$config = HTMLPurifier_Config::createDefault();
- $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title],ul,ol,li,h1,h2,h3,h4,s";
+ $allowed = "p,a[href],i,em,b,strong,code,pre,blockquote,br,img[src|alt|title],ul,ol,li,h1,h2,h3,h4,s,object[classid|type|id|name|width|height|codebase],param[name|value]";
+ $config->set('HTML.SafeObject', true);
$config->set('HTML', 'Allowed', $allowed);
+ $config->set('Output.FlashCompat', true);
+ $config->set('Attr.EnableID', true);
+
$purifier = new HTMLPurifier($config);
/**
db_query($link, "UPDATE ttrss_entries
SET title = '$entry_title', content = '$entry_content',
content_hash = '$content_hash',
+ updated = '$entry_timestamp_fmt',
num_comments = '$num_comments'
WHERE id = '$ref_id'");
FROM ttrss_users WHERE
login = '$login'";
+ if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER
+ && $_SERVER["REMOTE_USER"]) {
+ $result = db_query($link, $query);
+
+ // First login ?
+ if (db_num_rows($result) == 0) {
+ $query = "INSERT INTO ttrss_users
+ (login,access_level,last_login,created)
+ VALUES ('$login', 0, null, NOW())";
+ db_query($link, $query);
+ }
+ }
+
} else {
$query = "SELECT id,login,access_level,pwd_hash
FROM ttrss_users WHERE
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
+
+ // LemonLDAP can send user informations via HTTP HEADER
+ if (defined('AUTO_CREATE_USER') && AUTO_CREATE_USER){
+ // update user name
+ if ($_SERVER['HTTP_USER_NAME']){
+ $fullname = db_escape_string($_SERVER['HTTP_USER_NAME']);
+ db_query($link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
+ $_SESSION["uid"]);
+ }
+ // update user mail
+ if ($_SERVER['HTTP_USER_MAIL']){
+ $email = db_escape_string($_SERVER['HTTP_USER_MAIL']);
+ db_query($link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
+ $_SESSION["uid"]);
+ }
+ }
+
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
$params["theme"] = get_user_theme($link);
$params["theme_options"] = get_user_theme_options($link);
- $params["daemon_enabled"] = ENABLE_UPDATE_DAEMON;
$params["sign_progress"] = theme_image($link, "images/indicator_white.gif");
$params["sign_progress_tiny"] = theme_image($link, "images/indicator_tiny.gif");
$data['last_article_id'] = getLastArticleId($link);
$data['cdm_expanded'] = get_pref($link, 'CDM_EXPANDED');
- if (ENABLE_UPDATE_DAEMON) {
+ if (file_exists(LOCK_DIRECTORY . "/update_daemon.lock")) {
$data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock");
$res = trim($str); if (!$res) return '';
- if (get_pref($link, "STRIP_UNSAFE_TAGS", $owner) || $force_strip_tags) {
- $res = $purifier->purify($res);
- }
+// if (get_pref($link, "STRIP_UNSAFE_TAGS", $owner) || $force_strip_tags) {
+ $res = $purifier->purify($res);
+// }
if (get_pref($link, "STRIP_IMAGES", $owner)) {
$res = preg_replace('/<img[^>]+>/is', '', $res);
git.wh0rd.org / tt-rss.git / blobdiff