From 6af83e3881b3f38104027275913f7fc55251d020 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 12 Feb 2021 21:43:38 +0300 Subject: drop ENABLE_GZIP_OUTPUT; system prefs: load php info only if needed --- public.php | 4 ---- 1 file changed, 4 deletions(-) (limited to 'public.php') diff --git a/public.php b/public.php index 36308e25e..3e4a9e023 100644 --- a/public.php +++ b/public.php @@ -16,10 +16,6 @@ if (!init_plugins()) return; - if (ENABLE_GZIP_OUTPUT && function_exists("ob_gzhandler")) { - ob_start("ob_gzhandler"); - } - $method = $_REQUEST["op"]; $override = PluginHost::getInstance()->lookup_handler("public", $method); -- cgit v1.2.3-54-g00ecf From 91285e3868fadcfb907cd57a90bb3e5c263c0979 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:34:44 +0300 Subject: router: add additional logging for refused requests; reject requests for methods starting with _ --- backend.php | 12 ++++++++++++ classes/pref/feeds.php | 4 ++++ public.php | 10 +++++++++- 3 files changed, 25 insertions(+), 1 deletion(-) (limited to 'public.php') diff --git a/backend.php b/backend.php index 030676dcb..e72d97ca4 100644 --- a/backend.php +++ b/backend.php @@ -30,6 +30,9 @@ require_once "db.php"; require_once "db-prefs.php"; + $op = (string)clean($op); + $method = (string)clean($method); + startup_gettext(); $script_started = microtime(true); @@ -92,6 +95,13 @@ if (class_exists($op) || $override) { + if (strpos($method, "_") === 0) { + user_error("Refusing to invoke method $method of handler $op which starts with underscore.", E_USER_WARNING); + header("Content-Type: text/json"); + print error_json(6); + return; + } + if ($override) { $handler = $override; } else { @@ -110,6 +120,7 @@ if ($reflection->getNumberOfRequiredParameters() == 0) { $handler->$method(); } else { + user_error("Refusing to invoke method $method of handler $op which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(6); } @@ -126,6 +137,7 @@ return; } } else { + user_error("Refusing to invoke method $method of handler $op with invalid CSRF token.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(6); return; diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index edba71c5c..4c865e9f0 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -109,6 +109,10 @@ class Pref_Feeds extends Handler_Protected { return $items; } + function _getfeedtree() { + print "OK"; + } + function getfeedtree() { print json_encode($this->makefeedtree()); } diff --git a/public.php b/public.php index 3e4a9e023..dcfc4056e 100644 --- a/public.php +++ b/public.php @@ -16,7 +16,7 @@ if (!init_plugins()) return; - $method = $_REQUEST["op"]; + $method = (string)clean($_REQUEST["op"]); $override = PluginHost::getInstance()->lookup_handler("public", $method); @@ -26,6 +26,13 @@ $handler = new Handler_Public($_REQUEST); } + if (strpos($method, "_") === 0) { + user_error("Refusing to invoke method $method which starts with underscore.", E_USER_WARNING); + header("Content-Type: text/json"); + print error_json(6); + return; + } + if (implements_interface($handler, "IHandler") && $handler->before($method)) { if ($method && method_exists($handler, $method)) { $reflection = new ReflectionMethod($handler, $method); @@ -33,6 +40,7 @@ if ($reflection->getNumberOfRequiredParameters() == 0) { $handler->$method(); } else { + user_error("Refusing to invoke method $method which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); print error_json(6); } -- cgit v1.2.3-54-g00ecf From 9f55454f63b11ad8d2b2e0a8264a0f0dae919f6b Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 15 Feb 2021 16:51:35 +0300 Subject: remove the rest of db.php; rename some leftover methods in feeds --- api/index.php | 1 - backend.php | 1 - classes/feeds.php | 12 ++++++------ include/db-prefs.php | 2 -- include/sessions.php | 1 - js/App.js | 3 +-- js/FeedTree.js | 2 +- opml.php | 1 - public.php | 1 - update.php | 1 - update_daemon2.php | 1 - 11 files changed, 8 insertions(+), 18 deletions(-) (limited to 'public.php') diff --git a/api/index.php b/api/index.php index 9e998df84..664e92abe 100644 --- a/api/index.php +++ b/api/index.php @@ -14,7 +14,6 @@ define('NO_SESSION_AUTOSTART', true); require_once "autoload.php"; - require_once "db.php"; require_once "db-prefs.php"; require_once "functions.php"; require_once "sessions.php"; diff --git a/backend.php b/backend.php index e72d97ca4..89b06b7eb 100644 --- a/backend.php +++ b/backend.php @@ -27,7 +27,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "config.php"; - require_once "db.php"; require_once "db-prefs.php"; $op = (string)clean($op); diff --git a/classes/feeds.php b/classes/feeds.php index 07e3aa455..2a3efdb92 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -438,7 +438,7 @@ class Feeds extends Handler_Protected { * when there's nothing to load - e.g. no stuff in fresh feed */ if ($feed == -5) { - print json_encode($this->generate_dashboard_feed()); + print json_encode($this->_generate_dashboard_feed()); return; } @@ -466,7 +466,7 @@ class Feeds extends Handler_Protected { } if ($sth && !$sth->fetch()) { - print json_encode($this->generate_error_feed(__("Feed not found."))); + print json_encode($this->_generate_error_feed(__("Feed not found."))); return; } @@ -523,7 +523,7 @@ class Feeds extends Handler_Protected { } - private function generate_dashboard_feed() { + private function _generate_dashboard_feed() { $reply = array(); $reply['headlines']['id'] = -5; @@ -565,7 +565,7 @@ class Feeds extends Handler_Protected { return $reply; } - private function generate_error_feed($error) { + private function _generate_error_feed($error) { $reply = array(); $reply['headlines']['id'] = -7; @@ -630,7 +630,7 @@ class Feeds extends Handler_Protected { print ""; } - function update_debugger() { + function updatedebugger() { header("Content-type: text/html"); $xdebug = isset($_REQUEST["xdebug"]) ? (int)$_REQUEST["xdebug"] : 1; @@ -690,7 +690,7 @@ class Feeds extends Handler_Protected {
- + diff --git a/include/db-prefs.php b/include/db-prefs.php index 91235b479..ce5753638 100644 --- a/include/db-prefs.php +++ b/include/db-prefs.php @@ -1,6 +1,4 @@ read($pref_name, $user_id, $die_on_error); } diff --git a/include/sessions.php b/include/sessions.php index 3119a4e07..4de894c95 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -2,7 +2,6 @@ // Original from http://www.daniweb.com/code/snippet43.html require_once "config.php"; - require_once "classes/db.php"; require_once "autoload.php"; require_once "errorhandler.php"; require_once "lib/gettext/gettext.inc.php"; diff --git a/js/App.js b/js/App.js index 5c2d7726c..4b2adc388 100644 --- a/js/App.js +++ b/js/App.js @@ -998,10 +998,9 @@ const App = { }; this.hotkey_actions["feed_debug_update"] = () => { if (!Feeds.activeIsCat() && parseInt(Feeds.getActive()) > 0) { - //window.open("backend.php?op=feeds&method=update_debugger&feed_id=" + Feeds.getActive()); /* global __csrf_token */ - App.postOpenWindow("backend.php", {op: "feeds", method: "update_debugger", + App.postOpenWindow("backend.php", {op: "feeds", method: "updatedebugger", feed_id: Feeds.getActive(), csrf_token: __csrf_token}); } else { diff --git a/js/FeedTree.js b/js/FeedTree.js index 26c1c916c..694cf8332 100755 --- a/js/FeedTree.js +++ b/js/FeedTree.js @@ -102,7 +102,7 @@ define(["dojo/_base/declare", "dojo/dom-construct", "dojo/_base/array", "dojo/co label: __("Debug feed"), onClick: function() { /* global __csrf_token */ - App.postOpenWindow("backend.php", {op: "feeds", method: "update_debugger", + App.postOpenWindow("backend.php", {op: "feeds", method: "updatedebugger", feed_id: this.getParent().row_id, csrf_token: __csrf_token}); }})); } diff --git a/opml.php b/opml.php index 9b7809e0e..6f13a6f3c 100644 --- a/opml.php +++ b/opml.php @@ -7,7 +7,6 @@ require_once "sessions.php"; require_once "sanity_check.php"; require_once "config.php"; - require_once "db.php"; require_once "db-prefs.php"; if (!init_plugins()) return; diff --git a/public.php b/public.php index dcfc4056e..59b5a499c 100644 --- a/public.php +++ b/public.php @@ -7,7 +7,6 @@ require_once "functions.php"; require_once "sanity_check.php"; require_once "config.php"; - require_once "db.php"; require_once "db-prefs.php"; startup_gettext(); diff --git a/update.php b/update.php index cb927e49a..1f79dccf0 100755 --- a/update.php +++ b/update.php @@ -11,7 +11,6 @@ require_once "functions.php"; require_once "config.php"; require_once "sanity_check.php"; - require_once "db.php"; require_once "db-prefs.php"; function make_stampfile($filename) { diff --git a/update_daemon2.php b/update_daemon2.php index 61cc85617..2a016df48 100755 --- a/update_daemon2.php +++ b/update_daemon2.php @@ -19,7 +19,6 @@ define_default('SPAWN_INTERVAL', DAEMON_SLEEP_INTERVAL); // seconds require_once "sanity_check.php"; - require_once "db.php"; require_once "db-prefs.php"; if (!function_exists('pcntl_fork')) { -- cgit v1.2.3-54-g00ecf From 273ada7353b185e20452d54a8206d5e0cef9e573 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 17 Feb 2021 09:59:14 +0300 Subject: * implement shortcut syntax for exposed plugin methods * move shared article rendering code to share plugin --- classes/handler/public.php | 162 ------------------------------------------- classes/pluginhost.php | 5 +- plugins/share/init.php | 169 ++++++++++++++++++++++++++++++++++++++++++++- public.php | 11 +++ 4 files changed, 180 insertions(+), 167 deletions(-) (limited to 'public.php') diff --git a/classes/handler/public.php b/classes/handler/public.php index b0bed5d1c..b810019c1 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -294,168 +294,6 @@ class Handler_Public extends Handler { } } - function share() { - $uuid = clean($_REQUEST["key"]); - - if ($uuid) { - $sth = $this->pdo->prepare("SELECT ref_id, owner_uid - FROM ttrss_user_entries WHERE uuid = ?"); - $sth->execute([$uuid]); - - if ($row = $sth->fetch()) { - header("Content-Type: text/html"); - - $id = $row["ref_id"]; - $owner_uid = $row["owner_uid"]; - - print $this->format_article($id, $owner_uid); - - return; - } - } - - header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); - print "Article not found."; - } - - private function format_article($id, $owner_uid) { - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT id,title,link,content,feed_id,comments,int_id,lang, - ".SUBSTRING_FOR_DATE."(updated,1,16) as updated, - (SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url, - (SELECT title FROM ttrss_feeds WHERE id = feed_id) as feed_title, - (SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) as hide_images, - (SELECT always_display_enclosures FROM ttrss_feeds WHERE id = feed_id) as always_display_enclosures, - num_comments, - tag_cache, - author, - guid, - note - FROM ttrss_entries,ttrss_user_entries - WHERE id = ? AND ref_id = id AND owner_uid = ?"); - $sth->execute([$id, $owner_uid]); - - $rv = ''; - - if ($line = $sth->fetch()) { - - $line["tags"] = Article::_get_tags($id, $owner_uid, $line["tag_cache"]); - unset($line["tag_cache"]); - - $line["content"] = Sanitizer::sanitize($line["content"], - $line['hide_images'], - $owner_uid, $line["site_url"], false, $line["id"]); - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE, - function ($result) use (&$line) { - $line = $result; - }, - $line); - - $line['content'] = DiskCache::rewrite_urls($line['content']); - - header("Content-Type: text/html"); - - $rv .= " - - - ".$line["title"]."". - javascript_tag("lib/prototype.js"). - javascript_tag("js/utility.js")." - - - "; - - $rv .= "\n"; - $rv .= "\n"; - - $rv .= ""; - - $enclosures = Article::_get_enclosures($line["id"]); - list ($og_image, $og_stream) = Article::_get_image($enclosures, $line['content'], $line["site_url"]); - - if ($og_image) { - $rv .= ""; - } - - $rv .= ""; - $rv .= "
"; - - if ($line["link"]) { - $rv .= "

" . $line["title"] . "

"; - } else { - $rv .= "

" . $line["title"] . "

"; - } - - $rv .= "
"; - - /* header */ - - $rv .= "
"; - $rv .= "
"; # row - - //$entry_author = $line["author"] ? " - " . $line["author"] : ""; - $parsed_updated = TimeHelper::make_local_datetime($line["updated"], true, - $owner_uid, true); - - $rv .= "
".$line['author']."
"; - $rv .= "
$parsed_updated
"; - - $rv .= "
"; # row - - $rv .= "
"; # header - - /* content */ - - $lang = $line['lang'] ? $line['lang'] : "en"; - $rv .= "
"; - - /* content body */ - - $rv .= $line["content"]; - - /* $rv .= Article::format_article_enclosures($id, - $line["always_display_enclosures"], - $line["content"], - $line["hide_images"]); */ - - $rv .= "
"; # content - - $rv .= "
"; # post - - } - - PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_FORMAT_ARTICLE, - function ($result) use (&$rv) { - $rv = $result; - }, - $rv, $line); - - return $rv; - - } - function rss() { $feed = clean($_REQUEST["id"]); $key = clean($_REQUEST["key"]); diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 6f223ee11..097bf987c 100755 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -18,6 +18,7 @@ class PluginHost { private static $instance; const API_VERSION = 2; + const PUBLIC_METHOD_DELIMITER = "--"; // Hooks marked with *1 are run in global context and available // to plugins loaded in config.php only @@ -617,9 +618,7 @@ class PluginHost { http_build_query( array_merge( [ - "op" => "pluginhandler", - "plugin" => strtolower(get_class($sender)), - "pmethod" => $method + "op" => strtolower(get_class($sender) . PluginHost::PUBLIC_METHOD_DELIMITER . $method), ], $params)); } else { diff --git a/plugins/share/init.php b/plugins/share/init.php index a569393fe..6b7b81a2d 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -16,6 +16,10 @@ class Share extends Plugin { $host->add_hook($host::HOOK_PREFS_TAB_SECTION, $this); } + function is_public_method($method) { + return $method == "get"; + } + function get_js() { return file_get_contents(__DIR__ . "/share.js"); } @@ -78,6 +82,168 @@ class Share extends Plugin { title='".__('Share by URL')."'>link"; } + function get() { + $uuid = clean($_REQUEST["key"] ?? ""); + + if ($uuid) { + $sth = $this->pdo->prepare("SELECT ref_id, owner_uid + FROM ttrss_user_entries WHERE uuid = ?"); + $sth->execute([$uuid]); + + if ($row = $sth->fetch()) { + header("Content-Type: text/html"); + + $id = $row["ref_id"]; + $owner_uid = $row["owner_uid"]; + + print $this->format_article($id, $owner_uid); + + return; + } + } + + header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found"); + print "Article not found."; + } + + private function format_article($id, $owner_uid) { + + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT id,title,link,content,feed_id,comments,int_id,lang, + ".SUBSTRING_FOR_DATE."(updated,1,16) as updated, + (SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url, + (SELECT title FROM ttrss_feeds WHERE id = feed_id) as feed_title, + (SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) as hide_images, + (SELECT always_display_enclosures FROM ttrss_feeds WHERE id = feed_id) as always_display_enclosures, + num_comments, + tag_cache, + author, + guid, + note + FROM ttrss_entries,ttrss_user_entries + WHERE id = ? AND ref_id = id AND owner_uid = ?"); + $sth->execute([$id, $owner_uid]); + + $rv = ''; + + if ($line = $sth->fetch()) { + + $line["tags"] = Article::_get_tags($id, $owner_uid, $line["tag_cache"]); + unset($line["tag_cache"]); + + $line["content"] = Sanitizer::sanitize($line["content"], + $line['hide_images'], + $owner_uid, $line["site_url"], false, $line["id"]); + + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_RENDER_ARTICLE, + function ($result) use (&$line) { + $line = $result; + }, + $line); + + $line['content'] = DiskCache::rewrite_urls($line['content']); + + header("Content-Type: text/html"); + + $rv .= " + + + ".$line["title"]."". + javascript_tag("lib/prototype.js"). + javascript_tag("js/utility.js")." + + + "; + + $rv .= "\n"; + $rv .= "\n"; + + $rv .= ""; + + $enclosures = Article::_get_enclosures($line["id"]); + list ($og_image, $og_stream) = Article::_get_image($enclosures, $line['content'], $line["site_url"]); + + if ($og_image) { + $rv .= ""; + } + + $rv .= ""; + $rv .= "
"; + + if ($line["link"]) { + $rv .= "

" . $line["title"] . "

"; + } else { + $rv .= "

" . $line["title"] . "

"; + } + + $rv .= "
"; + + /* header */ + + $rv .= "
"; + $rv .= "
"; # row + + //$entry_author = $line["author"] ? " - " . $line["author"] : ""; + $parsed_updated = TimeHelper::make_local_datetime($line["updated"], true, + $owner_uid, true); + + $rv .= "
".$line['author']."
"; + $rv .= "
$parsed_updated
"; + + $rv .= "
"; # row + + $rv .= "
"; # header + + /* content */ + + $lang = $line['lang'] ? $line['lang'] : "en"; + $rv .= "
"; + + /* content body */ + + $rv .= $line["content"]; + + /* $rv .= Article::format_article_enclosures($id, + $line["always_display_enclosures"], + $line["content"], + $line["hide_images"]); */ + + $rv .= "
"; # content + + $rv .= "
"; # post + + } + + PluginHost::getInstance()->chain_hooks_callback(PluginHost::HOOK_FORMAT_ARTICLE, + function ($result) use (&$rv) { + $rv = $result; + }, + $rv, $line); + + return $rv; + + } + function shareDialog() { $id = (int)clean($_REQUEST['id'] ?? 0); @@ -96,8 +262,7 @@ class Share extends Plugin { $sth->execute([$uuid, $id, $_SESSION['uid']]); } - $url_path = get_self_url_prefix() . "/public.php?op=share&key=$uuid"; - + $url_path = $this->host->get_public_method_url($this, "get", ["key" => $uuid]); ?>
diff --git a/public.php b/public.php index 59b5a499c..fadb2f14d 100644 --- a/public.php +++ b/public.php @@ -17,6 +17,17 @@ $method = (string)clean($_REQUEST["op"]); + // shortcut syntax for public (exposed) methods (?op=plugin--pmethod&...params) + if (strpos($method, PluginHost::PUBLIC_METHOD_DELIMITER) !== false) { + list ($plugin, $pmethod) = explode(PluginHost::PUBLIC_METHOD_DELIMITER, $method, 2); + + // TODO: better implementation that won't modify $_REQUEST + $_REQUEST["plugin"] = $plugin; + $_REQUEST["pmethod"] = $pmethod; + + $method = "pluginhandler"; + } + $override = PluginHost::getInstance()->lookup_handler("public", $method); if ($override) { -- cgit v1.2.3-54-g00ecf From 42173386b39bed4b06c5ac6c2fc0da510673b354 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 22 Feb 2021 17:38:46 +0300 Subject: dirname(__FILE__) -> __DIR__ --- api/index.php | 6 +++--- backend.php | 2 +- classes/pluginhost.php | 4 ++-- errors.php | 2 +- include/errorhandler.php | 4 ++-- include/functions.php | 2 +- index.php | 2 +- plugins/note/init.php | 2 +- plugins/nsfw/init.php | 2 +- prefs.php | 2 +- public.php | 2 +- update.php | 4 ++-- update_daemon2.php | 4 ++-- 13 files changed, 19 insertions(+), 19 deletions(-) (limited to 'public.php') diff --git a/api/index.php b/api/index.php index 1b713d561..6b0071141 100644 --- a/api/index.php +++ b/api/index.php @@ -3,9 +3,9 @@ require_once "../config.php"; - set_include_path(dirname(__FILE__) . PATH_SEPARATOR . - dirname(dirname(__FILE__)) . PATH_SEPARATOR . - dirname(dirname(__FILE__)) . "/include" . PATH_SEPARATOR . + set_include_path(__DIR__ . PATH_SEPARATOR . + dirname(__DIR__) . PATH_SEPARATOR . + dirname(__DIR__) . "/include" . PATH_SEPARATOR . get_include_path()); chdir(".."); diff --git a/backend.php b/backend.php index e64c6561f..b6b3e0030 100644 --- a/backend.php +++ b/backend.php @@ -1,5 +1,5 @@ Date: Mon, 22 Feb 2021 22:39:20 +0300 Subject: don't include config.php everywhere --- api/index.php | 2 -- backend.php | 1 - include/functions.php | 1 - include/sessions.php | 1 - index.php | 7 ------- prefs.php | 7 ------- public.php | 1 - update.php | 1 - update_daemon2.php | 1 - 9 files changed, 22 deletions(-) (limited to 'public.php') diff --git a/api/index.php b/api/index.php index 6b0071141..333c64830 100644 --- a/api/index.php +++ b/api/index.php @@ -1,8 +1,6 @@ Fatal Error: You forgot to copy - config.php-dist to config.php and edit it.\n"; - exit; - } - // we need a separate check here because functions.php might get parsed // incorrectly before 5.3 because of :: syntax. if (version_compare(PHP_VERSION, '7.0.0', '<')) { @@ -20,7 +14,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "config.php"; require_once "db-prefs.php"; if (!init_plugins()) return; diff --git a/prefs.php b/prefs.php index b6026eb23..141118534 100644 --- a/prefs.php +++ b/prefs.php @@ -2,17 +2,10 @@ set_include_path(__DIR__ ."/include" . PATH_SEPARATOR . get_include_path()); - if (!file_exists("config.php")) { - print "Fatal Error: You forgot to copy - config.php-dist to config.php and edit it.\n"; - exit; - } - require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "config.php"; require_once "db-prefs.php"; if (!init_plugins()) return; diff --git a/public.php b/public.php index 48fe675f8..8a02387cf 100644 --- a/public.php +++ b/public.php @@ -6,7 +6,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "config.php"; require_once "db-prefs.php"; startup_gettext(); diff --git a/update.php b/update.php index 92a087a2e..af541f517 100755 --- a/update.php +++ b/update.php @@ -9,7 +9,6 @@ require_once "autoload.php"; require_once "functions.php"; - require_once "config.php"; require_once "sanity_check.php"; require_once "db-prefs.php"; diff --git a/update_daemon2.php b/update_daemon2.php index b0314f3e9..2743a0fa2 100755 --- a/update_daemon2.php +++ b/update_daemon2.php @@ -10,7 +10,6 @@ require_once "autoload.php"; require_once "functions.php"; - require_once "config.php"; require_once "sanity_check.php"; require_once "db-prefs.php"; -- cgit v1.2.3-54-g00ecf From 29ada58b4ac06178c908869e0bb078949e1cb465 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 22 Feb 2021 23:25:14 +0300 Subject: move db-prefs shortcut functions to functions.php --- api/index.php | 1 - backend.php | 1 - include/db-prefs.php | 8 -------- include/functions.php | 9 ++++++++- index.php | 1 - prefs.php | 1 - public.php | 1 - update.php | 1 - update_daemon2.php | 1 - 9 files changed, 8 insertions(+), 16 deletions(-) delete mode 100644 include/db-prefs.php (limited to 'public.php') diff --git a/api/index.php b/api/index.php index 333c64830..d1e02bbd4 100644 --- a/api/index.php +++ b/api/index.php @@ -12,7 +12,6 @@ define('NO_SESSION_AUTOSTART', true); require_once "autoload.php"; - require_once "db-prefs.php"; require_once "functions.php"; require_once "sessions.php"; diff --git a/backend.php b/backend.php index 32eb3f3b9..9bc1449d0 100644 --- a/backend.php +++ b/backend.php @@ -26,7 +26,6 @@ require_once "autoload.php"; require_once "sessions.php"; require_once "functions.php"; - require_once "db-prefs.php"; $op = (string)clean($op); $method = (string)clean($method); diff --git a/include/db-prefs.php b/include/db-prefs.php deleted file mode 100644 index ce5753638..000000000 --- a/include/db-prefs.php +++ /dev/null @@ -1,8 +0,0 @@ -read($pref_name, $user_id, $die_on_error); - } - - function set_pref($pref_name, $value, $user_id = false, $strip_tags = true) { - return Db_Prefs::get()->write($pref_name, $value, $user_id, $strip_tags); - } \ No newline at end of file diff --git a/include/functions.php b/include/functions.php index 172ba169d..a698fa79d 100644 --- a/include/functions.php +++ b/include/functions.php @@ -42,6 +42,14 @@ define('SUBSTRING_FOR_DATE', 'SUBSTRING'); } + function get_pref($pref_name, $user_id = false, $die_on_error = false) { + return Db_Prefs::get()->read($pref_name, $user_id, $die_on_error); + } + + function set_pref($pref_name, $value, $user_id = false, $strip_tags = true) { + return Db_Prefs::get()->write($pref_name, $value, $user_id, $strip_tags); + } + function get_translations() { $t = array( "auto" => __("Detect automatically"), @@ -152,7 +160,6 @@ } } - require_once 'db-prefs.php'; require_once 'controls.php'; require_once 'controls_compat.php'; diff --git a/index.php b/index.php index d640c2db9..1f2802864 100644 --- a/index.php +++ b/index.php @@ -14,7 +14,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; if (!init_plugins()) return; diff --git a/prefs.php b/prefs.php index 141118534..851dd898a 100644 --- a/prefs.php +++ b/prefs.php @@ -6,7 +6,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; if (!init_plugins()) return; diff --git a/public.php b/public.php index 8a02387cf..43aa66c1d 100644 --- a/public.php +++ b/public.php @@ -6,7 +6,6 @@ require_once "sessions.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; startup_gettext(); diff --git a/update.php b/update.php index af541f517..8d8566db7 100755 --- a/update.php +++ b/update.php @@ -10,7 +10,6 @@ require_once "autoload.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; function make_stampfile($filename) { $fp = fopen(Config::get(Config::LOCK_DIRECTORY) . "/$filename", "w"); diff --git a/update_daemon2.php b/update_daemon2.php index 2743a0fa2..b75f06ae5 100755 --- a/update_daemon2.php +++ b/update_daemon2.php @@ -11,7 +11,6 @@ require_once "autoload.php"; require_once "functions.php"; require_once "sanity_check.php"; - require_once "db-prefs.php"; if (!function_exists('pcntl_fork')) { die("error: This script requires PHP compiled with PCNTL module.\n"); -- cgit v1.2.3-54-g00ecf From 8d2e3c2528e67f8650c122f014364a34bf690d2a Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 23 Feb 2021 22:26:07 +0300 Subject: drop errors.php and simplify error handling --- api/index.php | 8 ++++--- backend.php | 12 +++++----- classes/api.php | 39 ++++++++++++++++++------------ classes/feeds.php | 10 +------- classes/handler/public.php | 14 +++++------ classes/pluginhandler.php | 6 ++--- classes/pref/feeds.php | 2 -- classes/pref/labels.php | 2 -- classes/pref/prefs.php | 2 +- classes/pref/users.php | 2 -- classes/rpc.php | 19 ++++++++------- errors.php | 60 ---------------------------------------------- include/functions.php | 28 ---------------------- include/login_form.php | 5 ++-- index.php | 5 ++-- js/App.js | 60 ++++++++++++++++------------------------------ js/common.js | 5 +++- prefs.php | 5 ++-- public.php | 6 ++--- 19 files changed, 92 insertions(+), 198 deletions(-) delete mode 100644 errors.php (limited to 'public.php') diff --git a/api/index.php b/api/index.php index 4e2c06b9d..d85a1103c 100644 --- a/api/index.php +++ b/api/index.php @@ -34,9 +34,11 @@ if (!\Sessions\validate_session()) { header("Content-Type: text/json"); - print json_encode(array("seq" => -1, - "status" => 1, - "content" => array("error" => "NOT_LOGGED_IN"))); + print json_encode([ + "seq" => -1, + "status" => API::STATUS_ERR, + "content" => [ "error" => API::E_NOT_LOGGED_IN ] + ]); return; } diff --git a/backend.php b/backend.php index 9bc1449d0..206d866b7 100644 --- a/backend.php +++ b/backend.php @@ -45,7 +45,7 @@ if (!empty($_SESSION["uid"])) { if (!\Sessions\validate_session()) { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); return; } UserHelper::load_user_plugins($_SESSION["uid"]); @@ -106,7 +106,7 @@ if (strpos($method, "_") === 0) { user_error("Refusing to invoke method $method of handler $op which starts with underscore.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); return; } @@ -130,7 +130,7 @@ } else { user_error("Refusing to invoke method $method of handler $op which has required parameters.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } else { if (method_exists($handler, "catchall")) { @@ -141,19 +141,19 @@ return; } else { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); return; } } else { user_error("Refusing to invoke method $method of handler $op with invalid CSRF token.", E_USER_WARNING); header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); return; } } } header("Content-Type: text/json"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); ?> diff --git a/classes/api.php b/classes/api.php index 6f3ee77db..1b3ee7d92 100755 --- a/classes/api.php +++ b/classes/api.php @@ -6,6 +6,13 @@ class API extends Handler { const STATUS_OK = 0; const STATUS_ERR = 1; + const E_API_DISABLED = "API_DISABLED"; + const E_NOT_LOGGED_IN = "NOT_LOGGED_IN"; + const E_LOGIN_ERROR = "LOGIN_ERROR"; + const E_INCORRECT_USAGE = "INCORRECT_USAGE"; + const E_UNKNOWN_METHOD = "UNKNOWN_METHOD"; + const E_OPERATION_FAILED = "E_OPERATION_FAILED"; + private $seq; private static function _param_to_bool($p) { @@ -13,9 +20,11 @@ class API extends Handler { } private function _wrap($status, $reply) { - print json_encode(array("seq" => $this->seq, - "status" => $status, - "content" => $reply)); + print json_encode([ + "seq" => $this->seq, + "status" => $status, + "content" => $reply + ]); } function before($method) { @@ -23,12 +32,12 @@ class API extends Handler { header("Content-Type: text/json"); if (empty($_SESSION["uid"]) && $method != "login" && $method != "isloggedin") { - $this->_wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_NOT_LOGGED_IN)); return false; } if (!empty($_SESSION["uid"]) && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) { - $this->_wrap(self::STATUS_ERR, array("error" => 'API_DISABLED')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_API_DISABLED)); return false; } @@ -69,13 +78,13 @@ class API extends Handler { "api_level" => self::API_LEVEL)); } else { // else we are not logged in user_error("Failed login attempt for $login from " . UserHelper::get_user_ip(), E_USER_WARNING); - $this->_wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_LOGIN_ERROR)); } } else { - $this->_wrap(self::STATUS_ERR, array("error" => "API_DISABLED")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_API_DISABLED)); } } else { - $this->_wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_LOGIN_ERROR)); return; } } @@ -221,7 +230,7 @@ class API extends Handler { $this->_wrap(self::STATUS_OK, $headlines); } } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } @@ -281,7 +290,7 @@ class API extends Handler { "updated" => $num_updated)); } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } @@ -356,7 +365,7 @@ class API extends Handler { $this->_wrap(self::STATUS_OK, $articles); } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } @@ -481,7 +490,7 @@ class API extends Handler { $this->_wrap($reply[0], $reply[1]); } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method)); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_UNKNOWN_METHOD, "method" => $method)); } } @@ -493,7 +502,7 @@ class API extends Handler { if (Article::_create_published_article($title, $url, $content, "", $_SESSION["uid"])) { $this->_wrap(self::STATUS_OK, array("status" => 'OK')); } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'Publishing failed')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_OPERATION_FAILED)); } } @@ -816,7 +825,7 @@ class API extends Handler { Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]); $this->_wrap(self::STATUS_OK, array("status" => "OK")); } else { - $this->_wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND")); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_OPERATION_FAILED)); } } @@ -831,7 +840,7 @@ class API extends Handler { $this->_wrap(self::STATUS_OK, array("status" => $rc)); } else { - $this->_wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + $this->_wrap(self::STATUS_ERR, array("error" => self::E_INCORRECT_USAGE)); } } diff --git a/classes/feeds.php b/classes/feeds.php index eaedc1aee..a38cbae97 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -499,15 +499,7 @@ class Feeds extends Handler_Protected { // this is parsed by handleRpcJson() on first viewfeed() to set cdm expanded, etc $reply['runtime-info'] = RPC::make_runtime_info(); - $reply_json = json_encode($reply); - - if (!$reply_json) { - $reply_json = json_encode(["error" => ["code" => 15, - "message" => json_last_error_msg()]]); - } - - print $reply_json; - + print json_encode($reply); } private function _generate_dashboard_feed() { diff --git a/classes/handler/public.php b/classes/handler/public.php index 79dff37b5..42be6f713 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -240,7 +240,7 @@ class Handler_Public extends Handler { } else { header("Content-Type: text/plain; charset=utf-8"); - print json_encode(array("error" => array("message" => "Unknown format"))); + print "Unknown format: $format."; } } @@ -290,7 +290,7 @@ class Handler_Public extends Handler { header("Location: index.php"); } else { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } @@ -408,7 +408,7 @@ class Handler_Public extends Handler { function index() { header("Content-Type: text/plain"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); } function forgotpass() { @@ -659,7 +659,7 @@ class Handler_Public extends Handler {
$method(); } else { user_error("Rejected ${plugin_name}->${method}(): invalid CSRF token.", E_USER_WARNING); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } else { user_error("Rejected ${plugin_name}->${method}(): unknown method.", E_USER_WARNING); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); } } else { user_error("Rejected ${plugin_name}->${method}(): unknown plugin.", E_USER_WARNING); - print error_json(14); + print Errors::to_json(Errors::E_UNKNOWN_PLUGIN); } } } diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 7c3a40647..086c52697 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -561,8 +561,6 @@ class Pref_Feeds extends Handler_Protected { "all" => $this::get_ts_languages(), ] ]); - } else { - print json_encode(["error" => "FEED_NOT_FOUND"]); } } diff --git a/classes/pref/labels.php b/classes/pref/labels.php index 0b826e13f..5bc094d55 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -16,8 +16,6 @@ class Pref_Labels extends Handler_Protected { if ($line = $sth->fetch(PDO::FETCH_ASSOC)) { print json_encode($line); - } else { - print json_encode(["error" => "LABEL_NOT_FOUND"]); } } diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 7ee03c21f..0d0dcadbc 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -1063,7 +1063,7 @@ class Pref_Prefs extends Handler_Protected { } } else { header("Content-Type: text/json"); - print error_json(6); + print Errors::to_json(Errors::E_UNAUTHORIZED); } } diff --git a/classes/pref/users.php b/classes/pref/users.php index f30abe001..13f808cb3 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -19,8 +19,6 @@ class Pref_Users extends Handler_Administrative { "user" => $row, "access_level_names" => $access_level_names ]); - } else { - print json_encode(["error" => "USER_NOT_FOUND"]); } } diff --git a/classes/rpc.php b/classes/rpc.php index 52d514aae..d0388a066 100755 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -118,16 +118,22 @@ class RPC extends Handler_Protected { $_SESSION["hasSandbox"] = clean($_REQUEST["hasSandbox"]) === "true"; $_SESSION["clientTzOffset"] = clean($_REQUEST["clientTzOffset"]); - $reply = array(); + $error = Errors::E_SUCCESS; - $reply['error'] = sanity_check(); + if (get_schema_version(true) != SCHEMA_VERSION) { + $error = Errors::E_SCHEMA_MISMATCH; + } + + if ($error == Errors::E_SUCCESS) { + $reply = []; - if ($reply['error']['code'] == 0) { $reply['init-params'] = $this->make_init_params(); $reply['runtime-info'] = $this->make_runtime_info(); - } - print json_encode($reply); + print json_encode($reply); + } else { + print Errors::to_json($error); + } } /*function completeLabels() { @@ -315,10 +321,7 @@ class RPC extends Handler_Protected { $msg, 'client-js:' . $file, $line, $context); echo json_encode(array("message" => "HOST_ERROR_LOGGED")); - } else { - echo json_encode(array("error" => "MESSAGE_NOT_FOUND")); } - } function checkforupdates() { diff --git a/errors.php b/errors.php deleted file mode 100644 index 3195c4b64..000000000 --- a/errors.php +++ /dev/null @@ -1,60 +0,0 @@ - $error) { - - $error = preg_replace("/\n/", "", $error); - $error = preg_replace("/\"/", "\\\"", $error); - - print "ERRORS[$id] = \"$error\";\n"; - } - } -?> diff --git a/include/functions.php b/include/functions.php index a698fa79d..d916301fb 100644 --- a/include/functions.php +++ b/include/functions.php @@ -323,20 +323,6 @@ } } - function sanity_check() { - require_once 'errors.php'; - $ERRORS = get_error_types(); - - $error_code = 0; - $schema_version = get_schema_version(true); - - if ($schema_version != SCHEMA_VERSION) { - $error_code = 5; - } - - return array("code" => $error_code, "message" => $ERRORS[$error_code]); - } - function file_is_locked($filename) { if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/$filename")) { if (function_exists('flock')) { @@ -533,20 +519,6 @@ return file_exists("themes/$theme") || file_exists("themes.local/$theme"); } - /** - * @SuppressWarnings(unused) - */ - function error_json($code) { - require_once "errors.php"; - $ERRORS = get_error_types(); - - @$message = $ERRORS[$code]; - - return json_encode(array("error" => - array("code" => $code, "message" => $message))); - - } - function arr_qmarks($arr) { return str_repeat('?,', count($arr) - 1) . '?'; } diff --git a/include/login_form.php b/include/login_form.php index 168fe50aa..06bf57470 100755 --- a/include/login_form.php +++ b/include/login_form.php @@ -6,11 +6,10 @@ index(); @@ -60,5 +60,5 @@ } header("Content-Type: text/plain"); - print error_json(13); + print Errors::to_json(Errors::E_UNKNOWN_METHOD); ?> -- cgit v1.2.3-54-g00ecf