3 * wallabag, self hostable application allowing you to not miss any content anymore
6 * @author Nicolas Lœuillet <nicolas@loeuillet.org>
8 * @license http://opensource.org/licenses/MIT see COPYING file
42 public function __construct()
47 private function init()
51 $pocheUser = Session
::getParam('poche_user');
53 if ($pocheUser && $pocheUser != array()) {
54 $this->user
= $pocheUser;
56 // fake user, just for install & login screens
57 $this->user
= new User();
58 $this->user
->setConfig($this->getDefaultConfig());
61 $this->pagination
= new Paginator($this->user
->getConfigValue('pager'), 'p');
62 $this->language
= new Language($this);
63 $this->tpl
= new Template($this);
64 $this->store
= new Database();
65 $this->messages
= new Messages();
66 $this->routing
= new Routing($this);
71 $this->routing
->run();
77 public function createNewUser($username, $password, $email = "", $internalRegistration = false)
79 Tools
::logm('Trying to create a new user...');
80 if (!empty($username) && !empty($password)){
81 $newUsername = filter_var($username, FILTER_SANITIZE_STRING
);
82 $email = filter_var($email, FILTER_SANITIZE_STRING
);
83 if (!$this->store
->userExists($newUsername)){
84 if ($this->store
->install($newUsername, Tools
::encodeString($password . $newUsername), $email)) {
85 if ($email != "") { // if email is filled
86 if (SEND_CONFIRMATION_EMAIL
&& function_exists('mail')) {
88 // if internal registration from config screen
89 $body_internal = _('Hi,') . "\r\n\r\n" . sprintf(_('Someone just created a wallabag account for you on %1$s.'), Tools
::getPocheUrl()) .
90 "\r\n\r\n" . sprintf(_('Your login is %1$s.'), $newUsername) ."\r\n\r\n" .
91 _('Note : The password has been chosen by the person who created your account. Get in touch with that person to know your password and change it as soon as possible') . "\r\n\r\n" .
92 _('Have fun with it !') . "\r\n\r\n" .
93 _('This is an automatically generated message, no one will answer if you respond to it.');
95 // if external (public) registration
96 $body = sprintf(_('Hi, %1$s'), $newUsername) . "\r\n\r\n" .
97 sprintf(_('You\'ve just created a wallabag account on %
1$s.'), Tools::getPocheUrl()) .
98 "\r\n\r\n" . _("Have fun with it !");
100 $body = $internalRegistration ? $body_internal : $body;
102 $body = wordwrap($body, 70, "\r\n"); // cut lines with more than 70 caracters (MIME standard)
103 if (mail($email, sprintf(_('Your
new wallabag account on %
1$s'), Tools
::getPocheUrl()), $body,
104 'X-Mailer: PHP/' . phpversion() . "\r\n" .
105 'Content-type: text/plain; charset=UTF-8' . "\r\n" .
106 "From: " . $newUsername . "@" . gethostname() . "\r\n")) {
107 Tools
::logm('The user ' . $newUsername . ' has been emailed');
108 $this->messages
->add('i', sprintf(_('The new user %1$s has been sent an email at %2$s. You may have to check spam folder.'), $newUsername, $email));
109 Tools
::redirect('?');
112 Tools
::logm('A problem has been encountered while sending an email');
113 $this->messages
->add('e', _('A problem has been encountered while sending an email'));
116 Tools
::logm('The user has been created, but the server did not authorize sending emails');
117 $this->messages
->add('i', _('The server did not authorize sending a confirmation email, but the user was created.'));
120 Tools
::logm('The user has been created, but no email was saved, so no confimation email was sent');
121 $this->messages
->add('i', _('The user was created, but no email was sent because email was not filled in'));
123 Tools
::logm('The new user ' . $newUsername . ' has been installed');
124 if (\Session
::isLogged()) {
125 $this->messages
->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'), $newUsername));
130 Tools
::logm('error during adding new user');
135 $this->messages
->add('e', sprintf(_('Error : An user with the name %s already exists !'), $newUsername));
136 Tools
::logm('An user with the name ' . $newUsername . ' already exists !');
141 Tools
::logm('Password or username were empty');
146 * Delete an existing user
148 public function deleteUser($password)
150 if ($this->store
->listUsers() > 1) {
151 if (Tools
::encodeString($password . $this->user
->getUsername()) == $this->store
->getUserPassword($this->user
->getId())) {
152 $username = $this->user
->getUsername();
153 $this->store
->deleteUserConfig($this->user
->getId());
154 Tools
::logm('The configuration for user '. $username .' has been deleted !');
155 $this->store
->deleteTagsEntriesAndEntries($this->user
->getId());
156 Tools
::logm('The entries for user '. $username .' has been deleted !');
157 $this->store
->deleteUser($this->user
->getId());
158 Tools
::logm('User '. $username .' has been completely deleted !');
160 Tools
::logm('logout');
162 $this->messages
->add('s', sprintf(_('User %s has been successfully deleted !'), $username));
165 Tools
::logm('Bad password !');
166 $this->messages
->add('e', _('Error : The password is wrong !'));
170 Tools
::logm('Only user !');
171 $this->messages
->add('e', _('Error : You are the only user, you cannot delete your account !'));
175 public function getDefaultConfig()
178 'pager' => PAGINATION
,
180 'theme' => DEFAULT_THEME
185 * Call action (mark as fav, archive, delete, etc.)
187 public function action($action, Url
$url, $id = 0, $import = FALSE, $autoclose = FALSE, $tags = null)
192 $content = Tools
::getPageContent($url);
193 $title = ($content['rss']['channel']['item']['title'] != '') ? $content['rss']['channel']['item']['title'] : _('Untitled');
194 $body = $content['rss']['channel']['item']['description'];
196 // clean content from prevent xss attack
197 $purifier = $this->_getPurifier();
198 $title = $purifier->purify($title);
199 $body = $purifier->purify($body);
201 //search for possible duplicate
203 $clean_url = $url->getUrl();
205 // Clean URL to remove parameters from feedburner and all this stuff. Taken from Shaarli.
206 $i=strpos($clean_url,'&utm_source='); if ($i!==false) $clean_url=substr($clean_url,0,$i);
207 $i=strpos($clean_url,'?utm_source='); if ($i!==false) $clean_url=substr($clean_url,0,$i);
208 $i=strpos($clean_url,'#xtor=RSS-'); if ($i!==false) $clean_url=substr($clean_url,0,$i);
210 $duplicate = $this->store
->retrieveOneByURL($clean_url, $this->user
->getId());
212 $last_id = $this->store
->add($clean_url, $title, $body, $this->user
->getId());
214 Tools
::logm('add link ' . $clean_url);
215 if (DOWNLOAD_PICTURES
) {
216 $content = Picture
::filterPicture($body, $clean_url, $last_id);
217 Tools
::logm('updating content article');
218 $this->store
->updateContent($last_id, $content, $this->user
->getId());
221 if ($duplicate != NULL) {
222 // duplicate exists, so, older entry needs to be deleted (as new entry should go to the top of list), BUT favorite mark and tags should be preserved
223 Tools
::logm('link ' . $clean_url . ' is a duplicate');
224 // 1) - preserve tags and favorite, then drop old entry
225 $this->store
->reassignTags($duplicate['id'], $last_id);
226 if ($duplicate['is_fav']) {
227 $this->store
->favoriteById($last_id, $this->user
->getId());
229 if ($this->store
->deleteById($duplicate['id'], $this->user
->getId())) {
230 Tools
::logm('previous link ' . $clean_url .' entry deleted');
234 // if there are tags, add them to the new article
235 if (isset($_GET['tags'])) {
236 $_POST['value'] = $_GET['tags'];
237 $_POST['entry_id'] = $last_id;
238 $this->action('add_tag', $url);
241 $this->messages
->add('s', _('the link has been added successfully'));
244 $this->messages
->add('e', _('error during insertion : the link wasn\'t added'));
245 Tools
::logm('error during insertion : the link wasn\'t added ' . $clean_url);
248 if ($autoclose == TRUE) {
249 Tools
::redirect('?view=home&closewin=true');
251 Tools
::redirect('?view=home');
256 if (isset($_GET['search'])) {
257 //when we want to apply a delete to a search
258 $tags = array($_GET['search']);
259 $allentry_ids = $this->store
->search($tags[0], $this->user
->getId());
260 $entry_ids = array();
261 foreach ($allentry_ids as $eachentry) {
262 $entry_ids[] = $eachentry[0];
264 } else { // delete a single article
265 $entry_ids = array($id);
267 foreach($entry_ids as $id) {
268 $msg = 'delete link #' . $id;
269 if ($this->store
->deleteById($id, $this->user
->getId())) {
270 if (DOWNLOAD_PICTURES
) {
271 Picture
::removeDirectory(ABS_PATH
. $id);
273 $this->messages
->add('s', _('the link has been deleted successfully'));
276 $this->messages
->add('e', _('the link wasn\'t deleted'));
277 $msg = 'error : can\'t delete link #' . $id;
281 Tools
::redirect('?');
284 $this->store
->favoriteById($id, $this->user
->getId());
285 Tools
::logm('mark as favorite link #' . $id);
286 if ( Tools
::isAjaxRequest() ) {
294 case 'toggle_archive' :
295 if (isset($_GET['tag_id'])) {
296 //when we want to archive a whole tag
297 $tag_id = $_GET['tag_id'];
298 $allentry_ids = $this->store
->retrieveEntriesByTag($tag_id, $this->user
->getId());
299 $entry_ids = array();
300 foreach ($allentry_ids as $eachentry) {
301 $entry_ids[] = $eachentry[0];
303 } else { //archive a single article
304 $entry_ids = array($id);
306 foreach($entry_ids as $id) {
307 $this->store
->archiveById($id, $this->user
->getId());
308 Tools
::logm('archive link #' . $id);
310 if ( Tools
::isAjaxRequest() ) {
317 case 'archive_and_next' :
318 $nextid = $this->store
->getPreviousArticle($id, $this->user
->getId());
319 $this->store
->archiveById($id, $this->user
->getId());
320 Tools
::logm('archive link #' . $id);
321 Tools
::redirect('?view=view&id=' . $nextid);
324 $this->store
->archiveAll($this->user
->getId());
325 Tools
::logm('archive all links');
329 if (isset($_GET['search'])) {
330 //when we want to apply a tag to a search
331 $tags = array($_GET['search']);
332 $allentry_ids = $this->store
->search($tags[0], $this->user
->getId());
333 $entry_ids = array();
334 foreach ($allentry_ids as $eachentry) {
335 $entry_ids[] = $eachentry[0];
337 } else { //add a tag to a single article
338 $tags = explode(',', $_POST['value']);
339 $entry_ids = array($_POST['entry_id']);
341 foreach($entry_ids as $entry_id) {
342 $entry = $this->store
->retrieveOneById($entry_id, $this->user
->getId());
344 $this->messages
->add('e', _('Article not found!'));
345 Tools
::logm('error : article not found');
348 //get all already set tags to preven duplicates
349 $already_set_tags = array();
350 $entry_tags = $this->store
->retrieveTagsByEntry($entry_id);
351 foreach ($entry_tags as $tag) {
352 $already_set_tags[] = $tag['value'];
354 foreach($tags as $key => $tag_value) {
355 $value = trim($tag_value);
356 if ($value && !in_array($value, $already_set_tags)) {
357 $tag = $this->store
->retrieveTagByValue($value);
360 $tag = $this->store
->createTag($value);
362 if (STORAGE
== 'postgres') {
363 $sequence = 'tags_id_seq';
365 $tag_id = $this->store
->getLastId($sequence);
368 $tag_id = $tag['id'];
371 # we assign the tag to the article
372 $this->store
->setTagToEntry($tag_id, $entry_id);
376 $this->messages
->add('s', _('The tag has been applied successfully'));
377 Tools
::logm('The tag has been applied successfully');
381 $tag_id = $_GET['tag_id'];
382 $entry = $this->store
->retrieveOneById($id, $this->user
->getId());
384 $this->messages
->add('e', _('Article not found!'));
385 Tools
::logm('error : article not found');
388 $this->store
->removeTagForEntry($id, $tag_id);
389 Tools
::logm('tag entry deleted');
390 if ($this->store
->cleanUnusedTag($tag_id)) {
391 Tools
::logm('tag deleted');
393 $this->messages
->add('s', _('The tag has been successfully deleted'));
397 case 'reload_article' :
398 Tools
::logm('reload article');
400 $entry = $this->store
->retrieveOneById($id, $this->user
->getId());
401 Tools
::logm('reload url ' . $entry['url']);
402 $url = new Url(base64_encode($entry['url']));
403 $this->action('add', $url);
406 /* For some unknown reason I can't get displayView() to work here (it redirects to home view afterwards). So here's a dirty fix which redirects directly to URL */
408 Tools
::logm('get a random article');
409 if ($this->store
->getRandomId($this->user
->getId())) {
410 $id_array = $this->store
->getRandomId($this->user
->getId());
412 Tools
::redirect('?view=view&id=' . $id[0]);
413 Tools
::logm('got the article with id ' . $id[0]);
421 function displayView($view, $id = 0)
430 $dev_infos = $this->_getPocheVersion('dev');
431 $dev = trim($dev_infos[0]);
432 $check_time_dev = date('d-M-Y H:i', $dev_infos[1]);
433 $prod_infos = $this->_getPocheVersion('prod');
434 $prod = trim($prod_infos[0]);
435 $check_time_prod = date('d-M-Y H:i', $prod_infos[1]);
436 $compare_dev = version_compare(POCHE
, $dev);
437 $compare_prod = version_compare(POCHE
, $prod);
438 $themes = $this->tpl
->getInstalledThemes();
439 $languages = $this->language
->getInstalledLanguages();
440 $token = $this->user
->getConfigValue('token');
441 $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
442 $only_user = ($this->store
->listUsers() > 1) ? false : true;
445 'languages' => $languages,
448 'check_time_dev' => $check_time_dev,
449 'check_time_prod' => $check_time_prod,
450 'compare_dev' => $compare_dev,
451 'compare_prod' => $compare_prod,
453 'user_id' => $this->user
->getId(),
454 'http_auth' => $http_auth,
455 'only_user' => $only_user
457 Tools
::logm('config view');
461 $entry = $this->store
->retrieveOneById($id, $this->user
->getId());
463 $this->messages
->add('e', _('Article not found!'));
464 Tools
::logm('error : article not found');
467 $tags = $this->store
->retrieveTagsByEntry($id);
475 $token = $this->user
->getConfigValue('token');
476 //if term is set - search tags for this term
477 $term = Tools
::checkVar('term');
478 $tags = $this->store
->retrieveAllTags($this->user
->getId(), $term);
479 if (Tools
::isAjaxRequest()) {
481 foreach ($tags as $tag) {
482 $result[] = $tag['value'];
484 echo json_encode($result);
489 'user_id' => $this->user
->getId(),
494 if (isset($_GET['search'])) {
495 $search = filter_var($_GET['search'], FILTER_SANITIZE_STRING
);
496 $tpl_vars['entries'] = $this->store
->search($search, $this->user
->getId());
497 $count = count($tpl_vars['entries']);
498 $this->pagination
->set_total($count);
499 $page_links = str_replace(array('previous', 'next'), array(_('previous'), _('next')),
500 $this->pagination
->page_links('?view=' . $view . '?search=' . $search . '&sort=' . $_SESSION['sort'] . '&' ));
501 $tpl_vars['page_links'] = $page_links;
502 $tpl_vars['nb_results'] = $count;
503 $tpl_vars['searchterm'] = $search;
507 $entry = $this->store
->retrieveOneById($id, $this->user
->getId());
508 if ($entry != NULL) {
509 Tools
::logm('view link #' . $id);
510 $content = $entry['content'];
511 if (function_exists('tidy_parse_string')) {
512 $tidy = tidy_parse_string($content, array('indent'=>true, 'show-body-only' => true), 'UTF8');
513 $tidy->cleanRepair();
514 $content = $tidy->value
;
520 $flattr = new FlattrItem();
521 $flattr->checkItem($entry['url'], $entry['id']);
526 $previous_id = $this->store
->getPreviousArticle($id, $this->user
->getId());
528 $next_id = $this->store
->getNextArticle($id, $this->user
->getId());
530 if ($this->store
->retrieveOneById($previous_id, $this->user
->getId())) {
533 if ($this->store
->retrieveOneById($next_id, $this->user
->getId())) {
536 $navigate = $arrayName = array('previous' => $previous, 'previousid' => $previous_id, 'next' => $next, 'nextid' => $next_id);
539 $tags = $this->store
->retrieveTagsByEntry($entry['id']);
543 'content' => $content,
546 'navigate' => $navigate
550 Tools
::logm('error in view call : entry is null');
553 default: # home, favorites, archive and tag views
558 'listmode' => (isset($_COOKIE['listmode']) ? true : false),
561 //if id is given - we retrieve entries by tag: id is tag id
563 $tpl_vars['tag'] = $this->store
->retrieveTag($id, $this->user
->getId());
564 $tpl_vars['id'] = intval($id);
567 $count = $this->store
->getEntriesByViewCount($view, $this->user
->getId(), $id);
570 $this->pagination
->set_total($count);
571 $page_links = str_replace(array('previous', 'next'), array(_('previous'), _('next')),
572 $this->pagination
->page_links('?view=' . $view . '&sort=' . $_SESSION['sort'] . (($id)?'&id='.$id:'') . '&' ));
573 $tpl_vars['entries'] = $this->store
->getEntriesByView($view, $this->user
->getId(), $this->pagination
->get_limit(), $id);
574 $tpl_vars['page_links'] = $page_links;
575 $tpl_vars['nb_results'] = $count;
577 Tools
::logm('display ' . $view . ' view');
585 * update the password of the current user.
586 * if MODE_DEMO is TRUE, the password can't be updated.
587 * @todo add the return value
588 * @todo set the new password in function header like this updatePassword($newPassword)
591 public function updatePassword($password, $confirmPassword)
594 $this->messages
->add('i', _('in demo mode, you can\'t update your password'));
595 Tools
::logm('in demo mode, you can\'t do this');
596 Tools
::redirect('?view=config');
599 if (isset($password) && isset($confirmPassword)) {
600 if ($password == $confirmPassword && !empty($password)) {
601 $this->messages
->add('s', _('your password has been updated'));
602 $this->store
->updatePassword($this->user
->getId(), Tools
::encodeString($password . $this->user
->getUsername()));
604 Tools
::logm('password updated');
608 $this->messages
->add('e', _('the two fields have to be filled & the password must be the same in the two fields'));
609 Tools
::redirect('?view=config');
616 * Get credentials from differents sources
617 * It redirects the user to the $referer link
621 private function credentials()
623 if (isset($_SERVER['PHP_AUTH_USER'])) {
624 return array($_SERVER['PHP_AUTH_USER'], 'php_auth', true);
626 if (!empty($_POST['login']) && !empty($_POST['password'])) {
627 return array($_POST['login'], $_POST['password'], false);
629 if (isset($_SERVER['REMOTE_USER'])) {
630 return array($_SERVER['REMOTE_USER'], 'http_auth', true);
633 return array(false, false, false);
637 * checks if login & password are correct and save the user in session.
638 * it redirects the user to the $referer link
639 * @param string $referer the url to redirect after login
640 * @todo add the return value
643 public function login($referer)
645 list($login,$password,$isauthenticated)=$this->credentials();
646 if($login === false || $password === false) {
647 $this->messages
->add('e', _('login failed: you have to fill all fields'));
648 Tools
::logm('login failed');
651 if (!empty($login) && !empty($password)) {
652 $user = $this->store
->login($login, Tools
::encodeString($password . $login), $isauthenticated);
653 if ($user != array()) {
654 # Save login into Session
655 $longlastingsession = isset($_POST['longlastingsession']);
656 $passwordTest = ($isauthenticated) ? $user['password'] : Tools
::encodeString($password . $login);
657 Session
::login($user['username'], $user['password'], $login, $passwordTest, $longlastingsession, array('poche_user' => new User($user)));
660 $language = $user['config']['language'];
661 @putenv('LC_ALL=' . $language);
662 setlocale(LC_ALL
, $language);
663 bindtextdomain($language, LOCALE
);
664 textdomain($language);
666 $this->messages
->add('s', _('welcome to your wallabag'));
667 Tools
::logm('login successful');
668 Tools
::redirect($referer);
670 $this->messages
->add('e', _('login failed: bad login or password'));
671 // log login failure in web server log to allow fail2ban usage
672 error_log('user '.$login.' authentication failure');
673 Tools
::logm('login failed');
679 * log out the poche user. It cleans the session.
680 * @todo add the return value
683 public function logout()
685 $this->user
= array();
687 Tools
::logm('logout');
692 * import datas into your wallabag
696 public function import() {
698 if ( isset($_FILES['file']) && $_FILES['file']['tmp_name'] ) {
699 Tools
::logm('Import stated: parsing file');
701 // assume, that file is in json format
702 $str_data = file_get_contents($_FILES['file']['tmp_name']);
703 $data = json_decode($str_data, true);
705 if ( $data === null ) {
706 //not json - assume html
707 $html = new simple_html_dom();
708 $html->load_file($_FILES['file']['tmp_name']);
711 foreach (array('ol','ul') as $list) {
712 foreach ($html->find($list) as $ul) {
713 foreach ($ul->find('li') as $li) {
716 $tmpEntry['url'] = $a[0]->href
;
717 $tmpEntry['tags'] = $a[0]->tags
;
718 $tmpEntry['is_read'] = $read;
719 if ($tmpEntry['url']) {
723 # the second <ol/ul> is for read links
724 $read = ((sizeof($data) && $read)?0:1);
729 // for readability structure
731 foreach($data as $record) {
732 if (is_array($record)) {
734 foreach($record as $record2) {
735 if (is_array($record2)) {
742 $urlsInserted = array(); //urls of articles inserted
743 foreach($data as $record) {
744 $url = trim(isset($record['article__url']) ? $record['article__url'] : (isset($record['url']) ? $record['url'] : ''));
745 if ($url and !in_array($url, $urlsInserted)) {
746 $title = (isset($record['title']) ? $record['title'] : _('Untitled - Import - ') . '</a> <a href="./?import">' . _('click to finish import') . '</a><a>');
747 $body = (isset($record['content']) ? $record['content'] : '');
748 $isRead = (isset($record['is_read']) ? intval($record['is_read']) : (isset($record['archive']) ? intval($record['archive']) : 0));
749 $isFavorite = (isset($record['is_fav']) ? intval($record['is_fav']) : (isset($record['favorite']) ? intval($record['favorite']) : 0));
753 $id = $this->store
->add($url, $title, $body, $this->user
->getId() , $isFavorite, $isRead);
755 $urlsInserted[] = $url; //add
756 if (isset($record['tags']) && trim($record['tags'])) {
758 $tags = explode(',', $record['tags']);
759 foreach($tags as $tag) {
761 $tag_id = $this->store
->retrieveTagByValue($tag);
763 $this->store
->setTagToEntry($tag_id['id'], $entry_id);
765 $this->store
->createTag($tag);
766 $tag_id = $this->store
->retrieveTagByValue($tag);
767 $this->store
->setTagToEntry($tag_id['id'], $entry_id);
776 $i = sizeof($urlsInserted);
778 $this->messages
->add('s', _('Articles inserted: ') . $i . _('. Please note, that some may be marked as "read".'));
781 Tools
::logm('Import of articles finished: '.$i.' articles added (w/o content if not provided).');
784 $this->messages
->add('e', _('Did you forget to select a file?'));
786 // file parsing finished here
787 // now download article contents if any
788 // check if we need to download any content
790 $recordsDownloadRequired = $this->store
->retrieveUnfetchedEntriesCount($this->user
->getId());
792 if ($recordsDownloadRequired == 0) {
794 // nothing to download
796 $this->messages
->add('s', _('Import finished.'));
797 Tools
::logm('Import finished completely');
802 // if just inserted - don't download anything, download will start in next reload
804 if (!isset($_FILES['file'])) {
806 // download next batch
808 Tools
::logm('Fetching next batch of articles...');
809 $items = $this->store
->retrieveUnfetchedEntries($this->user
->getId() , IMPORT_LIMIT
);
810 $purifier = $this->_getPurifier();
811 foreach($items as $item) {
812 $url = new Url(base64_encode($item['url']));
813 if( $url->isCorrect() )
815 Tools
::logm('Fetching article ' . $item['id']);
816 $content = Tools
::getPageContent($url);
817 $title = (($content['rss']['channel']['item']['title'] != '') ? $content['rss']['channel']['item']['title'] : _('Untitled'));
818 $body = (($content['rss']['channel']['item']['description'] != '') ? $content['rss']['channel']['item']['description'] : _('Undefined'));
820 // clean content to prevent xss attack
822 $title = $purifier->purify($title);
823 $body = $purifier->purify($body);
824 $this->store
->updateContentAndTitle($item['id'], $title, $body, $this->user
->getId());
825 Tools
::logm('Article ' . $item['id'] . ' updated.');
828 Tools
::logm('Unvalid URL (' . $item['url'] .') to fetch for article ' . $item['id']);
835 'includeImport' => true,
837 'recordsDownloadRequired' => $recordsDownloadRequired,
838 'recordsUnderDownload' => IMPORT_LIMIT
,
839 'delay' => IMPORT_DELAY
* 1000
845 * export poche entries in json
846 * @return json all poche entries
848 public function export()
850 $filename = "wallabag-export-".$this->user
->getId()."-".date("Y-m-d").".json";
851 header('Content-Disposition: attachment; filename='.$filename);
853 $entries = $this->store
->retrieveAll($this->user
->getId());
854 echo $this->tpl
->render('export.twig', array(
855 'export' => Tools
::renderJson($entries),
857 Tools
::logm('export view');
861 * Checks online the latest version of poche and cache it
862 * @param string $which 'prod' or 'dev'
863 * @return string latest $which version
865 private function _getPocheVersion($which = 'prod') {
866 $cache_file = CACHE
. '/' . $which;
867 $check_time = time();
869 # checks if the cached version file exists
870 if (file_exists($cache_file) && (filemtime($cache_file) > (time() - 86400 ))) {
871 $version = file_get_contents($cache_file);
872 $check_time = filemtime($cache_file);
874 $version = file_get_contents('http://static.wallabag.org/versions/' . $which);
875 file_put_contents($cache_file, $version, LOCK_EX
);
877 return array($version, $check_time);
881 * Update token for current user
883 public function updateToken()
885 $token = Tools
::generateToken();
886 $this->store
->updateUserConfig($this->user
->getId(), 'token', $token);
887 $currentConfig = $_SESSION['poche_user']->config
;
888 $currentConfig['token'] = $token;
889 $_SESSION['poche_user']->setConfig($currentConfig);
894 * Generate RSS feeds for current user
898 * @param $tag_id if $type is 'tag', the id of the tag to generate feed for
899 * @param string $type the type of feed to generate
900 * @param int $limit the maximum number of items (0 means all)
902 public function generateFeeds($token, $user_id, $tag_id, $type = 'home', $limit = 0)
904 $allowed_types = array('home', 'fav', 'archive', 'tag');
905 $config = $this->store
->getConfigUser($user_id);
907 if ($config == null) {
908 die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
911 if (!in_array($type, $allowed_types) || !isset($config['token']) || $token != $config['token']) {
912 die(_('Uh, there is a problem while generating feed. Wrong token used?'));
915 $feed = new FeedWriter(RSS2
);
916 $feed->setTitle('wallabag — ' . $type . ' feed');
917 $feed->setLink(Tools
::getPocheUrl());
918 $feed->setChannelElement('pubDate', date(DATE_RSS
, time()));
919 $feed->setChannelElement('generator', 'wallabag');
920 $feed->setDescription('wallabag ' . $type . ' elements');
922 if ($type == 'tag') {
923 $entries = $this->store
->retrieveEntriesByTag($tag_id, $user_id);
926 $entries = $this->store
->getEntriesByView($type, $user_id);
929 // if $limit is set to zero, use all entries
931 $limit = count($entries);
933 if (count($entries) > 0) {
934 for ($i = 0; $i < min(count($entries), $limit); $i++
) {
935 $entry = $entries[$i];
936 $newItem = $feed->createNewItem();
937 $newItem->setTitle($entry['title']);
938 $newItem->setSource(Tools
::getPocheUrl() . '?view=view&id=' . $entry['id']);
939 $newItem->setLink($entry['url']);
940 $newItem->setDate(time());
941 $newItem->setDescription($entry['content']);
942 $feed->addItem($newItem);
946 $feed->genarateFeed();
953 * Returns new purifier object with actual config
955 private function _getPurifier()
957 $config = HTMLPurifier_Config
::createDefault();
958 $config->set('Cache.SerializerPath', CACHE
);
959 $config->set('HTML.SafeIframe', true);
961 //allow YouTube, Vimeo and dailymotion videos
962 $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.dailymotion\.com/embed/video/)%');
964 return new HTMLPurifier($config);