diff --git a/classes/article.php b/classes/article.php index c23a1b820..43b25f94f 100755 --- a/classes/article.php +++ b/classes/article.php @@ -306,9 +306,9 @@ class Article extends Handler_Protected { $sth->execute([$int_id, $_SESSION['uid']]); foreach ($tags as $tag) { - $tag = sanitize_tag($tag); + $tag = Article::sanitize_tag($tag); - if (!tag_is_valid($tag)) { + if (!Article::tag_is_valid($tag)) { continue; } @@ -800,4 +800,25 @@ class Article extends Handler_Protected { return $rv; } + static function sanitize_tag($tag) { + $tag = trim($tag); + + $tag = mb_strtolower($tag, 'utf-8'); + + $tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag); + + if (DB_TYPE == "mysql") { + $tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag); + } + + return $tag; + } + + static function tag_is_valid($tag) { + if (!$tag || is_numeric($tag) || mb_strlen($tag) > 250) + return false; + + return true; + } + } diff --git a/classes/dlg.php b/classes/dlg.php index 4489af51a..d3e82ee59 100644 --- a/classes/dlg.php +++ b/classes/dlg.php @@ -161,7 +161,7 @@ class Dlg extends Handler_Protected { $feed_id = $this->params[0]; $is_cat = (bool) $this->params[1]; - $key = get_feed_access_key($feed_id, $is_cat); + $key = Feeds::get_feed_access_key($feed_id, $is_cat); $url_path = htmlspecialchars($this->params[2]) . "&key=" . $key; diff --git a/classes/feeds.php b/classes/feeds.php index 2714f4596..75ca83957 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -2006,5 +2006,69 @@ class Feeds extends Handler_Protected { return ''; } + static function add_feed_category($feed_cat, $parent_cat_id = false, $order_id = 0) { + + if (!$feed_cat) return false; + + $feed_cat = mb_substr($feed_cat, 0, 250); + if (!$parent_cat_id) $parent_cat_id = null; + + $pdo = Db::pdo(); + $tr_in_progress = false; + + try { + $pdo->beginTransaction(); + } catch (Exception $e) { + $tr_in_progress = true; + } + + $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories + WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL)) + AND title = :title AND owner_uid = :uid"); + $sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]); + + if (!$sth->fetch()) { + + $sth = $pdo->prepare("INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat,order_id) + VALUES (?, ?, ?, ?)"); + $sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id, (int)$order_id]); + + if (!$tr_in_progress) $pdo->commit(); + + return true; + } + + $pdo->commit(); + + return false; + } + + static function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) { + + if (!$owner_uid) $owner_uid = $_SESSION["uid"]; + + $is_cat = bool_to_sql_bool($is_cat); + + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys + WHERE feed_id = ? AND is_cat = ? + AND owner_uid = ?"); + $sth->execute([$feed_id, $is_cat, $owner_uid]); + + if ($row = $sth->fetch()) { + return $row["access_key"]; + } else { + $key = uniqid_short(); + + $sth = $pdo->prepare("INSERT INTO ttrss_access_keys + (access_key, feed_id, is_cat, owner_uid) + VALUES (?, ?, ?, ?)"); + + $sth->execute([$key, $feed_id, $is_cat, $owner_uid]); + + return $key; + } + } } diff --git a/classes/handler/public.php b/classes/handler/public.php index e9a3abc53..b4f0a5b6f 100755 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -75,7 +75,7 @@ class Handler_Public extends Handler { $feed_self_url = get_self_url_prefix() . "/public.php?op=rss&id=$feed&key=" . - get_feed_access_key($feed, false, $owner_uid); + Feeds::get_feed_access_key($feed, false, $owner_uid); if (!$feed_site_url) $feed_site_url = get_self_url_prefix(); diff --git a/classes/opml.php b/classes/opml.php index 720798065..6982aea27 100644 --- a/classes/opml.php +++ b/classes/opml.php @@ -31,7 +31,7 @@ class Opml extends Handler_Protected {

".__('OPML Utility')."

"; - add_feed_category("Imported feeds"); + Feeds::add_feed_category("Imported feeds"); $this->opml_notice(__("Importing OPML...")); @@ -515,7 +515,7 @@ class Opml extends Handler_Protected { $order_id = (int) $root_node->attributes->getNamedItem('ttrssSortOrder')->nodeValue; if (!$order_id) $order_id = 0; - add_feed_category($cat_title, $parent_id, $order_id); + Feeds::add_feed_category($cat_title, $parent_id, $order_id); $cat_id = $this->get_feed_category($cat_title, $parent_id); } @@ -627,7 +627,7 @@ class Opml extends Handler_Protected { $url_path = get_self_url_prefix(); $url_path .= "/opml.php?op=publish&key=" . - get_feed_access_key('OPML:Publish', false, $_SESSION["uid"]); + Feeds::get_feed_access_key('OPML:Publish', false, $_SESSION["uid"]); return $url_path; } diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index f94f45430..c55affd77 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -1166,7 +1166,7 @@ class Pref_Feeds extends Handler_Protected { function addCat() { $feed_cat = trim(clean($_REQUEST["cat"])); - add_feed_category($feed_cat); + Feeds::add_feed_category($feed_cat); } function index() { @@ -1750,7 +1750,7 @@ class Pref_Feeds extends Handler_Protected { WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?"); $sth->execute([$feed_id, bool_to_sql_bool($is_cat), $owner_uid]); - return get_feed_access_key($feed_id, $is_cat, $owner_uid); + return Feeds::get_feed_access_key($feed_id, $is_cat, $owner_uid); } // Silent diff --git a/classes/rssutils.php b/classes/rssutils.php index 68e0255ed..48f4320fb 100755 --- a/classes/rssutils.php +++ b/classes/rssutils.php @@ -507,7 +507,7 @@ class RSSUtils { Debug::log("loading filters & labels...", Debug::$LOG_VERBOSE); - $filters = load_filters($feed, $owner_uid); + $filters = RSSUtils::load_filters($feed, $owner_uid); if (Debug::get_loglevel() >= Debug::$LOG_EXTENDED) { print_r($filters); @@ -1071,7 +1071,7 @@ class RSSUtils { $manual_tags = trim_array(explode(",", $f["param"])); foreach ($manual_tags as $tag) { - if (tag_is_valid($tag)) { + if (Article::tag_is_valid($tag)) { array_push($entry_tags, $tag); } } @@ -1115,9 +1115,9 @@ class RSSUtils { foreach ($filtered_tags as $tag) { - $tag = sanitize_tag($tag); + $tag = Article::sanitize_tag($tag); - if (!tag_is_valid($tag)) continue; + if (!Article::tag_is_valid($tag)) continue; $tsth->execute([$tag, $entry_int_id, $owner_uid]); @@ -1570,4 +1570,113 @@ class RSSUtils { return mb_strpos($feed_data, "\x1f" . "\x8b" . "\x08", 0, "US-ASCII") === 0; } + static function load_filters($feed_id, $owner_uid) { + $filters = array(); + + $feed_id = (int) $feed_id; + $cat_id = (int)Feeds::getFeedCategory($feed_id); + + if ($cat_id == 0) + $null_cat_qpart = "cat_id IS NULL OR"; + else + $null_cat_qpart = ""; + + $pdo = Db::pdo(); + + $sth = $pdo->prepare("SELECT * FROM ttrss_filters2 WHERE + owner_uid = ? AND enabled = true ORDER BY order_id, title"); + $sth->execute([$owner_uid]); + + $check_cats = array_merge( + Feeds::getParentCategories($cat_id, $owner_uid), + [$cat_id]); + + $check_cats_str = join(",", $check_cats); + $check_cats_fullids = array_map(function($a) { return "CAT:$a"; }, $check_cats); + + while ($line = $sth->fetch()) { + $filter_id = $line["id"]; + + $match_any_rule = sql_bool_to_bool($line["match_any_rule"]); + + $sth2 = $pdo->prepare("SELECT + r.reg_exp, r.inverse, r.feed_id, r.cat_id, r.cat_filter, r.match_on, t.name AS type_name + FROM ttrss_filters2_rules AS r, + ttrss_filter_types AS t + WHERE + (match_on IS NOT NULL OR + (($null_cat_qpart (cat_id IS NULL AND cat_filter = false) OR cat_id IN ($check_cats_str)) AND + (feed_id IS NULL OR feed_id = ?))) AND + filter_type = t.id AND filter_id = ?"); + $sth2->execute([$feed_id, $filter_id]); + + $rules = array(); + $actions = array(); + + while ($rule_line = $sth2->fetch()) { + # print_r($rule_line); + + if ($rule_line["match_on"]) { + $match_on = json_decode($rule_line["match_on"], true); + + if (in_array("0", $match_on) || in_array($feed_id, $match_on) || count(array_intersect($check_cats_fullids, $match_on)) > 0) { + + $rule = array(); + $rule["reg_exp"] = $rule_line["reg_exp"]; + $rule["type"] = $rule_line["type_name"]; + $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]); + + array_push($rules, $rule); + } else if (!$match_any_rule) { + // this filter contains a rule that doesn't match to this feed/category combination + // thus filter has to be rejected + + $rules = []; + break; + } + + } else { + + $rule = array(); + $rule["reg_exp"] = $rule_line["reg_exp"]; + $rule["type"] = $rule_line["type_name"]; + $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]); + + array_push($rules, $rule); + } + } + + if (count($rules) > 0) { + $sth2 = $pdo->prepare("SELECT a.action_param,t.name AS type_name + FROM ttrss_filters2_actions AS a, + ttrss_filter_actions AS t + WHERE + action_id = t.id AND filter_id = ?"); + $sth2->execute([$filter_id]); + + while ($action_line = $sth2->fetch()) { + # print_r($action_line); + + $action = array(); + $action["type"] = $action_line["type_name"]; + $action["param"] = $action_line["action_param"]; + + array_push($actions, $action); + } + } + + $filter = []; + $filter["id"] = $filter_id; + $filter["match_any_rule"] = sql_bool_to_bool($line["match_any_rule"]); + $filter["inverse"] = sql_bool_to_bool($line["inverse"]); + $filter["rules"] = $rules; + $filter["actions"] = $actions; + + if (count($rules) > 0 && count($actions) > 0) { + array_push($filters, $filter); + } + } + + return $filters; + } } diff --git a/include/functions.php b/include/functions.php index fe4ca1ecb..3981bc435 100644 --- a/include/functions.php +++ b/include/functions.php @@ -1798,13 +1798,6 @@ return $tmp; } - function tag_is_valid($tag) { - if (!$tag || is_numeric($tag) || mb_strlen($tag) > 250) - return false; - - return true; - } - function render_login_form() { header('Cache-Control: public'); @@ -1823,20 +1816,6 @@ return $ts; } - function sanitize_tag($tag) { - $tag = trim($tag); - - $tag = mb_strtolower($tag, 'utf-8'); - - $tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag); - - if (DB_TYPE == "mysql") { - $tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag); - } - - return $tag; - } - function is_server_https() { return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) || $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https'; } @@ -1864,187 +1843,12 @@ } } // function encrypt_password - function load_filters($feed_id, $owner_uid) { - $filters = array(); - - $feed_id = (int) $feed_id; - $cat_id = (int)Feeds::getFeedCategory($feed_id); - - if ($cat_id == 0) - $null_cat_qpart = "cat_id IS NULL OR"; - else - $null_cat_qpart = ""; - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT * FROM ttrss_filters2 WHERE - owner_uid = ? AND enabled = true ORDER BY order_id, title"); - $sth->execute([$owner_uid]); - - $check_cats = array_merge( - Feeds::getParentCategories($cat_id, $owner_uid), - [$cat_id]); - - $check_cats_str = join(",", $check_cats); - $check_cats_fullids = array_map(function($a) { return "CAT:$a"; }, $check_cats); - - while ($line = $sth->fetch()) { - $filter_id = $line["id"]; - - $match_any_rule = sql_bool_to_bool($line["match_any_rule"]); - - $sth2 = $pdo->prepare("SELECT - r.reg_exp, r.inverse, r.feed_id, r.cat_id, r.cat_filter, r.match_on, t.name AS type_name - FROM ttrss_filters2_rules AS r, - ttrss_filter_types AS t - WHERE - (match_on IS NOT NULL OR - (($null_cat_qpart (cat_id IS NULL AND cat_filter = false) OR cat_id IN ($check_cats_str)) AND - (feed_id IS NULL OR feed_id = ?))) AND - filter_type = t.id AND filter_id = ?"); - $sth2->execute([$feed_id, $filter_id]); - - $rules = array(); - $actions = array(); - - while ($rule_line = $sth2->fetch()) { - # print_r($rule_line); - - if ($rule_line["match_on"]) { - $match_on = json_decode($rule_line["match_on"], true); - - if (in_array("0", $match_on) || in_array($feed_id, $match_on) || count(array_intersect($check_cats_fullids, $match_on)) > 0) { - - $rule = array(); - $rule["reg_exp"] = $rule_line["reg_exp"]; - $rule["type"] = $rule_line["type_name"]; - $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]); - - array_push($rules, $rule); - } else if (!$match_any_rule) { - // this filter contains a rule that doesn't match to this feed/category combination - // thus filter has to be rejected - - $rules = []; - break; - } - - } else { - - $rule = array(); - $rule["reg_exp"] = $rule_line["reg_exp"]; - $rule["type"] = $rule_line["type_name"]; - $rule["inverse"] = sql_bool_to_bool($rule_line["inverse"]); - - array_push($rules, $rule); - } - } - - if (count($rules) > 0) { - $sth2 = $pdo->prepare("SELECT a.action_param,t.name AS type_name - FROM ttrss_filters2_actions AS a, - ttrss_filter_actions AS t - WHERE - action_id = t.id AND filter_id = ?"); - $sth2->execute([$filter_id]); - - while ($action_line = $sth2->fetch()) { - # print_r($action_line); - - $action = array(); - $action["type"] = $action_line["type_name"]; - $action["param"] = $action_line["action_param"]; - - array_push($actions, $action); - } - } - - $filter = []; - $filter["id"] = $filter_id; - $filter["match_any_rule"] = sql_bool_to_bool($line["match_any_rule"]); - $filter["inverse"] = sql_bool_to_bool($line["inverse"]); - $filter["rules"] = $rules; - $filter["actions"] = $actions; - - if (count($rules) > 0 && count($actions) > 0) { - array_push($filters, $filter); - } - } - - return $filters; - } - function init_plugins() { PluginHost::getInstance()->load(PLUGINS, PluginHost::KIND_ALL); return true; } - function add_feed_category($feed_cat, $parent_cat_id = false, $order_id = 0) { - - if (!$feed_cat) return false; - - $feed_cat = mb_substr($feed_cat, 0, 250); - if (!$parent_cat_id) $parent_cat_id = null; - - $pdo = Db::pdo(); - $tr_in_progress = false; - - try { - $pdo->beginTransaction(); - } catch (Exception $e) { - $tr_in_progress = true; - } - - $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories - WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL)) - AND title = :title AND owner_uid = :uid"); - $sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]); - - if (!$sth->fetch()) { - - $sth = $pdo->prepare("INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat,order_id) - VALUES (?, ?, ?, ?)"); - $sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id, (int)$order_id]); - - if (!$tr_in_progress) $pdo->commit(); - - return true; - } - - $pdo->commit(); - - return false; - } - - function get_feed_access_key($feed_id, $is_cat, $owner_uid = false) { - - if (!$owner_uid) $owner_uid = $_SESSION["uid"]; - - $is_cat = bool_to_sql_bool($is_cat); - - $pdo = Db::pdo(); - - $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys - WHERE feed_id = ? AND is_cat = ? - AND owner_uid = ?"); - $sth->execute([$feed_id, $is_cat, $owner_uid]); - - if ($row = $sth->fetch()) { - return $row["access_key"]; - } else { - $key = uniqid_short(); - - $sth = $pdo->prepare("INSERT INTO ttrss_access_keys - (access_key, feed_id, is_cat, owner_uid) - VALUES (?, ?, ?, ?)"); - - $sth->execute([$key, $feed_id, $is_cat, $owner_uid]); - - return $key; - } - } - function build_url($parts) { return $parts['scheme'] . "://" . $parts['host'] . $parts['path']; }