From 8801fb017ccd6e2c052ab449eed3ee1eb5b7e982 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Mon, 8 Nov 2010 13:11:56 +0300
Subject: replace old-style published feed with universal secretkey-based
 approach used for all feeds; do not allow user/pass handling in generated
 feed urls; bump schema

---
 modules/backend-rpc.php  | 33 +++++++++++++-------------
 modules/popup-dialog.php | 60 ++++++++++++++++++++++++++----------------------
 modules/pref-feeds.php   | 12 +++++-----
 3 files changed, 56 insertions(+), 49 deletions(-)

(limited to 'modules')

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 4a82a888b..1bf41d299 100644
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -464,25 +464,11 @@
 			return;
 		}
 
-		if ($subop == "regenPubKey") {
-
-			print "<rpc-reply>";
-
-			set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
-
-			$new_link = article_publish_url($link);		
-
-			print "<link><![CDATA[$new_link]]></link>";
-
-			print "</rpc-reply>";
-
-			return;
-		}
-
 		if ($subop == "regenOPMLKey") {
 
 			print "<rpc-reply>";
-			set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
+			set_pref($link, " _PREFS_OPML_PUBLISH_KEY", 
+				sha1(uniqid(rand(), true)), $_SESSION["uid"]);
 			$new_link = opml_publish_url($link);		
 			print "<link><![CDATA[$new_link]]></link>";
 			print "</rpc-reply>";
@@ -1119,6 +1105,21 @@
 			return;
 		}
 
+		if ($subop == "regenFeedKey") {
+			$feed_id = db_escape_string($_REQUEST['id']);
+			$is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
+
+			print "<rpc-reply>";
+
+			$new_key = update_feed_access_key($link, $feed_id, $is_cat);
+
+			print "<link><![CDATA[$new_key]]></link>";
+
+			print "</rpc-reply>";
+
+			return;
+		}
+
 		print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
 	}
 ?>
diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php
index 54f4a3e61..61efd4c99 100644
--- a/modules/popup-dialog.php
+++ b/modules/popup-dialog.php
@@ -158,33 +158,6 @@
 			return;
 		}
 
-		if ($id == "pubUrl") {
-
-			print "<div id=\"infoBoxTitle\">".__('Published Articles')."</div>";
-			print "<div class=\"infoBoxContents\">";
-	
-			$url_path = article_publish_url($link);
-
-			print __("Your Published articles feed URL is:");
-
-			print "<div class=\"tagCloudContainer\">";
-			print "<a id='pub_feed_url' href='$url_path' target='_blank'>$url_path</a>";
-			print "</div>";
-
-			print "<div align='center'>";
-
-			print "<button onclick=\"return pubRegenKey()\">".
-				__('Generate new URL')."</button> ";
-
-			print "<input class=\"button\"
-				type=\"submit\" onclick=\"return closeInfoBox()\" 
-				value=\"".__('Close this window')."\">";
-
-			print "</div></div>";
-
-			return;
-		}
-
 		if ($id == "pubOPMLUrl") {
 
 			print "<div id=\"infoBoxTitle\">".__('Public OPML URL')."</div>";
@@ -777,6 +750,39 @@
 			return;
 		}
 
+		if ($id == "generatedFeed") {
+
+			print "<div id=\"infoBoxTitle\">".__('View as RSS')."</div>";
+			print "<div class=\"infoBoxContents\">";
+	
+			$params = explode(":", $param, 3);
+			$feed_id = db_escape_string($params[0]);
+			$is_cat = (bool) $params[1];
+
+			$key = get_feed_access_key($link, $feed_id, $is_cat);
+
+			$url_path = htmlspecialchars($params[2]) . "&key=" . $key;
+
+			print __("You can view this feed as RSS using the following URL:");
+
+			print "<div class=\"tagCloudContainer\">";
+			print "<a id='gen_feed_url' href='$url_path' target='_blank'>$url_path</a>";
+			print "</div>";
+
+			print "<div align='center'>";
+
+			print "<button onclick=\"return genUrlChangeKey('$feed_id', '$is_cat')\">".
+				__('Generate new URL')."</button> ";
+
+			print "<input class=\"button\"
+				type=\"submit\" onclick=\"return closeInfoBox()\" 
+				value=\"".__('Close this window')."\">";
+
+			print "</div></div>";
+
+			return;
+		}
+
 		print "<div id='infoBoxTitle'>Internal Error</div>
 			<div id='infoBoxContents'>
 			<p>Unknown dialog <b>$id</b></p>
diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php
index 7a436cfd2..de9166fe4 100644
--- a/modules/pref-feeds.php
+++ b/modules/pref-feeds.php
@@ -1447,7 +1447,8 @@
 			__('Export OPML')."</button>";
 
 		if (!get_pref($link, "_PREFS_OPML_PUBLISH_KEY")){
-			set_pref($link, "_PREFS_OPML_PUBLISH_KEY", generate_publish_key());
+			set_pref($link, "_PREFS_OPML_PUBLISH_KEY", 
+				sha1(uniqid(rand(), true)));
 		}
 
 		print "<p>".__('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.');
@@ -1489,13 +1490,12 @@
 
 		print "<h3>".__("Published articles")."</h3>";
 
-		if (!get_pref($link, "_PREFS_PUBLISH_KEY")) {
-			set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key());
-		}
-		
 		print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
 
-		print "<button onclick=\"return displayDlg('pubUrl')\">".
+		$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() . 
+				"/backend.php?op=rss&id=-2&view-mode=all_articles");;
+
+		print "<button onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
 			__('Display URL')."</button> ";
                
 
-- 
cgit v1.2.3-54-g00ecf