From 079150eee4eebce3549c3d7db84dd0180bdd11e7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 3 Jul 2015 23:47:18 +0200 Subject: Updated log visibility In particular, ensure that ERROR is only used for errors that may affect FreshRSS integrity, and ensure that feed errors are visible also in production, i.e. visibility of WARNING https://github.com/FreshRSS/FreshRSS/issues/885 https://github.com/FreshRSS/FreshRSS/issues/884 --- app/Models/CategoryDAO.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'app/Models') diff --git a/app/Models/CategoryDAO.php b/app/Models/CategoryDAO.php index 189a5f0e4..b5abac519 100644 --- a/app/Models/CategoryDAO.php +++ b/app/Models/CategoryDAO.php @@ -13,7 +13,7 @@ class FreshRSS_CategoryDAO extends Minz_ModelPdo implements FreshRSS_Searchable return $this->bd->lastInsertId(); } else { $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); - Minz_Log::error('SQL error addCategory: ' . $info[2] ); + Minz_Log::error('SQL error addCategory: ' . $info[2]); return false; } } -- cgit v1.2.3 From 6b7d94626656674b60d6f970bd4ada46383dde1e Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 10 Jul 2015 21:40:28 +0200 Subject: Avoid hex2bin for PHP 5.3 https://github.com/FreshRSS/FreshRSS/issues/894 And use native hexadecimal function when available (MySQL) to avoid having binary data in the SQL logs. --- app/Models/EntryDAO.php | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) (limited to 'app/Models') diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php index 9ddcfcfb3..f74055835 100644 --- a/app/Models/EntryDAO.php +++ b/app/Models/EntryDAO.php @@ -6,6 +6,10 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { return parent::$sharedDbType !== 'sqlite'; } + public function hasNativeHex() { + return parent::$sharedDbType !== 'sqlite'; + } + protected function addColumn($name) { Minz_Log::debug('FreshRSS_EntryDAO::autoAddColumn: ' . $name); $hasTransaction = false; @@ -64,7 +68,9 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { . ', link, date, lastSeen, hash, is_read, is_favorite, id_feed, tags) ' . 'VALUES(?, ?, ?, ?, ' . ($this->isCompressed() ? 'COMPRESS(?)' : '?') - . ', ?, ?, ?, ?, ?, ?, ?, ?)'; + . ', ?, ?, ?, ' + . ($this->hasNativeHex() ? 'X?' : '?') + . ', ?, ?, ?, ?)'; $this->addEntryPrepared = $this->bd->prepare($sql); } @@ -77,7 +83,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { substr($valuesTmp['link'], 0, 1023), $valuesTmp['date'], time(), - hex2bin($valuesTmp['hash']), // X'09AF' hexadecimal literals do not work with SQLite/PDO + $this->hasNativeHex() ? $valuesTmp['hash'] : pack('H*', $valuesTmp['hash']), // X'09AF' hexadecimal literals do not work with SQLite/PDO //hex2bin() is PHP5.4+ $valuesTmp['is_read'] ? 1 : 0, $valuesTmp['is_favorite'] ? 1 : 0, $valuesTmp['id_feed'], @@ -109,8 +115,9 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $sql = 'UPDATE `' . $this->prefix . 'entry` ' . 'SET title=?, author=?, ' . ($this->isCompressed() ? 'content_bin=COMPRESS(?)' : 'content=?') - . ', link=?, date=?, lastSeen=?, hash=?, ' - . ($valuesTmp['is_read'] === null ? '' : 'is_read=?, ') + . ', link=?, date=?, lastSeen=?, hash=' + . ($this->hasNativeHex() ? 'X?' : '?') + . ', ' . ($valuesTmp['is_read'] === null ? '' : 'is_read=?, ') . 'tags=? ' . 'WHERE id_feed=? AND guid=?'; $this->updateEntryPrepared = $this->bd->prepare($sql); @@ -123,7 +130,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { substr($valuesTmp['link'], 0, 1023), $valuesTmp['date'], time(), - hex2bin($valuesTmp['hash']), + $this->hasNativeHex() ? $valuesTmp['hash'] : pack('H*', $valuesTmp['hash']), ); if ($valuesTmp['is_read'] !== null) { $values[] = $valuesTmp['is_read'] ? 1 : 0; -- cgit v1.2.3 From ac8bd3d2512dd1bfca43d71ea10202ba9e6a82a6 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 21 Jul 2015 15:31:23 +0200 Subject: Add a max_registrations limit - Allow user to create accounts (not implemented) - Admin only can set this limit See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/userController.php | 24 ++++++++++++++++++++++++ app/Models/ConfigurationSetter.php | 3 +++ app/views/user/manage.phtml | 19 +++++++++++++++++++ data/config.default.php | 4 ++++ 4 files changed, 50 insertions(+) (limited to 'app/Models') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index ed01b83c5..1c7745753 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -211,4 +211,28 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); } + + /** + * This action updates the max number of registrations. + * + * Request parameter is: + * - max-registrations (int >= 0) + */ + public function setRegistrationAction() { + if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { + $limits = FreshRSS_Context::$system_conf->limits; + $limits['max_registrations'] = Minz_Request::param('max-registrations', 1); + FreshRSS_Context::$system_conf->limits = $limits; + FreshRSS_Context::$system_conf->save(); + + invalidateHttpCache(); + + Minz_Session::_param('notification', array( + 'type' => 'good', + 'content' => _t('feedback.user.set_registration') + )); + } + + Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); + } } diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php index 4bd29ecb0..236bf5b0b 100644 --- a/app/Models/ConfigurationSetter.php +++ b/app/Models/ConfigurationSetter.php @@ -352,6 +352,9 @@ class FreshRSS_ConfigurationSetter { 'min' => 0, 'max' => $max_small_int, ), + 'max_registrations' => array( + 'min' => 0, + ), ); foreach ($values as $key => $value) { diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml index fe1b6618b..a7cbf0795 100644 --- a/app/views/user/manage.phtml +++ b/app/views/user/manage.phtml @@ -3,6 +3,25 @@
+
+ + +
+ +
+ + +
+
+ +
+
+ + +
+
+
+
diff --git a/data/config.default.php b/data/config.default.php index 6013b13b8..5db933ff8 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -77,6 +77,10 @@ return array( # Max number of categories for a user. 'max_categories' => 16384, + # Max number of accounts that anonymous users can create + # 0 for an unlimited number of accounts + # 1 is to not allow user registrations (1 is corresponding to the admin account) + 'max_registrations' => 1, ), # Options used by cURL when making HTTP requests, e.g. when the SimplePie library retrieves feeds. -- cgit v1.2.3 From d6e632fc09ff391da39a42853f0eae87ef4a20f4 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 23:22:50 +0200 Subject: Fix a bug in ConfigurationSetter --- app/Models/ConfigurationSetter.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'app/Models') diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php index 236bf5b0b..d7378d4d8 100644 --- a/app/Models/ConfigurationSetter.php +++ b/app/Models/ConfigurationSetter.php @@ -364,8 +364,8 @@ class FreshRSS_ConfigurationSetter { $limits = $limits_keys[$key]; if ( - (!isset($limits['min']) || $value > $limits['min']) && - (!isset($limits['max']) || $value < $limits['max']) + (!isset($limits['min']) || $value >= $limits['min']) && + (!isset($limits['max']) || $value <= $limits['max']) ) { $data['limits'][$key] = $value; } -- cgit v1.2.3