X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=inc%2Fpoche%2FPoche.class.php;h=7e3e6afe6156ff8d245245759237b4a273228093;hb=c97d23c5334b363250a1d7cfc5cffd0087f35c21;hp=3a4e78d6ae64013b3700adc962659a218d5581da;hpb=389d751e920f39cd72df8d8ae03028238d0289d6;p=github%2Fwallabag%2Fwallabag.git diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 3a4e78d6..7e3e6afe 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -101,7 +101,7 @@ class Poche public function configFileIsAvailable() { if (! self::$configFileAvailable) { - $this->notInstalledMessage[] = 'You have to rename inc/poche/config.inc.php.new to inc/poche/config.inc.php.'; + $this->notInstalledMessage[] = 'You have to copy (don\'t just rename!) inc/poche/config.inc.default.php to inc/poche/config.inc.php.'; return false; } @@ -241,6 +241,58 @@ class Poche $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); $this->tpl->addFilter($filter); } + + public function createNewUser() { + if (isset($_GET['newuser'])){ + if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){ + $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING); + if (!$this->store->userExists($newusername)){ + if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) { + Tools::logm('The new user '.$newusername.' has been installed'); + $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to logout ?'),$newusername)); + Tools::redirect(); + } + else { + Tools::logm('error during adding new user'); + Tools::redirect(); + } + } + else { + $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername)); + Tools::logm('An user with the name '.$newusername.' already exists !'); + Tools::redirect(); + } + } + } + } + + public function deleteUser(){ + if (isset($_GET['deluser'])){ + if ($this->store->listUsers() > 1) { + if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) { + $username = $this->user->getUsername(); + $this->store->deleteUserConfig($this->user->getId()); + Tools::logm('The configuration for user '. $username .' has been deleted !'); + $this->store->deleteTagsEntriesAndEntries($this->user->getId()); + Tools::logm('The entries for user '. $username .' has been deleted !'); + $this->store->deleteUser($this->user->getId()); + Tools::logm('User '. $username .' has been completely deleted !'); + Session::logout(); + Tools::logm('logout'); + Tools::redirect(); + $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername)); + } + else { + Tools::logm('Bad password !'); + $this->messages->add('e', _('Error : The password is wrong !')); + } + } + else { + Tools::logm('Only user !'); + $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !')); + } + } + } private function install() { @@ -373,9 +425,7 @@ class Poche $body = $content['rss']['channel']['item']['description']; // clean content from prevent xss attack - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $purifier = new HTMLPurifier($config); + $purifier = $this->getPurifier(); $title = $purifier->purify($title); $body = $purifier->purify($body); @@ -436,12 +486,24 @@ class Poche case 'toggle_fav' : $this->store->favoriteById($id, $this->user->getId()); Tools::logm('mark as favorite link #' . $id); - Tools::redirect(); + if ( Tools::isAjaxRequest() ) { + echo 1; + exit; + } + else { + Tools::redirect(); + } break; case 'toggle_archive' : $this->store->archiveById($id, $this->user->getId()); Tools::logm('archive link #' . $id); - Tools::redirect(); + if ( Tools::isAjaxRequest() ) { + echo 1; + exit; + } + else { + Tools::redirect(); + } break; case 'archive_all' : $this->store->archiveAll($this->user->getId()); @@ -522,6 +584,7 @@ class Poche $languages = $this->getInstalledLanguages(); $token = $this->user->getConfigValue('token'); $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false; + $only_user = ($this->store->listUsers() > 1) ? false : true; $tpl_vars = array( 'themes' => $themes, 'languages' => $languages, @@ -534,6 +597,7 @@ class Poche 'token' => $token, 'user_id' => $this->user->getId(), 'http_auth' => $http_auth, + 'only_user' => $only_user ); Tools::logm('config view'); break; @@ -824,13 +888,6 @@ class Poche */ public function import() { - if (!defined('IMPORT_LIMIT')) { - define('IMPORT_LIMIT', 5); - } - if (!defined('IMPORT_DELAY')) { - define('IMPORT_DELAY', 5); - } - if ( isset($_FILES['file']) ) { Tools::logm('Import stated: parsing file'); @@ -920,9 +977,7 @@ class Poche Tools::logm('Fetching next batch of articles...'); $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT); - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $purifier = new HTMLPurifier($config); + $purifier = $this->getPurifier(); foreach ($items as $item) { $url = new Url(base64_encode($item['url'])); @@ -1064,4 +1119,16 @@ class Poche $this->messages->add('s', _('Cache deleted.')); Tools::redirect(); } + + /** + * return new purifier object with actual config + */ + protected function getPurifier() { + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.SerializerPath', CACHE); + $config->set('HTML.SafeIframe', true); + $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config); + + return new HTMLPurifier($config); + } }