]> git.wh0rd.org - tt-rss.git/blobdiff - backend.php
git.wh0rd.org / tt-rss.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
functions.php: Fixed some mild errors.
[tt-rss.git] / backend.php
diff --git a/backend.php b/backend.php
index c7f0628cb9bd4fe7bcba5109b21fb60352cd5607..29903843495636e52e962ae63fa91facbf6fc0a5 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -62,8 +62,14 @@
                        $op != "rss" && $op != "getUnread" && $op != "getProfiles" &&
                        $op != "fbexport" && $op != "logout" && $op != "pubsub") {
 
-               header("Content-Type: text/plain");
-               print json_encode(array("error" => array("code" => 6)));
+               if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
+                       header("Content-Type: text/html");
+                       login_sequence($link);
+                       render_login_form($link);
+               } else {
+                       header("Content-Type: text/plain");
+                       print json_encode(array("error" => array("code" => 6)));
+               }
                return;
        }
 
@@ -181,7 +187,8 @@
                        $id = db_escape_string($_REQUEST['id']);
 
                        $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
-                               WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
+                               WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
+                               LIMIT 1");
 
                        if (db_num_rows($result) == 1) {
                                $article_url = db_fetch_result($result, 0, 'link');
@@ -198,7 +205,7 @@
                case "view":
 
                        $id = db_escape_string($_REQUEST["id"]);
-                       $cids = split(",", db_escape_string($_REQUEST["cids"]));
+                       $cids = explode(",", db_escape_string($_REQUEST["cids"]));
                        $mode = db_escape_string($_REQUEST["mode"]);
                        $omode = db_escape_string($_REQUEST["omode"]);
 
@@ -210,7 +217,7 @@
                        if ($mode == "") {
                                array_push($articles, format_article($link, $id, false));
                        } else if ($mode == "zoom") {
-                               array_push($articles, format_article($link, $id, false, true, true));
+                               array_push($articles, format_article($link, $id, true, true));
                        } else if ($mode == "raw") {
                                if ($_REQUEST['html']) {
                                        header("Content-Type: text/html");
@@ -377,7 +384,7 @@
                                $articles = array();
 
                                foreach ($topmost_article_ids as $id) {
-                                       array_push($articles, format_article($link, $id, $feed, false));
+                                       array_push($articles, format_article($link, $id, false));
                                }
 
                                $reply['articles'] = $articles;
@@ -546,34 +553,41 @@
                        $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
                                WHERE id = '$feed_id'");
 
-                       $check_feed_url = db_fetch_result($result, 0, "feed_url");
+                       if (db_num_rows($result) != 0) {
 
-                       if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
-                               if ($mode == "subscribe") {
+                               $check_feed_url = db_fetch_result($result, 0, "feed_url");
 
-                                       db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
-                                               WHERE id = '$feed_id'");
+                               if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+                                       if ($mode == "subscribe") {
 
-                                       print $_REQUEST['hub_challenge'];
-                                       return;
+                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
+                                                       WHERE id = '$feed_id'");
 
-                               } else if ($mode == "unsubscribe") {
+                                               print $_REQUEST['hub_challenge'];
+                                               return;
 
-                                       db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
-                                               WHERE id = '$feed_id'");
+                                       } else if ($mode == "unsubscribe") {
 
-                                       print $_REQUEST['hub_challenge'];
-                                       return;
+                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
+                                                       WHERE id = '$feed_id'");
+
+                                               print $_REQUEST['hub_challenge'];
+                                               return;
 
-                               } else if (!$mode) {
+                                       } else if (!$mode) {
 
-                                       // Received update ping, schedule feed update.
+                                               // Received update ping, schedule feed update.
 
-                                       update_rss_feed($link, $feed_id, true, true);
+                                               update_rss_feed($link, $feed_id, true, true);
 
+                                       }
+                               } else {
+                                       header('HTTP/1.0 404 Not Found');
+                                       echo "404 Not found";
                                }
                        } else {
                                header('HTTP/1.0 404 Not Found');
+                               echo "404 Not found";
                        }
 
                break; // pubsub
@@ -585,8 +599,7 @@
 
                case "fbexport":
 
-                       // TODO: change to _POST
-                       $access_key = db_escape_string($_REQUEST["key"]);
+                       $access_key = db_escape_string($_POST["key"]);
 
                        // TODO: rate limit checking using last_connected
                        $result = db_query($link, "SELECT id FROM ttrss_linked_instances
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/