"SHOW_CONTENT_PREVIEW" => array(__("Show content preview in headlines list"), ""),
"SORT_HEADLINES_BY_FEED_DATE" => array(__("Sort headlines by feed date"), __("Use feed-specified date to sort headlines instead of local import date.")),
"SSL_CERT_SERIAL" => array(__("Login with an SSL certificate"), __("Click to register your SSL client certificate with tt-rss")),
- "STRIP_IMAGES" => array(__("Do not embed images in articles"), ""),
+ "STRIP_IMAGES" => array(__("Do not embed media in articles"), ""),
"STRIP_UNSAFE_TAGS" => array(__("Strip unsafe tags from articles"), __("Strip all but most common HTML tags when reading articles.")),
"USER_STYLESHEET" => array(__("Customize stylesheet"), __("Customize CSS stylesheet to your liking")),
"USER_TIMEZONE" => array(__("Time zone"), ""),
function changepassword() {
- $old_pw = $_POST["old_password"];
- $new_pw = $_POST["new_password"];
- $con_pw = $_POST["confirm_password"];
+ $old_pw = clean($_POST["old_password"]);
+ $new_pw = clean($_POST["new_password"]);
+ $con_pw = clean($_POST["confirm_password"]);
if ($old_pw == "") {
print "ERROR: ".format_error("Old password cannot be blank.");
}
function saveconfig() {
- $boolean_prefs = explode(",", $_POST["boolean_prefs"]);
+ $boolean_prefs = explode(",", clean($_POST["boolean_prefs"]));
foreach ($boolean_prefs as $pref) {
if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
function changeemail() {
- $email = $_POST["email"];
- $full_name = $_POST["full_name"];
+ $email = clean($_POST["email"]);
+ $full_name = clean($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
$sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
$_SESSION["prefs_op_result"] = "reset-to-defaults";
- $sth = $this->pdo->query("DELETE FROM ttrss_user_prefs
- WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_user_prefs
+ WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
AND owner_uid = :uid");
$sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
$prefs_blacklist = array("ALLOW_DUPLICATE_POSTS", "STRIP_UNSAFE_TAGS", "REVERSE_HEADLINES",
"SORT_HEADLINES_BY_FEED_DATE", "DEFAULT_ARTICLE_LIMIT",
- "FEEDS_SORT_BY_UNREAD");
+ "FEEDS_SORT_BY_UNREAD", "CDM_EXPANDED");
/* "FEEDS_SORT_BY_UNREAD", "HIDE_READ_FEEDS", "REVERSE_HEADLINES" */
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
"SSL_CERT_SERIAL", "DIGEST_PREFERRED_TIME");
+ $digest_options = array("DIGEST_ENABLE", "DIGEST_CATCHUP", "DIGEST_PREFERRED_TIME");
$_SESSION["prefs_op_result"] = "";
print_hidden("op", "pref-prefs");
print_hidden("method", "changeemail");
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Save data")."</button>";
print "</form>";
print_hidden("op", "pref-prefs");
print_hidden("method", "changepassword");
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Change password")."</button>";
print "</form>";
print "</td></tr>";
print "</table>";
- print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
+ print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\">".
__("Enable OTP")."</button>";
print "</form>";
continue;
}
+ /* Hide options from the user that are disabled in config.php. */
+ if (DIGEST_SUBJECT === false && in_array($pref_name, $digest_options))
+ continue;
+
if ($active_section != $line["section_id"]) {
if ($active_section != "") {
print_hidden("op", "pref-prefs");
print_hidden("method", "saveconfig");
- print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">
+ print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\" class=\"btn-primary\">
<span>".__('Save configuration')."</span>
<div dojoType=\"dijit.DropDownMenu\">
<div dojoType=\"dijit.MenuItem\"
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
__('Manage profiles')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
+ print "<button dojoType=\"dijit.form.Button\" class=\"btn-danger\" onclick=\"return validatePrefsReset()\">".
__('Reset to defaults')."</button>";
print " ";
}
function otpqrcode() {
- require_once "lib/otphp/vendor/base32.php";
- require_once "lib/otphp/lib/otp.php";
- require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
$sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
if ($row = $sth->fetch()) {
- $base32 = new Base32();
+ $base32 = new \OTPHP\Base32();
$login = $row["login"];
$otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
}
function otpenable() {
- require_once "lib/otphp/vendor/base32.php";
- require_once "lib/otphp/lib/otp.php";
- require_once "lib/otphp/lib/totp.php";
- $password = $_REQUEST["password"];
- $otp = $_REQUEST["otp"];
+ $password = clean($_REQUEST["password"]);
+ $otp = clean($_REQUEST["otp"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
- $sth = $this->pdo->query("SELECT salt
+ $sth = $this->pdo->prepare("SELECT salt
FROM ttrss_users
WHERE id = ?");
$sth->execute([$_SESSION['uid']]);
if ($row = $sth->fetch()) {
- $base32 = new Base32();
+ $base32 = new \OTPHP\Base32();
$secret = $base32->encode(sha1($row["salt"]));
$topt = new \OTPHP\TOTP($secret);
$otp_check = $topt->now();
if ($otp == $otp_check) {
- $sth = $this->pdo->prepare("UPDATE ttrss_users
+ $sth = $this->pdo->prepare("UPDATE ttrss_users
SET otp_enabled = true WHERE id = ?");
$sth->execute([$_SESSION['uid']]);
static function isdefaultpassword() {
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
- if ($authenticator->check_password($_SESSION["uid"], "password")) {
+ if ($authenticator &&
+ method_exists($authenticator, "check_password") &&
+ $authenticator->check_password($_SESSION["uid"], "password")) {
+
return true;
}
}
function otpdisable() {
- $password = $_REQUEST["password"];
+ $password = clean($_REQUEST["password"]);
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
}
function setplugins() {
- if (is_array($_REQUEST["plugins"]))
- $plugins = join(",", $_REQUEST["plugins"]);
+ if (is_array(clean($_REQUEST["plugins"])))
+ $plugins = join(",", clean($_REQUEST["plugins"]));
else
$plugins = "";
}
function clearplugindata() {
- $name = $_REQUEST["name"];
+ $name = clean($_REQUEST["name"]);
PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
}
print "<div class='dlgButtons'>
<div style='float : left'>
- <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').removeSelected()\">".
+ <button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').removeSelected()\">".
__('Remove selected profiles')."</button>
<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('profileEditDlg').activateProfile()\">".
__('Activate profile')."</button>
return "";
}
-}
\ No newline at end of file
+}
git.wh0rd.org / tt-rss.git / blobdiff