From e2d4f1a7214591a47a46272a7a62e320eea029ce Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 18 Nov 2013 23:04:43 +0100 Subject: SQL : identifiant entier automatique pour les catégories et les flux MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Implémentation de https://github.com/marienfressinaud/FreshRSS/issues/262 La catégorie par défaut à le numéro 1. Les numéros de catégories et de flux sont automatiques (1, 2, 3...) L'installeur semble marcher. --- lib/SimplePie/SimplePie/Parser.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'lib/SimplePie') diff --git a/lib/SimplePie/SimplePie/Parser.php b/lib/SimplePie/SimplePie/Parser.php index 72878c25a..c4c732787 100644 --- a/lib/SimplePie/SimplePie/Parser.php +++ b/lib/SimplePie/SimplePie/Parser.php @@ -132,7 +132,7 @@ class SimplePie_Parser } } - try + try //FreshRSS { $dom = new DOMDocument(); $dom->recover = true; @@ -140,7 +140,6 @@ class SimplePie_Parser $dom->loadXML($data); $this->encoding = $encoding = $dom->encoding = 'UTF-8'; $data = $dom->saveXML(); - //file_put_contents('/home/alex/public_html/alexandre.alapetite.fr/prive/FreshRSS/log/parser.log', date('c') . ' ' . 'OK' . "\n", FILE_APPEND); } catch (Exception $e) { -- cgit v1.2.3 From e45357a91b9aa47d5b7ead14c174dc7c98ab9926 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 4 Dec 2013 20:48:53 +0100 Subject: Support contrôlé de iframe, audio, video MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Et filtrage de object, embed https://github.com/marienfressinaud/FreshRSS/issues/188 On ajoute un paramètre preload="none" à audio et video, ainsi qu'un paramètre sandbox="allow-scripts allow-same-origin" aux iframe. On interdit les paramètres autoplay et seamless de audio et video. Ré-écriture des URLS de l'attribut poster de video, ainsi que de l'attribut src de iframe. Suite de https://github.com/marienfressinaud/FreshRSS/issues/267 Au passage, filtrage du vieil élément PLAINTEXT. Modifications dans SimplePie. --- app/models/Feed.php | 16 +++++++---- lib/SimplePie/SimplePie/Sanitize.php | 53 +++++++++++++++++++++++++++++++----- 2 files changed, 56 insertions(+), 13 deletions(-) (limited to 'lib/SimplePie') diff --git a/app/models/Feed.php b/app/models/Feed.php index 555759c9a..88833c706 100644 --- a/app/models/Feed.php +++ b/app/models/Feed.php @@ -204,15 +204,15 @@ class Feed extends Model { $feed->set_cache_location (CACHE_PATH); $feed->set_cache_duration(1500); $feed->strip_htmltags (array ( - 'base', 'blink', 'body', 'doctype', + 'base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'input', 'marquee', 'meta', 'noscript', - 'param', 'script', 'style' + 'object', 'param', 'plaintext', 'script', 'style', )); $feed->strip_attributes(array_merge($feed->strip_attributes, array( - 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', + 'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', - 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange'))); + 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless'))); $feed->set_url_replacements(array( 'a' => 'href', 'area' => 'href', @@ -220,6 +220,7 @@ class Feed extends Model { 'blockquote' => 'cite', 'del' => 'cite', 'form' => 'action', + 'iframe' => 'src', 'img' => array( 'longdesc', 'src' @@ -229,7 +230,10 @@ class Feed extends Model { 'q' => 'cite', 'source' => 'src', 'track' => 'src', - 'video' => 'src', + 'video' => array( + 'poster', + 'src', + ), )); $feed->init (); @@ -581,7 +585,7 @@ class HelperFeed { $myFeed = new Feed (isset($dao['url']) ? $dao['url'] : '', false); $myFeed->_category ($catID === null ? $dao['category'] : $catID); $myFeed->_name ($dao['name']); - $myFeed->_website ($dao['website']); + $myFeed->_website ($dao['website'], false); $myFeed->_description (isset($dao['description']) ? $dao['description'] : ''); $myFeed->_lastUpdate (isset($dao['lastUpdate']) ? $dao['lastUpdate'] : 0); $myFeed->_priority ($dao['priority']); diff --git a/lib/SimplePie/SimplePie/Sanitize.php b/lib/SimplePie/SimplePie/Sanitize.php index 83a274ced..0974c150d 100644 --- a/lib/SimplePie/SimplePie/Sanitize.php +++ b/lib/SimplePie/SimplePie/Sanitize.php @@ -62,6 +62,7 @@ class SimplePie_Sanitize var $strip_htmltags = array('base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', 'iframe', 'input', 'marquee', 'meta', 'noscript', 'object', 'param', 'script', 'style'); var $encode_instead_of_strip = false; var $strip_attributes = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'); + var $add_attributes = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none')); //FreshRSS var $strip_comments = false; var $output_encoding = 'UTF-8'; var $enable_cache = true; @@ -179,6 +180,25 @@ class SimplePie_Sanitize } } + public function add_attributes($attribs = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none'))) + { + if ($attribs) + { + if (is_array($attribs)) + { + $this->add_attributes = $attribs; + } + else + { + $this->add_attributes = explode(',', $attribs); + } + } + else + { + $this->add_attributes = false; + } + } + public function strip_comments($strip = false) { $this->strip_comments = (bool) $strip; @@ -255,10 +275,11 @@ class SimplePie_Sanitize $document->loadHTML($data); restore_error_handler(); + $xpath = new DOMXPath($document); //FreshRSS + // Strip comments if ($this->strip_comments) { - $xpath = new DOMXPath($document); $comments = $xpath->query('//comment()'); foreach ($comments as $comment) @@ -274,7 +295,7 @@ class SimplePie_Sanitize { foreach ($this->strip_htmltags as $tag) { - $this->strip_tag($tag, $document, $type); + $this->strip_tag($tag, $document, $xpath, $type); } } @@ -282,7 +303,15 @@ class SimplePie_Sanitize { foreach ($this->strip_attributes as $attrib) { - $this->strip_attr($attrib, $document); + $this->strip_attr($attrib, $xpath); + } + } + + if ($this->add_attributes) + { + foreach ($this->add_attributes as $tag => $valuePairs) + { + $this->add_attr($tag, $valuePairs, $document); } } @@ -452,9 +481,8 @@ class SimplePie_Sanitize } } - protected function strip_tag($tag, $document, $type) + protected function strip_tag($tag, $document, $xpath, $type) { - $xpath = new DOMXPath($document); $elements = $xpath->query('body//' . $tag); if ($this->encode_instead_of_strip) { @@ -537,9 +565,8 @@ class SimplePie_Sanitize } } - protected function strip_attr($attrib, $document) + protected function strip_attr($attrib, $xpath) { - $xpath = new DOMXPath($document); $elements = $xpath->query('//*[@' . $attrib . ']'); foreach ($elements as $element) @@ -547,4 +574,16 @@ class SimplePie_Sanitize $element->removeAttribute($attrib); } } + + protected function add_attr($tag, $valuePairs, $document) + { + $elements = $document->getElementsByTagName($tag); + foreach ($elements as $element) + { + foreach ($valuePairs as $attrib => $value) + { + $element->setAttribute($attrib, $value); + } + } + } } -- cgit v1.2.3 From be3b07a374c42a7d424b6ae12fd33c70c00c91ff Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 4 Dec 2013 21:20:15 +0100 Subject: Permet les protocoles relatifs pour HTTP/HTTPS automatique MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Une vidéo telle fonctionne maintenant sur un FreshRSS hébergé en HTTPS. Cela pourrait sûrement être écrit de manière plus propre quelque part dans SimplePie_IRI::absolutize. Contribue à https://github.com/marienfressinaud/FreshRSS/issues/188 --- lib/SimplePie/SimplePie/Misc.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'lib/SimplePie') diff --git a/lib/SimplePie/SimplePie/Misc.php b/lib/SimplePie/SimplePie/Misc.php index 621f2c062..347520303 100644 --- a/lib/SimplePie/SimplePie/Misc.php +++ b/lib/SimplePie/SimplePie/Misc.php @@ -79,6 +79,10 @@ class SimplePie_Misc public static function absolutize_url($relative, $base) { + if (substr($relative, 0, 2) === '//') //FreshRSS: disable absolutize_url for "//www.example.net" which will pick HTTP or HTTPS automatically + { + return $relative; + } $iri = SimplePie_IRI::absolutize(new SimplePie_IRI($base), $relative); if ($iri === false) { -- cgit v1.2.3 From 25fa654529390dfc989898beb522d63cae4aed7d Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Thu, 5 Dec 2013 19:18:28 +0100 Subject: Resource-priorities MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Prépare http://www.w3.org/TR/resource-priorities/ https://github.com/marienfressinaud/FreshRSS/issues/316 https://github.com/marienfressinaud/FreshRSS/issues/313 Continue https://github.com/marienfressinaud/FreshRSS/issues/188 https://github.com/marienfressinaud/FreshRSS/commit/e45357a91b9aa47d5b7ead14c174dc7c98ab9926 --- app/models/Feed.php | 6 ++++++ lib/SimplePie/SimplePie.php | 17 +++++++++++++++++ 2 files changed, 23 insertions(+) (limited to 'lib/SimplePie') diff --git a/app/models/Feed.php b/app/models/Feed.php index 88833c706..1454f44d5 100644 --- a/app/models/Feed.php +++ b/app/models/Feed.php @@ -213,6 +213,12 @@ class Feed extends Model { 'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless'))); + $feed->add_attributes(array( + 'img' => array('lazyload' => ''), //http://www.w3.org/TR/resource-priorities/ + 'audio' => array('preload' => 'none'), + 'iframe' => array('postpone' => '', 'sandbox' => 'allow-scripts allow-same-origin'), + 'video' => array('postpone' => '', 'preload' => 'none'), + )); $feed->set_url_replacements(array( 'a' => 'href', 'area' => 'href', diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index 9e532023a..d20ab5430 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -601,6 +601,13 @@ class SimplePie */ public $strip_attributes = array('bgsound', 'class', 'expr', 'id', 'style', 'onclick', 'onerror', 'onfinish', 'onmouseover', 'onmouseout', 'onfocus', 'onblur', 'lowsrc', 'dynsrc'); + /** + * @var array Stores the default attributes to add to differet tags by add_attributes(). + * @see SimplePie::add_attributes() + * @access private + */ + public $add_attributes = array('audio' => array('preload' => 'none'), 'iframe' => array('sandbox' => 'allow-scripts allow-same-origin'), 'video' => array('preload' => 'none')); //FreshRSS + /** * @var array Stores the default tags to be stripped by strip_htmltags(). * @see SimplePie::strip_htmltags() @@ -1073,6 +1080,7 @@ class SimplePie $this->strip_comments(false); $this->strip_htmltags(false); $this->strip_attributes(false); + $this->add_attributes(false); $this->set_image_handler(false); } } @@ -1119,6 +1127,15 @@ class SimplePie $this->sanitize->strip_attributes($attribs); } + public function add_attributes($attribs = '') + { + if ($attribs === '') + { + $attribs = $this->add_attributes; + } + $this->sanitize->add_attributes($attribs); + } + /** * Set the output encoding * -- cgit v1.2.3