X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Farticle.php;h=09bd6d7dc4e843afaaa84ff911d9968aa1c0b13c;hb=add558e7e53fb9ab2e0e3186573bdb90d0e910ff;hp=0352e1b9eeede22b9e515aacf3d40ad6bf016e70;hpb=187abfe732fe62cf4b30847665dab30903d00d99;p=tt-rss.git

diff --git a/classes/article.php b/classes/article.php
old mode 100644
new mode 100755
index 0352e1b9..09bd6d7d
--- a/classes/article.php
+++ b/classes/article.php
@@ -8,7 +8,7 @@ class Article extends Handler_Protected {
 	}
 
 	function redirect() {
-		$id = $_REQUEST['id'];
+		$id = clean($_REQUEST['id']);
 
 		$sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
 						WHERE id = ? AND id = ref_id AND owner_uid = ?
@@ -28,9 +28,9 @@ class Article extends Handler_Protected {
 	}
 
 	function view() {
-		$id = $_REQUEST["id"];
-		$cids = explode(",", $_REQUEST["cids"]);
-		$mode = $_REQUEST["mode"];
+		$id = clean($_REQUEST["id"]);
+		$cids = explode(",", clean($_REQUEST["cids"]));
+		$mode = clean($_REQUEST["mode"]);
 
 		// in prefetch mode we only output requested cids, main article
 		// just gets marked as read (it already exists in client cache)
@@ -126,7 +126,7 @@ class Article extends Handler_Protected {
 		if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) return false;
 
 		$pdo = Db::pdo();
-		
+
 		$pdo->beginTransaction();
 
 		// only check for our user data here, others might have shared this with different content etc
@@ -210,7 +210,7 @@ class Article extends Handler_Protected {
 
 		print __("Tags for this article (separated by commas):")."<br>";
 
-		$param = $_REQUEST['param'];
+		$param = clean($_REQUEST['param']);
 
 		$tags = Article::get_article_tags($param);
 
@@ -241,8 +241,8 @@ class Article extends Handler_Protected {
 	}
 
 	function setScore() {
-		$ids = explode(",", $_REQUEST['id']);
-		$score = (int)$_REQUEST['score'];
+		$ids = explode(",", clean($_REQUEST['id']));
+		$score = (int)clean($_REQUEST['score']);
 
 		$ids_qmarks = arr_qmarks($ids);
 
@@ -257,7 +257,7 @@ class Article extends Handler_Protected {
 	}
 
 	function getScore() {
-		$id = $_REQUEST['id'];
+		$id = clean($_REQUEST['id']);
 
 		$sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
 		$sth->execute([$id, $_SESSION['uid']]);
@@ -273,9 +273,9 @@ class Article extends Handler_Protected {
 
 	function setArticleTags() {
 
-		$id = $_REQUEST["id"];
+		$id = clean($_REQUEST["id"]);
 
-		$tags_str = $_REQUEST["tags_str"];
+		$tags_str = clean($_REQUEST["tags_str"]);
 		$tags = array_unique(trim_array(explode(",", $tags_str)));
 
 		$this->pdo->beginTransaction();
@@ -309,7 +309,7 @@ class Article extends Handler_Protected {
 
 				if ($tag != '') {
 					$sth = $this->pdo->prepare("INSERT INTO ttrss_tags
-								(post_int_id, owner_uid, tag_name) 
+								(post_int_id, owner_uid, tag_name)
 								VALUES (?, ?, ?)");
 
 					$sth->execute([$int_id, $_SESSION['uid'], $tag]);
@@ -342,7 +342,7 @@ class Article extends Handler_Protected {
 
 
 	function completeTags() {
-		$search = $_REQUEST["search"];
+		$search = clean($_REQUEST["search"]);
 
 		$sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags
 				WHERE owner_uid = ? AND
@@ -369,11 +369,10 @@ class Article extends Handler_Protected {
 	private function labelops($assign) {
 		$reply = array();
 
-		$ids = explode(",", $_REQUEST["ids"]);
-		$label_id = $_REQUEST["lid"];
+		$ids = explode(",", clean($_REQUEST["ids"]));
+		$label_id = clean($_REQUEST["lid"]);
 
-		$label = db_escape_string(Labels::find_caption($label_id,
-		$_SESSION["uid"]));
+		$label = Labels::find_caption($label_id, $_SESSION["uid"]);
 
 		$reply["info-for-headlines"] = array();
 
@@ -610,6 +609,8 @@ class Article extends Handler_Protected {
 				$line = $p->hook_render_article($line);
 			}
 
+			$line['content'] = rewrite_cached_urls($line['content']);
+
 			$num_comments = (int) $line["num_comments"];
 			$entry_comments = "";
 
@@ -629,22 +630,57 @@ class Article extends Handler_Protected {
 				}
 			}
 
+			$enclosures = self::get_article_enclosures($line["id"]);
+
 			if ($zoom_mode) {
 				header("Content-Type: text/html");
-				$rv['content'] .= "<html><head>
+				$rv['content'] .= "<!DOCTYPE html>
+						<html><head>
 						<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
 						<title>".$line["title"]."</title>".
-					stylesheet_tag("css/default.css")."
-
+						stylesheet_tag("css/default.css")."
 						<link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
-						<link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
+						<link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">";
+
+				$rv['content'] .= "<meta property=\"og:title\" content=\"".htmlspecialchars($line["title"])."\"/>\n";
+				$rv['content'] .= "<meta property=\"og:site_name\" content=\"".htmlspecialchars($line["feed_title"])."\"/>\n";
+				$rv['content'] .= "<meta property=\"og:description\" content=\"".
+					htmlspecialchars(truncate_string(strip_tags($line["content"]), 500, "..."))."\"/>\n";
+
+				$rv['content'] .= "</head>";
+
+				$og_image = false;
+
+				foreach ($enclosures as $enc) {
+					if (strpos($enc["content_type"], "image/") !== FALSE) {
+						$og_image = $enc["content_url"];
+						break;
+					}
+				}
+
+				if (!$og_image) {
+					$tmpdoc = new DOMDocument();
 
-					</head><body id=\"ttrssZoom\">";
+					if (@$tmpdoc->loadHTML(mb_substr($line["content"], 0, 131070))) {
+						$tmpxpath = new DOMXPath($tmpdoc);
+						$first_img = $tmpxpath->query("//img")->item(0);
+
+						if ($first_img) {
+							$og_image = $first_img->getAttribute("src");
+						}
+					}
+				}
+
+				if ($og_image) {
+					$rv['content'] .= "<meta property=\"og:image\" content=\"" . htmlspecialchars($og_image) . "\"/>";
+				}
+
+				$rv['content'] .= "<body class=\"claro ttrss_utility ttrss_zoom\">";
 			}
 
-			$rv['content'] .= "<div class=\"postReply\" id=\"POST-$id\">";
+			$rv['content'] .= "<div class=\"post\" id=\"POST-$id\">";
 
-			$rv['content'] .= "<div class=\"postHeader\" id=\"POSTHDR-$id\">";
+			$rv['content'] .= "<div class=\"header\">";
 
 			$entry_author = $line["author"];
 
@@ -656,25 +692,25 @@ class Article extends Handler_Protected {
 				$owner_uid, true);
 
 			if (!$zoom_mode)
-				$rv['content'] .= "<div class=\"postDate\">$parsed_updated</div>";
+				$rv['content'] .= "<div class=\"date\">$parsed_updated</div>";
 
 			if ($line["link"]) {
-				$rv['content'] .= "<div class='postTitle'><a target='_blank' rel='noopener noreferrer'
+				$rv['content'] .= "<div class='title'><a target='_blank' rel='noopener noreferrer'
 					title=\"".htmlspecialchars($line['title'])."\"
 					href=\"" .
 					htmlspecialchars($line["link"]) . "\">" .
 					$line["title"] . "</a>" .
 					"<span class='author'>$entry_author</span></div>";
 			} else {
-				$rv['content'] .= "<div class='postTitle'>" . $line["title"] . "$entry_author</div>";
+				$rv['content'] .= "<div class='title'>" . $line["title"] . "$entry_author</div>";
 			}
 
 			if ($zoom_mode) {
 				$feed_title = htmlspecialchars($line["feed_title"]);
 
-				$rv['content'] .= "<div class=\"postFeedTitle\">$feed_title</div>";
+				$rv['content'] .= "<div class=\"feed-title\">$feed_title</div>";
 
-				$rv['content'] .= "<div class=\"postDate\">$parsed_updated</div>";
+				$rv['content'] .= "<div class=\"date\">$parsed_updated</div>";
 			}
 
 			$tags_str = Article::format_tags_string($line["tags"], $id);
@@ -750,7 +786,7 @@ class Article extends Handler_Protected {
 
 			if (!$line['lang']) $line['lang'] = 'en';
 
-			$rv['content'] .= "<div class=\"postContent\" lang=\"".$line['lang']."\">";
+			$rv['content'] .= "<div class=\"content\" lang=\"".$line['lang']."\">";
 
 			$rv['content'] .= $line["content"];
 
@@ -792,7 +828,7 @@ class Article extends Handler_Protected {
 		$pdo = Db::pdo();
 
 		$sth = $pdo->prepare("SELECT DISTINCT tag_name,
-			owner_uid as owner FROM	ttrss_tags 
+			owner_uid as owner FROM	ttrss_tags
 			WHERE post_int_id = (SELECT int_id FROM ttrss_user_entries WHERE
 			ref_id = ? AND owner_uid = ? LIMIT 1) ORDER BY tag_name");
 
@@ -900,19 +936,24 @@ class Article extends Handler_Protected {
 		return $rv;
 	}
 
-	static function purge_orphans($do_output = false) {
+	static function purge_orphans() {
 
-		// purge orphaned posts in main content table
+        // purge orphaned posts in main content table
 
-		$pdo = Db::pdo();
-		$res = $pdo->query("DELETE FROM ttrss_entries WHERE
-			NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id)");
+        if (DB_TYPE == "mysql")
+            $limit_qpart = "LIMIT 5000";
+        else
+            $limit_qpart = "";
 
-		if ($do_output) {
-			$rows = $res->rowCount();
-			_debug("Purged $rows orphaned posts.");
-		}
-	}
+        $pdo = Db::pdo();
+        $res = $pdo->query("DELETE FROM ttrss_entries WHERE
+			NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id) $limit_qpart");
+
+        if (Debug::enabled()) {
+            $rows = $res->rowCount();
+            Debug::log("Purged $rows orphaned posts.");
+        }
+    }
 
 	static function catchupArticlesById($ids, $cmode, $owner_uid = false) {