replace old-style published feed with universal secretkey-based approach used for all feeds; do not allow user/pass handling in generated feed urls; bump schema
This commit is contained in:
parent
811bea0522
commit
8801fb017c
32
backend.php
32
backend.php
|
@ -466,31 +466,10 @@
|
|||
module_pref_feed_browser($link);
|
||||
break; // pref-feed-browser
|
||||
|
||||
case "publish":
|
||||
$key = db_escape_string($_REQUEST["key"]);
|
||||
$limit = (int)db_escape_string($_REQUEST["limit"]);
|
||||
|
||||
$result = db_query($link, "SELECT login, owner_uid
|
||||
FROM ttrss_user_prefs, ttrss_users WHERE
|
||||
pref_name = '_PREFS_PUBLISH_KEY' AND
|
||||
value = '$key' AND
|
||||
ttrss_users.id = owner_uid");
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$owner = db_fetch_result($result, 0, "owner_uid");
|
||||
$login = db_fetch_result($result, 0, "login");
|
||||
|
||||
generate_syndicated_feed($link, $owner, -2, false, $limit);
|
||||
|
||||
} else {
|
||||
print "<error>User not found</error>";
|
||||
}
|
||||
break; // publish
|
||||
|
||||
case "rss":
|
||||
$feed = db_escape_string($_REQUEST["id"]);
|
||||
$user = db_escape_string($_REQUEST["user"]);
|
||||
$pass = db_escape_string($_REQUEST["pass"]);
|
||||
$key = db_escape_string($_REQUEST["key"]);
|
||||
$is_cat = $_REQUEST["is_cat"] != false;
|
||||
$limit = (int)db_escape_string($_REQUEST["limit"]);
|
||||
|
||||
|
@ -503,8 +482,13 @@
|
|||
authenticate_user($link, "admin", null);
|
||||
}
|
||||
|
||||
if (!$_SESSION["uid"] && $user && $pass) {
|
||||
authenticate_user($link, $user, $pass);
|
||||
if ($key && !$_SESSION["uid"]) {
|
||||
$result = db_query($link, "SELECT owner_uid FROM
|
||||
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
|
||||
|
||||
if (db_num_rows($result) == 1)
|
||||
$_SESSION["uid"] = db_fetch_result($result, 0, "owner_uid");
|
||||
|
||||
}
|
||||
|
||||
if ($_SESSION["uid"] || http_authenticate_user($link)) {
|
||||
|
|
45
functions.js
45
functions.js
|
@ -2216,3 +2216,48 @@ function quickAddCat(select) {
|
|||
exception_error("quickAddCat", e);
|
||||
}
|
||||
}
|
||||
|
||||
function genUrlChangeKey(feed, is_cat) {
|
||||
|
||||
try {
|
||||
var ok = confirm(__("Generate new syndication address for this feed?"));
|
||||
|
||||
if (ok) {
|
||||
|
||||
notify_progress("Trying to change address...", true);
|
||||
|
||||
var query = "?op=rpc&subop=regenFeedKey&id=" + param_escape(feed) +
|
||||
"&is_cat=" + param_escape(is_cat);
|
||||
|
||||
new Ajax.Request("backend.php", {
|
||||
parameters: query,
|
||||
onComplete: function(transport) {
|
||||
var new_link = transport.responseXML.getElementsByTagName("link")[0];
|
||||
|
||||
var e = $('gen_feed_url');
|
||||
|
||||
if (new_link) {
|
||||
|
||||
new_link = new_link.firstChild.nodeValue;
|
||||
|
||||
e.innerHTML = e.innerHTML.replace(/\&key=.*$/,
|
||||
"&key=" + new_link);
|
||||
|
||||
e.href = e.href.replace(/\&key=.*$/,
|
||||
"&key=" + new_link);
|
||||
|
||||
new Effect.Highlight(e);
|
||||
|
||||
notify('');
|
||||
|
||||
} else {
|
||||
notify_error("Could not change feed URL.");
|
||||
}
|
||||
} });
|
||||
}
|
||||
} catch (e) {
|
||||
exception_error("genUrlChangeKey", e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
|
@ -4203,12 +4203,19 @@
|
|||
$search_q = "";
|
||||
}
|
||||
|
||||
$rss_link = "backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q";
|
||||
$rss_link = htmlspecialchars(get_self_url_prefix() .
|
||||
"/backend.php?op=rss&id=$feed_id&is_cat=$is_cat&view-mode=$view_mode$search_q");
|
||||
|
||||
#print "
|
||||
# <a target=\"_blank\"
|
||||
# title=\"".__("View as RSS feed")."\"
|
||||
# href=\"$rss_link\">
|
||||
# <img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
|
||||
|
||||
print "
|
||||
<a target=\"_blank\"
|
||||
<a href=\"#\"
|
||||
title=\"".__("View as RSS feed")."\"
|
||||
href=\"$rss_link\">
|
||||
onclick=\"displayDlg('generatedFeed', '$feed_id:$is_cat:$rss_link')\">
|
||||
<img class=\"noborder\" src=\"images/feed-icon-12x12.png\"></a>";
|
||||
|
||||
print "</div>";
|
||||
|
@ -5110,9 +5117,9 @@
|
|||
|
||||
$vgroup_last_feed = $vgr_last_feed;
|
||||
|
||||
if ($feed == -2) {
|
||||
/* if ($feed == -2) {
|
||||
$feed_site_url = article_publish_url($link);
|
||||
}
|
||||
} */
|
||||
|
||||
/// STOP //////////////////////////////////////////////////////////////////////////////////
|
||||
|
||||
|
@ -5730,15 +5737,10 @@
|
|||
return $tag;
|
||||
}
|
||||
|
||||
function generate_publish_key() {
|
||||
return sha1(uniqid(rand(), true));
|
||||
}
|
||||
|
||||
function article_publish_url($link) {
|
||||
function get_self_url_prefix() {
|
||||
|
||||
$url_path = "";
|
||||
|
||||
|
||||
if ($_SERVER['HTTPS'] != "on") {
|
||||
$url_path = "http://";
|
||||
} else {
|
||||
|
@ -5746,22 +5748,13 @@
|
|||
}
|
||||
|
||||
$url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
|
||||
$url_path .= "/backend.php?op=publish&key=" .
|
||||
get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
|
||||
|
||||
return $url_path;
|
||||
|
||||
}
|
||||
function opml_publish_url($link){
|
||||
$url_path = "";
|
||||
|
||||
|
||||
if ($_SERVER['HTTPS'] != "on") {
|
||||
$url_path = "http://";
|
||||
} else {
|
||||
$url_path = "https://";
|
||||
}
|
||||
|
||||
$url_path .= $_SERVER['HTTP_HOST'].dirname($_SERVER['PHP_SELF']);
|
||||
$url_path = get_self_url_prefix();
|
||||
$url_path .= "/opml.php?op=publish&key=" .
|
||||
get_pref($link, "_PREFS_PUBLISH_KEY", $_SESSION["uid"]);
|
||||
|
||||
|
@ -6368,6 +6361,13 @@
|
|||
|
||||
if (db_affected_rows($link, $result) != 0 && $caption) {
|
||||
|
||||
/* Remove access key for the label */
|
||||
|
||||
$ext_id = -11 - $id;
|
||||
|
||||
db_query($link, "DELETE FROM ttrss_access_keys WHERE
|
||||
feed_id = '$ext_id' AND owner_uid = $owner_uid");
|
||||
|
||||
/* Disable filters that reference label being removed */
|
||||
|
||||
db_query($link, "UPDATE ttrss_filters SET
|
||||
|
@ -6559,6 +6559,11 @@
|
|||
orig_feed_id = '$id' WHERE feed_id = '$id' AND
|
||||
marked = true AND owner_uid = $owner_uid");
|
||||
|
||||
/* Remove access key for the feed */
|
||||
|
||||
db_query($link, "DELETE FROM ttrss_access_keys WHERE
|
||||
feed_id = '$id' AND owner_uid = $owner_uid");
|
||||
|
||||
/* remove the feed */
|
||||
|
||||
db_query($link, "DELETE FROM ttrss_feeds
|
||||
|
@ -6899,4 +6904,51 @@
|
|||
if (!in_array($email, $_SESSION['stored_emails']))
|
||||
array_push($_SESSION['stored_emails'], $email);
|
||||
}
|
||||
|
||||
function update_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
|
||||
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
|
||||
|
||||
$sql_is_cat = bool_to_sql_bool($is_cat);
|
||||
|
||||
$result = db_query($link, "SELECT access_key FROM ttrss_access_keys
|
||||
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
|
||||
AND owner_uid = " . $owner_uid);
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
$key = db_escape_string(sha1(uniqid(rand(), true)));
|
||||
|
||||
db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key'
|
||||
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
|
||||
AND owner_uid = " . $owner_uid);
|
||||
|
||||
return $key;
|
||||
|
||||
} else {
|
||||
return get_feed_access_key($link, $feed_id, $is_cat, $owner_uid);
|
||||
}
|
||||
}
|
||||
|
||||
function get_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) {
|
||||
|
||||
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
|
||||
|
||||
$sql_is_cat = bool_to_sql_bool($is_cat);
|
||||
|
||||
$result = db_query($link, "SELECT access_key FROM ttrss_access_keys
|
||||
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
|
||||
AND owner_uid = " . $owner_uid);
|
||||
|
||||
if (db_num_rows($result) == 1) {
|
||||
return db_fetch_result($result, 0, "access_key");
|
||||
} else {
|
||||
$key = db_escape_string(sha1(uniqid(rand(), true)));
|
||||
|
||||
$result = db_query($link, "INSERT INTO ttrss_access_keys
|
||||
(access_key, feed_id, is_cat, owner_uid)
|
||||
VALUES ('$key', '$feed_id', $sql_is_cat, '$owner_uid')");
|
||||
|
||||
return $key;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -464,25 +464,11 @@
|
|||
return;
|
||||
}
|
||||
|
||||
if ($subop == "regenPubKey") {
|
||||
|
||||
print "<rpc-reply>";
|
||||
|
||||
set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
|
||||
|
||||
$new_link = article_publish_url($link);
|
||||
|
||||
print "<link><![CDATA[$new_link]]></link>";
|
||||
|
||||
print "</rpc-reply>";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($subop == "regenOPMLKey") {
|
||||
|
||||
print "<rpc-reply>";
|
||||
set_pref($link, " _PREFS_OPML_PUBLISH_KEY", generate_publish_key(), $_SESSION["uid"]);
|
||||
set_pref($link, " _PREFS_OPML_PUBLISH_KEY",
|
||||
sha1(uniqid(rand(), true)), $_SESSION["uid"]);
|
||||
$new_link = opml_publish_url($link);
|
||||
print "<link><![CDATA[$new_link]]></link>";
|
||||
print "</rpc-reply>";
|
||||
|
@ -1119,6 +1105,21 @@
|
|||
return;
|
||||
}
|
||||
|
||||
if ($subop == "regenFeedKey") {
|
||||
$feed_id = db_escape_string($_REQUEST['id']);
|
||||
$is_cat = (bool) db_escape_string($_REQUEST['is_cat']);
|
||||
|
||||
print "<rpc-reply>";
|
||||
|
||||
$new_key = update_feed_access_key($link, $feed_id, $is_cat);
|
||||
|
||||
print "<link><![CDATA[$new_key]]></link>";
|
||||
|
||||
print "</rpc-reply>";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
print "<rpc-reply><error>Unknown method: $subop</error></rpc-reply>";
|
||||
}
|
||||
?>
|
||||
|
|
|
@ -158,33 +158,6 @@
|
|||
return;
|
||||
}
|
||||
|
||||
if ($id == "pubUrl") {
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('Published Articles')."</div>";
|
||||
print "<div class=\"infoBoxContents\">";
|
||||
|
||||
$url_path = article_publish_url($link);
|
||||
|
||||
print __("Your Published articles feed URL is:");
|
||||
|
||||
print "<div class=\"tagCloudContainer\">";
|
||||
print "<a id='pub_feed_url' href='$url_path' target='_blank'>$url_path</a>";
|
||||
print "</div>";
|
||||
|
||||
print "<div align='center'>";
|
||||
|
||||
print "<button onclick=\"return pubRegenKey()\">".
|
||||
__('Generate new URL')."</button> ";
|
||||
|
||||
print "<input class=\"button\"
|
||||
type=\"submit\" onclick=\"return closeInfoBox()\"
|
||||
value=\"".__('Close this window')."\">";
|
||||
|
||||
print "</div></div>";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
if ($id == "pubOPMLUrl") {
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('Public OPML URL')."</div>";
|
||||
|
@ -777,6 +750,39 @@
|
|||
return;
|
||||
}
|
||||
|
||||
if ($id == "generatedFeed") {
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('View as RSS')."</div>";
|
||||
print "<div class=\"infoBoxContents\">";
|
||||
|
||||
$params = explode(":", $param, 3);
|
||||
$feed_id = db_escape_string($params[0]);
|
||||
$is_cat = (bool) $params[1];
|
||||
|
||||
$key = get_feed_access_key($link, $feed_id, $is_cat);
|
||||
|
||||
$url_path = htmlspecialchars($params[2]) . "&key=" . $key;
|
||||
|
||||
print __("You can view this feed as RSS using the following URL:");
|
||||
|
||||
print "<div class=\"tagCloudContainer\">";
|
||||
print "<a id='gen_feed_url' href='$url_path' target='_blank'>$url_path</a>";
|
||||
print "</div>";
|
||||
|
||||
print "<div align='center'>";
|
||||
|
||||
print "<button onclick=\"return genUrlChangeKey('$feed_id', '$is_cat')\">".
|
||||
__('Generate new URL')."</button> ";
|
||||
|
||||
print "<input class=\"button\"
|
||||
type=\"submit\" onclick=\"return closeInfoBox()\"
|
||||
value=\"".__('Close this window')."\">";
|
||||
|
||||
print "</div></div>";
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
print "<div id='infoBoxTitle'>Internal Error</div>
|
||||
<div id='infoBoxContents'>
|
||||
<p>Unknown dialog <b>$id</b></p>
|
||||
|
|
|
@ -1447,7 +1447,8 @@
|
|||
__('Export OPML')."</button>";
|
||||
|
||||
if (!get_pref($link, "_PREFS_OPML_PUBLISH_KEY")){
|
||||
set_pref($link, "_PREFS_OPML_PUBLISH_KEY", generate_publish_key());
|
||||
set_pref($link, "_PREFS_OPML_PUBLISH_KEY",
|
||||
sha1(uniqid(rand(), true)));
|
||||
}
|
||||
|
||||
print "<p>".__('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.');
|
||||
|
@ -1489,13 +1490,12 @@
|
|||
|
||||
print "<h3>".__("Published articles")."</h3>";
|
||||
|
||||
if (!get_pref($link, "_PREFS_PUBLISH_KEY")) {
|
||||
set_pref($link, "_PREFS_PUBLISH_KEY", generate_publish_key());
|
||||
}
|
||||
|
||||
print "<p>".__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.')."</p>";
|
||||
|
||||
print "<button onclick=\"return displayDlg('pubUrl')\">".
|
||||
$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
|
||||
"/backend.php?op=rss&id=-2&view-mode=all_articles");;
|
||||
|
||||
print "<button onclick=\"return displayDlg('generatedFeed', '$rss_url')\">".
|
||||
__('Display URL')."</button> ";
|
||||
|
||||
|
||||
|
|
37
prefs.js
37
prefs.js
|
@ -1569,43 +1569,6 @@ function feedlistToggleSLAT() {
|
|||
updateFeedList()
|
||||
}
|
||||
|
||||
function pubRegenKey() {
|
||||
|
||||
try {
|
||||
var ok = confirm(__("Replace current publishing address with a new one?"));
|
||||
|
||||
if (ok) {
|
||||
|
||||
notify_progress("Trying to change address...", true);
|
||||
|
||||
var query = "?op=rpc&subop=regenPubKey";
|
||||
|
||||
new Ajax.Request("backend.php", {
|
||||
parameters: query,
|
||||
onComplete: function(transport) {
|
||||
var new_link = transport.responseXML.getElementsByTagName("link")[0];
|
||||
|
||||
var e = $('pub_feed_url');
|
||||
|
||||
if (new_link) {
|
||||
e.href = new_link.firstChild.nodeValue;
|
||||
e.innerHTML = new_link.firstChild.nodeValue;
|
||||
|
||||
new Effect.Highlight(e);
|
||||
|
||||
notify('');
|
||||
|
||||
} else {
|
||||
notify_error("Could not change feed URL.");
|
||||
}
|
||||
} });
|
||||
}
|
||||
} catch (e) {
|
||||
exception_error("pubRegenKey", e);
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
function opmlRegenKey() {
|
||||
|
||||
try {
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
require_once "functions.php";
|
||||
|
||||
define('EXPECTED_CONFIG_VERSION', 19);
|
||||
define('SCHEMA_VERSION', 68);
|
||||
define('SCHEMA_VERSION', 69);
|
||||
|
||||
if (!file_exists("config.php")) {
|
||||
print "<b>Fatal Error</b>: You forgot to copy
|
||||
|
|
|
@ -1,6 +1,7 @@
|
|||
SET NAMES utf8;
|
||||
SET CHARACTER SET utf8;
|
||||
|
||||
drop table if exists ttrss_access_keys;
|
||||
drop table if exists ttrss_user_labels2;
|
||||
drop table if exists ttrss_labels2;
|
||||
drop table if exists ttrss_feedbrowser_cache;
|
||||
|
@ -241,7 +242,7 @@ create table ttrss_tags (id integer primary key auto_increment,
|
|||
|
||||
create table ttrss_version (schema_version int not null) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
||||
|
||||
insert into ttrss_version values (68);
|
||||
insert into ttrss_version values (69);
|
||||
|
||||
create table ttrss_enclosures (id integer primary key auto_increment,
|
||||
content_url text not null,
|
||||
|
@ -446,4 +447,11 @@ create table ttrss_user_labels2 (label_id integer not null,
|
|||
foreign key (article_id) references ttrss_entries(id) ON DELETE CASCADE
|
||||
) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
||||
|
||||
create table ttrss_access_keys (id serial not null primary key,
|
||||
access_key varchar(250) not null,
|
||||
feed_id varchar(250) not null,
|
||||
is_cat bool not null default false,
|
||||
owner_uid integer not null,
|
||||
foreign key (owner_uid) references ttrss_users(id) ON DELETE CASCADE) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
||||
|
||||
commit;
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
drop table ttrss_access_keys;
|
||||
drop table ttrss_user_labels2;
|
||||
drop table ttrss_labels2;
|
||||
drop table ttrss_feedbrowser_cache;
|
||||
|
@ -213,7 +214,7 @@ create index ttrss_tags_owner_uid_index on ttrss_tags(owner_uid);
|
|||
|
||||
create table ttrss_version (schema_version int not null);
|
||||
|
||||
insert into ttrss_version values (68);
|
||||
insert into ttrss_version values (69);
|
||||
|
||||
create table ttrss_enclosures (id serial not null primary key,
|
||||
content_url text not null,
|
||||
|
@ -405,4 +406,10 @@ create table ttrss_user_labels2 (
|
|||
article_id integer not null references ttrss_entries(id) ON DELETE CASCADE
|
||||
);
|
||||
|
||||
create table ttrss_access_keys (id serial not null primary key,
|
||||
access_key varchar(250) not null,
|
||||
feed_id varchar(250) not null,
|
||||
is_cat boolean not null default false,
|
||||
owner_uid integer not null references ttrss_users(id) on delete cascade);
|
||||
|
||||
commit;
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
begin;
|
||||
|
||||
create table ttrss_access_keys (id serial not null primary key,
|
||||
access_key varchar(250) not null,
|
||||
feed_id varchar(250) not null,
|
||||
is_cat bool not null default false,
|
||||
owner_uid integer not null,
|
||||
foreign key (owner_uid) references ttrss_users(id) ON DELETE CASCADE) TYPE=InnoDB DEFAULT CHARSET=UTF8;
|
||||
|
||||
update ttrss_version set schema_version = 69;
|
||||
|
||||
commit;
|
|
@ -0,0 +1,11 @@
|
|||
begin;
|
||||
|
||||
create table ttrss_access_keys (id serial not null primary key,
|
||||
access_key varchar(250) not null,
|
||||
feed_id varchar(250) not null,
|
||||
is_cat bool not null default false,
|
||||
owner_uid integer not null references ttrss_users(id) on delete cascade);
|
||||
|
||||
update ttrss_version set schema_version = 69;
|
||||
|
||||
commit;
|
Loading…
Reference in New Issue