diff --git a/backend.php b/backend.php
index b6377c48f..4184e87c8 100644
--- a/backend.php
+++ b/backend.php
@@ -101,7 +101,6 @@
$op = "pluginhandler";
} */
- // TODO: figure out if is this still needed
$op = str_replace("-", "_", $op);
$override = PluginHost::getInstance()->lookup_handler($op, $method);
diff --git a/classes/config.php b/classes/config.php
index ee1d3cb4a..cc8710f5b 100644
--- a/classes/config.php
+++ b/classes/config.php
@@ -183,4 +183,217 @@ class Config {
return $instance->_get($param);
}
+ // this returns Config::SELF_URL_PATH sans ending slash
+ static function get_self_url() {
+ $self_url_path = self::get(Config::SELF_URL_PATH);
+
+ if (substr($self_url_path, -1) === "/") {
+ return substr($self_url_path, 0, -1);
+ } else {
+ return $self_url_path;
+ }
+ }
+
+ static function is_server_https() {
+ return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
+ (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
+ }
+
+ static function make_self_url() {
+ $proto = self::is_server_https() ? 'https' : 'http';
+
+ return $proto . '://' . $_SERVER["HTTP_HOST"] . $_SERVER["REQUEST_URI"];
+ }
+
+ /* sanity check stuff */
+
+ private static function make_self_url_path() {
+ if (!isset($_SERVER["HTTP_HOST"])) return false;
+
+ $proto = self::is_server_https() ? 'https' : 'http';
+ $url_path = $proto . '://' . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
+
+ return $url_path;
+ }
+
+ private static function check_mysql_tables() {
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
+ table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
+ $sth->execute([self::get(Config::DB_NAME)]);
+
+ $bad_tables = [];
+
+ while ($line = $sth->fetch()) {
+ array_push($bad_tables, $line);
+ }
+
+ return $bad_tables;
+ }
+
+ static function sanity_check() {
+
+ $errors = array();
+
+ if (strpos(self::get(Config::PLUGINS), "auth_") === false) {
+ array_push($errors, "Please enable at least one authentication module via PLUGINS");
+ }
+
+ if (function_exists('posix_getuid') && posix_getuid() == 0) {
+ array_push($errors, "Please don't run this script as root.");
+ }
+
+ if (version_compare(PHP_VERSION, '7.1.0', '<')) {
+ array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . ".");
+ }
+
+ if (!class_exists("UConverter")) {
+ array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module.");
+ }
+
+ if (!is_writable(self::get(Config::CACHE_DIR) . "/images")) {
+ array_push($errors, "Image cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/images)");
+ }
+
+ if (!is_writable(self::get(Config::CACHE_DIR) . "/upload")) {
+ array_push($errors, "Upload cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/upload)");
+ }
+
+ if (!is_writable(self::get(Config::CACHE_DIR) . "/export")) {
+ array_push($errors, "Data export cache is not writable (chmod -R 777 ".self::get(Config::CACHE_DIR)."/export)");
+ }
+
+ if (self::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
+ if (UserHelper::get_login_by_id(1) != "admin") {
+ array_push($errors, "SINGLE_USER_MODE is enabled but default admin account (ID: 1) is not found.");
+ }
+ }
+
+ if (php_sapi_name() != "cli") {
+ $ref_self_url_path = self::make_self_url_path();
+
+ if ($ref_self_url_path) {
+ $ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
+ }
+
+ if (self::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") {
+ $hint = $ref_self_url_path ? "(possible value: $ref_self_url_path)" : "";
+ array_push($errors,
+ "Please set SELF_URL_PATH to the correct value for your server: $hint");
+ }
+
+ if ($ref_self_url_path &&
+ (!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
+ self::get(Config::SELF_URL_PATH) != $ref_self_url_path && self::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
+ array_push($errors,
+ "Please set SELF_URL_PATH to the correct value detected for your server: $ref_self_url_path (you're using: " . self::get(Config::SELF_URL_PATH) . ")");
+ }
+ }
+
+ if (!is_writable(self::get(Config::ICONS_DIR))) {
+ array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".self::get(Config::ICONS_DIR).").\n");
+ }
+
+ if (!is_writable(self::get(Config::LOCK_DIRECTORY))) {
+ array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".self::get(Config::LOCK_DIRECTORY).").\n");
+ }
+
+ if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
+ array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
+ }
+
+ if (!function_exists("json_encode")) {
+ array_push($errors, "PHP support for JSON is required, but was not found.");
+ }
+
+ if (!class_exists("PDO")) {
+ array_push($errors, "PHP support for PDO is required but was not found.");
+ }
+
+ if (!function_exists("mb_strlen")) {
+ array_push($errors, "PHP support for mbstring functions is required but was not found.");
+ }
+
+ if (!function_exists("hash")) {
+ array_push($errors, "PHP support for hash() function is required but was not found.");
+ }
+
+ if (ini_get("safe_mode")) {
+ array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss.");
+ }
+
+ if (!function_exists("mime_content_type")) {
+ array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module.");
+ }
+
+ if (!class_exists("DOMDocument")) {
+ array_push($errors, "PHP support for DOMDocument is required, but was not found.");
+ }
+
+ if (self::get(Config::DB_TYPE) == "mysql") {
+ $bad_tables = self::check_mysql_tables();
+
+ if (count($bad_tables) > 0) {
+ $bad_tables_fmt = [];
+
+ foreach ($bad_tables as $bt) {
+ array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine']));
+ }
+
+ $msg = "
The following tables use an unsupported MySQL engine: " .
+ implode(", ", $bad_tables_fmt) . ".
";
+
+ $msg .= "
The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run
+ tt-rss.
+ Please backup your data (via OPML) and re-import the schema before continuing.
+
WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.
Please fix errors indicated by the following messages:
+
+
+
+
You might want to check tt-rss wiki or the
+ forums for more information. Please search the forums before creating new topic
+ for your question.
+
+
+
+
+ 0) {
+ echo "Please fix errors indicated by the following messages:\n\n";
+
+ foreach ($errors as $error) {
+ echo " * " . strip_tags($error)."\n";
+ }
+
+ echo "\nYou might want to check tt-rss wiki or the forums for more information.\n";
+ echo "Please search the forums before creating new topic for your question.\n";
+
+ exit(1);
+ }
+ }
+
+ private static function format_error($msg) {
+ return "
$msg
";
+ }
}
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index de03b34dc..3436e4f60 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -694,7 +694,7 @@ class Pref_Prefs extends Handler_Protected {
print \Controls\input_tag($pref_name, $value, "text", ["readonly" => true], "SSL_CERT_SERIAL");
- $cert_serial = htmlspecialchars(get_ssl_certificate_id());
+ $cert_serial = htmlspecialchars(self::_get_ssl_certificate_id());
$has_serial = ($cert_serial) ? true : false;
print \Controls\button_tag(__('Register'), "", [
@@ -1408,4 +1408,20 @@ class Pref_Prefs extends Handler_Protected {
$this->appPasswordList();
}
+
+ static function _get_ssl_certificate_id() {
+ if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
+ return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
+ $_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
+ $_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
+ $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
+ }
+ if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
+ return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
+ $_SERVER["SSL_CLIENT_V_START"] .
+ $_SERVER["SSL_CLIENT_V_END"] .
+ $_SERVER["SSL_CLIENT_S_DN"]);
+ }
+ return "";
+ }
}
diff --git a/classes/sanitizer.php b/classes/sanitizer.php
index 52feb5e28..5bb5f2efc 100644
--- a/classes/sanitizer.php
+++ b/classes/sanitizer.php
@@ -49,6 +49,10 @@ class Sanitizer {
return false;
}
+ private static function is_prefix_https() {
+ return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
+ }
+
public static function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner && isset($_SESSION["uid"]))
@@ -125,7 +129,7 @@ class Sanitizer {
if (!self::iframe_whitelisted($entry)) {
$entry->setAttribute('sandbox', 'allow-scripts');
} else {
- if (is_prefix_https()) {
+ if (self::is_prefix_https()) {
$entry->setAttribute("src",
str_replace("http://", "https://",
$entry->getAttribute("src")));
diff --git a/include/functions.php b/include/functions.php
index d4505ac24..92db41ad8 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -168,68 +168,64 @@
/* compat shims */
+ /** function is @deprecated */
+ function get_schema_version() {
+ return Config::get_schema_version();
+ }
+
+ /** function is @deprecated */
function _debug($msg) {
Debug::log($msg);
}
- // @deprecated
+ /** function is @deprecated */
function getFeedUnread($feed, $is_cat = false) {
return Feeds::_get_counters($feed, $is_cat, true, $_SESSION["uid"]);
}
- // @deprecated
+ /** function is @deprecated */
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
return Sanitizer::sanitize($str, $force_remove_images, $owner, $site_url, $highlight_words, $article_id);
}
- // @deprecated
+ /** function is @deprecated */
function fetch_file_contents($params) {
return UrlHelper::fetch($params);
}
- // @deprecated
+ /** function is @deprecated */
function rewrite_relative_url($url, $rel_url) {
return UrlHelper::rewrite_relative($url, $rel_url);
}
- // @deprecated
+ /** function is @deprecated */
function validate_url($url) {
return UrlHelper::validate($url);
}
- // @deprecated
+ /** function is @deprecated */
function authenticate_user($login, $password, $check_only = false, $service = false) {
return UserHelper::authenticate($login, $password, $check_only, $service);
}
- // @deprecated
+ /** function is @deprecated */
function smart_date_time($timestamp, $tz_offset = 0, $owner_uid = false, $eta_min = false) {
return TimeHelper::smart_date_time($timestamp, $tz_offset, $owner_uid, $eta_min);
}
- // @deprecated
+ /** function is @deprecated */
function make_local_datetime($timestamp, $long, $owner_uid = false, $no_smart_dt = false, $eta_min = false) {
return TimeHelper::make_local_datetime($timestamp, $long, $owner_uid, $no_smart_dt, $eta_min);
}
- /* end compat shims */
-
- function get_ssl_certificate_id() {
- if ($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] ?? false) {
- return sha1($_SERVER["REDIRECT_SSL_CLIENT_M_SERIAL"] .
- $_SERVER["REDIRECT_SSL_CLIENT_V_START"] .
- $_SERVER["REDIRECT_SSL_CLIENT_V_END"] .
- $_SERVER["REDIRECT_SSL_CLIENT_S_DN"]);
- }
- if ($_SERVER["SSL_CLIENT_M_SERIAL"] ?? false) {
- return sha1($_SERVER["SSL_CLIENT_M_SERIAL"] .
- $_SERVER["SSL_CLIENT_V_START"] .
- $_SERVER["SSL_CLIENT_V_END"] .
- $_SERVER["SSL_CLIENT_S_DN"]);
- }
- return "";
+ // this returns Config::SELF_URL_PATH sans ending slash
+ /** function is @deprecated */
+ function get_self_url_prefix() {
+ return Config::get_self_url();
}
+ /* end compat shims */
+
// this is used for user http parameters unless HTML code is actually needed
function clean($param) {
if (is_array($param)) {
@@ -303,10 +299,6 @@
return $s ? 1 : 0;
}
- function get_schema_version() {
- return Config::get_schema_version();
- }
-
function file_is_locked($filename) {
if (file_exists(Config::get(Config::LOCK_DIRECTORY) . "/$filename")) {
if (function_exists('flock')) {
@@ -371,24 +363,6 @@
return vsprintf(_ngettext(array_shift($args), array_shift($args), array_shift($args)), $args);
}
- function is_server_https() {
- return (!empty($_SERVER['HTTPS']) && ($_SERVER['HTTPS'] != 'off')) ||
- (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https');
- }
-
- function is_prefix_https() {
- return parse_url(Config::get(Config::SELF_URL_PATH), PHP_URL_SCHEME) == 'https';
- }
-
- // this returns Config::get(Config::SELF_URL_PATH) sans ending slash
- function get_self_url_prefix() {
- if (strrpos(Config::get(Config::SELF_URL_PATH), "/") === strlen(Config::get(Config::SELF_URL_PATH))-1) {
- return substr(Config::get(Config::SELF_URL_PATH), 0, strlen(Config::get(Config::SELF_URL_PATH))-1);
- } else {
- return Config::get(Config::SELF_URL_PATH);
- }
- }
-
function encrypt_password($pass, $salt = '', $mode2 = false) {
if ($salt && $mode2) {
return "MODE2:" . hash('sha256', $salt . $pass);
diff --git a/include/login_form.php b/include/login_form.php
index 06bf57470..91850b768 100755
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -85,7 +85,7 @@
-
+
diff --git a/include/sanity_check.php b/include/sanity_check.php
deleted file mode 100755
index 3d6a496b5..000000000
--- a/include/sanity_check.php
+++ /dev/null
@@ -1,206 +0,0 @@
-prepare("SELECT engine, table_name FROM information_schema.tables WHERE
- table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
- $sth->execute([Config::get(Config::DB_NAME)]);
-
- $bad_tables = [];
-
- while ($line = $sth->fetch()) {
- array_push($bad_tables, $line);
- }
-
- return $bad_tables;
- }
-
- function initial_sanity_check() {
-
- $errors = array();
-
- if (strpos(Config::get(Config::PLUGINS), "auth_") === false) {
- array_push($errors, "Please enable at least one authentication module via Config::get(Config::PLUGINS) constant in config.php");
- }
-
- if (function_exists('posix_getuid') && posix_getuid() == 0) {
- array_push($errors, "Please don't run this script as root.");
- }
-
- if (version_compare(PHP_VERSION, '7.1.0', '<')) {
- array_push($errors, "PHP version 7.1.0 or newer required. You're using " . PHP_VERSION . ".");
- }
-
- if (!class_exists("UConverter")) {
- array_push($errors, "PHP UConverter class is missing, it's provided by the Internationalization (intl) module.");
- }
-
- if (!is_writable(Config::get(Config::CACHE_DIR) . "/images")) {
- array_push($errors, "Image cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/images)");
- }
-
- if (!is_writable(Config::get(Config::CACHE_DIR) . "/upload")) {
- array_push($errors, "Upload cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/upload)");
- }
-
- if (!is_writable(Config::get(Config::CACHE_DIR) . "/export")) {
- array_push($errors, "Data export cache is not writable (chmod -R 777 ".Config::get(Config::CACHE_DIR)."/export)");
- }
-
- if (Config::get(Config::SINGLE_USER_MODE) && class_exists("PDO")) {
- $pdo = Db::pdo();
-
- $res = $pdo->query("SELECT id FROM ttrss_users WHERE id = 1");
-
- if (!$res->fetch()) {
- array_push($errors, "SINGLE_USER_MODE is enabled but default admin account is not found.");
- }
- }
-
- if (php_sapi_name() != "cli") {
- $ref_self_url_path = make_self_url_path();
-
- if ($ref_self_url_path) {
- $ref_self_url_path = preg_replace("/\w+\.php$/", "", $ref_self_url_path);
- }
-
- if (Config::get(Config::SELF_URL_PATH) == "http://example.org/tt-rss/") {
- $hint = $ref_self_url_path ? "(possible value: $ref_self_url_path)" : "";
- array_push($errors,
- "Please set SELF_URL_PATH to the correct value for your server: $hint");
- }
-
- if ($ref_self_url_path &&
- (!defined('_SKIP_SELF_URL_PATH_CHECKS') || !_SKIP_SELF_URL_PATH_CHECKS) &&
- Config::get(Config::SELF_URL_PATH) != $ref_self_url_path && Config::get(Config::SELF_URL_PATH) != mb_substr($ref_self_url_path, 0, mb_strlen($ref_self_url_path)-1)) {
- array_push($errors,
- "Please set SELF_URL_PATH to the correct value detected for your server: $ref_self_url_path (you're using: " . Config::get(Config::SELF_URL_PATH) . ")");
- }
- }
-
- if (!is_writable(Config::get(Config::ICONS_DIR))) {
- array_push($errors, "ICONS_DIR defined in config.php is not writable (chmod -R 777 ".Config::get(Config::ICONS_DIR).").\n");
- }
-
- if (!is_writable(Config::get(Config::LOCK_DIRECTORY))) {
- array_push($errors, "LOCK_DIRECTORY is not writable (chmod -R 777 ".Config::get(Config::LOCK_DIRECTORY).").\n");
- }
-
- if (!function_exists("curl_init") && !ini_get("allow_url_fopen")) {
- array_push($errors, "PHP configuration option allow_url_fopen is disabled, and CURL functions are not present. Either enable allow_url_fopen or install PHP extension for CURL.");
- }
-
- if (!function_exists("json_encode")) {
- array_push($errors, "PHP support for JSON is required, but was not found.");
- }
-
- if (!class_exists("PDO")) {
- array_push($errors, "PHP support for PDO is required but was not found.");
- }
-
- if (!function_exists("mb_strlen")) {
- array_push($errors, "PHP support for mbstring functions is required but was not found.");
- }
-
- if (!function_exists("hash")) {
- array_push($errors, "PHP support for hash() function is required but was not found.");
- }
-
- if (ini_get("safe_mode")) {
- array_push($errors, "PHP safe mode setting is obsolete and not supported by tt-rss.");
- }
-
- if (!function_exists("mime_content_type")) {
- array_push($errors, "PHP function mime_content_type() is missing, try enabling fileinfo module.");
- }
-
- if (!class_exists("DOMDocument")) {
- array_push($errors, "PHP support for DOMDocument is required, but was not found.");
- }
-
- if (Config::get(Config::DB_TYPE) == "mysql") {
- $bad_tables = check_mysql_tables();
-
- if (count($bad_tables) > 0) {
- $bad_tables_fmt = [];
-
- foreach ($bad_tables as $bt) {
- array_push($bad_tables_fmt, sprintf("%s (%s)", $bt['table_name'], $bt['engine']));
- }
-
- $msg = "
The following tables use an unsupported MySQL engine: " .
- implode(", ", $bad_tables_fmt) . ".
";
-
- $msg .= "
The only supported engine on MySQL is InnoDB. MyISAM lacks functionality to run
- tt-rss.
- Please backup your data (via OPML) and re-import the schema before continuing.
-
WARNING: importing the schema would mean LOSS OF ALL YOUR DATA.
Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade. Please fix
- errors indicated by the following messages:
-
-
-
-
You might want to check tt-rss wiki or the
- forums for more information. Please search the forums before creating new topic
- for your question.
-
-
-
-
-
- 0) {
- echo "Tiny Tiny RSS was unable to start properly. This usually means a misconfiguration or an incomplete upgrade.\n";
- echo "Please fix errors indicated by the following messages:\n\n";
-
- foreach ($errors as $error) {
- echo " * " . strip_tags($error)."\n";
- }
-
- echo "\nYou might want to check tt-rss wiki or the forums for more information.\n";
- echo "Please search the forums before creating new topic for your question.\n";
-
- exit(-1);
- }
- }
-
- initial_sanity_check();
-
-?>
diff --git a/include/sessions.php b/include/sessions.php
index 891a6b3fa..04c24cf72 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -9,7 +9,7 @@
$session_expire = min(2147483647 - time() - 1, max(\Config::get(\Config::SESSION_COOKIE_LIFETIME), 86400));
$session_name = \Config::get(\Config::SESSION_NAME);
- if (is_server_https()) {
+ if (\Config::is_server_https()) {
ini_set("session.cookie_secure", "true");
}
diff --git a/index.php b/index.php
index 0218db5e1..51bd99e5e 100644
--- a/index.php
+++ b/index.php
@@ -13,14 +13,14 @@
require_once "autoload.php";
require_once "sessions.php";
require_once "functions.php";
- require_once "sanity_check.php";
+
+ Config::sanity_check();
if (!init_plugins()) return;
UserHelper::login_sequence();
header('Content-Type: text/html; charset=utf-8');
-
?>
diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php
index f24364ffd..0ac51ce4e 100644
--- a/plugins/auth_remote/init.php
+++ b/plugins/auth_remote/init.php
@@ -18,7 +18,7 @@ class Auth_Remote extends Auth_Base {
}
function get_login_by_ssl_certificate() {
- $cert_serial = get_ssl_certificate_id();
+ $cert_serial = Pref_Prefs::_get_ssl_certificate_id();
if ($cert_serial) {
$sth = $this->pdo->prepare("SELECT login FROM ttrss_user_prefs2, ttrss_users
diff --git a/plugins/bookmarklets/init.php b/plugins/bookmarklets/init.php
index 967918823..82ed6c97f 100644
--- a/plugins/bookmarklets/init.php
+++ b/plugins/bookmarklets/init.php
@@ -292,7 +292,7 @@ class Bookmarklets extends Plugin {
print_error("Not logged in");
?>
-