mirror of https://tt-rss.org/git/tt-rss.git
Merge branch 'master' of git.fakecake.org:tt-rss
This commit is contained in:
Andrew Dolgov
commit
88077702f3
|
|
@ -535,6 +535,7 @@ class API extends Handler {
|
|||
|
||||
/* Labels */
|
||||
|
||||
/* API only: -4 All feeds, including virtual feeds */
|
||||
if ($cat_id == -4 || $cat_id == -2) {
|
||||
$counters = Counters::getLabelCounters(true);
|
||||
|
||||
|
|
@ -582,7 +583,7 @@ class API extends Handler {
|
|||
if ($include_nested && $cat_id) {
|
||||
$sth = $pdo->prepare("SELECT
|
||||
id, title, order_id FROM ttrss_feed_categories
|
||||
WHERE parent_cat = ? AND owner_uid = ? ORDER BY id, title");
|
||||
WHERE parent_cat = ? AND owner_uid = ? ORDER BY order_id, title");
|
||||
|
||||
$sth->execute([$cat_id, $_SESSION['uid']]);
|
||||
|
||||
|
|
@ -611,12 +612,13 @@ class API extends Handler {
|
|||
$limit_qpart = "";
|
||||
}
|
||||
|
||||
/* API only: -3 All feeds, excluding virtual feeds (e.g. Labels and such) */
|
||||
if ($cat_id == -4 || $cat_id == -3) {
|
||||
$sth = $pdo->prepare("SELECT
|
||||
id, feed_url, cat_id, title, order_id, ".
|
||||
SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
|
||||
FROM ttrss_feeds WHERE owner_uid = ?
|
||||
ORDER BY cat_id, title " . $limit_qpart);
|
||||
ORDER BY order_id, title " . $limit_qpart);
|
||||
$sth->execute([$_SESSION['uid']]);
|
||||
|
||||
} else {
|
||||
|
|
@ -627,7 +629,7 @@ class API extends Handler {
|
|||
FROM ttrss_feeds WHERE
|
||||
(cat_id = :cat OR (:cat = 0 AND cat_id IS NULL))
|
||||
AND owner_uid = :uid
|
||||
ORDER BY cat_id, title " . $limit_qpart);
|
||||
ORDER BY order_id, title " . $limit_qpart);
|
||||
$sth->execute([":uid" => $_SESSION['uid'], ":cat" => $cat_id]);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -88,7 +88,7 @@ class Backend extends Handler {
|
|||
}
|
||||
|
||||
function help() {
|
||||
$topic = basename(clean($_REQUEST["topic"])); // only one for now
|
||||
$topic = clean_filename($_REQUEST["topic"]); // only one for now
|
||||
|
||||
if ($topic == "main") {
|
||||
$info = get_hotkeys_info();
|
||||
|
|
|
|||
|
|
@ -1203,30 +1203,30 @@ class Handler_Public extends Handler {
|
|||
public function pluginhandler() {
|
||||
$host = new PluginHost();
|
||||
|
||||
$plugin = basename(clean($_REQUEST["plugin"]));
|
||||
$plugin_name = clean_filename($_REQUEST["plugin"]);
|
||||
$method = clean($_REQUEST["pmethod"]);
|
||||
|
||||
$host->load($plugin, PluginHost::KIND_USER, 0);
|
||||
$host->load($plugin_name, PluginHost::KIND_USER, 0);
|
||||
$host->load_data();
|
||||
|
||||
$pclass = $host->get_plugin($plugin);
|
||||
$plugin = $host->get_plugin($plugin_name);
|
||||
|
||||
if ($pclass) {
|
||||
if (method_exists($pclass, $method)) {
|
||||
if ($pclass->is_public_method($method)) {
|
||||
$pclass->$method();
|
||||
if ($plugin) {
|
||||
if (method_exists($plugin, $method)) {
|
||||
if ($plugin->is_public_method($method)) {
|
||||
$plugin->$method();
|
||||
} else {
|
||||
user_error("pluginhandler: Requested private method '$method' of plugin '$plugin'.");
|
||||
user_error("PluginHandler[PUBLIC]: Requested private method '$method' of plugin '$plugin_name'.", E_USER_WARNING);
|
||||
header("Content-Type: text/json");
|
||||
print error_json(6);
|
||||
}
|
||||
} else {
|
||||
user_error("pluginhandler: Requested unknown method '$method' of plugin '$plugin'.");
|
||||
user_error("PluginHandler[PUBLIC]: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING);
|
||||
header("Content-Type: text/json");
|
||||
print error_json(13);
|
||||
}
|
||||
} else {
|
||||
user_error("pluginhandler: Requested method '$method' of unknown plugin '$plugin'.");
|
||||
user_error("PluginHandler[PUBLIC]: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING);
|
||||
header("Content-Type: text/json");
|
||||
print error_json(14);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -5,15 +5,18 @@ class PluginHandler extends Handler_Protected {
|
|||
}
|
||||
|
||||
function catchall($method) {
|
||||
$plugin = PluginHost::getInstance()->get_plugin(clean($_REQUEST["plugin"]));
|
||||
$plugin_name = clean($_REQUEST["plugin"]);
|
||||
$plugin = PluginHost::getInstance()->get_plugin($plugin_name);
|
||||
|
||||
if ($plugin) {
|
||||
if (method_exists($plugin, $method)) {
|
||||
$plugin->$method();
|
||||
} else {
|
||||
user_error("PluginHandler: Requested unknown method '$method' of plugin '$plugin_name'.", E_USER_WARNING);
|
||||
print error_json(13);
|
||||
}
|
||||
} else {
|
||||
user_error("PluginHandler: Requested method '$method' of unknown plugin '$plugin_name'.", E_USER_WARNING);
|
||||
print error_json(14);
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -186,7 +186,7 @@ class PluginHost {
|
|||
|
||||
foreach ($plugins as $class) {
|
||||
$class = trim($class);
|
||||
$class_file = strtolower(basename($class));
|
||||
$class_file = strtolower(clean_filename($class));
|
||||
|
||||
if (!is_dir(__DIR__."/../plugins/$class_file") &&
|
||||
!is_dir(__DIR__."/../plugins.local/$class_file")) continue;
|
||||
|
|
@ -491,4 +491,34 @@ class PluginHost {
|
|||
function get_owner_uid() {
|
||||
return $this->owner_uid;
|
||||
}
|
||||
|
||||
// handled by classes/pluginhandler.php, requires valid session
|
||||
function get_method_url($sender, $method, $params) {
|
||||
return get_self_url_prefix() . "/backend.php?" .
|
||||
http_build_query(
|
||||
array_merge(
|
||||
[
|
||||
"op" => "pluginhandler",
|
||||
"plugin" => strtolower(get_class($sender)),
|
||||
"method" => $method
|
||||
],
|
||||
$params));
|
||||
}
|
||||
|
||||
// WARNING: endpoint in public.php, exposed to unauthenticated users
|
||||
function get_public_method_url($sender, $method, $params) {
|
||||
if ($sender->is_public_method($method)) {
|
||||
return get_self_url_prefix() . "/public.php?" .
|
||||
http_build_query(
|
||||
array_merge(
|
||||
[
|
||||
"op" => "pluginhandler",
|
||||
"plugin" => strtolower(get_class($sender)),
|
||||
"pmethod" => $method
|
||||
],
|
||||
$params));
|
||||
} else {
|
||||
user_error("get_public_method_url: requested method '$method' of '" . get_class($sender) . "' is private.");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -572,7 +572,7 @@ class RPC extends Handler_Protected {
|
|||
|
||||
function log() {
|
||||
$msg = clean($_REQUEST['msg']);
|
||||
$file = basename(clean($_REQUEST['file']));
|
||||
$file = clean_filename($_REQUEST['file']);
|
||||
$line = (int) clean($_REQUEST['line']);
|
||||
$context = clean($_REQUEST['context']);
|
||||
|
||||
|
|
|
|||
|
|
@ -593,7 +593,7 @@
|
|||
}
|
||||
|
||||
function clean_filename($filename) {
|
||||
return basename(preg_replace("/\.\.|[\/\\\]/", "", $filename));
|
||||
return basename(preg_replace("/\.\.|[\/\\\]/", "", clean($filename)));
|
||||
}
|
||||
|
||||
function make_password($length = 12) {
|
||||
|
|
|
|||
|
|
@ -141,8 +141,7 @@ class Af_Proxy_Http extends Plugin {
|
|||
}
|
||||
}
|
||||
|
||||
return get_self_url_prefix() . "/public.php?op=pluginhandler&plugin=af_proxy_http&pmethod=imgproxy&url=" .
|
||||
urlencode($url);
|
||||
return $this->host->get_public_method_url($this, "imgproxy", ["url" => $url]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue