$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
$params["bw_limit"] = (int) $_SESSION["bw_limit"];
$params["label_base_index"] = (int) LABEL_BASE_INDEX;
- $params["theme"] = get_pref("USER_CSS_THEME", false, false);
+
+ $theme = get_pref( "USER_CSS_THEME", false, false);
+ $params["theme"] = theme_valid("$theme") ? $theme : "";
+
$params["plugins"] = implode(", ", PluginHost::getInstance()->get_plugin_names());
$params["php_platform"] = PHP_OS;
// Try to check if SQL regexp implementation chokes on a valid regexp
- $result = db_query("SELECT true AS true_val FROM ttrss_entries,
- ttrss_user_entries, ttrss_feeds
+ $result = db_query("SELECT true AS true_val
+ FROM ttrss_entries
+ JOIN ttrss_user_entries ON ttrss_entries.id = ttrss_user_entries.ref_id
+ JOIN ttrss_feeds ON ttrss_feeds.id = ttrss_user_entries.feed_id
WHERE $filter_query_part LIMIT 1", false);
if ($result) {
}
+ function iframe_whitelisted($entry) {
+ $whitelist = array("youtube.com", "youtu.be", "vimeo.com");
+
+ @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
+
+ if ($src) {
+ foreach ($whitelist as $w) {
+ if ($src == $w || $src == "www.$w")
+ return true;
+ }
+ }
+
+ return false;
+ }
+
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner) $owner = $_SESSION["uid"];
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
- $entry->setAttribute('sandbox', 'allow-scripts');
-
+ if (!iframe_whitelisted($entry)) {
+ $entry->setAttribute('sandbox', 'allow-scripts');
+ } else {
+ if ($_SERVER['HTTPS'] == "on") {
+ $entry->setAttribute("src",
+ str_replace("http://", "https://",
+ $entry->getAttribute("src")));
+ }
+ }
}
$allowed_elements = array('a', 'address', 'audio', 'article', 'aside',
return $rv;
}
- function save_email_address($email) {
+ /* function save_email_address($email) {
// FIXME: implement persistent storage of emails
if (!$_SESSION['stored_emails'])
if (!in_array($email, $_SESSION['stored_emails']))
array_push($_SESSION['stored_emails'], $email);
- }
+ } */
function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
}
}
- if ($rv === '' && is_array($result)) {
+ if ($rv === '' && !empty($result)) {
$entries_html = array();
$entries = array();
$entries_inline = array();
$url = $line["content_url"];
$ctype = $line["content_type"];
$title = $line["title"];
+ $width = $line["width"];
+ $height = $line["height"];
if (!$ctype) $ctype = __("unknown type");
$entry["filename"] = $filename;
$entry["url"] = $url;
$entry["title"] = $title;
+ $entry["width"] = $width;
+ $entry["height"] = $height;
array_push($entries, $entry);
}
preg_match("/\.(jpg|png|gif|bmp)/i", $entry["filename"])) {
if (!$hide_images) {
+ $encsize = '';
+ if ($entry['height'] > 0)
+ $encsize .= ' height="' . intval($entry['width']) . '"';
+ if ($entry['width'] > 0)
+ $encsize .= ' width="' . intval($entry['height']) . '"';
$rv .= "<p><img
alt=\"".htmlspecialchars($entry["filename"])."\"
- src=\"" .htmlspecialchars($entry["url"]) . "\"/></p>";
+ src=\"" .htmlspecialchars($entry["url"]) . "\"
+ " . $encsize . " /></p>";
} else {
$rv .= "<p><a target=\"_blank\"
href=\"".htmlspecialchars($entry["url"])."\"
}
function getLastArticleId() {
- $result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries
- WHERE owner_uid = " . $_SESSION["uid"]);
+ $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries
+ WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1");
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "id");
return in_array($interface, class_implements($class));
}
- function geturl($url, $depth = 0){
+ function geturl($url, $depth = 0, $nobody = true){
if ($depth == 20) return $url;
curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Firefox/5.0');
curl_setopt($curl, CURLOPT_HTTPHEADER, $header);
curl_setopt($curl, CURLOPT_HEADER, true);
+ curl_setopt($curl, CURLOPT_NOBODY, $nobody);
curl_setopt($curl, CURLOPT_REFERER, $url);
curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate');
curl_setopt($curl, CURLOPT_AUTOREFERER, true);
curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY);
}
- if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
- curl_setopt($curl, CURLOPT_SSLVERSION, 3);
- }
-
$html = curl_exec($curl);
$status = curl_getinfo($curl);
if($status['http_code']!=200){
+
+ // idiot site not allowing http head
+ if($status['http_code'] == 405) {
+ curl_close($curl);
+ return geturl($url, $depth +1, false);
+ }
+
if($status['http_code'] == 301 || $status['http_code'] == 302) {
curl_close($curl);
list($header) = explode("\r\n\r\n", $html, 2);
if (!isset($_GET['debug'])) {
$cached_file = CACHE_DIR . "/js/".basename($js).".js";
- if (file_exists($cached_file) &&
- is_readable($cached_file) &&
- filemtime($cached_file) >= filemtime("js/$js.js")) {
+ if (file_exists($cached_file) && is_readable($cached_file) && filemtime($cached_file) >= filemtime("js/$js.js")) {
- $rv .= file_get_contents($cached_file);
+ list($header, $contents) = explode("\n", file_get_contents($cached_file), 2);
- } else {
- $minified = JShrink\Minifier::minify(file_get_contents("js/$js.js"));
- file_put_contents($cached_file, $minified);
- $rv .= $minified;
+ if ($header && $contents) {
+ list($htag, $hversion) = explode(":", $header);
+
+ if ($htag == "tt-rss" && $hversion == VERSION) {
+ $rv .= $contents;
+ continue;
+ }
+ }
}
+
+ $minified = JShrink\Minifier::minify(file_get_contents("js/$js.js"));
+ file_put_contents($cached_file, "tt-rss:" . VERSION . "\n" . $minified);
+ $rv .= $minified;
+
} else {
- $rv .= file_get_contents("js/$js.js");
+ $rv .= file_get_contents("js/$js.js"); // no cache in debug mode
}
}
return LABEL_BASE_INDEX - 1 + abs($feed);
}
- function format_libxml_error($error) {
- return T_sprintf("LibXML error %s at line %d (column %d): %s",
- $error->code, $error->line, $error->column,
- $error->message);
+ function theme_valid($file) {
+ if ($file == "default.css" || $file == "night.css") return true; // needed for array_filter
+ $file = "themes/" . basename($file);
+
+ if (file_exists($file) && is_readable($file)) {
+ $fh = fopen($file, "r");
+
+ if ($fh) {
+ $header = fgets($fh);
+ fclose($fh);
+
+ return strpos($header, "supports-version:" . VERSION_STATIC) !== FALSE;
+ }
+ }
+
+ return false;
}
?>