blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

implement ProtectedHandler

Browse source
This commit is contained in:
Andrew Dolgov 2011-12-13 14:15:42 +04:00
parent 8e17d6636e
commit 46da73c255
10 changed files with 79 additions and 71 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
classes/article.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Article extends Handler { class Article extends Protected_Handler {
function redirect() { function redirect() {
$id = db_escape_string($_REQUEST['id']); $id = db_escape_string($_REQUEST['id']);

16
classes/dlg.php
View file

@ -1,7 +1,7 @@
<?php <?php
class Dlg extends Handler { class Dlg extends Protected_Handler {
private $param; private $param;
function before() { function before() {
if (parent::before()) { if (parent::before()) {
header("Content-Type: text/xml; charset=utf-8"); header("Content-Type: text/xml; charset=utf-8");
@ -11,14 +11,14 @@ class Dlg extends Handler {
} }
return false; return false;
} }
function after() { function after() {
print "</dlg>"; print "</dlg>";
} }
function importOpml() { function importOpml() {
header("Content-Type: text/html"); # required for iframe header("Content-Type: text/html"); # required for iframe
print "<div class=\"prefFeedOPMLHolder\">"; print "<div class=\"prefFeedOPMLHolder\">";
$owner_uid = $_SESSION["uid"]; $owner_uid = $_SESSION["uid"];
@ -534,7 +534,7 @@ class Dlg extends Handler {
} }
function inactiveFeeds() { function inactiveFeeds() {
if (DB_TYPE == "pgsql") { if (DB_TYPE == "pgsql") {
$interval_qpart = "NOW() - INTERVAL '3 months'"; $interval_qpart = "NOW() - INTERVAL '3 months'";
} else { } else {
@ -714,7 +714,7 @@ class Dlg extends Handler {
} }
function printTagSelect() { function printTagSelect() {
print "<title>" . __('Select item(s) by tags') . "</title>"; print "<title>" . __('Select item(s) by tags') . "</title>";
print "<content><![CDATA["; print "<content><![CDATA[";
@ -851,7 +851,7 @@ class Dlg extends Handler {
} }
function generatedFeed() { function generatedFeed() {
print "<title>".__('View as RSS')."</title>"; print "<title>".__('View as RSS')."</title>";
print "<content><![CDATA["; print "<content><![CDATA[";
@ -884,7 +884,7 @@ class Dlg extends Handler {
} }
function newVersion() { function newVersion() {
$version_data = check_for_update($this->link); $version_data = check_for_update($this->link);
$version = $version_data['version']; $version = $version_data['version'];
$id = $version_data['version_id']; $id = $version_data['version_id'];

94
classes/feeds.php
View file

@ -1,11 +1,11 @@
<?php <?php
class Feeds extends Handler { class Feeds extends Protected_Handler {
function catchupAll() { function catchupAll() {
db_query($this->link, "UPDATE ttrss_user_entries SET db_query($this->link, "UPDATE ttrss_user_entries SET
last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]); last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);
ccache_zero_all($this->link, $_SESSION["uid"]); ccache_zero_all($this->link, $_SESSION["uid"]);
} }
function collapse() { function collapse() {
$cat_id = db_escape_string($_REQUEST["cid"]); $cat_id = db_escape_string($_REQUEST["cid"]);
@ -15,36 +15,36 @@ class Feeds extends Handler {
function index() { function index() {
$root = (bool)$_REQUEST["root"]; $root = (bool)$_REQUEST["root"];
if (!$root) { if (!$root) {
print json_encode(outputFeedList($this->link)); print json_encode(outputFeedList($this->link));
} else { } else {
$feeds = outputFeedList($this->link, false); $feeds = outputFeedList($this->link, false);
$root = array(); $root = array();
$root['id'] = 'root'; $root['id'] = 'root';
$root['name'] = __('Feeds'); $root['name'] = __('Feeds');
$root['items'] = $feeds['items']; $root['items'] = $feeds['items'];
$fl = array(); $fl = array();
$fl['identifier'] = 'id'; $fl['identifier'] = 'id';
$fl['label'] = 'name'; $fl['label'] = 'name';
$fl['items'] = array($root); $fl['items'] = array($root);
print json_encode($fl); print json_encode($fl);
} }
} }
function view() { function view() {
$timing_info = getmicrotime(); $timing_info = getmicrotime();
$reply = array(); $reply = array();
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$omode = db_escape_string($_REQUEST["omode"]); $omode = db_escape_string($_REQUEST["omode"]);
$feed = db_escape_string($_REQUEST["feed"]); $feed = db_escape_string($_REQUEST["feed"]);
$method = db_escape_string($_REQUEST["m"]); $method = db_escape_string($_REQUEST["m"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]); $view_mode = db_escape_string($_REQUEST["view_mode"]);
@ -54,19 +54,19 @@ class Feeds extends Handler {
@$offset = db_escape_string($_REQUEST["skip"]); @$offset = db_escape_string($_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
$order_by = db_escape_string($_REQUEST["order_by"]); $order_by = db_escape_string($_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed; if (is_numeric($feed)) $feed = (int) $feed;
/* Feed -5 is a special case: it is used to display auxiliary information /* Feed -5 is a special case: it is used to display auxiliary information
* when there's nothing to load - e.g. no stuff in fresh feed */ * when there's nothing to load - e.g. no stuff in fresh feed */
if ($feed == -5) { if ($feed == -5) {
print json_encode(generate_dashboard_feed($this->link)); print json_encode(generate_dashboard_feed($this->link));
return; return;
} }
$result = false; $result = false;
if ($feed < -10) { if ($feed < -10) {
$label_feed = -11-$feed; $label_feed = -11-$feed;
$result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE $result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE
@ -78,45 +78,45 @@ class Feeds extends Handler {
$result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE $result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']); id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} }
if ($result && db_num_rows($result) == 0) { if ($result && db_num_rows($result) == 0) {
print json_encode(generate_error_feed($this->link, __("Feed not found."))); print json_encode(generate_error_feed($this->link, __("Feed not found.")));
return; return;
} }
/* Updating a label ccache means recalculating all of the caches /* Updating a label ccache means recalculating all of the caches
* so for performance reasons we don't do that here */ * so for performance reasons we don't do that here */
if ($feed >= 0) { if ($feed >= 0) {
ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view); ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view);
} }
set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode); set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode);
set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit); set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit);
set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by); set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by);
if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) { if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) {
db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW() db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW()
WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
} }
$reply['headlines'] = array(); $reply['headlines'] = array();
if (!$next_unread_feed) if (!$next_unread_feed)
$reply['headlines']['id'] = $feed; $reply['headlines']['id'] = $feed;
else else
$reply['headlines']['id'] = $next_unread_feed; $reply['headlines']['id'] = $next_unread_feed;
$reply['headlines']['is_cat'] = (bool) $cat_view; $reply['headlines']['is_cat'] = (bool) $cat_view;
$override_order = false; $override_order = false;
if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) { if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
$date_sort_field = "updated"; $date_sort_field = "updated";
} else { } else {
$date_sort_field = "date_entered"; $date_sort_field = "date_entered";
} }
switch ($order_by) { switch ($order_by) {
case "date": case "date":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
@ -125,7 +125,7 @@ class Feeds extends Handler {
$override_order = "$date_sort_field DESC"; $override_order = "$date_sort_field DESC";
} }
break; break;
case "title": case "title":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "title DESC, $date_sort_field"; $override_order = "title DESC, $date_sort_field";
@ -133,7 +133,7 @@ class Feeds extends Handler {
$override_order = "title, $date_sort_field DESC"; $override_order = "title, $date_sort_field DESC";
} }
break; break;
case "score": case "score":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) { if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "score, $date_sort_field"; $override_order = "score, $date_sort_field";
@ -142,46 +142,46 @@ class Feeds extends Handler {
} }
break; break;
} }
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info);
$ret = format_headlines_list($this->link, $feed, $method, $ret = format_headlines_list($this->link, $feed, $method,
$view_mode, $limit, $cat_view, $next_unread_feed, $offset, $view_mode, $limit, $cat_view, $next_unread_feed, $offset,
$vgroup_last_feed, $override_order); $vgroup_last_feed, $override_order);
$topmost_article_ids = $ret[0]; $topmost_article_ids = $ret[0];
$headlines_count = $ret[1]; $headlines_count = $ret[1];
$returned_feed = $ret[2]; $returned_feed = $ret[2];
$disable_cache = $ret[3]; $disable_cache = $ret[3];
$vgroup_last_feed = $ret[4]; $vgroup_last_feed = $ret[4];
$reply['headlines']['content'] =& $ret[5]['content']; $reply['headlines']['content'] =& $ret[5]['content'];
$reply['headlines']['toolbar'] =& $ret[5]['toolbar']; $reply['headlines']['toolbar'] =& $ret[5]['toolbar'];
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info);
$reply['headlines-info'] = array("count" => (int) $headlines_count, $reply['headlines-info'] = array("count" => (int) $headlines_count,
"vgroup_last_feed" => $vgroup_last_feed, "vgroup_last_feed" => $vgroup_last_feed,
"disable_cache" => (bool) $disable_cache); "disable_cache" => (bool) $disable_cache);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info);
if (is_array($topmost_article_ids) && !get_pref($this->link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { if (is_array($topmost_article_ids) && !get_pref($this->link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) {
$articles = array(); $articles = array();
foreach ($topmost_article_ids as $id) { foreach ($topmost_article_ids as $id) {
array_push($articles, format_article($this->link, $id, false)); array_push($articles, format_article($this->link, $id, false));
} }
$reply['articles'] = $articles; $reply['articles'] = $articles;
} }
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info);
$reply['runtime-info'] = make_runtime_info($this->link); $reply['runtime-info'] = make_runtime_info($this->link);
print json_encode($reply); print json_encode($reply);
} }
} }
?> ?>

12
classes/pref_feeds.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Pref_Feeds extends Handler { class Pref_Feeds extends Protected_Handler {
function batch_edit_cbox($elem, $label = false) { function batch_edit_cbox($elem, $label = false) {
print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\" print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\"
onchange=\"dijit.byId('feedEditDlg').toggleField(this, '$elem', '$label')\">"; onchange=\"dijit.byId('feedEditDlg').toggleField(this, '$elem', '$label')\">";
@ -529,7 +529,7 @@ class Pref_Feeds extends Handler {
global $purge_intervals; global $purge_intervals;
global $update_intervals; global $update_intervals;
global $update_methods; global $update_methods;
$feed_ids = db_escape_string($_REQUEST["ids"]); $feed_ids = db_escape_string($_REQUEST["ids"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"ids\" value=\"$feed_ids\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"ids\" value=\"$feed_ids\">";
@ -688,13 +688,13 @@ class Pref_Feeds extends Handler {
function batchEditSave() { function batchEditSave() {
return editsaveops(true); return editsaveops(true);
} }
function editSave() { function editSave() {
return editsaveops(false); return editsaveops(false);
} }
function editsaveops($batch) { function editsaveops($batch) {
$feed_title = db_escape_string(trim($_POST["title"])); $feed_title = db_escape_string(trim($_POST["title"]));
$feed_link = db_escape_string(trim($_POST["feed_url"])); $feed_link = db_escape_string(trim($_POST["feed_url"]));
$upd_intl = (int) db_escape_string($_POST["update_interval"]); $upd_intl = (int) db_escape_string($_POST["update_interval"]);

2
classes/pref_filters.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Pref_Filters extends Handler { class Pref_Filters extends Protected_Handler {
function filter_test($filter_type, $reg_exp, function filter_test($filter_type, $reg_exp,
$action_id, $action_param, $filter_param, $inverse, $feed_id) { $action_id, $action_param, $filter_param, $inverse, $feed_id) {

2
classes/pref_labels.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Pref_Labels extends Handler { class Pref_Labels extends Protected_Handler {
function edit() { function edit() {
$label_id = db_escape_string($_REQUEST['id']); $label_id = db_escape_string($_REQUEST['id']);

2
classes/pref_prefs.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Pref_Prefs extends Handler { class Pref_Prefs extends Protected_Handler {
function changepassword() { function changepassword() {

2
classes/pref_users.php
View file

@ -1,5 +1,5 @@
<?php <?php
class Pref_Users extends Handler { class Pref_Users extends Protected_Handler {
function before() { function before() {
if (parent::before()) { if (parent::before()) {

8
classes/protected_handler.php Normal file
View file

@ -0,0 +1,8 @@
<?php
class Protected_Handler extends Handler {
function before() {
return parent::before() && $_SESSION['uid'];
}
}
?>

10
classes/rpc.php
View file

@ -1,9 +1,9 @@
<?php <?php
class RPC extends Handler { class RPC extends Protected_Handler {
function setprofile() { function setprofile() {
$id = db_escape_string($_REQUEST["id"]); $id = db_escape_string($_REQUEST["id"]);
$_SESSION["profile"] = $id; $_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array(); $_SESSION["prefs_cache"] = array();
} }
@ -215,7 +215,7 @@ class RPC extends Handler {
if ($last_article_id != getLastArticleId($this->link)) { if ($last_article_id != getLastArticleId($this->link)) {
$omode = $_REQUEST["omode"]; $omode = $_REQUEST["omode"];
if ($omode != "T") if ($omode != "T")
$reply['counters'] = getAllCounters($this->link, $omode); $reply['counters'] = getAllCounters($this->link, $omode);
else else
@ -403,11 +403,11 @@ class RPC extends Handler {
function assigntolabel() { function assigntolabel() {
return labelops(true); return labelops(true);
} }
function removefromlabel() { function removefromlabel() {
return labelops(false); return labelops(false);
} }
function labelops($assign) { function labelops($assign) {
$reply = array(); $reply = array();