]> git.wh0rd.org - tt-rss.git/blob - plugins/af_psql_trgm/init.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Prevent target='_blank' vulnerability on dynamic link
[tt-rss.git] / plugins / af_psql_trgm / init.php
1 <?php
2 class Af_Psql_Trgm extends Plugin {
3
4 private $host;
5
6 function about() {
7 return array(1.0,
8 "Marks similar articles as read (requires pg_trgm)",
9 "fox");
10 }
11
12 function save() {
13 $similarity = (float) db_escape_string($_POST["similarity"]);
14 $min_title_length = (int) db_escape_string($_POST["min_title_length"]);
15 $enable_globally = checkbox_to_sql_bool($_POST["enable_globally"]) == "true";
16
17 if ($similarity < 0) $similarity = 0;
18 if ($similarity > 1) $similarity = 1;
19
20 if ($min_title_length < 0) $min_title_length = 0;
21
22 $similarity = sprintf("%.2f", $similarity);
23
24 $this->host->set($this, "similarity", $similarity);
25 $this->host->set($this, "min_title_length", $min_title_length);
26 $this->host->set($this, "enable_globally", $enable_globally);
27
28 echo T_sprintf("Data saved (%s, %d)", $similarity, $enable_globally);
29 }
30
31 function init($host) {
32 $this->host = $host;
33
34 $host->add_hook($host::HOOK_ARTICLE_FILTER, $this);
35 $host->add_hook($host::HOOK_PREFS_TAB, $this);
36 $host->add_hook($host::HOOK_PREFS_EDIT_FEED, $this);
37 $host->add_hook($host::HOOK_PREFS_SAVE_FEED, $this);
38 $host->add_hook($host::HOOK_ARTICLE_BUTTON, $this);
39
40 }
41
42 function get_js() {
43 return file_get_contents(__DIR__ . "/init.js");
44 }
45
46 function showrelated() {
47 $id = (int) db_escape_string($_REQUEST['param']);
48 $owner_uid = $_SESSION["uid"];
49
50 $result = db_query("SELECT title FROM ttrss_entries, ttrss_user_entries
51 WHERE ref_id = id AND id = $id AND owner_uid = $owner_uid");
52
53 $title = db_fetch_result($result, 0, "title");
54
55 print "<h2>$title</h2>";
56
57 $title = db_escape_string($title);
58 $result = db_query("SELECT ttrss_entries.id AS id,
59 feed_id,
60 ttrss_entries.title AS title,
61 updated, link,
62 ttrss_feeds.title AS feed_title,
63 SIMILARITY(ttrss_entries.title, '$title') AS sm
64 FROM
65 ttrss_entries, ttrss_user_entries LEFT JOIN ttrss_feeds ON (ttrss_feeds.id = feed_id)
66 WHERE
67 ttrss_entries.id = ref_id AND
68 ttrss_user_entries.owner_uid = $owner_uid AND
69 ttrss_entries.id != $id AND
70 date_entered >= NOW() - INTERVAL '2 weeks'
71 ORDER BY
72 sm DESC, date_entered DESC
73 LIMIT 10");
74
75 print "<ul class=\"browseFeedList\" style=\"border-width : 1px\">";
76
77 while ($line = db_fetch_assoc($result)) {
78 print "<li>";
79 print "<div class='insensitive small' style='margin-left : 20px; float : right'>" .
80 smart_date_time(strtotime($line["updated"]))
81 . "</div>";
82
83 $sm = sprintf("%.2f", $line['sm']);
84 print "<img src='images/score_high.png' title='$sm'
85 style='vertical-align : middle'>";
86
87 $article_link = htmlspecialchars($line["link"]);
88 print " <a target=\"_blank\" rel=\"noopener noreferrer\" href=\"$article_link\">".
89 $line["title"]."</a>";
90
91 print " (<a href=\"#\" onclick=\"viewfeed({feed:".$line["feed_id"]."})\">".
92 htmlspecialchars($line["feed_title"])."</a>)";
93
94 print " <span class='insensitive'>($sm)</span>";
95
96 print "</li>";
97 }
98
99 print "</ul>";
100
101 print "<div style='text-align : center'>";
102 print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('trgmRelatedDlg').hide()\">".__('Close this window')."</button>";
103 print "</div>";
104
105
106 }
107
108 function hook_article_button($line) {
109 return "<img src=\"plugins/af_psql_trgm/button.png\"
110 style=\"cursor : pointer\" style=\"cursor : pointer\"
111 onclick=\"showTrgmRelated(".$line["id"].")\"
112 class='tagsPic' title='".__('Show related articles')."'>";
113 }
114
115 function hook_prefs_tab($args) {
116 if ($args != "prefFeeds") return;
117
118 print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Mark similar articles as read')."\">";
119
120 if (DB_TYPE != "pgsql") {
121 print_error("Database type not supported.");
122 } else {
123
124 $result = db_query("select 'similarity'::regproc");
125
126 if (db_num_rows($result) == 0) {
127 print_error("pg_trgm extension not found.");
128 }
129
130 $similarity = $this->host->get($this, "similarity");
131 $min_title_length = $this->host->get($this, "min_title_length");
132 $enable_globally = $this->host->get($this, "enable_globally");
133
134 if (!$similarity) $similarity = '0.75';
135 if (!$min_title_length) $min_title_length = '32';
136
137 print "<form dojoType=\"dijit.form.Form\">";
138
139 print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
140 evt.preventDefault();
141 if (this.validate()) {
142 console.log(dojo.objectToQuery(this.getValues()));
143 new Ajax.Request('backend.php', {
144 parameters: dojo.objectToQuery(this.getValues()),
145 onComplete: function(transport) {
146 notify_info(transport.responseText);
147 }
148 });
149 //this.reset();
150 }
151 </script>";
152
153 print_hidden("op", "pluginhandler");
154 print_hidden("method", "save");
155 print_hidden("plugin", "af_psql_trgm");
156
157 print "<p>" . __("PostgreSQL trigram extension returns string similarity as a floating point number (0-1). Setting it too low might produce false positives, zero disables checking.") . "</p>";
158 print_notice("Enable the plugin for specific feeds in the feed editor.");
159
160 print "<h3>" . __("Global settings") . "</h3>";
161
162 print "<table>";
163
164 print "<tr><td width=\"40%\">" . __("Minimum similarity:") . "</td>";
165 print "<td>
166 <input dojoType=\"dijit.form.ValidationTextBox\"
167 placeholder=\"0.75\"
168 required=\"1\" name=\"similarity\" value=\"$similarity\"></td></tr>";
169 print "<tr><td width=\"40%\">" . __("Minimum title length:") . "</td>";
170 print "<td>
171 <input dojoType=\"dijit.form.ValidationTextBox\"
172 placeholder=\"32\"
173 required=\"1\" name=\"min_title_length\" value=\"$min_title_length\"></td></tr>";
174 print "<tr><td width=\"40%\">" . __("Enable for all feeds:") . "</td>";
175 print "<td>";
176 print_checkbox("enable_globally", $enable_globally);
177 print "</td></tr>";
178
179 print "</table>";
180
181 print "<p>"; print_button("submit", __("Save"));
182 print "</form>";
183
184 $enabled_feeds = $this->host->get($this, "enabled_feeds");
185 if (!array($enabled_feeds)) $enabled_feeds = array();
186
187 $enabled_feeds = $this->filter_unknown_feeds($enabled_feeds);
188 $this->host->set($this, "enabled_feeds", $enabled_feeds);
189
190 if (count($enabled_feeds) > 0) {
191 print "<h3>" . __("Currently enabled for (click to edit):") . "</h3>";
192
193 print "<ul class=\"browseFeedList\" style=\"border-width : 1px\">";
194 foreach ($enabled_feeds as $f) {
195 print "<li>" .
196 "<img src='images/pub_set.png'
197 style='vertical-align : middle'> <a href='#'
198 onclick='editFeed($f)'>" .
199 getFeedTitle($f) . "</a></li>";
200 }
201 print "</ul>";
202 }
203 }
204
205 print "</div>";
206 }
207
208 function hook_prefs_edit_feed($feed_id) {
209 print "<div class=\"dlgSec\">".__("Similarity (pg_trgm)")."</div>";
210 print "<div class=\"dlgSecCont\">";
211
212 $enabled_feeds = $this->host->get($this, "enabled_feeds");
213 if (!array($enabled_feeds)) $enabled_feeds = array();
214
215 $key = array_search($feed_id, $enabled_feeds);
216 $checked = $key !== FALSE ? "checked" : "";
217
218 print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"trgm_similarity_enabled\"
219 name=\"trgm_similarity_enabled\"
220 $checked>&nbsp;<label for=\"trgm_similarity_enabled\">".__('Mark similar articles as read')."</label>";
221
222 print "</div>";
223 }
224
225 function hook_prefs_save_feed($feed_id) {
226 $enabled_feeds = $this->host->get($this, "enabled_feeds");
227 if (!is_array($enabled_feeds)) $enabled_feeds = array();
228
229 $enable = checkbox_to_sql_bool($_POST["trgm_similarity_enabled"]) == 'true';
230 $key = array_search($feed_id, $enabled_feeds);
231
232 if ($enable) {
233 if ($key === FALSE) {
234 array_push($enabled_feeds, $feed_id);
235 }
236 } else {
237 if ($key !== FALSE) {
238 unset($enabled_feeds[$key]);
239 }
240 }
241
242 $this->host->set($this, "enabled_feeds", $enabled_feeds);
243 }
244
245 function hook_article_filter($article) {
246
247 if (DB_TYPE != "pgsql") return $article;
248
249 $result = db_query("select 'similarity'::regproc");
250 if (db_num_rows($result) == 0) return $article;
251
252 $enable_globally = $this->host->get($this, "enable_globally");
253
254 if (!$enable_globally) {
255 $enabled_feeds = $this->host->get($this, "enabled_feeds");
256 $key = array_search($article["feed"]["id"], $enabled_feeds);
257 if ($key === FALSE) return $article;
258 }
259
260 $similarity = (float) $this->host->get($this, "similarity");
261 if ($similarity < 0.01) return $article;
262
263 $min_title_length = (int) $this->host->get($this, "min_title_length");
264 if (mb_strlen($article["title"]) < $min_title_length) return $article;
265
266 $owner_uid = $article["owner_uid"];
267 $entry_guid = $article["guid_hashed"];
268 $title_escaped = db_escape_string($article["title"]);
269
270 // trgm does not return similarity=1 for completely equal strings
271
272 $result = db_query("SELECT COUNT(id) AS nequal
273 FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id AND
274 date_entered >= NOW() - interval '3 days' AND
275 title = '$title_escaped' AND
276 guid != '$entry_guid' AND
277 owner_uid = $owner_uid");
278
279 $nequal = db_fetch_result($result, 0, "nequal");
280 _debug("af_psql_trgm: num equals: $nequal");
281
282 if ($nequal != 0) {
283 $article["force_catchup"] = true;
284 return $article;
285 }
286
287 $result = db_query("SELECT MAX(SIMILARITY(title, '$title_escaped')) AS ms
288 FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id AND
289 date_entered >= NOW() - interval '1 day' AND
290 guid != '$entry_guid' AND
291 owner_uid = $owner_uid");
292
293 $similarity_result = db_fetch_result($result, 0, "ms");
294
295 _debug("af_psql_trgm: similarity result: $similarity_result");
296
297 if ($similarity_result >= $similarity) {
298 $article["force_catchup"] = true;
299 }
300
301 return $article;
302
303 }
304
305 function api_version() {
306 return 2;
307 }
308
309 private function filter_unknown_feeds($enabled_feeds) {
310 $tmp = array();
311
312 foreach ($enabled_feeds as $feed) {
313
314 $result = db_query("SELECT id FROM ttrss_feeds WHERE id = '$feed' AND owner_uid = " . $_SESSION["uid"]);
315
316 if (db_num_rows($result) != 0) {
317 array_push($tmp, $feed);
318 }
319 }
320
321 return $tmp;
322 }
323
324 }
325 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/