X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Fprefs.php;h=81b19cfb5e92d53eaa469cb74be09b01928c737b;hb=fbff72e081e812926f89e608cf7af1b7d8c841cb;hp=ff778cbceac6fcdf7e595614e3d25a31c7c61912;hpb=187abfe732fe62cf4b30847665dab30903d00d99;p=tt-rss.git
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index ff778cbc..81b19cfb 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -48,7 +48,7 @@ class Pref_Prefs extends Handler_Protected {
"SHOW_CONTENT_PREVIEW" => array(__("Show content preview in headlines list"), ""),
"SORT_HEADLINES_BY_FEED_DATE" => array(__("Sort headlines by feed date"), __("Use feed-specified date to sort headlines instead of local import date.")),
"SSL_CERT_SERIAL" => array(__("Login with an SSL certificate"), __("Click to register your SSL client certificate with tt-rss")),
- "STRIP_IMAGES" => array(__("Do not embed images in articles"), ""),
+ "STRIP_IMAGES" => array(__("Do not embed media in articles"), ""),
"STRIP_UNSAFE_TAGS" => array(__("Strip unsafe tags from articles"), __("Strip all but most common HTML tags when reading articles.")),
"USER_STYLESHEET" => array(__("Customize stylesheet"), __("Customize CSS stylesheet to your liking")),
"USER_TIMEZONE" => array(__("Time zone"), ""),
@@ -60,9 +60,9 @@ class Pref_Prefs extends Handler_Protected {
function changepassword() {
- $old_pw = $_POST["old_password"];
- $new_pw = $_POST["new_password"];
- $con_pw = $_POST["confirm_password"];
+ $old_pw = clean($_POST["old_password"]);
+ $new_pw = clean($_POST["new_password"]);
+ $con_pw = clean($_POST["confirm_password"]);
if ($old_pw == "") {
print "ERROR: ".format_error("Old password cannot be blank.");
@@ -89,7 +89,7 @@ class Pref_Prefs extends Handler_Protected {
}
function saveconfig() {
- $boolean_prefs = explode(",", $_POST["boolean_prefs"]);
+ $boolean_prefs = explode(",", clean($_POST["boolean_prefs"]));
foreach ($boolean_prefs as $pref) {
if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
@@ -99,7 +99,6 @@ class Pref_Prefs extends Handler_Protected {
foreach (array_keys($_POST) as $pref_name) {
- $pref_name = $pref_name;
$value = $_POST[$pref_name];
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
@@ -130,8 +129,8 @@ class Pref_Prefs extends Handler_Protected {
function changeemail() {
- $email = $_POST["email"];
- $full_name = $_POST["full_name"];
+ $email = clean($_POST["email"]);
+ $full_name = clean($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
@@ -147,8 +146,8 @@ class Pref_Prefs extends Handler_Protected {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
- $sth = $this->pdo->query("DELETE FROM ttrss_user_prefs
- WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
+ WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
AND owner_uid = :uid");
$sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
@@ -163,7 +162,7 @@ class Pref_Prefs extends Handler_Protected {
$prefs_blacklist = array("ALLOW_DUPLICATE_POSTS", "STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES",
"SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT",
- "FEEDS_SORT_BY_UNREAD");
+ "FEEDS_SORT_BY_UNREAD", "CDM_EXPANDED");
/* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */
@@ -173,6 +172,9 @@ class Pref_Prefs extends Handler_Protected {
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
"SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
+ $digest_options = array("DIGEST_ENABLE", "DIGEST_CATCHUP", "DIGEST_PREFERRED_TIME");
+
+ $purge_options = array("PURGE_UNREAD_ARTICLES", "PURGE_OLD_DAYS");
$_SESSION["prefs_op_result"] = "";
@@ -207,7 +209,7 @@ class Pref_Prefs extends Handler_Protected {
$email = htmlspecialchars($row["email"]);
$full_name = htmlspecialchars($row["full_name"]);
- $otp_enabled = $row["otp_enabled"];
+ $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
print "
".__('Full name')." | ";
print " |
";
print "";
- print "".
+ print "".
__("Enable OTP")."";
print "";
@@ -503,6 +505,12 @@ class Pref_Prefs extends Handler_Protected {
continue;
}
+ /* Hide options from the user that are disabled in config.php. */
+ if (FORCE_ARTICLE_PURGE && in_array($pref_name, $purge_options))
+ continue;
+ if (DIGEST_SUBJECT === false && in_array($pref_name, $digest_options))
+ continue;
+
if ($active_section != $line["section_id"]) {
if ($active_section != "") {
@@ -571,14 +579,7 @@ class Pref_Prefs extends Handler_Protected {
$checked = ($value == "true") ? "checked=\"checked\"" : "";
- if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
- $disabled = "disabled=\"1\"";
- $checked = "checked=\"checked\"";
- } else {
- $disabled = "";
- }
-
- print "";
} else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE',
@@ -586,15 +587,8 @@ class Pref_Prefs extends Handler_Protected {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
- if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
- $disabled = "disabled=\"1\"";
- $value = FORCE_ARTICLE_PURGE;
- } else {
- $disabled = "";
- }
-
print "";
} else if ($pref_name == "SSL_CERT_SERIAL") {
@@ -651,7 +645,7 @@ class Pref_Prefs extends Handler_Protected {
print_hidden("op", "pref-prefs");
print_hidden("method", "saveconfig");
- print "
+ print "
".__('Save configuration')."
".
__('Manage profiles')." ";
- print "
".
+ print "".
__('Reset to defaults')."";
print " ";
@@ -849,9 +843,6 @@ class Pref_Prefs extends Handler_Protected {
}
function otpqrcode() {
- require_once "lib/otphp/vendor/base32.php";
- require_once "lib/otphp/lib/otp.php";
- require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
$sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
@@ -861,10 +852,10 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) {
- $base32 = new Base32();
+ $base32 = new \OTPHP\Base32();
$login = $row["login"];
- $otp_enabled = $row["otp_enabled"];
+ $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
if (!$otp_enabled) {
$secret = $base32->encode(sha1($row["salt"]));
@@ -877,12 +868,9 @@ class Pref_Prefs extends Handler_Protected {
}
function otpenable() {
- require_once "lib/otphp/vendor/base32.php";
- require_once "lib/otphp/lib/otp.php";
- require_once "lib/otphp/lib/totp.php";
- $password = $_REQUEST["password"];
- $otp = $_REQUEST["otp"];
+ $password = clean($_REQUEST["password"]);
+ $otp = clean($_REQUEST["otp"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
@@ -895,7 +883,7 @@ class Pref_Prefs extends Handler_Protected {
if ($row = $sth->fetch()) {
- $base32 = new Base32();
+ $base32 = new \OTPHP\Base32();
$secret = $base32->encode(sha1($row["salt"]));
$topt = new \OTPHP\TOTP($secret);
@@ -903,7 +891,7 @@ class Pref_Prefs extends Handler_Protected {
$otp_check = $topt->now();
if ($otp == $otp_check) {
- $sth = $this->pdo->prepare("UPDATE ttrss_users
+ $sth = $this->pdo->prepare("UPDATE ttrss_users
SET otp_enabled = true WHERE id = ?");
$sth->execute([$_SESSION['uid']]);
@@ -920,8 +908,21 @@ class Pref_Prefs extends Handler_Protected {
}
+ static function isdefaultpassword() {
+ $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
+
+ if ($authenticator &&
+ method_exists($authenticator, "check_password") &&
+ $authenticator->check_password($_SESSION["uid"], "password")) {
+
+ return true;
+ }
+
+ return false;
+ }
+
function otpdisable() {
- $password = $_REQUEST["password"];
+ $password = clean($_REQUEST["password"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
@@ -939,8 +940,8 @@ class Pref_Prefs extends Handler_Protected {
}
function setplugins() {
- if (is_array($_REQUEST["plugins"]))
- $plugins = join(",", $_REQUEST["plugins"]);
+ if (is_array(clean($_REQUEST["plugins"])))
+ $plugins = join(",", clean($_REQUEST["plugins"]));
else
$plugins = "";
@@ -948,7 +949,7 @@ class Pref_Prefs extends Handler_Protected {
}
function clearplugindata() {
- $name = $_REQUEST["name"];
+ $name = clean($_REQUEST["name"]);
PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
}
@@ -1083,7 +1084,7 @@ class Pref_Prefs extends Handler_Protected {
print "