X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Ffunctions2.php;h=669bbe038634c83cddd42532b13f623f6041d3b9;hb=21d7585a54925f845cd90c4967dd19b3ad92bb02;hp=deeaaf2109f5c93479e2d61f4042a60c451189d5;hpb=ae962a96fdba3fcc14b60d48f0db48bb7f3b243e;p=tt-rss.git diff --git a/include/functions2.php b/include/functions2.php index deeaaf21..669bbe03 100644 --- a/include/functions2.php +++ b/include/functions2.php @@ -17,7 +17,10 @@ $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY"); $params["bw_limit"] = (int) $_SESSION["bw_limit"]; $params["label_base_index"] = (int) LABEL_BASE_INDEX; - $params["theme"] = get_pref("USER_CSS_THEME", false, false); + + $theme = get_pref( "USER_CSS_THEME", false, false); + $params["theme"] = theme_valid("$theme") ? $theme : ""; + $params["plugins"] = implode(", ", PluginHost::getInstance()->get_plugin_names()); $params["php_platform"] = PHP_OS; @@ -826,6 +829,21 @@ } + function iframe_whitelisted($entry) { + $whitelist = array("youtube.com", "youtu.be", "vimeo.com"); + + @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST); + + if ($src) { + foreach ($whitelist as $w) { + if ($src == $w || $src == "www.$w") + return true; + } + } + + return false; + } + function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) { if (!$owner) $owner = $_SESSION["uid"]; @@ -894,8 +912,15 @@ $entries = $xpath->query('//iframe'); foreach ($entries as $entry) { - $entry->setAttribute('sandbox', 'allow-scripts'); - + if (!iframe_whitelisted($entry)) { + $entry->setAttribute('sandbox', 'allow-scripts'); + } else { + if ($_SERVER['HTTPS'] == "on") { + $entry->setAttribute("src", + str_replace("http://", "https://", + $entry->getAttribute("src"))); + } + } } $allowed_elements = array('a', 'address', 'audio', 'article', 'aside', @@ -1958,8 +1983,8 @@ } function getLastArticleId() { - $result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries - WHERE owner_uid = " . $_SESSION["uid"]); + $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries + WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1"); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "id"); @@ -2243,10 +2268,6 @@ curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY); } - if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) { - curl_setopt($curl, CURLOPT_SSLVERSION, 3); - } - $html = curl_exec($curl); $status = curl_getinfo($curl); @@ -2404,9 +2425,21 @@ return LABEL_BASE_INDEX - 1 + abs($feed); } - function format_libxml_error($error) { - return T_sprintf("LibXML error %s at line %d (column %d): %s", - $error->code, $error->line, $error->column, - $error->message); + function theme_valid($file) { + if ($file == "default.css" || $file == "night.css") return true; // needed for array_filter + $file = "themes/" . basename($file); + + if (file_exists($file) && is_readable($file)) { + $fh = fopen($file, "r"); + + if ($fh) { + $header = fgets($fh); + fclose($fh); + + return strpos($header, "supports-version:" . VERSION_STATIC) !== FALSE; + } + } + + return false; } ?>