".$line["title"]."

X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Farticle.php;h=075da19409d986fb5f58bd0d7de21c216eae7387;hb=ed1262d55a01a6ffbefe01eb3b5fc22d33dfad24;hp=1b4d26f701fb046bfe86448ea74523b63529142a;hpb=5e68e24679e9a2248a3c28c8a4078b4bdad09f9c;p=tt-rss.git diff --git a/classes/article.php b/classes/article.php old mode 100644 new mode 100755 index 1b4d26f7..075da194 --- a/classes/article.php +++ b/classes/article.php @@ -8,7 +8,7 @@ class Article extends Handler_Protected { } function redirect() { - $id = $_REQUEST['id']; + $id = clean($_REQUEST['id']); $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = ? AND id = ref_id AND owner_uid = ? @@ -28,9 +28,9 @@ class Article extends Handler_Protected { } function view() { - $id = $_REQUEST["id"]; - $cids = explode(",", $_REQUEST["cids"]); - $mode = $_REQUEST["mode"]; + $id = clean($_REQUEST["id"]); + $cids = explode(",", clean($_REQUEST["cids"])); + $mode = clean($_REQUEST["mode"]); // in prefetch mode we only output requested cids, main article // just gets marked as read (it already exists in client cache) @@ -126,7 +126,7 @@ class Article extends Handler_Protected { if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) return false; $pdo = Db::pdo(); - + $pdo->beginTransaction(); // only check for our user data here, others might have shared this with different content etc @@ -210,7 +210,7 @@ class Article extends Handler_Protected { print __("Tags for this article (separated by commas):")."
"; - $param = $_REQUEST['param']; + $param = clean($_REQUEST['param']); $tags = Article::get_article_tags($param); @@ -241,8 +241,8 @@ class Article extends Handler_Protected { } function setScore() { - $ids = explode(",", $_REQUEST['id']); - $score = (int)$_REQUEST['score']; + $ids = explode(",", clean($_REQUEST['id'])); + $score = (int)clean($_REQUEST['score']); $ids_qmarks = arr_qmarks($ids); @@ -257,7 +257,7 @@ class Article extends Handler_Protected { } function getScore() { - $id = $_REQUEST['id']; + $id = clean($_REQUEST['id']); $sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?"); $sth->execute([$id, $_SESSION['uid']]); @@ -273,9 +273,9 @@ class Article extends Handler_Protected { function setArticleTags() { - $id = $_REQUEST["id"]; + $id = clean($_REQUEST["id"]); - $tags_str = $_REQUEST["tags_str"]; + $tags_str = clean($_REQUEST["tags_str"]); $tags = array_unique(trim_array(explode(",", $tags_str))); $this->pdo->beginTransaction(); @@ -309,7 +309,7 @@ class Article extends Handler_Protected { if ($tag != '') { $sth = $this->pdo->prepare("INSERT INTO ttrss_tags - (post_int_id, owner_uid, tag_name) + (post_int_id, owner_uid, tag_name) VALUES (?, ?, ?)"); $sth->execute([$int_id, $_SESSION['uid'], $tag]); @@ -342,7 +342,7 @@ class Article extends Handler_Protected { function completeTags() { - $search = $_REQUEST["search"]; + $search = clean($_REQUEST["search"]); $sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ? AND @@ -369,11 +369,10 @@ class Article extends Handler_Protected { private function labelops($assign) { $reply = array(); - $ids = explode(",", $_REQUEST["ids"]); - $label_id = $_REQUEST["lid"]; + $ids = explode(",", clean($_REQUEST["ids"])); + $label_id = clean($_REQUEST["lid"]); - $label = db_escape_string(Labels::find_caption($label_id, - $_SESSION["uid"])); + $label = Labels::find_caption($label_id, $_SESSION["uid"]); $reply["info-for-headlines"] = array(); @@ -610,6 +609,8 @@ class Article extends Handler_Protected { $line = $p->hook_render_article($line); } + $line['content'] = rewrite_cached_urls($line['content']); + $num_comments = (int) $line["num_comments"]; $entry_comments = ""; @@ -629,16 +630,52 @@ class Article extends Handler_Protected { } } + $enclosures = self::get_article_enclosures($line["id"]); + if ($zoom_mode) { header("Content-Type: text/html"); - $rv['content'] .= " + $rv['content'] .= " + ".$line["title"]."". stylesheet_tag("css/default.css")." - + "; + + $rv['content'] .= "\n"; + $rv['content'] .= "\n"; + $rv['content'] .= "\n"; + + $rv['content'] .= ""; + + $og_image = false; + + foreach ($enclosures as $enc) { + if (strpos($enc["content_type"], "image/") !== FALSE) { + $og_image = $enc["content_url"]; + break; + } + } + + if (!$og_image) { + $tmpdoc = new DOMDocument(); - "; + if (@$tmpdoc->loadHTML(mb_substr($line["content"], 0, 131070))) { + $tmpxpath = new DOMXPath($tmpdoc); + $first_img = $tmpxpath->query("//img")->item(0); + + if ($first_img) { + $og_image = $first_img->getAttribute("src"); + } + } + } + + if ($og_image) { + $rv['content'] .= ""; + } + + $rv['content'] .= ""; } $rv['content'] .= "

"; @@ -791,7 +828,7 @@ class Article extends Handler_Protected { $pdo = Db::pdo(); $sth = $pdo->prepare("SELECT DISTINCT tag_name, - owner_uid as owner FROM ttrss_tags + owner_uid as owner FROM ttrss_tags WHERE post_int_id = (SELECT int_id FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ? LIMIT 1) ORDER BY tag_name"); @@ -903,9 +940,14 @@ class Article extends Handler_Protected { // purge orphaned posts in main content table + if (DB_TYPE == "mysql") + $limit_qpart = "LIMIT 5000"; + else + $limit_qpart = ""; + $pdo = Db::pdo(); $res = $pdo->query("DELETE FROM ttrss_entries WHERE - NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id)"); + NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id) $limit_qpart"); if ($do_output) { $rows = $res->rowCount();