]> git.wh0rd.org Git - tt-rss.git/commitdiff
experimental split of public calls into public.php (refs #389)
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Tue, 15 Nov 2011 07:40:57 +0000 (11:40 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Tue, 15 Nov 2011 07:40:57 +0000 (11:40 +0400)
backend.php
debian/tt-rss-mysql.cron.d
debian/tt-rss-pgsql.cron.d
functions.php
modules/backend-rpc.php
modules/popup-dialog.php
modules/pref-feeds.php
public.php [new file with mode: 0644]

index 1d8a99bdd68199b00ac29a316b09aacdf0bcc579..c702c9fb8a0ea76dba1098b278fd367929da666b 100644 (file)
                authenticate_user($link, "admin", null);
        }
 
-       if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds" &&
-                       $op != "rss" && $op != "getUnread" && $op != "getProfiles" && $op != "share" &&
-                       $op != "fbexport" && $op != "logout" && $op != "pubsub") {
+       $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
+               "fbexport", "logout", "pubsub");
 
+       if (array_search($op, $public_calls) !== false) {
+
+               handle_public_request($link, $op);
+               return;
+
+       } else if (!($_SESSION["uid"] && validate_session($link))) {
                if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
                        header("Content-Type: text/html");
                        login_sequence($link);
                        module_pref_pub_items($link);
                break; // pref-pub-items
 
-               case "globalUpdateFeeds":
-                       // Update all feeds needing a update.
-                       update_daemon_common($link, 0, true, true);
-               break; // globalUpdateFeeds
-
                case "pref-feed-browser":
                        module_pref_feed_browser($link);
                break; // pref-feed-browser
                        module_pref_instances($link);
                break; // pref-instances
 
-               case "rss":
-                       $feed = db_escape_string($_REQUEST["id"]);
-                       $key = db_escape_string($_REQUEST["key"]);
-                       $is_cat = $_REQUEST["is_cat"] != false;
-                       $limit = (int)db_escape_string($_REQUEST["limit"]);
-
-                       $search = db_escape_string($_REQUEST["q"]);
-                       $match_on = db_escape_string($_REQUEST["m"]);
-                       $search_mode = db_escape_string($_REQUEST["smode"]);
-                       $view_mode = db_escape_string($_REQUEST["view-mode"]);
-
-                       if (SINGLE_USER_MODE) {
-                               authenticate_user($link, "admin", null);
-                       }
-
-                       $owner_id = false;
-
-                       if ($key) {
-                               $result = db_query($link, "SELECT owner_uid FROM
-                                       ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
-
-                               if (db_num_rows($result) == 1)
-                                       $owner_id = db_fetch_result($result, 0, "owner_uid");
-                       }
-
-                       if ($owner_id) {
-                               $_SESSION['uid'] = $owner_id;
-
-                               generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
-                                       $search, $search_mode, $match_on, $view_mode);
-                       } else {
-                               header('HTTP/1.1 403 Forbidden');
-                       }
-               break; // rss
-
-               case "getUnread":
-                       $login = db_escape_string($_REQUEST["login"]);
-                       $fresh = $_REQUEST["fresh"] == "1";
-
-                       $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
-
-                       if (db_num_rows($result) == 1) {
-                               $uid = db_fetch_result($result, 0, "id");
-
-                               print getGlobalUnread($link, $uid);
-
-                               if ($fresh) {
-                                       print ";";
-                                       print getFeedArticles($link, -3, false, true, $uid);
-                               }
-
-                       } else {
-                               print "-1;User not found";
-                       }
-
-               break; // getUnread
-
                case "digestTest":
                        print_r(prepare_headlines_digest($link, $_SESSION["uid"]));
                break; // digestTest
                                "<img src='images/indicator_tiny.gif'>";
                break; // loading
 
-               case "getProfiles":
-                       $login = db_escape_string($_REQUEST["login"]);
-                       $password = db_escape_string($_REQUEST["password"]);
-
-                       if (authenticate_user($link, $login, $password)) {
-                               $result = db_query($link, "SELECT * FROM ttrss_settings_profiles
-                                       WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
-
-                               print "<select style='width: 100%' name='profile'>";
-
-                               print "<option value='0'>" . __("Default profile") . "</option>";
-
-                               while ($line = db_fetch_assoc($result)) {
-                                       $id = $line["id"];
-                                       $title = $line["title"];
-
-                                       print "<option value='$id'>$title</option>";
-                               }
-
-                               print "</select>";
-
-                               $_SESSION = array();
-                       }
-               break; // getprofiles
-
-               case "pubsub":
-                       $mode = db_escape_string($_REQUEST['hub_mode']);
-                       $feed_id = (int) db_escape_string($_REQUEST['id']);
-                       $feed_url = db_escape_string($_REQUEST['hub_topic']);
-
-                       if (!PUBSUBHUBBUB_ENABLED) {
-                               header('HTTP/1.0 404 Not Found');
-                               echo "404 Not found";
-                               return;
-                       }
-
-                       // TODO: implement hub_verifytoken checking
-
-                       $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
-                               WHERE id = '$feed_id'");
-
-                       if (db_num_rows($result) != 0) {
-
-                               $check_feed_url = db_fetch_result($result, 0, "feed_url");
-
-                               if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
-                                       if ($mode == "subscribe") {
-
-                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
-                                                       WHERE id = '$feed_id'");
-
-                                               print $_REQUEST['hub_challenge'];
-                                               return;
-
-                                       } else if ($mode == "unsubscribe") {
-
-                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
-                                                       WHERE id = '$feed_id'");
-
-                                               print $_REQUEST['hub_challenge'];
-                                               return;
-
-                                       } else if (!$mode) {
-
-                                               // Received update ping, schedule feed update.
-                                               //update_rss_feed($link, $feed_id, true, true);
-
-                                               db_query($link, "UPDATE ttrss_feeds SET
-                                                       last_update_started = '1970-01-01',
-                                                       last_updated = '1970-01-01' WHERE id = '$feed_id' AND
-                                                       owner_uid = ".$_SESSION["uid"]);
-
-                                       }
-                               } else {
-                                       header('HTTP/1.0 404 Not Found');
-                                       echo "404 Not found";
-                               }
-                       } else {
-                               header('HTTP/1.0 404 Not Found');
-                               echo "404 Not found";
-                       }
-
-               break; // pubsub
-
-               case "logout":
-                       logout_user();
-                       header("Location: tt-rss.php");
-               break; // logout
-
-               case "fbexport":
-
-                       $access_key = db_escape_string($_POST["key"]);
-
-                       // TODO: rate limit checking using last_connected
-                       $result = db_query($link, "SELECT id FROM ttrss_linked_instances
-                               WHERE access_key = '$access_key'");
-
-                       if (db_num_rows($result) == 1) {
-
-                               $instance_id = db_fetch_result($result, 0, "id");
-
-                               $result = db_query($link, "SELECT feed_url, site_url, title, subscribers
-                                       FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
-
-                               $feeds = array();
-
-                               while ($line = db_fetch_assoc($result)) {
-                                       array_push($feeds, $line);
-                               }
-
-                               db_query($link, "UPDATE ttrss_linked_instances SET
-                                       last_status_in = 1 WHERE id = '$instance_id'");
-
-                               print json_encode(array("feeds" => $feeds));
-                       } else {
-                               print json_encode(array("error" => array("code" => 6)));
-                       }
-               break; // fbexport
-
-               case "share":
-                       $uuid = db_escape_string($_REQUEST["key"]);
-
-                       $result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
-                               uuid = '$uuid'");
-
-                       if (db_num_rows($result) != 0) {
-                               header("Content-Type: text/html");
-
-                               $id = db_fetch_result($result, 0, "ref_id");
-                               $owner_uid = db_fetch_result($result, 0, "owner_uid");
-
-                               $_SESSION["uid"] = $owner_uid;
-                               $article = format_article($link, $id, false, true);
-                               $_SESSION["uid"] = "";
-
-                               print_r($article['content']);
-
-                       } else {
-                               print "Article not found.";
-                       }
-
-                       break;
-
                default:
                        header("Content-Type: text/plain");
                        print json_encode(array("error" => array("code" => 7)));
index 672791bdc23649bd3bad6fb3694eca40b8c612e5..a692ce14d5585dfe5e6a4799e89973e8adc48799 100644 (file)
@@ -1,4 +1,4 @@
 # /etc/cron.d/tt-rss-mysql: crontab fragment for tt-rss-mysql
 #  This update feeds for tiny tiny RSS every 20min 
 
-12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1
index e039914825e47c850b1532298111b90864a575d9..c40837ec635be1d5085b19b3b4f2ea6923707f6f 100644 (file)
@@ -1,4 +1,4 @@
 # /etc/cron.d/tt-rss-pgsql: crontab fragment for tt-rss-pgsql
 #  This update feeds for tiny tiny RSS every 20min 
 
-12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 *     * * *     www-data  /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1
index 0dd9ccab3db5c84982df0881b905fc61a9466667..83159e62cabbefe1f79576f7bd34ee75ec6849a2 100644 (file)
                                        !ini_get("open_basedir")) {
 
                                        $callback_url = get_self_url_prefix() .
-                                               "/backend.php?op=pubsub&id=$feed";
+                                               "/public.php?op=pubsub&id=$feed";
 
                                        $s = new Subscriber($feed_hub_url, $callback_url);
 
 
                                                if (PUBSUBHUBBUB_HUB && $published == 'true') {
                                                        $rss_link = get_self_url_prefix() .
-                                                               "/backend.php?op=rss&id=-2&key=" .
+                                                               "/public.php?op=rss&id=-2&key=" .
                                                                get_feed_access_key($link, -2, false, $owner_uid);
 
                                                        $p = new Publisher(PUBSUBHUBBUB_HUB);
                $last_error = $qfh_ret[3];
 
                $feed_self_url = get_self_url_prefix() .
-                       "/backend.php?op=rss&id=-2&key=" .
+                       "/public.php?op=rss&id=-2&key=" .
                        get_feed_access_key($link, -2, false);
 
                if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
 
                if (PUBSUBHUBBUB_HUB) {
                        $rss_link = get_self_url_prefix() .
-                               "/backend.php?op=rss&id=-2&key=" .
+                               "/public.php?op=rss&id=-2&key=" .
                                get_feed_access_key($link, -2, false);
 
                        $p = new Publisher(PUBSUBHUBBUB_HUB);
                }
 
                $rss_link = htmlspecialchars(get_self_url_prefix() .
-                       "/backend.php?op=rss&id=$feed_id$cat_q$search_q");
+                       "/public.php?op=rss&id=$feed_id$cat_q$search_q");
 
                $reply .= "<option value=\"0\" disabled=\"1\">".__('Feed:')."</option>";
 
 
                        _debug("Updating: " . $line['access_url'] . " ($id)");
 
-                       $fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+                       $fetch_url = $line['access_url'] . '/public.php?op=fbexport';
                        $post_query = 'key=' . $line['access_key'];
 
                        $feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
 
+                       // try doing it the old way
+                       if (!$feeds) {
+                               $fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+                               $feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
+                       }
+
                        if ($feeds) {
                                $feeds = json_decode($feeds, true);
 
                                last_status_out = '$status', last_connected = NOW() WHERE id = '$id'");
 
                }
+       }
+
+       function handle_public_request($link, $op) {
+               switch ($op) {
+
+               case "getUnread":
+                       $login = db_escape_string($_REQUEST["login"]);
+                       $fresh = $_REQUEST["fresh"] == "1";
+
+                       $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+                       if (db_num_rows($result) == 1) {
+                               $uid = db_fetch_result($result, 0, "id");
+
+                               print getGlobalUnread($link, $uid);
+
+                               if ($fresh) {
+                                       print ";";
+                                       print getFeedArticles($link, -3, false, true, $uid);
+                               }
+
+                       } else {
+                               print "-1;User not found";
+                       }
+
+               break; // getUnread
+
+               case "getProfiles":
+                       $login = db_escape_string($_REQUEST["login"]);
+                       $password = db_escape_string($_REQUEST["password"]);
+
+                       if (authenticate_user($link, $login, $password)) {
+                               $result = db_query($link, "SELECT * FROM ttrss_settings_profiles
+                                       WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+
+                               print "<select style='width: 100%' name='profile'>";
+
+                               print "<option value='0'>" . __("Default profile") . "</option>";
+
+                               while ($line = db_fetch_assoc($result)) {
+                                       $id = $line["id"];
+                                       $title = $line["title"];
+
+                                       print "<option value='$id'>$title</option>";
+                               }
+
+                               print "</select>";
+
+                               $_SESSION = array();
+                       }
+               break; // getprofiles
+
+               case "pubsub":
+                       $mode = db_escape_string($_REQUEST['hub_mode']);
+                       $feed_id = (int) db_escape_string($_REQUEST['id']);
+                       $feed_url = db_escape_string($_REQUEST['hub_topic']);
+
+                       if (!PUBSUBHUBBUB_ENABLED) {
+                               header('HTTP/1.0 404 Not Found');
+                               echo "404 Not found";
+                               return;
+                       }
+
+                       // TODO: implement hub_verifytoken checking
+
+                       $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
+                               WHERE id = '$feed_id'");
+
+                       if (db_num_rows($result) != 0) {
+
+                               $check_feed_url = db_fetch_result($result, 0, "feed_url");
+
+                               if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+                                       if ($mode == "subscribe") {
+
+                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
+                                                       WHERE id = '$feed_id'");
+
+                                               print $_REQUEST['hub_challenge'];
+                                               return;
+
+                                       } else if ($mode == "unsubscribe") {
+
+                                               db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
+                                                       WHERE id = '$feed_id'");
+
+                                               print $_REQUEST['hub_challenge'];
+                                               return;
+
+                                       } else if (!$mode) {
+
+                                               // Received update ping, schedule feed update.
+                                               //update_rss_feed($link, $feed_id, true, true);
+
+                                               db_query($link, "UPDATE ttrss_feeds SET
+                                                       last_update_started = '1970-01-01',
+                                                       last_updated = '1970-01-01' WHERE id = '$feed_id' AND
+                                                       owner_uid = ".$_SESSION["uid"]);
+
+                                       }
+                               } else {
+                                       header('HTTP/1.0 404 Not Found');
+                                       echo "404 Not found";
+                               }
+                       } else {
+                               header('HTTP/1.0 404 Not Found');
+                               echo "404 Not found";
+                       }
+
+               break; // pubsub
+
+               case "logout":
+                       logout_user();
+                       header("Location: tt-rss.php");
+               break; // logout
+
+               case "fbexport":
+
+                       $access_key = db_escape_string($_POST["key"]);
+
+                       // TODO: rate limit checking using last_connected
+                       $result = db_query($link, "SELECT id FROM ttrss_linked_instances
+                               WHERE access_key = '$access_key'");
+
+                       if (db_num_rows($result) == 1) {
+
+                               $instance_id = db_fetch_result($result, 0, "id");
+
+                               $result = db_query($link, "SELECT feed_url, site_url, title, subscribers
+                                       FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
+
+                               $feeds = array();
+
+                               while ($line = db_fetch_assoc($result)) {
+                                       array_push($feeds, $line);
+                               }
+
+                               db_query($link, "UPDATE ttrss_linked_instances SET
+                                       last_status_in = 1 WHERE id = '$instance_id'");
+
+                               print json_encode(array("feeds" => $feeds));
+                       } else {
+                               print json_encode(array("error" => array("code" => 6)));
+                       }
+               break; // fbexport
+
+               case "share":
+                       $uuid = db_escape_string($_REQUEST["key"]);
+
+                       $result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+                               uuid = '$uuid'");
+
+                       if (db_num_rows($result) != 0) {
+                               header("Content-Type: text/html");
+
+                               $id = db_fetch_result($result, 0, "ref_id");
+                               $owner_uid = db_fetch_result($result, 0, "owner_uid");
+
+                               $_SESSION["uid"] = $owner_uid;
+                               $article = format_article($link, $id, false, true);
+                               $_SESSION["uid"] = "";
 
+                               print_r($article['content']);
+
+                       } else {
+                               print "Article not found.";
+                       }
+
+                       break;
+
+               case "rss":
+                       $feed = db_escape_string($_REQUEST["id"]);
+                       $key = db_escape_string($_REQUEST["key"]);
+                       $is_cat = $_REQUEST["is_cat"] != false;
+                       $limit = (int)db_escape_string($_REQUEST["limit"]);
+
+                       $search = db_escape_string($_REQUEST["q"]);
+                       $match_on = db_escape_string($_REQUEST["m"]);
+                       $search_mode = db_escape_string($_REQUEST["smode"]);
+                       $view_mode = db_escape_string($_REQUEST["view-mode"]);
+
+                       if (SINGLE_USER_MODE) {
+                               authenticate_user($link, "admin", null);
+                       }
+
+                       $owner_id = false;
+
+                       if ($key) {
+                               $result = db_query($link, "SELECT owner_uid FROM
+                                       ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+                               if (db_num_rows($result) == 1)
+                                       $owner_id = db_fetch_result($result, 0, "owner_uid");
+                       }
+
+                       if ($owner_id) {
+                               $_SESSION['uid'] = $owner_id;
+
+                               generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
+                                       $search, $search_mode, $match_on, $view_mode);
+                       } else {
+                               header('HTTP/1.1 403 Forbidden');
+                       }
+               break; // rss
+
+
+               case "globalUpdateFeeds":
+                       // Update all feeds needing a update.
+                       update_daemon_common($link, 0, true, true);
+               break; // globalUpdateFeeds
+
+
+               default:
+                       header("Content-Type: text/plain");
+                       print json_encode(array("error" => array("code" => 7)));
+               break; // fallback
+
+               }
        }
 ?>
index f6b66885ea7f5a39c85352bedd619cb6a5ac33df..f1bbd0698f72ea440a3e029200c3b0e702f67ed9 100644 (file)
 
                        if (PUBSUBHUBBUB_HUB) {
                                $rss_link = get_self_url_prefix() .
-                                       "/backend.php?op=rss&id=-2&key=" .
+                                       "/public.php?op=rss&id=-2&key=" .
                                        get_feed_access_key($link, -2, false);
 
                                $p = new Publisher(PUBSUBHUBBUB_HUB);
index f65d005ffaba12c1d3b3268db1ea2b260d7869db..26b2e7cf6de396ff262b7b0253e8c16ccdd2815f 100644 (file)
                                print __("You can share this article by the following unique URL:");
 
                                $url_path = get_self_url_prefix();
-                               $url_path .= "/backend.php?op=share&key=$uuid";
+                               $url_path .= "/public.php?op=share&key=$uuid";
 
                                print "<div class=\"tagCloudContainer\">";
                                print "<a id='pub_opml_url' href='$url_path' target='_blank'>$url_path</a>";
index b033a378740b96f90c4edfae41fc1215955b248d..bbae468bf01450498ab6a227269dd8b00a85a953 100644 (file)
                print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
 
                $rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
-                               "/backend.php?op=rss&id=-2&view-mode=all_articles");;
+                               "/public.php?op=rss&id=-2&view-mode=all_articles");;
 
                print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
                        __('Display URL')."</button> ";
diff --git a/public.php b/public.php
new file mode 100644 (file)
index 0000000..c2de218
--- /dev/null
@@ -0,0 +1,62 @@
+<?php
+       /* remove ill effects of magic quotes */
+
+       if (get_magic_quotes_gpc()) {
+               function stripslashes_deep($value) {
+                       $value = is_array($value) ?
+                               array_map('stripslashes_deep', $value) : stripslashes($value);
+                               return $value;
+               }
+
+               $_POST = array_map('stripslashes_deep', $_POST);
+               $_GET = array_map('stripslashes_deep', $_GET);
+               $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+               $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+       }
+
+       $op = $_REQUEST["op"];
+
+       require_once "functions.php";
+       if ($op != "share") require_once "sessions.php";
+       require_once "modules/backend-rpc.php";
+       require_once "sanity_check.php";
+       require_once "config.php";
+       require_once "db.php";
+       require_once "db-prefs.php";
+
+       no_cache_incantation();
+
+       startup_gettext();
+
+       $script_started = getmicrotime();
+
+       $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+
+       if (!$link) {
+               if (DB_TYPE == "mysql") {
+                       print mysql_error();
+               }
+               // PG seems to display its own errors just fine by default.
+               return;
+       }
+
+       init_connection($link);
+
+       $subop = $_REQUEST["subop"];
+       $mode = $_REQUEST["mode"];
+
+       if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
+                       header("Content-Type: application/xml; charset=utf-8");
+       } else {
+                       header("Content-Type: text/plain; charset=utf-8");
+       }
+
+       if (ENABLE_GZIP_OUTPUT) {
+               ob_start("ob_gzhandler");
+       }
+
+       handle_public_request($link, $op);
+
+       // We close the connection to database.
+       db_close($link);
+?>