$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
$params["bw_limit"] = (int) $_SESSION["bw_limit"];
$params["label_base_index"] = (int) LABEL_BASE_INDEX;
- $params["theme"] = get_pref("USER_CSS_THEME", false, false);
+
+ $theme = get_pref( "USER_CSS_THEME", false, false);
+ $params["theme"] = theme_valid("$theme") ? $theme : "";
+
$params["plugins"] = implode(", ", PluginHost::getInstance()->get_plugin_names());
$params["php_platform"] = PHP_OS;
}
+ function iframe_whitelisted($entry) {
+ $whitelist = array("youtube.com", "youtu.be", "vimeo.com");
+
+ @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
+
+ if ($src) {
+ foreach ($whitelist as $w) {
+ if ($src == $w || $src == "www.$w")
+ return true;
+ }
+ }
+
+ return false;
+ }
+
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner) $owner = $_SESSION["uid"];
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
- $entry->setAttribute('sandbox', 'allow-scripts');
-
+ if (!iframe_whitelisted($entry)) {
+ $entry->setAttribute('sandbox', 'allow-scripts');
+ } else {
+ if ($_SERVER['HTTPS'] == "on") {
+ $entry->setAttribute("src",
+ str_replace("http://", "https://",
+ $entry->getAttribute("src")));
+ }
+ }
}
$allowed_elements = array('a', 'address', 'audio', 'article', 'aside',
}
function getLastArticleId() {
- $result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries
- WHERE owner_uid = " . $_SESSION["uid"]);
+ $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries
+ WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1");
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "id");
curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY);
}
- if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
- curl_setopt($curl, CURLOPT_SSLVERSION, 3);
- }
-
$html = curl_exec($curl);
$status = curl_getinfo($curl);
return LABEL_BASE_INDEX - 1 + abs($feed);
}
- function format_libxml_error($error) {
- return T_sprintf("LibXML error %s at line %d (column %d): %s",
- $error->code, $error->line, $error->column,
- $error->message);
+ function theme_valid($file) {
+ if ($file == "default.css" || $file == "night.css") return true; // needed for array_filter
+ $file = "themes/" . basename($file);
+
+ if (file_exists($file) && is_readable($file)) {
+ $fh = fopen($file, "r");
+
+ if ($fh) {
+ $header = fgets($fh);
+ fclose($fh);
+
+ return strpos($header, "supports-version:" . VERSION_STATIC) !== FALSE;
+ }
+ }
+
+ return false;
}
?>
git.wh0rd.org / tt-rss.git / blobdiff