authenticate_user($link, "admin", null);
}
- if (!($_SESSION["uid"] && validate_session($link)) && $op != "globalUpdateFeeds" &&
- $op != "rss" && $op != "getUnread" && $op != "getProfiles" && $op != "share" &&
- $op != "fbexport" && $op != "logout" && $op != "pubsub") {
+ $public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
+ "fbexport", "logout", "pubsub");
+ if (array_search($op, $public_calls) !== false) {
+
+ handle_public_request($link, $op);
+ return;
+
+ } else if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
header("Content-Type: text/html");
login_sequence($link);
module_pref_pub_items($link);
break; // pref-pub-items
- case "globalUpdateFeeds":
- // Update all feeds needing a update.
- update_daemon_common($link, 0, true, true);
- break; // globalUpdateFeeds
-
case "pref-feed-browser":
module_pref_feed_browser($link);
break; // pref-feed-browser
module_pref_instances($link);
break; // pref-instances
- case "rss":
- $feed = db_escape_string($_REQUEST["id"]);
- $key = db_escape_string($_REQUEST["key"]);
- $is_cat = $_REQUEST["is_cat"] != false;
- $limit = (int)db_escape_string($_REQUEST["limit"]);
-
- $search = db_escape_string($_REQUEST["q"]);
- $match_on = db_escape_string($_REQUEST["m"]);
- $search_mode = db_escape_string($_REQUEST["smode"]);
- $view_mode = db_escape_string($_REQUEST["view-mode"]);
-
- if (SINGLE_USER_MODE) {
- authenticate_user($link, "admin", null);
- }
-
- $owner_id = false;
-
- if ($key) {
- $result = db_query($link, "SELECT owner_uid FROM
- ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
-
- if (db_num_rows($result) == 1)
- $owner_id = db_fetch_result($result, 0, "owner_uid");
- }
-
- if ($owner_id) {
- $_SESSION['uid'] = $owner_id;
-
- generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
- $search, $search_mode, $match_on, $view_mode);
- } else {
- header('HTTP/1.1 403 Forbidden');
- }
- break; // rss
-
- case "getUnread":
- $login = db_escape_string($_REQUEST["login"]);
- $fresh = $_REQUEST["fresh"] == "1";
-
- $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
-
- if (db_num_rows($result) == 1) {
- $uid = db_fetch_result($result, 0, "id");
-
- print getGlobalUnread($link, $uid);
-
- if ($fresh) {
- print ";";
- print getFeedArticles($link, -3, false, true, $uid);
- }
-
- } else {
- print "-1;User not found";
- }
-
- break; // getUnread
-
case "digestTest":
print_r(prepare_headlines_digest($link, $_SESSION["uid"]));
break; // digestTest
"<img src='images/indicator_tiny.gif'>";
break; // loading
- case "getProfiles":
- $login = db_escape_string($_REQUEST["login"]);
- $password = db_escape_string($_REQUEST["password"]);
-
- if (authenticate_user($link, $login, $password)) {
- $result = db_query($link, "SELECT * FROM ttrss_settings_profiles
- WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
-
- print "<select style='width: 100%' name='profile'>";
-
- print "<option value='0'>" . __("Default profile") . "</option>";
-
- while ($line = db_fetch_assoc($result)) {
- $id = $line["id"];
- $title = $line["title"];
-
- print "<option value='$id'>$title</option>";
- }
-
- print "</select>";
-
- $_SESSION = array();
- }
- break; // getprofiles
-
- case "pubsub":
- $mode = db_escape_string($_REQUEST['hub_mode']);
- $feed_id = (int) db_escape_string($_REQUEST['id']);
- $feed_url = db_escape_string($_REQUEST['hub_topic']);
-
- if (!PUBSUBHUBBUB_ENABLED) {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- return;
- }
-
- // TODO: implement hub_verifytoken checking
-
- $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
- WHERE id = '$feed_id'");
-
- if (db_num_rows($result) != 0) {
-
- $check_feed_url = db_fetch_result($result, 0, "feed_url");
-
- if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
- if ($mode == "subscribe") {
-
- db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
- WHERE id = '$feed_id'");
-
- print $_REQUEST['hub_challenge'];
- return;
-
- } else if ($mode == "unsubscribe") {
-
- db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
- WHERE id = '$feed_id'");
-
- print $_REQUEST['hub_challenge'];
- return;
-
- } else if (!$mode) {
-
- // Received update ping, schedule feed update.
- //update_rss_feed($link, $feed_id, true, true);
-
- db_query($link, "UPDATE ttrss_feeds SET
- last_update_started = '1970-01-01',
- last_updated = '1970-01-01' WHERE id = '$feed_id' AND
- owner_uid = ".$_SESSION["uid"]);
-
- }
- } else {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- }
- } else {
- header('HTTP/1.0 404 Not Found');
- echo "404 Not found";
- }
-
- break; // pubsub
-
- case "logout":
- logout_user();
- header("Location: tt-rss.php");
- break; // logout
-
- case "fbexport":
-
- $access_key = db_escape_string($_POST["key"]);
-
- // TODO: rate limit checking using last_connected
- $result = db_query($link, "SELECT id FROM ttrss_linked_instances
- WHERE access_key = '$access_key'");
-
- if (db_num_rows($result) == 1) {
-
- $instance_id = db_fetch_result($result, 0, "id");
-
- $result = db_query($link, "SELECT feed_url, site_url, title, subscribers
- FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
-
- $feeds = array();
-
- while ($line = db_fetch_assoc($result)) {
- array_push($feeds, $line);
- }
-
- db_query($link, "UPDATE ttrss_linked_instances SET
- last_status_in = 1 WHERE id = '$instance_id'");
-
- print json_encode(array("feeds" => $feeds));
- } else {
- print json_encode(array("error" => array("code" => 6)));
- }
- break; // fbexport
-
- case "share":
- $uuid = db_escape_string($_REQUEST["key"]);
-
- $result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
- uuid = '$uuid'");
-
- if (db_num_rows($result) != 0) {
- header("Content-Type: text/html");
-
- $id = db_fetch_result($result, 0, "ref_id");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
-
- $_SESSION["uid"] = $owner_uid;
- $article = format_article($link, $id, false, true);
- $_SESSION["uid"] = "";
-
- print_r($article['content']);
-
- } else {
- print "Article not found.";
- }
-
- break;
-
default:
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
# /etc/cron.d/tt-rss-mysql: crontab fragment for tt-rss-mysql
# This update feeds for tiny tiny RSS every 20min
-12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1
# /etc/cron.d/tt-rss-pgsql: crontab fragment for tt-rss-pgsql
# This update feeds for tiny tiny RSS every 20min
-12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/backend.php?op=globalUpdateFeeds&daemon=1
+12,42 * * * * www-data /usr/bin/wget --output-document=/dev/null --quiet http://localhost/tt-rss/public.php?op=globalUpdateFeeds&daemon=1
!ini_get("open_basedir")) {
$callback_url = get_self_url_prefix() .
- "/backend.php?op=pubsub&id=$feed";
+ "/public.php?op=pubsub&id=$feed";
$s = new Subscriber($feed_hub_url, $callback_url);
if (PUBSUBHUBBUB_HUB && $published == 'true') {
$rss_link = get_self_url_prefix() .
- "/backend.php?op=rss&id=-2&key=" .
+ "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false, $owner_uid);
$p = new Publisher(PUBSUBHUBBUB_HUB);
$last_error = $qfh_ret[3];
$feed_self_url = get_self_url_prefix() .
- "/backend.php?op=rss&id=-2&key=" .
+ "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
- "/backend.php?op=rss&id=-2&key=" .
+ "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
}
$rss_link = htmlspecialchars(get_self_url_prefix() .
- "/backend.php?op=rss&id=$feed_id$cat_q$search_q");
+ "/public.php?op=rss&id=$feed_id$cat_q$search_q");
$reply .= "<option value=\"0\" disabled=\"1\">".__('Feed:')."</option>";
_debug("Updating: " . $line['access_url'] . " ($id)");
- $fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+ $fetch_url = $line['access_url'] . '/public.php?op=fbexport';
$post_query = 'key=' . $line['access_key'];
$feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
+ // try doing it the old way
+ if (!$feeds) {
+ $fetch_url = $line['access_url'] . '/backend.php?op=fbexport';
+ $feeds = fetch_file_contents($fetch_url, false, false, false, $post_query);
+ }
+
if ($feeds) {
$feeds = json_decode($feeds, true);
last_status_out = '$status', last_connected = NOW() WHERE id = '$id'");
}
+ }
+
+ function handle_public_request($link, $op) {
+ switch ($op) {
+
+ case "getUnread":
+ $login = db_escape_string($_REQUEST["login"]);
+ $fresh = $_REQUEST["fresh"] == "1";
+
+ $result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
+
+ if (db_num_rows($result) == 1) {
+ $uid = db_fetch_result($result, 0, "id");
+
+ print getGlobalUnread($link, $uid);
+
+ if ($fresh) {
+ print ";";
+ print getFeedArticles($link, -3, false, true, $uid);
+ }
+
+ } else {
+ print "-1;User not found";
+ }
+
+ break; // getUnread
+
+ case "getProfiles":
+ $login = db_escape_string($_REQUEST["login"]);
+ $password = db_escape_string($_REQUEST["password"]);
+
+ if (authenticate_user($link, $login, $password)) {
+ $result = db_query($link, "SELECT * FROM ttrss_settings_profiles
+ WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
+
+ print "<select style='width: 100%' name='profile'>";
+
+ print "<option value='0'>" . __("Default profile") . "</option>";
+
+ while ($line = db_fetch_assoc($result)) {
+ $id = $line["id"];
+ $title = $line["title"];
+
+ print "<option value='$id'>$title</option>";
+ }
+
+ print "</select>";
+
+ $_SESSION = array();
+ }
+ break; // getprofiles
+
+ case "pubsub":
+ $mode = db_escape_string($_REQUEST['hub_mode']);
+ $feed_id = (int) db_escape_string($_REQUEST['id']);
+ $feed_url = db_escape_string($_REQUEST['hub_topic']);
+
+ if (!PUBSUBHUBBUB_ENABLED) {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ return;
+ }
+
+ // TODO: implement hub_verifytoken checking
+
+ $result = db_query($link, "SELECT feed_url FROM ttrss_feeds
+ WHERE id = '$feed_id'");
+
+ if (db_num_rows($result) != 0) {
+
+ $check_feed_url = db_fetch_result($result, 0, "feed_url");
+
+ if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
+ if ($mode == "subscribe") {
+
+ db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
+ WHERE id = '$feed_id'");
+
+ print $_REQUEST['hub_challenge'];
+ return;
+
+ } else if ($mode == "unsubscribe") {
+
+ db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
+ WHERE id = '$feed_id'");
+
+ print $_REQUEST['hub_challenge'];
+ return;
+
+ } else if (!$mode) {
+
+ // Received update ping, schedule feed update.
+ //update_rss_feed($link, $feed_id, true, true);
+
+ db_query($link, "UPDATE ttrss_feeds SET
+ last_update_started = '1970-01-01',
+ last_updated = '1970-01-01' WHERE id = '$feed_id' AND
+ owner_uid = ".$_SESSION["uid"]);
+
+ }
+ } else {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ }
+ } else {
+ header('HTTP/1.0 404 Not Found');
+ echo "404 Not found";
+ }
+
+ break; // pubsub
+
+ case "logout":
+ logout_user();
+ header("Location: tt-rss.php");
+ break; // logout
+
+ case "fbexport":
+
+ $access_key = db_escape_string($_POST["key"]);
+
+ // TODO: rate limit checking using last_connected
+ $result = db_query($link, "SELECT id FROM ttrss_linked_instances
+ WHERE access_key = '$access_key'");
+
+ if (db_num_rows($result) == 1) {
+
+ $instance_id = db_fetch_result($result, 0, "id");
+
+ $result = db_query($link, "SELECT feed_url, site_url, title, subscribers
+ FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
+
+ $feeds = array();
+
+ while ($line = db_fetch_assoc($result)) {
+ array_push($feeds, $line);
+ }
+
+ db_query($link, "UPDATE ttrss_linked_instances SET
+ last_status_in = 1 WHERE id = '$instance_id'");
+
+ print json_encode(array("feeds" => $feeds));
+ } else {
+ print json_encode(array("error" => array("code" => 6)));
+ }
+ break; // fbexport
+
+ case "share":
+ $uuid = db_escape_string($_REQUEST["key"]);
+
+ $result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+ uuid = '$uuid'");
+
+ if (db_num_rows($result) != 0) {
+ header("Content-Type: text/html");
+
+ $id = db_fetch_result($result, 0, "ref_id");
+ $owner_uid = db_fetch_result($result, 0, "owner_uid");
+
+ $_SESSION["uid"] = $owner_uid;
+ $article = format_article($link, $id, false, true);
+ $_SESSION["uid"] = "";
+ print_r($article['content']);
+
+ } else {
+ print "Article not found.";
+ }
+
+ break;
+
+ case "rss":
+ $feed = db_escape_string($_REQUEST["id"]);
+ $key = db_escape_string($_REQUEST["key"]);
+ $is_cat = $_REQUEST["is_cat"] != false;
+ $limit = (int)db_escape_string($_REQUEST["limit"]);
+
+ $search = db_escape_string($_REQUEST["q"]);
+ $match_on = db_escape_string($_REQUEST["m"]);
+ $search_mode = db_escape_string($_REQUEST["smode"]);
+ $view_mode = db_escape_string($_REQUEST["view-mode"]);
+
+ if (SINGLE_USER_MODE) {
+ authenticate_user($link, "admin", null);
+ }
+
+ $owner_id = false;
+
+ if ($key) {
+ $result = db_query($link, "SELECT owner_uid FROM
+ ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+
+ if (db_num_rows($result) == 1)
+ $owner_id = db_fetch_result($result, 0, "owner_uid");
+ }
+
+ if ($owner_id) {
+ $_SESSION['uid'] = $owner_id;
+
+ generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
+ $search, $search_mode, $match_on, $view_mode);
+ } else {
+ header('HTTP/1.1 403 Forbidden');
+ }
+ break; // rss
+
+
+ case "globalUpdateFeeds":
+ // Update all feeds needing a update.
+ update_daemon_common($link, 0, true, true);
+ break; // globalUpdateFeeds
+
+
+ default:
+ header("Content-Type: text/plain");
+ print json_encode(array("error" => array("code" => 7)));
+ break; // fallback
+
+ }
}
?>
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
- "/backend.php?op=rss&id=-2&key=" .
+ "/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
print __("You can share this article by the following unique URL:");
$url_path = get_self_url_prefix();
- $url_path .= "/backend.php?op=share&key=$uuid";
+ $url_path .= "/public.php?op=share&key=$uuid";
print "<div class=\"tagCloudContainer\">";
print "<a id='pub_opml_url' href='$url_path' target='_blank'>$url_path</a>";
print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
- "/backend.php?op=rss&id=-2&view-mode=all_articles");;
+ "/public.php?op=rss&id=-2&view-mode=all_articles");;
print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
__('Display URL')."</button> ";
--- /dev/null
+<?php
+ /* remove ill effects of magic quotes */
+
+ if (get_magic_quotes_gpc()) {
+ function stripslashes_deep($value) {
+ $value = is_array($value) ?
+ array_map('stripslashes_deep', $value) : stripslashes($value);
+ return $value;
+ }
+
+ $_POST = array_map('stripslashes_deep', $_POST);
+ $_GET = array_map('stripslashes_deep', $_GET);
+ $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
+ $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
+ }
+
+ $op = $_REQUEST["op"];
+
+ require_once "functions.php";
+ if ($op != "share") require_once "sessions.php";
+ require_once "modules/backend-rpc.php";
+ require_once "sanity_check.php";
+ require_once "config.php";
+ require_once "db.php";
+ require_once "db-prefs.php";
+
+ no_cache_incantation();
+
+ startup_gettext();
+
+ $script_started = getmicrotime();
+
+ $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
+
+ if (!$link) {
+ if (DB_TYPE == "mysql") {
+ print mysql_error();
+ }
+ // PG seems to display its own errors just fine by default.
+ return;
+ }
+
+ init_connection($link);
+
+ $subop = $_REQUEST["subop"];
+ $mode = $_REQUEST["mode"];
+
+ if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
+ header("Content-Type: application/xml; charset=utf-8");
+ } else {
+ header("Content-Type: text/plain; charset=utf-8");
+ }
+
+ if (ENABLE_GZIP_OUTPUT) {
+ ob_start("ob_gzhandler");
+ }
+
+ handle_public_request($link, $op);
+
+ // We close the connection to database.
+ db_close($link);
+?>