public function applyAction() { if (!file_exists(UPDATE_FILENAME) || !is_writable(FRESHRSS_PATH)) { Minz_Request::forward(array('c' => 'update'), true); } require UPDATE_FILENAME; if (Minz_Request::param('post_conf', false)) { $res = do_post_update(); Minz_ExtensionManager::callHook('post_update'); if ($res === true) { @unlink(UPDATE_FILENAME); @file_put_contents(join_path(DATA_PATH, 'last_update.txt'), ''); Minz_Request::good(_t('feedback.update.finished')); } else { Minz_Request::bad(_t('feedback.update.error', $res), array('c' => 'update', 'a' => 'index')); } } if (Minz_Request::isPost()) { save_info_update(); } if (!need_info_update()) { $res = apply_update(); if ($res === true) { Minz_Request::forward(array('c' => 'update', 'a' => 'apply', 'params' => array('post_conf' => true)), true); } else { Minz_Request::bad(_t('feedback.update.error', $res), array('c' => 'update', 'a' => 'index')); } } }
/** * This action handles the feed configuration page. * * It displays the feed configuration page. * If this action is reached through a POST request, it stores all new * configuraiton values then sends a notification to the user. * * The options available on the page are: * - name * - description * - website URL * - feed URL * - category id (default: default category id) * - CSS path to article on website * - display in main stream (default: 0) * - HTTP authentication * - number of article to retain (default: -2) * - refresh frequency (default: -2) * Default values are empty strings unless specified. */ public function feedAction() { if (Minz_Request::param('ajax')) { $this->view->_useLayout(false); } $feedDAO = FreshRSS_Factory::createFeedDao(); $this->view->feeds = $feedDAO->listFeeds(); $id = Minz_Request::param('id'); if ($id === false || !isset($this->view->feeds[$id])) { Minz_Error::error(404); return; } $this->view->feed = $this->view->feeds[$id]; Minz_View::prependTitle(_t('sub.title.feed_management') . ' · ' . $this->view->feed->name() . ' · '); if (Minz_Request::isPost()) { $user = Minz_Request::param('http_user', ''); $pass = Minz_Request::param('http_pass', ''); $httpAuth = ''; if ($user != '' || $pass != '') { $httpAuth = $user . ':' . $pass; } $cat = intval(Minz_Request::param('category', 0)); $values = array('name' => Minz_Request::param('name', ''), 'description' => sanitizeHTML(Minz_Request::param('description', '', true)), 'website' => Minz_Request::param('website', ''), 'url' => Minz_Request::param('url', ''), 'category' => $cat, 'pathEntries' => Minz_Request::param('path_entries', ''), 'priority' => intval(Minz_Request::param('priority', 0)), 'httpAuth' => $httpAuth, 'keep_history' => intval(Minz_Request::param('keep_history', -2)), 'ttl' => intval(Minz_Request::param('ttl', -2))); invalidateHttpCache(); $url_redirect = array('c' => 'subscription', 'params' => array('id' => $id)); if ($feedDAO->updateFeed($id, $values) !== false) { $this->view->feed->_category($cat); $this->view->feed->faviconPrepare(); Minz_Request::good(_t('feedback.sub.feed.updated'), $url_redirect); } else { Minz_Request::bad(_t('feedback.sub.feed.error'), $url_redirect); } } }
/** * This action displays the user profile page. */ public function profileAction() { Minz_View::prependTitle(_t('conf.profile.title') . ' · '); Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js'))); if (Minz_Request::isPost()) { $ok = true; $passwordPlain = Minz_Request::param('newPasswordPlain', '', true); if ($passwordPlain != '') { Minz_Request::_param('newPasswordPlain'); //Discard plain-text password ASAP $_POST['newPasswordPlain'] = ''; if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $ok &= $passwordHash != ''; FreshRSS_Context::$user_conf->passwordHash = $passwordHash; } Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash); $passwordPlain = Minz_Request::param('apiPasswordPlain', '', true); if ($passwordPlain != '') { if (!function_exists('password_hash')) { include_once LIB_PATH . '/password_compat.php'; } $passwordHash = password_hash($passwordPlain, PASSWORD_BCRYPT, array('cost' => self::BCRYPT_COST)); $passwordPlain = ''; $passwordHash = preg_replace('/^\\$2[xy]\\$/', '\\$2a\\$', $passwordHash); //Compatibility with bcrypt.js $ok &= $passwordHash != ''; FreshRSS_Context::$user_conf->apiPasswordHash = $passwordHash; } // TODO: why do we need of hasAccess here? if (FreshRSS_Auth::hasAccess('admin')) { FreshRSS_Context::$user_conf->mail_login = Minz_Request::param('mail_login', '', true); } $email = FreshRSS_Context::$user_conf->mail_login; Minz_Session::_param('mail', $email); $ok &= FreshRSS_Context::$user_conf->save(); if ($email != '') { $personaFile = DATA_PATH . '/persona/' . $email . '.txt'; @unlink($personaFile); $ok &= file_put_contents($personaFile, Minz_Session::param('currentUser', '_')) !== false; } if ($ok) { Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile')); } else { Minz_Request::bad(_t('feedback.profile.error'), array('c' => 'user', 'a' => 'profile')); } } }
/** * This action deletes all the feeds relative to a given category. * Feed-related queries are deleted. * * Request parameter is: * - id (of a category) */ public function emptyAction() { $feedDAO = FreshRSS_Factory::createFeedDao(); $url_redirect = array('c' => 'subscription', 'a' => 'index'); if (Minz_Request::isPost()) { invalidateHttpCache(); $id = Minz_Request::param('id'); if (!$id) { Minz_Request::bad(_t('feedback.sub.category.no_id'), $url_redirect); } // List feeds to remove then related user queries. $feeds = $feedDAO->listByCategory($id); if ($feedDAO->deleteFeedByCategory($id)) { // TODO: Delete old favicons // Remove related queries foreach ($feeds as $feed) { FreshRSS_Context::$user_conf->queries = remove_query_by_get('f_' . $feed->id(), FreshRSS_Context::$user_conf->queries); } FreshRSS_Context::$user_conf->save(); Minz_Request::good(_t('feedback.sub.category.emptied'), $url_redirect); } else { Minz_Request::bad(_t('feedback.sub.category.error'), $url_redirect); } } Minz_Request::forward($url_redirect, true); }
/** * This action handles the creation of a user query. * * It gets the GET parameters and stores them in the configuration query * storage. Before it is saved, the unwanted parameters are unset to keep * lean data. */ public function addQueryAction() { $whitelist = array('get', 'order', 'name', 'search', 'state'); $queries = FreshRSS_Context::$user_conf->queries; $query = Minz_Request::params(); $query['name'] = _t('conf.query.number', count($queries) + 1); foreach ($query as $key => $value) { if (!in_array($key, $whitelist)) { unset($query[$key]); } } $queries[] = $query; FreshRSS_Context::$user_conf->queries = $queries; FreshRSS_Context::$user_conf->save(); Minz_Request::good(_t('feedback.conf.query_created', $query['name']), array('c' => 'configure', 'a' => 'queries')); }
/** * This action deletes a feed. * * This page must be reached by a POST request. * If there are related queries, they are deleted too. * * Parameters are: * - id (default: false) * - r (default: false) * r permits to redirect to a given page at the end of this action. * * @todo handle "r" redirection in Minz_Request::forward()? */ public function deleteAction() { $redirect_url = Minz_Request::param('r', false, true); if (!$redirect_url) { $redirect_url = array('c' => 'subscription', 'a' => 'index'); } if (!Minz_Request::isPost()) { Minz_Request::forward($redirect_url, true); } $id = Minz_Request::param('id'); $feedDAO = FreshRSS_Factory::createFeedDao(); if ($feedDAO->deleteFeed($id)) { // TODO: Delete old favicon // Remove related queries FreshRSS_Context::$user_conf->queries = remove_query_by_get('f_' . $id, FreshRSS_Context::$user_conf->queries); FreshRSS_Context::$user_conf->save(); Minz_Request::good(_t('feedback.sub.feed.deleted'), $redirect_url); } else { Minz_Request::bad(_t('feedback.sub.feed.error'), $redirect_url); } }
/** * This action resets the authentication system. * * After reseting, form auth is set by default. */ public function resetAction() { Minz_View::prependTitle(_t('admin.auth.title_reset') . ' · '); Minz_View::appendScript(Minz_Url::display('/scripts/bcrypt.min.js?' . @filemtime(PUBLIC_PATH . '/scripts/bcrypt.min.js'))); $this->view->no_form = false; // Enable changement of auth only if Persona! if (FreshRSS_Context::$system_conf->auth_type != 'persona') { $this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.not_persona')); $this->view->no_form = true; return; } $conf = get_user_configuration(FreshRSS_Context::$system_conf->default_user); if (is_null($conf)) { return; } // Admin user must have set its master password. if (!$conf->passwordHash) { $this->view->message = array('status' => 'bad', 'title' => _t('gen.short.damn'), 'body' => _t('feedback.auth.no_password_set')); $this->view->no_form = true; return; } invalidateHttpCache(); if (Minz_Request::isPost()) { $nonce = Minz_Session::param('nonce'); $username = Minz_Request::param('username', ''); $challenge = Minz_Request::param('challenge', ''); $ok = FreshRSS_FormAuth::checkCredentials($username, $conf->passwordHash, $nonce, $challenge); if ($ok) { FreshRSS_Context::$system_conf->auth_type = 'form'; $ok = FreshRSS_Context::$system_conf->save(); if ($ok) { Minz_Request::good(_t('feedback.auth.form.set')); } else { Minz_Request::bad(_t('feedback.auth.form.not_set'), array('c' => 'auth', 'a' => 'reset')); } } else { Minz_Log::warning('Password mismatch for' . ' user='******', nonce=' . $nonce . ', c=' . $challenge); Minz_Request::bad(_t('feedback.auth.login.invalid'), array('c' => 'auth', 'a' => 'reset')); } } }
/** * This action handles import action. * * It must be reached by a POST request. * * Parameter is: * - file (default: nothing!) * Available file types are: zip, json or xml. */ public function importAction() { if (!Minz_Request::isPost()) { Minz_Request::forward(array('c' => 'importExport', 'a' => 'index'), true); } $file = $_FILES['file']; $status_file = $file['error']; if ($status_file !== 0) { Minz_Log::error('File cannot be uploaded. Error code: ' . $status_file); Minz_Request::bad(_t('feedback.import_export.file_cannot_be_uploaded'), array('c' => 'importExport', 'a' => 'index')); } @set_time_limit(300); $type_file = $this->guessFileType($file['name']); $list_files = array('opml' => array(), 'json_starred' => array(), 'json_feed' => array()); // We try to list all files according to their type $list = array(); if ($type_file === 'zip' && extension_loaded('zip')) { $zip = zip_open($file['tmp_name']); if (!is_resource($zip)) { // zip_open cannot open file: something is wrong Minz_Log::error('Zip archive cannot be imported. Error code: ' . $zip); Minz_Request::bad(_t('feedback.import_export.zip_error'), array('c' => 'importExport', 'a' => 'index')); } while (($zipfile = zip_read($zip)) !== false) { if (!is_resource($zipfile)) { // zip_entry() can also return an error code! Minz_Log::error('Zip file cannot be imported. Error code: ' . $zipfile); } else { $type_zipfile = $this->guessFileType(zip_entry_name($zipfile)); if ($type_file !== 'unknown') { $list_files[$type_zipfile][] = zip_entry_read($zipfile, zip_entry_filesize($zipfile)); } } } zip_close($zip); } elseif ($type_file === 'zip') { // Zip extension is not loaded Minz_Request::bad(_t('feedback.import_export.no_zip_extension'), array('c' => 'importExport', 'a' => 'index')); } elseif ($type_file !== 'unknown') { $list_files[$type_file][] = file_get_contents($file['tmp_name']); } // Import file contents. // OPML first(so categories and feeds are imported) // Starred articles then so the "favourite" status is already set // And finally all other files. $error = false; foreach ($list_files['opml'] as $opml_file) { $error = $this->importOpml($opml_file); } foreach ($list_files['json_starred'] as $article_file) { $error = $this->importJson($article_file, true); } foreach ($list_files['json_feed'] as $article_file) { $error = $this->importJson($article_file); } // And finally, we get import status and redirect to the home page Minz_Session::_param('actualize_feeds', true); $content_notif = $error === true ? _t('feedback.import_export.feeds_imported_with_errors') : _t('feedback.import_export.feeds_imported'); Minz_Request::good($content_notif); }
/** * This action purges old entries from feeds. * * @todo should be a POST request * @todo should be in feedController */ public function purgeAction() { @set_time_limit(300); $nb_month_old = max(FreshRSS_Context::$user_conf->old_entries, 1); $date_min = time() - 3600 * 24 * 30 * $nb_month_old; $feedDAO = FreshRSS_Factory::createFeedDao(); $feeds = $feedDAO->listFeeds(); $nb_total = 0; invalidateHttpCache(); foreach ($feeds as $feed) { $feed_history = $feed->keepHistory(); if ($feed_history == -2) { // TODO: -2 must be a constant! // -2 means we take the default value from configuration $feed_history = FreshRSS_Context::$user_conf->keep_history_default; } if ($feed_history >= 0) { $nb = $feedDAO->cleanOldEntries($feed->id(), $date_min, $feed_history); if ($nb > 0) { $nb_total += $nb; Minz_Log::debug($nb . ' old entries cleaned in feed [' . $feed->url() . ']'); } } } $feedDAO->updateCachedValues(); invalidateHttpCache(); Minz_Request::good(_t('feedback.sub.purge_completed', $nb_total), array('c' => 'configure', 'a' => 'archiving')); }
/** * This action handles the creation of a user query. * * It gets the GET parameters and stores them in the configuration query * storage. Before it is saved, the unwanted parameters are unset to keep * lean data. */ public function addQueryAction() { $category_dao = FreshRSS_Factory::createCategoryDAO(); $feed_dao = FreshRSS_Factory::createFeedDao(); $queries = array(); foreach (FreshRSS_Context::$user_conf->queries as $key => $query) { $queries[$key] = new FreshRSS_UserQuery($query, $feed_dao, $category_dao); } $params = Minz_Request::params(); $params['url'] = Minz_Url::display(array('params' => $params)); $params['name'] = _t('conf.query.number', count($queries) + 1); $queries[] = new FreshRSS_UserQuery($params, $feed_dao, $category_dao); FreshRSS_Context::$user_conf->queries = $queries; FreshRSS_Context::$user_conf->save(); Minz_Request::good(_t('feedback.conf.query_created', $query['name']), array('c' => 'configure', 'a' => 'queries')); }
/** * This action handles deletion of an extension. * * Only administrator can remove an extension. * This action must be reached by a POST request. * * Parameter is: * -e: extension name (urlencoded) */ public function removeAction() { if (!FreshRSS_Auth::hasAccess('admin')) { Minz_Error::error(403); } $url_redirect = array('c' => 'extension', 'a' => 'index'); if (Minz_Request::isPost()) { $ext_name = urldecode(Minz_Request::param('e')); $ext = Minz_ExtensionManager::findExtension($ext_name); if (is_null($ext)) { Minz_Request::bad(_t('feedback.extensions.not_found', $ext_name), $url_redirect); } $res = recursive_unlink($ext->getPath()); if ($res) { Minz_Request::good(_t('feedback.extensions.removed', $ext_name), $url_redirect); } else { Minz_Request::bad(_t('feedback.extensions.cannot_delete', $ext_name), $url_redirect); } } Minz_Request::forward($url_redirect, true); }