From 1a35e2271d3b9383e882371d37d5fef16abd745d Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 21 Mar 2015 18:20:36 +0100 Subject: SimplePie option to restaure syslog of HTTP requests https://github.com/FreshRSS/FreshRSS/issues/711 --- lib/lib_rss.php | 1 + 1 file changed, 1 insertion(+) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e5fe73041..16ae3097f 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -123,6 +123,7 @@ function customSimplePie() { $limits = $system_conf->limits; $simplePie = new SimplePie(); $simplePie->set_useragent(_t('gen.freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ') ' . SIMPLEPIE_NAME . '/' . SIMPLEPIE_VERSION); + $simplePie->set_syslog($system_conf->simplepie_syslog_enabled); $simplePie->set_cache_location(CACHE_PATH); $simplePie->set_cache_duration($limits['cache_duration']); $simplePie->set_timeout($limits['timeout']); -- cgit v1.2.3 From ad9fe52f5a76faf58d13fcf7bde8f58e85abe82b Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 22 Mar 2015 22:54:29 +0100 Subject: SimplePie sanitize URLs for syslog https://github.com/FreshRSS/FreshRSS/issues/711 https://github.com/FreshRSS/FreshRSS/pull/715 --- app/Models/Feed.php | 2 +- lib/SimplePie/SimplePie.php | 4 ++-- lib/SimplePie/SimplePie/File.php | 2 +- lib/SimplePie/SimplePie/Misc.php | 10 ++++++++++ lib/lib_rss.php | 12 +----------- 5 files changed, 15 insertions(+), 15 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 5f67ea6ce..15cbb7d0a 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -240,7 +240,7 @@ class FreshRSS_Feed extends Minz_Model { $subscribe_url = $feed->subscribe_url(true); } - $clean_url = url_remove_credentials($subscribe_url); + $clean_url = SimplePie_Misc::url_remove_credentials($subscribe_url); if ($subscribe_url !== null && $subscribe_url !== $url) { $this->_url($clean_url); } diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index bb8ce4191..54f4c5770 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -1554,14 +1554,14 @@ class SimplePie if ($this->data['md5'] === $md5) { if ($this->syslog_enabled) { - syslog(LOG_DEBUG, 'SimplePie MD5 cache match for ' . $this->feed_url); + syslog(LOG_DEBUG, 'SimplePie MD5 cache match for ' . SimplePie_Misc::url_remove_credentials($this->feed_url)); } $cache->touch(); return true; //Content unchanged even though server did not send a 304 } else { if ($this->syslog_enabled) { - syslog(LOG_DEBUG, 'SimplePie MD5 cache no match for ' . $this->feed_url); + syslog(LOG_DEBUG, 'SimplePie MD5 cache no match for ' . SimplePie_Misc::url_remove_credentials($this->feed_url)); } $this->data['md5'] = $md5; } diff --git a/lib/SimplePie/SimplePie/File.php b/lib/SimplePie/SimplePie/File.php index 56fe72196..1f9e3d502 100644 --- a/lib/SimplePie/SimplePie/File.php +++ b/lib/SimplePie/SimplePie/File.php @@ -81,7 +81,7 @@ class SimplePie_File { if ($syslog_enabled) { - syslog(LOG_INFO, 'SimplePie GET ' . $url); //FreshRSS + syslog(LOG_INFO, 'SimplePie GET ' . SimplePie_Misc::url_remove_credentials($url)); //FreshRSS } if ($useragent === null) { diff --git a/lib/SimplePie/SimplePie/Misc.php b/lib/SimplePie/SimplePie/Misc.php index 5a263a2e5..de50d37b8 100644 --- a/lib/SimplePie/SimplePie/Misc.php +++ b/lib/SimplePie/SimplePie/Misc.php @@ -2240,5 +2240,15 @@ function embed_wmedia(width, height, link) { { // No-op } + + /** + * Sanitize a URL by removing HTTP credentials. + * @param $url the URL to sanitize. + * @return the same URL without HTTP credentials. + */ + function url_remove_credentials($url) //FreshRSS + { + return preg_replace('#(?<=//)[^/:@]+:[^/:@]+@#', '', $url); + } } diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 16ae3097f..65a1a8e04 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -181,7 +181,7 @@ function sanitizeHTML($data, $base = '') { function get_content_by_parsing ($url, $path) { require_once (LIB_PATH . '/lib_phpQuery.php'); - Minz_Log::notice('FreshRSS GET ' . url_remove_credentials($url)); + Minz_Log::notice('FreshRSS GET ' . SimplePie_Misc::url_remove_credentials($url)); $html = file_get_contents ($url); if ($html) { @@ -430,13 +430,3 @@ function array_push_unique(&$array, $value) { function array_remove(&$array, $value) { $array = array_diff($array, array($value)); } - - -/** - * Sanitize a URL by removing HTTP credentials. - * @param $url the URL to sanitize. - * @return the same URL without HTTP credentials. - */ -function url_remove_credentials($url) { - return preg_replace('/[^\/]*:[^:]*@/', '', $url); -} -- cgit v1.2.3 From 711530a512b370d79b079205ce1f8376174f7f03 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 4 Apr 2015 22:39:31 +0200 Subject: SQL: detection of updates, and preparation for better burge https://github.com/FreshRSS/FreshRSS/issues/798 https://github.com/FreshRSS/FreshRSS/issues/493 SQLite not yet tested. Only MySQL tested so far. --- app/Controllers/feedController.php | 98 ++++++++------ app/Controllers/importExportController.php | 3 +- app/Models/Entry.php | 16 +++ app/Models/EntryDAO.php | 198 +++++++++++++++++++++-------- app/Models/Feed.php | 1 + app/SQL/install.sql.mysql.php | 7 +- app/SQL/install.sql.sqlite.php | 7 +- lib/lib_rss.php | 2 +- 8 files changed, 231 insertions(+), 101 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 6f544d834..08a0257a2 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -145,7 +145,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { // Call the extension hook $name = $feed->name(); $feed = Minz_ExtensionManager::callHook('feed_before_insert', $feed); - if (is_null($feed)) { + if ($feed === null) { Minz_Request::bad(_t('feed_not_added', $name), $url_redirect); } @@ -181,7 +181,6 @@ class FreshRSS_feed_Controller extends Minz_ActionController { // Use a shared statement and a transaction to improve a LOT the // performances. - $prepared_statement = $entryDAO->addEntryPrepare(); $feedDAO->beginTransaction(); foreach ($entries as $entry) { // Entries are added without any verification. @@ -190,13 +189,13 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $entry->_isRead($is_read); $entry = Minz_ExtensionManager::callHook('entry_before_insert', $entry); - if (is_null($entry)) { + if ($entry === null) { // An extension has returned a null value, there is nothing to insert. continue; } $values = $entry->toArray(); - $entryDAO->addEntry($values, $prepared_statement); + $entryDAO->addEntry($values); } $feedDAO->updateLastUpdate($feed->id()); $feedDAO->commit(); @@ -307,7 +306,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $feed->load(false); } catch (FreshRSS_Feed_Exception $e) { Minz_Log::notice($e->getMessage()); - $feedDAO->updateLastUpdate($feed->id(), 1); + $feedDAO->updateLastUpdate($feed->id(), true); $feed->unlock(); continue; } @@ -323,50 +322,69 @@ class FreshRSS_feed_Controller extends Minz_ActionController { // We want chronological order and SimplePie uses reverse order. $entries = array_reverse($feed->entries()); if (count($entries) > 0) { - // For this feed, check last n entry GUIDs already in database. - $existing_guids = array_fill_keys($entryDAO->listLastGuidsByFeed( - $feed->id(), count($entries) + 10 - ), 1); - $use_declared_date = empty($existing_guids); + $newGuids = array(); + foreach ($entries as $entry) { + $newGuids[] = $entry->guid(); + } + // For this feed, check existing GUIDs already in database. + $existingHashForGuids = $entryDAO->listHashForFeedGuids($feed->id(), $newGuids); + unset($newGuids); + $use_declared_date = empty($existingHashForGuids); + $oldGuids = array(); // Add entries in database if possible. - $prepared_statement = $entryDAO->addEntryPrepare(); - $feedDAO->beginTransaction(); foreach ($entries as $entry) { $entry_date = $entry->date(true); - if (isset($existing_guids[$entry->guid()]) || - ($feed_history == 0 && $entry_date < $date_min)) { - // This entry already exists in DB or should not be added - // considering configuration and date. - continue; - } - - $id = uTimeString(); - if ($use_declared_date || $entry_date < $date_min) { - // Use declared date at first import. - $id = min(time(), $entry_date) . uSecString(); + if (isset($existingHashForGuids[$entry->guid()])) { + $existingHash = $existingHashForGuids[$entry->guid()]; + if (strcasecmp($existingHash, $entry->hash()) === 0 || $existingHash === '00000000000000000000000000000000') { + //This entry already exists and is unchanged. TODO: Remove the test with the zero'ed hash in FreshRSS v1.3 + $oldGuids[] = $entry->guid(); + } else { //This entry already exists but has been updated + Minz_Log::debug('Entry with GUID `' . $entry->guid() . '` updated in feed ' . $feed->id() . + ', old hash ' . $existingHash . ', new hash ' . $entry->hash()); + $entry->_isRead($is_read); //Reset is_read + if (!$entryDAO->hasTransaction()) { + $entryDAO->beginTransaction(); + } + $entryDAO->updateEntry($entry->toArray()); + } + } elseif ($feed_history == 0 && $entry_date < $date_min) { + // This entry should not be added considering configuration and date. + $oldGuids[] = $entry->guid(); + } else { + $id = uTimeString(); + if ($use_declared_date || $entry_date < $date_min) { + // Use declared date at first import. + $id = min(time(), $entry_date) . uSecString(); + } + + $entry->_id($id); + $entry->_isRead($is_read); + + $entry = Minz_ExtensionManager::callHook('entry_before_insert', $entry); + if ($entry === null) { + // An extension has returned a null value, there is nothing to insert. + continue; + } + + if (!$entryDAO->hasTransaction()) { + $entryDAO->beginTransaction(); + } + $entryDAO->addEntry($entry->toArray()); } - - $entry->_id($id); - $entry->_isRead($is_read); - - $entry = Minz_ExtensionManager::callHook('entry_before_insert', $entry); - if (is_null($entry)) { - // An extension has returned a null value, there is nothing to insert. - continue; - } - - $values = $entry->toArray(); - $entryDAO->addEntry($values, $prepared_statement); } + $entryDAO->updateLastSeen($feed->id(), $oldGuids); } + //TODO: updateLastSeen old GUIDS once in a while, in the case of caching (i.e. the whole feed content has not changed) if ($feed_history >= 0 && rand(0, 30) === 1) { // TODO: move this function in web cron when available (see entry::purge) // Remove old entries once in 30. - if (!$feedDAO->hasTransaction()) { - $feedDAO->beginTransaction(); + if (!$entryDAO->hasTransaction()) { + $entryDAO->beginTransaction(); } + //TODO: more robust system based on entry.lastSeen to avoid cleaning entries that are still published in the RSS feed. $nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, @@ -377,9 +395,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController { } } - $feedDAO->updateLastUpdate($feed->id(), 0, $feedDAO->hasTransaction()); - if ($feedDAO->hasTransaction()) { - $feedDAO->commit(); + $feedDAO->updateLastUpdate($feed->id(), 0, $entryDAO->hasTransaction()); + if ($entryDAO->hasTransaction()) { + $entryDAO->commit(); } if ($feed->url() !== $url) { diff --git a/app/Controllers/importExportController.php b/app/Controllers/importExportController.php index 589777b2a..26b163e43 100644 --- a/app/Controllers/importExportController.php +++ b/app/Controllers/importExportController.php @@ -361,7 +361,6 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } // Then, articles are imported. - $prepared_statement = $this->entryDAO->addEntryPrepare(); $this->entryDAO->beginTransaction(); foreach ($article_object['items'] as $item) { if (!isset($article_to_feed[$item['id']])) { @@ -396,7 +395,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController { } $values = $entry->toArray(); - $id = $this->entryDAO->addEntry($values, $prepared_statement); + $id = $this->entryDAO->addEntry($values); if (!$error && ($id === false)) { $error = true; diff --git a/app/Models/Entry.php b/app/Models/Entry.php index 346c98a92..6931c9f25 100644 --- a/app/Models/Entry.php +++ b/app/Models/Entry.php @@ -14,6 +14,7 @@ class FreshRSS_Entry extends Minz_Model { private $content; private $link; private $date; + private $hash = null; private $is_read; private $is_favorite; private $feed; @@ -88,6 +89,14 @@ class FreshRSS_Entry extends Minz_Model { } } + public function hash() { + if ($this->hash === null) { + //Do not include $this->date because it may be automatically generated when lacking + $this->hash = md5($this->link . $this->title . $this->author . $this->content . $this->tags(true)); + } + return $this->hash; + } + public function _id($value) { $this->id = $value; } @@ -95,18 +104,23 @@ class FreshRSS_Entry extends Minz_Model { $this->guid = $value; } public function _title($value) { + $this->hash = null; $this->title = $value; } public function _author($value) { + $this->hash = null; $this->author = $value; } public function _content($value) { + $this->hash = null; $this->content = $value; } public function _link($value) { + $this->hash = null; $this->link = $value; } public function _date($value) { + $this->hash = null; $value = intval($value); $this->date = $value > 1 ? $value : time(); } @@ -120,6 +134,7 @@ class FreshRSS_Entry extends Minz_Model { $this->feed = $value; } public function _tags($value) { + $this->hash = null; if (!is_array($value)) { $value = array($value); } @@ -182,6 +197,7 @@ class FreshRSS_Entry extends Minz_Model { 'content' => $this->content(), 'link' => $this->link(), 'date' => $this->date(true), + 'hash' => $this->hash(), 'is_read' => $this->isRead(), 'is_favorite' => $this->isFavorite(), 'id_feed' => $this->feed(), diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php index 9736d5cd3..5b4b85547 100644 --- a/app/Models/EntryDAO.php +++ b/app/Models/EntryDAO.php @@ -6,20 +6,57 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { return parent::$sharedDbType !== 'sqlite'; } - public function addEntryPrepare() { - $sql = 'INSERT INTO `' . $this->prefix . 'entry`(id, guid, title, author, ' - . ($this->isCompressed() ? 'content_bin' : 'content') - . ', link, date, is_read, is_favorite, id_feed, tags) ' - . 'VALUES(?, ?, ?, ?, ' - . ($this->isCompressed() ? 'COMPRESS(?)' : '?') - . ', ?, ?, ?, ?, ?, ?)'; - return $this->bd->prepare($sql); + protected function autoAddColumn($errorInfo) { + if (isset($errorInfo[0])) { + if ($errorInfo[0] == '42S22') { //ER_BAD_FIELD_ERROR + $hasTransaction = false; + try { + $stm = null; + if (stripos($errorInfo[2], 'lastSeen') !== false) { //v1.2 + if (!$this->bd->inTransaction()) { + $this->bd->beginTransaction(); + $hasTransaction = true; + } + $stm = $this->bd->prepare('ALTER TABLE `' . $this->prefix . 'entry` ADD COLUMN lastSeen INT(11) NOT NULL'); + if ($stm && $stm->execute()) { + $stm = $this->bd->prepare('CREATE INDEX entry_lastSeen_index ON `' . $this->prefix . 'entry`(`lastSeen`);'); //"IF NOT EXISTS" does not exist in MySQL 5.7 + if ($stm && $stm->execute()) { + if ($hasTransaction) { + $this->bd->commit(); + } + return true; + } + } + if ($hasTransaction) { + $this->bd->rollBack(); + } + } elseif (stripos($errorInfo[2], 'hash') !== false) { //v1.2 + $stm = $this->bd->prepare('ALTER TABLE `' . $this->prefix . 'entry` ADD COLUMN hash BINARY(16) NOT NULL'); + return $stm && $stm->execute(); + } + } catch (Exception $e) { + Minz_Log::debug('FreshRSS_EntryDAO::autoAddColumn error: ' . $e->getMessage()); + if ($hasTransaction) { + $this->bd->rollBack(); + } + } + } + } + return false; } - public function addEntry($valuesTmp, $preparedStatement = null) { - $stm = $preparedStatement === null ? - FreshRSS_EntryDAO::addEntryPrepare() : - $preparedStatement; + private $addEntryPrepared = null; + + public function addEntry($valuesTmp) { + if ($this->addEntryPrepared === null) { + $sql = 'INSERT INTO `' . $this->prefix . 'entry` (id, guid, title, author, ' + . ($this->isCompressed() ? 'content_bin' : 'content') + . ', link, date, lastSeen, hash, is_read, is_favorite, id_feed, tags) ' + . 'VALUES(?, ?, ?, ?, ' + . ($this->isCompressed() ? 'COMPRESS(?)' : '?') + . ', ?, ?, ?, X?, ?, ?, ?, ?)'; + $this->addEntryPrepared = $this->bd->prepare($sql); + } $values = array( $valuesTmp['id'], @@ -29,55 +66,65 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $valuesTmp['content'], substr($valuesTmp['link'], 0, 1023), $valuesTmp['date'], + time(), + $valuesTmp['hash'], $valuesTmp['is_read'] ? 1 : 0, $valuesTmp['is_favorite'] ? 1 : 0, $valuesTmp['id_feed'], substr($valuesTmp['tags'], 0, 1023), ); - if ($stm && $stm->execute($values)) { + if ($this->addEntryPrepared && $this->addEntryPrepared->execute($values)) { return $this->bd->lastInsertId(); } else { - $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); - if ((int)($info[0] / 1000) !== 23) { //Filter out "SQLSTATE Class code 23: Constraint Violation" because of expected duplicate entries + $info = $this->addEntryPrepared == null ? array(2 => 'syntax error') : $this->addEntryPrepared->errorInfo(); + if ($this->autoAddColumn($info)) { + return $this->addEntry($valuesTmp); + } elseif ((int)($info[0] / 1000) !== 23) { //Filter out "SQLSTATE Class code 23: Constraint Violation" because of expected duplicate entries Minz_Log::error('SQL error addEntry: ' . $info[0] . ': ' . $info[1] . ' ' . $info[2] . ' while adding entry in feed ' . $valuesTmp['id_feed'] . ' with title: ' . $valuesTmp['title']); - } /*else { - Minz_Log::debug('SQL error ' . $info[0] . ': ' . $info[1] . ' ' . $info[2] - . ' while adding entry in feed ' . $valuesTmp['id_feed'] . ' with title: ' . $valuesTmp['title']); - }*/ + } return false; } } - public function addEntryObject($entry, $conf, $feedHistory) { - $existingGuids = array_fill_keys( - $this->listLastGuidsByFeed($entry->feed(), 20), 1 - ); - - $nb_month_old = max($conf->old_entries, 1); - $date_min = time() - (3600 * 24 * 30 * $nb_month_old); + private $updateEntryPrepared = null; - $eDate = $entry->date(true); - - if ($feedHistory == -2) { - $feedHistory = $conf->keep_history_default; + public function updateEntry($valuesTmp) { + if ($this->updateEntryPrepared === null) { + $sql = 'UPDATE `' . $this->prefix . 'entry` ' + . 'SET title=?, author=?, ' + . ($this->isCompressed() ? 'content_bin=COMPRESS(?)' : 'content=?') + . ', link=?, date=?, lastSeen=?, hash=X?, is_read=?, tags=? ' + . 'WHERE id_feed=? AND guid=?'; + $this->updateEntryPrepared = $this->bd->prepare($sql); } - if (!isset($existingGuids[$entry->guid()]) && - ($feedHistory != 0 || $eDate >= $date_min || $entry->isFavorite())) { - $values = $entry->toArray(); - - $useDeclaredDate = empty($existingGuids); - $values['id'] = ($useDeclaredDate || $eDate < $date_min) ? - min(time(), $eDate) . uSecString() : - uTimeString(); + $values = array( + substr($valuesTmp['title'], 0, 255), + substr($valuesTmp['author'], 0, 255), + $valuesTmp['content'], + substr($valuesTmp['link'], 0, 1023), + $valuesTmp['date'], + time(), + $valuesTmp['hash'], + $valuesTmp['is_read'] ? 1 : 0, + substr($valuesTmp['tags'], 0, 1023), + $valuesTmp['id_feed'], + substr($valuesTmp['guid'], 0, 760), + ); - return $this->addEntry($values); + if ($this->updateEntryPrepared && $this->updateEntryPrepared->execute($values)) { + return $this->bd->lastInsertId(); + } else { + $info = $this->updateEntryPrepared == null ? array(2 => 'syntax error') : $this->updateEntryPrepared->errorInfo(); + if ($this->autoAddColumn($info)) { + return $this->updateEntry($valuesTmp); + } + Minz_Log::error('SQL error updateEntry: ' . $info[0] . ': ' . $info[1] . ' ' . $info[2] + . ' while updating entry with GUID ' . $valuesTmp['guid'] . ' in feed ' . $valuesTmp['id_feed']); + return false; } - - // We don't return Entry object to avoid a research in DB - return -1; } /** @@ -94,6 +141,9 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { if (!is_array($ids)) { $ids = array($ids); } + if (count($ids) < 1) { + return 0; + } $sql = 'UPDATE `' . $this->prefix . 'entry` ' . 'SET is_favorite=? ' . 'WHERE id IN (' . str_repeat('?,', count($ids) - 1). '?)'; @@ -296,11 +346,11 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { * * If $idMax equals 0, a deprecated debug message is logged * - * @param integer $id feed ID + * @param integer $id_feed feed ID * @param integer $idMax fail safe article ID * @return integer affected rows */ - public function markReadFeed($id, $idMax = 0) { + public function markReadFeed($id_feed, $idMax = 0) { if ($idMax == 0) { $idMax = time() . '000000'; Minz_Log::debug('Calling markReadFeed(0) is deprecated!'); @@ -310,7 +360,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $sql = 'UPDATE `' . $this->prefix . 'entry` ' . 'SET is_read=1 ' . 'WHERE id_feed=? AND is_read=0 AND id <= ?'; - $values = array($id, $idMax); + $values = array($id_feed, $idMax); $stm = $this->bd->prepare($sql); if (!($stm && $stm->execute($values))) { $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); @@ -324,7 +374,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $sql = 'UPDATE `' . $this->prefix . 'feed` ' . 'SET cache_nbUnreads=cache_nbUnreads-' . $affected . ' WHERE id=?'; - $values = array($id); + $values = array($id_feed); $stm = $this->bd->prepare($sql); if (!($stm && $stm->execute($values))) { $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); @@ -338,7 +388,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { return $affected; } - public function searchByGuid($feed_id, $id) { + public function searchByGuid($id_feed, $guid) { // un guid est unique pour un flux donné $sql = 'SELECT id, guid, title, author, ' . ($this->isCompressed() ? 'UNCOMPRESS(content_bin) AS content' : 'content') @@ -347,8 +397,8 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $stm = $this->bd->prepare($sql); $values = array( - $feed_id, - $id + $id_feed, + $guid, ); $stm->execute($values); @@ -519,12 +569,52 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable { return $stm->fetchAll(PDO::FETCH_COLUMN, 0); } - public function listLastGuidsByFeed($id, $n) { - $sql = 'SELECT guid FROM `' . $this->prefix . 'entry` WHERE id_feed=? ORDER BY id DESC LIMIT ' . intval($n); + public function listHashForFeedGuids($id_feed, $guids) { + if (count($guids) < 1) { + return array(); + } + $sql = 'SELECT guid, hex(hash) AS hexHash FROM `' . $this->prefix . 'entry` WHERE id_feed=? AND guid IN (' . str_repeat('?,', count($guids) - 1). '?)'; $stm = $this->bd->prepare($sql); - $values = array($id); - $stm->execute($values); - return $stm->fetchAll(PDO::FETCH_COLUMN, 0); + $values = array($id_feed); + $values = array_merge($values, $guids); + if ($stm && $stm->execute($values)) { + $result = array(); + $rows = $stm->fetchAll(PDO::FETCH_ASSOC); + foreach ($rows as $row) { + $result[$row['guid']] = $row['hexHash']; + } + return $result; + } else { + + $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); + if ($this->autoAddColumn($info)) { + return $this->listHashForFeedGuids($id_feed, $guids); + } + Minz_Log::error('SQL error listHashForFeedGuids: ' . $info[0] . ': ' . $info[1] . ' ' . $info[2] + . ' while querying feed ' . $id_feed); + return false; + } + } + + public function updateLastSeen($id_feed, $guids) { + if (count($guids) < 1) { + return 0; + } + $sql = 'UPDATE `' . $this->prefix . 'entry` SET lastSeen=? WHERE id_feed=? AND guid IN (' . str_repeat('?,', count($guids) - 1). '?)'; + $stm = $this->bd->prepare($sql); + $values = array(time(), $id_feed); + $values = array_merge($values, $guids); + if ($stm && $stm->execute($values)) { + return $stm->rowCount(); + } else { + $info = $stm == null ? array(2 => 'syntax error') : $stm->errorInfo(); + if ($this->autoAddColumn($info)) { + return $this->updateLastSeen($id_feed, $guids); + } + Minz_Log::error('SQL error updateLastSeen: ' . $info[0] . ': ' . $info[1] . ' ' . $info[2] + . ' while updating feed ' . $id_feed); + return false; + } } public function countUnreadRead() { diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 5ce03be5d..27c83ffd5 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -255,6 +255,7 @@ class FreshRSS_Feed extends Minz_Model { $feed->__destruct(); //http://simplepie.org/wiki/faq/i_m_getting_memory_leaks unset($feed); + //TODO: Return a different information in case of cache/no-cache, and give access to the GUIDs in case of cache } } } diff --git a/app/SQL/install.sql.mysql.php b/app/SQL/install.sql.mysql.php index cf0159199..afdd821b2 100644 --- a/app/SQL/install.sql.mysql.php +++ b/app/SQL/install.sql.mysql.php @@ -15,7 +15,7 @@ CREATE TABLE IF NOT EXISTS `%1$sfeed` ( `name` varchar(255) NOT NULL, `website` varchar(255) CHARACTER SET latin1, `description` text, - `lastUpdate` int(11) DEFAULT 0, + `lastUpdate` int(11) DEFAULT 0, -- Until year 2038 `priority` tinyint(2) NOT NULL DEFAULT 10, `pathEntries` varchar(511) DEFAULT NULL, `httpAuth` varchar(511) DEFAULT NULL, @@ -40,7 +40,9 @@ CREATE TABLE IF NOT EXISTS `%1$sentry` ( `author` varchar(255), `content_bin` blob, -- v0.7 `link` varchar(1023) CHARACTER SET latin1 NOT NULL, - `date` int(11), + `date` int(11), -- Until year 2038 + `lastSeen` INT(11) NOT NULL, -- v1.2, Until year 2038 + `hash` BINARY(16), -- v1.2 `is_read` boolean NOT NULL DEFAULT 0, `is_favorite` boolean NOT NULL DEFAULT 0, `id_feed` SMALLINT, -- v0.7 @@ -50,6 +52,7 @@ CREATE TABLE IF NOT EXISTS `%1$sentry` ( UNIQUE KEY (`id_feed`,`guid`), -- v0.7 INDEX (`is_favorite`), -- v0.7 INDEX (`is_read`) -- v0.7 + INDEX entry_lastSeen_index (`lastSeen`) -- v1.2 ) DEFAULT CHARACTER SET utf8 COLLATE utf8_unicode_ci ENGINE = INNODB; diff --git a/app/SQL/install.sql.sqlite.php b/app/SQL/install.sql.sqlite.php index 30bca2810..7517ead45 100644 --- a/app/SQL/install.sql.sqlite.php +++ b/app/SQL/install.sql.sqlite.php @@ -14,7 +14,7 @@ $SQL_CREATE_TABLES = array( `name` varchar(255) NOT NULL, `website` varchar(255), `description` text, - `lastUpdate` int(11) DEFAULT 0, + `lastUpdate` int(11) DEFAULT 0, -- Until year 2038 `priority` tinyint(2) NOT NULL DEFAULT 10, `pathEntries` varchar(511) DEFAULT NULL, `httpAuth` varchar(511) DEFAULT NULL, @@ -38,7 +38,9 @@ $SQL_CREATE_TABLES = array( `author` varchar(255), `content` text, `link` varchar(1023) NOT NULL, - `date` int(11), + `date` int(11), -- Until year 2038 + `lastSeen` INT(11) NOT NULL, -- v1.2, Until year 2038 + `hash` BINARY(16), -- v1.2 `is_read` boolean NOT NULL DEFAULT 0, `is_favorite` boolean NOT NULL DEFAULT 0, `id_feed` SMALLINT, @@ -50,6 +52,7 @@ $SQL_CREATE_TABLES = array( 'CREATE INDEX IF NOT EXISTS entry_is_favorite_index ON `%1$sentry`(`is_favorite`);', 'CREATE INDEX IF NOT EXISTS entry_is_read_index ON `%1$sentry`(`is_read`);', +'CREATE INDEX IF NOT EXISTS entry_lastSeen_index ON `%1$sentry`(`lastSeen`);', //v1.2 'INSERT OR IGNORE INTO `%1$scategory` (id, name) VALUES(1, "%2$s");', ); diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e5fe73041..c6bdfde0e 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -38,7 +38,7 @@ function classAutoloader($class) { include(APP_PATH . '/Models/' . $components[1] . '.php'); return; case 3: //Controllers, Exceptions - @include(APP_PATH . '/' . $components[2] . 's/' . $components[1] . $components[2] . '.php'); + include(APP_PATH . '/' . $components[2] . 's/' . $components[1] . $components[2] . '.php'); return; } } elseif (strpos($class, 'Minz') === 0) { -- cgit v1.2.3 From 2d18910d02d92098257b96766e5b89a780daab0b Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 5 Apr 2015 12:41:16 +0200 Subject: Support for Internationalized Domain Names (IDN) https://github.com/FreshRSS/FreshRSS/issues/819 Add explicit conversion from IDN to Punycode. Requires PHP 5.3 IDN extension http://php.net/intl.idn (php5-idn package on Debian/Ubuntu). For systems without PHP 5.3+ IDN extension, we may consider adding a dependency (322 kB) to the third-party library https://phlymail.com/en/downloads/idna-convert.html See PHP bug 53474 FILTER_VALIDATE_URL should not fail URL's that use IDNhttps://bugs.php.net/bug.php?id=53474 --- README.fr.md | 2 +- README.md | 2 +- lib/lib_rss.php | 16 ++++++++++++++++ 3 files changed, 18 insertions(+), 2 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/README.fr.md b/README.fr.md index 380d7bc1e..ea5b07a9b 100644 --- a/README.fr.md +++ b/README.fr.md @@ -32,7 +32,7 @@ Privilégiez pour cela des demandes sur GitHub * Fonctionne même sur un Raspberry Pi avec des temps de réponse < 1s (testé sur 150 flux, 22k articles, soit 32Mo de données partiellement compressées) * Serveur Web Apache2 (recommandé), ou nginx, lighttpd (non testé sur les autres) * PHP 5.2.1+ (PHP 5.3.7+ recommandé) - * Requis : [PDO_MySQL](http://php.net/pdo-mysql) ou [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (seulement pour accès API sur platformes < 64 bits) + * Requis : [PDO_MySQL](http://php.net/pdo-mysql) ou [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (pour accès API sur platformes < 64 bits), [IDN](http://php.net/intl.idn) (pour les noms de domaines internationalisés) * Recommandés : [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [zlib](http://php.net/zlib), [Zip](http://php.net/zip) * MySQL 5.0.3+ (recommandé) ou SQLite 3.7.4+ * Un navigateur Web récent tel Firefox 4+, Chrome, Opera, Safari, Internet Explorer 9+ diff --git a/README.md b/README.md index a09a64639..92072b07d 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ The best way is to open issues on GitHub * It even works on Raspberry Pi with response time under a second (tested with 150 feeds, 22k articles, or 32Mo of compressed data) * A web server: Apache2 (recommanded), nginx, lighttpd (not tested on others) * PHP 5.2.1+ (PHP 5.3.7+ recommanded) - * Required extensions: [PDO_MySQL](http://php.net/pdo-mysql) or [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (only for API access on platforms under 64 bits) + * Required extensions: [PDO_MySQL](http://php.net/pdo-mysql) or [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (for API access on platforms < 64 bits), [IDN](http://php.net/intl.idn) (for Internationalized Domain Names) * Recommanded extensions : [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [zlib](http://php.net/zlib), [Zip](http://php.net/zip) * MySQL 5.0.3+ (recommanded) or SQLite 3.7.4+ * A recent browser like Firefox 4+, Chrome, Opera, Safari, Internet Explorer 9+ diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e5fe73041..bc5d6fc5b 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -51,6 +51,21 @@ function classAutoloader($class) { spl_autoload_register('classAutoloader'); // +function idn_to_punny($url) { + if (function_exists('idn_to_ascii')) { + $parts = parse_url($url); + if (!empty($parts['host'])) { + $idn = $parts['host']; + $punny = idn_to_ascii($idn); + $pos = strpos($url, $idn); + if ($pos !== false) { + return substr_replace($url, $punny, $pos, strlen($idn)); + } + } + } + return $url; +} + function checkUrl($url) { if (empty ($url)) { return ''; @@ -58,6 +73,7 @@ function checkUrl($url) { if (!preg_match ('#^https?://#i', $url)) { $url = 'http://' . $url; } + $url = idn_to_punny($url); //PHP bug #53474 IDN if (filter_var($url, FILTER_VALIDATE_URL) || (version_compare(PHP_VERSION, '5.3.3', '<') && (strpos($url, '-') > 0) && //PHP bug #51192 ($url === filter_var($url, FILTER_SANITIZE_URL)))) { -- cgit v1.2.3 From 06b76831dece01f836c9d0a3cc32c3f59910fe60 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 5 Apr 2015 13:07:34 +0200 Subject: Punycode spelling mistake https://github.com/FreshRSS/FreshRSS/pull/820 --- data/subscriptions/.gitignore | 1 + lib/lib_rss.php | 8 ++++---- 2 files changed, 5 insertions(+), 4 deletions(-) create mode 100644 data/subscriptions/.gitignore (limited to 'lib/lib_rss.php') diff --git a/data/subscriptions/.gitignore b/data/subscriptions/.gitignore new file mode 100644 index 000000000..150f68c80 --- /dev/null +++ b/data/subscriptions/.gitignore @@ -0,0 +1 @@ +*/* diff --git a/lib/lib_rss.php b/lib/lib_rss.php index bc5d6fc5b..c4f6a6011 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -51,15 +51,15 @@ function classAutoloader($class) { spl_autoload_register('classAutoloader'); // -function idn_to_punny($url) { +function idn_to_puny($url) { if (function_exists('idn_to_ascii')) { $parts = parse_url($url); if (!empty($parts['host'])) { $idn = $parts['host']; - $punny = idn_to_ascii($idn); + $puny = idn_to_ascii($idn); $pos = strpos($url, $idn); if ($pos !== false) { - return substr_replace($url, $punny, $pos, strlen($idn)); + return substr_replace($url, $puny, $pos, strlen($idn)); } } } @@ -73,7 +73,7 @@ function checkUrl($url) { if (!preg_match ('#^https?://#i', $url)) { $url = 'http://' . $url; } - $url = idn_to_punny($url); //PHP bug #53474 IDN + $url = idn_to_puny($url); //PHP bug #53474 IDN if (filter_var($url, FILTER_VALIDATE_URL) || (version_compare(PHP_VERSION, '5.3.3', '<') && (strpos($url, '-') > 0) && //PHP bug #51192 ($url === filter_var($url, FILTER_SANITIZE_URL)))) { -- cgit v1.2.3 From 256c8613a4046931dcd28ab22b6aebe8752a98c2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Fri, 15 May 2015 03:21:36 +0200 Subject: First draft of PubSubHubbub https://github.com/FreshRSS/FreshRSS/issues/312 Requires setting base_url in config.php. Currently using the filesystem (no change to the database) --- app/Controllers/feedController.php | 55 +++++++++++------ app/Models/Feed.php | 69 ++++++++++++++++++++- constants.php | 1 + data/PubSubHubbub/feeds/.gitignore | 1 + data/PubSubHubbub/feeds/README.md | 12 ++++ data/PubSubHubbub/secrets/.gitignore | 1 + data/PubSubHubbub/secrets/README.md | 4 ++ data/config.default.php | 8 ++- lib/lib_rss.php | 9 +++ p/api/pshb.php | 116 +++++++++++++++++++++++++++++++++++ 10 files changed, 252 insertions(+), 24 deletions(-) create mode 100644 data/PubSubHubbub/feeds/.gitignore create mode 100644 data/PubSubHubbub/feeds/README.md create mode 100644 data/PubSubHubbub/secrets/.gitignore create mode 100644 data/PubSubHubbub/secrets/README.md create mode 100644 p/api/pshb.php (limited to 'lib/lib_rss.php') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 0443b4159..9117da639 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -168,6 +168,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController { // Ok, feed has been added in database. Now we have to refresh entries. $feed->_id($id); $feed->faviconPrepare(); + $feed->pubSubHubbubPrepare(); $is_read = FreshRSS_Context::$user_conf->mark_when['reception'] ? 1 : 0; @@ -261,12 +262,13 @@ class FreshRSS_feed_Controller extends Minz_ActionController { * This action actualizes entries from one or several feeds. * * Parameters are: - * - id (default: false) + * - id (default: false): Feed ID + * - url (default: false): Feed URL * - force (default: false) - * If id is not specified, all the feeds are actualized. But if force is + * If id and url are not specified, all the feeds are actualized. But if force is * false, process stops at 10 feeds to avoid time execution problem. */ - public function actualizeAction() { + public function actualizeAction($simplePie = null) { @set_time_limit(300); $feedDAO = FreshRSS_Factory::createFeedDao(); @@ -274,14 +276,15 @@ class FreshRSS_feed_Controller extends Minz_ActionController { Minz_Session::_param('actualize_feeds', false); $id = Minz_Request::param('id'); + $url = Minz_Request::param('url'); $force = Minz_Request::param('force'); // Create a list of feeds to actualize. // If id is set and valid, corresponding feed is added to the list but // alone in order to automatize further process. $feeds = array(); - if ($id) { - $feed = $feedDAO->searchById($id); + if ($id || $url) { + $feed = $id ? $feedDAO->searchById($id) : $feedDAO->searchByUrl($url); if ($feed) { $feeds[] = $feed; } @@ -302,8 +305,11 @@ class FreshRSS_feed_Controller extends Minz_ActionController { } try { - // Load entries - $feed->load(false); + if ($simplePie) { + $feed->loadEntries($simplePie); //Used by PubSubHubbub + } else { + $feed->load(false); + } } catch (FreshRSS_Feed_Exception $e) { Minz_Log::notice($e->getMessage()); $feedDAO->updateLastUpdate($feed->id(), true); @@ -404,7 +410,16 @@ class FreshRSS_feed_Controller extends Minz_ActionController { $feedDAO->updateFeed($feed->id(), array('url' => $feed->url())); } - $feed->faviconPrepare(); + if ($simplePie === null) { + $feed->faviconPrepare(); + if ($feed->url() === 'http://push-pub.appspot.com/feed') { + $secret = $feed->pubSubHubbubPrepare(); + if ($secret != '') { + Minz_Log::debug('PubSubHubbub subscribe ' . $feed->url()); + $feed->pubSubHubbubSubscribe(true, $secret); + } + } + } $feed->unlock(); $updated_feeds++; unset($feed); @@ -427,20 +442,20 @@ class FreshRSS_feed_Controller extends Minz_ActionController { Minz_Session::_param('notification', $notif); // No layout in ajax request. $this->view->_useLayout(false); - return; - } - - // Redirect to the main page with correct notification. - if ($updated_feeds === 1) { - $feed = reset($feeds); - Minz_Request::good(_t('feedback.sub.feed.actualized', $feed->name()), array( - 'params' => array('get' => 'f_' . $feed->id()) - )); - } elseif ($updated_feeds > 1) { - Minz_Request::good(_t('feedback.sub.feed.n_actualized', $updated_feeds), array()); } else { - Minz_Request::good(_t('feedback.sub.feed.no_refresh'), array()); + // Redirect to the main page with correct notification. + if ($updated_feeds === 1) { + $feed = reset($feeds); + Minz_Request::good(_t('feedback.sub.feed.actualized', $feed->name()), array( + 'params' => array('get' => 'f_' . $feed->id()) + )); + } elseif ($updated_feeds > 1) { + Minz_Request::good(_t('feedback.sub.feed.n_actualized', $updated_feeds), array()); + } else { + Minz_Request::good(_t('feedback.sub.feed.no_refresh'), array()); + } } + return $updated_feeds; } /** diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 85fb173ec..dcf083ea8 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -19,6 +19,8 @@ class FreshRSS_Feed extends Minz_Model { private $ttl = -2; private $hash = null; private $lockPath = ''; + private $hubUrl = ''; + private $selfUrl = ''; public function __construct($url, $validate=true) { if ($validate) { @@ -226,6 +228,11 @@ class FreshRSS_Feed extends Minz_Model { throw new FreshRSS_Feed_Exception(($errorMessage == '' ? 'Feed error' : $errorMessage) . ' [' . $url . ']'); } + $links = $feed->get_links('self'); + $this->selfUrl = isset($links[0]) ? $links[0] : null; + $links = $feed->get_links('hub'); + $this->hubUrl = isset($links[0]) ? $links[0] : null; + if ($loadDetails) { // si on a utilisé l'auto-discover, notre url va avoir changé $subscribe_url = $feed->subscribe_url(false); @@ -259,7 +266,7 @@ class FreshRSS_Feed extends Minz_Model { } } - private function loadEntries($feed) { + public function loadEntries($feed) { $entries = array(); foreach ($feed->get_items() as $item) { @@ -333,4 +340,64 @@ class FreshRSS_Feed extends Minz_Model { function unlock() { @unlink($this->lockPath); } + + // + + function pubSubHubbubPrepare() { + $secret = ''; + if (FreshRSS_Context::$system_conf->base_url && $this->hubUrl && $this->selfUrl) { + $path = PSHB_PATH . '/feeds/' . base64url_encode($this->selfUrl); + if (!file_exists($path . '/hub.txt')) { + @mkdir($path, 0777, true); + file_put_contents($path . '/hub.txt', $this->hubUrl); + $secret = sha1(FreshRSS_Context::$system_conf->salt . uniqid(mt_rand(), true)); + file_put_contents($path . '/secret.txt', $secret); + @mkdir(PSHB_PATH . '/secrets/'); + file_put_contents(PSHB_PATH . '/secrets/' . $secret . '.txt', base64url_encode($this->selfUrl)); + Minz_Log::notice('PubSubHubbub prepared for ' . $this->url); + file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . + 'PubSubHubbub prepared for ' . $this->url . "\n", FILE_APPEND); + } + $path .= '/' . base64url_encode($this->url); + $currentUser = Minz_Session::param('currentUser'); + if (ctype_alnum($currentUser) && !file_exists($path . '/' . $currentUser . '.txt')) { + @mkdir($path, 0777, true); + touch($path . '/' . $currentUser . '.txt'); + } + } + return $secret; + } + + //Parameter true to subscribe, false to unsubscribe. + function pubSubHubbubSubscribe($state, $secret = '') { + if (FreshRSS_Context::$system_conf->base_url && $this->hubUrl && $this->selfUrl) { + $callbackUrl = checkUrl(FreshRSS_Context::$system_conf->base_url . 'api/pshb.php?s=' . $secret); + if ($callbackUrl == '') { + return false; + } + + $ch = curl_init(); + curl_setopt_array($ch, array( + CURLOPT_URL => $this->hubUrl, + CURLOPT_FOLLOWLOCATION => true, + CURLOPT_RETURNTRANSFER => true, + CURLOPT_USERAGENT => _t('gen.freshrss') . '/' . FRESHRSS_VERSION . ' (' . PHP_OS . '; ' . FRESHRSS_WEBSITE . ')', + CURLOPT_POSTFIELDS => 'hub.verify=sync' + . '&hub.mode=' . ($state ? 'subscribe' : 'unsubscribe') + . '&hub.topic=' . urlencode($this->selfUrl) + . '&hub.callback=' . urlencode($callbackUrl) + ) + ); + $response = curl_exec($ch); + $info = curl_getinfo($ch); + + file_put_contents(USERS_PATH . '/_/log_pshb.txt', date('c') . "\t" . + 'PubSubHubbub ' . ($state ? 'subscribe' : 'unsubscribe') . ' to ' . $this->selfUrl . + ' with callback ' . $callbackUrl . ': ' . $info['http_code'] . ' ' . $response . "\n", FILE_APPEND); + return substr($info['http_code'], 0, 1) == '2'; + } + return false; + } + + // } diff --git a/constants.php b/constants.php index b20bf0710..5bb410e29 100644 --- a/constants.php +++ b/constants.php @@ -18,6 +18,7 @@ define('FRESHRSS_PATH', dirname(__FILE__)); define('UPDATE_FILENAME', DATA_PATH . '/update.php'); define('USERS_PATH', DATA_PATH . '/users'); define('CACHE_PATH', DATA_PATH . '/cache'); + define('PSHB_PATH', DATA_PATH . '/PubSubHubbub'); define('LIB_PATH', FRESHRSS_PATH . '/lib'); define('APP_PATH', FRESHRSS_PATH . '/app'); diff --git a/data/PubSubHubbub/feeds/.gitignore b/data/PubSubHubbub/feeds/.gitignore new file mode 100644 index 000000000..150f68c80 --- /dev/null +++ b/data/PubSubHubbub/feeds/.gitignore @@ -0,0 +1 @@ +*/* diff --git a/data/PubSubHubbub/feeds/README.md b/data/PubSubHubbub/feeds/README.md new file mode 100644 index 000000000..15fa8e521 --- /dev/null +++ b/data/PubSubHubbub/feeds/README.md @@ -0,0 +1,12 @@ +List of canonical URLS of the various feeds users have subscribed to. +Several feeds can share the same canonical URL (rel="self"). +Several users can have subscribed to the same feed. + +* ./base64url(canonicalUrl)/ + * ./secret.txt + * ./base64url(feedUrl1)/ + * ./user1.txt + * ./user2.txt + * ./base64url(feedUrl2)/ + * ./user3.txt + * ./user4.txt diff --git a/data/PubSubHubbub/secrets/.gitignore b/data/PubSubHubbub/secrets/.gitignore new file mode 100644 index 000000000..2211df63d --- /dev/null +++ b/data/PubSubHubbub/secrets/.gitignore @@ -0,0 +1 @@ +*.txt diff --git a/data/PubSubHubbub/secrets/README.md b/data/PubSubHubbub/secrets/README.md new file mode 100644 index 000000000..ad8158839 --- /dev/null +++ b/data/PubSubHubbub/secrets/README.md @@ -0,0 +1,4 @@ +List of secrets given to PubSubHubbub hubs + +* ./sha1(random + salt).txt + * base64url(canonicalUrl) diff --git a/data/config.default.php b/data/config.default.php index 8be203d36..80d331df7 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -11,9 +11,11 @@ return array( # Used to make crypto more unique. Generated during install. 'salt' => '', - # Leave empty for most cases. - # Ability to override the address of the FreshRSS instance, - # used when building absolute URLs. + # Specify address of the FreshRSS instance, + # used when building absolute URLs, e.g. for PubSubHubbub. + # Examples: + # https://example.net/FreshRSS/p/ + # https://freshrss.example.net/ 'base_url' => '', # Natural language of the user interface, e.g. `en`, `fr`. diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 6342011c8..191a58f35 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -446,3 +446,12 @@ function array_push_unique(&$array, $value) { function array_remove(&$array, $value) { $array = array_diff($array, array($value)); } + +//RFC 4648 +function base64url_encode($data) { + return strtr(rtrim(base64_encode($data), '='), '+/', '-_'); +} +//RFC 4648 +function base64url_decode($data) { + return base64_decode(strtr($data, '-_', '+/')); +} diff --git a/p/api/pshb.php b/p/api/pshb.php new file mode 100644 index 000000000..bcb8341b1 --- /dev/null +++ b/p/api/pshb.php @@ -0,0 +1,116 @@ + $_GET, '_POST' => $_POST, 'INPUT' => $ORIGINAL_INPUT), true)); + +$secret = isset($_GET['s']) ? substr($_GET['s'], 0, 128) : ''; +if (!ctype_xdigit($secret)) { + header('HTTP/1.1 422 Unprocessable Entity'); + die('Invalid feed secret format!'); +} +chdir(PSHB_PATH); +$canonical64 = @file_get_contents('secrets/' . $secret . '.txt'); +if ($canonical64 === false) { + header('HTTP/1.1 404 Not Found'); + logMe('Feed secret not found!: ' . $secret); + die('Feed secret not found!'); +} +$canonical64 = trim($canonical64); +if (!preg_match('/^[A-Za-z0-9_-]+$/D', $canonical64)) { + header('HTTP/1.1 500 Internal Server Error'); + logMe('Invalid secret reference!: ' . $canonical64); + die('Invalid secret reference!'); +} +$secret2 = @file_get_contents('feeds/' . $canonical64 . '/secret.txt'); +if ($secret2 === false) { + header('HTTP/1.1 404 Not Found'); + //@unlink('secrets/' . $secret . '.txt'); + logMe('Feed reverse secret not found!: ' . $canonical64); + die('Feed reverse secret not found!'); +} +if ($secret !== $secret2) { + header('HTTP/1.1 500 Internal Server Error'); + logMe('Invalid secret cross-check!: ' . $secret); + die('Invalid secret cross-check!'); +} +chdir('feeds/' . $canonical64); +$users = glob('*/*.txt', GLOB_NOSORT); +if (empty($users)) { + header('HTTP/1.1 410 Gone'); + logMe('Nobody is subscribed to this feed anymore!: ' . $canonical64); + die('Nobody is subscribed to this feed anymore!'); +} + +if (!empty($_REQUEST['hub_mode']) && $_REQUEST['hub_mode'] === 'subscribe') { + //TODO: hub_lease_seconds + exit(isset($_REQUEST['hub_challenge']) ? $_REQUEST['hub_challenge'] : ''); +} + +Minz_Configuration::register('system', DATA_PATH . '/config.php', DATA_PATH . '/config.default.php'); +$system_conf = Minz_Configuration::get('system'); +$system_conf->auth_type = 'none'; // avoid necessity to be logged in (not saved!) +Minz_Translate::init('en'); +Minz_Request::_param('ajax', true); +$feedController = new FreshRSS_feed_Controller(); + +$simplePie = customSimplePie(); +$simplePie->set_raw_data($ORIGINAL_INPUT); +$simplePie->init(); +unset($ORIGINAL_INPUT); + +$links = $simplePie->get_links('self'); +$self = isset($links[0]) ? $links[0] : null; + +if ($self !== base64url_decode($canonical64)) { + header('HTTP/1.1 422 Unprocessable Entity'); + logMe('Self URL does not match registered canonical URL!: ' . $self); + die('Self URL does not match registered canonical URL!'); +} +Minz_Request::_param('url', $self); + +$nb = 0; +foreach ($users as $userLine) { + $userLine = strtr($userLine, '\\', '/'); + $userInfos = explode('/', $userLine); + $feedUrl = isset($userInfos[0]) ? base64url_decode($userInfos[0]) : ''; + $username = isset($userInfos[1]) ? basename($userInfos[1], '.txt') : ''; + if (!file_exists(USERS_PATH . '/' . $username . '/config.php')) { + break; + } + + try { + Minz_Session::_param('currentUser', $username); + Minz_Configuration::register('user', + join_path(USERS_PATH, $username, 'config.php'), + join_path(USERS_PATH, '_', 'config.default.php')); + FreshRSS_Context::init(); + if ($feedController->actualizeAction($simplePie) > 0) { + $nb++; + } + } catch (Exception $e) { + logMe($e->getMessage()); + } +} + +$simplePie->__destruct(); +unset($simplePie); + +if ($nb === 0) { + header('HTTP/1.1 410 Gone'); + logMe('Nobody is subscribed to this feed anymore after all!: ' . $self); + die('Nobody is subscribed to this feed anymore after all!'); +} + +logMe($self . ' done: ' . $nb); +exit('Done: ' . $nb . "\n"); -- cgit v1.2.3 From c1398afe8c8d220ace5fc4ccac02953adddf18c5 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 4 Jul 2015 14:21:24 +0200 Subject: Full content img data-src https://github.com/FreshRSS/FreshRSS/issues/877 Quick fix while waiting for a new library to retrieve articles --- lib/lib_rss.php | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 191a58f35..c51b4e6de 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -195,17 +195,27 @@ function sanitizeHTML($data, $base = '') { /* permet de récupérer le contenu d'un article pour un flux qui n'est pas complet */ function get_content_by_parsing ($url, $path) { - require_once (LIB_PATH . '/lib_phpQuery.php'); + require_once(LIB_PATH . '/lib_phpQuery.php'); Minz_Log::notice('FreshRSS GET ' . SimplePie_Misc::url_remove_credentials($url)); - $html = file_get_contents ($url); + $html = file_get_contents($url); if ($html) { - $doc = phpQuery::newDocument ($html); - $content = $doc->find ($path); + $doc = phpQuery::newDocument($html); + $content = $doc->find($path); + + foreach (pq('img[data-src]') as $img) { + $imgP = pq($img); + $dataSrc = $imgP->attr('data-src'); + if (strlen($dataSrc) > 4) { + $imgP->attr('src', $dataSrc); + $imgP->removeAttr('data-src'); + } + } + return sanitizeHTML($content->__toString(), $url); } else { - throw new Exception (); + throw new Exception(); } } -- cgit v1.2.3 From fa432755cc9d0cc71be54d463bdfb7558d62c5f1 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 12 Jul 2015 12:16:56 +0200 Subject: Implement cURL options https://github.com/FreshRSS/FreshRSS/issues/897 Requires that https://github.com/FreshRSS/FreshRSS/pull/898 is merged first. --- CHANGELOG.md | 2 ++ data/config.default.php | 19 +++++++++++++++++-- lib/SimplePie/SimplePie/File.php | 1 - lib/lib_rss.php | 1 + 4 files changed, 20 insertions(+), 3 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/CHANGELOG.md b/CHANGELOG.md index 0ebfd50ac..23feda577 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,9 @@ * Features * Support for PubSubHubbub for instant notifications from compatible Web sites. [#312](https://github.com/FreshRSS/FreshRSS/issues/312) + * cURL options to use a proxy for retrieving feeds. [#897](https://github.com/FreshRSS/FreshRSS/issues/897) [#675](https://github.com/FreshRSS/FreshRSS/issues/675) * Security + * cURL options to verify or not SSL/TLS certificates (now enabled by default). [#897](https://github.com/FreshRSS/FreshRSS/issues/897) [#502](https://github.com/FreshRSS/FreshRSS/issues/502) * Support for SSL connection to MySQL. [#868](https://github.com/FreshRSS/FreshRSS/issues/868) * Workaround for browsers that have disabled support for `
`. [#880](https://github.com/FreshRSS/FreshRSS/issues/880) * UI diff --git a/data/config.default.php b/data/config.default.php index 97085df29..6a8300872 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -1,7 +1,7 @@ array( + # Options to disable SSL/TLS certificate check (e.g. for self-signed HTTPS) + //CURLOPT_SSL_VERIFYHOST => 0, + //CURLOPT_SSL_VERIFYPEER => false, + + # Options to use a proxy for retrieving feeds. + //CURLOPT_PROXYTYPE = CURLPROXY_HTTP, + //CURLOPT_PROXYAUTH = CURLAUTH_BASIC, + //CURLOPT_PROXY => '127.0.0.1', + //CURLOPT_PROXYPORT => 8080, + //CURLOPT_PROXYUSERPWD => 'user:password', + ), + 'db' => array( # Type of database: `sqlite` or `mysql`. diff --git a/lib/SimplePie/SimplePie/File.php b/lib/SimplePie/SimplePie/File.php index 1f9e3d502..90dac790a 100644 --- a/lib/SimplePie/SimplePie/File.php +++ b/lib/SimplePie/SimplePie/File.php @@ -113,7 +113,6 @@ class SimplePie_File curl_setopt($fp, CURLOPT_REFERER, $url); curl_setopt($fp, CURLOPT_USERAGENT, $useragent); curl_setopt($fp, CURLOPT_HTTPHEADER, $headers2); - curl_setopt($fp, CURLOPT_SSL_VERIFYPEER, false); //FreshRSS if (!ini_get('open_basedir') && !ini_get('safe_mode') && version_compare(SimplePie_Misc::get_curl_version(), '7.15.2', '>=')) { curl_setopt($fp, CURLOPT_FOLLOWLOCATION, 1); diff --git a/lib/lib_rss.php b/lib/lib_rss.php index c51b4e6de..0118e0f46 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -143,6 +143,7 @@ function customSimplePie() { $simplePie->set_cache_location(CACHE_PATH); $simplePie->set_cache_duration($limits['cache_duration']); $simplePie->set_timeout($limits['timeout']); + $simplePie->set_curl_options($system_conf->curl_options); $simplePie->strip_htmltags(array( 'base', 'blink', 'body', 'doctype', 'embed', 'font', 'form', 'frame', 'frameset', 'html', -- cgit v1.2.3 From 02c3546440f961018adc1e2c8e97c16f2aca18fc Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 22 Jul 2015 13:52:03 +0200 Subject: Registration action is handled and create a user See https://github.com/FreshRSS/FreshRSS/issues/679 --- app/Controllers/userController.php | 20 +++++++++++++++++--- app/views/auth/register.phtml | 7 +++++++ lib/lib_rss.php | 16 ++++++++++++++++ 3 files changed, 40 insertions(+), 3 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index c198d1328..46f4f434d 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -12,9 +12,14 @@ class FreshRSS_user_Controller extends Minz_ActionController { * This action is called before every other action in that class. It is * the common boiler plate for every action. It is triggered by the * underlying framework. + * + * @todo clean up the access condition. */ public function firstAction() { - if (!FreshRSS_Auth::hasAccess()) { + if (!FreshRSS_Auth::hasAccess() && !( + Minz_Request::actionName() === 'create' && + !max_registrations_reached() + )) { Minz_Error::error(403); } } @@ -111,11 +116,16 @@ class FreshRSS_user_Controller extends Minz_ActionController { * - new_user_name * - new_user_passwordPlain * - new_user_email + * - r (i.e. a redirection url, optional) * * @todo clean up this method. Idea: write a method to init a user with basic information. + * @todo handle r redirection in Minz_Request::forward directly? */ public function createAction() { - if (Minz_Request::isPost() && FreshRSS_Auth::hasAccess('admin')) { + if (Minz_Request::isPost() && ( + FreshRSS_Auth::hasAccess('admin') || + !max_registrations_reached() + )) { $db = FreshRSS_Context::$system_conf->db; require_once(APP_PATH . '/SQL/install.sql.' . $db['type'] . '.php'); @@ -186,7 +196,11 @@ class FreshRSS_user_Controller extends Minz_ActionController { Minz_Session::_param('notification', $notif); } - Minz_Request::forward(array('c' => 'user', 'a' => 'manage'), true); + $redirect_url = urldecode(Minz_Request::param('r', false, true)); + if (!$redirect_url) { + $redirect_url = array('c' => 'user', 'a' => 'manage'); + } + Minz_Request::forward($redirect_url, true); } /** diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index 31ab89d26..96c91f411 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -29,6 +29,13 @@
+ 'index', 'a' => 'index'), + 'php', true + )); + ?> +
diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 0118e0f46..c99e2c7e8 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -266,6 +266,22 @@ function listUsers() { } +/** + * Return if the maximum number of registrations has been reached. + * + * Note a max_regstrations of 0 means there is no limit. + * + * @return true if number of users >= max registrations, false else. + */ +function max_registrations_reached() { + $system_conf = Minz_Configuration::get('system'); + $limit_registrations = $system_conf->limits['max_registrations']; + $number_accounts = count(listUsers()); + + return $limit_registrations > 0 && $number_accounts >= $limit_registrations; +} + + /** * Register and return the configuration for a given user. * -- cgit v1.2.3 From 339e32424fa60fc0c99a4c10890abef139444f6d Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Thu, 23 Jul 2015 12:38:22 +0200 Subject: Add a simple test to detect if server is public If the server is not accessible by an external server, pubsubhubbub should be disable. See https://github.com/FreshRSS/FreshRSS/issues/865 --- app/install.php | 1 + lib/lib_rss.php | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) (limited to 'lib/lib_rss.php') diff --git a/app/install.php b/app/install.php index 3930a3d41..65138a683 100644 --- a/app/install.php +++ b/app/install.php @@ -229,6 +229,7 @@ function saveStep3() { 'prefix' => $_SESSION['bd_prefix'], 'pdo_options' => array(), ), + 'enable_pubsubhubbub' => server_is_public($base_url), ); @unlink(join_path(DATA_PATH, 'config.php')); //To avoid access-rights problems diff --git a/lib/lib_rss.php b/lib/lib_rss.php index c99e2c7e8..2a23fca45 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -83,6 +83,33 @@ function checkUrl($url) { } } + +/** + * Test if a given server address is publicly accessible. + * + * Note: for the moment it tests only if address is corresponding to a + * localhost address. + * + * @param $address the address to test, can be an IP or a URL. + * @return true if server is accessible, false else. + * @todo improve test with a more valid technique (e.g. test with an external server?) + */ +function server_is_public($address) { + $host = parse_url($address, PHP_URL_HOST); + + $is_public = !in_array($host, array( + '127.0.0.1', + 'localhost', + 'localhost.localdomain', + '[::1]', + 'localhost6', + 'localhost6.localdomain6', + )); + + return $is_public; +} + + function format_number($n, $precision = 0) { // number_format does not seem to be Unicode-compatible return str_replace(' ', ' ', //Espace fine insécable -- cgit v1.2.3 From d4a2f6e313f08167ab39f500024593c3e2b4aa5c Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 24 Jan 2016 10:18:45 +0100 Subject: Compatibility PHP 5.2 with array_replace_recursive https://github.com/FreshRSS/FreshRSS/issues/1055 https://github.com/FreshRSS/FreshRSS/pull/926 https://github.com/FreshRSS/FreshRSS/issues/923 --- lib/lib_rss.php | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 2a23fca45..4852f7217 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -15,6 +15,35 @@ if (!function_exists('json_encode')) { } } +if (!function_exists('array_replace_recursive')) { + function array_replace_recursive($array, $array1) { //http://php.net/manual/function.array-replace-recursive.php#92574 + function recurse($array, $array1) { + foreach ($array1 as $key => $value) { + if (!isset($array[$key]) || (isset($array[$key]) && !is_array($array[$key]))) { + $array[$key] = array(); //create new key in $array, if it is empty or not an array + } + if (is_array($value)) { + $value = recurse($array[$key], $value); // overwrite the value in the base array + } + $array[$key] = $value; + } + return $array; + } + // handle the arguments, merge one by one + $args = func_get_args(); + $array = $args[0]; + if (!is_array($array)) { + return $array; + } + for ($i = 1; $i < count($args); $i++) { + if (is_array($args[$i])) { + $array = recurse($array, $args[$i]); + } + } + return $array; + } +} + /** * Build a directory path by concatenating a list of directory names. * -- cgit v1.2.3 From af942739137cd1c95c052157c1f44ea6d605f4c3 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 25 Jan 2016 21:05:35 +0100 Subject: More PHP 5.2 install compatibility https://github.com/FreshRSS/FreshRSS/issues/1055 --- app/install.php | 6 +++--- lib/lib_rss.php | 24 ++++++++++++------------ 2 files changed, 15 insertions(+), 15 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/app/install.php b/app/install.php index 83526b60c..7ac1c4cec 100644 --- a/app/install.php +++ b/app/install.php @@ -130,7 +130,7 @@ function saveStep2() { $_SESSION['mail_login'] = filter_var(param('mail_login', ''), FILTER_VALIDATE_EMAIL); $password_plain = param('passwordPlain', false); - if ($password_plain !== false) { + if ($password_plain !== false && cryptAvailable()) { if (!function_exists('password_hash')) { include_once(LIB_PATH . '/password_compat.php'); } @@ -681,10 +681,10 @@ function printStep2() { } $auth_type = isset($_SESSION['auth_type']) ? $_SESSION['auth_type'] : ''; ?> - + - + diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 4852f7217..457fada3d 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -16,19 +16,19 @@ if (!function_exists('json_encode')) { } if (!function_exists('array_replace_recursive')) { - function array_replace_recursive($array, $array1) { //http://php.net/manual/function.array-replace-recursive.php#92574 - function recurse($array, $array1) { - foreach ($array1 as $key => $value) { - if (!isset($array[$key]) || (isset($array[$key]) && !is_array($array[$key]))) { - $array[$key] = array(); //create new key in $array, if it is empty or not an array - } - if (is_array($value)) { - $value = recurse($array[$key], $value); // overwrite the value in the base array - } - $array[$key] = $value; + function arr_recurse($array, $array1) { + foreach ($array1 as $key => $value) { + if (!isset($array[$key]) || (isset($array[$key]) && !is_array($array[$key]))) { + $array[$key] = array(); //create new key in $array, if it is empty or not an array } - return $array; + if (is_array($value)) { + $value = arr_recurse($array[$key], $value); // overwrite the value in the base array + } + $array[$key] = $value; } + return $array; + } + function array_replace_recursive($array, $array1) { //http://php.net/manual/function.array-replace-recursive.php#92574 // handle the arguments, merge one by one $args = func_get_args(); $array = $args[0]; @@ -37,7 +37,7 @@ if (!function_exists('array_replace_recursive')) { } for ($i = 1; $i < count($args); $i++) { if (is_array($args[$i])) { - $array = recurse($array, $args[$i]); + $array = arr_recurse($array, $args[$i]); } } return $array; -- cgit v1.2.3 From dfd0b9e9355c1e44e72b95583dd5e730f0ad5230 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Tue, 26 Jan 2016 19:34:23 +0100 Subject: Note about PHP 5.2 https://github.com/FreshRSS/FreshRSS/issues/1055 --- lib/lib_rss.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 457fada3d..b0189c162 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -15,7 +15,7 @@ if (!function_exists('json_encode')) { } } -if (!function_exists('array_replace_recursive')) { +if (!function_exists('array_replace_recursive')) { //PHP 5.2 function arr_recurse($array, $array1) { foreach ($array1 as $key => $value) { if (!isset($array[$key]) || (isset($array[$key]) && !is_array($array[$key]))) { -- cgit v1.2.3 From 86e113ba80c395b60fc016228b11dd56636a85d7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 17 Feb 2016 00:19:49 +0100 Subject: Filter-out img srcset for the time being https://github.com/FreshRSS/FreshRSS/issues/1077 --- lib/lib_rss.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index b0189c162..e7e59fe65 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -209,7 +209,7 @@ function customSimplePie() { $simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array( 'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', - 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless'))); + 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'srcset'))); $simplePie->add_attributes(array( 'img' => array('lazyload' => '', 'postpone' => ''), //http://www.w3.org/TR/resource-priorities/ 'audio' => array('lazyload' => '', 'postpone' => '', 'preload' => 'none'), -- cgit v1.2.3 From 5a80127140f78d13f762facb4017e5ada965eca6 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 21 Feb 2016 00:36:30 +0100 Subject: Filter out img sizes https://github.com/FreshRSS/FreshRSS/issues/1077 https://github.com/FreshRSS/FreshRSS/issues/1081 --- lib/lib_rss.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e7e59fe65..7d92b6fd7 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -209,7 +209,7 @@ function customSimplePie() { $simplePie->strip_attributes(array_merge($simplePie->strip_attributes, array( 'autoplay', 'onload', 'onunload', 'onclick', 'ondblclick', 'onmousedown', 'onmouseup', 'onmouseover', 'onmousemove', 'onmouseout', 'onfocus', 'onblur', - 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'srcset'))); + 'onkeypress', 'onkeydown', 'onkeyup', 'onselect', 'onchange', 'seamless', 'sizes', 'srcset'))); $simplePie->add_attributes(array( 'img' => array('lazyload' => '', 'postpone' => ''), //http://www.w3.org/TR/resource-priorities/ 'audio' => array('lazyload' => '', 'postpone' => '', 'preload' => 'none'), -- cgit v1.2.3 From 9adbd2ba9bfe885a4ccf4ec6ad99929e89cf6fb6 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 24 Feb 2016 21:16:21 +0100 Subject: json_decode fallback debug https://github.com/FreshRSS/FreshRSS/issues/1092 --- lib/lib_rss.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 7d92b6fd7..e74b26e3f 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -1,16 +1,16 @@ decode($var)); + function json_decode($var, $assoc) { + $JSON = new Services_JSON($assoc ? SERVICES_JSON_LOOSE_TYPE : 0); + return $JSON->decode($var, $assoc); } } if (!function_exists('json_encode')) { require_once('JSON.php'); function json_encode($var) { - $JSON = new Services_JSON; + $JSON = new Services_JSON(); return $JSON->encodeUnsafe($var); } } -- cgit v1.2.3 From bd47d14a536fee657a3ba2f7cfba9921567356b2 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Wed, 24 Feb 2016 21:20:37 +0100 Subject: json_decode fallback bug 2 --- lib/lib_rss.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/lib/lib_rss.php b/lib/lib_rss.php index e74b26e3f..a09960de0 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -1,9 +1,9 @@ decode($var, $assoc); + return $JSON->decode($var); } } -- cgit v1.2.3 From 9711f02db75006d622d75142d46c3c8d714c957f Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 28 Feb 2016 21:34:54 +0100 Subject: SimplePie Force HTTPS custom list domains Load from data/force-https.default.txt and data/force-https.txt Efficient tree structure to search the domains https://github.com/FreshRSS/FreshRSS/pull/1087 --- data/.gitignore | 1 + data/force-https.default.txt | 4 ++ data/force-https.txt | 3 -- lib/SimplePie/SimplePie.php | 14 ++++++ lib/SimplePie/SimplePie/Misc.php | 15 ------- lib/SimplePie/SimplePie/Sanitize.php | 85 +++++++++++++++++++++++++++++++++++- lib/lib_rss.php | 10 +++++ 7 files changed, 113 insertions(+), 19 deletions(-) create mode 100644 data/force-https.default.txt delete mode 100644 data/force-https.txt (limited to 'lib/lib_rss.php') diff --git a/data/.gitignore b/data/.gitignore index 20364e266..c2ed350a6 100644 --- a/data/.gitignore +++ b/data/.gitignore @@ -7,3 +7,4 @@ no-cache.txt *.lock.txt last_update.txt update.php +force-https.txt diff --git a/data/force-https.default.txt b/data/force-https.default.txt new file mode 100644 index 000000000..a1bddd549 --- /dev/null +++ b/data/force-https.default.txt @@ -0,0 +1,4 @@ +dailymotion.com +feedburner.com +tumblr.com +youtube.com diff --git a/data/force-https.txt b/data/force-https.txt deleted file mode 100644 index 3da802d01..000000000 --- a/data/force-https.txt +++ /dev/null @@ -1,3 +0,0 @@ -dailymotion.com -tumblr.com -youtube.com diff --git a/lib/SimplePie/SimplePie.php b/lib/SimplePie/SimplePie.php index 6c0962a9f..61bad4e9d 100644 --- a/lib/SimplePie/SimplePie.php +++ b/lib/SimplePie/SimplePie.php @@ -1123,6 +1123,7 @@ class SimplePie $this->strip_attributes(false); $this->add_attributes(false); $this->set_image_handler(false); + $this->set_https_domains(array()); } } @@ -1233,6 +1234,19 @@ class SimplePie $this->sanitize->set_url_replacements($element_attribute); } + /** + * Set the list of domains for which force HTTPS. + * @see SimplePie_Misc::https_url() + * FreshRSS + */ + public function set_https_domains($domains = array()) + { + if (is_array($domains)) + { + $this->sanitize->set_https_domains($domains); + } + } + /** * Set the handler to enable the display of cached images. * diff --git a/lib/SimplePie/SimplePie/Misc.php b/lib/SimplePie/SimplePie/Misc.php index b9d74f894..2d154cbcb 100644 --- a/lib/SimplePie/SimplePie/Misc.php +++ b/lib/SimplePie/SimplePie/Misc.php @@ -77,21 +77,6 @@ class SimplePie_Misc return $time; } - /** - * Force HTTPS for selected Web sites - * FreshRSS - */ - public static function https_url($url) - { - if (strtolower(substr($url, 0, 7)) === 'http://') - { - $domain = parse_url($url, PHP_URL_HOST); - return preg_replace('%^http://((?:[^/]*?\.)?(?:youtube|dailymotion|tumblr)\.com/)%i', 'https://$1', $url); - return substr_replace($url, 's', 4, 0); //Add the 's' to HTTPS - } - return $url; - } - public static function absolutize_url($relative, $base) { if (substr($relative, 0, 2) === '//') diff --git a/lib/SimplePie/SimplePie/Sanitize.php b/lib/SimplePie/SimplePie/Sanitize.php index fc916a259..b37aeec3d 100644 --- a/lib/SimplePie/SimplePie/Sanitize.php +++ b/lib/SimplePie/SimplePie/Sanitize.php @@ -73,6 +73,14 @@ class SimplePie_Sanitize var $force_fsockopen = false; var $replace_url_attributes = null; + /** + * List of domains for which force HTTPS. + * @see SimplePie_Misc::https_url() + * Array is tree split at DNS levels. Example array('biz' => true, 'com' => array('example' => true), 'example' => array('test') => array('www' => true)); + * FreshRSS + */ + var $https_domains = array('com' => array('youtube' => true)); + public function __construct() { // Set defaults @@ -242,6 +250,81 @@ class SimplePie_Sanitize $this->replace_url_attributes = (array) $element_attribute; } + /** + * Set the list of domains for which force HTTPS. + * @see SimplePie_Misc::https_url() + * Example array('biz', 'example.com', 'example.org', 'www.example.net'); + * FreshRSS + */ + public function set_https_domains($domains) + { + $this->https_domains = array(); + foreach ($domains as $domain) + { + $domain = trim($domain, ". \t\n\r\0\x0B"); + $segments = array_reverse(explode('.', $domain)); + if (count($segments) > 0) + { + $node =& $this->https_domains; + foreach ($segments as $segment) + {//Build a tree + if ($node === true) + { + break; + } + if (!isset($node[$segment])) + { + $node[$segment] = array(); + } + $node =& $node[$segment]; + } + $node = true; + } + } + } + + /** + * Check if the domain is in the list of forced HTTPS + * FreshRSS + */ + protected function is_https_domain($domain) + { + $domain = trim($domain, '. '); + $segments = array_reverse(explode('.', $domain)); + if (count($segments) > 0) + { + $node =& $this->https_domains; + foreach ($segments as $segment) + {//Explore the tree + if ($node === true) + { + return true; + } + if (isset($node[$segment])) + { + $node =& $node[$segment]; + } + else + { + break; + } + } + } + return false; + } + + /** + * Force HTTPS for selected Web sites + * FreshRSS + */ + protected function https_url($url) + { + return (strtolower(substr($url, 0, 7)) === 'http://') && + $this->is_https_domain(parse_url($url, PHP_URL_HOST)) ? + substr_replace($url, 's', 4, 0) : //Add the 's' to HTTPS + $url; + } + public function sanitize($data, $type, $base = '') { $data = trim($data); @@ -451,7 +534,7 @@ class SimplePie_Sanitize if ($element->hasAttribute($attribute)) { $value = $this->registry->call('Misc', 'absolutize_url', array($element->getAttribute($attribute), $this->base)); - $value = SimplePie_Misc::https_url($value); //FreshRSS + $value = $this->https_url($value); //FreshRSS if ($value) { $element->setAttribute($attribute, $value); diff --git a/lib/lib_rss.php b/lib/lib_rss.php index b0189c162..5092982aa 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -238,6 +238,16 @@ function customSimplePie() { 'src', ), )); + $https_domains = array(); + $force = @file(DATA_PATH . '/force-https.default.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (is_array($force)) { + $https_domains = array_merge($https_domains, $force); + } + $force = @file(DATA_PATH . '/force-https.txt', FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES); + if (is_array($force)) { + $https_domains = array_merge($https_domains, $force); + } + $simplePie->set_https_domains($https_domains); return $simplePie; } -- cgit v1.2.3 From b042d3a7728037db90a9306c61091be0a8ac42c4 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 23 Apr 2016 19:10:32 +0200 Subject: HTTP2 optimization Fast flush HTTP headers, push promise CSS. Requires PHP 5.3+ due to anonymous function. Do not load syles, scripts, and notifications for Ajax requests. https://github.com/FreshRSS/FreshRSS/issues/1089 --- README.fr.md | 2 +- README.md | 2 +- app/Controllers/indexController.php | 64 +++++++++++++++++++------------------ app/FreshRSS.php | 37 ++++++++++----------- app/Models/Themes.php | 4 --- app/layout/layout.phtml | 40 ++++++++++++----------- lib/Minz/Request.php | 5 ++- lib/Minz/Url.php | 12 ++++--- lib/lib_rss.php | 4 +++ 9 files changed, 89 insertions(+), 81 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/README.fr.md b/README.fr.md index 794b1a9e1..a173f0a75 100644 --- a/README.fr.md +++ b/README.fr.md @@ -33,7 +33,7 @@ Nous sommes une communauté amicale. * Serveur modeste, par exemple sous Linux ou Windows * Fonctionne même sur un Raspberry Pi 1 avec des temps de réponse < 1s (testé sur 150 flux, 22k articles) * Serveur Web Apache2 (recommandé), ou nginx, lighttpd (non testé sur les autres) -* PHP 5.2.1+ (PHP 5.3.7+ recommandé, et PHP 5.5+ pour les performances) (support bêta de PHP 7 avec encore meilleures performances) +* PHP 5.3+ (PHP 5.3.7+ recommandé, et PHP 5.5+ pour les performances, et PHP 7+ pour d’encore meilleures performances) * Requis : [PDO_MySQL](http://php.net/pdo-mysql) ou [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (pour accès API sur plateformes < 64 bits), [IDN](http://php.net/intl.idn) (pour les noms de domaines internationalisés) * Recommandés : [iconv](http://php.net/iconv), [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [Zip](http://php.net/zip), [zlib](http://php.net/zlib) * Inclus par défaut : [DOM](http://php.net/dom), [XML](http://php.net/xml)… diff --git a/README.md b/README.md index 728204a38..4d3bb5c4c 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,7 @@ We are a friendly community. * Light server running Linux or Windows * It even works on Raspberry Pi 1 with response time under a second (tested with 150 feeds, 22k articles) * A web server: Apache2 (recommended), nginx, lighttpd (not tested on others) -* PHP 5.2.1+ (PHP 5.3.7+ recommended, and PHP 5.5+ for performance) (beta support for PHP 7 with even higher performance) +* PHP 5.3+ (PHP 5.3.7+ recommended, and PHP 5.5+ for performance, and PHP 7 for even higher performance) * Required extensions: [PDO_MySQL](http://php.net/pdo-mysql) or [PDO_SQLite](http://php.net/pdo-sqlite), [cURL](http://php.net/curl), [GMP](http://php.net/gmp) (for API access on platforms < 64 bits), [IDN](http://php.net/intl.idn) (for Internationalized Domain Names) * Recommended extensions: [iconv](http://php.net/iconv), [JSON](http://php.net/json), [mbstring](http://php.net/mbstring), [Zip](http://php.net/zip), [zlib](http://php.net/zlib) * Enabled by default: [DOM](http://php.net/dom), [XML](http://php.net/xml)… diff --git a/app/Controllers/indexController.php b/app/Controllers/indexController.php index baaf99065..7e626720e 100755 --- a/app/Controllers/indexController.php +++ b/app/Controllers/indexController.php @@ -32,42 +32,44 @@ class FreshRSS_index_Controller extends Minz_ActionController { Minz_Error::error(404); } - try { - $entries = $this->listEntriesByContext(); - - $nb_entries = count($entries); - if ($nb_entries > FreshRSS_Context::$number) { - // We have more elements for pagination - $last_entry = array_pop($entries); - FreshRSS_Context::$next_id = $last_entry->id(); - } + $this->view->callbackBeforeContent = function() { + try { + $entries = $this->listEntriesByContext(); + + $nb_entries = count($entries); + if ($nb_entries > FreshRSS_Context::$number) { + // We have more elements for pagination + $last_entry = array_pop($entries); + FreshRSS_Context::$next_id = $last_entry->id(); + } - $first_entry = $nb_entries > 0 ? $entries[0] : null; - FreshRSS_Context::$id_max = $first_entry === null ? - (time() - 1) . '000000' : - $first_entry->id(); - if (FreshRSS_Context::$order === 'ASC') { - // In this case we do not know but we guess id_max - $id_max = (time() - 1) . '000000'; - if (strcmp($id_max, FreshRSS_Context::$id_max) > 0) { - FreshRSS_Context::$id_max = $id_max; + $first_entry = $nb_entries > 0 ? $entries[0] : null; + FreshRSS_Context::$id_max = $first_entry === null ? + (time() - 1) . '000000' : + $first_entry->id(); + if (FreshRSS_Context::$order === 'ASC') { + // In this case we do not know but we guess id_max + $id_max = (time() - 1) . '000000'; + if (strcmp($id_max, FreshRSS_Context::$id_max) > 0) { + FreshRSS_Context::$id_max = $id_max; + } } - } - $this->view->entries = $entries; - } catch (FreshRSS_EntriesGetter_Exception $e) { - Minz_Log::notice($e->getMessage()); - Minz_Error::error(404); - } + $this->view->entries = $entries; + } catch (FreshRSS_EntriesGetter_Exception $e) { + Minz_Log::notice($e->getMessage()); + Minz_Error::error(404); + } - $this->view->categories = FreshRSS_Context::$categories; + $this->view->categories = FreshRSS_Context::$categories; - $this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title(); - $title = FreshRSS_Context::$name; - if (FreshRSS_Context::$get_unread > 0) { - $title = '(' . FreshRSS_Context::$get_unread . ') ' . $title; - } - Minz_View::prependTitle($title . ' · '); + $this->view->rss_title = FreshRSS_Context::$name . ' | ' . Minz_View::title(); + $title = FreshRSS_Context::$name; + if (FreshRSS_Context::$get_unread > 0) { + $title = '(' . FreshRSS_Context::$get_unread . ') ' . $title; + } + Minz_View::prependTitle($title . ' · '); + }; } /** diff --git a/app/FreshRSS.php b/app/FreshRSS.php index bafa970da..562d8e2cd 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -34,7 +34,7 @@ class FreshRSS extends Minz_FrontController { // Auth has to be initialized before using currentUser session parameter // because it's this part which create this parameter. - $this->initAuth(); + self::initAuth(); // Then, register the user configuration and use the configuration setter // created above. @@ -46,10 +46,7 @@ class FreshRSS extends Minz_FrontController { // Finish to initialize the other FreshRSS / Minz components. FreshRSS_Context::init(); - $this->initI18n(); - FreshRSS_Share::load(join_path(DATA_PATH, 'shares.php')); - $this->loadStylesAndScripts(); - $this->loadNotifications(); + self::initI18n(); // Enable extensions for the current (logged) user. if (FreshRSS_Auth::hasAccess()) { $ext_list = FreshRSS_Context::$user_conf->extensions_enabled; @@ -57,7 +54,7 @@ class FreshRSS extends Minz_FrontController { } } - private function initAuth() { + private static function initAuth() { FreshRSS_Auth::init(); if (Minz_Request::isPost() && !is_referer_from_same_domain()) { // Basic protection against XSRF attacks @@ -74,12 +71,12 @@ class FreshRSS extends Minz_FrontController { } } - private function initI18n() { + private static function initI18n() { Minz_Session::_param('language', FreshRSS_Context::$user_conf->language); Minz_Translate::init(FreshRSS_Context::$user_conf->language); } - private function loadStylesAndScripts() { + private static function loadStylesAndScripts() { $theme = FreshRSS_Themes::load(FreshRSS_Context::$user_conf->theme); if ($theme) { foreach($theme['files'] as $file) { @@ -91,9 +88,9 @@ class FreshRSS extends Minz_FrontController { $filename = $file; } $filetime = @filemtime(PUBLIC_PATH . '/themes/' . $theme_id . '/' . $filename); - Minz_View::appendStyle(Minz_Url::display( - '/themes/' . $theme_id . '/' . $filename . '?' . $filetime - )); + $url = '/themes/' . $theme_id . '/' . $filename . '?' . $filetime; + header('Link: <' . Minz_Url::display($url, '', 'root') . '>;rel=preload', false); //HTTP2 + Minz_View::appendStyle(Minz_Url::display($url)); } } @@ -110,6 +107,14 @@ class FreshRSS extends Minz_FrontController { } } + private static function loadNotifications() { + $notif = Minz_Session::param('notification'); + if ($notif) { + Minz_View::_param('notification', $notif); + Minz_Session::_param('notification'); + } + } + public static function preLayout() { switch (Minz_Request::controllerName()) { case 'index': @@ -123,13 +128,9 @@ class FreshRSS extends Minz_FrontController { break; } header("X-Content-Type-Options: nosniff"); - } - private function loadNotifications() { - $notif = Minz_Session::param('notification'); - if ($notif) { - Minz_View::_param('notification', $notif); - Minz_Session::_param('notification'); - } + FreshRSS_Share::load(join_path(DATA_PATH, 'shares.php')); + self::loadStylesAndScripts(); + self::loadNotifications(); } } diff --git a/app/Models/Themes.php b/app/Models/Themes.php index e3b260261..5a6ec0a05 100644 --- a/app/Models/Themes.php +++ b/app/Models/Themes.php @@ -116,7 +116,3 @@ class FreshRSS_Themes extends Minz_Model { '' . $alts[$name] . ''; } } - -function _i($icon, $url_only = false) { - return FreshRSS_Themes::icon($icon, $url_only); -} diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index 99a3717bc..6906fa05f 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -1,17 +1,32 @@ - + - + + + + + + + + + + + +callbackBeforeContent)) { + call_user_func($this->callbackBeforeContent); + } +?> + - - - rss_title)) { + } if (isset($this->rss_title)) { $url_rss = $url_base; $url_rss['a'] = 'rss'; ?> - - - - - - - - - - -allow_robots) { ?> +allow_robots) { ?> diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 81457df9e..f80b707d6 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -137,12 +137,11 @@ class Minz_Request { /** * Return the base_url from configuration and add a suffix if given. * - * @param $base_url_suffix a string to add at base_url (default: empty string) * @return the base_url with a suffix. */ - public static function getBaseUrl($base_url_suffix = '') { + public static function getBaseUrl() { $conf = Minz_Configuration::get('system'); - $url = rtrim($conf->base_url, '/\\') . $base_url_suffix; + $url = rtrim($conf->base_url, '/\\'); return filter_var($url, FILTER_SANITIZE_URL); } diff --git a/lib/Minz/Url.php b/lib/Minz/Url.php index 382437e9a..c7c67123e 100644 --- a/lib/Minz/Url.php +++ b/lib/Minz/Url.php @@ -24,11 +24,15 @@ class Minz_Url { $url_string = ''; if ($absolute) { - $url_string = Minz_Request::getBaseUrl(PUBLIC_TO_INDEX_PATH); - if ($url_string === PUBLIC_TO_INDEX_PATH) { + $url_string = Minz_Request::getBaseUrl(); + if ($url_string == '') { $url_string = Minz_Request::guessBaseUrl(); - } else { - $url_string .= '/'; + } + if ($isArray) { + $url_string .= PUBLIC_TO_INDEX_PATH; + } + if ($absolute === 'root') { + $url_string = parse_url($url_string, PHP_URL_PATH); } } else { $url_string = $isArray ? '.' : PUBLIC_RELATIVE; diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 135115ea5..f89baf9b1 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -548,3 +548,7 @@ function base64url_encode($data) { function base64url_decode($data) { return base64_decode(strtr($data, '-_', '+/')); } + +function _i($icon, $url_only = false) { + return FreshRSS_Themes::icon($icon, $url_only); +} -- cgit v1.2.3 From c1548e732d7472c40473b3d99858059333a05eae Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sun, 31 Jul 2016 14:58:19 +0200 Subject: Remove Mozilla Persona login https://github.com/FreshRSS/FreshRSS/issues/1052 --- README.fr.md | 3 +- README.md | 3 +- app/Controllers/authController.php | 152 +------------------------------- app/Controllers/userController.php | 25 ------ app/FreshRSS.php | 8 -- app/Models/Auth.php | 18 +--- app/Models/ConfigurationSetter.php | 7 +- app/i18n/cz/admin.php | 6 -- app/i18n/cz/conf.php | 1 - app/i18n/cz/feedback.php | 1 - app/i18n/cz/gen.php | 3 - app/i18n/cz/install.php | 6 -- app/i18n/de/admin.php | 6 -- app/i18n/de/conf.php | 1 - app/i18n/de/feedback.php | 1 - app/i18n/de/gen.php | 3 - app/i18n/de/install.php | 6 -- app/i18n/en/admin.php | 6 -- app/i18n/en/conf.php | 1 - app/i18n/en/feedback.php | 1 - app/i18n/en/gen.php | 3 - app/i18n/en/install.php | 6 -- app/i18n/fr/admin.php | 6 -- app/i18n/fr/conf.php | 1 - app/i18n/fr/feedback.php | 1 - app/i18n/fr/gen.php | 3 - app/i18n/fr/install.php | 6 -- app/i18n/it/admin.php | 6 -- app/i18n/it/conf.php | 1 - app/i18n/it/feedback.php | 1 - app/i18n/it/gen.php | 3 - app/i18n/it/install.php | 6 -- app/i18n/nl/admin.php | 6 -- app/i18n/nl/conf.php | 1 - app/i18n/nl/feedback.php | 1 - app/i18n/nl/gen.php | 3 - app/i18n/nl/install.php | 6 -- app/i18n/ru/admin.php | 6 -- app/i18n/ru/conf.php | 1 - app/i18n/ru/feedback.php | 1 - app/i18n/ru/gen.php | 3 - app/i18n/ru/install.php | 6 -- app/i18n/tr/admin.php | 6 -- app/i18n/tr/conf.php | 1 - app/i18n/tr/feedback.php | 1 - app/i18n/tr/gen.php | 3 - app/i18n/tr/install.php | 6 -- app/install.php | 45 +--------- app/views/auth/index.phtml | 3 +- app/views/auth/personaLogin.phtml | 28 ------ app/views/auth/register.phtml | 5 -- app/views/auth/reset.phtml | 33 ------- app/views/helpers/javascript_vars.phtml | 2 - app/views/user/manage.phtml | 8 -- app/views/user/profile.phtml | 9 -- data/config.default.php | 1 - data/users/_/config.default.php | 1 - lib/lib_rss.php | 1 - p/scripts/install.js | 8 +- p/scripts/persona.js | 76 ---------------- 60 files changed, 11 insertions(+), 561 deletions(-) delete mode 100644 app/views/auth/personaLogin.phtml delete mode 100644 app/views/auth/reset.phtml delete mode 100644 p/scripts/persona.js (limited to 'lib/lib_rss.php') diff --git a/README.fr.md b/README.fr.md index fd01a507b..067d6d1a1 100644 --- a/README.fr.md +++ b/README.fr.md @@ -89,7 +89,6 @@ sudo chmod -R g+w ./data/ # Contrôle d’accès Il est requis pour le mode multi-utilisateur, et recommandé dans tous les cas, de limiter l’accès à votre FreshRSS. Au choix : * En utilisant l’identification par formulaire (requiert JavaScript, et PHP 5.3.7+ recommandé – fonctionne avec certaines versions de PHP 5.3.3+) -* En utilisant l’identification par [Mozilla Persona](https://login.persona.org/about) incluse dans FreshRSS * En utilisant un contrôle d’accès HTTP défini par votre serveur Web * Voir par exemple la [documentation d’Apache sur l’authentification](http://httpd.apache.org/docs/trunk/howto/auth.html) * Créer dans ce cas un fichier `./p/i/.htaccess` avec un fichier `.htpasswd` correspondant. @@ -111,7 +110,7 @@ Par exemple, pour exécuter le script toutes les heures : * En cas de problème, les logs peuvent être utile à lire, soit depuis l’interface de FreshRSS, soit manuellement depuis `./data/log/*.log`. # Sauvegarde -* Il faut conserver vos fichiers `./data/config.php` ainsi que `./data/*_user.php` et éventuellement `./data/persona/` +* Il faut conserver vos fichiers `./data/config.php` ainsi que `./data/*_user.php` * Vous pouvez exporter votre liste de flux depuis FreshRSS au format OPML * Pour sauvegarder les articles eux-mêmes, vous pouvez utiliser [phpMyAdmin](http://www.phpmyadmin.net) ou les outils de MySQL : diff --git a/README.md b/README.md index a0d22a75c..76975adbd 100644 --- a/README.md +++ b/README.md @@ -89,7 +89,6 @@ sudo chmod -R g+w ./data/ # Access control It is needed for the multi-user mode to limit access to FreshRSS. You can: * use form authentication (need JavaScript and PHP 5.3.7+, works with some PHP 5.3.3+) -* use [Mozilla Persona](https://login.persona.org/about) authentication included in FreshRSS * use HTTP authentication supported by your web server * See [Apache documentation](http://httpd.apache.org/docs/trunk/howto/auth.html) * In that case, create a `./p/i/.htaccess` file with a matching `.htpasswd` file. @@ -111,7 +110,7 @@ For example, if you want to run the script every hour: * If you encounter any problem, logs are accessible from the interface or manually in `./data/log/*.log` files. # Backup -* You need to keep `./data/config.php`, `./data/*_user.php` and `./data/persona/` files +* You need to keep `./data/config.php`, and `./data/*_user.php` files * You can export your feed list in OPML format from FreshRSS * To save articles, you can use [phpMyAdmin](http://www.phpmyadmin.net) or MySQL tools: diff --git a/app/Controllers/authController.php b/app/Controllers/authController.php index f58b008de..9decba431 100644 --- a/app/Controllers/authController.php +++ b/app/Controllers/authController.php @@ -70,7 +70,7 @@ class FreshRSS_auth_Controller extends Minz_ActionController { /** * This action handles the login page. * - * It forwards to the correct login page (form or Persona) or main page if + * It forwards to the correct login page (form) or main page if * the user is already connected. */ public function loginAction() { @@ -83,9 +83,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController { case 'form': Minz_Request::forward(array('c' => 'auth', 'a' => 'formLogin')); break; - case 'persona': - Minz_Request::forward(array('c' => 'auth', 'a' => 'personaLogin')); - break; case 'http_auth': case 'none': // It should not happened! @@ -188,81 +185,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController { } } - /** - * This action handles Persona login page. - * - * If this action is reached through a POST request, assertion from Persona - * is verificated and user connected if all is ok. - * - * Parameter is: - * - assertion (default: false) - * - * @todo: Persona system should be moved to a plugin - */ - public function personaLoginAction() { - $this->view->res = false; - - if (Minz_Request::isPost()) { - $this->view->_useLayout(false); - - $assert = Minz_Request::param('assertion'); - $url = 'https://verifier.login.persona.org/verify'; - $params = 'assertion=' . $assert . '&audience=' . - urlencode(Minz_Url::display(null, 'php', true)); - $ch = curl_init(); - $options = array( - CURLOPT_URL => $url, - CURLOPT_RETURNTRANSFER => TRUE, - CURLOPT_POST => 2, - CURLOPT_POSTFIELDS => $params - ); - curl_setopt_array($ch, $options); - $result = curl_exec($ch); - curl_close($ch); - - $res = json_decode($result, true); - - $login_ok = false; - $reason = ''; - if ($res['status'] === 'okay') { - $email = filter_var($res['email'], FILTER_VALIDATE_EMAIL); - if ($email != '') { - $persona_file = DATA_PATH . '/persona/' . $email . '.txt'; - if (($current_user = @file_get_contents($persona_file)) !== false) { - $current_user = trim($current_user); - $conf = get_user_configuration($current_user); - if (!is_null($conf)) { - $login_ok = strcasecmp($email, $conf->mail_login) === 0; - } else { - $reason = 'Invalid configuration for user ' . - '[' . $current_user . ']'; - } - } - } else { - $reason = 'Invalid email format [' . $res['email'] . ']'; - } - } else { - $reason = $res['reason']; - } - - if ($login_ok) { - Minz_Session::_param('currentUser', $current_user); - Minz_Session::_param('mail', $email); - FreshRSS_Auth::giveAccess(); - invalidateHttpCache(); - } else { - Minz_Log::warning($reason); - - $res = array(); - $res['status'] = 'failure'; - $res['reason'] = _t('feedback.auth.login.invalid'); - } - - header('Content-Type: application/json; charset=UTF-8'); - $this->view->res = $res; - } - } - /** * This action removes all accesses of the current user. */ @@ -273,78 +195,6 @@ class FreshRSS_auth_Controller extends Minz_ActionController { array('c' => 'index', 'a' => 'index')); } - /** - * This action resets the authentication system. - * - * After reseting, form auth is set by default. - */ - public function resetAction() { - Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · '); - - Minz_View::appendScript(Minz_Url::display( - '/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js') - )); - - $this->view->no_form = false; - // Enable changement of auth only if Persona! - if (FreshRSS_Context::$system_conf->auth_type != 'persona') { - $this->view->message = array( - 'status' => 'bad', - 'title' => _t('gen.short.damn'), - 'body' => _t('feedback.auth.not_persona') - ); - $this->view->no_form = true; - return; - } - - $conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user); - if (is_null($conf)) { - return; - } - - // Admin user must have set its master password. - if (!$conf->passwordHash) { - $this->view->message = array( - 'status' => 'bad', - 'title' => _t('gen.short.damn'), - 'body' => _t('feedback.auth.no_password_set') - ); - $this->view->no_form = true; - return; - } - - invalidateHttpCache(); - - if (Minz_Request::isPost()) { - $nonce = Minz_Session::param('nonce'); - $username = Minz_Request::param('username', ''); - $challenge = Minz_Request::param('challenge', ''); - - $ok = FreshRSS_FormAuth::checkCredentials( - $username, $conf->passwordHash, $nonce, $challenge - ); - - if ($ok) { - FreshRSS_Context::$system_conf->auth_type = 'form'; - $ok = FreshRSS_Context::$system_conf->save(); - - if ($ok) { - Minz_Request::good(_t('feedback.auth.form.set')); - } else { - Minz_Request::bad(_t('feedback.auth.form.not_set'), - array('c' => 'auth', 'a' => 'reset')); - } - } else { - Minz_Log::warning('Password mismatch for' . - ' user=' . $username . - ', nonce=' . $nonce . - ', c=' . $challenge); - Minz_Request::bad(_t('feedback.auth.login.invalid'), - array('c' => 'auth', 'a' => 'reset')); - } - } - } - /** * This action gives possibility to a user to create an account. */ diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php index 1c7d621f1..0521bc008 100644 --- a/app/Controllers/userController.php +++ b/app/Controllers/userController.php @@ -64,21 +64,8 @@ class FreshRSS_user_Controller extends Minz_ActionController { FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash; } - // TODO: why do we need of hasAccess here? - if (FreshRSS_Auth::hasAccess('admin')) { - FreshRSS_Context::$user_conf->mail_login = Minz_Request::param('mail_login', '', true); - } - $email = FreshRSS_Context::$user_conf->mail_login; - Minz_Session::_param('mail', $email); - $ok &= FreshRSS_Context::$user_conf->save(); - if ($email != '') { - $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; - @unlink($personaFile); - $ok &= (file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false); - } - if ($ok) { Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile')); @@ -119,7 +106,6 @@ class FreshRSS_user_Controller extends Minz_ActionController { * - new_user_language * - new_user_name * - new_user_passwordPlain - * - new_user_email * - r (i.e. a redirection url, optional) * * @todo clean up this method. Idea: write a method to init a user with basic information. @@ -168,22 +154,12 @@ class FreshRSS_user_Controller extends Minz_ActionController { if (empty($passwordHash)) { $passwordHash = ''; } - - $new_user_email = filter_var($_POST['new_user_email'], FILTER_VALIDATE_EMAIL); - if (empty($new_user_email)) { - $new_user_email = ''; - } else { - $personaFile = join_path(DATA_PATH, 'persona', $new_user_email . '.txt'); - @unlink($personaFile); - $ok &= (file_put_contents($personaFile, $new_user_name) !== false); - } } if ($ok) { mkdir(join_path(DATA_PATH, 'users', $new_user_name)); $config_array = array( 'language' => $new_user_language, 'passwordHash' => $passwordHash, - 'mail_login' => $new_user_email, ); $ok &= (file_put_contents($configPath, "deleteUser($username); $ok &= recursive_unlink($user_data); - //TODO: delete Persona file } if ($ok && $self_deletion) { FreshRSS_Auth::removeAccess(); diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 4933892bc..20640266e 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -98,14 +98,6 @@ class FreshRSS extends Minz_FrontController { Minz_View::appendScript(Minz_Url::display('/scripts/jquery.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/jquery.min.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/shortcut.js?' . @filemtime(PUBLIC_PATH . '/scripts/shortcut.js'))); Minz_View::appendScript(Minz_Url::display('/scripts/main.js?' . @filemtime(PUBLIC_PATH . '/scripts/main.js'))); - - if (FreshRSS_Context::$system_conf->auth_type === 'persona') { - // TODO move it in a plugin - // Needed for login AND logout with Persona. - Minz_View::appendScript('https://login.persona.org/include.js'); - $file_mtime = @filemtime(PUBLIC_PATH . '/scripts/persona.js'); - Minz_View::appendScript(Minz_Url::display('/scripts/persona.js?' . $file_mtime)); - } } private static function loadNotifications() { diff --git a/app/Models/Auth.php b/app/Models/Auth.php index 4e7a71947..d689f7cdb 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -60,16 +60,6 @@ class FreshRSS_Auth { Minz_Session::_param('currentUser', $current_user); } return $login_ok; - case 'persona': - $email = filter_var(Minz_Session::param('mail'), FILTER_VALIDATE_EMAIL); - $persona_file = DATA_PATH . '/persona/' . $email . '.txt'; - if (($current_user = @file_get_contents($persona_file)) !== false) { - $current_user = trim($current_user); - Minz_Session::_param('currentUser', $current_user); - Minz_Session::_param('mail', $email); - return true; - } - return false; case 'none': return true; default: @@ -93,9 +83,6 @@ class FreshRSS_Auth { case 'http_auth': self::$login_ok = strcasecmp($current_user, httpAuthUser()) === 0; break; - case 'persona': - self::$login_ok = strcasecmp(Minz_Session::param('mail'), $user_conf->mail_login) === 0; - break; case 'none': self::$login_ok = true; break; @@ -143,9 +130,6 @@ class FreshRSS_Auth { Minz_Session::_param('passwordHash'); FreshRSS_FormAuth::deleteCookie(); break; - case 'persona': - Minz_Session::_param('mail'); - break; case 'http_auth': case 'none': // Nothing to do... @@ -170,7 +154,7 @@ class FreshRSS_Auth { public static function accessNeedsAction() { $conf = Minz_Configuration::get('system'); $auth_type = $conf->auth_type; - return $auth_type === 'form' || $auth_type === 'persona'; + return $auth_type === 'form'; } } diff --git a/app/Models/ConfigurationSetter.php b/app/Models/ConfigurationSetter.php index 250c14c39..e472b1e7f 100644 --- a/app/Models/ConfigurationSetter.php +++ b/app/Models/ConfigurationSetter.php @@ -95,11 +95,6 @@ class FreshRSS_ConfigurationSetter { $data['language'] = $value; } - private function _mail_login(&$data, $value) { - $value = filter_var($value, FILTER_VALIDATE_EMAIL); - $data['mail_login'] = $value ? $value : ''; - } - private function _old_entries(&$data, $value) { $value = intval($value); $data['old_entries'] = $value > 0 ? $value : 3; @@ -278,7 +273,7 @@ class FreshRSS_ConfigurationSetter { private function _auth_type(&$data, $value) { $value = strtolower($value); - if (!in_array($value, array('form', 'http_auth', 'persona', 'none'))) { + if (!in_array($value, array('form', 'http_auth', 'none'))) { $value = 'none'; } $data['auth_type'] = $value; diff --git a/app/i18n/cz/admin.php b/app/i18n/cz/admin.php index 342ac7ccd..881c02fc6 100644 --- a/app/i18n/cz/admin.php +++ b/app/i18n/cz/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Webový formulář (tradiční, vyžaduje JavaScript)', 'http' => 'HTTP (pro pokročilé uživatele s HTTPS)', 'none' => 'Žádný (nebezpečné)', - 'persona' => 'Mozilla Persona (moderní, vyžaduje JavaScript)', 'title' => 'Přihlášení', 'title_reset' => 'Reset přihlášení', 'token' => 'Authentizační token', @@ -75,10 +74,6 @@ return array( 'nok' => 'Nemáte PDO nebo některý z podporovaných ovladačů (pdo_mysql, pdo_sqlite).', 'ok' => 'Máte PDO a alespoň jeden z podporovaných ovladačů (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Zkontrolujte oprávnění adresáře ./data/persona. HTTP server musí mít do tohoto adresáře práva zápisu', - 'ok' => 'Oprávnění adresáře Mozilla Persona jsou v pořádku.', - ), 'php' => array( '_' => 'PHP instalace', 'nok' => 'Vaše verze PHP je %s, ale FreshRSS vyžaduje alespoň verzi %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s článků (%s)', 'create' => 'Vytvořit nového uživatele', - 'email_persona' => 'Email pro přihlášení
(pro Mozilla Persona)', 'language' => 'Jazyk', 'number' => 'Zatím je vytvořen %d účet', 'numbers' => 'Zatím je vytvořeno %d účtů', diff --git a/app/i18n/cz/conf.php b/app/i18n/cz/conf.php index 823ab1ea3..ec25f988c 100644 --- a/app/i18n/cz/conf.php +++ b/app/i18n/cz/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Smazání účtu', 'warn' => 'Váš účet bude smazán spolu se všemi souvisejícími daty', ), - 'email_persona' => 'Email pro přihlášení
(pro Mozilla Persona)', 'password_api' => 'Password API
(tzn. pro mobilní aplikace)', 'password_form' => 'Heslo
(pro přihlášení webovým formulářem)', 'password_format' => 'Alespoň 7 znaků', diff --git a/app/i18n/cz/feedback.php b/app/i18n/cz/feedback.php index b75a4a15a..81302afca 100644 --- a/app/i18n/cz/feedback.php +++ b/app/i18n/cz/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'Jste odhlášen', ), 'no_password_set' => 'Heslo administrátora nebylo nastaveno. Tato funkce není k dispozici.', - 'not_persona' => 'Resetovat lze pouze systém Persona.', ), 'conf' => array( 'error' => 'Během ukládání nastavení došlo k chybě', diff --git a/app/i18n/cz/gen.php b/app/i18n/cz/gen.php index 5e15ae6f9..e73325c55 100644 --- a/app/i18n/cz/gen.php +++ b/app/i18n/cz/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Email', 'keep_logged_in' => 'Zapamatovat přihlášení (1 měsíc)', 'login' => 'Login', - 'login_persona' => 'Přihlášení pomocí Persona', - 'login_persona_problem' => 'Problém s připojením k Persona?', 'logout' => 'Odhlášení', 'password' => array( '_' => 'Heslo', @@ -42,7 +40,6 @@ return array( 'admin' => 'Název administrátorského účtu', 'format' => 'maximálně 16 alfanumerických znaků', ), - 'will_reset' => 'Přihlašovací systém bude vyresetován: místo sytému Persona bude použito přihlášení formulářem.', ), 'date' => array( 'Apr' => '\\D\\u\\b\\e\\n', diff --git a/app/i18n/cz/install.php b/app/i18n/cz/install.php index bc3e01992..6b94c0d4b 100644 --- a/app/i18n/cz/install.php +++ b/app/i18n/cz/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Reinstalovat FreshRSS', ), 'auth' => array( - 'email_persona' => 'Email pro přihlášení
(pro Mozilla Persona)', 'form' => 'Webový formulář (tradiční, vyžaduje JavaScript)', 'http' => 'HTTP (pro pokročilé uživatele s HTTPS)', 'none' => 'Žádný (nebezpečné)', 'password_form' => 'Heslo
(pro přihlášení webovým formulářem)', 'password_format' => 'Alespoň 7 znaků', - 'persona' => 'Mozilla Persona (moderní, vyžaduje JavaScript)', 'type' => 'Způsob přihlášení', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'Nemáte PDO nebo některý z podporovaných ovladačů (pdo_mysql, pdo_sqlite).', 'ok' => 'Máte PDO a alespoň jeden z podporovaných ovladačů (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Zkontrolujte oprávnění adresáře ./data/persona. HTTP server musí mít do tohoto adresáře práva zápisu', - 'ok' => 'Oprávnění adresáře Mozilla Persona jsou v pořádku.', - ), 'php' => array( 'nok' => 'Vaše verze PHP je %s, ale FreshRSS vyžaduje alespoň verzi %s.', 'ok' => 'Vaše verze PHP je %s a je kompatibilní s FreshRSS.', diff --git a/app/i18n/de/admin.php b/app/i18n/de/admin.php index 6e6cc0956..7b75fe5f4 100644 --- a/app/i18n/de/admin.php +++ b/app/i18n/de/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Webformular (traditionell, benötigt JavaScript)', 'http' => 'HTTP (HTTPS für erfahrene Benutzer)', 'none' => 'Keine (gefährlich)', - 'persona' => 'Mozilla Persona (modern, benötigt JavaScript)', 'title' => 'Authentifizierung', 'title_reset' => 'Zurücksetzen der Authentifizierung', 'token' => 'Authentifizierungs-Token', @@ -75,10 +74,6 @@ return array( 'nok' => 'Ihnen fehlt PDO oder einer der unterstützten Treiber (pdo_mysql, pdo_sqlite).', 'ok' => 'Sie haben PDO und mindestens einen der unterstützten Treiber (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Überprüfen Sie die Berechtigungen des Verzeichnisses ./data/persona. Der HTTP-Server muss Schreibrechte besitzen.', - 'ok' => 'Die Berechtigungen des Verzeichnisses ./data/persona sind in Ordnung.', - ), 'php' => array( '_' => 'PHP-Installation', 'nok' => 'Ihre PHP-Version ist %s aber FreshRSS benötigt mindestens Version %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s Artikel (%s)', 'create' => 'Neuen Benutzer erstellen', - 'email_persona' => 'Anmelde-E-Mail-Adresse
(für Mozilla Persona)', 'language' => 'Sprache', 'number' => 'Es wurde bis jetzt %d Account erstellt', 'numbers' => 'Es wurden bis jetzt %d Accounts erstellt', diff --git a/app/i18n/de/conf.php b/app/i18n/de/conf.php index c1a762f12..7c57d5655 100644 --- a/app/i18n/de/conf.php +++ b/app/i18n/de/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Accountlöschung', 'warn' => 'Dein Account und alle damit bezogenen Daten werden gelöscht.', ), - 'email_persona' => 'Anmelde-E-Mail-Adresse
(für Mozilla Persona)', 'password_api' => 'Passwort-API
(z. B. für mobile Anwendungen)', 'password_form' => 'Passwort
(für die Anmeldemethode per Webformular)', 'password_format' => 'mindestens 7 Zeichen', diff --git a/app/i18n/de/feedback.php b/app/i18n/de/feedback.php index 4c15aadc3..f93992982 100644 --- a/app/i18n/de/feedback.php +++ b/app/i18n/de/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'Sie sind abgemeldet', ), 'no_password_set' => 'Administrator-Passwort ist nicht gesetzt worden. Dieses Feature ist nicht verfügbar.', - 'not_persona' => 'Nur das Persona-System kann zurückgesetzt werden.', ), 'conf' => array( 'error' => 'Während der Speicherung der Konfiguration trat ein Fehler auf', diff --git a/app/i18n/de/gen.php b/app/i18n/de/gen.php index 4b85c722a..c6e7f1ef3 100644 --- a/app/i18n/de/gen.php +++ b/app/i18n/de/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'E-Mail-Adresse', 'keep_logged_in' => 'Eingeloggt bleiben (1 Monat)', 'login' => 'Anmelden', - 'login_persona' => 'Anmelden mit Persona', - 'login_persona_problem' => 'Verbindungsproblem mit Persona?', 'logout' => 'Abmelden', 'password' => array( '_' => 'Passwort', @@ -42,7 +40,6 @@ return array( 'admin' => 'Administrator-Nutzername', 'format' => 'maximal 16 alphanumerische Zeichen', ), - 'will_reset' => 'Authentifikationssystem wird zurückgesetzt: ein Formular wird anstelle von Persona benutzt.', ), 'date' => array( 'Apr' => '\\A\\p\\r\\i\\l', diff --git a/app/i18n/de/install.php b/app/i18n/de/install.php index d16496818..a77822e7b 100644 --- a/app/i18n/de/install.php +++ b/app/i18n/de/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Neuinstallation von FreshRSS', ), 'auth' => array( - 'email_persona' => 'Anmelde-E-Mail-Adresse
(für Mozilla Persona)', 'form' => 'Webformular (traditionell, benötigt JavaScript)', 'http' => 'HTTP (HTTPS für erfahrene Benutzer)', 'none' => 'Keine (gefährlich)', 'password_form' => 'Passwort
(für die Anmeldemethode per Webformular)', 'password_format' => 'mindestens 7 Zeichen', - 'persona' => 'Mozilla Persona (modern, benötigt JavaScript)', 'type' => 'Authentifizierungsmethode', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'Ihnen fehlt PDO oder einer der unterstützten Treiber (pdo_mysql, pdo_sqlite).', 'ok' => 'Sie haben PDO und mindestens einen der unterstützten Treiber (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Überprüfen Sie die Berechtigungen des Verzeichnisses ./data/persona. Der HTTP-Server muss Schreibrechte besitzen.', - 'ok' => 'Die Berechtigungen des Verzeichnisses ./data/persona sind in Ordnung.', - ), 'php' => array( 'nok' => 'Ihre PHP-Version ist %s aber FreshRSS benötigt mindestens Version %s.', 'ok' => 'Ihre PHP-Version ist %s, welche kompatibel mit FreshRSS ist.', diff --git a/app/i18n/en/admin.php b/app/i18n/en/admin.php index a58771edf..a88552087 100644 --- a/app/i18n/en/admin.php +++ b/app/i18n/en/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Web form (traditional, requires JavaScript)', 'http' => 'HTTP (for advanced users with HTTPS)', 'none' => 'None (dangerous)', - 'persona' => 'Mozilla Persona (modern, requires JavaScript)', 'title' => 'Authentication', 'title_reset' => 'Authentication reset', 'token' => 'Authentication token', @@ -75,10 +74,6 @@ return array( 'nok' => 'You lack PDO or one of the supported drivers (pdo_mysql, pdo_sqlite).', 'ok' => 'You have PDO and at least one of the supported drivers (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Check permissions on ./data/persona directory. HTTP server must have rights to write into', - 'ok' => 'Permissions on Mozilla Persona directory are good.', - ), 'php' => array( '_' => 'PHP installation', 'nok' => 'Your PHP version is %s but FreshRSS requires at least version %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s articles (%s)', 'create' => 'Create new user', - 'email_persona' => 'Login mail address
(for Mozilla Persona)', 'language' => 'Language', 'number' => 'There is %d account created yet', 'numbers' => 'There are %d accounts created yet', diff --git a/app/i18n/en/conf.php b/app/i18n/en/conf.php index 38e9197e9..b5ab73510 100644 --- a/app/i18n/en/conf.php +++ b/app/i18n/en/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Account deletion', 'warn' => 'Your account and all the related data will be deleted.', ), - 'email_persona' => 'Login email address
(for Mozilla Persona)', 'password_api' => 'API password
(e.g., for mobile apps)', 'password_form' => 'Password
(for the Web-form login method)', 'password_format' => 'At least 7 characters', diff --git a/app/i18n/en/feedback.php b/app/i18n/en/feedback.php index c9189c0d0..7ce2ae9cf 100644 --- a/app/i18n/en/feedback.php +++ b/app/i18n/en/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'You are disconnected', ), 'no_password_set' => 'Administrator password hasn’t been set. This feature isn’t available.', - 'not_persona' => 'Only Persona system can be reset.', ), 'conf' => array( 'error' => 'An error occurred during configuration saving', diff --git a/app/i18n/en/gen.php b/app/i18n/en/gen.php index ba4e2f86c..17b47ba2f 100644 --- a/app/i18n/en/gen.php +++ b/app/i18n/en/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Email address', 'keep_logged_in' => 'Keep me logged in (1 month)', 'login' => 'Login', - 'login_persona' => 'Login with Persona', - 'login_persona_problem' => 'Connection problem with Persona?', 'logout' => 'Logout', 'password' => array( '_' => 'Password', @@ -42,7 +40,6 @@ return array( 'admin' => 'Administrator username', 'format' => 'maximum 16 alphanumeric characters', ), - 'will_reset' => 'Authentication system will be reset: a form will be used instead of Persona.', ), 'date' => array( 'Apr' => '\\A\\p\\r\\i\\l', diff --git a/app/i18n/en/install.php b/app/i18n/en/install.php index 4b5bbc62e..d1c5f37c8 100644 --- a/app/i18n/en/install.php +++ b/app/i18n/en/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Reinstall FreshRSS', ), 'auth' => array( - 'email_persona' => 'Login email address
(for Mozilla Persona)', 'form' => 'Web form (traditional, requires JavaScript)', 'http' => 'HTTP (for advanced users with HTTPS)', 'none' => 'None (dangerous)', 'password_form' => 'Password
(for the Web-form login method)', 'password_format' => 'At least 7 characters', - 'persona' => 'Mozilla Persona (modern, requires JavaScript)', 'type' => 'Authentication method', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'You lack PDO or one of the supported drivers (pdo_mysql, pdo_sqlite).', 'ok' => 'You have PDO and at least one of the supported drivers (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Check permissions on ./data/persona directory. HTTP server must have rights to write into', - 'ok' => 'Permissions on Mozilla Persona directory are good.', - ), 'php' => array( 'nok' => 'Your PHP version is %s but FreshRSS requires at least version %s.', 'ok' => 'Your PHP version is %s, which is compatible with FreshRSS.', diff --git a/app/i18n/fr/admin.php b/app/i18n/fr/admin.php index f4f267306..c359e9d24 100644 --- a/app/i18n/fr/admin.php +++ b/app/i18n/fr/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Formulaire (traditionnel, requiert JavaScript)', 'http' => 'HTTP (pour utilisateurs avancés avec HTTPS)', 'none' => 'Aucune (dangereux)', - 'persona' => 'Mozilla Persona (moderne, requiert JavaScript)', 'title' => 'Authentification', 'title_reset' => 'Réinitialisation de l’authentification', 'token' => 'Jeton d’identification', @@ -75,10 +74,6 @@ return array( 'nok' => 'Vous ne disposez pas de PDO ou d’un des drivers supportés (pdo_mysql, pdo_sqlite).', 'ok' => 'Vous disposez de PDO et d’au moins un des drivers supportés (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Veuillez vérifier les droits sur le répertoire ./data/persona. Le serveur HTTP doit être capable d’écrire dedans', - 'ok' => 'Les droits sur le répertoire de Mozilla Persona sont bons.', - ), 'php' => array( '_' => 'Installation de PHP', 'nok' => 'Votre version de PHP est la %s mais FreshRSS requiert au moins la version %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s articles (%s)', 'create' => 'Créer un nouvel utilisateur', - 'email_persona' => 'Adresse courriel de connexion
(pour Mozilla Persona)', 'language' => 'Langue', 'number' => '%d compte a déjà été créé', 'numbers' => '%d comptes ont déjà été créés', diff --git a/app/i18n/fr/conf.php b/app/i18n/fr/conf.php index 6193b7a01..7a6d12e17 100644 --- a/app/i18n/fr/conf.php +++ b/app/i18n/fr/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Suppression du compte', 'warn' => 'Le compte et toutes les données associées vont être supprimées.', ), - 'email_persona' => 'Adresse courriel de connexion
(pour Mozilla Persona)', 'password_api' => 'Mot de passe API
(ex. : pour applis mobiles)', 'password_form' => 'Mot de passe
(pour connexion par formulaire)', 'password_format' => '7 caractères minimum', diff --git a/app/i18n/fr/feedback.php b/app/i18n/fr/feedback.php index e2364a251..15f3ab859 100644 --- a/app/i18n/fr/feedback.php +++ b/app/i18n/fr/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'Vous avez été déconnecté', ), 'no_password_set' => 'Aucun mot de passe administrateur n’a été précisé. Cette fonctionnalité n’est pas disponible.', - 'not_persona' => 'Seul le système d’authentification Persona peut être réinitialisé.', ), 'conf' => array( 'error' => 'Une erreur est survenue durant la sauvegarde de la configuration', diff --git a/app/i18n/fr/gen.php b/app/i18n/fr/gen.php index 031098aa2..d61a716a7 100644 --- a/app/i18n/fr/gen.php +++ b/app/i18n/fr/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Adresse courriel', 'keep_logged_in' => 'Rester connecté (1 mois)', 'login' => 'Connexion', - 'login_persona' => 'Connexion avec Persona', - 'login_persona_problem' => 'Problème de connexion à Persona ?', 'logout' => 'Déconnexion', 'password' => array( '_' => 'Mot de passe', @@ -42,7 +40,6 @@ return array( 'admin' => 'Nom d’utilisateur administrateur', 'format' => '16 caractères alphanumériques maximum', ), - 'will_reset' => 'Le système d’authentification va être réinitialisé : un formulaire sera utilisé à la place de Persona.', ), 'date' => array( 'Apr' => '\\a\\v\\r\\i\\l', diff --git a/app/i18n/fr/install.php b/app/i18n/fr/install.php index 91dfbbb09..946a210ee 100644 --- a/app/i18n/fr/install.php +++ b/app/i18n/fr/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Réinstaller FreshRSS', ), 'auth' => array( - 'email_persona' => 'Adresse courriel de connexion
(pour Mozilla Persona)', 'form' => 'Formulaire (traditionnel, requiert JavaScript)', 'http' => 'HTTP (pour utilisateurs avancés avec HTTPS)', 'none' => 'Aucune (dangereux)', 'password_form' => 'Mot de passe
(pour connexion par formulaire)', 'password_format' => '7 caractères minimum', - 'persona' => 'Mozilla Persona (moderne, requiert JavaScript)', 'type' => 'Méthode d’authentification', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'Vous ne disposez pas de PDO ou d’un des drivers supportés (pdo_mysql, pdo_sqlite).', 'ok' => 'Vous disposez de PDO et d’au moins un des drivers supportés (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Veuillez vérifier les droits sur le répertoire ./data/persona. Le serveur HTTP doit être capable d’écrire dedans', - 'ok' => 'Les droits sur le répertoire de Mozilla Persona sont bons.', - ), 'php' => array( 'nok' => 'Votre version de PHP est la %s mais FreshRSS requiert au moins la version %s.', 'ok' => 'Votre version de PHP est la %s, qui est compatible avec FreshRSS.', diff --git a/app/i18n/it/admin.php b/app/i18n/it/admin.php index 94b2d6762..4eea158f6 100644 --- a/app/i18n/it/admin.php +++ b/app/i18n/it/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Web form (tradizionale, richiede JavaScript)', 'http' => 'HTTP (per gli utenti avanzati con HTTPS)', 'none' => 'Nessuno (pericoloso)', - 'persona' => 'Mozilla Persona (moderno, richiede JavaScript)', 'title' => 'Autenticazione', 'title_reset' => 'Reset autenticazione', 'token' => 'Token di autenticazione', @@ -75,10 +74,6 @@ return array( 'nok' => 'Manca PDO o uno degli altri driver supportati (pdo_mysql, pdo_sqlite).', 'ok' => 'PDO e altri driver supportati (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Verifica i permessi sulla cartella ./data/persona. Il server HTTP deve avere i permessi per scriverci dentro', - 'ok' => 'I permessi sulla cartella Mozilla Persona sono corretti.', - ), 'php' => array( '_' => 'Installazione PHP', 'nok' => 'Versione PHP %s FreshRSS richiede almeno la versione %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s articoli (%s)', 'create' => 'Crea nuovo utente', - 'email_persona' => 'Indirizzo mail
(Login Mozilla Persona)', 'language' => 'Lingua', 'number' => ' %d profilo utente creato', 'numbers' => 'Sono presenti %d profili utente', diff --git a/app/i18n/it/conf.php b/app/i18n/it/conf.php index b757b3210..19b62c9a7 100644 --- a/app/i18n/it/conf.php +++ b/app/i18n/it/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Cancellazione account', 'warn' => 'Il tuo account e tutti i dati associati saranno cancellati.', ), - 'email_persona' => 'Indirizzo email
(Login Mozilla Persona)', 'password_api' => 'Password API
(e.g., per applicazioni mobili)', 'password_form' => 'Password
(per il login classico)', 'password_format' => 'Almeno 7 caratteri', diff --git a/app/i18n/it/feedback.php b/app/i18n/it/feedback.php index caf1cd2b4..f217586b0 100644 --- a/app/i18n/it/feedback.php +++ b/app/i18n/it/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'Disconnessione effettuata', ), 'no_password_set' => 'Password di amministrazione non impostata. Opzione non disponibile.', - 'not_persona' => 'Solo il sistema Mozilla Persona può essere resettato.', ), 'conf' => array( 'error' => 'Si è verificato un errore durante il salvataggio della configurazione', diff --git a/app/i18n/it/gen.php b/app/i18n/it/gen.php index d24377593..c02ddd13a 100644 --- a/app/i18n/it/gen.php +++ b/app/i18n/it/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Indirizzo email', 'keep_logged_in' => 'Ricorda i dati (1 mese)', 'login' => 'Accedi', - 'login_persona' => 'Accedi con Mozilla Persona', - 'login_persona_problem' => 'Problemi di connessione con Mozilla Persona?', 'logout' => 'Esci', 'password' => array( '_' => 'Password', @@ -42,7 +40,6 @@ return array( 'admin' => 'Username amministratore', 'format' => 'massimo 16 caratteri alfanumerici', ), - 'will_reset' => 'Il sistema di autenticazione verrà resettato: un form verrà usato per Mozilla Persona.', ), 'date' => array( 'Apr' => '\\A\\p\\r\\i\\l\\e', diff --git a/app/i18n/it/install.php b/app/i18n/it/install.php index 8f5300bd5..a60dd4523 100644 --- a/app/i18n/it/install.php +++ b/app/i18n/it/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Reinstalla FreshRSS', ), 'auth' => array( - 'email_persona' => 'Indirizzo mail
(per Mozilla Persona)', 'form' => 'Web form (tradizionale, richiede JavaScript)', 'http' => 'HTTP (per gli utenti avanzati con HTTPS)', 'none' => 'Nessuno (pericoloso)', 'password_form' => 'Password
(per il login tramite Web-form tradizionale)', 'password_format' => 'Almeno 7 caratteri', - 'persona' => 'Mozilla Persona (moderno, richiede JavaScript)', 'type' => 'Metodo di autenticazione', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'Manca PDO o uno degli altri driver supportati (pdo_mysql, pdo_sqlite).', 'ok' => 'PDO e altri driver supportati (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Verifica i permessi sulla cartella ./data/persona. Il server HTTP deve avere i permessi per scriverci dentro', - 'ok' => 'I permessi sulla cartella Mozilla Persona sono corretti.', - ), 'php' => array( '_' => 'Installazione PHP', 'nok' => 'Versione di PHP %s FreshRSS richiede almeno la versione %s.', diff --git a/app/i18n/nl/admin.php b/app/i18n/nl/admin.php index bd7d63b6a..9f05d69b1 100644 --- a/app/i18n/nl/admin.php +++ b/app/i18n/nl/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Web formulier (traditioneel, benodigd JavaScript)', 'http' => 'HTTP (voor geavanceerde gebruikers met HTTPS)', 'none' => 'Geen (gevaarlijk)', - 'persona' => 'Mozilla Persona (modern, benodigd JavaScript)', 'title' => 'Authenticatie', 'title_reset' => 'Authenticatie terugzetten', 'token' => 'Authenticatie teken', @@ -75,10 +74,6 @@ return array( 'nok' => 'U mist PDO of een van de ondersteunde drivers (pdo_mysql, pdo_sqlite).', 'ok' => 'U hebt PDO en ten minste één van de ondersteunde drivers (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Controleer de permissies op de ./data/persona map. HTTP server moet rechten hebben om hierin te schrijven', - 'ok' => 'Permissies op de Mozilla Persona map zijn goed.', - ), 'php' => array( '_' => 'PHP installatie', 'nok' => 'Uw PHP versie is %s maar FreshRSS benodigd tenminste versie %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s artikelen (%s)', 'create' => 'Creëer nieuwe gebruiker', - 'email_persona' => 'Log in mail adres
(voor Mozilla Persona)', 'language' => 'Taal', 'number' => 'Er is %d accounts gemaakt', 'numbers' => 'Er zijn %d accounts gemaakt', diff --git a/app/i18n/nl/conf.php b/app/i18n/nl/conf.php index 9b0aff793..573dabf45 100644 --- a/app/i18n/nl/conf.php +++ b/app/i18n/nl/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Account verwijderen', 'warn' => 'Uw account en alle gerelateerde gegvens worden verwijderd.', ), - 'email_persona' => 'Log in mail adres
(voor Mozilla Persona)', 'password_api' => 'Wachtwoord API
(e.g., voor mobiele apps)', 'password_form' => 'Wachtwoord
(voor de Web-formulier log in methode)', 'password_format' => 'Ten minste 7 tekens', diff --git a/app/i18n/nl/feedback.php b/app/i18n/nl/feedback.php index 54d84f7d6..b703c43cf 100644 --- a/app/i18n/nl/feedback.php +++ b/app/i18n/nl/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'U bent uitgelogd', ), 'no_password_set' => 'Administrateur wachtwoord is niet ingesteld. Deze mogelijkheid is niet beschikbaar.', - 'not_persona' => 'Alleen Persona systeem kan worden gereset.', ), 'conf' => array( 'error' => 'Er is een fout opgetreden tijdens het opslaan van de configuratie', diff --git a/app/i18n/nl/gen.php b/app/i18n/nl/gen.php index 24cba574e..7e03229c9 100644 --- a/app/i18n/nl/gen.php +++ b/app/i18n/nl/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Email adres', 'keep_logged_in' => 'Ingelogd blijven voor (1 maand)', 'login' => 'Log in', - 'login_persona' => 'Login met Persona', - 'login_persona_problem' => 'Connectiviteits problemen met Persona', 'logout' => 'Log uit', 'password' => array( '_' => 'Wachtwoord', @@ -42,7 +40,6 @@ return array( 'admin' => 'Administrator gebruikersnaam', 'format' => 'maximaal 16 alphanumerieke tekens', ), - 'will_reset' => 'Het authenticatie system zal worden gereset: een formulier zal worden gebruikt in plaats van Persona.', ), 'date' => array( 'Apr' => '\\A\\p\\r\\i\\l', diff --git a/app/i18n/nl/install.php b/app/i18n/nl/install.php index d16dda4ca..77783cd48 100644 --- a/app/i18n/nl/install.php +++ b/app/i18n/nl/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Installeer FreshRSS opnieuw', ), 'auth' => array( - 'email_persona' => 'Log in mail adres
(voor Mozilla Persona)', 'form' => 'Web formulier (traditioneel, benodigd JavaScript)', 'http' => 'HTTP (voor geavanceerde gebruikers met HTTPS)', 'none' => 'Geen (gevaarlijk)', 'password_form' => 'Wachtwoord
(voor de Web-formulier log in methode)', 'password_format' => 'Tenminste 7 tekens', - 'persona' => 'Mozilla Persona (modern, benodigd JavaScript)', 'type' => 'Authenticatie methode', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'U mist PDO of één van de ondersteunde (pdo_mysql, pdo_sqlite).', 'ok' => 'U hebt PDO en ten minste één van de ondersteunde drivers (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Controleer permissies van de ./data/persona map. HTTP server moet rechten hebben om er in te kunnen schrijven', - 'ok' => 'Permissies van de Mozilla Persona map zijn goed.', - ), 'php' => array( 'nok' => 'Uw PHP versie is %s maar FreshRSS benodigd tenminste versie %s.', 'ok' => 'Uw PHP versie is %s, welke compatibel is met FreshRSS.', diff --git a/app/i18n/ru/admin.php b/app/i18n/ru/admin.php index dfea5b3cb..caea627f3 100644 --- a/app/i18n/ru/admin.php +++ b/app/i18n/ru/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'На основе веб-формы (традиционный, необходим JavaScript)', 'http' => 'HTTP (для продвинутых пользователей - по HTTPS)', 'none' => 'Без аутентификации (небезопасный)', - 'persona' => 'Mozilla Persona (новый, необходим JavaScript)', 'title' => 'Аутентификации', 'title_reset' => 'Сброс аутентицикации', 'token' => 'Токен аутентификации', @@ -75,10 +74,6 @@ return array( 'nok' => 'У вас не установлен PDO или один из необходимых драйверов (pdo_mysql, pdo_sqlite).', 'ok' => 'У вас установлен PDO и как минимум один из поддерживаемых драйверов (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Проверьте права доступа к папке ./data/persona . Сервер HTTP должен иметь права на запись в эту папку.', - 'ok' => 'Права на папку Mozilla Persona в порядке.', - ), 'php' => array( '_' => 'PHP installation', 'nok' => 'У вас установлен PHP версии %s, но FreshRSS необходима версия не ниже %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s статей (%s)', 'create' => 'Создать нового пользователя', - 'email_persona' => 'Адрес электронной почты для входа
(for Mozilla Persona)', 'language' => 'Язык', 'number' => 'На данный момент создан %d аккаунт', 'numbers' => 'На данный момент аккаунтов создано: %d', diff --git a/app/i18n/ru/conf.php b/app/i18n/ru/conf.php index e502e9a43..557fbe369 100644 --- a/app/i18n/ru/conf.php +++ b/app/i18n/ru/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Account deletion', 'warn' => 'Your account and all the related data will be deleted.', ), - 'email_persona' => 'Login email address
(for Mozilla Persona)', 'password_api' => 'Password API
(e.g., for mobile apps)', 'password_form' => 'Password
(for the Web-form login method)', 'password_format' => 'At least 7 characters', diff --git a/app/i18n/ru/feedback.php b/app/i18n/ru/feedback.php index c9189c0d0..7ce2ae9cf 100644 --- a/app/i18n/ru/feedback.php +++ b/app/i18n/ru/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'You are disconnected', ), 'no_password_set' => 'Administrator password hasn’t been set. This feature isn’t available.', - 'not_persona' => 'Only Persona system can be reset.', ), 'conf' => array( 'error' => 'An error occurred during configuration saving', diff --git a/app/i18n/ru/gen.php b/app/i18n/ru/gen.php index b8e8511d9..eecd72749 100644 --- a/app/i18n/ru/gen.php +++ b/app/i18n/ru/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Email address', 'keep_logged_in' => 'Keep me logged in (1 month)', 'login' => 'Login', - 'login_persona' => 'Login with Persona', - 'login_persona_problem' => 'Connection problem with Persona?', 'logout' => 'Logout', 'password' => array( '_' => 'Password', @@ -42,7 +40,6 @@ return array( 'admin' => 'Administrator username', 'format' => 'maximum 16 alphanumeric characters', ), - 'will_reset' => 'Authentication system will be reset: a form will be used instead of Persona.', ), 'date' => array( 'Apr' => '\\A\\p\\r\\i\\l', diff --git a/app/i18n/ru/install.php b/app/i18n/ru/install.php index c838b2eba..a52e2959b 100644 --- a/app/i18n/ru/install.php +++ b/app/i18n/ru/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'Переустановить FreshRSS', ), 'auth' => array( - 'email_persona' => 'Почта (логин) для
(for Mozilla Persona)', 'form' => 'Вэб-форма (традиционный, необходим JavaScript)', 'http' => 'HTTP (для продвинутых пользователей с HTTPS)', 'none' => 'Никакого (опасно)', 'password_form' => 'Пароль
(для метода аутентификации на Вэб-формах)', 'password_format' => 'Как минимум 7 букв', - 'persona' => 'Mozilla Persona (современный, необходим JavaScript)', 'type' => 'Метод аутентификации', ), 'bdd' => array( @@ -74,10 +72,6 @@ return array( 'nok' => 'У вас не установлен PDO или один из необходимых драйверов (pdo_mysql, pdo_sqlite).', 'ok' => 'У вас установлен PDO и как минимум один из поддерживаемых драйверов (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => 'Проверьте права доступа к папке ./data/persona . Сервер HTTP должен иметь права на запись в эту папку.', - 'ok' => 'Права на папку Mozilla Persona в порядке.', - ), 'php' => array( 'nok' => 'У вас установлен PHP версии %s, но FreshRSS необходима версия не ниже %s.', 'ok' => 'У вас установлен PHP версии %s, который совместим с FreshRSS.', diff --git a/app/i18n/tr/admin.php b/app/i18n/tr/admin.php index 3a6f8118e..43f8e23c5 100644 --- a/app/i18n/tr/admin.php +++ b/app/i18n/tr/admin.php @@ -8,7 +8,6 @@ return array( 'form' => 'Web formu (geleneksel, JavaScript gerektirir)', 'http' => 'HTTP (ileri kullanıcılar için, HTTPS)', 'none' => 'Hiçbiri (tehlikeli)', - 'persona' => 'Mozilla Persona (modern, JavaScript gerektirir)', 'title' => 'Kimlik doğrulama', 'title_reset' => 'Kimlik doğrulama sıfırla', 'token' => 'Kimlik doğrulama işareti', @@ -75,10 +74,6 @@ return array( 'nok' => 'PDO veya PDO destekli bir sürücü eksik (pdo_mysql, pdo_sqlite).', 'ok' => 'PDO sorunsuz (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => './data/persona klasör yetkisini kontrol edin. HTTP yazma yetkisi olmalı', - 'ok' => 'Mozilla Persona klasörü yetkileri sorunsuz.', - ), 'php' => array( '_' => 'PHP kurulumu', 'nok' => 'PHP versiyonunuz %s fakat FreshRSS için gerekli olan en düşük sürüm %s.', @@ -169,7 +164,6 @@ return array( 'user' => array( 'articles_and_size' => '%s makale (%s)', 'create' => 'Yeni kullanıcı oluştur', - 'email_persona' => 'Giriş email adresi
(Mozilla Persona için)', 'language' => 'Dil', 'number' => 'Oluşturulmuş %d hesap var', 'numbers' => 'Oluşturulmuş %d hesap var', diff --git a/app/i18n/tr/conf.php b/app/i18n/tr/conf.php index d9e275b21..2fdc248e4 100644 --- a/app/i18n/tr/conf.php +++ b/app/i18n/tr/conf.php @@ -76,7 +76,6 @@ return array( '_' => 'Hesap silme', 'warn' => 'Hesabınız ve tüm verileriniz silinecek.', ), - 'email_persona' => 'Giriş email adresi
(Mozilla Persona için)', 'password_api' => 'API Şifresi
(ör. mobil uygulamalar için)', 'password_form' => 'Şifre
(Tarayıcı girişi için)', 'password_format' => 'En az 7 karakter', diff --git a/app/i18n/tr/feedback.php b/app/i18n/tr/feedback.php index 0572c6da1..a53316206 100644 --- a/app/i18n/tr/feedback.php +++ b/app/i18n/tr/feedback.php @@ -21,7 +21,6 @@ return array( 'success' => 'Bağlantı koptu', ), 'no_password_set' => 'Yönetici şifresi ayarlanmadı. Bu özellik kullanıma uygun değil.', - 'not_persona' => 'Sadece Persona sistem sıfırlanabilir.', ), 'conf' => array( 'error' => 'Yapılandırma ayarları kaydedilirken hata oluştu', diff --git a/app/i18n/tr/gen.php b/app/i18n/tr/gen.php index 492e2cb9b..865dbd4e2 100644 --- a/app/i18n/tr/gen.php +++ b/app/i18n/tr/gen.php @@ -24,8 +24,6 @@ return array( 'email' => 'Email adresleri', 'keep_logged_in' => '(1 ay) oturumu açık tut', 'login' => 'Giriş', - 'login_persona' => 'Persona ile giriş yap', - 'login_persona_problem' => 'Persona ile bağlantı sorununuz mu var ?', 'logout' => 'Çıkış', 'password' => array( '_' => 'Şifre', @@ -42,7 +40,6 @@ return array( 'admin' => 'Yönetici kullanıcı adı', 'format' => 'en fazla 16 alfanümerik karakter', ), - 'will_reset' => 'Kimlik doğrulama sistemi sıfırlanacak: Persone yerine bir form kullanılacak.', ), 'date' => array( 'Apr' => '\\N\\i\\s\\a\\n', diff --git a/app/i18n/tr/install.php b/app/i18n/tr/install.php index 85134845b..951a7c5fd 100644 --- a/app/i18n/tr/install.php +++ b/app/i18n/tr/install.php @@ -9,13 +9,11 @@ return array( 'reinstall' => 'FreshRSS i yeniden yükle', ), 'auth' => array( - 'email_persona' => 'Giriş email adresi
(Mozilla Persona için)', 'form' => 'Web formu (geleneksel, JavaScript gerektirir)', 'http' => 'HTTP (ileri kullanıcılar için, HTTPS)', 'none' => 'Hiçbiri (tehlikeli)', 'password_form' => 'Şifre
(Tarayıcı girişi için)', 'password_format' => 'En az 7 karakter', - 'persona' => 'Mozilla Persona (modern, JavaScript gerektirir)', 'type' => 'Kimlik doğrulama yöntemi', ), 'bdd' => array( @@ -78,10 +76,6 @@ return array( 'nok' => 'PDO veya PDO destekli bir sürücü eksik (pdo_mysql, pdo_sqlite).', 'ok' => 'PDO sorunsuz (pdo_mysql, pdo_sqlite).', ), - 'persona' => array( - 'nok' => './data/persona klasör yetkisini kontrol edin. HTTP yazma yetkisi olmalı', - 'ok' => 'Mozilla Persona klasörü yetkileri sorunsuz.', - ), 'php' => array( 'nok' => 'PHP versiyonunuz %s fakat FreshRSS için gerekli olan en düşük sürüm %s.', 'ok' => 'PHP versiyonunuz %s, FreshRSS ile tam uyumlu.', diff --git a/app/install.php b/app/install.php index 062f66814..e73bc9972 100644 --- a/app/install.php +++ b/app/install.php @@ -103,7 +103,6 @@ function saveStep1() { $_SESSION['title'] = $system_conf->title; $_SESSION['auth_type'] = $system_conf->auth_type; $_SESSION['old_entries'] = $user_conf->old_entries; - $_SESSION['mail_login'] = $user_conf->mail_login; $_SESSION['default_user'] = $current_user; $_SESSION['passwordHash'] = $user_conf->passwordHash; @@ -128,7 +127,6 @@ function saveStep2() { $_SESSION['old_entries'] = param('old_entries', $user_default_config->old_entries); $_SESSION['auth_type'] = param('auth_type', 'form'); $_SESSION['default_user'] = substr(preg_replace('/[^a-zA-Z0-9]/', '', param('default_user', '')), 0, 16); - $_SESSION['mail_login'] = filter_var(param('mail_login', ''), FILTER_VALIDATE_EMAIL); $password_plain = param('passwordPlain', false); if ($password_plain !== false && cryptAvailable()) { @@ -146,8 +144,7 @@ function saveStep2() { return false; } - if (($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash'])) || - ($_SESSION['auth_type'] === 'persona' && empty($_SESSION['mail_login']))) { + if ($_SESSION['auth_type'] === 'form' && empty($_SESSION['passwordHash'])) { return false; } @@ -157,15 +154,11 @@ function saveStep2() { } $token = ''; - if ($_SESSION['mail_login']) { - $token = sha1($_SESSION['salt'] . $_SESSION['mail_login']); - } $config_array = array( 'language' => $_SESSION['language'], 'theme' => $user_default_config->theme, 'old_entries' => $_SESSION['old_entries'], - 'mail_login' => $_SESSION['mail_login'], 'passwordHash' => $_SESSION['passwordHash'], 'token' => $token, ); @@ -179,12 +172,6 @@ function saveStep2() { mkdir($user_dir); file_put_contents($user_config_path, " $cache ? 'ok' : 'ko', 'users' => $users ? 'ok' : 'ko', 'favicons' => $favicons ? 'ok' : 'ko', - 'persona' => $persona ? 'ok' : 'ko', 'http_referer' => $http_referer ? 'ok' : 'ko', 'all' => $php && $minz && $curl && $pdo && $pcre && $ctype && $dom && $xml && - $data && $cache && $users && $favicons && $persona && $http_referer ? + $data && $cache && $users && $favicons && $http_referer ? 'ok' : 'ko' ); } @@ -380,7 +365,6 @@ function freshrss_already_installed() { function checkStep2() { $conf = !empty($_SESSION['old_entries']) && - isset($_SESSION['mail_login']) && !empty($_SESSION['default_user']); $form = ( @@ -388,11 +372,6 @@ function checkStep2() { ($_SESSION['auth_type'] != 'form' || !empty($_SESSION['passwordHash'])) ); - $persona = ( - isset($_SESSION['auth_type']) && - ($_SESSION['auth_type'] != 'persona' || !empty($_SESSION['mail_login'])) - ); - $defaultUser = empty($_POST['default_user']) ? null : $_POST['default_user']; if ($defaultUser === null) { $defaultUser = empty($_SESSION['default_user']) ? '' : $_SESSION['default_user']; @@ -402,9 +381,8 @@ function checkStep2() { return array( 'conf' => $conf ? 'ok' : 'ko', 'form' => $form ? 'ok' : 'ko', - 'persona' => $persona ? 'ok' : 'ko', 'data' => $data ? 'ok' : 'ko', - 'all' => $conf && $form && $persona && $data ? 'ok' : 'ko' + 'all' => $conf && $form && $data ? 'ok' : 'ko' ); } @@ -612,12 +590,6 @@ function printStep1() {

- -

- -

- -

@@ -673,12 +645,11 @@ function printStep2() { @@ -697,14 +668,6 @@ function printStep2() { -
- -
- tabindex="6"/> - -
-
-
diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml index 8e4df8c2c..8f81ac856 100644 --- a/app/views/auth/index.phtml +++ b/app/views/auth/index.phtml @@ -10,11 +10,10 @@
diff --git a/app/views/auth/personaLogin.phtml b/app/views/auth/personaLogin.phtml deleted file mode 100644 index c6d738bf6..000000000 --- a/app/views/auth/personaLogin.phtml +++ /dev/null @@ -1,28 +0,0 @@ -res === false) { ?> -
-

- - - - - -

- - -

- - - - - -

- -

-
-res); -} -?> diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index 306679601..0c261319a 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -16,11 +16,6 @@
-
- - -
-
-

- - message)) { ?> -

- message['title']; ?>
- message['body']; ?> -

- - - no_form) { ?> - -

-
- -

- -
- - -
-
- - -
- -
-
- -
- - -
diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index 6178cacf2..1aa43a207 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -1,6 +1,5 @@ mark_when; -$mail = Minz_Session::param('mail', false); $s = FreshRSS_Context::$user_conf->shortcuts; echo htmlspecialchars(json_encode(array( 'context' => array( @@ -16,7 +15,6 @@ echo htmlspecialchars(json_encode(array( 'sticky_post' => !!FreshRSS_Context::isStickyPostEnabled(), 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, 'auth_type' => FreshRSS_Context::$system_conf->auth_type, - 'current_user_mail' => $mail ? ('"' . $mail . '"') : null, 'current_view' => Minz_Request::actionName(), ), 'shortcuts' => array( diff --git a/app/views/user/manage.phtml b/app/views/user/manage.phtml index fe1b6618b..e48841d9b 100644 --- a/app/views/user/manage.phtml +++ b/app/views/user/manage.phtml @@ -37,14 +37,6 @@
-
- - mail_login; ?> -
- -
-
-
diff --git a/app/views/user/profile.phtml b/app/views/user/profile.phtml index 7ae2c7ede..e96b5aa32 100644 --- a/app/views/user/profile.phtml +++ b/app/views/user/profile.phtml @@ -41,15 +41,6 @@
-
- - mail_login; ?> -
- placeholder="alice@example.net" /> - -
-
-
diff --git a/data/config.default.php b/data/config.default.php index cae15330f..be3fa8ae2 100644 --- a/data/config.default.php +++ b/data/config.default.php @@ -40,7 +40,6 @@ return array( # Login method: # `none` is without password and shows only the default user; # `form` is a conventional Web login form; - # `persona` is the email-based login by Mozilla; # `http_auth` is an access controled by the HTTP Web server (e.g. `/FreshRSS/p/i/.htaccess` for Apache) # if you use `http_auth`, remember to protect only `/FreshRSS/p/i/`, # and in particular not protect `/FreshRSS/p/api/` if you would like to use the API (different login system). diff --git a/data/users/_/config.default.php b/data/users/_/config.default.php index 8f8ff528c..4a3403453 100644 --- a/data/users/_/config.default.php +++ b/data/users/_/config.default.php @@ -5,7 +5,6 @@ return array ( 'old_entries' => 3, 'keep_history_default' => 0, 'ttl_default' => 3600, - 'mail_login' => '', 'token' => '', 'passwordHash' => '', 'apiPasswordHash' => '', diff --git a/lib/lib_rss.php b/lib/lib_rss.php index f89baf9b1..8196f7847 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -440,7 +440,6 @@ function check_install_files() { 'cache' => CACHE_PATH && is_writable(CACHE_PATH), 'users' => USERS_PATH && is_writable(USERS_PATH), 'favicons' => is_writable(DATA_PATH . '/favicons'), - 'persona' => is_writable(DATA_PATH . '/persona'), 'tokens' => is_writable(DATA_PATH . '/tokens'), ); } diff --git a/p/scripts/install.js b/p/scripts/install.js index 9a49e6031..57fc2450a 100644 --- a/p/scripts/install.js +++ b/p/scripts/install.js @@ -24,18 +24,12 @@ function auth_type_change() { var auth_type = document.getElementById('auth_type'); if (auth_type) { var auth_value = auth_type.value, - password_input = document.getElementById('passwordPlain'), - mail_input = document.getElementById('mail_login'); + password_input = document.getElementById('passwordPlain'); if (auth_value === 'form') { password_input.required = true; - mail_input.required = false; - } else if (auth_value === 'persona') { - password_input.required = false; - mail_input.required = true; } else { password_input.required = false; - mail_input.required = false; } } } diff --git a/p/scripts/persona.js b/p/scripts/persona.js deleted file mode 100644 index 63ab43795..000000000 --- a/p/scripts/persona.js +++ /dev/null @@ -1,76 +0,0 @@ -"use strict"; - -function init_persona() { - if (!(navigator.id && window.$ && window.url)) { - if (window.console) { - console.log('FreshRSS (Persona) waiting for JS…'); - } - window.setTimeout(init_persona, 100); - return; - } - - $('a.signin').click(function() { - navigator.id.request(); - return false; - }); - - $('a.signout').click(function() { - navigator.id.logout(); - return false; - }); - - navigator.id.watch({ - loggedInUser: context['current_user_mail'], - - onlogin: function(assertion) { - // A user has logged in! Here you need to: - // 1. Send the assertion to your backend for verification and to create a session. - // 2. Update your UI. - $.ajax ({ - type: 'POST', - url: url['login'], - data: {assertion: assertion}, - success: function(res, status, xhr) { - if (res.status === 'failure') { - openNotification(res.reason, 'bad'); - } else if (res.status === 'okay') { - location.href = url['index']; - } - }, - error: function(res, status, xhr) { - // alert(res); - } - }); - }, - onlogout: function() { - // A user has logged out! Here you need to: - // Tear down the user's session by redirecting the user or making a call to your backend. - // Also, make sure loggedInUser will get set to null on the next page load. - // (That's a literal JavaScript null. Not false, 0, or undefined. null.) - $.ajax ({ - type: 'POST', - url: url['logout'], - success: function(res, status, xhr) { - location.href = url['index']; - }, - error: function(res, status, xhr) { - // alert(res); - } - }); - } - }); -} - -if (document.readyState && document.readyState !== 'loading') { - if (window.console) { - console.log('FreshRSS (Persona) immediate init…'); - } - init_persona(); -} else if (document.addEventListener) { - document.addEventListener('DOMContentLoaded', function () { - if (window.console) { - console.log('FreshRSS (Persona) waiting for DOMContentLoaded…'); - } - init_persona(); - }, false); -} -- cgit v1.2.3 From e6fd34bdda5d067a9e74714aaae10c89ed998a46 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 13 Aug 2016 17:49:31 +0200 Subject: CSRF token, update HTTP Referrer policy to same-origin https://www.w3.org/TR/referrer-policy/#referrer-policy-no-referrer https://github.com/FreshRSS/FreshRSS/issues/570 https://github.com/FreshRSS/FreshRSS/issues/955 https://github.com/FreshRSS/FreshRSS/issues/1198 https://github.com/FreshRSS/FreshRSS/issues/565 https://github.com/FreshRSS/FreshRSS/issues/554 --- app/FreshRSS.php | 2 +- app/Models/Auth.php | 21 +++++++++++++ app/layout/aside_feed.phtml | 1 + app/layout/layout.phtml | 2 +- app/layout/nav_menu.phtml | 1 + app/views/auth/formLogin.phtml | 1 + app/views/auth/index.phtml | 1 + app/views/auth/register.phtml | 55 +++++++++++++++++---------------- app/views/configure/archiving.phtml | 2 ++ app/views/configure/display.phtml | 1 + app/views/configure/queries.phtml | 1 + app/views/configure/reading.phtml | 1 + app/views/configure/sharing.phtml | 1 + app/views/configure/shortcut.phtml | 1 + app/views/configure/system.phtml | 1 + app/views/extension/index.phtml | 1 + app/views/feed/add.phtml | 1 + app/views/helpers/feed/update.phtml | 1 + app/views/helpers/javascript_vars.phtml | 1 + app/views/helpers/pagination.phtml | 1 + app/views/importExport/index.phtml | 2 ++ app/views/index/logs.phtml | 1 + app/views/stats/idle.phtml | 1 + app/views/subscription/index.phtml | 7 ++++- app/views/user/manage.phtml | 2 ++ app/views/user/profile.phtml | 2 ++ lib/lib_rss.php | 2 +- p/scripts/main.js | 13 ++++++-- 28 files changed, 94 insertions(+), 33 deletions(-) (limited to 'lib/lib_rss.php') diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 20640266e..f9c371d27 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -57,7 +57,7 @@ class FreshRSS extends Minz_FrontController { private static function initAuth() { FreshRSS_Auth::init(); - if (Minz_Request::isPost() && !is_referer_from_same_domain()) { + if (Minz_Request::isPost() && !(is_referer_from_same_domain() && FreshRSS_Auth::isCsrfOk())) { // Basic protection against XSRF attacks FreshRSS_Auth::removeAccess(); $http_referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['HTTP_REFERER']; diff --git a/app/Models/Auth.php b/app/Models/Auth.php index d689f7cdb..f0e8db5a2 100644 --- a/app/Models/Auth.php +++ b/app/Models/Auth.php @@ -124,6 +124,7 @@ class FreshRSS_Auth { self::$login_ok = false; $conf = Minz_Configuration::get('system'); Minz_Session::_param('currentUser', $conf->default_user); + Minz_Session::_param('csrf'); switch ($conf->auth_type) { case 'form': @@ -156,6 +157,26 @@ class FreshRSS_Auth { $auth_type = $conf->auth_type; return $auth_type === 'form'; } + + public static function csrfToken() { + $csrf = Minz_Session::param('csrf'); + if ($csrf == '') { + $salt = FreshRSS_Context::$system_conf->salt; + $csrf = sha1($salt . uniqid(mt_rand(), true)); + Minz_Session::_param('csrf', $csrf); + } + return $csrf; + } + public static function isCsrfOk($token = null) { + $csrf = Minz_Session::param('csrf'); + if ($csrf == '') { + return true; //Not logged in yet + } + if ($token === null) { + $token = Minz_Request::param('_csrf'); + } + return $token === $csrf; + } } diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml index 67507b88d..e8fdbf842 100644 --- a/app/layout/aside_feed.phtml +++ b/app/layout/aside_feed.phtml @@ -20,6 +20,7 @@
+
  • diff --git a/app/layout/layout.phtml b/app/layout/layout.phtml index 2aeba40a9..189d93fbe 100644 --- a/app/layout/layout.phtml +++ b/app/layout/layout.phtml @@ -42,7 +42,7 @@ ?> allow_referrer) { ?> - + allow_robots) { ?> diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml index 92268ff67..17655acbf 100644 --- a/app/layout/nav_menu.phtml +++ b/app/layout/nav_menu.phtml @@ -88,6 +88,7 @@ type="submit">
    + diff --git a/app/views/auth/formLogin.phtml b/app/views/auth/formLogin.phtml index b0083944f..4bbc8ed55 100644 --- a/app/views/auth/formLogin.phtml +++ b/app/views/auth/formLogin.phtml @@ -6,6 +6,7 @@ +
    diff --git a/app/views/auth/index.phtml b/app/views/auth/index.phtml index 8f81ac856..74e692ec5 100644 --- a/app/views/auth/index.phtml +++ b/app/views/auth/index.phtml @@ -4,6 +4,7 @@ +
    diff --git a/app/views/auth/register.phtml b/app/views/auth/register.phtml index 0c261319a..1f9976391 100644 --- a/app/views/auth/register.phtml +++ b/app/views/auth/register.phtml @@ -1,33 +1,34 @@
    -

    +

    - -
    - - -
    + + +
    + + +
    -
    - -
    - - -
    - -
    +
    + +
    + + +
    + +
    -
    - 'index', 'a' => 'index'), - 'php', true - )); - ?> - - - -
    - +
    + 'index', 'a' => 'index'), + 'php', true + )); + ?> + + + +
    + -

    +

    diff --git a/app/views/configure/archiving.phtml b/app/views/configure/archiving.phtml index 52ee98a48..2254f5dba 100644 --- a/app/views/configure/archiving.phtml +++ b/app/views/configure/archiving.phtml @@ -4,6 +4,7 @@
    +

    @@ -55,6 +56,7 @@
    +
    diff --git a/app/views/configure/display.phtml b/app/views/configure/display.phtml index db6d7951c..62ecc1080 100644 --- a/app/views/configure/display.phtml +++ b/app/views/configure/display.phtml @@ -4,6 +4,7 @@ +
    diff --git a/app/views/configure/queries.phtml b/app/views/configure/queries.phtml index 50df4cfea..0dffa268d 100644 --- a/app/views/configure/queries.phtml +++ b/app/views/configure/queries.phtml @@ -4,6 +4,7 @@ + queries as $key => $query) { ?> diff --git a/app/views/configure/reading.phtml b/app/views/configure/reading.phtml index 9c54b6bd5..07dabf15f 100644 --- a/app/views/configure/reading.phtml +++ b/app/views/configure/reading.phtml @@ -4,6 +4,7 @@ +
    diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml index 7bf435777..0dad5bf6d 100644 --- a/app/views/configure/sharing.phtml +++ b/app/views/configure/sharing.phtml @@ -15,6 +15,7 @@
    '> + sharing as $key => $share_options) { diff --git a/app/views/configure/shortcut.phtml b/app/views/configure/shortcut.phtml index 264a5f805..dceeb17de 100644 --- a/app/views/configure/shortcut.phtml +++ b/app/views/configure/shortcut.phtml @@ -12,6 +12,7 @@ shortcuts; ?> + diff --git a/app/views/configure/system.phtml b/app/views/configure/system.phtml index 4af669eb0..935b49fda 100644 --- a/app/views/configure/system.phtml +++ b/app/views/configure/system.phtml @@ -4,6 +4,7 @@ +
    diff --git a/app/views/extension/index.phtml b/app/views/extension/index.phtml index b26334937..7cb16bfff 100644 --- a/app/views/extension/index.phtml +++ b/app/views/extension/index.phtml @@ -6,6 +6,7 @@

    + extension_list['system'])) { ?>

    + load_ok) { ?>
    diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index 72084d8fa..b7e8f68cd 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -18,6 +18,7 @@ +
    diff --git a/app/views/helpers/javascript_vars.phtml b/app/views/helpers/javascript_vars.phtml index 1aa43a207..745baa195 100644 --- a/app/views/helpers/javascript_vars.phtml +++ b/app/views/helpers/javascript_vars.phtml @@ -16,6 +16,7 @@ echo htmlspecialchars(json_encode(array( 'html5_notif_timeout' => FreshRSS_Context::$user_conf->html5_notif_timeout, 'auth_type' => FreshRSS_Context::$system_conf->auth_type, 'current_view' => Minz_Request::actionName(), + 'csrf' => FreshRSS_Auth::csrfToken(), ), 'shortcuts' => array( 'mark_read' => @$s['mark_read'], diff --git a/app/views/helpers/pagination.phtml b/app/views/helpers/pagination.phtml index d1c3cc72c..23c45114d 100755 --- a/app/views/helpers/pagination.phtml +++ b/app/views/helpers/pagination.phtml @@ -15,6 +15,7 @@ ?> +
    • diff --git a/app/views/importExport/index.phtml b/app/views/importExport/index.phtml index a64524bf1..c0bc412c3 100644 --- a/app/views/importExport/index.phtml +++ b/app/views/importExport/index.phtml @@ -4,6 +4,7 @@ +