From e7dba0ce7cfaf5e84687593a8b0d58d89fbff302 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Sat, 9 Aug 2014 23:29:13 +0200 Subject: Add basic system of update - Check on update.freshrss.org for new updates - Download script - Apply script - Need translations and verifications NOTE: current script on server indicates version 0.7.3 is an update of 0.8-dev ==> IT'S ONLY FOR MY TESTS! Script just does a backup of ./data actually... See https://github.com/marienfressinaud/FreshRSS/issues/411 --- lib/Minz/View.php | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/Minz/View.php b/lib/Minz/View.php index f034ab10b..a0dec1824 100644 --- a/lib/Minz/View.php +++ b/lib/Minz/View.php @@ -26,12 +26,19 @@ class Minz_View { * Détermine si on utilise un layout ou non */ public function __construct () { + $this->change_view(Minz_Request::controllerName(), + Minz_Request::actionName()); + self::$title = Minz_Configuration::title (); + } + + /** + * Change le fichier de vue en fonction d'un controller / action + */ + public function change_view($controller_name, $action_name) { $this->view_filename = APP_PATH . self::VIEWS_PATH_NAME . '/' - . Minz_Request::controllerName () . '/' - . Minz_Request::actionName () . '.phtml'; - - self::$title = Minz_Configuration::title (); + . $controller_name . '/' + . $action_name . '.phtml'; } /** -- cgit v1.2.3 From a126d99b3c87c12d6da86a32f0615ad36ec99d60 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 30 Aug 2014 18:31:50 +0200 Subject: Bug referer for systems with non-standard HTTP port Now tests also for the scheme and port, which must be identical to the ones in the referer. https://github.com/marienfressinaud/FreshRSS/issues/565#issuecomment-53916915 https://github.com/marienfressinaud/FreshRSS/issues/554 --- app/FreshRSS.php | 3 +-- lib/Minz/Request.php | 14 ++++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) (limited to 'lib') diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 30f711e20..cf6390f68 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -6,8 +6,7 @@ class FreshRSS extends Minz_FrontController { } $loginOk = $this->accessControl(Minz_Session::param('currentUser', '')); $this->loadParamsView(); - if (Minz_Request::isPost() && (empty($_SERVER['HTTP_REFERER']) || - Minz_Request::getDomainName() !== parse_url($_SERVER['HTTP_REFERER'], PHP_URL_HOST))) { + if (Minz_Request::isPost() && !Minz_Request::isRefererFromSameDomain()) { $loginOk = false; //Basic protection against XSRF attacks Minz_Error::error( 403, diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 52f53012f..ec4e25a6b 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -84,6 +84,20 @@ class Minz_Request { return $_SERVER['HTTP_HOST']; } + public static function isRefererFromSameDomain() { + if (empty($_SERVER['HTTP_REFERER'])) { + return false; + } + $host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') . + (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'])); + $referer = parse_url($_SERVER['HTTP_REFERER']); + if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] || + empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { + return false; + } + return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0); + } + /** * Détermine la base de l'url * @return la base de l'url -- cgit v1.2.3 From c3fd8877c021b86180b3bea4d4260e6478f0558e Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Sat, 6 Sep 2014 16:04:49 +0200 Subject: Bug warning in case of invalid CDATA --- lib/SimplePie/SimplePie/Parser.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'lib') diff --git a/lib/SimplePie/SimplePie/Parser.php b/lib/SimplePie/SimplePie/Parser.php index 9300b4ba9..7fb7bd9be 100644 --- a/lib/SimplePie/SimplePie/Parser.php +++ b/lib/SimplePie/SimplePie/Parser.php @@ -142,7 +142,7 @@ class SimplePie_Parser $dom = new DOMDocument(); $dom->recover = true; $dom->strictErrorChecking = false; - $dom->loadXML($data); + @$dom->loadXML($data); $this->encoding = $encoding = $dom->encoding = 'UTF-8'; $data2 = $dom->saveXML(); if (function_exists('mb_convert_encoding')) -- cgit v1.2.3 From 17d1e67e822dd7b903328195b5957eaf38a6f47b Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Tue, 16 Sep 2014 19:01:24 +0200 Subject: Fix sqlite bug ON DELETE CASCADE Foreign key constraints are not enabled by default. See https://github.com/marienfressinaud/FreshRSS/issues/579 See http://stackoverflow.com/questions/13534040/sqlite3-foreign-keys-on-pdo --- lib/Minz/ModelPdo.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'lib') diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php index 45a1e9451..b4bfca746 100644 --- a/lib/Minz/ModelPdo.php +++ b/lib/Minz/ModelPdo.php @@ -77,6 +77,9 @@ class Minz_ModelPdo { $db['password'], $driver_options ); + if ($type === 'sqlite') { + $this->bd->exec('PRAGMA foreign_keys = ON;'); + } self::$sharedBd = $this->bd; } catch (Exception $e) { throw new Minz_PDOConnectionException( -- cgit v1.2.3 From fc7d2a0bf271e43a9e6001dccef61ec0762eb840 Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Wed, 17 Sep 2014 14:21:56 +0200 Subject: Move http referer test into lib_rss Rename method (coding style) Change in app/FreshRSS.php Improve test of app/install.php --- app/FreshRSS.php | 2 +- app/install.php | 2 +- lib/Minz/Request.php | 14 -------------- lib/lib_rss.php | 14 ++++++++++++++ 4 files changed, 16 insertions(+), 16 deletions(-) (limited to 'lib') diff --git a/app/FreshRSS.php b/app/FreshRSS.php index 6cca27f78..347b8392f 100644 --- a/app/FreshRSS.php +++ b/app/FreshRSS.php @@ -6,7 +6,7 @@ class FreshRSS extends Minz_FrontController { } $loginOk = $this->accessControl(Minz_Session::param('currentUser', '')); $this->loadParamsView(); - if (Minz_Request::isPost() && !Minz_Request::isRefererFromSameDomain()) { + if (Minz_Request::isPost() && !is_referer_from_same_domain()) { $loginOk = false; //Basic protection against XSRF attacks Minz_Error::error( 403, diff --git a/app/install.php b/app/install.php index f31764545..362ffec48 100644 --- a/app/install.php +++ b/app/install.php @@ -307,7 +307,7 @@ function checkStep1() { $log = LOG_PATH && is_writable(LOG_PATH); $favicons = is_writable(DATA_PATH . '/favicons'); $persona = is_writable(DATA_PATH . '/persona'); - $http_referer = !empty($_SERVER['HTTP_REFERER']); + $http_referer = is_referer_from_same_domain(); return array( 'php' => $php ? 'ok' : 'ko', diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index ec4e25a6b..52f53012f 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -84,20 +84,6 @@ class Minz_Request { return $_SERVER['HTTP_HOST']; } - public static function isRefererFromSameDomain() { - if (empty($_SERVER['HTTP_REFERER'])) { - return false; - } - $host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') . - (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'])); - $referer = parse_url($_SERVER['HTTP_REFERER']); - if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] || - empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { - return false; - } - return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0); - } - /** * Détermine la base de l'url * @return la base de l'url diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 823f53716..31c9cdbc1 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -230,3 +230,17 @@ function cryptAvailable() { } return false; } + +function is_referer_from_same_domain() { + if (empty($_SERVER['HTTP_REFERER'])) { + return false; + } + $host = parse_url(((isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') ? 'https://' : 'http://') . + (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] : $_SERVER['HTTP_HOST'])); + $referer = parse_url($_SERVER['HTTP_REFERER']); + if (empty($host['scheme']) || empty($referer['scheme']) || $host['scheme'] !== $referer['scheme'] || + empty($host['host']) || empty($referer['host']) || $host['host'] !== $referer['host']) { + return false; + } + return (isset($host['port']) ? $host['port'] : 0) === (isset($referer['port']) ? $referer['port'] : 0); +} -- cgit v1.2.3 From d284958d52f633738e8cc736f7f4a50e0c984ecf Mon Sep 17 00:00:00 2001 From: Marien Fressinaud Date: Fri, 19 Sep 2014 19:44:40 +0200 Subject: Improve redirection when deleting an idle feed --- app/Controllers/feedController.php | 9 ++++++--- app/views/stats/idle.phtml | 6 +++++- lib/Minz/Request.php | 5 +++++ 3 files changed, 16 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 3326b2059..65d4b3a37 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -412,10 +412,13 @@ class FreshRSS_feed_Controller extends Minz_ActionController { Minz_Session::_param ('notification', $notif); - if ($type == 'category') { - Minz_Request::forward (array ('c' => 'configure', 'a' => 'categorize'), true); + $redirect_url = Minz_Request::param('r', false, true); + if ($redirect_url) { + Minz_Request::forward($redirect_url); + } elseif ($type == 'category') { + Minz_Request::forward(array ('c' => 'configure', 'a' => 'categorize'), true); } else { - Minz_Request::forward (array ('c' => 'configure', 'a' => 'feed'), true); + Minz_Request::forward(array ('c' => 'configure', 'a' => 'feed'), true); } } } diff --git a/app/views/stats/idle.phtml b/app/views/stats/idle.phtml index 3ce8d3d3e..6f3d4a117 100644 --- a/app/views/stats/idle.phtml +++ b/app/views/stats/idle.phtml @@ -6,6 +6,10 @@

'stats', 'a' => 'idle'), + 'php', true + )); $nothing = true; foreach ($this->idleFeeds as $period => $feeds) { if (!empty($feeds)) { @@ -22,7 +26,7 @@
- +
  • diff --git a/lib/Minz/Request.php b/lib/Minz/Request.php index 52f53012f..f7a24c026 100644 --- a/lib/Minz/Request.php +++ b/lib/Minz/Request.php @@ -124,6 +124,11 @@ class Minz_Request { * > sinon, le dispatcher recharge en interne */ public static function forward($url = array(), $redirect = false) { + if (!is_array($url)) { + header('Location: ' . $url); + exit(); + } + $url = Minz_Url::checkUrl($url); if ($redirect) { -- cgit v1.2.3