2 define('EXPECTED_CONFIG_VERSION', 26);
3 define('SCHEMA_VERSION', 134);
5 define('LABEL_BASE_INDEX', -1024);
6 define('PLUGIN_FEED_BASE_INDEX', -128);
8 define('COOKIE_LIFETIME_LONG', 86400*365);
10 $fetch_last_error = false;
11 $fetch_last_error_code = false;
12 $fetch_last_content_type = false;
13 $fetch_last_error_content = false; // curl only for the time being
14 $fetch_effective_url = false;
15 $fetch_curl_used = false;
17 libxml_disable_entity_loader(true);
19 // separate test because this is included before sanity checks
20 if (function_exists("mb_internal_encoding")) mb_internal_encoding("UTF-8");
22 date_default_timezone_set('UTC');
23 if (defined('E_DEPRECATED')) {
24 error_reporting(E_ALL
& ~E_NOTICE
& ~E_DEPRECATED
);
26 error_reporting(E_ALL
& ~E_NOTICE
);
29 require_once 'config.php';
32 * Define a constant if not already defined
34 function define_default($name, $value) {
35 defined($name) or define($name, $value);
38 /* Some tunables you can override in config.php using define(): */
40 define_default('FEED_FETCH_TIMEOUT', 45);
41 // How may seconds to wait for response when requesting feed from a site
42 define_default('FEED_FETCH_NO_CACHE_TIMEOUT', 15);
43 // How may seconds to wait for response when requesting feed from a
44 // site when that feed wasn't cached before
45 define_default('FILE_FETCH_TIMEOUT', 45);
46 // Default timeout when fetching files from remote sites
47 define_default('FILE_FETCH_CONNECT_TIMEOUT', 15);
48 // How many seconds to wait for initial response from website when
49 // fetching files from remote sites
50 define_default('DAEMON_UPDATE_LOGIN_LIMIT', 30);
51 // stop updating feeds if users haven't logged in for X days
52 define_default('DAEMON_FEED_LIMIT', 500);
53 // feed limit for one update batch
54 define_default('DAEMON_SLEEP_INTERVAL', 120);
55 // default sleep interval between feed updates (sec)
56 define_default('MIN_CACHE_FILE_SIZE', 1024);
57 // do not cache files smaller than that (bytes)
58 define_default('MAX_CACHE_FILE_SIZE', 64*1024*1024);
59 // do not cache files larger than that (bytes)
60 define_default('MAX_DOWNLOAD_FILE_SIZE', 16*1024*1024);
61 // do not download general files larger than that (bytes)
62 define_default('CACHE_MAX_DAYS', 7);
63 // max age in days for various automatically cached (temporary) files
64 define_default('MAX_CONDITIONAL_INTERVAL', 3600*12);
65 // max interval between forced unconditional updates for servers
66 // not complying with http if-modified-since (seconds)
68 /* tunables end here */
70 if (DB_TYPE
== "pgsql") {
71 define('SUBSTRING_FOR_DATE', 'SUBSTRING_FOR_DATE');
73 define('SUBSTRING_FOR_DATE', 'SUBSTRING');
77 * Return available translations names.
80 * @return array A array of available translations.
82 function get_translations() {
84 "auto" => "Detect automatically",
85 "ar_SA" => "العربيّة (Arabic)",
86 "bg_BG" => "Bulgarian",
91 "el_GR" => "Ελληνικά",
92 "es_ES" => "Español (España)",
95 "fr_FR" => "Français",
96 "hu_HU" => "Magyar (Hungarian)",
97 "it_IT" => "Italiano",
98 "ja_JP" => "日本語 (Japanese)",
99 "lv_LV" => "Latviešu",
100 "nb_NO" => "Norwegian bokmål",
103 "ru_RU" => "Русский",
104 "pt_BR" => "Portuguese/Brazil",
105 "pt_PT" => "Portuguese/Portugal",
106 "zh_CN" => "Simplified Chinese",
107 "zh_TW" => "Traditional Chinese",
108 "sv_SE" => "Svenska",
110 "tr_TR" => "Türkçe");
115 require_once "lib/accept-to-gettext.php";
116 require_once "lib/gettext/gettext.inc";
118 function startup_gettext() {
120 # Get locale from Accept-Language header
121 $lang = al2gt(array_keys(get_translations()), "text/html");
123 if (defined('_TRANSLATION_OVERRIDE_DEFAULT')) {
124 $lang = _TRANSLATION_OVERRIDE_DEFAULT
;
127 if ($_SESSION["uid"] && get_schema_version() >= 120) {
128 $pref_lang = get_pref("USER_LANGUAGE", $_SESSION["uid"]);
130 if ($pref_lang && $pref_lang != 'auto') {
136 if (defined('LC_MESSAGES')) {
137 _setlocale(LC_MESSAGES
, $lang);
138 } else if (defined('LC_ALL')) {
139 _setlocale(LC_ALL
, $lang);
142 _bindtextdomain("messages", "locale");
144 _textdomain("messages");
145 _bind_textdomain_codeset("messages", "UTF-8");
149 require_once 'db-prefs.php';
150 require_once 'version.php';
151 require_once 'controls.php';
153 define('SELF_USER_AGENT', 'Tiny Tiny RSS/' . VERSION
. ' (http://tt-rss.org/)');
154 ini_set('user_agent', SELF_USER_AGENT
);
156 $schema_version = false;
158 // TODO: compat wrapper, remove at some point
159 function _debug($msg) {
164 * Purge a feed old posts.
166 * @param mixed $link A database connection.
167 * @param mixed $feed_id The id of the purged feed.
168 * @param mixed $purge_interval Olderness of purged posts.
169 * @param boolean $debug Set to True to enable the debug. False by default.
173 function purge_feed($feed_id, $purge_interval) {
175 if (!$purge_interval) $purge_interval = feed_purge_interval($feed_id);
179 $sth = $pdo->prepare("SELECT owner_uid FROM ttrss_feeds WHERE id = ?");
180 $sth->execute([$feed_id]);
184 if ($row = $sth->fetch()) {
185 $owner_uid = $row["owner_uid"];
188 if ($purge_interval == -1 ||
!$purge_interval) {
190 CCache
::update($feed_id, $owner_uid);
195 if (!$owner_uid) return;
197 if (FORCE_ARTICLE_PURGE
== 0) {
198 $purge_unread = get_pref("PURGE_UNREAD_ARTICLES",
201 $purge_unread = true;
202 $purge_interval = FORCE_ARTICLE_PURGE
;
206 $query_limit = " unread = false AND ";
210 $purge_interval = (int) $purge_interval;
212 if (DB_TYPE
== "pgsql") {
213 $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
215 WHERE ttrss_entries.id = ref_id AND
219 ttrss_entries.date_updated < NOW() - INTERVAL '$purge_interval days'");
220 $sth->execute([$feed_id]);
223 $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
224 USING ttrss_user_entries, ttrss_entries
225 WHERE ttrss_entries.id = ref_id AND
229 ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)");
230 $sth->execute([$feed_id]);
234 $rows = $sth->rowCount();
236 CCache
::update($feed_id, $owner_uid);
238 Debug
::log("Purged feed $feed_id ($purge_interval): deleted $rows articles");
241 } // function purge_feed
243 function feed_purge_interval($feed_id) {
247 $sth = $pdo->prepare("SELECT purge_interval, owner_uid FROM ttrss_feeds
249 $sth->execute([$feed_id]);
251 if ($row = $sth->fetch()) {
252 $purge_interval = $row["purge_interval"];
253 $owner_uid = $row["owner_uid"];
255 if ($purge_interval == 0) $purge_interval = get_pref(
256 'PURGE_OLD_DAYS', $owner_uid);
258 return $purge_interval;
265 // TODO: max_size currently only works for CURL transfers
266 // TODO: multiple-argument way is deprecated, first parameter is a hash now
267 function fetch_file_contents($options /* previously: 0: $url , 1: $type = false, 2: $login = false, 3: $pass = false,
268 4: $post_query = false, 5: $timeout = false, 6: $timestamp = 0, 7: $useragent = false*/) {
270 global $fetch_last_error;
271 global $fetch_last_error_code;
272 global $fetch_last_error_content;
273 global $fetch_last_content_type;
274 global $fetch_last_modified;
275 global $fetch_effective_url;
276 global $fetch_curl_used;
278 $fetch_last_error = false;
279 $fetch_last_error_code = -1;
280 $fetch_last_error_content = "";
281 $fetch_last_content_type = "";
282 $fetch_curl_used = false;
283 $fetch_last_modified = "";
284 $fetch_effective_url = "";
286 if (!is_array($options)) {
288 // falling back on compatibility shim
289 $option_names = [ "url", "type", "login", "pass", "post_query", "timeout", "last_modified", "useragent" ];
292 for ($i = 0; $i < func_num_args(); $i++
) {
293 $tmp[$option_names[$i]] = func_get_arg($i);
299 "url" => func_get_arg(0),
300 "type" => @func_get_arg(1),
301 "login" => @func_get_arg(2),
302 "pass" => @func_get_arg(3),
303 "post_query" => @func_get_arg(4),
304 "timeout" => @func_get_arg(5),
305 "timestamp" => @func_get_arg(6),
306 "useragent" => @func_get_arg(7)
310 $url = $options["url"];
311 $type = isset($options["type"]) ?
$options["type"] : false;
312 $login = isset($options["login"]) ?
$options["login"] : false;
313 $pass = isset($options["pass"]) ?
$options["pass"] : false;
314 $post_query = isset($options["post_query"]) ?
$options["post_query"] : false;
315 $timeout = isset($options["timeout"]) ?
$options["timeout"] : false;
316 $last_modified = isset($options["last_modified"]) ?
$options["last_modified"] : "";
317 $useragent = isset($options["useragent"]) ?
$options["useragent"] : false;
318 $followlocation = isset($options["followlocation"]) ?
$options["followlocation"] : true;
319 $max_size = isset($options["max_size"]) ?
$options["max_size"] : MAX_DOWNLOAD_FILE_SIZE
; // in bytes
320 $http_accept = isset($options["http_accept"]) ?
$options["http_accept"] : false;
322 $url = ltrim($url, ' ');
323 $url = str_replace(' ', '%20', $url);
325 if (strpos($url, "//") === 0)
326 $url = 'http:' . $url;
328 if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) {
330 $fetch_curl_used = true;
332 $ch = curl_init($url);
334 $curl_http_headers = [];
336 if ($last_modified && !$post_query)
337 array_push($curl_http_headers, "If-Modified-Since: $last_modified");
340 array_push($curl_http_headers, "Accept: " . $http_accept);
342 if (count($curl_http_headers) > 0)
343 curl_setopt($ch, CURLOPT_HTTPHEADER
, $curl_http_headers);
345 curl_setopt($ch, CURLOPT_CONNECTTIMEOUT
, $timeout ?
$timeout : FILE_FETCH_CONNECT_TIMEOUT
);
346 curl_setopt($ch, CURLOPT_TIMEOUT
, $timeout ?
$timeout : FILE_FETCH_TIMEOUT
);
347 curl_setopt($ch, CURLOPT_FOLLOWLOCATION
, !ini_get("open_basedir") && $followlocation);
348 curl_setopt($ch, CURLOPT_MAXREDIRS
, 20);
349 curl_setopt($ch, CURLOPT_BINARYTRANSFER
, true);
350 curl_setopt($ch, CURLOPT_RETURNTRANSFER
, true);
351 curl_setopt($ch, CURLOPT_HEADER
, true);
352 curl_setopt($ch, CURLOPT_HTTPAUTH
, CURLAUTH_ANY
);
353 curl_setopt($ch, CURLOPT_USERAGENT
, $useragent ?
$useragent :
355 curl_setopt($ch, CURLOPT_ENCODING
, "");
356 //curl_setopt($ch, CURLOPT_REFERER, $url);
359 curl_setopt($ch, CURLOPT_NOPROGRESS
, false);
360 curl_setopt($ch, CURLOPT_BUFFERSIZE
, 16384); // needed to get 5 arguments in progress function?
362 // holy shit closures in php
363 // download & upload are *expected* sizes respectively, could be zero
364 curl_setopt($ch, CURLOPT_PROGRESSFUNCTION
, function($curl_handle, $download_size, $downloaded, $upload_size, $uploaded) use( &$max_size) {
365 Debug
::log("[curl progressfunction] $downloaded $max_size", Debug
::$LOG_EXTENDED);
367 return ($downloaded > $max_size) ?
1 : 0; // if max size is set, abort when exceeding it
372 if (!ini_get("open_basedir")) {
373 curl_setopt($ch, CURLOPT_COOKIEJAR
, "/dev/null");
376 if (defined('_HTTP_PROXY')) {
377 curl_setopt($ch, CURLOPT_PROXY
, _HTTP_PROXY
);
381 curl_setopt($ch, CURLOPT_POST
, true);
382 curl_setopt($ch, CURLOPT_POSTFIELDS
, $post_query);
386 curl_setopt($ch, CURLOPT_USERPWD
, "$login:$pass");
388 $ret = @curl_exec
($ch);
390 $headers_length = curl_getinfo($ch, CURLINFO_HEADER_SIZE
);
391 $headers = explode("\r\n", substr($ret, 0, $headers_length));
392 $contents = substr($ret, $headers_length);
394 foreach ($headers as $header) {
395 if (strstr($header, ": ") !== FALSE) {
396 list ($key, $value) = explode(": ", $header);
398 if (strtolower($key) == "last-modified") {
399 $fetch_last_modified = $value;
403 if (substr(strtolower($header), 0, 7) == 'http/1.') {
404 $fetch_last_error_code = (int) substr($header, 9, 3);
405 $fetch_last_error = $header;
409 if (curl_errno($ch) === 23 ||
curl_errno($ch) === 61) {
410 curl_setopt($ch, CURLOPT_ENCODING
, 'none');
411 $contents = @curl_exec
($ch);
414 $http_code = curl_getinfo($ch, CURLINFO_HTTP_CODE
);
415 $fetch_last_content_type = curl_getinfo($ch, CURLINFO_CONTENT_TYPE
);
417 $fetch_effective_url = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL
);
419 $fetch_last_error_code = $http_code;
421 if ($http_code != 200 ||
$type && strpos($fetch_last_content_type, "$type") === false) {
423 if (curl_errno($ch) != 0) {
424 $fetch_last_error .= "; " . curl_errno($ch) . " " . curl_error($ch);
427 $fetch_last_error_content = $contents;
433 $fetch_last_error = curl_errno($ch) . " " . curl_error($ch);
443 $fetch_curl_used = false;
445 if ($login && $pass){
446 $url_parts = array();
448 preg_match("/(^[^:]*):\/\/(.*)/", $url, $url_parts);
450 $pass = urlencode($pass);
452 if ($url_parts[1] && $url_parts[2]) {
453 $url = $url_parts[1] . "://$login:$pass@" . $url_parts[2];
457 // TODO: should this support POST requests or not? idk
459 $context_options = array(
465 'ignore_errors' => true,
466 'timeout' => $timeout ?
$timeout : FILE_FETCH_TIMEOUT
,
467 'protocol_version'=> 1.1)
470 if (!$post_query && $last_modified)
471 array_push($context_options['http']['header'], "If-Modified-Since: $last_modified");
474 array_push($context_options['http']['header'], "Accept: $http_accept");
476 if (defined('_HTTP_PROXY')) {
477 $context_options['http']['request_fulluri'] = true;
478 $context_options['http']['proxy'] = _HTTP_PROXY
;
481 $context = stream_context_create($context_options);
483 $old_error = error_get_last();
485 $fetch_effective_url = $url;
487 $data = @file_get_contents
($url, false, $context);
489 if (isset($http_response_header) && is_array($http_response_header)) {
490 foreach ($http_response_header as $header) {
491 if (strstr($header, ": ") !== FALSE) {
492 list ($key, $value) = explode(": ", $header);
494 $key = strtolower($key);
496 if ($key == 'content-type') {
497 $fetch_last_content_type = $value;
498 // don't abort here b/c there might be more than one
499 // e.g. if we were being redirected -- last one is the right one
500 } else if ($key == 'last-modified') {
501 $fetch_last_modified = $value;
502 } else if ($key == 'location') {
503 $fetch_effective_url = $value;
507 if (substr(strtolower($header), 0, 7) == 'http/1.') {
508 $fetch_last_error_code = (int) substr($header, 9, 3);
509 $fetch_last_error = $header;
514 if ($fetch_last_error_code != 200) {
515 $error = error_get_last();
517 if ($error['message'] != $old_error['message']) {
518 $fetch_last_error .= "; " . $error["message"];
521 $fetch_last_error_content = $data;
531 * Try to determine the favicon URL for a feed.
532 * adapted from wordpress favicon plugin by Jeff Minard (http://thecodepro.com/)
533 * http://dev.wp-plugins.org/file/favatars/trunk/favatars.php
535 * @param string $url A feed or page URL
537 * @return mixed The favicon URL, or false if none was found.
539 function get_favicon_url($url) {
541 $favicon_url = false;
543 if ($html = @fetch_file_contents
($url)) {
545 libxml_use_internal_errors(true);
547 $doc = new DOMDocument();
548 $doc->loadHTML($html);
549 $xpath = new DOMXPath($doc);
551 $base = $xpath->query('/html/head/base[@href]');
552 foreach ($base as $b) {
553 $url = rewrite_relative_url($url, $b->getAttribute("href"));
557 $entries = $xpath->query('/html/head/link[@rel="shortcut icon" or @rel="icon"]');
558 if (count($entries) > 0) {
559 foreach ($entries as $entry) {
560 $favicon_url = rewrite_relative_url($url, $entry->getAttribute("href"));
567 $favicon_url = rewrite_relative_url($url, "/favicon.ico");
570 } // function get_favicon_url
572 function initialize_user_prefs($uid, $profile = false) {
574 if (get_schema_version() < 63) $profile_qpart = "";
577 $in_nested_tr = false;
580 $pdo->beginTransaction();
581 } catch (Exception
$e) {
582 $in_nested_tr = true;
585 $sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
587 $profile = $profile ?
$profile : null;
589 $u_sth = $pdo->prepare("SELECT pref_name
590 FROM ttrss_user_prefs WHERE owner_uid = :uid AND
591 (profile = :profile OR (:profile IS NULL AND profile IS NULL))");
592 $u_sth->execute([':uid' => $uid, ':profile' => $profile]);
594 $active_prefs = array();
596 while ($line = $u_sth->fetch()) {
597 array_push($active_prefs, $line["pref_name"]);
600 while ($line = $sth->fetch()) {
601 if (array_search($line["pref_name"], $active_prefs) === FALSE) {
602 // print "adding " . $line["pref_name"] . "<br>";
604 if (get_schema_version() < 63) {
605 $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
606 (owner_uid,pref_name,value) VALUES
608 $i_sth->execute([$uid, $line["pref_name"], $line["def_value"]]);
611 $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
612 (owner_uid,pref_name,value, profile) VALUES
614 $i_sth->execute([$uid, $line["pref_name"], $line["def_value"], $profile]);
620 if (!$in_nested_tr) $pdo->commit();
624 function get_ssl_certificate_id() {
625 if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"]) {
626 return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
627 $_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
628 $_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
629 $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
631 if ($_SERVER["SSL_CLIENT_M_SERIAL"]) {
632 return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
633 $_SERVER["SSL_CLIENT_V_START"] .
634 $_SERVER["SSL_CLIENT_V_END"] .
635 $_SERVER["SSL_CLIENT_S_DN"]);
640 function authenticate_user($login, $password, $check_only = false) {
642 if (!SINGLE_USER_MODE
) {
644 $auth_module = false;
646 foreach (PluginHost
::getInstance()->get_hooks(PluginHost
::HOOK_AUTH_USER
) as $plugin) {
648 $user_id = (int) $plugin->authenticate($login, $password);
651 $auth_module = strtolower(get_class($plugin));
656 if ($user_id && !$check_only) {
659 session_regenerate_id(true);
661 $_SESSION["uid"] = $user_id;
662 $_SESSION["version"] = VERSION_STATIC
;
663 $_SESSION["auth_module"] = $auth_module;
666 $sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users
668 $sth->execute([$user_id]);
669 $row = $sth->fetch();
671 $_SESSION["name"] = $row["login"];
672 $_SESSION["access_level"] = $row["access_level"];
673 $_SESSION["csrf_token"] = uniqid_short();
675 $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
676 $usth->execute([$user_id]);
678 $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
679 $_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
680 $_SESSION["pwd_hash"] = $row["pwd_hash"];
682 $_SESSION["last_version_check"] = time();
684 initialize_user_prefs($_SESSION["uid"]);
693 $_SESSION["uid"] = 1;
694 $_SESSION["name"] = "admin";
695 $_SESSION["access_level"] = 10;
697 $_SESSION["hide_hello"] = true;
698 $_SESSION["hide_logout"] = true;
700 $_SESSION["auth_module"] = false;
702 if (!$_SESSION["csrf_token"]) {
703 $_SESSION["csrf_token"] = uniqid_short();
706 $_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
708 initialize_user_prefs($_SESSION["uid"]);
714 // this is used for user http parameters unless HTML code is actually needed
715 function clean($param) {
716 if (is_array($param)) {
717 return array_map("strip_tags", $param);
718 } else if (is_string($param)) {
719 return strip_tags($param);
725 function make_password($length = 8) {
728 $possible = "0123456789abcdfghjkmnpqrstvwxyzABCDFGHJKMNPQRSTVWXYZ";
732 while ($i < $length) {
733 $char = substr($possible, mt_rand(0, strlen($possible)-1), 1);
735 if (!strstr($password, $char)) {
743 // this is called after user is created to initialize default feeds, labels
746 // user preferences are checked on every login, not here
748 function initialize_user($uid) {
752 $sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url)
753 values (?, 'Tiny Tiny RSS: Forum',
754 'http://tt-rss.org/forum/rss.php')");
755 $sth->execute([$uid]);
758 function logout_user() {
760 if (isset($_COOKIE[session_name()])) {
761 setcookie(session_name(), '', time()-42000, '/');
766 function validate_csrf($csrf_token) {
767 return $csrf_token == $_SESSION['csrf_token'];
770 function load_user_plugins($owner_uid, $pluginhost = false) {
772 if (!$pluginhost) $pluginhost = PluginHost
::getInstance();
774 if ($owner_uid && SCHEMA_VERSION
>= 100) {
775 $plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
777 $pluginhost->load($plugins, PluginHost
::KIND_USER
, $owner_uid);
779 if (get_schema_version() > 100) {
780 $pluginhost->load_data();
785 function login_sequence() {
788 if (SINGLE_USER_MODE
) {
790 authenticate_user("admin", null);
792 load_user_plugins($_SESSION["uid"]);
794 if (!validate_session()) $_SESSION["uid"] = false;
796 if (!$_SESSION["uid"]) {
798 if (AUTH_AUTO_LOGIN
&& authenticate_user(null, null)) {
799 $_SESSION["ref_schema_version"] = get_schema_version(true);
801 authenticate_user(null, null, true);
804 if (!$_SESSION["uid"]) {
812 /* bump login timestamp */
813 $sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
814 $sth->execute([$_SESSION['uid']]);
816 $_SESSION["last_login_update"] = time();
819 if ($_SESSION["uid"]) {
821 load_user_plugins($_SESSION["uid"]);
825 $sth = $pdo->prepare("DELETE FROM ttrss_counters_cache WHERE owner_uid = ?
827 (SELECT COUNT(id) FROM ttrss_feeds WHERE
828 ttrss_feeds.id = feed_id) = 0");
830 $sth->execute([$_SESSION['uid']]);
832 $sth = $pdo->prepare("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ?
834 (SELECT COUNT(id) FROM ttrss_feed_categories WHERE
835 ttrss_feed_categories.id = feed_id) = 0");
837 $sth->execute([$_SESSION['uid']]);
843 function truncate_string($str, $max_len, $suffix = '…') {
844 if (mb_strlen($str, "utf-8") > $max_len) {
845 return mb_substr($str, 0, $max_len, "utf-8") . $suffix;
852 function truncate_middle($str, $max_len, $suffix = '…') {
853 if (strlen($str) > $max_len) {
854 return substr_replace($str, $suffix, $max_len / 2, mb_strlen($str) - $max_len);
860 function convert_timestamp($timestamp, $source_tz, $dest_tz) {
863 $source_tz = new DateTimeZone($source_tz);
864 } catch (Exception
$e) {
865 $source_tz = new DateTimeZone('UTC');
869 $dest_tz = new DateTimeZone($dest_tz);
870 } catch (Exception
$e) {
871 $dest_tz = new DateTimeZone('UTC');
874 $dt = new DateTime(date('Y-m-d H:i:s', $timestamp), $source_tz);
875 return $dt->format('U') +
$dest_tz->getOffset($dt);
878 function make_local_datetime($timestamp, $long, $owner_uid = false,
879 $no_smart_dt = false, $eta_min = false) {
881 if (!$owner_uid) $owner_uid = $_SESSION['uid'];
882 if (!$timestamp) $timestamp = '1970-01-01 0:00';
887 if (!$utc_tz) $utc_tz = new DateTimeZone('UTC');
889 $timestamp = substr($timestamp, 0, 19);
891 # We store date in UTC internally
892 $dt = new DateTime($timestamp, $utc_tz);
894 $user_tz_string = get_pref('USER_TIMEZONE', $owner_uid);
896 if ($user_tz_string != 'Automatic') {
899 if (!$user_tz) $user_tz = new DateTimeZone($user_tz_string);
900 } catch (Exception
$e) {
904 $tz_offset = $user_tz->getOffset($dt);
906 $tz_offset = (int) -$_SESSION["clientTzOffset"];
909 $user_timestamp = $dt->format('U') +
$tz_offset;
912 return smart_date_time($user_timestamp,
913 $tz_offset, $owner_uid, $eta_min);
916 $format = get_pref('LONG_DATE_FORMAT', $owner_uid);
918 $format = get_pref('SHORT_DATE_FORMAT', $owner_uid);
920 return date($format, $user_timestamp);
924 function smart_date_time($timestamp, $tz_offset = 0, $owner_uid = false, $eta_min = false) {
925 if (!$owner_uid) $owner_uid = $_SESSION['uid'];
927 if ($eta_min && time() +
$tz_offset - $timestamp < 3600) {
928 return T_sprintf("%d min", date("i", time() +
$tz_offset - $timestamp));
929 } else if (date("Y.m.d", $timestamp) == date("Y.m.d", time() +
$tz_offset)) {
930 return date("G:i", $timestamp);
931 } else if (date("Y", $timestamp) == date("Y", time() +
$tz_offset)) {
932 $format = get_pref('SHORT_DATE_FORMAT', $owner_uid);
933 return date($format, $timestamp);
935 $format = get_pref('LONG_DATE_FORMAT', $owner_uid);
936 return date($format, $timestamp);
940 function sql_bool_to_bool($s) {
941 return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer
944 function bool_to_sql_bool($s) {
948 // Session caching removed due to causing wrong redirects to upgrade
949 // script when get_schema_version() is called on an obsolete session
950 // created on a previous schema version.
951 function get_schema_version($nocache = false) {
952 global $schema_version;
956 if (!$schema_version && !$nocache) {
957 $row = $pdo->query("SELECT schema_version FROM ttrss_version")->fetch();
958 $version = $row["schema_version"];
959 $schema_version = $version;
962 return $schema_version;
966 function sanity_check() {
967 require_once 'errors.php';
971 $schema_version = get_schema_version(true);
973 if ($schema_version != SCHEMA_VERSION
) {
977 return array("code" => $error_code, "message" => $ERRORS[$error_code]);
980 function file_is_locked($filename) {
981 if (file_exists(LOCK_DIRECTORY
. "/$filename")) {
982 if (function_exists('flock')) {
983 $fp = @fopen
(LOCK_DIRECTORY
. "/$filename", "r");
985 if (flock($fp, LOCK_EX | LOCK_NB
)) {
996 return true; // consider the file always locked and skip the test
1003 function make_lockfile($filename) {
1004 $fp = fopen(LOCK_DIRECTORY
. "/$filename", "w");
1006 if ($fp && flock($fp, LOCK_EX | LOCK_NB
)) {
1007 $stat_h = fstat($fp);
1008 $stat_f = stat(LOCK_DIRECTORY
. "/$filename");
1010 if (strtoupper(substr(PHP_OS
, 0, 3)) !== 'WIN') {
1011 if ($stat_h["ino"] != $stat_f["ino"] ||
1012 $stat_h["dev"] != $stat_f["dev"]) {
1018 if (function_exists('posix_getpid')) {
1019 fwrite($fp, posix_getpid() . "\n");
1027 function make_stampfile($filename) {
1028 $fp = fopen(LOCK_DIRECTORY
. "/$filename", "w");
1030 if (flock($fp, LOCK_EX | LOCK_NB
)) {
1031 fwrite($fp, time() . "\n");
1032 flock($fp, LOCK_UN
);
1040 function sql_random_function() {
1041 if (DB_TYPE
== "mysql") {
1048 function getFeedUnread($feed, $is_cat = false) {
1049 return Feeds
::getFeedArticles($feed, $is_cat, true, $_SESSION["uid"]);
1052 function checkbox_to_sql_bool($val) {
1053 return ($val == "on") ?
1 : 0;
1056 function uniqid_short() {
1057 return uniqid(base_convert(rand(), 10, 36));
1060 function make_init_params() {
1063 foreach (array("ON_CATCHUP_SHOW_NEXT_FEED", "HIDE_READ_FEEDS",
1064 "ENABLE_FEED_CATS", "FEEDS_SORT_BY_UNREAD", "CONFIRM_FEED_CATCHUP",
1065 "CDM_AUTO_CATCHUP", "FRESH_ARTICLE_MAX_AGE",
1066 "HIDE_READ_SHOWS_SPECIAL", "COMBINED_DISPLAY_MODE") as $param) {
1068 $params[strtolower($param)] = (int) get_pref($param);
1071 $params["icons_url"] = ICONS_URL
;
1072 $params["cookie_lifetime"] = SESSION_COOKIE_LIFETIME
;
1073 $params["default_view_mode"] = get_pref("_DEFAULT_VIEW_MODE");
1074 $params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
1075 $params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
1076 $params["bw_limit"] = (int) $_SESSION["bw_limit"];
1077 $params["is_default_pw"] = Pref_Prefs
::isdefaultpassword();
1078 $params["label_base_index"] = (int) LABEL_BASE_INDEX
;
1080 $theme = get_pref( "USER_CSS_THEME", false, false);
1081 $params["theme"] = theme_valid("$theme") ?
$theme : "";
1083 $params["plugins"] = implode(", ", PluginHost
::getInstance()->get_plugin_names());
1085 $params["php_platform"] = PHP_OS
;
1086 $params["php_version"] = PHP_VERSION
;
1088 $params["sanity_checksum"] = sha1(file_get_contents("include/sanity_check.php"));
1092 $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
1093 ttrss_feeds WHERE owner_uid = ?");
1094 $sth->execute([$_SESSION['uid']]);
1095 $row = $sth->fetch();
1097 $max_feed_id = $row["mid"];
1098 $num_feeds = $row["nf"];
1100 $params["max_feed_id"] = (int) $max_feed_id;
1101 $params["num_feeds"] = (int) $num_feeds;
1103 $params["hotkeys"] = get_hotkeys_map();
1105 $params["csrf_token"] = $_SESSION["csrf_token"];
1106 $params["widescreen"] = (int) $_COOKIE["ttrss_widescreen"];
1108 $params['simple_update'] = defined('SIMPLE_UPDATE_MODE') && SIMPLE_UPDATE_MODE
;
1110 $params["icon_alert"] = base64_img("images/alert.png");
1111 $params["icon_information"] = base64_img("images/information.png");
1112 $params["icon_cross"] = base64_img("images/cross.png");
1113 $params["icon_indicator_white"] = base64_img("images/indicator_white.gif");
1115 $params["labels"] = Labels
::get_all_labels($_SESSION["uid"]);
1120 function get_hotkeys_info() {
1122 __("Navigation") => array(
1123 "next_feed" => __("Open next feed"),
1124 "prev_feed" => __("Open previous feed"),
1125 "next_article" => __("Open next article"),
1126 "prev_article" => __("Open previous article"),
1127 "next_article_noscroll" => __("Open next article (don't scroll long articles)"),
1128 "prev_article_noscroll" => __("Open previous article (don't scroll long articles)"),
1129 "next_article_noexpand" => __("Move to next article (don't expand or mark read)"),
1130 "prev_article_noexpand" => __("Move to previous article (don't expand or mark read)"),
1131 "search_dialog" => __("Show search dialog")),
1132 __("Article") => array(
1133 "toggle_mark" => __("Toggle starred"),
1134 "toggle_publ" => __("Toggle published"),
1135 "toggle_unread" => __("Toggle unread"),
1136 "edit_tags" => __("Edit tags"),
1137 "open_in_new_window" => __("Open in new window"),
1138 "catchup_below" => __("Mark below as read"),
1139 "catchup_above" => __("Mark above as read"),
1140 "article_scroll_down" => __("Scroll down"),
1141 "article_scroll_up" => __("Scroll up"),
1142 "select_article_cursor" => __("Select article under cursor"),
1143 "email_article" => __("Email article"),
1144 "close_article" => __("Close/collapse article"),
1145 "toggle_expand" => __("Toggle article expansion (combined mode)"),
1146 "toggle_widescreen" => __("Toggle widescreen mode"),
1147 "toggle_embed_original" => __("Toggle embed original")),
1148 __("Article selection") => array(
1149 "select_all" => __("Select all articles"),
1150 "select_unread" => __("Select unread"),
1151 "select_marked" => __("Select starred"),
1152 "select_published" => __("Select published"),
1153 "select_invert" => __("Invert selection"),
1154 "select_none" => __("Deselect everything")),
1155 __("Feed") => array(
1156 "feed_refresh" => __("Refresh current feed"),
1157 "feed_unhide_read" => __("Un/hide read feeds"),
1158 "feed_subscribe" => __("Subscribe to feed"),
1159 "feed_edit" => __("Edit feed"),
1160 "feed_catchup" => __("Mark as read"),
1161 "feed_reverse" => __("Reverse headlines"),
1162 "feed_toggle_vgroup" => __("Toggle headline grouping"),
1163 "feed_debug_update" => __("Debug feed update"),
1164 "feed_debug_viewfeed" => __("Debug viewfeed()"),
1165 "catchup_all" => __("Mark all feeds as read"),
1166 "cat_toggle_collapse" => __("Un/collapse current category"),
1167 "toggle_combined_mode" => __("Toggle combined mode")),
1168 __("Go to") => array(
1169 "goto_all" => __("All articles"),
1170 "goto_fresh" => __("Fresh"),
1171 "goto_marked" => __("Starred"),
1172 "goto_published" => __("Published"),
1173 "goto_tagcloud" => __("Tag cloud"),
1174 "goto_prefs" => __("Preferences")),
1175 __("Other") => array(
1176 "create_label" => __("Create label"),
1177 "create_filter" => __("Create filter"),
1178 "collapse_sidebar" => __("Un/collapse sidebar"),
1179 "help_dialog" => __("Show help dialog"))
1182 foreach (PluginHost
::getInstance()->get_hooks(PluginHost
::HOOK_HOTKEY_INFO
) as $plugin) {
1183 $hotkeys = $plugin->hook_hotkey_info($hotkeys);
1189 function get_hotkeys_map() {
1191 // "navigation" => array(
1194 "n" => "next_article",
1195 "p" => "prev_article",
1196 "(38)|up" => "prev_article",
1197 "(40)|down" => "next_article",
1198 // "^(38)|Ctrl-up" => "prev_article_noscroll",
1199 // "^(40)|Ctrl-down" => "next_article_noscroll",
1200 "(191)|/" => "search_dialog",
1201 // "article" => array(
1202 "s" => "toggle_mark",
1203 "*s" => "toggle_publ",
1204 "u" => "toggle_unread",
1205 "*t" => "edit_tags",
1206 "o" => "open_in_new_window",
1207 "c p" => "catchup_below",
1208 "c n" => "catchup_above",
1209 "*n" => "article_scroll_down",
1210 "*p" => "article_scroll_up",
1211 "*(38)|Shift+up" => "article_scroll_up",
1212 "*(40)|Shift+down" => "article_scroll_down",
1213 "a *w" => "toggle_widescreen",
1214 "a e" => "toggle_embed_original",
1215 "e" => "email_article",
1216 "a q" => "close_article",
1217 // "article_selection" => array(
1218 "a a" => "select_all",
1219 "a u" => "select_unread",
1220 "a *u" => "select_marked",
1221 "a p" => "select_published",
1222 "a i" => "select_invert",
1223 "a n" => "select_none",
1225 "f r" => "feed_refresh",
1226 "f a" => "feed_unhide_read",
1227 "f s" => "feed_subscribe",
1228 "f e" => "feed_edit",
1229 "f q" => "feed_catchup",
1230 "f x" => "feed_reverse",
1231 "f g" => "feed_toggle_vgroup",
1232 "f *d" => "feed_debug_update",
1233 "f *g" => "feed_debug_viewfeed",
1234 "f *c" => "toggle_combined_mode",
1235 "*q" => "catchup_all",
1236 "x" => "cat_toggle_collapse",
1238 "g a" => "goto_all",
1239 "g f" => "goto_fresh",
1240 "g s" => "goto_marked",
1241 "g p" => "goto_published",
1242 "g t" => "goto_tagcloud",
1243 "g *p" => "goto_prefs",
1244 // "other" => array(
1245 "(9)|Tab" => "select_article_cursor", // tab
1246 "c l" => "create_label",
1247 "c f" => "create_filter",
1248 "c s" => "collapse_sidebar",
1249 "^(191)|Ctrl+/" => "help_dialog",
1252 $hotkeys["^(38)|Ctrl-up"] = "prev_article_noscroll";
1253 $hotkeys["^(40)|Ctrl-down"] = "next_article_noscroll";
1255 foreach (PluginHost
::getInstance()->get_hooks(PluginHost
::HOOK_HOTKEY_MAP
) as $plugin) {
1256 $hotkeys = $plugin->hook_hotkey_map($hotkeys);
1259 $prefixes = array();
1261 foreach (array_keys($hotkeys) as $hotkey) {
1262 $pair = explode(" ", $hotkey, 2);
1264 if (count($pair) > 1 && !in_array($pair[0], $prefixes)) {
1265 array_push($prefixes, $pair[0]);
1269 return array($prefixes, $hotkeys);
1272 function check_for_update() {
1273 if (defined("GIT_VERSION_TIMESTAMP")) {
1274 $content = @fetch_file_contents
(array("url" => "http://tt-rss.org/version.json", "timeout" => 5));
1277 $content = json_decode($content, true);
1279 if ($content && isset($content["changeset"])) {
1280 if ((int)GIT_VERSION_TIMESTAMP
< (int)$content["changeset"]["timestamp"] &&
1281 GIT_VERSION_HEAD
!= $content["changeset"]["id"]) {
1283 return $content["changeset"]["id"];
1292 function make_runtime_info($disable_update_check = false) {
1297 $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
1298 ttrss_feeds WHERE owner_uid = ?");
1299 $sth->execute([$_SESSION['uid']]);
1300 $row = $sth->fetch();
1302 $max_feed_id = $row['mid'];
1303 $num_feeds = $row['nf'];
1305 $data["max_feed_id"] = (int) $max_feed_id;
1306 $data["num_feeds"] = (int) $num_feeds;
1308 $data['last_article_id'] = Article
::getLastArticleId();
1310 $data['dep_ts'] = calculate_dep_timestamp();
1311 $data['reload_on_ts_change'] = !defined('_NO_RELOAD_ON_TS_CHANGE');
1313 $data["labels"] = Labels
::get_all_labels($_SESSION["uid"]);
1315 if (CHECK_FOR_UPDATES
&& !$disable_update_check && $_SESSION["last_version_check"] +
86400 +
rand(-1000, 1000) < time()) {
1316 $update_result = @check_for_update
();
1318 $data["update_result"] = $update_result;
1320 $_SESSION["last_version_check"] = time();
1323 if (file_exists(LOCK_DIRECTORY
. "/update_daemon.lock")) {
1325 $data['daemon_is_running'] = (int) file_is_locked("update_daemon.lock");
1327 if (time() - $_SESSION["daemon_stamp_check"] > 30) {
1329 $stamp = (int) @file_get_contents
(LOCK_DIRECTORY
. "/update_daemon.stamp");
1332 $stamp_delta = time() - $stamp;
1334 if ($stamp_delta > 1800) {
1338 $_SESSION["daemon_stamp_check"] = time();
1341 $data['daemon_stamp_ok'] = $stamp_check;
1343 $stamp_fmt = date("Y.m.d, G:i", $stamp);
1345 $data['daemon_stamp'] = $stamp_fmt;
1353 function search_to_sql($search, $search_language) {
1355 $keywords = str_getcsv(trim($search), " ");
1356 $query_keywords = array();
1357 $search_words = array();
1358 $search_query_leftover = array();
1362 if ($search_language)
1363 $search_language = $pdo->quote(mb_strtolower($search_language));
1365 $search_language = $pdo->quote("english");
1367 foreach ($keywords as $k) {
1368 if (strpos($k, "-") === 0) {
1375 $commandpair = explode(":", mb_strtolower($k), 2);
1377 switch ($commandpair[0]) {
1379 if ($commandpair[1]) {
1380 array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE ".
1381 $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%') ."))");
1383 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
1384 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1385 array_push($search_words, $k);
1389 if ($commandpair[1]) {
1390 array_push($query_keywords, "($not (LOWER(author) LIKE ".
1391 $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
1393 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
1394 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1395 array_push($search_words, $k);
1399 if ($commandpair[1]) {
1400 if ($commandpair[1] == "true")
1401 array_push($query_keywords, "($not (note IS NOT NULL AND note != ''))");
1402 else if ($commandpair[1] == "false")
1403 array_push($query_keywords, "($not (note IS NULL OR note = ''))");
1405 array_push($query_keywords, "($not (LOWER(note) LIKE ".
1406 $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
1408 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
1409 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1410 if (!$not) array_push($search_words, $k);
1415 if ($commandpair[1]) {
1416 if ($commandpair[1] == "true")
1417 array_push($query_keywords, "($not (marked = true))");
1419 array_push($query_keywords, "($not (marked = false))");
1421 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
1422 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1423 if (!$not) array_push($search_words, $k);
1427 if ($commandpair[1]) {
1428 if ($commandpair[1] == "true")
1429 array_push($query_keywords, "($not (published = true))");
1431 array_push($query_keywords, "($not (published = false))");
1434 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
1435 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1436 if (!$not) array_push($search_words, $k);
1440 if ($commandpair[1]) {
1441 if ($commandpair[1] == "true")
1442 array_push($query_keywords, "($not (unread = true))");
1444 array_push($query_keywords, "($not (unread = false))");
1447 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
1448 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1449 if (!$not) array_push($search_words, $k);
1453 if (strpos($k, "@") === 0) {
1455 $user_tz_string = get_pref('USER_TIMEZONE', $_SESSION['uid']);
1456 $orig_ts = strtotime(substr($k, 1));
1457 $k = date("Y-m-d", convert_timestamp($orig_ts, $user_tz_string, 'UTC'));
1459 //$k = date("Y-m-d", strtotime(substr($k, 1)));
1461 array_push($query_keywords, "(".SUBSTRING_FOR_DATE
."(updated,1,LENGTH('$k')) $not = '$k')");
1464 if (DB_TYPE
== "pgsql") {
1465 $k = mb_strtolower($k);
1466 array_push($search_query_leftover, $not ?
"!$k" : $k);
1468 array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
1469 OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
1472 if (!$not) array_push($search_words, $k);
1477 if (count($search_query_leftover) > 0) {
1478 $search_query_leftover = $pdo->quote(implode(" & ", $search_query_leftover));
1480 if (DB_TYPE
== "pgsql") {
1481 array_push($query_keywords,
1482 "(tsvector_combined @@ to_tsquery($search_language, $search_query_leftover))");
1487 $search_query_part = implode("AND", $query_keywords);
1489 return array($search_query_part, $search_words);
1492 function iframe_whitelisted($entry) {
1493 $whitelist = array("youtube.com", "youtu.be", "vimeo.com", "player.vimeo.com");
1495 @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST
);
1498 foreach ($whitelist as $w) {
1499 if ($src == $w ||
$src == "www.$w")
1507 // check for locally cached (media) URLs and rewrite to local versions
1508 // this is called separately after sanitize() and plugin render article hooks to allow
1509 // plugins work on original source URLs used before caching
1511 function rewrite_cached_urls($str) {
1512 $charset_hack = '<head>
1513 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
1516 $res = trim($str); if (!$res) return '';
1518 $doc = new DOMDocument();
1519 $doc->loadHTML($charset_hack . $res);
1520 $xpath = new DOMXPath($doc);
1522 $entries = $xpath->query('(//img[@src]|//video[@poster]|//video/source[@src]|//audio/source[@src])');
1524 $need_saving = false;
1526 foreach ($entries as $entry) {
1528 if ($entry->hasAttribute('src') ||
$entry->hasAttribute('poster')) {
1530 // should be already absolutized because this is called after sanitize()
1531 $src = $entry->hasAttribute('poster') ?
$entry->getAttribute('poster') : $entry->getAttribute('src');
1532 $cached_filename = CACHE_DIR
. '/images/' . sha1($src);
1534 if (file_exists($cached_filename)) {
1536 // this is strictly cosmetic
1537 if ($entry->tagName
== 'img') {
1539 } else if ($entry->parentNode
&& $entry->parentNode
->tagName
== "video") {
1541 } else if ($entry->parentNode
&& $entry->parentNode
->tagName
== "audio") {
1547 $src = get_self_url_prefix() . '/public.php?op=cached_url&hash=' . sha1($src) . $suffix;
1549 if ($entry->hasAttribute('poster'))
1550 $entry->setAttribute('poster', $src);
1552 $entry->setAttribute('src', $src);
1554 $need_saving = true;
1560 $doc->removeChild($doc->firstChild
); //remove doctype
1561 $res = $doc->saveHTML();
1567 function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
1568 if (!$owner) $owner = $_SESSION["uid"];
1570 $res = trim($str); if (!$res) return '';
1572 $charset_hack = '<head>
1573 <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
1576 $res = trim($res); if (!$res) return '';
1578 libxml_use_internal_errors(true);
1580 $doc = new DOMDocument();
1581 $doc->loadHTML($charset_hack . $res);
1582 $xpath = new DOMXPath($doc);
1584 $rewrite_base_url = $site_url ?
$site_url : get_self_url_prefix();
1586 $entries = $xpath->query('(//a[@href]|//img[@src]|//video/source[@src]|//audio/source[@src])');
1588 foreach ($entries as $entry) {
1590 if ($entry->hasAttribute('href')) {
1591 $entry->setAttribute('href',
1592 rewrite_relative_url($rewrite_base_url, $entry->getAttribute('href')));
1594 $entry->setAttribute('rel', 'noopener noreferrer');
1597 if ($entry->hasAttribute('src')) {
1598 $src = rewrite_relative_url($rewrite_base_url, $entry->getAttribute('src'));
1600 // cache stuff has gone to rewrite_cached_urls()
1602 $entry->setAttribute('src', $src);
1605 if ($entry->nodeName
== 'img') {
1606 $entry->setAttribute('referrerpolicy', 'no-referrer');
1608 $entry->removeAttribute('width');
1609 $entry->removeAttribute('height');
1611 if ($entry->hasAttribute('src')) {
1612 $is_https_url = parse_url($entry->getAttribute('src'), PHP_URL_SCHEME
) === 'https';
1614 if (is_prefix_https() && !$is_https_url) {
1616 if ($entry->hasAttribute('srcset')) {
1617 $entry->removeAttribute('srcset');
1620 if ($entry->hasAttribute('sizes')) {
1621 $entry->removeAttribute('sizes');
1627 if ($entry->hasAttribute('src') &&
1628 ($owner && get_pref("STRIP_IMAGES", $owner)) ||
$force_remove_images ||
$_SESSION["bw_limit"]) {
1630 $p = $doc->createElement('p');
1632 $a = $doc->createElement('a');
1633 $a->setAttribute('href', $entry->getAttribute('src'));
1635 $a->appendChild(new DOMText($entry->getAttribute('src')));
1636 $a->setAttribute('target', '_blank');
1637 $a->setAttribute('rel', 'noopener noreferrer');
1639 $p->appendChild($a);
1641 if ($entry->nodeName
== 'source') {
1643 if ($entry->parentNode
&& $entry->parentNode
->parentNode
)
1644 $entry->parentNode
->parentNode
->replaceChild($p, $entry->parentNode
);
1646 } else if ($entry->nodeName
== 'img') {
1648 if ($entry->parentNode
)
1649 $entry->parentNode
->replaceChild($p, $entry);
1654 if (strtolower($entry->nodeName
) == "a") {
1655 $entry->setAttribute("target", "_blank");
1656 $entry->setAttribute("rel", "noopener noreferrer");
1660 $entries = $xpath->query('//iframe');
1661 foreach ($entries as $entry) {
1662 if (!iframe_whitelisted($entry)) {
1663 $entry->setAttribute('sandbox', 'allow-scripts');
1665 if (is_prefix_https()) {
1666 $entry->setAttribute("src",
1667 str_replace("http://", "https://",
1668 $entry->getAttribute("src")));
1673 $allowed_elements = array('a', 'abbr', 'address', 'acronym', 'audio', 'article', 'aside',
1674 'b', 'bdi', 'bdo', 'big', 'blockquote', 'body', 'br',
1675 'caption', 'cite', 'center', 'code', 'col', 'colgroup',
1676 'data', 'dd', 'del', 'details', 'description', 'dfn', 'div', 'dl', 'font',
1677 'dt', 'em', 'footer', 'figure', 'figcaption',
1678 'h1', 'h2', 'h3', 'h4', 'h5', 'h6', 'header', 'hr', 'html', 'i',
1679 'img', 'ins', 'kbd', 'li', 'main', 'mark', 'nav', 'noscript',
1680 'ol', 'p', 'pre', 'q', 'ruby', 'rp', 'rt', 's', 'samp', 'section',
1681 'small', 'source', 'span', 'strike', 'strong', 'sub', 'summary',
1682 'sup', 'table', 'tbody', 'td', 'tfoot', 'th', 'thead', 'time',
1683 'tr', 'track', 'tt', 'u', 'ul', 'var', 'wbr', 'video', 'xml:namespace' );
1685 if ($_SESSION['hasSandbox']) $allowed_elements[] = 'iframe';
1687 $disallowed_attributes = array('id', 'style', 'class');
1689 foreach (PluginHost
::getInstance()->get_hooks(PluginHost
::HOOK_SANITIZE
) as $plugin) {
1690 $retval = $plugin->hook_sanitize($doc, $site_url, $allowed_elements, $disallowed_attributes, $article_id);
1691 if (is_array($retval)) {
1693 $allowed_elements = $retval[1];
1694 $disallowed_attributes = $retval[2];
1700 $doc->removeChild($doc->firstChild
); //remove doctype
1701 $doc = strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes);
1703 if ($highlight_words) {
1704 foreach ($highlight_words as $word) {
1706 // http://stackoverflow.com/questions/4081372/highlight-keywords-in-a-paragraph
1708 $elements = $xpath->query("//*/text()");
1710 foreach ($elements as $child) {
1712 $fragment = $doc->createDocumentFragment();
1713 $text = $child->textContent
;
1715 while (($pos = mb_stripos($text, $word)) !== false) {
1716 $fragment->appendChild(new DomText(mb_substr($text, 0, $pos)));
1717 $word = mb_substr($text, $pos, mb_strlen($word));
1718 $highlight = $doc->createElement('span');
1719 $highlight->appendChild(new DomText($word));
1720 $highlight->setAttribute('class', 'highlight');
1721 $fragment->appendChild($highlight);
1722 $text = mb_substr($text, $pos +
mb_strlen($word));
1725 if (!empty($text)) $fragment->appendChild(new DomText($text));
1727 $child->parentNode
->replaceChild($fragment, $child);
1732 $res = $doc->saveHTML();
1734 /* strip everything outside of <body>...</body> */
1736 $res_frag = array();
1737 if (preg_match('/<body>(.*)<\/body>/is', $res, $res_frag)) {
1738 return $res_frag[1];
1744 function strip_harmful_tags($doc, $allowed_elements, $disallowed_attributes) {
1745 $xpath = new DOMXPath($doc);
1746 $entries = $xpath->query('//*');
1748 foreach ($entries as $entry) {
1749 if (!in_array($entry->nodeName
, $allowed_elements)) {
1750 $entry->parentNode
->removeChild($entry);
1753 if ($entry->hasAttributes()) {
1754 $attrs_to_remove = array();
1756 foreach ($entry->attributes
as $attr) {
1758 if (strpos($attr->nodeName
, 'on') === 0) {
1759 array_push($attrs_to_remove, $attr);
1762 if (strpos($attr->nodeName
, "data-") === 0) {
1763 array_push($attrs_to_remove, $attr);
1766 if ($attr->nodeName
== 'href' && stripos($attr->value
, 'javascript:') === 0) {
1767 array_push($attrs_to_remove, $attr);
1770 if (in_array($attr->nodeName
, $disallowed_attributes)) {
1771 array_push($attrs_to_remove, $attr);
1775 foreach ($attrs_to_remove as $attr) {
1776 $entry->removeAttributeNode($attr);
1784 function trim_array($array) {
1786 array_walk($tmp, 'trim');
1790 function tag_is_valid($tag) {
1791 if (!$tag ||
is_numeric($tag) ||
mb_strlen($tag) > 250)
1797 function render_login_form() {
1798 header('Cache-Control: public');
1800 require_once "login_form.php";
1804 function T_sprintf() {
1805 $args = func_get_args();
1806 return vsprintf(__(array_shift($args)), $args);
1809 function print_checkpoint($n, $s) {
1810 $ts = microtime(true);
1811 echo sprintf("<!-- CP[$n] %.4f seconds -->\n", $ts - $s);
1815 function sanitize_tag($tag) {
1818 $tag = mb_strtolower($tag, 'utf-8');
1820 $tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag);
1822 if (DB_TYPE
== "mysql") {
1823 $tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag);
1829 function is_server_https() {
1830 return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
$_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https';
1833 function is_prefix_https() {
1834 return parse_url(SELF_URL_PATH
, PHP_URL_SCHEME
) == 'https';
1837 // this returns SELF_URL_PATH sans ending slash
1838 function get_self_url_prefix() {
1839 if (strrpos(SELF_URL_PATH
, "/") === strlen(SELF_URL_PATH
)-1) {
1840 return substr(SELF_URL_PATH
, 0, strlen(SELF_URL_PATH
)-1);
1842 return SELF_URL_PATH
;
1846 function encrypt_password($pass, $salt = '', $mode2 = false) {
1847 if ($salt && $mode2) {
1848 return "MODE2:" . hash('sha256', $salt . $pass);
1850 return "SHA1X:" . sha1("$salt:$pass");
1852 return "SHA1:" . sha1($pass);
1854 } // function encrypt_password
1856 function load_filters($feed_id, $owner_uid) {
1859 $feed_id = (int) $feed_id;
1860 $cat_id = (int)Feeds
::getFeedCategory($feed_id);
1863 $null_cat_qpart = "cat_id IS NULL OR";
1865 $null_cat_qpart = "";
1869 $sth = $pdo->prepare("SELECT * FROM ttrss_filters2 WHERE
1870 owner_uid = ? AND enabled = true ORDER BY order_id, title");
1871 $sth->execute([$owner_uid]);
1873 $check_cats = array_merge(
1874 Feeds
::getParentCategories($cat_id, $owner_uid),
1877 $check_cats_str = join(",", $check_cats);
1878 $check_cats_fullids = array_map(function($a) { return "CAT:$a"; }, $check_cats);
1880 while ($line = $sth->fetch()) {
1881 $filter_id = $line["id"];
1883 $match_any_rule = sql_bool_to_bool($line["match_any_rule"]);
1885 $sth2 = $pdo->prepare("SELECT
1886 r.reg_exp, r.inverse, r.feed_id, r.cat_id, r.cat_filter, r.match_on, t.name AS type_name
1887 FROM ttrss_filters2_rules AS r,
1888 ttrss_filter_types AS t
1890 (match_on IS NOT NULL OR
1891 (($null_cat_qpart (cat_id IS NULL AND cat_filter = false) OR cat_id IN ($check_cats_str)) AND
1892 (feed_id IS NULL OR feed_id = ?))) AND
1893 filter_type = t.id AND filter_id = ?");
1894 $sth2->execute([$feed_id, $filter_id]);
1899 while ($rule_line = $sth2->fetch()) {
1900 # print_r($rule_line);
1902 if ($rule_line["match_on"]) {
1903 $match_on = json_decode($rule_line["match_on"], true);
1905 if (in_array("0", $match_on) ||
in_array($feed_id, $match_on) ||
count(array_intersect($check_cats_fullids, $match_on)) > 0) {
1908 $rule["reg_exp"] = $rule_line["reg_exp"];
1909 $rule["type"] = $rule_line["type_name"];
1910 $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]);
1912 array_push($rules, $rule);
1913 } else if (!$match_any_rule) {
1914 // this filter contains a rule that doesn't match to this feed/category combination
1915 // thus filter has to be rejected
1924 $rule["reg_exp"] = $rule_line["reg_exp"];
1925 $rule["type"] = $rule_line["type_name"];
1926 $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]);
1928 array_push($rules, $rule);
1932 if (count($rules) > 0) {
1933 $sth2 = $pdo->prepare("SELECT a.action_param,t.name AS type_name
1934 FROM ttrss_filters2_actions AS a,
1935 ttrss_filter_actions AS t
1937 action_id = t.id AND filter_id = ?");
1938 $sth2->execute([$filter_id]);
1940 while ($action_line = $sth2->fetch()) {
1941 # print_r($action_line);
1944 $action["type"] = $action_line["type_name"];
1945 $action["param"] = $action_line["action_param"];
1947 array_push($actions, $action);
1952 $filter["match_any_rule"] = sql_bool_to_bool($line["match_any_rule"]);
1953 $filter["inverse"] = sql_bool_to_bool($line["inverse"]);
1954 $filter["rules"] = $rules;
1955 $filter["actions"] = $actions;
1957 if (count($rules) > 0 && count($actions) > 0) {
1958 array_push($filters, $filter);
1965 function get_score_pic($score) {
1967 return "score_high.png";
1968 } else if ($score > 0) {
1969 return "score_half_high.png";
1970 } else if ($score < -100) {
1971 return "score_low.png";
1972 } else if ($score < 0) {
1973 return "score_half_low.png";
1975 return "score_neutral.png";
1979 function init_plugins() {
1980 PluginHost
::getInstance()->load(PLUGINS
, PluginHost
::KIND_ALL
);
1985 function add_feed_category($feed_cat, $parent_cat_id = false) {
1987 if (!$feed_cat) return false;
1989 $feed_cat = mb_substr($feed_cat, 0, 250);
1990 if (!$parent_cat_id) $parent_cat_id = null;
1993 $tr_in_progress = false;
1996 $pdo->beginTransaction();
1997 } catch (Exception
$e) {
1998 $tr_in_progress = true;
2001 $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
2002 WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL))
2003 AND title = :title AND owner_uid = :uid");
2004 $sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]);
2006 if (!$sth->fetch()) {
2008 $sth = $pdo->prepare("INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
2010 $sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id]);
2012 if (!$tr_in_progress) $pdo->commit();
2023 * Fixes incomplete URLs by prepending "http://".
2024 * Also replaces feed:// with http://, and
2025 * prepends a trailing slash if the url is a domain name only.
2027 * @param string $url Possibly incomplete URL
2029 * @return string Fixed URL.
2031 function fix_url($url) {
2033 // support schema-less urls
2034 if (strpos($url, '//') === 0) {
2035 $url = 'https:' . $url;
2038 if (strpos($url, '://') === false) {
2039 $url = 'http://' . $url;
2040 } else if (substr($url, 0, 5) == 'feed:') {
2041 $url = 'http:' . substr($url, 5);
2044 //prepend slash if the URL has no slash in it
2045 // "http://www.example" -> "http://www.example/"
2046 if (strpos($url, '/', strpos($url, ':') +
3) === false) {
2050 //convert IDNA hostname to punycode if possible
2051 if (function_exists("idn_to_ascii")) {
2052 $parts = parse_url($url);
2053 if (mb_detect_encoding($parts['host']) != 'ASCII')
2055 $parts['host'] = idn_to_ascii($parts['host']);
2056 $url = build_url($parts);
2060 if ($url != "http:///")
2066 function validate_feed_url($url) {
2067 $parts = parse_url($url);
2069 return ($parts['scheme'] == 'http' ||
$parts['scheme'] == 'feed' ||
$parts['scheme'] == 'https');
2073 /* function save_email_address($email) {
2074 // FIXME: implement persistent storage of emails
2076 if (!$_SESSION['stored_emails'])
2077 $_SESSION['stored_emails'] = array();
2079 if (!in_array($email, $_SESSION['stored_emails']))
2080 array_push($_SESSION['stored_emails'], $email);
2084 function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
2086 if (!$owner_uid) $owner_uid = $_SESSION["uid"];
2088 $is_cat = bool_to_sql_bool($is_cat);
2092 $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys
2093 WHERE feed_id = ? AND is_cat = ?
2094 AND owner_uid = ?");
2095 $sth->execute([$feed_id, $is_cat, $owner_uid]);
2097 if ($row = $sth->fetch()) {
2098 return $row["access_key"];
2100 $key = uniqid_short();
2102 $sth = $pdo->prepare("INSERT INTO ttrss_access_keys
2103 (access_key, feed_id, is_cat, owner_uid)
2104 VALUES (?, ?, ?, ?)");
2106 $sth->execute([$key, $feed_id, $is_cat, $owner_uid]);
2112 function get_feeds_from_html($url, $content)
2114 $url = fix_url($url);
2115 $baseUrl = substr($url, 0, strrpos($url, '/') +
1);
2117 libxml_use_internal_errors(true);
2119 $doc = new DOMDocument();
2120 $doc->loadHTML($content);
2121 $xpath = new DOMXPath($doc);
2122 $entries = $xpath->query('/html/head/link[@rel="alternate" and '.
2123 '(contains(@type,"rss") or contains(@type,"atom"))]|/html/head/link[@rel="feed"]');
2124 $feedUrls = array();
2125 foreach ($entries as $entry) {
2126 if ($entry->hasAttribute('href')) {
2127 $title = $entry->getAttribute('title');
2129 $title = $entry->getAttribute('type');
2131 $feedUrl = rewrite_relative_url(
2132 $baseUrl, $entry->getAttribute('href')
2134 $feedUrls[$feedUrl] = $title;
2140 function is_html($content) {
2141 return preg_match("/<html|DOCTYPE html/i", substr($content, 0, 100)) !== 0;
2144 function url_is_html($url, $login = false, $pass = false) {
2145 return is_html(fetch_file_contents($url, false, $login, $pass));
2148 function build_url($parts) {
2149 return $parts['scheme'] . "://" . $parts['host'] . $parts['path'];
2152 function cleanup_url_path($path) {
2153 $path = str_replace("/./", "/", $path);
2154 $path = str_replace("//", "/", $path);
2160 * Converts a (possibly) relative URL to a absolute one.
2162 * @param string $url Base URL (i.e. from where the document is)
2163 * @param string $rel_url Possibly relative URL in the document
2165 * @return string Absolute URL
2167 function rewrite_relative_url($url, $rel_url) {
2168 if (strpos($rel_url, "://") !== false) {
2170 } else if (strpos($rel_url, "//") === 0) {
2171 # protocol-relative URL (rare but they exist)
2173 } else if (preg_match("/^[a-z]+:/i", $rel_url)) {
2174 # magnet:, feed:, etc
2176 } else if (strpos($rel_url, "/") === 0) {
2177 $parts = parse_url($url);
2178 $parts['path'] = $rel_url;
2179 $parts['path'] = cleanup_url_path($parts['path']);
2181 return build_url($parts);
2184 $parts = parse_url($url);
2185 if (!isset($parts['path'])) {
2186 $parts['path'] = '/';
2188 $dir = $parts['path'];
2189 if (substr($dir, -1) !== '/') {
2190 $dir = dirname($parts['path']);
2191 $dir !== '/' && $dir .= '/';
2193 $parts['path'] = $dir . $rel_url;
2194 $parts['path'] = cleanup_url_path($parts['path']);
2196 return build_url($parts);
2200 function cleanup_tags($days = 14, $limit = 1000) {
2202 $days = (int) $days;
2204 if (DB_TYPE
== "pgsql") {
2205 $interval_query = "date_updated < NOW() - INTERVAL '$days days'";
2206 } else if (DB_TYPE
== "mysql") {
2207 $interval_query = "date_updated < DATE_SUB(NOW(), INTERVAL $days DAY)";
2214 while ($limit > 0) {
2217 $sth = $pdo->prepare("SELECT ttrss_tags.id AS id
2218 FROM ttrss_tags, ttrss_user_entries, ttrss_entries
2219 WHERE post_int_id = int_id AND $interval_query AND
2220 ref_id = ttrss_entries.id AND tag_cache != '' LIMIT ?");
2221 $sth->execute([$limit]);
2225 while ($line = $sth->fetch()) {
2226 array_push($ids, $line['id']);
2229 if (count($ids) > 0) {
2230 $ids = join(",", $ids);
2232 $usth = $pdo->query("DELETE FROM ttrss_tags WHERE id IN ($ids)");
2233 $tags_deleted = $usth->rowCount();
2238 $limit -= $limit_part;
2241 return $tags_deleted;
2244 function print_user_stylesheet() {
2245 $value = get_pref('USER_STYLESHEET');
2248 print "<style type=\"text/css\">";
2249 print str_replace("<br/>", "\n", $value);
2255 function filter_to_sql($filter, $owner_uid) {
2260 if (DB_TYPE
== "pgsql")
2263 $reg_qpart = "REGEXP";
2265 foreach ($filter["rules"] AS $rule) {
2266 $rule['reg_exp'] = str_replace('/', '\/', $rule["reg_exp"]);
2267 $regexp_valid = preg_match('/' . $rule['reg_exp'] . '/',
2268 $rule['reg_exp']) !== FALSE;
2270 if ($regexp_valid) {
2272 $rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
2274 switch ($rule["type"]) {
2276 $qpart = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
2277 $rule['reg_exp'] . "')";
2280 $qpart = "LOWER(ttrss_entries.content) $reg_qpart LOWER('".
2281 $rule['reg_exp'] . "')";
2284 $qpart = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
2285 $rule['reg_exp'] . "') OR LOWER(" .
2286 "ttrss_entries.content) $reg_qpart LOWER('" . $rule['reg_exp'] . "')";
2289 $qpart = "LOWER(ttrss_user_entries.tag_cache) $reg_qpart LOWER('".
2290 $rule['reg_exp'] . "')";
2293 $qpart = "LOWER(ttrss_entries.link) $reg_qpart LOWER('".
2294 $rule['reg_exp'] . "')";
2297 $qpart = "LOWER(ttrss_entries.author) $reg_qpart LOWER('".
2298 $rule['reg_exp'] . "')";
2302 if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
2304 if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
2305 $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
2308 if (isset($rule["cat_id"])) {
2310 if ($rule["cat_id"] > 0) {
2311 $children = Feeds
::getChildCategories($rule["cat_id"], $owner_uid);
2312 array_push($children, $rule["cat_id"]);
2313 $children = array_map("intval", $children);
2315 $children = join(",", $children);
2317 $cat_qpart = "cat_id IN ($children)";
2319 $cat_qpart = "cat_id IS NULL";
2322 $qpart .= " AND $cat_qpart";
2325 $qpart .= " AND feed_id IS NOT NULL";
2327 array_push($query, "($qpart)");
2332 if (count($query) > 0) {
2333 $fullquery = "(" . join($filter["match_any_rule"] ?
"OR" : "AND", $query) . ")";
2335 $fullquery = "(false)";
2338 if ($filter['inverse']) $fullquery = "(NOT $fullquery)";
2343 if (!function_exists('gzdecode')) {
2344 function gzdecode($string) { // no support for 2nd argument
2345 return file_get_contents('compress.zlib://data:who/cares;base64,'.
2346 base64_encode($string));
2350 function get_random_bytes($length) {
2351 if (function_exists('openssl_random_pseudo_bytes')) {
2352 return openssl_random_pseudo_bytes($length);
2356 for ($i = 0; $i < $length; $i++
)
2357 $output .= chr(mt_rand(0, 255));
2363 function read_stdin() {
2364 $fp = fopen("php://stdin", "r");
2367 $line = trim(fgets($fp));
2375 function implements_interface($class, $interface) {
2376 return in_array($interface, class_implements($class));
2379 function get_minified_js($files) {
2383 foreach ($files as $js) {
2384 if (!isset($_GET['debug'])) {
2385 $cached_file = CACHE_DIR
. "/js/".basename($js);
2387 if (file_exists($cached_file) && is_readable($cached_file) && filemtime($cached_file) >= filemtime("js/$js")) {
2389 list($header, $contents) = explode("\n", file_get_contents($cached_file), 2);
2391 if ($header && $contents) {
2392 list($htag, $hversion) = explode(":", $header);
2394 if ($htag == "tt-rss" && $hversion == VERSION
) {
2401 $minified = JShrink\Minifier
::minify(file_get_contents("js/$js"));
2402 file_put_contents($cached_file, "tt-rss:" . VERSION
. "\n" . $minified);
2406 $rv .= file_get_contents("js/$js"); // no cache in debug mode
2413 function calculate_dep_timestamp() {
2414 $files = array_merge(glob("js/*.js"), glob("css/*.css"));
2418 foreach ($files as $file) {
2419 if (filemtime($file) > $max_ts) $max_ts = filemtime($file);
2425 function T_js_decl($s1, $s2) {
2427 $s1 = preg_replace("/\n/", "", $s1);
2428 $s2 = preg_replace("/\n/", "", $s2);
2430 $s1 = preg_replace("/\"/", "\\\"", $s1);
2431 $s2 = preg_replace("/\"/", "\\\"", $s2);
2433 return "T_messages[\"$s1\"] = \"$s2\";\n";
2437 function init_js_translations() {
2439 print 'var T_messages = new Object();
2442 if (T_messages[msg]) {
2443 return T_messages[msg];
2449 function ngettext(msg1, msg2, n) {
2450 return __((parseInt(n) > 1) ? msg2 : msg1);
2453 $l10n = _get_reader();
2455 for ($i = 0; $i < $l10n->total
; $i++
) {
2456 $orig = $l10n->get_original_string($i);
2457 if(strpos($orig, "\000") !== FALSE) { // Plural forms
2458 $key = explode(chr(0), $orig);
2459 print T_js_decl($key[0], _ngettext($key[0], $key[1], 1)); // Singular
2460 print T_js_decl($key[1], _ngettext($key[0], $key[1], 2)); // Plural
2462 $translation = __($orig);
2463 print T_js_decl($orig, $translation);
2468 function get_theme_path($theme) {
2469 if ($theme == "default.php")
2470 return "css/default.css";
2472 $check = "themes/$theme";
2473 if (file_exists($check)) return $check;
2475 $check = "themes.local/$theme";
2476 if (file_exists($check)) return $check;
2479 function theme_valid($theme) {
2480 $bundled_themes = [ "default.php", "night.css", "compact.css" ];
2482 if (in_array($theme, $bundled_themes)) return true;
2484 $file = "themes/" . basename($theme);
2486 if (!file_exists($file)) $file = "themes.local/" . basename($theme);
2488 if (file_exists($file) && is_readable($file)) {
2489 $fh = fopen($file, "r");
2492 $header = fgets($fh);
2495 return strpos($header, "supports-version:" . VERSION_STATIC
) !== FALSE;
2503 * @SuppressWarnings(unused)
2505 function error_json($code) {
2506 require_once "errors.php";
2508 @$message = $ERRORS[$code];
2510 return json_encode(array("error" =>
2511 array("code" => $code, "message" => $message)));
2515 /*function abs_to_rel_path($dir) {
2516 $tmp = str_replace(dirname(__DIR__), "", $dir);
2518 if (strlen($tmp) > 0 && substr($tmp, 0, 1) == "/") $tmp = substr($tmp, 1);
2523 function get_upload_error_message($code) {
2526 0 => __('There is no error, the file uploaded with success'),
2527 1 => __('The uploaded file exceeds the upload_max_filesize directive in php.ini'),
2528 2 => __('The uploaded file exceeds the MAX_FILE_SIZE directive that was specified in the HTML form'),
2529 3 => __('The uploaded file was only partially uploaded'),
2530 4 => __('No file was uploaded'),
2531 6 => __('Missing a temporary folder'),
2532 7 => __('Failed to write file to disk.'),
2533 8 => __('A PHP extension stopped the file upload.'),
2536 return $errors[$code];
2539 function base64_img($filename) {
2540 if (file_exists($filename)) {
2541 $ext = pathinfo($filename, PATHINFO_EXTENSION
);
2543 return "data:image/$ext;base64," . base64_encode(file_get_contents($filename));
2549 /* this is essentially a wrapper for readfile() which allows plugins to hook
2550 output with httpd-specific "fast" implementation i.e. X-Sendfile or whatever else
2552 hook function should return true if request was handled (or at least attempted to)
2554 note that this can be called without user context so the plugin to handle this
2555 should be loaded systemwide in config.php */
2556 function send_local_file($filename) {
2557 if (file_exists($filename)) {
2559 if (is_writable($filename)) touch($filename);
2561 $tmppluginhost = new PluginHost();
2563 $tmppluginhost->load(PLUGINS
, PluginHost
::KIND_SYSTEM
);
2564 $tmppluginhost->load_data();
2566 foreach ($tmppluginhost->get_hooks(PluginHost
::HOOK_SEND_LOCAL_FILE
) as $plugin) {
2567 if ($plugin->hook_send_local_file($filename)) return true;
2570 $mimetype = mime_content_type($filename);
2572 // this is hardly ideal but 1) only media is cached in images/ and 2) seemingly only mp4
2573 // video files are detected as octet-stream by mime_content_type()
2575 if ($mimetype == "application/octet-stream")
2576 $mimetype = "video/mp4";
2578 header("Content-type: $mimetype");
2580 $stamp = gmdate("D, d M Y H:i:s", filemtime($filename)) . " GMT";
2581 header("Last-Modified: $stamp", true);
2583 return readfile($filename);
2589 function check_mysql_tables() {
2592 $sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
2593 table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
2594 $sth->execute([DB_NAME
]);
2598 while ($line = $sth->fetch()) {
2599 array_push($bad_tables, $line);
2605 function validate_field($string, $allowed, $default = "") {
2606 if (in_array($string, $allowed))
2612 function arr_qmarks($arr) {
2613 return str_repeat('?,', count($arr) - 1) . '?';