Commit e7195303 authored by Sebastian Reichel's avatar Sebastian Reichel

Imported Upstream version 1.6.0+dfsg

parent f1a248c6

Too many changes to show.

To preserve performance only 1000 of 1000+ files are displayed.

......@@ -30,7 +30,3 @@ See also
* Forum: http://tt-rss.org/forum
* Wiki: http://tt-rss.org/wiki/WikiStart
Contact
=======
Send your questions, comments, patches to Andrew Dolgov <cthulhoo(at)gmail.com>
......@@ -8,39 +8,40 @@
dirname(dirname(__FILE__)) . PATH_SEPARATOR .
dirname(dirname(__FILE__)) . "/include" );
function __autoload($class) {
$file = "classes/".strtolower(basename($class)).".php";
if (file_exists($file)) {
require $file;
}
}
chdir("..");
define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
require_once "db.php";
require_once "db-prefs.php";
require_once "functions.php";
require_once "sessions.php";
chdir("..");
define('AUTH_DISABLE_OTP', true);
if (defined('ENABLE_GZIP_OUTPUT') && ENABLE_GZIP_OUTPUT &&
function_exists("ob_gzhandler")) {
ob_start("ob_gzhandler");
} else {
ob_start();
}
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
$session_expire = SESSION_EXPIRE_TIME; //seconds
$session_name = (!defined('TTRSS_SESSION_NAME')) ? "ttrss_sid_api" : TTRSS_SESSION_NAME . "_api";
session_name($session_name);
$input = file_get_contents("php://input");
// Override $_REQUEST with JSON-encoded data if available
if ($input) {
if (defined('_API_DEBUG_HTTP_ENABLED') && _API_DEBUG_HTTP_ENABLED) {
// Override $_REQUEST with JSON-encoded data if available
// fallback on HTTP parameters
if ($input) {
$input = json_decode($input, true);
if ($input) $_REQUEST = $input;
}
} else {
// Accept JSON only
$input = json_decode($input, true);
if ($input) $_REQUEST = $input;
$_REQUEST = $input;
}
if ($_REQUEST["sid"]) {
......@@ -66,4 +67,7 @@
db_close($link);
header("Api-Content-Length: " . ob_get_length());
ob_end_flush();
?>
......@@ -39,7 +39,6 @@
require_once "functions.php";
require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
require_once "db-prefs.php";
......@@ -64,20 +63,6 @@
authenticate_user($link, "admin", null);
}
// TODO remove and handle within Handlers
if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $method == 'add') {
header("Content-Type: text/html");
login_sequence($link);
render_login_form($link);
} else {
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 6)));
}
return;
}
$purge_intervals = array(
0 => __("Use default"),
-1 => __("Never purge"),
......@@ -111,8 +96,7 @@
$update_methods = array(
0 => __("Default"),
1 => __("Magpie"),
2 => __("SimplePie"),
3 => __("Twitter OAuth"));
2 => __("SimplePie"));
if (DEFAULT_UPDATE_METHOD == "1") {
$update_methods[0] .= ' (SimplePie)';
......@@ -125,26 +109,19 @@
5 => __("Power User"),
10 => __("Administrator"));
$error = sanity_check($link);
#$error = sanity_check($link);
if ($error['code'] != 0 && $op != "logout") {
print json_encode(array("error" => $error));
return;
}
function __autoload($class) {
$file = "classes/".strtolower(basename($class)).".php";
if (file_exists($file)) {
require $file;
}
}
#if ($error['code'] != 0 && $op != "logout") {
# print json_encode(array("error" => $error));
# return;
#}
$op = str_replace("-", "_", $op);
if (class_exists($op)) {
$handler = new $op($link, $_REQUEST);
if ($handler) {
if ($handler && is_subclass_of($handler, 'Handler')) {
if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
if ($handler->before($method)) {
if ($method && method_exists($handler, $method)) {
......@@ -152,6 +129,10 @@
}
$handler->after();
return;
} else {
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 6)));
return;
}
} else {
header("Content-Type: text/plain");
......
......@@ -2,7 +2,7 @@
class API extends Handler {
const API_LEVEL = 3;
const API_LEVEL = 4;
const STATUS_OK = 0;
const STATUS_ERR = 1;
......@@ -11,6 +11,7 @@ class API extends Handler {
function before($method) {
if (parent::before($method)) {
header("Content-Type: text/plain");
if (!$_SESSION["uid"] && $method != "login" && $method != "isloggedin") {
print $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
......@@ -24,7 +25,6 @@ class API extends Handler {
$this->seq = (int) $_REQUEST['seq'];
header("Content-Type: text/plain");
return true;
}
return false;
......@@ -68,9 +68,11 @@ class API extends Handler {
if (get_pref($this->link, "ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($this->link, $login, $password)) { // try login with normal password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id()));
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (authenticate_user($this->link, $login, $password_base64)) { // else try with base64_decoded password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id()));
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
}
......@@ -114,20 +116,27 @@ class API extends Handler {
$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
$limit = (int) db_escape_string($_REQUEST["limit"]);
$offset = (int) db_escape_string($_REQUEST["offset"]);
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
$feeds = api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset);
$feeds = api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
print $this->wrap(self::STATUS_OK, $feeds);
}
function getCategories() {
$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
$enable_nested = (bool)db_escape_string($_REQUEST["enable_nested"]);
// TODO do not return empty categories, return Uncategorized and standard virtual cats
if ($enable_nested)
$nested_qpart = "parent_cat IS NULL";
else
$nested_qpart = "true";
$result = db_query($this->link, "SELECT
id, title, order_id FROM ttrss_feed_categories
WHERE owner_uid = " .
WHERE $nested_qpart AND owner_uid = " .
$_SESSION["uid"]);
$cats = array();
......@@ -135,6 +144,9 @@ class API extends Handler {
while ($line = db_fetch_assoc($result)) {
$unread = getFeedUnread($this->link, $line["id"], true);
if ($enable_nested)
$unread += getCategoryChildrenUnread($this->link, $line["id"]);
if ($unread || !$unread_only) {
array_push($cats, array("id" => $line["id"],
"title" => $line["title"],
......@@ -174,6 +186,7 @@ class API extends Handler {
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
/* do not rely on params below */
......@@ -183,7 +196,8 @@ class API extends Handler {
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
$include_attachments, $since_id, $search, $search_mode, $match_on);
$include_attachments, $since_id, $search, $search_mode, $match_on,
$include_nested);
print $this->wrap(self::STATUS_OK, $headlines);
} else {
......@@ -419,6 +433,17 @@ class API extends Handler {
print $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD'));
}
function shareToPublished() {
$title = db_escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"]));
if (create_published_article($this->link, $title, $url, $content, $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
}
}
}
?>
<?php
class Article extends Protected_Handler {
class Article extends Handler_Protected {
function csrf_ignore($method) {
$csrf_ignored = array("redirect");
......
<?php
class Auth_Base {
protected $link;
function __construct($link) {