12 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/statsController.php b/app/Controllers/statsController.php index 06a20c2a6..934b076a5 100644 --- a/app/Controllers/statsController.php +++ b/app/Controllers/statsController.php @@ -58,9 +58,11 @@ class FreshRSS_stats_Controller extends Minz_ActionController { public function repartitionAction() { $statsDAO = FreshRSS_Factory::createStatsDAO(); + $categoryDAO = new FreshRSS_CategoryDAO(); $feedDAO = FreshRSS_Factory::createFeedDao(); Minz_View::appendScript(Minz_Url::display('/scripts/flotr2.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/flotr2.min.js'))); $id = Minz_Request::param ('id', null); + $this->view->categories = $categoryDAO->listCategories (); $this->view->feed = $feedDAO->searchById($id); $this->view->days = $statsDAO->getDays(); $this->view->months = $statsDAO->getMonths(); diff --git a/app/views/stats/repartition.phtml b/app/views/stats/repartition.phtml index 09892d3c5..3dc319731 100644 --- a/app/views/stats/repartition.phtml +++ b/app/views/stats/repartition.phtml @@ -2,23 +2,38 @@
- + +

+ + + feed) {?> -

- - - feed->name(); ?> - -

- -

+ + + - +

- +

@@ -93,7 +108,7 @@ function initStats() { yaxis: {min: 0}, mouse: {relative: true, track: true, trackDecimals: 0, trackFormatter: function(obj) {return numberFormat(obj.y);}} }); - + } initStats(); diff --git a/p/scripts/main.js b/p/scripts/main.js index ae7b69364..4802e0941 100644 --- a/p/scripts/main.js +++ b/p/scripts/main.js @@ -1063,6 +1063,12 @@ function init_share_observers() { }); } +function init_stats_observers() { + $('#feed_select').on('change', function(e) { + redirect($(this).find(':selected').data('url')); + }); +} + function init_remove_observers() { $('.post').on('click', 'a.remove', function(e) { var remove_what = $(this).attr('data-remove'); @@ -1177,6 +1183,7 @@ function init_all() { init_remove_observers(); init_feed_observers(); init_password_observers(); + init_stats_observers(); } if (window.console) { -- cgit v1.2.3 From ea99ac1259083ff0a9eb6131d777454b54045626 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 19 Aug 2014 21:55:49 +0200 Subject: Syntax 581 #581 --- app/Controllers/statsController.php | 2 +- app/views/stats/repartition.phtml | 10 +++++----- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'app/Controllers') diff --git a/app/Controllers/statsController.php b/app/Controllers/statsController.php index 934b076a5..98f46f0d2 100644 --- a/app/Controllers/statsController.php +++ b/app/Controllers/statsController.php @@ -62,7 +62,7 @@ class FreshRSS_stats_Controller extends Minz_ActionController { $feedDAO = FreshRSS_Factory::createFeedDao(); Minz_View::appendScript(Minz_Url::display('/scripts/flotr2.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/flotr2.min.js'))); $id = Minz_Request::param ('id', null); - $this->view->categories = $categoryDAO->listCategories (); + $this->view->categories = $categoryDAO->listCategories(); $this->view->feed = $feedDAO->searchById($id); $this->view->days = $statsDAO->getDays(); $this->view->months = $statsDAO->getMonths(); diff --git a/app/views/stats/repartition.phtml b/app/views/stats/repartition.phtml index 3dc319731..1f920a7ae 100644 --- a/app/views/stats/repartition.phtml +++ b/app/views/stats/repartition.phtml @@ -6,16 +6,16 @@

conf->display_categories ? ' checked="checked"' : ''; ?> /> + + + +
+
+