From 4d03c5c59f29f5fa59c45150f5c14937e0355892 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 6 Oct 2015 14:12:22 +0300 Subject: limit maximum article length allowed for readability --- plugins/af_redditimgur/init.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'plugins/af_redditimgur/init.php') diff --git a/plugins/af_redditimgur/init.php b/plugins/af_redditimgur/init.php index 9b3a999d3..ded98d8cc 100644 --- a/plugins/af_redditimgur/init.php +++ b/plugins/af_redditimgur/init.php @@ -261,7 +261,10 @@ class Af_RedditImgur extends Plugin { $tmp = fetch_file_contents($content_link->getAttribute("href")); - if ($tmp) { + //_debug("tmplen: " . mb_strlen($tmp)); + + if ($tmp && mb_strlen($tmp) < 65535 * 4) { + $r = new Readability($tmp, $content_link->getAttribute("href")); if ($r->init()) { -- cgit v1.2.3-54-g00ecf From 58a44ecb3f789f6e06562b34bb0e3f65e3dd0e87 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 17 Oct 2015 22:11:12 +0300 Subject: af_redditimgur: support gyazo, properly check album domdocuments loading html --- plugins/af_redditimgur/init.php | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) mode change 100644 => 100755 plugins/af_redditimgur/init.php (limited to 'plugins/af_redditimgur/init.php') diff --git a/plugins/af_redditimgur/init.php b/plugins/af_redditimgur/init.php old mode 100644 new mode 100755 index ded98d8cc..051d51780 --- a/plugins/af_redditimgur/init.php +++ b/plugins/af_redditimgur/init.php @@ -88,9 +88,8 @@ class Af_RedditImgur extends Plugin { if ($tmp) { $tmpdoc = new DOMDocument(); - @$tmpdoc->loadHTML($tmp); - if ($tmpdoc) { + if (@$tmpdoc->loadHTML($tmp)) { $tmpxpath = new DOMXPath($tmpdoc); $source_meta = $tmpxpath->query("//meta[@name='twitter:player:stream' and contains(@content, '.mp4')]")->item(0); @@ -177,9 +176,8 @@ class Af_RedditImgur extends Plugin { if ($album_content) { $adoc = new DOMDocument(); - @$adoc->loadHTML($album_content); - if ($adoc) { + if (@$adoc->loadHTML($album_content)) { $axpath = new DOMXPath($adoc); $aentries = $axpath->query("//meta[@property='og:image']"); $urls = array(); @@ -208,6 +206,20 @@ class Af_RedditImgur extends Plugin { } } } + + // wtf is this even + if (preg_match("/^https?:\/\/gyazo\.com\/([^\.\/]+$)/", $entry->getAttribute("href"), $matches)) { + $img_id = $matches[1]; + + $img = $doc->createElement('img'); + $img->setAttribute("src", "https://i.gyazo.com/$img_id.jpg"); + + $br = $doc->createElement('br'); + $entry->parentNode->insertBefore($img, $entry); + $entry->parentNode->insertBefore($br, $entry); + + $found = true; + } } // remove tiny thumbnails -- cgit v1.2.3-54-g00ecf From 4c46702672631c0cf84067d6f2c55b3bfda1db6f Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 19 Nov 2015 20:05:17 +0300 Subject: drop support for (obsolete, removed from recent php versions) php safe_mode setting remove ugly hacks for curl + open_basedir combination breaking support for http redirects --- include/functions.php | 15 ++------- include/functions2.php | 71 ----------------------------------------- include/sanity_check.php | 8 ++--- install/index.php | 10 ++---- plugins/af_readability/init.php | 3 +- plugins/af_redditimgur/init.php | 3 +- plugins/af_tumblr_1280/init.php | 8 ++--- plugins/af_unburn/init.php | 59 ++-------------------------------- 8 files changed, 17 insertions(+), 160 deletions(-) mode change 100644 => 100755 include/functions.php mode change 100644 => 100755 include/sanity_check.php mode change 100644 => 100755 install/index.php mode change 100644 => 100755 plugins/af_readability/init.php mode change 100644 => 100755 plugins/af_tumblr_1280/init.php mode change 100644 => 100755 plugins/af_unburn/init.php (limited to 'plugins/af_redditimgur/init.php') diff --git a/include/functions.php b/include/functions.php old mode 100644 new mode 100755 index 92d6e9790..8d1c2a625 --- a/include/functions.php +++ b/include/functions.php @@ -351,16 +351,7 @@ $fetch_curl_used = true; - if (ini_get("safe_mode") || ini_get("open_basedir") || defined("FORCE_GETURL")) { - $new_url = geturl($url); - if (!$new_url) { - // geturl has already populated $fetch_last_error - return false; - } - $ch = curl_init($new_url); - } else { - $ch = curl_init($url); - } + $ch = curl_init($url); if ($timestamp && !$post_query) { curl_setopt($ch, CURLOPT_HTTPHEADER, @@ -369,7 +360,7 @@ curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout ? $timeout : FILE_FETCH_CONNECT_TIMEOUT); curl_setopt($ch, CURLOPT_TIMEOUT, $timeout ? $timeout : FILE_FETCH_TIMEOUT); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("safe_mode") && !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("open_basedir")); curl_setopt($ch, CURLOPT_MAXREDIRS, 20); curl_setopt($ch, CURLOPT_BINARYTRANSFER, true); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); @@ -379,7 +370,7 @@ curl_setopt($ch, CURLOPT_ENCODING, ""); //curl_setopt($ch, CURLOPT_REFERER, $url); - if (!ini_get("safe_mode") && !ini_get("open_basedir")) { + if (!ini_get("open_basedir")) { curl_setopt($ch, CURLOPT_COOKIEJAR, "/dev/null"); } diff --git a/include/functions2.php b/include/functions2.php index 51759aea9..779688716 100755 --- a/include/functions2.php +++ b/include/functions2.php @@ -2249,77 +2249,6 @@ return in_array($interface, class_implements($class)); } - function geturl($url, $depth = 0, $nobody = true){ - - if ($depth == 20) return $url; - - if (!function_exists('curl_init')) - return user_error('CURL Must be installed for geturl function to work. Ask your host to enable it or uncomment extension=php_curl.dll in php.ini', E_USER_ERROR); - - $curl = curl_init(); - $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; - $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; - $header[] = "Cache-Control: max-age=0"; - $header[] = "Connection: keep-alive"; - $header[] = "Keep-Alive: 300"; - $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; - $header[] = "Accept-Language: en-us,en;q=0.5"; - $header[] = "Pragma: "; - - curl_setopt($curl, CURLOPT_URL, $url); - curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Firefox/5.0'); - curl_setopt($curl, CURLOPT_HTTPHEADER, $header); - curl_setopt($curl, CURLOPT_HEADER, true); - curl_setopt($curl, CURLOPT_NOBODY, $nobody); - curl_setopt($curl, CURLOPT_REFERER, $url); - curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate'); - curl_setopt($curl, CURLOPT_AUTOREFERER, true); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - //curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); //CURLOPT_FOLLOWLOCATION Disabled... - curl_setopt($curl, CURLOPT_TIMEOUT, 60); - - if (defined('_CURL_HTTP_PROXY')) { - curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY); - } - - $html = curl_exec($curl); - - $status = curl_getinfo($curl); - - if($status['http_code']!=200){ - - // idiot site not allowing http head - if($status['http_code'] == 405) { - curl_close($curl); - return geturl($url, $depth +1, false); - } - - if($status['http_code'] == 301 || $status['http_code'] == 302) { - curl_close($curl); - list($header) = explode("\r\n\r\n", $html, 2); - $matches = array(); - preg_match("/(Location:|URI:)[^(\n)]*/", $header, $matches); - $url = trim(str_replace($matches[1],"",$matches[0])); - $url_parsed = parse_url($url); - return (isset($url_parsed))? geturl($url, $depth + 1):''; - } - - global $fetch_last_error; - - $fetch_last_error = curl_errno($curl) . " " . curl_error($curl); - curl_close($curl); - -# $oline=''; -# foreach($status as $key=>$eline){$oline.='['.$key.']'.$eline.' ';} -# $line =$oline." \r\n ".$url."\r\n-----------------\r\n"; -# $handle = @fopen('./curl.error.log', 'a'); -# fwrite($handle, $line); - return FALSE; - } - curl_close($curl); - return $url; - } - function get_minified_js($files) { require_once 'lib/jshrink/Minifier.php'; diff --git a/include/sanity_check.php b/include/sanity_check.php old mode 100644 new mode 100755 index 6bec43051..be314f4e2 --- a/include/sanity_check.php +++ b/include/sanity_check.php @@ -134,14 +134,10 @@ array_push($errors, "PHP support for hash() function is required but was not found."); } - if (!function_exists("ctype_lower")) { - array_push($errors, "PHP support for ctype functions are required by HTMLPurifier."); + if (ini_get("safe_mode")) { + array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); } - /* if (ini_get("safe_mode")) { - array_push($errors, "PHP safe mode setting is not supported."); - } */ - if ((PUBSUBHUBBUB_HUB || PUBSUBHUBBUB_ENABLED) && !function_exists("curl_init")) { array_push($errors, "PHP support for CURL is required for PubSubHubbub."); } diff --git a/install/index.php b/install/index.php old mode 100644 new mode 100755 index e18583436..959dc6c0e --- a/install/index.php +++ b/install/index.php @@ -67,17 +67,13 @@ array_push($errors, "PHP support for hash() function is required but was not found."); } - if (!function_exists("ctype_lower")) { - array_push($errors, "PHP support for ctype functions are required by HTMLPurifier."); - } - if (!function_exists("iconv")) { array_push($errors, "PHP support for iconv is required to handle multiple charsets."); } - /* if (ini_get("safe_mode")) { - array_push($errors, "PHP safe mode setting is not supported."); - } */ + if (ini_get("safe_mode")) { + array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss."); + } if (!class_exists("DOMDocument")) { array_push($errors, "PHP support for DOMDocument is required, but was not found."); diff --git a/plugins/af_readability/init.php b/plugins/af_readability/init.php old mode 100644 new mode 100755 index cfdcb69d3..6216d510a --- a/plugins/af_readability/init.php +++ b/plugins/af_readability/init.php @@ -106,8 +106,7 @@ class Af_Readability extends Plugin { curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, - !ini_get("safe_mode") && !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("open_basedir")); curl_setopt($ch, CURLOPT_USERAGENT, SELF_USER_AGENT); @$result = curl_exec($ch); diff --git a/plugins/af_redditimgur/init.php b/plugins/af_redditimgur/init.php index 051d51780..f99941477 100755 --- a/plugins/af_redditimgur/init.php +++ b/plugins/af_redditimgur/init.php @@ -262,8 +262,7 @@ class Af_RedditImgur extends Plugin { curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, - !ini_get("safe_mode") && !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("open_basedir")); curl_setopt($ch, CURLOPT_USERAGENT, SELF_USER_AGENT); @$result = curl_exec($ch); diff --git a/plugins/af_tumblr_1280/init.php b/plugins/af_tumblr_1280/init.php old mode 100644 new mode 100755 index f9938048b..985d8c5f8 --- a/plugins/af_tumblr_1280/init.php +++ b/plugins/af_tumblr_1280/init.php @@ -4,7 +4,7 @@ class Af_Tumblr_1280 extends Plugin { function about() { return array(1.0, - "Replace Tumblr pictures with largest size if available", + "Replace Tumblr pictures with largest size if available (requires CURL)", "fox"); } @@ -18,7 +18,8 @@ class Af_Tumblr_1280 extends Plugin { function hook_article_filter($article) { - $owner_uid = $article["owner_uid"]; + if (!function_exists("curl_init") || ini_get("open_basedir")) + return $article; $charset_hack = ' @@ -46,8 +47,7 @@ class Af_Tumblr_1280 extends Plugin { curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, - !ini_get("safe_mode") && !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, SELF_USER_AGENT); @$result = curl_exec($ch); diff --git a/plugins/af_unburn/init.php b/plugins/af_unburn/init.php old mode 100644 new mode 100755 index 5c9bc1387..593038871 --- a/plugins/af_unburn/init.php +++ b/plugins/af_unburn/init.php @@ -17,23 +17,19 @@ class Af_Unburn extends Plugin { function hook_article_filter($article) { $owner_uid = $article["owner_uid"]; - if (!function_exists("curl_init")) + if (!function_exists("curl_init") || ini_get("open_basedir")) return $article; if ((strpos($article["link"], "feedproxy.google.com") !== FALSE || strpos($article["link"], "/~r/") !== FALSE || strpos($article["link"], "feedsportal.com") !== FALSE)) { - if (ini_get("safe_mode") || ini_get("open_basedir")) { - $ch = curl_init(geturl($article["link"])); - } else { - $ch = curl_init($article["link"]); - } + $ch = curl_init($article["link"]); curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_HEADER, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("safe_mode") && !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, SELF_USER_AGENT); if (defined('_CURL_HTTP_PROXY')) { @@ -76,55 +72,6 @@ class Af_Unburn extends Plugin { return $article; } - function geturl($url){ - - (function_exists('curl_init')) ? '' : die('cURL Must be installed for geturl function to work. Ask your host to enable it or uncomment extension=php_curl.dll in php.ini'); - - $curl = curl_init(); - $header[0] = "Accept: text/xml,application/xml,application/xhtml+xml,"; - $header[0] .= "text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5"; - $header[] = "Cache-Control: max-age=0"; - $header[] = "Connection: keep-alive"; - $header[] = "Keep-Alive: 300"; - $header[] = "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7"; - $header[] = "Accept-Language: en-us,en;q=0.5"; - $header[] = "Pragma: "; - - curl_setopt($curl, CURLOPT_URL, $url); - curl_setopt($curl, CURLOPT_USERAGENT, 'Mozilla/5.0 (Windows NT 5.1; rv:5.0) Gecko/20100101 Firefox/5.0 Firefox/5.0'); - curl_setopt($curl, CURLOPT_HTTPHEADER, $header); - curl_setopt($curl, CURLOPT_HEADER, true); - curl_setopt($curl, CURLOPT_REFERER, $url); - curl_setopt($curl, CURLOPT_ENCODING, 'gzip,deflate'); - curl_setopt($curl, CURLOPT_AUTOREFERER, true); - curl_setopt($curl, CURLOPT_RETURNTRANSFER, true); - //curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true); //CURLOPT_FOLLOWLOCATION Disabled... - curl_setopt($curl, CURLOPT_TIMEOUT, 60); - - $html = curl_exec($curl); - - $status = curl_getinfo($curl); - curl_close($curl); - - if($status['http_code']!=200){ - if($status['http_code'] == 301 || $status['http_code'] == 302) { - list($header) = explode("\r\n\r\n", $html, 2); - $matches = array(); - preg_match("/(Location:|URI:)[^(\n)]*/", $header, $matches); - $url = trim(str_replace($matches[1],"",$matches[0])); - $url_parsed = parse_url($url); - return (isset($url_parsed))? geturl($url):''; - } - $oline=''; - foreach($status as $key=>$eline){$oline.='['.$key.']'.$eline.' ';} - $line =$oline." \r\n ".$url."\r\n-----------------\r\n"; - $handle = @fopen('./curl.error.log', 'a'); - fwrite($handle, $line); - return FALSE; - } - return $url; - } - function api_version() { return 2; } -- cgit v1.2.3-54-g00ecf From aa03bac42490673b4cd027c779655a027b1dd0fc Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 20 Nov 2015 13:34:52 +0300 Subject: allow NO_CURL to disable several CURL-related checks in plugins af_readability: skip http content-type checking when open_basedir is enabled --- install/index.php | 4 ++++ plugins/af_readability/init.php | 6 ++++-- plugins/af_redditimgur/init.php | 2 +- plugins/af_unburn/init.php | 2 +- plugins/af_zz_imgsetsizes/init.php | 3 ++- 5 files changed, 12 insertions(+), 5 deletions(-) (limited to 'plugins/af_redditimgur/init.php') diff --git a/install/index.php b/install/index.php index 959dc6c0e..74ea65652 100755 --- a/install/index.php +++ b/install/index.php @@ -325,6 +325,10 @@ array_push($notices, "It is highly recommended to enable support for CURL in PHP."); } + if (function_exists("curl_init") && ini_get("open_basedir")) { + array_push($notices, "CURL and open_basedir combination breaks support for HTTP redirects. See the FAQ for more information."); + } + if (count($notices) > 0) { print_notice("Configuration check succeeded with minor problems:"); diff --git a/plugins/af_readability/init.php b/plugins/af_readability/init.php index 6216d510a..675e5c5d5 100755 --- a/plugins/af_readability/init.php +++ b/plugins/af_readability/init.php @@ -100,13 +100,15 @@ class Af_Readability extends Plugin { if (!class_exists("Readability")) require_once(dirname(dirname(__DIR__)). "/lib/readability/Readability.php"); - if (function_exists("curl_init")) { + if (!defined('NO_CURL') && function_exists('curl_init') && !ini_get("open_basedir")) { + $ch = curl_init($article["link"]); + curl_setopt($ch, CURLOPT_TIMEOUT, 5); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_HEADER, true); curl_setopt($ch, CURLOPT_NOBODY, true); - curl_setopt($ch, CURLOPT_FOLLOWLOCATION, !ini_get("open_basedir")); + curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true); curl_setopt($ch, CURLOPT_USERAGENT, SELF_USER_AGENT); @$result = curl_exec($ch); diff --git a/plugins/af_redditimgur/init.php b/plugins/af_redditimgur/init.php index f99941477..3ff960729 100755 --- a/plugins/af_redditimgur/init.php +++ b/plugins/af_redditimgur/init.php @@ -244,7 +244,7 @@ class Af_RedditImgur extends Plugin { $found = $this->inline_stuff($article, $doc, $xpath); - if (function_exists("curl_init") && !$found && $this->host->get($this, "enable_readability") && + if (!defined('NO_CURL') && function_exists("curl_init") && !$found && $this->host->get($this, "enable_readability") && mb_strlen(strip_tags($article["content"])) <= 150) { if (!class_exists("Readability")) require_once(dirname(dirname(__DIR__)). "/lib/readability/Readability.php"); diff --git a/plugins/af_unburn/init.php b/plugins/af_unburn/init.php index 593038871..263997dbf 100755 --- a/plugins/af_unburn/init.php +++ b/plugins/af_unburn/init.php @@ -17,7 +17,7 @@ class Af_Unburn extends Plugin { function hook_article_filter($article) { $owner_uid = $article["owner_uid"]; - if (!function_exists("curl_init") || ini_get("open_basedir")) + if (defined('NO_CURL') || !function_exists("curl_init") || ini_get("open_basedir")) return $article; if ((strpos($article["link"], "feedproxy.google.com") !== FALSE || diff --git a/plugins/af_zz_imgsetsizes/init.php b/plugins/af_zz_imgsetsizes/init.php index d71ec096e..96afbbfe0 100644 --- a/plugins/af_zz_imgsetsizes/init.php +++ b/plugins/af_zz_imgsetsizes/init.php @@ -18,7 +18,8 @@ class Af_Zz_ImgSetSizes extends Plugin { function hook_article_filter($article) { - $owner_uid = $article["owner_uid"]; + if (defined('NO_CURL') || !function_exists("curl_init")) + return $article; $charset_hack = ' -- cgit v1.2.3-54-g00ecf