replace old-style published feed with universal secretkey-based approach used for...

diff --git a/backend.php b/backend.php
index 761fc0dc02351b963c23973008e0bc895cd158f7..9951366cd41f7915d962a7f3a3cc755a3c7171bd 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -466,31 +466,10 @@
                        module_pref_feed_browser($link);
                break; // pref-feed-browser
 
-               case "publish":
-                       $key = db_escape_string($_REQUEST["key"]);
-                       $limit = (int)db_escape_string($_REQUEST["limit"]);
-
-                       $result = db_query($link, "SELECT login, owner_uid 
-                               FROM ttrss_user_prefs, ttrss_users WHERE
-                               pref_name = '_PREFS_PUBLISH_KEY' AND 
-                               value = '$key' AND 
-                               ttrss_users.id = owner_uid");
-
-                       if (db_num_rows($result) == 1) {
-                               $owner = db_fetch_result($result, 0, "owner_uid");
-                               $login = db_fetch_result($result, 0, "login");
-
-                               generate_syndicated_feed($link, $owner, -2, false, $limit);
-
-                       } else {
-                               print "<error>User not found</error>";
-                       }
-               break; // publish
-
                case "rss":
                        $feed = db_escape_string($_REQUEST["id"]);
                        $user = db_escape_string($_REQUEST["user"]);
-                       $pass = db_escape_string($_REQUEST["pass"]);
+                       $key = db_escape_string($_REQUEST["key"]);
                        $is_cat = $_REQUEST["is_cat"] != false;
                        $limit = (int)db_escape_string($_REQUEST["limit"]);
 
@@ -503,8 +482,13 @@
                                authenticate_user($link, "admin", null);
                        }
 
-                       if (!$_SESSION["uid"] && $user && $pass) {
-                               authenticate_user($link, $user, $pass);
+                       if ($key && !$_SESSION["uid"]) {
+                               $result = db_query($link, "SELECT owner_uid FROM
+                                       ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+                               if (db_num_rows($result) == 1)
+                                       $_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
+
                        }
 
                        if ($_SESSION["uid"] || http_authenticate_user($link)) {

diff --git a/functions.js b/functions.js
index f3ae1965ebf8cb76fc19e18052da4f21d97fe4c6..f3756051f218a295eea2d8b8da7746f824446e5e 100644 (file)
--- a/functions.js
+++ b/functions.js
@@ -2216,3 +2216,48 @@ function quickAddCat(select) {
                exception_error("quickAddCat", e);
        }
 }
+
+function genUrlChangeKey(feed, is_cat) {
+
+       try {
+               var ok = confirm(__("Generate new syndication address for this feed?"));
+       
+               if (ok) {
+       
+                       notify_progress("Trying to change address...", true);
+       
+                       var query = "?op=rpc&subop=regenFeedKey&id=" + param_escape(feed) + 
+                               "&is_cat=" + param_escape(is_cat);
+
+                       new Ajax.Request("backend.php", {
+                               parameters: query,
+                               onComplete: function(transport) {
+                                               var new_link = transport.responseXML.getElementsByTagName("link")[0];
+       
+                                               var e = $('gen_feed_url');
+       
+                                               if (new_link) {
+                                                       
+                                                       new_link = new_link.firstChild.nodeValue;
+
+                                                       e.innerHTML = e.innerHTML.replace(/\&key=.*$/, 
+                                                               "&key=" + new_link);
+
+                                                       e.href = e.href.replace(/\&key=.*$/,
+                                                               "&key=" + new_link);
+
+                                                       new Effect.Highlight(e);
+
+                                                       notify('');
+       
+                                               } else {
+                                                       notify_error("Could not change feed URL.");
+                                               }
+                               } });
+               }
+       } catch (e) {
+               exception_error("genUrlChangeKey", e);
+       }
+       return false;
+}
+

diff --git a/functions.php b/functions.php
index c81026ae4c9a8741f2e90456c06cbe71efb40f5f..059e968aff1a773f297ec8e5dd6737fa678e3795 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -4203,12 +4203,19 @@
                                $search_q = "";
                        }
 
-                       $rss_link = "backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q";
+                       $rss_link = htmlspecialchars(get_self_url_prefix() . 
+                               "/backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q");
+
+                       #print "
+                       #       <a target=\"_blank\"
+                       #               title=\"".__("View as RSS feed")."\"
+                       #               href=\"$rss_link\">
+                       #               <img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
 
                        print "
-                               <a target=\"_blank\"
+                               <a href=\"#\"
                                        title=\"".__("View as RSS feed")."\"
-                                       href=\"$rss_link\">
+                                       onclick=\"displayDlg('generatedFeed', '$feed_id:$is_cat:$rss_link')\">
                                        <img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
 
                        print "</div>";
@@ -5110,9 +5117,9 @@
 
                $vgroup_last_feed = $vgr_last_feed;
 
-               if ($feed == -2) {
+/*             if ($feed == -2) {
                        $feed_site_url = article_publish_url($link);
-               }
+               } */
 
                /// STOP //////////////////////////////////////////////////////////////////////////////////
 
@@ -5730,15 +5737,10 @@
                return $tag;
        }
 
-       function generate_publish_key() {
-               return sha1(uniqid(rand(), true));
-       }
-
-       function article_publish_url($link) {
+       function get_self_url_prefix() {
 
                $url_path = "";
-               
-
+       
                if ($_SERVER['HTTPS'] != "on") {
                        $url_path = "http://";
                } else {
@@ -5746,22 +5748,13 @@
                }
 
                $url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
-               $url_path .= "/backend.php?op=publish&key=" . 
-                       get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
 
                return $url_path;
-       }
-        function opml_publish_url($link){
-               $url_path = "";
-               
 
-               if ($_SERVER['HTTPS'] != "on") {
-                       $url_path = "http://";
-               } else {
-                       $url_path = "https://";
-               }
+       }
+       function opml_publish_url($link){
 
-               $url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
+               $url_path = get_self_url_prefix();
                $url_path .= "/opml.php?op=publish&key=" . 
                        get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
 
@@ -6368,6 +6361,13 @@
 
                if (db_affected_rows($link, $result) != 0 && $caption) {
 
+                       /* Remove access key for the label */
+
+                       $ext_id = -11 - $id;
+
+                       db_query($link, "DELETE FROM ttrss_access_keys WHERE
+                               feed_id = '$ext_id' AND owner_uid = $owner_uid");
+
                        /* Disable filters that reference label being removed */
        
                        db_query($link, "UPDATE ttrss_filters SET
@@ -6559,6 +6559,11 @@
                                orig_feed_id = '$id' WHERE feed_id = '$id' AND 
                                        marked = true AND owner_uid = $owner_uid");
 
+                       /* Remove access key for the feed */
+
+                       db_query($link, "DELETE FROM ttrss_access_keys WHERE
+                               feed_id = '$id' AND owner_uid = $owner_uid");
+
                        /* remove the feed */
 
                        db_query($link, "DELETE FROM ttrss_feeds 
@@ -6899,4 +6904,51 @@
                if (!in_array($email, $_SESSION['stored_emails']))
                        array_push($_SESSION['stored_emails'], $email);
        }
+
+       function update_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
+               if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+
+               $sql_is_cat = bool_to_sql_bool($is_cat);
+
+               $result = db_query($link, "SELECT access_key FROM ttrss_access_keys 
+                       WHERE feed_id = '$feed_id'      AND is_cat = $sql_is_cat 
+                       AND owner_uid = " . $owner_uid);
+
+               if (db_num_rows($result) == 1) {
+                       $key = db_escape_string(sha1(uniqid(rand(), true)));
+
+                       db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key'
+                               WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat 
+                               AND owner_uid = " . $owner_uid);
+
+                       return $key;
+
+               } else {
+                       return get_feed_access_key($link, $feed_id, $is_cat, $owner_uid);
+               }
+       }
+
+       function get_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
+
+               if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+
+               $sql_is_cat = bool_to_sql_bool($is_cat);
+
+               $result = db_query($link, "SELECT access_key FROM ttrss_access_keys 
+                       WHERE feed_id = '$feed_id'      AND is_cat = $sql_is_cat 
+                       AND owner_uid = " . $owner_uid);
+
+               if (db_num_rows($result) == 1) {
+                       return db_fetch_result($result, 0, "access_key");
+               } else {
+                       $key = db_escape_string(sha1(uniqid(rand(), true)));
+
+                       $result = db_query($link, "INSERT INTO ttrss_access_keys 
+                               (access_key, feed_id, is_cat, owner_uid)
+                               VALUES ('$key', '$feed_id', $sql_is_cat, '$owner_uid')");
+
+                       return $key;
+               }
+               return false;
+       }
 ?>

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 4a82a888bcd0b2d193c4bce50ec72b5185e3dd28..1bf41d29916feb31ba096e6ae13d566b988bfead 100644 (file)
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -464,25 +464,11 @@
                        return;
                }
 
-               if ($subop == "regenPubKey") {
-
-                       print "<rpc-reply>";
-
-                       set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
-
-                       $new_link = article_publish_url($link);         
-
-                       print "<link><![CDATA[$new_link]]></link>";
-
-                       print "</rpc-reply>";
-
-                       return;
-               }
-
                if ($subop == "regenOPMLKey") {
 
                        print "<rpc-reply>";
-                       set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
+                       set_pref($link, " _PREFS_OPML_PUBLISH_KEY", 
+                               sha1(uniqid(rand(), true)), $_SESSION["uid"]);
                        $new_link = opml_publish_url($link);            
                        print "<link><![CDATA[$new_link]]></link>";
                        print "</rpc-reply>";
@@ -1119,6 +1105,21 @@
                        return;
                }
 
+               if ($subop == "regenFeedKey") {
+                       $feed_id = db_escape_string($_REQUEST['id']);
+                       $is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
+
+                       print "<rpc-reply>";
+
+                       $new_key = update_feed_access_key($link, $feed_id, $is_cat);
+
+                       print "<link><![CDATA[$new_key]]></link>";
+
+                       print "</rpc-reply>";
+
+                       return;
+               }
+
                print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
        }
 ?>

diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php
index 54f4a3e61a37e6dbf9af13868780bead63135317..61efd4c991717bce5f5859451c6ad9dad2c2e1ef 100644 (file)
--- a/modules/popup-dialog.php
+++ b/modules/popup-dialog.php
@@ -158,33 +158,6 @@
                        return;
                }
 
-               if ($id == "pubUrl") {
-
-                       print "<div id=\"infoBoxTitle\">".__('Published Articles')."</div>";
-                       print "<div class=\"infoBoxContents\">";
-       
-                       $url_path = article_publish_url($link);
-
-                       print __("Your Published articles feed URL is:");
-
-                       print "<div class=\"tagCloudContainer\">";
-                       print "<a id='pub_feed_url' href='$url_path' target='_blank'>$url_path</a>";
-                       print "</div>";
-
-                       print "<div align='center'>";
-
-                       print "<button onclick=\"return pubRegenKey()\">".
-                               __('Generate new URL')."</button> ";
-
-                       print "<input class=\"button\"
-                               type=\"submit\" onclick=\"return closeInfoBox()\" 
-                               value=\"".__('Close this window')."\">";
-
-                       print "</div></div>";
-
-                       return;
-               }
-
                if ($id == "pubOPMLUrl") {
 
                        print "<div id=\"infoBoxTitle\">".__('Public OPML URL')."</div>";
@@ -777,6 +750,39 @@
                        return;
                }
 
+               if ($id == "generatedFeed") {
+
+                       print "<div id=\"infoBoxTitle\">".__('View as RSS')."</div>";
+                       print "<div class=\"infoBoxContents\">";
+       
+                       $params = explode(":", $param, 3);
+                       $feed_id = db_escape_string($params[0]);
+                       $is_cat = (bool) $params[1];
+
+                       $key = get_feed_access_key($link, $feed_id, $is_cat);
+
+                       $url_path = htmlspecialchars($params[2]) . "&key=" . $key;
+
+                       print __("You can view this feed as RSS using the following URL:");
+
+                       print "<div class=\"tagCloudContainer\">";
+                       print "<a id='gen_feed_url' href='$url_path' target='_blank'>$url_path</a>";
+                       print "</div>";
+
+                       print "<div align='center'>";
+
+                       print "<button onclick=\"return genUrlChangeKey('$feed_id', '$is_cat')\">".
+                               __('Generate new URL')."</button> ";
+
+                       print "<input class=\"button\"
+                               type=\"submit\" onclick=\"return closeInfoBox()\" 
+                               value=\"".__('Close this window')."\">";
+
+                       print "</div></div>";
+
+                       return;
+               }
+
                print "<div id='infoBoxTitle'>Internal Error</div>
                        <div id='infoBoxContents'>
                        <p>Unknown dialog <b>$id</b></p>

diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php
index 7a436cfd20fa1fc67d12e82bce3f5d9afc6359e8..de9166fe453282d26ede4a77163807760b2fb874 100644 (file)
--- a/modules/pref-feeds.php
+++ b/modules/pref-feeds.php
@@ -1447,7 +1447,8 @@
                        __('Export OPML')."</button>";
 
                if (!get_pref($link, "_PREFS_OPML_PUBLISH_KEY")){
-                       set_pref($link, "_PREFS_OPML_PUBLISH_KEY", generate_publish_key());
+                       set_pref($link, "_PREFS_OPML_PUBLISH_KEY", 
+                               sha1(uniqid(rand(), true)));
                }
 
                print "<p>".__('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.');
@@ -1489,13 +1490,12 @@
 
                print "<h3>".__("Published articles")."</h3>";
 
-               if (!get_pref($link, "_PREFS_PUBLISH_KEY")) {
-                       set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key());
-               }
-               
                print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
 
-               print "<button onclick=\"return displayDlg('pubUrl')\">".
+               $rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() . 
+                               "/backend.php?op=rss&id=-2&view-mode=all_articles");;
+
+               print "<button onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
                        __('Display URL')."</button> ";
                
 

diff --git a/prefs.js b/prefs.js
index a6febd5282270057493c6a3b31b71022f7b1fbb3..5ba267b775e1cd07466695e87f22721f5fd16b88 100644 (file)
--- a/prefs.js
+++ b/prefs.js
@@ -1569,43 +1569,6 @@ function feedlistToggleSLAT() {
        updateFeedList()
 }
 
-function pubRegenKey() {
-
-       try {
-               var ok = confirm(__("Replace current publishing address with a new one?"));
-       
-               if (ok) {
-       
-                       notify_progress("Trying to change address...", true);
-       
-                       var query = "?op=rpc&subop=regenPubKey";
-       
-                       new Ajax.Request("backend.php", {
-                               parameters: query,
-                               onComplete: function(transport) {
-                                               var new_link = transport.responseXML.getElementsByTagName("link")[0];
-       
-                                               var e = $('pub_feed_url');
-       
-                                               if (new_link) {
-                                                       e.href = new_link.firstChild.nodeValue;
-                                                       e.innerHTML = new_link.firstChild.nodeValue;
-       
-                                                       new Effect.Highlight(e);
-
-                                                       notify('');
-       
-                                               } else {
-                                                       notify_error("Could not change feed URL.");
-                                               }
-                               } });
-               }
-       } catch (e) {
-               exception_error("pubRegenKey", e);
-       }
-       return false;
-}
-
 function opmlRegenKey() {
 
        try {

diff --git a/sanity_check.php b/sanity_check.php
index 7b9c1199c189606f2578d41df9d33ec5f6366edc..437ac0a03f92162040858818d754858eca037b5c 100644 (file)
--- a/sanity_check.php
+++ b/sanity_check.php
@@ -2,7 +2,7 @@
        require_once "functions.php";
 
        define('EXPECTED_CONFIG_VERSION', 19);
-       define('SCHEMA_VERSION', 68);
+       define('SCHEMA_VERSION', 69);
 
        if (!file_exists("config.php")) {
                print "<b>Fatal Error</b>: You forgot to copy 

diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql
index bbcc729c0a5522afb6fd34124e56c3e5d77ed090..33c1f3d9592c5ac7efdce5642a114f9b6c951dc9 100644 (file)
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -1,6 +1,7 @@
 SET NAMES utf8;
 SET CHARACTER SET utf8;
 
+drop table if exists ttrss_access_keys;
 drop table if exists ttrss_user_labels2;
 drop table if exists ttrss_labels2;
 drop table if exists ttrss_feedbrowser_cache;
@@ -241,7 +242,7 @@ create table ttrss_tags (id integer primary key auto_increment,
 
 create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8;
 
-insert into ttrss_version values (68);
+insert into ttrss_version values (69);
 
 create table ttrss_enclosures (id integer primary key auto_increment,
        content_url text not null,
@@ -446,4 +447,11 @@ create table ttrss_user_labels2 (label_id integer not null,
        foreign key (article_id) references ttrss_entries(id) ON DELETE CASCADE
 ) TYPE=InnoDB DEFAULT CHARSET=UTF8;
 
+create table ttrss_access_keys (id serial not null primary key,
+       access_key varchar(250) not null,
+       feed_id varchar(250) not null,
+       is_cat bool not null default false,
+       owner_uid integer not null,
+       foreign key (owner_uid) references ttrss_users(id) ON DELETE CASCADE) TYPE=InnoDB DEFAULT CHARSET=UTF8;
+
 commit;

diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql
index 64d00dda79691ef08e970408b17f22c611d0dd27..69753aa3c20b054c5f61132a9fe0aab2d4c8dbd1 100644 (file)
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -1,3 +1,4 @@
+drop table ttrss_access_keys;
 drop table ttrss_user_labels2;
 drop table ttrss_labels2;
 drop table ttrss_feedbrowser_cache;
@@ -213,7 +214,7 @@ create index ttrss_tags_owner_uid_index on ttrss_tags(owner_uid);
 
 create table ttrss_version (schema_version int not null);
 
-insert into ttrss_version values (68);
+insert into ttrss_version values (69);
 
 create table ttrss_enclosures (id serial not null primary key,
        content_url text not null,
@@ -405,4 +406,10 @@ create table ttrss_user_labels2 (
        article_id integer not null references ttrss_entries(id) ON DELETE CASCADE
 );
 
+create table ttrss_access_keys (id serial not null primary key,
+       access_key varchar(250) not null,
+       feed_id varchar(250) not null,
+       is_cat boolean not null default false,
+       owner_uid integer not null references ttrss_users(id) on delete cascade);
+
 commit;

diff --git a/schema/versions/mysql/69.sql b/schema/versions/mysql/69.sql
new file mode 100644 (file)
index 0000000..75d2dad
--- /dev/null
+++ b/schema/versions/mysql/69.sql
@@ -0,0 +1,12 @@
+begin;
+
+create table ttrss_access_keys (id serial not null primary key,
+       access_key varchar(250) not null,
+       feed_id varchar(250) not null,
+       is_cat bool not null default false,
+       owner_uid integer not null,
+       foreign key (owner_uid) references ttrss_users(id) ON DELETE CASCADE) TYPE=InnoDB DEFAULT CHARSET=UTF8;
+
+update ttrss_version set schema_version = 69;
+
+commit;

diff --git a/schema/versions/pgsql/69.sql b/schema/versions/pgsql/69.sql
new file mode 100644 (file)
index 0000000..cae0ff5
--- /dev/null
+++ b/schema/versions/pgsql/69.sql
@@ -0,0 +1,11 @@
+begin;
+
+create table ttrss_access_keys (id serial not null primary key,
+       access_key varchar(250) not null,
+       feed_id varchar(250) not null,
+       is_cat bool not null default false,
+       owner_uid integer not null references ttrss_users(id) on delete cascade);
+
+update ttrss_version set schema_version = 69;
+
+commit;