From 6fb60d470aaa3c1e62dc1a61f786abdd6e428106 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 11 Nov 2019 19:48:23 +0100 Subject: Fix DB optimize for MySQL (#2647) `pdo->exec()` is not appropriate for MySQL `OPTIMIZE` because `OPTIMIZE` returns some data and not only a code and then fails. --- app/Models/DatabaseDAO.php | 7 ++++++- app/Models/DatabaseDAOPGSQL.php | 6 +++++- app/Models/DatabaseDAOSQLite.php | 7 ++++++- 3 files changed, 17 insertions(+), 3 deletions(-) (limited to 'app/Models') diff --git a/app/Models/DatabaseDAO.php b/app/Models/DatabaseDAO.php index 13330db23..cfb150ab1 100644 --- a/app/Models/DatabaseDAO.php +++ b/app/Models/DatabaseDAO.php @@ -156,7 +156,12 @@ class FreshRSS_DatabaseDAO extends Minz_ModelPdo { foreach ($tables as $table) { $sql = 'OPTIMIZE TABLE `_' . $table . '`'; //MySQL - $ok &= ($this->pdo->exec($sql) !== false); + $stm = $this->pdo->query($sql); + if ($stm == false || $stm->fetchAll(PDO::FETCH_ASSOC) === false) { + $ok = false; + $info = $stm == null ? $this->pdo->errorInfo() : $stm->errorInfo(); + Minz_Log::warning(__METHOD__ . ' error: ' . $sql . ' : ' . json_encode($info)); + } } return $ok; } diff --git a/app/Models/DatabaseDAOPGSQL.php b/app/Models/DatabaseDAOPGSQL.php index 7ca7799ae..75ff8be7b 100644 --- a/app/Models/DatabaseDAOPGSQL.php +++ b/app/Models/DatabaseDAOPGSQL.php @@ -79,7 +79,11 @@ class FreshRSS_DatabaseDAOPGSQL extends FreshRSS_DatabaseDAOSQLite { foreach ($tables as $table) { $sql = 'VACUUM `_' . $table . '`'; - $ok &= ($this->pdo->exec($sql) !== false); + if ($this->pdo->exec($sql) === false) { + $ok = false; + $info = $this->pdo->errorInfo(); + Minz_Log::warning(__METHOD__ . ' error: ' . $sql . ' : ' . json_encode($info)); + } } return $ok; } diff --git a/app/Models/DatabaseDAOSQLite.php b/app/Models/DatabaseDAOSQLite.php index 413e7ee09..eaa2d37a7 100644 --- a/app/Models/DatabaseDAOSQLite.php +++ b/app/Models/DatabaseDAOSQLite.php @@ -66,6 +66,11 @@ class FreshRSS_DatabaseDAOSQLite extends FreshRSS_DatabaseDAO { } public function optimize() { - return $this->pdo->exec('VACUUM') !== false; + $ok = $this->pdo->exec('VACUUM') !== false; + if (!$ok) { + $info = $this->pdo->errorInfo(); + Minz_Log::warning(__METHOD__ . ' error: ' . $sql . ' : ' . json_encode($info)); + } + return $ok; } } -- cgit v1.2.3 From bec75664293047267c8ab5dd6967d78bcdbbf8ff Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 11 Nov 2019 19:48:45 +0100 Subject: Sanitize UTF-8 before commiting entries (#2649) Fix https://github.com/FreshRSS/FreshRSS/issues/2645 --- app/Models/EntryDAO.php | 9 +++++++++ lib/lib_rss.php | 8 ++++++++ 2 files changed, 17 insertions(+) (limited to 'app/Models') diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php index 99e99f463..d149cfd8b 100644 --- a/app/Models/EntryDAO.php +++ b/app/Models/EntryDAO.php @@ -99,9 +99,12 @@ SQL; $valuesTmp['guid'] = safe_ascii($valuesTmp['guid']); $this->addEntryPrepared->bindParam(':guid', $valuesTmp['guid']); $valuesTmp['title'] = mb_strcut($valuesTmp['title'], 0, 255, 'UTF-8'); + $valuesTmp['title'] = safe_utf8($valuesTmp['title']); $this->addEntryPrepared->bindParam(':title', $valuesTmp['title']); $valuesTmp['author'] = mb_strcut($valuesTmp['author'], 0, 255, 'UTF-8'); + $valuesTmp['author'] = safe_utf8($valuesTmp['author']); $this->addEntryPrepared->bindParam(':author', $valuesTmp['author']); + $valuesTmp['content'] = safe_utf8($valuesTmp['content']); $this->addEntryPrepared->bindParam(':content', $valuesTmp['content']); $valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023); $valuesTmp['link'] = safe_ascii($valuesTmp['link']); @@ -117,6 +120,7 @@ SQL; $this->addEntryPrepared->bindParam(':is_favorite', $valuesTmp['is_favorite'], PDO::PARAM_INT); $this->addEntryPrepared->bindParam(':id_feed', $valuesTmp['id_feed'], PDO::PARAM_INT); $valuesTmp['tags'] = mb_strcut($valuesTmp['tags'], 0, 1023, 'UTF-8'); + $valuesTmp['tags'] = safe_utf8($valuesTmp['tags']); $this->addEntryPrepared->bindParam(':tags', $valuesTmp['tags']); if ($this->hasNativeHex()) { @@ -186,11 +190,15 @@ SQL; } $valuesTmp['guid'] = substr($valuesTmp['guid'], 0, 760); + $valuesTmp['guid'] = safe_ascii($valuesTmp['guid']); $this->updateEntryPrepared->bindParam(':guid', $valuesTmp['guid']); $valuesTmp['title'] = mb_strcut($valuesTmp['title'], 0, 255, 'UTF-8'); + $valuesTmp['title'] = safe_utf8($valuesTmp['title']); $this->updateEntryPrepared->bindParam(':title', $valuesTmp['title']); $valuesTmp['author'] = mb_strcut($valuesTmp['author'], 0, 255, 'UTF-8'); + $valuesTmp['author'] = safe_utf8($valuesTmp['author']); $this->updateEntryPrepared->bindParam(':author', $valuesTmp['author']); + $valuesTmp['content'] = safe_utf8($valuesTmp['content']); $this->updateEntryPrepared->bindParam(':content', $valuesTmp['content']); $valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023); $valuesTmp['link'] = safe_ascii($valuesTmp['link']); @@ -203,6 +211,7 @@ SQL; } $this->updateEntryPrepared->bindParam(':id_feed', $valuesTmp['id_feed'], PDO::PARAM_INT); $valuesTmp['tags'] = mb_strcut($valuesTmp['tags'], 0, 1023, 'UTF-8'); + $valuesTmp['tags'] = safe_utf8($valuesTmp['tags']); $this->updateEntryPrepared->bindParam(':tags', $valuesTmp['tags']); if ($this->hasNativeHex()) { diff --git a/lib/lib_rss.php b/lib/lib_rss.php index f4b5c68e6..137c7f2d5 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -81,6 +81,14 @@ function safe_ascii($text) { return filter_var($text, FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); } +if (function_exists('mb_convert_encoding')) { + function safe_utf8($text) { return mb_convert_encoding($text, 'UTF-8', 'UTF-8'); } +} elseif (function_exists('iconv')) { + function safe_utf8($text) { return iconv('UTF-8', 'UTF-8//IGNORE', $text); } +} else { + function safe_utf8($text) { return $text; } +} + function escapeToUnicodeAlternative($text, $extended = true) { $text = htmlspecialchars_decode($text, ENT_QUOTES); -- cgit v1.2.3