From b68a266a734193dfeee8d9f52b9888b2798eb50c Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 12 Apr 2013 14:06:20 +0400 Subject: remove no_cache_incantation() --- include/functions.php | 9 --------- 1 file changed, 9 deletions(-) (limited to 'include/functions.php') diff --git a/include/functions.php b/include/functions.php index 4ac4e0968..31a4c1f2d 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2929,15 +2929,6 @@ exit; } - // from http://developer.apple.com/internet/safari/faq.html - function no_cache_incantation() { - header("Expires: Mon, 22 Dec 1980 00:00:00 GMT"); // Happy birthday to me :) - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified - header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0"); // HTTP/1.1 - header("Cache-Control: post-check=0, pre-check=0", false); - header("Pragma: no-cache"); // HTTP/1.0 - } - function format_warning($msg, $id = "") { global $link; return "
-- cgit v1.2.3-54-g00ecf From bb399c62712cfe99503d7d92bbeb8afef1c10918 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 12 Apr 2013 14:14:11 +0400 Subject: add cache-control: public to the login page so that firefox would bother making a thumbnail --- include/functions.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'include/functions.php') diff --git a/include/functions.php b/include/functions.php index 31a4c1f2d..f5685b89a 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2925,6 +2925,8 @@ } function render_login_form($link) { + header('Cache-Control: public'); + require_once "login_form.php"; exit; } -- cgit v1.2.3-54-g00ecf From 044cff2d74ece46256201695346d1a0d1d66c746 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 13 Apr 2013 18:24:27 +0400 Subject: implement basic feed authentication parameter encryption in the database (FEED_CRYPT_KEY) --- classes/pref/feeds.php | 36 ++++++++++++++++++++++++++++++++---- config.php-dist | 7 +++++++ include/crypt.php | 36 ++++++++++++++++++++++++++++++++++++ include/functions.php | 12 ++++++++++-- include/rssfuncs.php | 9 ++++++++- include/sanity_check.php | 8 ++++++++ include/sanity_config.php | 4 ++-- install/index.php | 27 +++++++++++++++++++++++++++ 8 files changed, 130 insertions(+), 9 deletions(-) create mode 100644 include/crypt.php (limited to 'include/functions.php') diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index f57cc37d6..4a77ed8cf 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -528,6 +528,9 @@ class Pref_Feeds extends Handler_Protected { "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]); + $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0, + "auth_pass_encrypted")); + $title = htmlspecialchars(db_fetch_result($result, 0, "title")); @@ -613,7 +616,14 @@ class Pref_Feeds extends Handler_Protected { placeHolder=\"".__("Login")."\" name=\"auth_login\" value=\"$auth_login\">
"; - $auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass")); + $auth_pass = db_fetch_result($result, 0, "auth_pass"); + + if ($auth_pass_encrypted) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); + } + + $auth_pass = htmlspecialchars($auth_pass); print "link, $_POST["mark_unread_on_update"])); + if (strlen(FEED_CRYPT_KEY) > 0) { + require_once "crypt.php"; + $auth_pass = substr(encrypt_string($auth_pass), 0, 250); + $auth_pass_encrypted = 'true'; + } else { + $auth_pass_encrypted = 'false'; + } + if (get_pref($this->link, 'ENABLE_FEED_CATS')) { if ($cat_id && $cat_id != 0) { $category_qpart = "cat_id = '$cat_id',"; @@ -958,6 +976,7 @@ class Pref_Feeds extends Handler_Protected { purge_interval = '$purge_intl', auth_login = '$auth_login', auth_pass = '$auth_pass', + auth_pass_encrypted = $auth_pass_encrypted, private = $private, cache_images = $cache_images, hide_images = $hide_images, @@ -1003,7 +1022,8 @@ class Pref_Feeds extends Handler_Protected { break; case "auth_pass": - $qpart = "auth_pass = '$auth_pass'"; + $qpart = "auth_pass = '$auth_pass' AND + auth_pass_encrypted = $auth_pass_encrypted"; break; case "private": @@ -1841,12 +1861,20 @@ class Pref_Feeds extends Handler_Protected { "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]); + if (strlen(FEED_CRYPT_KEY) > 0) { + require_once "crypt.php"; + $pass = substr(encrypt_string($pass), 0, 250); + $auth_pass_encrypted = 'true'; + } else { + $auth_pass_encrypted = 'false'; + } + if (db_num_rows($result) == 0) { $result = db_query($this->link, "INSERT INTO ttrss_feeds - (owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method) + (owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted) VALUES ('".$_SESSION["uid"]."', '$feed', - '[Unknown]', $cat_qpart, '$login', '$pass', 0)"); + '[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)"); } db_query($this->link, "COMMIT"); diff --git a/config.php-dist b/config.php-dist index eb3339742..fc999354b 100644 --- a/config.php-dist +++ b/config.php-dist @@ -24,6 +24,13 @@ // You need to set this option correctly otherwise several features // including PUSH, bookmarklets and browser integration will not work properly. + define('FEED_CRYPT_KEY', ''); + // Key used for encryption of login/passwords for password-protected feeds + // in the database. A string of 24 random characters. If left blank, encryption + // is not used. Requires mcrypt functions. + // Warning: changing this key will make your stored feed passwords impossible + // to decrypt. + define('SINGLE_USER_MODE', false); // Operate in single user mode, disables all functionality related to // multiple users and authentication. Enabling this assumes you have diff --git a/include/crypt.php b/include/crypt.php new file mode 100644 index 000000000..f06483ef1 --- /dev/null +++ b/include/crypt.php @@ -0,0 +1,36 @@ + diff --git a/include/functions.php b/include/functions.php index f5685b89a..73ed97d08 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1614,12 +1614,20 @@ "SELECT id FROM ttrss_feeds WHERE feed_url = '$url' AND owner_uid = ".$_SESSION["uid"]); + if (strlen(FEED_CRYPT_KEY) > 0) { + require_once "crypt.php"; + $auth_pass = substr(encrypt_string($auth_pass), 0, 250); + $auth_pass_encrypted = 'true'; + } else { + $auth_pass_encrypted = 'false'; + } + if (db_num_rows($result) == 0) { $result = db_query($link, "INSERT INTO ttrss_feeds - (owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method) + (owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method,auth_pass_encrypted) VALUES ('".$_SESSION["uid"]."', '$url', - '[Unknown]', $cat_qpart, '$auth_login', '$auth_pass', 0)"); + '[Unknown]', $cat_qpart, '$auth_login', '$auth_pass', 0, $auth_pass_encrypted)"); $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '$url' diff --git a/include/rssfuncs.php b/include/rssfuncs.php index 6e3ef4cf1..859c575cc 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -203,7 +203,7 @@ $result = db_query($link, "SELECT id,update_interval,auth_login, feed_url,auth_pass,cache_images,last_updated, mark_unread_on_update, owner_uid, - pubsub_state + pubsub_state, auth_pass_encrypted FROM ttrss_feeds WHERE id = '$feed'"); if (db_num_rows($result) == 0) { @@ -218,6 +218,8 @@ $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update")); $pubsub_state = db_fetch_result($result, 0, "pubsub_state"); + $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, + 0, "auth_pass_encrypted")); db_query($link, "UPDATE ttrss_feeds SET last_update_started = NOW() WHERE id = '$feed'"); @@ -225,6 +227,11 @@ $auth_login = db_fetch_result($result, 0, "auth_login"); $auth_pass = db_fetch_result($result, 0, "auth_pass"); + if ($auth_pass_encrypted) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); + } + $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); $fetch_url = db_fetch_result($result, 0, "feed_url"); diff --git a/include/sanity_check.php b/include/sanity_check.php index 69309290e..b4102d234 100644 --- a/include/sanity_check.php +++ b/include/sanity_check.php @@ -67,6 +67,14 @@ array_push($errors, "Javascript cache is not writable (chmod -R 777 ".CACHE_DIR."/js)"); } + if (strlen(FEED_CRYPT_KEY) != 24) { + array_push($errors, "FEED_CRYPT_KEY should be exactly 24 characters in length."); + } + + if (strlen(FEED_CRYPT_KEY) != 0 && !function_exists("mcrypt_decrypt")) { + array_push($errors, "FEED_CRYPT_KEY requires mcrypt functions which are not found."); + } + if (GENERATED_CONFIG_CHECK != EXPECTED_CONFIG_VERSION) { array_push($errors, "Configuration option checker sanity_config.php is outdated, please recreate it using ./utils/regen_config_checks.sh"); diff --git a/include/sanity_config.php b/include/sanity_config.php index cb1c1e8ca..0c829981e 100644 --- a/include/sanity_config.php +++ b/include/sanity_config.php @@ -1,3 +1,3 @@ - +$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_HOST', 'SMTP_PORT', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'CONFIG_VERSION'); ?> diff --git a/install/index.php b/install/index.php index 3b6a1f544..1aae5da83 100644 --- a/install/index.php +++ b/install/index.php @@ -10,6 +10,25 @@ Date: Sat, 13 Apr 2013 18:58:09 +0400 Subject: fix double-escaping possible with encrypted passwords --- classes/pref/feeds.php | 8 ++++++-- classes/rpc.php | 2 +- include/functions.php | 2 ++ 3 files changed, 9 insertions(+), 3 deletions(-) (limited to 'include/functions.php') diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 4a77ed8cf..c57cccc44 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -932,7 +932,7 @@ class Pref_Feeds extends Handler_Protected { $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */ $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]); $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); - $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); + $auth_pass = trim($_POST["auth_pass"]); $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"])); $include_in_digest = checkbox_to_sql_bool( db_escape_string($this->link, $_POST["include_in_digest"])); @@ -954,6 +954,8 @@ class Pref_Feeds extends Handler_Protected { $auth_pass_encrypted = 'false'; } + $auth_pass = db_escape_string($this->link, $auth_pass); + if (get_pref($this->link, 'ENABLE_FEED_CATS')) { if ($cat_id && $cat_id != 0) { $category_qpart = "cat_id = '$cat_id',"; @@ -1842,7 +1844,7 @@ class Pref_Feeds extends Handler_Protected { $cat_id = db_escape_string($this->link, $_REQUEST['cat']); $feeds = explode("\n", $_REQUEST['feeds']); $login = db_escape_string($this->link, $_REQUEST['login']); - $pass = db_escape_string($this->link, $_REQUEST['pass']); + $pass = trim($_REQUEST['pass']); foreach ($feeds as $feed) { $feed = db_escape_string($this->link, trim($feed)); @@ -1869,6 +1871,8 @@ class Pref_Feeds extends Handler_Protected { $auth_pass_encrypted = 'false'; } + $pass = db_escape_string($this->link, $pass); + if (db_num_rows($result) == 0) { $result = db_query($this->link, "INSERT INTO ttrss_feeds diff --git a/classes/rpc.php b/classes/rpc.php index 508dd8d41..1569a9a35 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -104,7 +104,7 @@ class RPC extends Handler_Protected { $feed = db_escape_string($this->link, $_REQUEST['feed']); $cat = db_escape_string($this->link, $_REQUEST['cat']); $login = db_escape_string($this->link, $_REQUEST['login']); - $pass = db_escape_string($this->link, $_REQUEST['pass']); + $pass = trim($_REQUEST['pass']); // escaped later $rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass); diff --git a/include/functions.php b/include/functions.php index 73ed97d08..1b6b3e820 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1622,6 +1622,8 @@ $auth_pass_encrypted = 'false'; } + $auth_pass = db_escape_string($this->link, $auth_pass); + if (db_num_rows($result) == 0) { $result = db_query($link, "INSERT INTO ttrss_feeds -- cgit v1.2.3-54-g00ecf From 96de8fea677d4c031700cadea16fc8c7b0de0172 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 14 Apr 2013 09:11:02 +0400 Subject: subscribe_to_feed: fix typo --- include/functions.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'include/functions.php') diff --git a/include/functions.php b/include/functions.php index 1b6b3e820..e2357f6c0 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1622,7 +1622,7 @@ $auth_pass_encrypted = 'false'; } - $auth_pass = db_escape_string($this->link, $auth_pass); + $auth_pass = db_escape_string($link, $auth_pass); if (db_num_rows($result) == 0) { $result = db_query($link, -- cgit v1.2.3-54-g00ecf From 2cfbb448fb197837c063c377c042beb3ba704a52 Mon Sep 17 00:00:00 2001 From: moontear Date: Mon, 15 Apr 2013 12:28:52 +0200 Subject: Added average color calculation of feeds' favicons for banded display. --- classes/feeds.php | 5 +- include/functions.php | 42 +++ include/rssfuncs.php | 11 +- lib/floIcon.php | 843 ++++++++++++++++++++++++++++++++++++++++++ schema/versions/mysql/117.sql | 7 + 5 files changed, 903 insertions(+), 5 deletions(-) create mode 100644 lib/floIcon.php create mode 100644 schema/versions/mysql/117.sql (limited to 'include/functions.php') diff --git a/classes/feeds.php b/classes/feeds.php index c7b7a83e6..64d1d8786 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -528,8 +528,9 @@ class Feeds extends Handler_Protected { $reply['content'] .= "
"; - $reply['content'] .= "
"; - + //setting feed headline background color, needs to change text color based on dark/light + $favColor = explode("|", $line['favicon_avg_color']); + $reply['content'] .= "
"; $reply['content'] .= "
"; $reply['content'] .= "readICO($iconFile); + //TODO: error logging + if(count($ico->images)==0) + return null; + else { + $image = @$ico->images[count($ico->images)-1]->getImageResource(); + } + $type = "ico"; + } + elseif(strtolower($imgInfo['mime'])=='image/png') { + $image = imagecreatefrompng($iconFile); + $type = 'png'; + } + elseif(strtolower($imgInfo['mime'])=='image/jpeg') { + $image = imagecreatefromjpeg($iconFile); + $type = 'jpg'; + } + elseif(strtolower($imgInfo['mime'])=='image/gif') { + $image = imagecreatefromgif($iconFile); + $type = 'gif'; + } + //TODO: error logging + if (is_null($image)) + return null; + $width = imagesx($image); + $height = imagesy($image); + $pixel = imagecreatetruecolor(1, 1); + imagecopyresampled($pixel, $image, 0, 0, 0, 0, 1, 1, $width, $height); + $rgb = imagecolorat($pixel, 0, 0); + $color = imagecolorsforindex($pixel, $rgb); + return $color; + } function print_select($id, $default, $values, $attributes = "") { print " Date: Mon, 15 Apr 2013 17:01:51 +0400 Subject: try to improve color guessing algorithm a bit --- include/colors.php | 60 +++++++++++++++++++++++++++++++++++++++++++++++++++ include/functions.php | 41 ----------------------------------- include/rssfuncs.php | 13 ++++------- 3 files changed, 64 insertions(+), 50 deletions(-) (limited to 'include/functions.php') diff --git a/include/colors.php b/include/colors.php index d1e970728..19c891517 100644 --- a/include/colors.php +++ b/include/colors.php @@ -1,5 +1,7 @@ "#f0f8ff", "antiquewhite" => "#faebd7", @@ -278,4 +280,62 @@ function hsl2rgb($arr) { return array($r, $g, $B); } + function colorPalette($imageFile, $numColors, $granularity = 5) { + $granularity = max(1, abs((int)$granularity)); + $colors = array(); + + $size = @getimagesize($imageFile); + + if (strtolower($size['mime']) == 'image/vnd.microsoft.icon') { + $ico = new floIcon(); + @$ico->readICO($imageFile); + + if(count($ico->images)==0) + return null; + else + $img = @$ico->images[count($ico->images)-1]->getImageResource(); + + } else { + $img = @imagecreatefromstring(file_get_contents($imageFile)); + } + + if (!$img) return false; + + for($x = 0; $x < $size[0]; $x += $granularity) { + for($y = 0; $y < $size[1]; $y += $granularity) { + $thisColor = imagecolorat($img, $x, $y); + $rgb = imagecolorsforindex($img, $thisColor); + $red = round(round(($rgb['red'] / 0x33)) * 0x33); + $green = round(round(($rgb['green'] / 0x33)) * 0x33); + $blue = round(round(($rgb['blue'] / 0x33)) * 0x33); + $thisRGB = sprintf('%02X%02X%02X', $red, $green, $blue); + if(array_key_exists($thisRGB, $colors)) { + $colors[$thisRGB]++; + } else{ + $colors[$thisRGB] = 1; + } + } + } + + arsort($colors); + return array_slice(array_keys($colors), 0, $numColors); + } + + function calculate_avg_color($iconFile) { + $palette = colorPalette($iconFile, 4, 4); + + if (is_array($palette)) { + foreach ($palette as $p) { + $hsl = rgb2hsl(_color_unpack("#$p")); + + if ($hsl[1] > 0.25 && $hsl[2] > 0.25 && + !($hsl[0] >= 0 && $hsl[0] < 0.01 && $hsl[1] < 0.01) && + !($hsl[0] >= 0 && $hsl[0] < 0.01 && $hsl[2] > 0.99)) { + + return _color_pack(hsl2rgb($hsl)); + } + } + } + return false; + } ?> diff --git a/include/functions.php b/include/functions.php index 6372db1fd..306014d96 100644 --- a/include/functions.php +++ b/include/functions.php @@ -512,47 +512,6 @@ } } - function calculate_avg_color($iconFile) { - - require_once "lib/floIcon.php"; - - $imgInfo = @getimagesize($iconFile); - - if(strtolower($imgInfo['mime'])=='image/vnd.microsoft.icon') { - $ico = new floIcon(); - @$ico->readICO($iconFile); - //TODO: error logging - if(count($ico->images)==0) - return null; - else { - $image = @$ico->images[count($ico->images)-1]->getImageResource(); - } - $type = "ico"; - } - elseif(strtolower($imgInfo['mime'])=='image/png') { - $image = imagecreatefrompng($iconFile); - $type = 'png'; - } - elseif(strtolower($imgInfo['mime'])=='image/jpeg') { - $image = imagecreatefromjpeg($iconFile); - $type = 'jpg'; - } - elseif(strtolower($imgInfo['mime'])=='image/gif') { - $image = imagecreatefromgif($iconFile); - $type = 'gif'; - } - //TODO: error logging - if (is_null($image)) - return null; - $width = imagesx($image); - $height = imagesy($image); - $pixel = imagecreatetruecolor(1, 1); - imagecopyresampled($pixel, $image, 0, 0, 0, 0, 1, 1, $width, $height); - $rgb = imagecolorat($pixel, 0, 0); - $color = imagecolorsforindex($pixel, $rgb); - return $color; - } - function print_select($id, $default, $values, $attributes = "") { print ""; - $result = db_query($this->link, "SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']." + $result = db_query( "SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']." AND LENGTH(tag_name) <= 30 ORDER BY tag_name ASC"); while ($row = db_fetch_assoc($result)) { @@ -195,10 +195,10 @@ class Dlg extends Handler_Protected { function generatedFeed() { $this->params = explode(":", $this->param, 3); - $feed_id = db_escape_string($this->link, $this->params[0]); + $feed_id = db_escape_string( $this->params[0]); $is_cat = (bool) $this->params[1]; - $key = get_feed_access_key($this->link, $feed_id, $is_cat); + $key = get_feed_access_key( $feed_id, $is_cat); $url_path = htmlspecialchars($this->params[2]) . "&key=" . $key; @@ -223,7 +223,7 @@ class Dlg extends Handler_Protected { function newVersion() { - $version_data = check_for_update($this->link); + $version_data = check_for_update(); $version = $version_data['version']; $id = $version_data['version_id']; diff --git a/classes/feeds.php b/classes/feeds.php index 6ee5bad0b..1c3ad58c5 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -164,7 +164,7 @@ class Feeds extends Handler_Protected { if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) { // Update the feed if required with some basic flood control - $result = db_query($this->link, + $result = db_query( "SELECT cache_images,".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE id = '$feed'"); @@ -174,22 +174,22 @@ class Feeds extends Handler_Protected { if (!$cache_images && time() - $last_updated > 120 || isset($_REQUEST['DevForceUpdate'])) { include "rssfuncs.php"; - update_rss_feed($this->link, $feed, true, true); + update_rss_feed( $feed, true, true); } else { - db_query($this->link, "UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01' + db_query( "UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01' WHERE id = '$feed'"); } } } if ($method_split[0] == "MarkAllReadGR") { - catchup_feed($this->link, $method_split[1], false); + catchup_feed( $method_split[1], false); } // FIXME: might break tag display? if (is_numeric($feed) && $feed > 0 && !$cat_view) { - $result = db_query($this->link, + $result = db_query( "SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1"); if (db_num_rows($result) == 0) { @@ -197,13 +197,13 @@ class Feeds extends Handler_Protected { } } - @$search = db_escape_string($this->link, $_REQUEST["query"]); + @$search = db_escape_string( $_REQUEST["query"]); if ($search) { $disable_cache = true; } - @$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]); + @$search_mode = db_escape_string( $_REQUEST["search_mode"]); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info); @@ -219,7 +219,7 @@ class Feeds extends Handler_Protected { $handler = $pluginhost->get_feed_handler( PluginHost::feed_to_pfeed_id($feed)); - // function queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $override_order = false, $offset = 0, $owner_uid = 0, $filter = false, $since_id = 0, $include_children = false, $ignore_vfeed_group = false) { + // function queryFeedHeadlines($feed, $limit, $view_mode, $cat_view, $search, $search_mode, $override_order = false, $offset = 0, $owner_uid = 0, $filter = false, $since_id = 0, $include_children = false, $ignore_vfeed_group = false) { if ($handler) { $options = array( @@ -240,7 +240,7 @@ class Feeds extends Handler_Protected { } } else { - $qfh_ret = queryFeedHeadlines($this->link, $feed, $limit, $view_mode, $cat_view, + $qfh_ret = queryFeedHeadlines( $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $override_order, $offset, 0, false, 0, $include_children); } @@ -261,13 +261,13 @@ class Feeds extends Handler_Protected { $headlines_count = db_num_rows($result); - /* if (get_pref($this->link, 'COMBINED_DISPLAY_MODE')) { + /* if (get_pref( 'COMBINED_DISPLAY_MODE')) { $button_plugins = array(); foreach (explode(",", ARTICLE_BUTTON_PLUGINS) as $p) { $pclass = "button_" . trim($p); if (class_exists($pclass)) { - $plugin = new $pclass($link); + $plugin = new $pclass(); array_push($button_plugins, $plugin); } } @@ -282,11 +282,11 @@ class Feeds extends Handler_Protected { $num_unread = 0; $cur_feed_title = ''; - $fresh_intl = get_pref($this->link, "FRESH_ARTICLE_MAX_AGE") * 60 * 60; + $fresh_intl = get_pref( "FRESH_ARTICLE_MAX_AGE") * 60 * 60; if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info); - $expand_cdm = get_pref($this->link, 'CDM_EXPANDED'); + $expand_cdm = get_pref( 'CDM_EXPANDED'); while ($line = db_fetch_assoc($result)) { $class = ($lnum % 2) ? "even" : "odd"; @@ -307,7 +307,7 @@ class Feeds extends Handler_Protected { } } - if (!is_array($labels)) $labels = get_article_labels($this->link, $id); + if (!is_array($labels)) $labels = get_article_labels( $id); $labels_str = ""; $labels_str .= format_article_labels($labels, $id); @@ -357,11 +357,11 @@ class Feeds extends Handler_Protected { # $content_link = "" . # $line["title"] . ""; - $updated_fmt = make_local_datetime($this->link, $line["updated"], false); + $updated_fmt = make_local_datetime( $line["updated"], false); $date_entered_fmt = T_sprintf("Imported at %s", - make_local_datetime($this->link, $line["date_entered"], false)); + make_local_datetime( $line["date_entered"], false)); - if (get_pref($this->link, 'SHOW_CONTENT_PREVIEW')) { + if (get_pref( 'SHOW_CONTENT_PREVIEW')) { $content_preview = truncate_string(strip_tags($line["content_preview"]), 100); } @@ -429,9 +429,9 @@ class Feeds extends Handler_Protected { $row_background = ""; } - if (!get_pref($this->link, 'COMBINED_DISPLAY_MODE')) { + if (!get_pref( 'COMBINED_DISPLAY_MODE')) { - if (get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { + if (get_pref( 'VFEED_GROUP_BY_FEED')) { if ($feed_id != $vgroup_last_feed && $line["feed_title"]) { $cur_feed_title = $line["feed_title"]; @@ -472,7 +472,7 @@ class Feeds extends Handler_Protected { onclick=\"\">" . truncate_string($line["title"], 200); - if (get_pref($this->link, 'SHOW_CONTENT_PREVIEW')) { + if (get_pref( 'SHOW_CONTENT_PREVIEW')) { if ($content_preview) { $reply['content'] .= " - $content_preview"; } @@ -486,7 +486,7 @@ class Feeds extends Handler_Protected { $reply['content'] .= ""; - if (!get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { + if (!get_pref( 'VFEED_GROUP_BY_FEED')) { if (@$line["feed_title"]) { $reply['content'] .= "
". @@ -502,7 +502,7 @@ class Feeds extends Handler_Protected { $reply['content'] .= $score_pic; - if ($line["feed_title"] && !get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { + if ($line["feed_title"] && !get_pref( 'VFEED_GROUP_BY_FEED')) { $reply['content'] .= "link, $id, $_SESSION["uid"], $line["tag_cache"]); + $line["tags"] = get_article_tags( $id, $_SESSION["uid"], $line["tag_cache"]); unset($line["tag_cache"]); - $line["content"] = sanitize($this->link, $line["content_preview"], + $line["content"] = sanitize( $line["content_preview"], sql_bool_to_bool($line['hide_images']), false, $entry_site_url); foreach ($pluginhost->get_hooks($pluginhost::HOOK_RENDER_ARTICLE_CDM) as $p) { $line = $p->hook_render_article_cdm($line); } - if (get_pref($this->link, 'VFEED_GROUP_BY_FEED') && $line["feed_title"]) { + if (get_pref( 'VFEED_GROUP_BY_FEED') && $line["feed_title"]) { if ($feed_id != $vgroup_last_feed) { $cur_feed_title = $line["feed_title"]; @@ -594,7 +594,7 @@ class Feeds extends Handler_Protected { id=\"CEXC-$id\" class=\"cdmExcerpt\"> - $content_preview"; $reply['content'] .= ""; - if (!get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { + if (!get_pref( 'VFEED_GROUP_BY_FEED')) { if (@$line["feed_title"]) { $reply['content'] .= "
". @@ -609,7 +609,7 @@ class Feeds extends Handler_Protected { $reply['content'] .= "
"; $reply['content'] .= "$score_pic"; - if (!get_pref($this->link, "VFEED_GROUP_BY_FEED") && $line["feed_title"]) { + if (!get_pref( "VFEED_GROUP_BY_FEED") && $line["feed_title"]) { $reply['content'] .= "$feed_icon_img"; @@ -633,7 +633,7 @@ class Feeds extends Handler_Protected { if ($line["orig_feed_id"]) { - $tmp_result = db_query($this->link, "SELECT * FROM ttrss_archived_feeds + $tmp_result = db_query( "SELECT * FROM ttrss_archived_feeds WHERE id = ".$line["orig_feed_id"]); if (db_num_rows($tmp_result) != 0) { @@ -673,7 +673,7 @@ class Feeds extends Handler_Protected { $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]); - $reply['content'] .= format_article_enclosures($this->link, $id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"])); + $reply['content'] .= format_article_enclosures( $id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"])); $reply['content'] .= "
"; @@ -757,15 +757,15 @@ class Feeds extends Handler_Protected { $reply['content'] .= "

"; - $result = db_query($this->link, "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds + $result = db_query( "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']); $last_updated = db_fetch_result($result, 0, "last_updated"); - $last_updated = make_local_datetime($this->link, $last_updated, false); + $last_updated = make_local_datetime( $last_updated, false); $reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated); - $result = db_query($this->link, "SELECT COUNT(id) AS num_errors + $result = db_query( "SELECT COUNT(id) AS num_errors FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); $num_errors = db_fetch_result($result, 0, "num_errors"); @@ -786,9 +786,9 @@ class Feeds extends Handler_Protected { } function catchupAll() { - db_query($this->link, "UPDATE ttrss_user_entries SET + db_query( "UPDATE ttrss_user_entries SET last_read = NOW(), unread = false WHERE unread = true AND owner_uid = " . $_SESSION["uid"]); - ccache_zero_all($this->link, $_SESSION["uid"]); + ccache_zero_all( $_SESSION["uid"]); } function view() { @@ -798,17 +798,17 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - $omode = db_escape_string($this->link, $_REQUEST["omode"]); + $omode = db_escape_string( $_REQUEST["omode"]); - $feed = db_escape_string($this->link, $_REQUEST["feed"]); - $method = db_escape_string($this->link, $_REQUEST["m"]); - $view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]); + $feed = db_escape_string( $_REQUEST["feed"]); + $method = db_escape_string( $_REQUEST["m"]); + $view_mode = db_escape_string( $_REQUEST["view_mode"]); $limit = 30; @$cat_view = $_REQUEST["cat"] == "true"; - @$next_unread_feed = db_escape_string($this->link, $_REQUEST["nuf"]); - @$offset = db_escape_string($this->link, $_REQUEST["skip"]); - @$vgroup_last_feed = db_escape_string($this->link, $_REQUEST["vgrlf"]); - $order_by = db_escape_string($this->link, $_REQUEST["order_by"]); + @$next_unread_feed = db_escape_string( $_REQUEST["nuf"]); + @$offset = db_escape_string( $_REQUEST["skip"]); + @$vgroup_last_feed = db_escape_string( $_REQUEST["vgrlf"]); + $order_by = db_escape_string( $_REQUEST["order_by"]); if (is_numeric($feed)) $feed = (int) $feed; @@ -816,7 +816,7 @@ class Feeds extends Handler_Protected { * when there's nothing to load - e.g. no stuff in fresh feed */ if ($feed == -5) { - print json_encode($this->generate_dashboard_feed($this->link)); + print json_encode($this->generate_dashboard_feed()); return; } @@ -824,18 +824,18 @@ class Feeds extends Handler_Protected { if ($feed < LABEL_BASE_INDEX) { $label_feed = feed_to_label_id($feed); - $result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE + $result = db_query( "SELECT id FROM ttrss_labels2 WHERE id = '$label_feed' AND owner_uid = " . $_SESSION['uid']); } else if (!$cat_view && is_numeric($feed) && $feed > 0) { - $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + $result = db_query( "SELECT id FROM ttrss_feeds WHERE id = '$feed' AND owner_uid = " . $_SESSION['uid']); } else if ($cat_view && is_numeric($feed) && $feed > 0) { - $result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE + $result = db_query( "SELECT id FROM ttrss_feed_categories WHERE id = '$feed' AND owner_uid = " . $_SESSION['uid']); } if ($result && db_num_rows($result) == 0) { - print json_encode($this->generate_error_feed($this->link, __("Feed not found."))); + print json_encode($this->generate_error_feed( __("Feed not found."))); return; } @@ -843,21 +843,21 @@ class Feeds extends Handler_Protected { * so for performance reasons we don't do that here */ if ($feed >= 0) { - ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view); + ccache_update( $feed, $_SESSION["uid"], $cat_view); } - set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode); - set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by); + set_pref( "_DEFAULT_VIEW_MODE", $view_mode); + set_pref( "_DEFAULT_VIEW_ORDER_BY", $order_by); /* bump login timestamp if needed */ if (time() - $_SESSION["last_login_update"] > 3600) { - db_query($this->link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . + db_query( "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $_SESSION["uid"]); $_SESSION["last_login_update"] = time(); } if (!$cat_view && is_numeric($feed) && $feed > 0) { - db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW() + db_query( "UPDATE ttrss_feeds SET last_viewed = NOW() WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); } @@ -907,13 +907,13 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info); - $reply['runtime-info'] = make_runtime_info($this->link); + $reply['runtime-info'] = make_runtime_info(); print json_encode($reply); } - private function generate_dashboard_feed($link) { + private function generate_dashboard_feed() { $reply = array(); $reply['headlines']['id'] = -5; @@ -924,15 +924,15 @@ class Feeds extends Handler_Protected { $reply['headlines']['content'] .= "

"; - $result = db_query($link, "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds + $result = db_query( "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']); $last_updated = db_fetch_result($result, 0, "last_updated"); - $last_updated = make_local_datetime($link, $last_updated, false); + $last_updated = make_local_datetime( $last_updated, false); $reply['headlines']['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated); - $result = db_query($link, "SELECT COUNT(id) AS num_errors + $result = db_query( "SELECT COUNT(id) AS num_errors FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); $num_errors = db_fetch_result($result, 0, "num_errors"); @@ -952,7 +952,7 @@ class Feeds extends Handler_Protected { return $reply; } - private function generate_error_feed($link, $error) { + private function generate_error_feed( $error) { $reply = array(); $reply['headlines']['id'] = -6; @@ -986,9 +986,9 @@ class Feeds extends Handler_Protected { print "

"; - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref( 'ENABLE_FEED_CATS')) { print __('Place in category:') . " "; - print_feed_cat_select($this->link, "cat", false, 'dojoType="dijit.form.Select"'); + print_feed_cat_select( "cat", false, 'dojoType="dijit.form.Select"'); } print "
"; @@ -1044,7 +1044,7 @@ class Feeds extends Handler_Protected { function feedBrowser() { if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; - $browser_search = db_escape_string($this->link, $_REQUEST["search"]); + $browser_search = db_escape_string( $_REQUEST["search"]); print ""; print ""; @@ -1081,7 +1081,7 @@ class Feeds extends Handler_Protected { require_once "feedbrowser.php"; print "
    "; - print make_feed_browser($this->link, $search, 25); + print make_feed_browser( $search, 25); print "
"; print "
@@ -1092,7 +1092,7 @@ class Feeds extends Handler_Protected { } function search() { - $this->params = explode(":", db_escape_string($this->link, $_REQUEST["param"]), 2); + $this->params = explode(":", db_escape_string( $_REQUEST["param"]), 2); $active_feed_id = sprintf("%d", $this->params[0]); $is_cat = $this->params[1] != "false"; @@ -1110,12 +1110,12 @@ class Feeds extends Handler_Protected { print ""; @@ -243,9 +243,9 @@ class Handler_Public extends Handler { } function pubsub() { - $mode = db_escape_string($this->link, $_REQUEST['hub_mode']); - $feed_id = (int) db_escape_string($this->link, $_REQUEST['id']); - $feed_url = db_escape_string($this->link, $_REQUEST['hub_topic']); + $mode = db_escape_string( $_REQUEST['hub_mode']); + $feed_id = (int) db_escape_string( $_REQUEST['id']); + $feed_url = db_escape_string( $_REQUEST['hub_topic']); if (!PUBSUBHUBBUB_ENABLED) { header('HTTP/1.0 404 Not Found'); @@ -255,7 +255,7 @@ class Handler_Public extends Handler { // TODO: implement hub_verifytoken checking - $result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds + $result = db_query( "SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'"); if (db_num_rows($result) != 0) { @@ -265,7 +265,7 @@ class Handler_Public extends Handler { if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { if ($mode == "subscribe") { - db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2 + db_query( "UPDATE ttrss_feeds SET pubsub_state = 2 WHERE id = '$feed_id'"); print $_REQUEST['hub_challenge']; @@ -273,7 +273,7 @@ class Handler_Public extends Handler { } else if ($mode == "unsubscribe") { - db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 + db_query( "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id = '$feed_id'"); print $_REQUEST['hub_challenge']; @@ -282,9 +282,9 @@ class Handler_Public extends Handler { } else if (!$mode) { // Received update ping, schedule feed update. - //update_rss_feed($this->link, $feed_id, true, true); + //update_rss_feed( $feed_id, true, true); - db_query($this->link, "UPDATE ttrss_feeds SET + db_query( "UPDATE ttrss_feeds SET last_update_started = '1970-01-01', last_updated = '1970-01-01' WHERE id = '$feed_id'"); @@ -306,9 +306,9 @@ class Handler_Public extends Handler { } function share() { - $uuid = db_escape_string($this->link, $_REQUEST["key"]); + $uuid = db_escape_string( $_REQUEST["key"]); - $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE + $result = db_query( "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE uuid = '$uuid'"); if (db_num_rows($result) != 0) { @@ -317,7 +317,7 @@ class Handler_Public extends Handler { $id = db_fetch_result($result, 0, "ref_id"); $owner_uid = db_fetch_result($result, 0, "owner_uid"); - $article = format_article($this->link, $id, false, true, $owner_uid); + $article = format_article( $id, false, true, $owner_uid); print_r($article['content']); @@ -328,28 +328,28 @@ class Handler_Public extends Handler { } function rss() { - $feed = db_escape_string($this->link, $_REQUEST["id"]); - $key = db_escape_string($this->link, $_REQUEST["key"]); + $feed = db_escape_string( $_REQUEST["id"]); + $key = db_escape_string( $_REQUEST["key"]); $is_cat = $_REQUEST["is_cat"] != false; - $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]); - $offset = (int)db_escape_string($this->link, $_REQUEST["offset"]); + $limit = (int)db_escape_string( $_REQUEST["limit"]); + $offset = (int)db_escape_string( $_REQUEST["offset"]); - $search = db_escape_string($this->link, $_REQUEST["q"]); - $search_mode = db_escape_string($this->link, $_REQUEST["smode"]); - $view_mode = db_escape_string($this->link, $_REQUEST["view-mode"]); + $search = db_escape_string( $_REQUEST["q"]); + $search_mode = db_escape_string( $_REQUEST["smode"]); + $view_mode = db_escape_string( $_REQUEST["view-mode"]); - $format = db_escape_string($this->link, $_REQUEST['format']); + $format = db_escape_string( $_REQUEST['format']); if (!$format) $format = 'atom'; if (SINGLE_USER_MODE) { - authenticate_user($this->link, "admin", null); + authenticate_user( "admin", null); } $owner_id = false; if ($key) { - $result = db_query($this->link, "SELECT owner_uid FROM + $result = db_query( "SELECT owner_uid FROM ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); if (db_num_rows($result) == 1) @@ -367,15 +367,15 @@ class Handler_Public extends Handler { function globalUpdateFeeds() { include "rssfuncs.php"; // Update all feeds needing a update. - update_daemon_common($this->link, 0, true, false); + update_daemon_common( 0, true, false); // Update feedbrowser - update_feedbrowser_cache($this->link); + update_feedbrowser_cache(); // Purge orphans and cleanup tags - purge_orphans($this->link); + purge_orphans(); - cleanup_tags($this->link, 14, 50000); + cleanup_tags( 14, 50000); global $pluginhost; $pluginhost->run_hooks($pluginhost::HOOK_UPDATE_TASK, "hook_update_task", $op); @@ -384,7 +384,7 @@ class Handler_Public extends Handler { function sharepopup() { if (SINGLE_USER_MODE) { - login_sequence($this->link); + login_sequence(); } header('Content-Type: text/html; charset=utf-8'); @@ -402,12 +402,12 @@ class Handler_Public extends Handler { if ($action == 'share') { - $title = db_escape_string($this->link, strip_tags($_REQUEST["title"])); - $url = db_escape_string($this->link, strip_tags($_REQUEST["url"])); - $content = db_escape_string($this->link, strip_tags($_REQUEST["content"])); - $labels = db_escape_string($this->link, strip_tags($_REQUEST["labels"])); + $title = db_escape_string( strip_tags($_REQUEST["title"])); + $url = db_escape_string( strip_tags($_REQUEST["url"])); + $content = db_escape_string( strip_tags($_REQUEST["content"])); + $labels = db_escape_string( strip_tags($_REQUEST["labels"])); - Article::create_published_article($this->link, $title, $url, $content, $labels, + Article::create_published_article( $title, $url, $content, $labels, $_SESSION["uid"]); print "