X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Ffunctions.php;h=f0d5e85faf8325250ae1dc24d16b21f2ebfeabe3;hb=404e2e3603c852a3f82a21c14b8888005e2b3f99;hp=d77cb199e309d60b8bdf2c77bd8631548f04195d;hpb=0db61af84176a39cf1dfd90f62985d0728822b03;p=tt-rss.git

diff --git a/include/functions.php b/include/functions.php
index d77cb199..f0d5e85f 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1,25 +1,15 @@
 <?php
 	define('EXPECTED_CONFIG_VERSION', 26);
-	define('SCHEMA_VERSION', 115);
+	define('SCHEMA_VERSION', 118);
 
 	define('LABEL_BASE_INDEX', -1024);
 	define('PLUGIN_FEED_BASE_INDEX', -128);
 
 	$fetch_last_error = false;
 	$fetch_last_error_code = false;
+	$fetch_last_content_type = false;
 	$pluginhost = false;
 
-	function __autoload($class) {
-		$class_file = str_replace("_", "/", strtolower(basename($class)));
-
-		$file = dirname(__FILE__)."/../classes/$class_file.php";
-
-		if (file_exists($file)) {
-			require $file;
-		}
-
-	}
-
 	mb_internal_encoding("UTF-8");
 	date_default_timezone_set('UTC');
 	if (defined('E_DEPRECATED')) {
@@ -317,10 +307,13 @@
 
 		global $fetch_last_error;
 		global $fetch_last_error_code;
+		global $fetch_last_content_type;
+
+		$url = str_replace(' ', '%20', $url);
 
-		if (function_exists('curl_init') && !ini_get("open_basedir")) {
+		if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) {
 
-			if (ini_get("safe_mode")) {
+			if (ini_get("safe_mode") || ini_get("open_basedir")) {
 				$ch = curl_init(geturl($url));
 			} else {
 				$ch = curl_init($url);
@@ -333,7 +326,7 @@
 
 			curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout ? $timeout : FILE_FETCH_CONNECT_TIMEOUT);
 			curl_setopt($ch, CURLOPT_TIMEOUT, $timeout ? $timeout : FILE_FETCH_TIMEOUT);
-			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("safe_mode"));
+			curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("safe_mode") && !ini_get("open_basedir"));
 			curl_setopt($ch, CURLOPT_MAXREDIRS, 20);
 			curl_setopt($ch, CURLOPT_BINARYTRANSFER, true);
 			curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
@@ -365,11 +358,11 @@
 			}
 
 			$http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE);
-			$content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
+			$fetch_last_content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE);
 
 			$fetch_last_error_code = $http_code;
 
-			if ($http_code != 200 || $type && strpos($content_type, "$type") === false) {
+			if ($http_code != 200 || $type && strpos($fetch_last_content_type, "$type") === false) {
 				if (curl_errno($ch) != 0) {
 					$fetch_last_error = curl_errno($ch) . " " . curl_error($ch);
 				} else {
@@ -397,8 +390,14 @@
 
 			$data = @file_get_contents($url);
 
-			@$gzdecoded = gzdecode($data);
-			if ($gzdecoded) $data = $gzdecoded;
+			$fetch_last_content_type = false;  // reset if no type was sent from server
+			foreach ($http_response_header as $h) {
+				if (substr(strtolower($h), 0, 13) == 'content-type:') {
+					$fetch_last_content_type = substr($h, 14);
+					// don't abort here b/c there might be more than one
+					// e.g. if we were being redirected -- last one is the right one
+				}
+			}
 
 			if (!$data && function_exists('error_get_last')) {
 				$error = error_get_last();
@@ -498,6 +497,7 @@
 					}
 				}
 			}
+            return $icon_file;
 		}
 	}
 
@@ -633,6 +633,7 @@
 				@session_start();
 
 				$_SESSION["uid"] = $user_id;
+				$_SESSION["version"] = VERSION;
 
 				$result = db_query($link, "SELECT login,access_level,pwd_hash FROM ttrss_users
 					WHERE id = '$user_id'");
@@ -747,7 +748,9 @@
 			cache_prefs($link);
 			load_user_plugins($link, $_SESSION["uid"]);
 		} else {
-			if (!$_SESSION["uid"] || !validate_session($link)) {
+			if (!validate_session($link)) $_SESSION["uid"] = false;
+
+			if (!$_SESSION["uid"]) {
 
 				if (AUTH_AUTO_LOGIN && authenticate_user($link, null, null)) {
 				    $_SESSION["ref_schema_version"] = get_schema_version($link, true);
@@ -755,7 +758,13 @@
 					 authenticate_user($link, null, null, true);
 				}
 
-				if (!$_SESSION["uid"]) render_login_form($link);
+				if (!$_SESSION["uid"]) {
+					@session_destroy();
+					setcookie(session_name(), '', time()-42000, '/');
+
+					render_login_form($link);
+					exit;
+				}
 
 			} else {
 				/* bump login timestamp */
@@ -1076,9 +1085,9 @@
 						$intl = get_pref($link, "FRESH_ARTICLE_MAX_AGE");
 
 						if (DB_TYPE == "pgsql") {
-							$match_part = "updated > NOW() - INTERVAL '$intl hour' ";
+							$match_part = "date_entered > NOW() - INTERVAL '$intl hour' ";
 						} else {
-							$match_part = "updated > DATE_SUB(NOW(),
+							$match_part = "date_entered > DATE_SUB(NOW(),
 								INTERVAL $intl HOUR) ";
 						}
 
@@ -1086,7 +1095,7 @@
 							SET unread = false, last_read = NOW() WHERE ref_id IN
 								(SELECT id FROM
 									(SELECT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
-										AND owner_uid = $owner_uid AND unread = true AND feed_id = $feed AND $date_qpart AND $match_part) as tmp)");
+										AND owner_uid = $owner_uid AND unread = true AND $date_qpart AND $match_part) as tmp)");
 					}
 
 					if ($feed == -4) {
@@ -1461,7 +1470,8 @@
 		$result = db_query($link, "SELECT id,caption,COUNT(unread) AS unread
 			FROM ttrss_labels2 LEFT JOIN ttrss_user_labels2 ON
 				(ttrss_labels2.id = label_id)
-					LEFT JOIN ttrss_user_entries ON (ref_id = article_id AND unread = true)
+				LEFT JOIN ttrss_user_entries ON (ref_id = article_id AND unread = true
+					AND ttrss_user_entries.owner_uid = $owner_uid)
 				WHERE ttrss_labels2.owner_uid = $owner_uid GROUP BY ttrss_labels2.id,
 					ttrss_labels2.caption");
 
@@ -1594,12 +1604,22 @@
 			"SELECT id FROM ttrss_feeds
 			WHERE feed_url = '$url' AND owner_uid = ".$_SESSION["uid"]);
 
+		if (strlen(FEED_CRYPT_KEY) > 0) {
+			require_once "crypt.php";
+			$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
+			$auth_pass_encrypted = 'true';
+		} else {
+			$auth_pass_encrypted = 'false';
+		}
+
+		$auth_pass = db_escape_string($link, $auth_pass);
+
 		if (db_num_rows($result) == 0) {
 			$result = db_query($link,
 				"INSERT INTO ttrss_feeds
-					(owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method)
+					(owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method,auth_pass_encrypted)
 				VALUES ('".$_SESSION["uid"]."', '$url',
-				'[Unknown]', $cat_qpart, '$auth_login', '$auth_pass', 0)");
+				'[Unknown]', $cat_qpart, '$auth_login', '$auth_pass', 0, $auth_pass_encrypted)");
 
 			$result = db_query($link,
 				"SELECT id FROM ttrss_feeds WHERE feed_url = '$url'
@@ -1820,6 +1840,8 @@
 			}
 			break;
 		}
+
+		return false;
 	}
 
 	function getFeedTitle($link, $id, $cat = false) {
@@ -1906,6 +1928,8 @@
 				"prev_article" => __("Open previous article"),
 				"next_article_noscroll" => __("Open next article (don't scroll long articles)"),
 				"prev_article_noscroll" => __("Open previous article (don't scroll long articles)"),
+				"next_article_noexpand" => __("Move to next article (don't expand or mark read)"),
+				"prev_article_noexpand" => __("Move to previous article (don't expand or mark read)"),
 				"search_dialog" => __("Show search dialog")),
 			__("Article") => array(
 				"toggle_mark" => __("Toggle starred"),
@@ -1922,6 +1946,7 @@
 				"select_article_cursor" => __("Select article under cursor"),
 				"email_article" => __("Email article"),
 				"close_article" => __("Close/collapse article"),
+				"toggle_expand" => __("Toggle article expansion (combined mode)"),
 				"toggle_widescreen" => __("Toggle widescreen mode"),
 				"toggle_embed_original" => __("Toggle embed original")),
 			__("Article selection") => array(
@@ -2126,39 +2151,77 @@
 
 			$commandpair = explode(":", mb_strtolower($k), 2);
 
-			if ($commandpair[0] == "note" && $commandpair[1]) {
-
-				if ($commandpair[1] == "true")
-					array_push($query_keywords, "($not (note IS NOT NULL AND note != ''))");
-				else
-					array_push($query_keywords, "($not (note IS NULL OR note = ''))");
-
-			} else if ($commandpair[0] == "star" && $commandpair[1]) {
-
-				if ($commandpair[1] == "true")
-					array_push($query_keywords, "($not (marked = true))");
-				else
-					array_push($query_keywords, "($not (marked = false))");
-
-			} else if ($commandpair[0] == "pub" && $commandpair[1]) {
+			switch ($commandpair[0]) {
+			case "title":
+				if ($commandpair[1]) {
+					array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
+						db_escape_string($link, mb_strtolower($commandpair[1]))."%'))");
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
+				break;
+			case "author":
+				if ($commandpair[1]) {
+					array_push($query_keywords, "($not (LOWER(author) LIKE '%".
+						db_escape_string($link, mb_strtolower($commandpair[1]))."%'))");
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
+				break;
+			case "note":
+				if ($commandpair[1]) {
+					if ($commandpair[1] == "true")
+						array_push($query_keywords, "($not (note IS NOT NULL AND note != ''))");
+					else if ($commandpair[1] == "false")
+						array_push($query_keywords, "($not (note IS NULL OR note = ''))");
+					else
+						array_push($query_keywords, "($not (LOWER(note) LIKE '%".
+							db_escape_string($link, mb_strtolower($commandpair[1]))."%'))");
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
+				break;
+			case "star":
 
-				if ($commandpair[1] == "true")
-					array_push($query_keywords, "($not (published = true))");
-				else
-					array_push($query_keywords, "($not (published = false))");
+				if ($commandpair[1]) {
+					if ($commandpair[1] == "true")
+						array_push($query_keywords, "($not (marked = true))");
+					else
+						array_push($query_keywords, "($not (marked = false))");
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
+				break;
+			case "pub":
+				if ($commandpair[1]) {
+					if ($commandpair[1] == "true")
+						array_push($query_keywords, "($not (published = true))");
+					else
+						array_push($query_keywords, "($not (published = false))");
 
-			} else if (strpos($k, "@") === 0) {
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
+				break;
+			default:
+				if (strpos($k, "@") === 0) {
 
-				$user_tz_string = get_pref($link, 'USER_TIMEZONE', $_SESSION['uid']);
-				$orig_ts = strtotime(substr($k, 1));
-				$k = date("Y-m-d", convert_timestamp($orig_ts, $user_tz_string, 'UTC'));
+					$user_tz_string = get_pref($link, 'USER_TIMEZONE', $_SESSION['uid']);
+					$orig_ts = strtotime(substr($k, 1));
+					$k = date("Y-m-d", convert_timestamp($orig_ts, $user_tz_string, 'UTC'));
 
-				//$k = date("Y-m-d", strtotime(substr($k, 1)));
+					//$k = date("Y-m-d", strtotime(substr($k, 1)));
 
-				array_push($query_keywords, "(".SUBSTRING_FOR_DATE."(updated,1,LENGTH('$k')) $not = '$k')");
-			} else {
-				array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
-						OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+					array_push($query_keywords, "(".SUBSTRING_FOR_DATE."(updated,1,LENGTH('$k')) $not = '$k')");
+				} else {
+					array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
+							OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+				}
 			}
 		}
 
@@ -2408,6 +2471,7 @@
 
 				$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
 			} else if ($feed == -4) { // all articles virtual feed
+				$allow_archived = true;
 				$query_strategy_part = "true";
 				$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
 			} else if ($feed <= LABEL_BASE_INDEX) { // labels
@@ -2425,13 +2489,7 @@
 				$query_strategy_part = "true";
 			}
 
-			if (get_pref($link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
-				$date_sort_field = "updated";
-			} else {
-				$date_sort_field = "date_entered";
-			}
-
-			$order_by = "$date_sort_field DESC, updated DESC";
+			$order_by = "score DESC, date_entered DESC, updated DESC";
 
 			if ($view_mode == "unread_first") {
 				$order_by = "unread DESC, $order_by";
@@ -2494,6 +2552,9 @@
 						LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)";
 				}
 
+				if ($vfeed_query_part)
+					$vfeed_query_part .= "favicon_avg_color,";
+
 				$query = "SELECT DISTINCT
 						date_entered,
 						guid,
@@ -2676,14 +2737,16 @@
 
 		}
 
-		$allowed_elements = array('a', 'address', 'audio', 'article',
-			'b', 'big', 'blockquote', 'body', 'br', 'cite', 'center',
-			'code', 'dd', 'del', 'details', 'div', 'dl', 'font',
-			'dt', 'em', 'footer', 'h1', 'h2', 'h3', 'h4', 'h5', 'h6',
-			'header', 'html', 'i', 'img', 'ins', 'kbd',
-			'li', 'nav', 'noscript', 'ol', 'p', 'pre', 'q', 's','small',
-			'source', 'span', 'strike', 'strong', 'sub', 'summary',
-			'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead',
+		$allowed_elements = array('a', 'address', 'audio', 'article', 'aside',
+			'b', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br',
+			'caption', 'cite', 'center', 'code', 'col', 'colgroup',
+			'data', 'dd', 'del', 'details', 'div', 'dl', 'font',
+			'dt', 'em', 'footer', 'figure', 'figcaption',
+			'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'html', 'i',
+			'img', 'ins', 'kbd', 'li', 'main', 'mark', 'nav', 'noscript',
+			'ol', 'p', 'pre', 'q', 'ruby', 'rp', 'rt', 's', 'samp', 'section',
+			'small', 'source', 'span', 'strike', 'strong', 'sub', 'summary',
+			'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time',
 			'tr', 'track', 'tt', 'u', 'ul', 'var', 'wbr', 'video' );
 
 		if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
@@ -2867,19 +2930,12 @@
 	}
 
 	function render_login_form($link) {
+		header('Cache-Control: public');
+
 		require_once "login_form.php";
 		exit;
 	}
 
-	// from http://developer.apple.com/internet/safari/faq.html
-	function no_cache_incantation() {
-		header("Expires: Mon, 22 Dec 1980 00:00:00 GMT"); // Happy birthday to me :)
-		header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
-		header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); // HTTP/1.1
-		header("Cache-Control: post-check=0, pre-check=0", false);
-		header("Pragma: no-cache"); // HTTP/1.0
-	}
-
 	function format_warning($msg, $id = "") {
 		global $link;
 		return "<div class=\"warning\" id=\"$id\">
@@ -2925,19 +2981,12 @@
 		if (strpos($ctype, "audio/") === 0) {
 
 			if ($_SESSION["hasAudio"] && (strpos($ctype, "ogg") !== false ||
-				strpos($_SERVER['HTTP_USER_AGENT'], "Chrome") !== false ||
-				strpos($_SERVER['HTTP_USER_AGENT'], "Safari") !== false )) {
+				$_SESSION["hasMp3"])) {
 
-				$id = 'AUDIO-' . uniqid();
-
-				$entry .= "<audio id=\"$id\"\" controls style='display : none'>
+				$entry .= "<audio controls>
 					<source type=\"$ctype\" src=\"$url\"></source>
 					</audio>";
 
-				$entry .= "<span onclick=\"player(this)\"
-					title=\"".__("Click to play")."\" status=\"0\"
-					class=\"player\" audio-id=\"$id\">".__("Play")."</span>";
-
 			} else {
 
 				$entry .= "<object type=\"application/x-shockwave-flash\"
@@ -2995,6 +3044,7 @@
 			".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
 			(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url,
 			(SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) as hide_images,
+			(SELECT always_display_enclosures FROM ttrss_feeds WHERE id = feed_id) as always_display_enclosures,
 			num_comments,
 			tag_cache,
 			author,
@@ -3093,18 +3143,23 @@
 					position=\"below\">$tags_str_full</div>";
 
 				global $pluginhost;
-
 				foreach ($pluginhost->get_hooks($pluginhost::HOOK_ARTICLE_BUTTON) as $p) {
 					$rv['content'] .= $p->hook_article_button($line);
 				}
 
-
 			} else {
 				$tags_str = strip_tags($tags_str);
 				$rv['content'] .= "<span id=\"ATSTR-$id\">$tags_str</span>";
 			}
 			$rv['content'] .= "</div>";
-			$rv['content'] .= "<div clear='both'>$entry_comments</div>";
+			$rv['content'] .= "<div clear='both'>";
+
+			global $pluginhost;
+			foreach ($pluginhost->get_hooks($pluginhost::HOOK_ARTICLE_LEFT_BUTTON) as $p) {
+				$rv['content'] .= $p->hook_article_left_button($line);
+			}
+
+			$rv['content'] .= "$entry_comments</div>";
 
 			if ($line["orig_feed_id"]) {
 
@@ -3144,9 +3199,10 @@
 			$rv['content'] .= "<div class=\"postContent\">";
 
 			$rv['content'] .= $line["content"];
-
 			$rv['content'] .= format_article_enclosures($link, $id,
-				$always_display_enclosures, $line["content"], $line["hide_images"]);
+				sql_bool_to_bool($line["always_display_enclosures"]),
+				$line["content"],
+				sql_bool_to_bool($line["hide_images"]));
 
 			$rv['content'] .= "</div>";
 
@@ -3304,32 +3360,13 @@
 		return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0;
 	}
 
-	function init_connection($link) {
-		if ($link) {
-
-			if (DB_TYPE == "pgsql") {
-				pg_query($link, "set client_encoding = 'UTF-8'");
-				pg_set_client_encoding("UNICODE");
-				pg_query($link, "set datestyle = 'ISO, european'");
-				pg_query($link, "set TIME ZONE 0");
-			} else {
-				db_query($link, "SET time_zone = '+0:0'");
-
-				if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
-					db_query($link, "SET NAMES " . MYSQL_CHARSET);
-				}
-			}
-
-			global $pluginhost;
+	function init_plugins($link) {
+		global $pluginhost;
 
-			$pluginhost = new PluginHost($link);
-			$pluginhost->load(PLUGINS, $pluginhost::KIND_ALL);
+		$pluginhost = new PluginHost($link);
+		$pluginhost->load(PLUGINS, $pluginhost::KIND_ALL);
 
-			return true;
-		} else {
-			print "Unable to connect to database:" . db_last_error();
-			return false;
-		}
+		return true;
 	}
 
 	function format_tags_string($tags, $id) {
@@ -3378,6 +3415,8 @@
 
 	function format_article_labels($labels, $id) {
 
+		if (is_array($labels)) return '';
+
 		$labels_str = "";
 
 		foreach ($labels as $l) {
@@ -3757,7 +3796,9 @@
 
 		$sphinxClient = new SphinxClient();
 
-		$sphinxClient->SetServer('localhost', 9312);
+		$sphinxpair = explode(":", SPHINX_SERVER, 2);
+
+		$sphinxClient->SetServer($sphinxpair[0], $sphinxpair[1]);
 		$sphinxClient->SetConnectTimeout(1);
 
 		$sphinxClient->SetFieldWeights(array('title' => 70, 'content' => 30,