Commit eb3b3e8d authored by Sebastian Reichel's avatar Sebastian Reichel

New upstream version 17.1+git20170410+dfsg

parent 4fad8521
......@@ -2,7 +2,7 @@
class API extends Handler {
const API_LEVEL = 13;
const API_LEVEL = 14;
const STATUS_OK = 0;
const STATUS_ERR = 1;
......@@ -308,7 +308,7 @@ class API extends Handler {
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key(-2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
$p = new pubsubhubbub\publisher\Publisher(PUBSUBHUBBUB_HUB);
$pubsub_result = $p->publish_update($rss_link);
}
}
......
......@@ -202,14 +202,14 @@ class Article extends Handler_Protected {
$tags_str = join(", ", $tags);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$param\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"article\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setArticleTags\">";
print_hidden("id", "$param");
print_hidden("op", "article");
print_hidden("method", "setArticleTags");
print "<table width='100%'><tr><td>";
print "<textarea dojoType=\"dijit.form.SimpleTextarea\" rows='4'
style='font-size : 12px; width : 98%' id=\"tags_str\"
style='height : 100px; font-size : 12px; width : 98%' id=\"tags_str\"
name='tags_str'>$tags_str</textarea>
<div class=\"autocomplete\" id=\"tags_choices\"
style=\"display:none\"></div>";
......
......@@ -15,7 +15,11 @@ class FeedParser {
function normalize_encoding($data) {
if (preg_match('/^(<\?xml[\t\n\r ].*?encoding[\t\n\r ]*=[\t\n\r ]*["\'])(.+?)(["\'].*?\?>)/s', $data, $matches) === 1) {
$data = mb_convert_encoding($data, 'UTF-8', $matches[2]);
$encoding = strtolower($matches[2]);
if (in_array($encoding, array_map('strtolower', mb_list_encodings())))
$data = mb_convert_encoding($data, 'UTF-8', $encoding);
$data = preg_replace('/^<\?xml[\t\n\r ].*?\?>/s', $matches[1] . "UTF-8" . $matches[3] , $data);
}
......
......@@ -86,17 +86,23 @@ class Feeds extends Handler_Protected {
$reply .= "<span class=\"main\">";
$reply .= "<span id='selected_prompt'></span>";
$reply .= "<span class=\"sel_links\">
/*$reply .= "<span class=\"sel_links\">
<a href=\"#\" onclick=\"$sel_all_link\">".__('All')."</a>,
<a href=\"#\" onclick=\"$sel_unread_link\">".__('Unread')."</a>,
<a href=\"#\" onclick=\"$sel_inv_link\">".__('Invert')."</a>,
<a href=\"#\" onclick=\"$sel_none_link\">".__('None')."</a></li>";
$reply .= "</span> ";
$reply .= "</span> "; */
$reply .= "<select dojoType=\"dijit.form.Select\"
onchange=\"headlineActionsChange(this)\">";
$reply .= "<option value=\"false\">".__('More...')."</option>";
$reply .= "<option value=\"0\" disabled='1'>".__('Select...')."</option>";
$reply .= "<option value=\"$sel_all_link\">".__('All')."</option>";
$reply .= "<option value=\"$sel_unread_link\">".__('Unread')."</option>";
$reply .= "<option value=\"$sel_inv_link\">".__('Invert')."</option>";
$reply .= "<option value=\"$sel_none_link\">".__('None')."</option>";
$reply .= "<option value=\"0\" disabled=\"1\">".__('Selection toggle:')."</option>";
......@@ -294,6 +300,7 @@ class Feeds extends Handler_Protected {
make_local_datetime($qfh_ret[4], false) : __("Never");
$highlight_words = $qfh_ret[5];
$reply['first_id'] = $qfh_ret[6];
$reply['search_query'] = [$search, $search_language];
$vgroup_last_feed = $vgr_last_feed;
......@@ -392,7 +399,7 @@ class Feeds extends Handler_Protected {
alt=\"Publish article\" onclick='togglePub($id)'>";
}
# $content_link = "<a target=\"_blank\" href=\"".$line["link"]."\">" .
# $content_link = "<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"".$line["link"]."\">" .
# $line["title"] . "</a>";
# $content_link = "<a
......@@ -478,7 +485,7 @@ class Feeds extends Handler_Protected {
$mouseover_attrs = "onmouseover='postMouseIn(event, $id)'
onmouseout='postMouseOut($id)'";
$reply['content'] .= "<div class='hl $class' data-orig-feed-id='$feed_id' data-article-id='$id' id='RROW-$id' $mouseover_attrs>";
$reply['content'] .= "<div class='hl hlMenuAttach $class' data-orig-feed-id='$feed_id' data-article-id='$id' id='RROW-$id' $mouseover_attrs>";
$reply['content'] .= "<div class='hlLeft'>";
......@@ -605,12 +612,14 @@ class Feeds extends Handler_Protected {
}
}
// data-article-id included for context menu
$reply['content'] .= "<span id=\"RTITLE-$id\"
onclick=\"return cdmClicked(event, $id);\"
class=\"titleWrap $hlc_suffix\">
data-article-id=\"$id\"
class=\"titleWrap hlMenuAttach $hlc_suffix\">
<a class=\"title $hlc_suffix\"
title=\"".htmlspecialchars($line["title"])."\"
target=\"_blank\" href=\"".
target=\"_blank\" rel=\"noopener noreferrer\" href=\"".
htmlspecialchars($line["link"])."\">".
$line["title"] .
"</a> <span class=\"author\">$entry_author</span>";
......@@ -658,7 +667,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "</div>";
$reply['content'] .= "<div class=\"cdmContent\" $content_hidden
onclick=\"return cdmClicked(event, $id);\"
onclick=\"return cdmClicked(event, $id, true);\"
id=\"CICD-$id\">";
$reply['content'] .= "<div id=\"POSTNOTE-$id\">";
......@@ -685,13 +694,13 @@ class Feeds extends Handler_Protected {
$tmp_line = $this->dbh->fetch_assoc($tmp_result);
$reply['content'] .= "<a target='_blank'
$reply['content'] .= "<a target='_blank' rel='noopener noreferrer'
href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" .
$tmp_line['title'] . "</a>";
$reply['content'] .= "&nbsp;";
$reply['content'] .= "<a target='_blank' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
$reply['content'] .= "<a target='_blank' rel='noopener noreferrer' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
$reply['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_unset.png'></a>";
$reply['content'] .= "</div>";
......@@ -700,14 +709,9 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<span id=\"CWRAP-$id\">";
// if (!$expand_cdm) {
$reply['content'] .= "<span id=\"CENCW-$id\" style=\"display : none\">";
$reply['content'] .= htmlspecialchars($line["content"]);
$reply['content'] .= "</span.";
// } else {
// $reply['content'] .= $line["content"];
// }
$reply['content'] .= "<span id=\"CENCW-$id\" class=\"cencw\" style=\"display : none\">";
$reply['content'] .= htmlspecialchars($line["content"]);
$reply['content'] .= "</span>";
$reply['content'] .= "</span>";
......@@ -735,7 +739,7 @@ class Feeds extends Handler_Protected {
<a title=\"".__('Edit tags for this article')."\"
href=\"#\" onclick=\"editArticleTags($id)\">(+)</a>";
$num_comments = $line["num_comments"];
$num_comments = (int) $line["num_comments"];
$entry_comments = "";
if ($num_comments > 0) {
......@@ -745,12 +749,12 @@ class Feeds extends Handler_Protected {
$comments_url = htmlspecialchars($line["link"]);
}
$entry_comments = "<a class=\"postComments\"
target='_blank' href=\"$comments_url\">$num_comments ".
target='_blank' rel='noopener noreferrer' href=\"$comments_url\">$num_comments ".
_ngettext("comment", "comments", $num_comments)."</a>";
} else {
if ($line["comments"] && $line["link"] != $line["comments"]) {
$entry_comments = "<a class=\"postComments\" target='_blank' href=\"".htmlspecialchars($line["comments"])."\">".__("comments")."</a>";
$entry_comments = "<a class=\"postComments\" target='_blank' rel='noopener noreferrer' href=\"".htmlspecialchars($line["comments"])."\">".__("comments")."</a>";
}
}
......@@ -1026,8 +1030,10 @@ class Feeds extends Handler_Protected {
}
function quickAddFeed() {
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"addfeed\">";
print_hidden("op", "rpc");
print_hidden("method", "addfeed");
print "<div id='fadd_error_message' style='display : none' class='alert alert-danger'></div>";
print "<div id='fadd_multiple_notify' style='display : none'>";
print_notice("Provided URL is a HTML page referencing multiple feeds, please select required feed from the dropdown menu below.");
......@@ -1108,8 +1114,8 @@ class Feeds extends Handler_Protected {
$browser_search = $this->dbh->escape_string($_REQUEST["search"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
print_hidden("op", "rpc");
print_hidden("method", "updateFeedBrowser");
print "<div dojoType=\"dijit.Toolbar\">
<div style='float : right'>
......
......@@ -1046,14 +1046,20 @@ class Handler_Public extends Handler {
<?php
}
function cached_image() {
function cached_url() {
@$hash = basename($_GET['hash']);
// we don't need an extension to find the file, hash is a complete URL
$hash = preg_replace("/\.[^\.]*$/", "", $hash);
if ($hash) {
$filename = CACHE_DIR . '/images/' . $hash . '.png';
$filename = CACHE_DIR . '/images/' . $hash;
if (file_exists($filename)) {
header("Content-Disposition: inline; filename=\"$hash\"");
$mimetype = mime_content_type($filename);
/* See if we can use X-Sendfile */
$xsendfile = false;
if (function_exists('apache_get_modules') &&
......@@ -1062,10 +1068,10 @@ class Handler_Public extends Handler {
if ($xsendfile) {
header("X-Sendfile: $filename");
header("Content-type: application/octet-stream");
header('Content-Disposition: attachment; filename="' . basename($filename) . '"');
header("Content-type: $mimetype");
header('Content-Disposition: inline; filename="' . basename($filename) . '"');
} else {
header("Content-type: image/png");
header("Content-type: $mimetype");
$stamp = gmdate("D, d M Y H:i:s", filemtime($filename)). " GMT";
header("Last-Modified: $stamp", true);
readfile($filename);
......@@ -1083,5 +1089,37 @@ class Handler_Public extends Handler {
return "tag:" . parse_url(get_self_url_prefix(), PHP_URL_HOST) . ",$timestamp:/$id";
}
// this should be used very carefully because this endpoint is exposed to unauthenticated users
// plugin data is not loaded because there's no user context and owner_uid/session may or may not be available
// in general, don't do anything user-related in here and do not modify $_SESSION
public function pluginhandler() {
$host = new PluginHost();
$plugin = basename($_REQUEST["plugin"]);
$method = $_REQUEST["pmethod"];
$host->load($plugin, PluginHost::KIND_USER, 0);
$host->load_data();
$pclass = $host->get_plugin($plugin);
if ($pclass) {
if (method_exists($pclass, $method)) {
if ($pclass->is_public_method($method)) {
$pclass->$method();
} else {
header("Content-Type: text/json");
print error_json(6);
}
} else {
header("Content-Type: text/json");
print error_json(13);
}
} else {
header("Content-Type: text/json");
print error_json(14);
}
}
}
?>
?>
\ No newline at end of file
......@@ -22,6 +22,10 @@ class Plugin {
return array();
}
function is_public_method($method) {
return false;
}
function get_js() {
return "";
}
......
......@@ -50,6 +50,8 @@ class PluginHost {
const HOOK_RENDER_ENCLOSURE = 29;
const HOOK_ARTICLE_FILTER_ACTION = 30;
const HOOK_ARTICLE_EXPORT_FEED = 31;
const HOOK_MAIN_TOOLBAR_BUTTON = 32;
const HOOK_ENCLOSURE_ENTRY = 33;
const KIND_ALL = 1;
const KIND_SYSTEM = 2;
......
......@@ -62,7 +62,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = $this->get_category_items($line['id']);
$num_children = $this->calculate_children_count($cat);
$cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', $num_children), $num_children);
$cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
if ($num_children > 0 || $show_empty_cats)
array_push($items, $cat);
......@@ -211,7 +211,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = $this->get_category_items($line['id']);
$num_children = $this->calculate_children_count($cat);
$cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', $num_children), $num_children);
$cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
if ($num_children > 0 || $show_empty_cats)
array_push($root['items'], $cat);
......@@ -261,7 +261,7 @@ class Pref_Feeds extends Handler_Protected {
array_push($root['items'], $cat);
$num_children = $this->calculate_children_count($root);
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', $num_children), $num_children);
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
} else {
$feed_result = $this->dbh->query("SELECT id, title, last_error,
......@@ -548,9 +548,9 @@ class Pref_Feeds extends Handler_Protected {
$title = htmlspecialchars($this->dbh->fetch_result($result,
0, "title"));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
print_hidden("id", "$feed_id");
print_hidden("op", "pref-feeds");
print_hidden("method", "editSave");
print "<div class=\"dlgSec\">".__("Feed")."</div>";
print "<div class=\"dlgSecCont\">";
......@@ -646,7 +646,7 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
if ($auth_pass_encrypted) {
if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
require_once "crypt.php";
$auth_pass = decrypt_string($auth_pass);
}
......@@ -729,7 +729,7 @@ class Pref_Feeds extends Handler_Protected {
print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
$checked>&nbsp;<label for=\"cache_images\">".
__('Cache images locally')."</label>";
__('Cache media')."</label>";
$mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update"));
......@@ -816,9 +816,9 @@ class Pref_Feeds extends Handler_Protected {
print "<p>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"ids\" value=\"$feed_ids\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"batchEditSave\">";
print_hidden("ids", "$feed_ids");
print_hidden("op", "pref-feeds");
print_hidden("method", "batchEditSave");
print "<div class=\"dlgSec\">".__("Feed")."</div>";
print "<div class=\"dlgSecCont\">";
......@@ -925,7 +925,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"cache_images\"
dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"cache_images_l\"
for=\"cache_images\">".
__('Cache images locally')."</label>";
__('Cache media')."</label>";
print "&nbsp;"; $this->batch_edit_cbox("cache_images", "cache_images_l");
......@@ -983,14 +983,7 @@ class Pref_Feeds extends Handler_Protected {
$feed_language = $this->dbh->escape_string(trim($_POST["feed_language"]));
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
$auth_pass = substr(encrypt_string($auth_pass), 0, 250);
$auth_pass_encrypted = 'true';
} else {
$auth_pass_encrypted = 'false';
}
$auth_pass_encrypted = 'false';
$auth_pass = $this->dbh->escape_string($auth_pass);
if (get_pref('ENABLE_FEED_CATS')) {
......@@ -1418,6 +1411,7 @@ class Pref_Feeds extends Handler_Protected {
<div dojoType=\"fox.PrefFeedTree\" id=\"feedTree\"
dndController=\"dijit.tree.dndSource\"
betweenThreshold=\"5\"
autoExpand='true'
model=\"feedModel\" openOnClick=\"false\">
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
......@@ -1818,8 +1812,8 @@ class Pref_Feeds extends Handler_Protected {
}
function batchSubscribe() {
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-feeds\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"batchaddfeeds\">";
print_hidden("op", "pref-feeds");
print_hidden("method", "batchaddfeeds");
print "<table width='100%'><tr><td>
".__("Add one valid RSS feed per line (no feed detection is done)")."
......@@ -1889,14 +1883,7 @@ class Pref_Feeds extends Handler_Protected {
"SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
$pass = substr(encrypt_string($pass), 0, 250);
$auth_pass_encrypted = 'true';
} else {
$auth_pass_encrypted = 'false';
}
$auth_pass_encrypted = 'false';
$pass = $this->dbh->escape_string($pass);
if ($this->dbh->num_rows($result) == 0) {
......
......@@ -340,10 +340,10 @@ class Pref_Filters extends Handler_Protected {
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
print_hidden("op", "pref-filters");
print_hidden("id", "$filter_id");
print_hidden("method", "editSave");
print_hidden("csrf_token", $_SESSION['csrf_token']);
print "<div class=\"dlgSec\">".__("Caption")."</div>";
......@@ -816,9 +816,9 @@ class Pref_Filters extends Handler_Protected {
print "<form name='filter_new_form' id='filter_new_form'>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"add\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
print_hidden("op", "pref-filters");
print_hidden("method", "add");
print_hidden("csrf_token", $_SESSION['csrf_token']);
print "<div class=\"dlgSec\">".__("Caption")."</div>";
......@@ -1096,7 +1096,7 @@ class Pref_Filters extends Handler_Protected {
if (!$title) $title = __("[No caption]");
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules);
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
$result = $this->dbh->query(
......@@ -1114,7 +1114,7 @@ class Pref_Filters extends Handler_Protected {
if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
if ($num_actions > 0)
$actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", $num_actions), $actions, $num_actions);
$actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
return array($title, $actions);
}
......
......@@ -15,9 +15,9 @@ class Pref_Labels extends Handler_Protected {
$line = $this->dbh->fetch_assoc($result);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
print_hidden("id", "$label_id");
print_hidden("op", "pref-labels");
print_hidden("method", "save");
print "<div class=\"dlgSec\">".__("Caption")."</div>";
......
......@@ -226,8 +226,8 @@ class Pref_Prefs extends Handler_Protected {
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "changeemail");
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Save data")."</button>";
......@@ -305,8 +305,8 @@ class Pref_Prefs extends Handler_Protected {
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "changepassword");
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Change password")."</button>";
......@@ -351,8 +351,8 @@ class Pref_Prefs extends Handler_Protected {
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpdisable\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "otpdisable");
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Disable OTP")."</button>";
......@@ -371,8 +371,8 @@ class Pref_Prefs extends Handler_Protected {
print "<form dojoType=\"dijit.form.Form\" id=\"changeOtpForm\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"otpenable\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "otpenable");
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
......@@ -565,11 +565,13 @@ class Pref_Prefs extends Handler_Protected {
} else if ($pref_name == "USER_CSS_THEME") {
$themes = array_merge(glob("themes/*.css"), glob("themes.local/*.css"));
$themes = array_merge(glob("themes/*.php"), glob("themes/*.css"), glob("themes.local/*.css"));
$themes = array_map("basename", $themes);
$themes = array_filter($themes, "theme_valid");
asort($themes);
if (!theme_valid($value)) $value = "default.php";
print_select($pref_name, $value, $themes,
'dojoType="dijit.form.Select"');
......@@ -656,7 +658,7 @@ class Pref_Prefs extends Handler_Protected {
$listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">";
print_hidden("boolean_prefs", "$listed_boolean_prefs");
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
"hook_prefs_tab_section", "prefPrefsPrefsInside");
......@@ -664,8 +666,8 @@ class Pref_Prefs extends Handler_Protected {
print '</div>'; # inside pane
print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "saveconfig");
print "<div dojoType=\"dijit.form.ComboButton\" type=\"submit\">
<span>".__('Save configuration')."</span>
......@@ -684,16 +686,6 @@ class Pref_Prefs extends Handler_Protected {
print "&nbsp;";
/* $checked = $_SESSION["prefs_show_advanced"] ? "checked='1'" : "";
print "<input onclick='toggleAdvancedPrefs()'
id='prefs_show_advanced'
dojoType=\"dijit.form.CheckBox\"
$checked
type=\"checkbox\"></input>
<label for='prefs_show_advanced'>" .
__("Show additional preferences") . "</label>"; */
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
"hook_prefs_tab_section", "prefPrefsPrefsOutside");
......@@ -732,8 +724,8 @@ class Pref_Prefs extends Handler_Protected {
}
</script>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setplugins\">";
print_hidden("op", "pref-prefs");
print_hidden("method", "setplugins");
print "<table width='100%' class='prefPluginsList'>";
......@@ -774,7 +766,7 @@ class Pref_Prefs extends Handler_Protected {
print "<td><label><img src='images/$plugin_icon' alt=''> $name</label></td>";
print "<td>" . htmlspecialchars($about[1]);
if (@$about[4]) {
print " &mdash; <a target=\"_blank\" class=\"visibleLink\"
print " &mdash; <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"visibleLink\"
href=\"".htmlspecialchars($about[4])."\">".__("more info")."</a>";
}
print "</td>";
......@@ -833,7 +825,7 @@ class Pref_Prefs extends Handler_Protected {
print "<td><label for='FPCHK-$name'><img src='images/$plugin_icon' alt=''> $name</label></td>";
print "<td><label for='FPCHK-$name'>" . htmlspecialchars($about[1]) . "</label>";
if (@$about[4]) {
print " &mdash; <a target=\"_blank\" class=\"visibleLink\"
print " &mdash; <a target=\"_blank\" rel=\"noopener noreferrer\" class=\"visibleLink\"
href=\"".htmlspecialchars($about[4])."\">".__("more info")."</a>";
}
print "</td>";
......@@ -973,9 +965,9 @@ class Pref_Prefs extends Handler_Protected {
print_notice(T_sprintf("You can override colors, fonts and layout of your currently selected theme with custom CSS declarations here. <a target=\"_blank\" class=\"visibleLink\" href=\"%s\">This file</a> can be used as a baseline.", "css/tt-rss.css"));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"setpref\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"key\" value=\"USER_STYLESHEET\">";
print_hidden("op", "rpc");
print_hidden("method", "setpref");
print_hidden("key", "USER_STYLESHEET");
print "<table width='100%'><tr><td>";
print "<textarea dojoType=\"dijit.form.SimpleTextarea\"
......