Commit 84e55a62 authored by Sebastian Reichel's avatar Sebastian Reichel

Imported Upstream version 1.6.1+dfsg

parent e7195303
......@@ -187,6 +187,7 @@ class API extends Handler {
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
$sanitize_content = true;
/* do not rely on params below */
......@@ -197,7 +198,7 @@ class API extends Handler {
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
$include_attachments, $since_id, $search, $search_mode, $match_on,
$include_nested);
$include_nested, $sanitize_content);
print $this->wrap(self::STATUS_OK, $headlines);
} else {
......@@ -438,7 +439,7 @@ class API extends Handler {
$url = db_escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"]));
if (create_published_article($this->link, $title, $url, $content, $_SESSION["uid"])) {
if (create_published_article($this->link, $title, $url, $content, "", $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
......
......@@ -7,12 +7,6 @@ class Backend extends Handler {
"<img src='images/indicator_tiny.gif'>";
}
function digestSend() {
define('PREFS_NO_CACHE', true);
send_headlines_digests($this->link);
}
function digestTest() {
header("Content-type: text/html");
......
......@@ -247,7 +247,7 @@ class Dlg extends Handler_Protected {
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"addfeed\">";
print "<div class=\"dlgSec\">".__("Feed")."</div>";
print "<div class=\"dlgSec\">".__("Feed or site URL")."</div>";
print "<div class=\"dlgSecCont\">";
print "<div style='float : right'>
......@@ -256,7 +256,7 @@ class Dlg extends Handler_Protected {
theme_image($this->link, 'images/indicator_white.gif')."'></div>";
print "<input style=\"font-size : 16px; width : 20em;\"
placeHolder=\"".__("Feed URL")."\"
placeHolder=\"".__("Feed or site URL")."\"
dojoType=\"dijit.form.ValidationTextBox\" required=\"1\" name=\"feed\" id=\"feedDlg_feedUrl\">";
print "<hr/>";
......@@ -291,8 +291,7 @@ class Dlg extends Handler_Protected {
" <input
placeHolder=\"".__("Password")."\"
dojoType=\"dijit.form.TextBox\" type='password'
style=\"width : 10em;\" name='pass'\">".
" <p class='insensitive'>".__("OAuth will be used automatically for Twitter feeds.")."</p>
style=\"width : 10em;\" name='pass'\">
</div></div>";
......@@ -376,27 +375,9 @@ class Dlg extends Handler_Protected {
print "<div class=\"dlgSecCont\">";
if (!SPHINX_ENABLED) {
print "<input dojoType=\"dijit.form.ValidationTextBox\"
style=\"font-size : 16px; width : 12em;\"
required=\"1\" name=\"query\" type=\"search\" value=''>";
print " " . __('match on')." ";
$search_fields = array(
"title" => __("Title"),
"content" => __("Content"),
"both" => __("Title or content"));
print_select_hash("match_on", 3, $search_fields,
'dojoType="dijit.form.Select"');
} else {
print "<input dojoType=\"dijit.form.ValidationTextBox\"
style=\"font-size : 16px; width : 20em;\"
required=\"1\" name=\"query\" type=\"search\" value=''>";
}
print "<input dojoType=\"dijit.form.ValidationTextBox\"
style=\"font-size : 16px; width : 20em;\"
required=\"1\" name=\"query\" type=\"search\" value=''>";
print "<hr/>".__('Limit search to:')." ";
......@@ -435,7 +416,7 @@ class Dlg extends Handler_Protected {
if (!SPHINX_ENABLED) {
print "<div style=\"float : left\">
<a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/redmine/wiki/tt-rss/SearchSyntax\">Search syntax</a>
<a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/wiki/SearchSyntax\">Search syntax</a>
</div>";
}
......@@ -623,7 +604,7 @@ class Dlg extends Handler_Protected {
print "</div>";
$details = "http://tt-rss.org/redmine/versions/show/$id";
$details = "http://tt-rss.org/redmine/versions/$id";
$download = "http://tt-rss.org/#Download";
print "<p align='center'>".__("You can update using built-in updater in the Preferences or by using update.php")."</p>";
......
<?php
require_once "colors.php";
class Feeds extends Handler_Protected {
function csrf_ignore($method) {
......@@ -7,6 +9,18 @@ class Feeds extends Handler_Protected {
return array_search($method, $csrf_ignored) !== false;
}
private function make_gradient($end, $class) {
$start = $class == "even" ? "#f0f0f0" : "#ffffff";
return "style='background: linear-gradient(left , $start 6%, $end 100%);
background: -o-linear-gradient(left , $start 6%, $end 100%);
background: -moz-linear-gradient(left , $start 6%, $end 100%);
background: -webkit-linear-gradient(left , $start 6%, $end 100%);
background: -ms-linear-gradient(left , $start 6%, $end 100%);
background: -webkit-gradient(linear, left top, right top,
color-stop(0.06, $start), color-stop(1, $end));'";
}
private function format_headline_subtoolbar($feed_site_url, $feed_title,
$feed_id, $is_cat, $search, $match_on,
$search_mode, $view_mode, $error) {
......@@ -31,6 +45,8 @@ class Feeds extends Handler_Protected {
$tog_marked_link = "selectionToggleMarked()";
$tog_published_link = "selectionTogglePublished()";
$set_score_link = "setSelectionScore()";
if ($is_cat) $cat_q = "&is_cat=$is_cat";
if ($search) {
......@@ -45,6 +61,7 @@ class Feeds extends Handler_Protected {
// right part
$reply .= "<span class='r'>";
$reply .= "<span id='feed_title'>";
if ($feed_site_url) {
$target = "target=\"_blank\"";
......@@ -59,6 +76,8 @@ class Feeds extends Handler_Protected {
$reply .= $feed_title;
}
$reply .= "</span>";
$reply .= "
<a href=\"#\"
title=\"".__("View as RSS feed")."\"
......@@ -90,6 +109,7 @@ class Feeds extends Handler_Protected {
$reply .= "<option value=\"0\" disabled=\"1\">".__('Selection:')."</option>";
$reply .= "<option value=\"$catchup_sel_link\">".__('Mark as read')."</option>";
$reply .= "<option value=\"$set_score_link\">".__('Set score')."</option>";
if ($feed_id != "0") {
$reply .= "<option value=\"$archive_sel_link\">".__('Archive')."</option>";
......@@ -134,9 +154,22 @@ class Feeds extends Handler_Protected {
$method_split = explode(":", $method);
if ($method == "ForceUpdate" && $feed && is_numeric($feed) > 0) {
include "rssfuncs.php";
update_rss_feed($this->link, $feed, true);
if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) {
// Update the feed if required with some basic flood control
$result = db_query($this->link,
"SELECT cache_images,".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds WHERE id = '$feed'");
if (db_num_rows($result) != 0) {
$last_updated = strtotime(db_fetch_result($result, 0, "last_updated"));
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
if (!$cache_images && time() - $last_updated > 120 || isset($_REQUEST['DevForceUpdate'])) {
include "rssfuncs.php";
update_rss_feed($this->link, $feed, true, true);
}
}
}
if ($method_split[0] == "MarkAllReadGR") {
......@@ -182,11 +215,7 @@ class Feeds extends Handler_Protected {
}
@$search_mode = db_escape_string($_REQUEST["search_mode"]);
@$match_on = db_escape_string($_REQUEST["match_on"]);
if (!$match_on) {
$match_on = "both";
}
$match_on = "both"; // deprecated, TODO: remove
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
......@@ -208,22 +237,17 @@ class Feeds extends Handler_Protected {
$vgroup_last_feed = $vgr_last_feed;
// if (!$offset) {
if (db_num_rows($result) > 0) {
$reply['toolbar'] = $this->format_headline_subtoolbar($feed_site_url,
$feed_title,
$feed, $cat_view, $search, $match_on, $search_mode, $view_mode,
$last_error);
}
// }
$reply['toolbar'] = $this->format_headline_subtoolbar($feed_site_url,
$feed_title,
$feed, $cat_view, $search, $match_on, $search_mode, $view_mode,
$last_error);
$headlines_count = db_num_rows($result);
if (get_pref($this->link, 'COMBINED_DISPLAY_MODE')) {
$button_plugins = array();
foreach (explode(",", ARTICLE_BUTTON_PLUGINS) as $p) {
$pclass = trim("button_${p}");
$pclass = "button_" . trim($p);
if (class_exists($pclass)) {
$plugin = new $pclass($link);
......@@ -250,6 +274,7 @@ class Feeds extends Handler_Protected {
$feed_id = $line["feed_id"];
$label_cache = $line["label_cache"];
$labels = false;
$label_row_style = "";
if ($label_cache) {
$label_cache = json_decode($label_cache, true);
......@@ -264,6 +289,22 @@ class Feeds extends Handler_Protected {
if (!is_array($labels)) $labels = get_article_labels($this->link, $id);
if (count($labels) > 0) {
for ($i = 0; $i < min(4, count($labels)); $i++) {
$bg = rgb2hsl(_color_unpack($labels[$i][3]));
if ($bg && $bg[1] > 0) {
$bg[1] = 0.1;
$bg[2] = 1;
$bg = _color_pack(hsl2rgb($bg));
$label_row_style = $this->make_gradient($bg, $class);;
break;
}
}
}
$labels_str = "<span id=\"HLLCTR-$id\">";
$labels_str .= format_article_labels($labels, $id);
$labels_str .= "</span>";
......@@ -348,7 +389,7 @@ class Feeds extends Handler_Protected {
$score_pic = "<img class='hlScorePic' src=\"images/$score_pic\"
onclick=\"adjustArticleScore($id, $score)\" title=\"$score $score_title\">"; */
$score_pic = "<img class='hlScorePic' src=\"$score_pic\"
$score_pic = "<img class='hlScorePic' score='$score' onclick='changeScore($id, this)' src=\"$score_pic\"
title=\"$score\">";
if ($score > 500) {
......@@ -396,7 +437,7 @@ class Feeds extends Handler_Protected {
$mouseover_attrs = "onmouseover='postMouseIn($id)'
onmouseout='postMouseOut($id)'";
$reply['content'] .= "<div class='$class' id='RROW-$id' $mouseover_attrs>";
$reply['content'] .= "<div class='$class' id='RROW-$id' $label_row_style $mouseover_attrs>";
$reply['content'] .= "<div class='hlUpdPic'>$update_pic</div>";
......@@ -487,7 +528,7 @@ class Feeds extends Handler_Protected {
$mouseover_attrs = "onmouseover='postMouseIn($id)'
onmouseout='postMouseOut($id)'";
$reply['content'] .= "<div class=\"$class\"
$reply['content'] .= "<div class=\"$class\" $label_row_style
id=\"RROW-$id\" $mouseover_attrs'>";
$reply['content'] .= "<div class=\"cdmHeader\">";
......@@ -503,7 +544,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "</div>";
$reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" .
strip_tags($line['title']) . "</div>";
htmlspecialchars(strip_tags($line['title'])) . "</div>";
$reply['content'] .= "<span id=\"RTITLE-$id\"
onclick=\"return cdmClicked(event, $id);\"
......@@ -596,7 +637,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "</div>";
$reply['content'] .= "<span id=\"CWRAP-$id\">";
$reply['content'] .= $expand_cdm ? $article_content : '';
$reply['content'] .= $article_content;
$reply['content'] .= "</span>";
/* $tmp_result = db_query($this->link, "SELECT always_display_enclosures FROM
......@@ -633,14 +674,14 @@ class Feeds extends Handler_Protected {
if ($num_comments > 0) {
if ($line["comments"]) {
$comments_url = $line["comments"];
$comments_url = htmlspecialchars($line["comments"]);
} else {
$comments_url = $line["link"];
$comments_url = htmlspecialchars($line["link"]);
}
$entry_comments = "<a target='_blank' href=\"$comments_url\">$num_comments comments</a>";
} else {
if ($line["comments"] && $line["link"] != $line["comments"]) {
$entry_comments = "<a target='_blank' href=\"".$line["comments"]."\">comments</a>";
$entry_comments = "<a target='_blank' href=\"".htmlspecialchars($line["comments"])."\">comments</a>";
}
}
......
......@@ -20,6 +20,9 @@ class Handler_Public extends Handler {
$date_sort_field = "date_entered";
}
if ($feed == -2)
$date_sort_field = "last_read";
$qfh_ret = queryFeedHeadlines($this->link, $feed,
$limit, $view_mode, $is_cat, $search, $search_mode,
$match_on, "$date_sort_field DESC", $offset, $owner_uid);
......@@ -380,6 +383,7 @@ class Handler_Public extends Handler {
<title>Tiny Tiny RSS</title>
<link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\">
<script type=\"text/javascript\" src=\"lib/prototype.js\"></script>
<script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
</head>
<body id='sharepopup'>";
......@@ -393,8 +397,10 @@ class Handler_Public extends Handler {
$title = db_escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"]));
$labels = db_escape_string(strip_tags($_REQUEST["labels"]));
create_published_article($this->link, $title, $url, $content, $_SESSION["uid"]);
create_published_article($this->link, $title, $url, $content, $labels,
$_SESSION["uid"]);
print "<script type='text/javascript'>";
print "window.close();";
......@@ -421,9 +427,23 @@ class Handler_Public extends Handler {
<td><input name='url' value="<?php echo $url ?>"></td></tr>
<tr><td align='right'><?php echo __("Content:") ?></td>
<td><input name='content' value=""></td></tr>
<tr><td align='right'><?php echo __("Labels:") ?></td>
<td><input name='labels' id="labels_value"
placeholder='Alpha, Beta, Gamma' value="">
</td></tr>
<tr><td>
<div class="autocomplete" id="labels_choices"
style="display : block"></div></td></tr>
<script type='text/javascript'>document.forms[0].title.focus();</script>
<script type='text/javascript'>
new Ajax.Autocompleter('labels_value', 'labels_choices',
"backend.php?op=rpc&method=completeLabels",
{ tokens: ',', paramName: "search" });
</script>
<tr><td colspan='2'>
<div style='float : right' class='insensitive-small'>
<?php echo __("Shared article will appear in the Published feed.") ?>
......
......@@ -68,10 +68,10 @@ class Opml extends Handler_Protected {
if ($cat_id) {
$result = db_query($this->link, "SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id'
AND owner_uid = '$owner_uid'");
$cat_title = db_fetch_result($result, 0, "title");
$cat_title = htmlspecialchars(db_fetch_result($result, 0, "title"));
}
if ($cat_title) $out .= "<outline title=\"$cat_title\">\n";
if ($cat_title) $out .= "<outline text=\"$cat_title\">\n";
$result = db_query($this->link, "SELECT id,title
FROM ttrss_feed_categories WHERE
......@@ -129,7 +129,7 @@ class Opml extends Handler_Protected {
# export tt-rss settings
if ($include_settings) {
$out .= "<outline title=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">";
$out .= "<outline text=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query($this->link, "SELECT pref_name, value FROM ttrss_user_prefs WHERE
profile IS NULL AND owner_uid = " . $_SESSION["uid"] . " ORDER BY pref_name");
......@@ -143,7 +143,7 @@ class Opml extends Handler_Protected {
$out .= "</outline>";
$out .= "<outline title=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">";
$out .= "<outline text=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE
owner_uid = " . $_SESSION['uid']);
......@@ -159,7 +159,7 @@ class Opml extends Handler_Protected {
$out .= "</outline>";
$out .= "<outline title=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">";
$out .= "<outline text=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query($this->link, "SELECT * FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY id");
......@@ -386,7 +386,7 @@ class Opml extends Handler_Protected {
$default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
if ($root_node) {
$cat_title = db_escape_string($root_node->attributes->getNamedItem('title')->nodeValue);
$cat_title = db_escape_string($root_node->attributes->getNamedItem('text')->nodeValue);
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = get_feed_category($this->link, $cat_title, $parent_id);
......@@ -415,7 +415,7 @@ class Opml extends Handler_Protected {
foreach ($outlines as $node) {
if ($node->hasAttributes() && strtolower($node->tagName) == "outline") {
$attrs = $node->attributes;
$node_cat_title = db_escape_string($attrs->getNamedItem('title')->nodeValue);
$node_cat_title = db_escape_string($attrs->getNamedItem('text')->nodeValue);
$node_feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
if ($node_cat_title && !$node_feed_url) {
......
......@@ -327,8 +327,11 @@ class Pref_Feeds extends Handler_Protected {
$cat_id = ($item_id != "root") ?
db_escape_string($bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL";
db_query($this->link, "UPDATE ttrss_feeds
SET order_id = $order_id, cat_id = '$cat_id'
SET order_id = $order_id, $cat_qpart
WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
......@@ -1074,6 +1077,8 @@ class Pref_Feeds extends Handler_Protected {
}
function rescore() {
require_once "rssfuncs.php";
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
......@@ -1477,7 +1482,7 @@ class Pref_Feeds extends Handler_Protected {
print "<p>" . __("Use this bookmarklet to publish arbitrary pages using Tiny Tiny RSS") . "</p>";
$bm_url = htmlspecialchars("javascript:(function(){var d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='".SELF_URL_PATH."/public.php?op=sharepopup',l=d.location,e=encodeURIComponent,g=f+'&title='+((e(s))?e(s):e(document.title))+'&url='+e(l.href);function a(){if(!w.open(g,'t','toolbar=0,resizable=0,scrollbars=1,status=1,width=500,height=200')){l.href=g;}}a();})()");
$bm_url = htmlspecialchars("javascript:(function(){var d=document,w=window,e=w.getSelection,k=d.getSelection,x=d.selection,s=(e?e():(k)?k():(x?x.createRange().text:0)),f='".SELF_URL_PATH."/public.php?op=sharepopup',l=d.location,e=encodeURIComponent,g=f+'&title='+((e(s))?e(s):e(document.title))+'&url='+e(l.href);function a(){if(!w.open(g,'t','toolbar=0,resizable=0,scrollbars=1,status=1,width=500,height=250')){l.href=g;}}a();})()");
print "<a href=\"$bm_url\" class='bookmarklet'>" . __('Share with Tiny Tiny RSS'). "</a>";
......
......@@ -239,7 +239,7 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Matches'>";
$rules_result = db_query($this->link, "SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$filter_id' ORDER BY id");
WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
while ($line = db_fetch_assoc($rules_result)) {
if (sql_bool_to_bool($line["cat_filter"])) {
......
<?php
class Pref_Instances extends Handler_Protected {
private $status_codes = array(
0 => "Connection failed",
1 => "Success",
2 => "Invalid object received",
16 => "Access denied" );
function csrf_ignore($method) {
$csrf_ignored = array("index", "edit");
......@@ -167,6 +173,7 @@ class Pref_Instances extends Handler_Protected {
<td width=''><a href=\"#\" onclick=\"updateInstanceList('access_url')\">".__('Instance URL')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateInstanceList('access_key')\">".__('Access key')."</a></td>
<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_connected')\">".__('Last connected')."</a></td>
<td width='10%'><a href=\"#\" onclick=\"updateUsersList('last_status_out')\">".__('Status')."</a></td>
<td width='10%'><a href=\"#\" onclick=\"updateUsersList('num_feeds')\">".__('Stored feeds')."</a></td>
</tr>";
......@@ -193,6 +200,7 @@ class Pref_Instances extends Handler_Protected {
print "<td $onclick>" . htmlspecialchars($line['access_url']) . "</td>";
print "<td $onclick>" . htmlspecialchars($access_key) . "</td>";
print "<td $onclick>" . htmlspecialchars($line['last_connected']) . "</td>";
print "<td $onclick>" . $this->status_codes[$line['last_status_out']] . "</td>";
print "<td $onclick>" . htmlspecialchars($line['num_feeds']) . "</td>";
print "</tr>";
......
......@@ -2,7 +2,7 @@
class RPC extends Handler_Protected {
function csrf_ignore($method) {
$csrf_ignored = array("sanitycheck", "buttonplugin", "exportget", "sharepopup");
$csrf_ignored = array("sanitycheck", "buttonplugin", "exportget", "completelabels");
return array_search($method, $csrf_ignored) !== false;
}
......@@ -426,6 +426,23 @@ class RPC extends Handler_Protected {
print json_encode(array("link" => $new_link));
}
function completeLabels() {
$search = db_escape_string($_REQUEST["search"]);
$result = db_query($this->link, "SELECT DISTINCT caption FROM
ttrss_labels2