<?php
define('EXPECTED_CONFIG_VERSION', 26);
- define('SCHEMA_VERSION', 105);
+ define('SCHEMA_VERSION', 106);
$fetch_last_error = false;
$pluginhost = false;
$tr = array(
"auto" => "Detect automatically",
"ca_CA" => "Català",
+ "cs_CZ" => "Česky",
"en_US" => "English",
"es_ES" => "Español",
"de_DE" => "Deutsch",
"ja_JP" => "日本語 (Japanese)",
"lv_LV" => "Latviešu",
"nb_NO" => "Norwegian bokmål",
+ "nl_NL" => "Dutch",
"pl_PL" => "Polski",
"ru_RU" => "Русский",
"pt_BR" => "Portuguese/Brazil",
$lang = _TRANSLATION_OVERRIDE_DEFAULT;
}
- /* In login action of mobile version */
- if ($_POST["language"] && defined('MOBILE_VERSION')) {
- $lang = $_POST["language"];
- } else if ($_SESSION["language"] && $_SESSION["language"] != "auto") {
+ if ($_SESSION["language"] && $_SESSION["language"] != "auto") {
$lang = $_SESSION["language"];
}
_setlocale(LC_ALL, $lang);
}
- if (defined('MOBILE_VERSION')) {
- _bindtextdomain("messages", "../locale");
- } else {
- _bindtextdomain("messages", "locale");
- }
+ _bindtextdomain("messages", "locale");
_textdomain("messages");
_bind_textdomain_codeset("messages", "UTF-8");
* @return void
*/
function _debug($msg) {
- if (defined('QUIET') && QUIET) {
- return;
- }
$ts = strftime("%H:%M:%S", time());
if (function_exists('posix_getpid')) {
$ts = "$ts/" . posix_getpid();
}
- print "[$ts] $msg\n";
+
+ if (!(defined('QUIET') && QUIET)) {
+ print "[$ts] $msg\n";
+ }
+
+ if (defined('LOGFILE')) {
+ $fp = fopen(LOGFILE, 'a+');
+
+ if ($fp) {
+ fputs($fp, "[$ts] $msg\n");
+ fclose($fp);
+ }
+ }
+
} // function _debug
/**
global $fetch_last_error;
if (function_exists('curl_init') && !ini_get("open_basedir")) {
- //$ch = curl_init($url);
- $ch = curl_init(geturl($url));
+
+ if (ini_get("safe_mode")) {
+ $ch = curl_init(geturl($url));
+ } else {
+ $ch = curl_init($url);
+ }
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout ? $timeout : 15);
curl_setopt($ch, CURLOPT_TIMEOUT, $timeout ? $timeout : 45);
- //curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
+ curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("safe_mode"));
curl_setopt($ch, CURLOPT_MAXREDIRS, 20);
curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
function initialize_user_prefs($link, $uid, $profile = false) {
- $uid = db_escape_string($uid);
+ $uid = db_escape_string($link, $uid);
if (!$profile) {
$profile = "NULL";
}
}
- function login_sequence($link, $login_form = 0) {
+ function login_sequence($link) {
$_SESSION["prefs_cache"] = false;
if (SINGLE_USER_MODE) {
authenticate_user($link, null, null, true);
}
- if (!$_SESSION["uid"]) render_login_form($link, $login_form);
+ if (!$_SESSION["uid"]) render_login_form($link);
} else {
/* bump login timestamp */
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
+ $_SESSION["last_login_update"] = time();
}
if ($_SESSION["uid"] && $_SESSION["language"] && SESSION_COOKIE_LIFETIME > 0) {
if ($_SESSION["uid"]) {
cache_prefs($link);
load_user_plugins($link, $_SESSION["uid"]);
+
+ /* cleanup ccache */
+
+ db_query($link, "DELETE FROM ttrss_counters_cache WHERE owner_uid = ".
+ $_SESSION["uid"] . " AND
+ (SELECT COUNT(id) FROM ttrss_feeds WHERE
+ ttrss_feeds.id = feed_id) = 0");
+
+ db_query($link, "DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ".
+ $_SESSION["uid"] . " AND
+ (SELECT COUNT(id) FROM ttrss_feed_categories WHERE
+ ttrss_feed_categories.id = feed_id) = 0");
+
}
+
}
}
}
}
- // Deprecated, TODO: remove
- function theme_image($link, $filename) {
- return $filename;
- }
-
function convert_timestamp($timestamp, $source_tz, $dest_tz) {
try {
}
}
- if (db_escape_string("testTEST") != "testTEST") {
+ if (db_escape_string($link, "testTEST") != "testTEST") {
$error_code = 12;
}
} else { // tag
db_query($link, "BEGIN");
- $tag_name = db_escape_string($feed);
+ $tag_name = db_escape_string($link, $feed);
$result = db_query($link, "SELECT post_int_id FROM ttrss_tags
WHERE tag_name = '$tag_name' AND owner_uid = $owner_uid");
return 0;
} else if ($feed != "0" && $n_feed == 0) {
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
$result = db_query($link, "SELECT SUM((SELECT COUNT(int_id)
FROM ttrss_user_entries,ttrss_entries WHERE int_id = post_int_id
function make_init_params($link) {
$params = array();
- $params["sign_progress"] = theme_image($link, "images/indicator_white.gif");
- $params["sign_progress_tiny"] = theme_image($link, "images/indicator_tiny.gif");
- $params["sign_excl"] = theme_image($link, "images/sign_excl.svg");
- $params["sign_info"] = theme_image($link, "images/sign_info.svg");
-
foreach (array("ON_CATCHUP_SHOW_NEXT_FEED", "HIDE_READ_FEEDS",
"ENABLE_FEED_CATS", "FEEDS_SORT_BY_UNREAD", "CONFIRM_FEED_CATCHUP",
"CDM_AUTO_CATCHUP", "FRESH_ARTICLE_MAX_AGE", "DEFAULT_ARTICLE_LIMIT",
"article_scroll_up" => __("Scroll up"),
"select_article_cursor" => __("Select article under cursor"),
"email_article" => __("Email article"),
- "close_article" => __("Close article"),
- "toggle_widescreen" => __("Toggle widescreen mode")),
+ "close_article" => __("Close/collapse article"),
+ "toggle_widescreen" => __("Toggle widescreen mode"),
+ "toggle_embed_original" => __("Toggle embed original")),
__("Article selection") => array(
"select_all" => __("Select all articles"),
"select_unread" => __("Select unread"),
"*(38)|Shift+up" => "article_scroll_up",
"*(40)|Shift+down" => "article_scroll_down",
"a *w" => "toggle_widescreen",
+ "a e" => "toggle_embed_original",
"e" => "email_article",
"a q" => "close_article",
// "article_selection" => array(
$data['last_article_id'] = getLastArticleId($link);
$data['cdm_expanded'] = get_pref($link, 'CDM_EXPANDED');
+ $data['dep_ts'] = calculate_dep_timestamp();
+
if (file_exists(LOCK_DIRECTORY . "/update_daemon.lock")) {
$data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock");
return $data;
}
- function search_to_sql($link, $search, $match_on) {
+ function search_to_sql($link, $search) {
$search_query_part = "";
//$k = date("Y-m-d", strtotime(substr($k, 1)));
array_push($query_keywords, "(".SUBSTRING_FOR_DATE."(updated,1,LENGTH('$k')) $not = '$k')");
- } else if ($match_on == "both") {
+ } else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
- } else if ($match_on == "title") {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%'))");
- } else if ($match_on == "content") {
- array_push($query_keywords, "(UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
}
}
return $rv;
}
- function queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $match_on, $override_order = false, $offset = 0, $owner_uid = 0, $filter = false, $since_id = 0, $include_children = false, $ignore_vfeed_group = false) {
+ function queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $override_order = false, $offset = 0, $owner_uid = 0, $filter = false, $since_id = 0, $include_children = false, $ignore_vfeed_group = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
$search_query_part = "ref_id = -1 AND ";
} else {
- $search_query_part = search_to_sql($link, $search, $match_on);
+ $search_query_part = search_to_sql($link, $search);
$search_query_part .= " AND ";
}
num_comments,
comments,
int_id,
+ hide_images,
unread,feed_id,marked,published,link,last_read,orig_feed_id,
last_marked, last_published,
".SUBSTRING_FOR_DATE."(last_read,1,19) as last_read_noms,
"label_cache," .
"link," .
"last_read," .
+ "(SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) AS hide_images," .
"last_marked, last_published, " .
SUBSTRING_FOR_DATE . "(last_read,1,19) as last_read_noms," .
$since_id_part .
}
- function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
+ function sanitize($link, $str, $force_remove_images = false, $owner = false, $site_url = false) {
if (!$owner) $owner = $_SESSION["uid"];
$res = trim($str); if (!$res) return '';
- if (get_pref($link, "STRIP_IMAGES", $owner)) {
- $res = preg_replace('/<img[^>]+>/is', '', $res);
- }
-
if (strpos($res, "href=") === false)
$res = rewrite_urls($res);
$entry->setAttribute('src', $src);
}
+
+ if ($entry->nodeName == 'img') {
+ if (($owner && get_pref($link, "STRIP_IMAGES", $owner)) ||
+ $force_remove_images) {
+
+ $p = $doc->createElement('p');
+
+ $a = $doc->createElement('a');
+ $a->setAttribute('href', $entry->getAttribute('src'));
+
+ $a->appendChild(new DOMText($entry->getAttribute('src')));
+ $a->setAttribute('target', '_blank');
+
+ $p->appendChild($a);
+
+ $entry->parentNode->replaceChild($p, $entry);
+ }
+ }
}
if (strtolower($entry->nodeName) == "a") {
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
- $entry->setAttribute('sandbox', true);
+ $entry->setAttribute('sandbox', 'allow-scripts');
+
}
global $pluginhost;
function strip_harmful_tags($doc) {
$entries = $doc->getElementsByTagName("*");
- $allowed_elements = array('a', 'address', 'audio',
+ $allowed_elements = array('a', 'address', 'audio', 'article',
'b', 'big', 'blockquote', 'body', 'br', 'cite',
- 'code', 'dd', 'del', 'details', 'div', 'dl',
+ 'code', 'dd', 'del', 'details', 'div', 'dl', 'font',
'dt', 'em', 'footer', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
'header', 'html', 'i', 'img', 'ins', 'kbd',
'li', 'nav', 'ol', 'p', 'pre', 'q', 's','small',
function get_article_tags($link, $id, $owner_uid = 0, $tag_cache = false) {
- $a_id = db_escape_string($id);
+ $a_id = db_escape_string($link, $id);
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
/* update the cache */
- $tags_str = db_escape_string(join(",", $tags));
+ $tags_str = db_escape_string($link, join(",", $tags));
db_query($link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id'
return true;
}
- function render_login_form($link, $form_id = 0) {
- switch ($form_id) {
- case 0:
- require_once "login_form.php";
- break;
- case 1:
- require_once "mobile/login_form.php";
- break;
- }
+ function render_login_form($link) {
+ require_once "login_form.php";
exit;
}
function format_warning($msg, $id = "") {
global $link;
return "<div class=\"warning\" id=\"$id\">
- <img src=\"".theme_image($link, "images/sign_excl.svg")."\">$msg</div>";
+ <img src=\"images/sign_excl.svg\">$msg</div>";
}
function format_notice($msg, $id = "") {
global $link;
return "<div class=\"notice\" id=\"$id\">
- <img src=\"".theme_image($link, "images/sign_info.svg")."\">$msg</div>";
+ <img src=\"images/sign_info.svg\">$msg</div>";
}
function format_error($msg, $id = "") {
global $link;
return "<div class=\"error\" id=\"$id\">
- <img src=\"".theme_image($link, "images/sign_excl.svg")."\">$msg</div>";
+ <img src=\"images/sign_excl.svg\">$msg</div>";
}
function print_notice($msg) {
$entry = "";
+ $url = htmlspecialchars($url);
+
if (strpos($ctype, "audio/") === 0) {
if ($_SESSION["hasAudio"] && (strpos($ctype, "ogg") !== false ||
</object>";
}
- if ($entry) $entry .= " " . basename($url);
+ if ($entry) $entry .= " <a target=\"_blank\"
+ href=\"$url\">" . basename($url) . "</a>";
return $entry;
$result = db_query($link, "SELECT id,title,link,content,feed_id,comments,int_id,
".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url,
+ (SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) as hide_images,
num_comments,
tag_cache,
author,
</head><body>";
}
- $title_escaped = htmlspecialchars($line['title']);
-
- $rv['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
- strip_tags($line['title']) . "</div>";
-
$rv['content'] .= "<div class=\"postReply\" id=\"POST-$id\">";
$rv['content'] .= "<div class=\"postHeader\" id=\"POSTHDR-$id\">";
title=\"".htmlspecialchars($line['title'])."\"
href=\"" .
htmlspecialchars($line["link"]) . "\">" .
- $line["title"] .
- "<span class='author'>$entry_author</span></a></div>";
+ $line["title"] . "</a>" .
+ "<span class='author'>$entry_author</span></div>";
} else {
$rv['content'] .= "<div class='postTitle'>" . $line["title"] . "$entry_author</div>";
}
if (!$entry_comments) $entry_comments = " "; # placeholder
$rv['content'] .= "<div class='postTags' style='float : right'>
- <img src='".theme_image($link, 'images/tag.png')."'
+ <img src='images/tag.png'
class='tagsPic' alt='Tags' title='Tags'> ";
if (!$zoom_mode) {
$rv['content'] .= "<div class=\"postContent\">";
- // N-grams
-
- if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_RELATED_THRESHOLD')) {
-
- $ngram_result = db_query($link, "SELECT id,title FROM
- ttrss_entries,ttrss_user_entries
- WHERE ref_id = id AND updated >= NOW() - INTERVAL '7 day'
- AND similarity(title, '$title_escaped') >= "._NGRAM_TITLE_RELATED_THRESHOLD."
- AND title != '$title_escaped'
- AND owner_uid = $owner_uid");
-
- if (db_num_rows($ngram_result) > 0) {
- $rv['content'] .= "<div dojoType=\"dijit.form.DropDownButton\">".
- "<span>" . __('Related')."</span>";
- $rv['content'] .= "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
-
- while ($nline = db_fetch_assoc($ngram_result)) {
- $rv['content'] .= "<div onclick=\"hlOpenInNewTab(null,".$nline['id'].")\"
- dojoType=\"dijit.MenuItem\">".$nline['title']."</div>";
-
- }
- $rv['content'] .= "</div></div><br/";
- }
- }
-
$rv['content'] .= $line["content"];
$rv['content'] .= format_article_enclosures($link, $id,
- $always_display_enclosures, $line["content"]);
+ $always_display_enclosures, $line["content"], $line["hide_images"]);
$rv['content'] .= "</div>";
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "access_key");
} else {
- $key = db_escape_string(sha1(uniqid(rand(), true)));
+ $key = db_escape_string($link, sha1(uniqid(rand(), true)));
$result = db_query($link, "INSERT INTO ttrss_access_keys
(access_key, feed_id, is_cat, owner_uid)
}
function format_article_enclosures($link, $id, $always_display_enclosures,
- $article_content) {
+ $article_content, $hide_images = false) {
$result = get_article_enclosures($link, $id);
$rv = '';
array_push($entries, $entry);
}
- if (!get_pref($link, "STRIP_IMAGES")) {
+ if ($_SESSION['uid'] && !get_pref($link, "STRIP_IMAGES")) {
if ($always_display_enclosures ||
!preg_match("/<img/i", $article_content)) {
if (preg_match("/image/", $entry["type"]) ||
preg_match("/\.(jpg|png|gif|bmp)/i", $entry["filename"])) {
- $rv .= "<p><img
- alt=\"".htmlspecialchars($entry["filename"])."\"
- src=\"" .htmlspecialchars($entry["url"]) . "\"/></p>";
+ if (!$hide_images) {
+ $rv .= "<p><img
+ alt=\"".htmlspecialchars($entry["filename"])."\"
+ src=\"" .htmlspecialchars($entry["url"]) . "\"/></p>";
+ } else {
+ $rv .= "<p><a target=\"_blank\"
+ href=\"".htmlspecialchars($entry["url"])."\"
+ >" .htmlspecialchars($entry["url"]) . "</a></p>";
+ }
}
}
}
if ($regexp_valid) {
- $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+ $rule['reg_exp'] = db_escape_string($link, $rule['reg_exp']);
switch ($rule["type"]) {
case "title":
}
if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
- $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+ $qpart .= " AND feed_id = " . db_escape_string($link, $rule["feed_id"]);
}
if (isset($rule["cat_id"])) {
$oline='';
foreach($status as $key=>$eline){$oline.='['.$key.']'.$eline.' ';}
$line =$oline." \r\n ".$url."\r\n-----------------\r\n";
- $handle = @fopen('./curl.error.log', 'a');
- fwrite($handle, $line);
+# $handle = @fopen('./curl.error.log', 'a');
+# fwrite($handle, $line);
return FALSE;
}
return $url;
return $rv;
}
+ function stylesheet_tag($filename) {
+ $timestamp = filemtime($filename);
+
+ echo "<link rel=\"stylesheet\" type=\"text/css\" href=\"$filename?$timestamp\"/>\n";
+ }
+
+ function javascript_tag($filename) {
+ $query = "";
+
+ if (!(strpos($filename, "?") === FALSE)) {
+ $query = substr($filename, strpos($filename, "?")+1);
+ $filename = substr($filename, 0, strpos($filename, "?"));
+ }
+
+ $timestamp = filemtime($filename);
+
+ if ($query) $timestamp .= "&$query";
+
+ echo "<script type=\"text/javascript\" charset=\"utf-8\" src=\"$filename?$timestamp\"></script>\n";
+ }
+
+ function calculate_dep_timestamp() {
+ $files = array_merge(glob("js/*.js"), glob("*.css"));
+
+ $max_ts = -1;
+
+ foreach ($files as $file) {
+ if (filemtime($file) > $max_ts) $max_ts = filemtime($file);
+ }
+
+ return $max_ts;
+ }
+
+ function get_site_title() {
+ if (defined("_SITE_TITLE")) {
+ return _SITE_TITLE;
+ } else {
+ return "Tiny Tiny RSS";
+ }
+ }
?>