]> git.immae.eu Git - github/wallabag/wallabag.git/blob - inc/functions.php
projects / github / wallabag / wallabag.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
vérificatio CSRF et mise en page
[github/wallabag/wallabag.git] / inc / functions.php
1 <?php
2
3 /**
4 * Permet de générer l'URL de poche pour le bookmarklet
5 */
6 function get_poche_url()
7 {
8 $protocol = "http";
9 if(isset($_SERVER['HTTPS'])) {
10 if($_SERVER['HTTPS'] != "off") {
11 $protocol = "https";
12 }
13 }
14
15 return $protocol . "://" . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
16 }
17
18 // function define to retrieve url content
19 function get_external_file($url, $timeout)
20 {
21 // spoofing FireFox 18.0
22 $useragent="Mozilla/5.0 (Windows NT 5.1; rv:18.0) Gecko/20100101 Firefox/18.0";
23
24 if (in_array ('curl', get_loaded_extensions())) {
25 // Fetch feed from URL
26 $curl = curl_init();
27 curl_setopt($curl, CURLOPT_URL, $url);
28 curl_setopt($curl, CURLOPT_TIMEOUT, $timeout);
29 curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
30 curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
31 curl_setopt($curl, CURLOPT_HEADER, false);
32
33 // FeedBurner requires a proper USER-AGENT...
34 curl_setopt($curl, CURL_HTTP_VERSION_1_1, true);
35 curl_setopt($curl, CURLOPT_ENCODING, "gzip, deflate");
36 curl_setopt($curl, CURLOPT_USERAGENT, $useragent);
37
38 $data = curl_exec($curl);
39
40 $httpcode = curl_getinfo($curl, CURLINFO_HTTP_CODE);
41
42 $httpcodeOK = isset($httpcode) and ($httpcode == 200 or $httpcode == 301);
43
44 curl_close($curl);
45 } else {
46
47 // create http context and add timeout and user-agent
48 $context = stream_context_create(array('http'=>array('timeout' => $timeout, // Timeout : time until we stop waiting for the response.
49 'header'=> "User-Agent: ".$useragent, // spoot Mozilla Firefox
50 'follow_location' => true
51 )));
52
53 // only download page lesser than 4MB
54 $data = @file_get_contents($url, false, $context, -1, 4000000); // We download at most 4 MB from source.
55 // echo "<pre>http_response_header : ".print_r($http_response_header);
56
57 if(isset($http_response_header) and isset($http_response_header[0])) {
58 $httpcodeOK = isset($http_response_header) and isset($http_response_header[0]) and ((strpos($http_response_header[0], '200 OK') !== FALSE) or (strpos($http_response_header[0], '301 Moved Permanently') !== FALSE));
59 }
60 }
61
62 // if response is not empty and response is OK
63 if (isset($data) and isset($httpcodeOK) and $httpcodeOK ) {
64
65 // take charset of page and get it
66 preg_match('#<meta .*charset=.*>#Usi', $data, $meta);
67
68 // if meta tag is found
69 if (!empty($meta[0])) {
70 // retrieve encoding in $enc
71 preg_match('#charset="?(.*)"#si', $meta[0], $enc);
72
73 // if charset is found set it otherwise, set it to utf-8
74 $html_charset = (!empty($enc[1])) ? strtolower($enc[1]) : 'utf-8';
75
76 } else {
77 $html_charset = 'utf-8';
78 $enc[1] = '';
79 }
80
81 // replace charset of url to charset of page
82 $data = str_replace('charset='.$enc[1], 'charset='.$html_charset, $data);
83
84 return $data;
85 }
86 else {
87 return FALSE;
88 }
89 }
90
91 /**
92 * Préparation de l'URL avec récupération du contenu avant insertion en base
93 */
94 function prepare_url($url)
95 {
96 $parametres = array();
97 $url = html_entity_decode(trim($url));
98
99 // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...)
100 // from shaarli, by sebsauvage
101 $i=strpos($url,'&utm_source='); if ($i!==false) $url=substr($url,0,$i);
102 $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i);
103 $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i);
104
105 $title = $url;
106 if (!preg_match('!^https?://!i', $url))
107 $url = 'http://' . $url;
108
109 $html = Encoding::toUTF8(get_external_file($url,15));
110 if (isset($html) and strlen($html) > 0)
111 {
112 $r = new Readability($html, $url);
113 if($r->init())
114 {
115 $title = $r->articleTitle->innerHTML;
116 }
117 }
118
119 $parametres['title'] = $title;
120 $parametres['content'] = $r->articleContent->innerHTML;
121
122 return $parametres;
123 }
124
125 /**
126 * Appel d'une action (mark as fav, archive, delete)
127 */
128 function action_to_do($action, $id, $url, $token)
129 {
130 global $db;
131
132 switch ($action)
133 {
134 case 'add':
135 if ($url == '')
136 continue;
137
138 $parametres_url = prepare_url($url);
139 $sql_action = 'INSERT INTO entries ( url, title, content ) VALUES (?, ?, ?)';
140 $params_action = array($url, $parametres_url['title'], $parametres_url['content']);
141 break;
142 case 'delete':
143 if (verif_token($token)) {
144 $sql_action = "DELETE FROM entries WHERE id=?";
145 $params_action = array($id);
146 }
147 else die('CSRF problem');
148 break;
149 default:
150 break;
151 }
152
153 try
154 {
155 # action query
156 if (isset($sql_action))
157 {
158 $query = $db->getHandle()->prepare($sql_action);
159 $query->execute($params_action);
160 }
161 }
162 catch (Exception $e)
163 {
164 die('action query error : '.$e->getMessage());
165 }
166 }
167
168 /**
169 * Détermine quels liens afficher : home, fav ou archives
170 */
171 function display_view($view)
172 {
173 global $db;
174
175 switch ($view)
176 {
177 case 'archive':
178 $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
179 $params = array(-1);
180 break;
181 case 'fav' :
182 $sql = "SELECT * FROM entries WHERE is_fav=? ORDER BY id desc";
183 $params = array(-1);
184 break;
185 default:
186 $sql = "SELECT * FROM entries WHERE is_read=? ORDER BY id desc";
187 $params = array(0);
188 break;
189 }
190
191 # view query
192 try
193 {
194 $query = $db->getHandle()->prepare($sql);
195 $query->execute($params);
196 $entries = $query->fetchAll();
197 }
198 catch (Exception $e)
199 {
200 die('view query error : '.$e->getMessage());
201 }
202
203 return $entries;
204 }
205
206 /**
207 * Récupère un article en fonction d'un ID
208 */
209 function get_article($id)
210 {
211 global $db;
212
213 $entry = NULL;
214 $sql = "SELECT * FROM entries WHERE id=?";
215 $params = array(intval($id));
216
217 # view article query
218 try
219 {
220 $query = $db->getHandle()->prepare($sql);
221 $query->execute($params);
222 $entry = $query->fetchAll();
223 }
224 catch (Exception $e)
225 {
226 die('query error : '.$e->getMessage());
227 }
228
229 return $entry;
230 }
231
232 /**
233 * Vérifie si le jeton passé en $_POST correspond à celui en session
234 */
235 function verif_token($token)
236 {
237 if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token))
238 {
239 if($_SESSION['token_poche'] == $token)
240 {
241 $old_timestamp = time() - (15*60);
242 if($_SESSION['token_time_poche'] >= $old_timestamp)
243 {
244 return TRUE;
245 }
246 else return FALSE;
247 }
248 else return FALSE;
249 }
250 else return FALSE;
251 }
A self hostable application for saving web pages: Save and classify articles. Read them later. Freely.