diff options
author | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-05-30 17:14:53 +0300 |
---|---|---|
committer | Maryana Rozhankivska <mariroz@mr.lviv.ua> | 2014-05-30 17:14:53 +0300 |
commit | cbc75befb5bdf368bec15f47413bd7669273a181 (patch) | |
tree | 8b3b1be99367cfced78647eebca83a685550a3a4 | |
parent | 8038b38802769031e050c753fc0a388a2276629e (diff) | |
download | wallabag-cbc75befb5bdf368bec15f47413bd7669273a181.tar.gz wallabag-cbc75befb5bdf368bec15f47413bd7669273a181.tar.zst wallabag-cbc75befb5bdf368bec15f47413bd7669273a181.zip |
small xss vulnerability and translation ability fix
-rwxr-xr-x | inc/poche/Poche.class.php | 41 |
1 files changed, 20 insertions, 21 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 37cf66a3..b0c0adf8 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php | |||
@@ -1083,11 +1083,10 @@ class Poche | |||
1083 | $config = $this->store->getConfigUser($user_id); | 1083 | $config = $this->store->getConfigUser($user_id); |
1084 | 1084 | ||
1085 | if ($config == null) { | 1085 | if ($config == null) { |
1086 | die(_('User with this id (' . $user_id . ') does not exist.')); | 1086 | die(_( sprintf('User with this id (%d) does not exist.', $user_id) )); |
1087 | } | 1087 | } |
1088 | 1088 | ||
1089 | if (!in_array($type, $allowed_types) || | 1089 | if (!in_array($type, $allowed_types) || $token != $config['token']) { |
1090 | $token != $config['token']) { | ||
1091 | die(_('Uh, there is a problem while generating feeds.')); | 1090 | die(_('Uh, there is a problem while generating feeds.')); |
1092 | } | 1091 | } |
1093 | // Check the token | 1092 | // Check the token |
@@ -1150,12 +1149,12 @@ class Poche | |||
1150 | 1149 | ||
1151 | return new HTMLPurifier($config); | 1150 | return new HTMLPurifier($config); |
1152 | } | 1151 | } |
1153 | 1152 | ||
1154 | /** | 1153 | /** |
1155 | * handle epub | 1154 | * handle epub |
1156 | */ | 1155 | */ |
1157 | public function createEpub() { | 1156 | public function createEpub() { |
1158 | 1157 | ||
1159 | switch ($_GET['method']) { | 1158 | switch ($_GET['method']) { |
1160 | case 'id': | 1159 | case 'id': |
1161 | $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); | 1160 | $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); |
@@ -1191,7 +1190,7 @@ class Poche | |||
1191 | break; | 1190 | break; |
1192 | case 'default': | 1191 | case 'default': |
1193 | die(_('Uh, there is a problem while generating epub.')); | 1192 | die(_('Uh, there is a problem while generating epub.')); |
1194 | 1193 | ||
1195 | } | 1194 | } |
1196 | 1195 | ||
1197 | $content_start = | 1196 | $content_start = |
@@ -1204,11 +1203,11 @@ class Poche | |||
1204 | . "<body>\n"; | 1203 | . "<body>\n"; |
1205 | 1204 | ||
1206 | $bookEnd = "</body>\n</html>\n"; | 1205 | $bookEnd = "</body>\n</html>\n"; |
1207 | 1206 | ||
1208 | $log = new Logger("wallabag", TRUE); | 1207 | $log = new Logger("wallabag", TRUE); |
1209 | $fileDir = CACHE; | 1208 | $fileDir = CACHE; |
1210 | 1209 | ||
1211 | 1210 | ||
1212 | $book = new EPub(EPub::BOOK_VERSION_EPUB3); | 1211 | $book = new EPub(EPub::BOOK_VERSION_EPUB3); |
1213 | $log->logLine("new EPub()"); | 1212 | $log->logLine("new EPub()"); |
1214 | $log->logLine("EPub class version: " . EPub::VERSION); | 1213 | $log->logLine("EPub class version: " . EPub::VERSION); |
@@ -1216,7 +1215,7 @@ class Poche | |||
1216 | $log->logLine("Zip version: " . Zip::VERSION); | 1215 | $log->logLine("Zip version: " . Zip::VERSION); |
1217 | $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); | 1216 | $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); |
1218 | $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); | 1217 | $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); |
1219 | 1218 | ||
1220 | $book->setTitle(_('wallabag\'s articles')); | 1219 | $book->setTitle(_('wallabag\'s articles')); |
1221 | $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. | 1220 | $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. |
1222 | //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. | 1221 | //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. |
@@ -1226,39 +1225,39 @@ class Poche | |||
1226 | $book->setDate(time()); // Strictly not needed as the book date defaults to time(). | 1225 | $book->setDate(time()); // Strictly not needed as the book date defaults to time(). |
1227 | //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. | 1226 | //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. |
1228 | $book->setSourceURL("http://$_SERVER[HTTP_HOST]"); | 1227 | $book->setSourceURL("http://$_SERVER[HTTP_HOST]"); |
1229 | 1228 | ||
1230 | $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); | 1229 | $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); |
1231 | $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); | 1230 | $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); |
1232 | 1231 | ||
1233 | $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; | 1232 | $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; |
1234 | 1233 | ||
1235 | $log->logLine("Add Cover"); | 1234 | $log->logLine("Add Cover"); |
1236 | 1235 | ||
1237 | $fullTitle = "<h1> " . $bookTitle . "</h1>\n"; | 1236 | $fullTitle = "<h1> " . $bookTitle . "</h1>\n"; |
1238 | 1237 | ||
1239 | $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); | 1238 | $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); |
1240 | 1239 | ||
1241 | $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd; | 1240 | $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd; |
1242 | 1241 | ||
1243 | //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); | 1242 | //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); |
1244 | $book->addChapter("Notices", "Cover2.html", $cover); | 1243 | $book->addChapter("Notices", "Cover2.html", $cover); |
1245 | 1244 | ||
1246 | $book->buildTOC(); | 1245 | $book->buildTOC(); |
1247 | 1246 | ||
1248 | foreach ($entries as $entry) { //set tags as subjects | 1247 | foreach ($entries as $entry) { //set tags as subjects |
1249 | $tags = $this->store->retrieveTagsByEntry($entry['id']); | 1248 | $tags = $this->store->retrieveTagsByEntry($entry['id']); |
1250 | foreach ($tags as $tag) { | 1249 | foreach ($tags as $tag) { |
1251 | $book->setSubject($tag['value']); | 1250 | $book->setSubject($tag['value']); |
1252 | } | 1251 | } |
1253 | 1252 | ||
1254 | $log->logLine("Set up parameters"); | 1253 | $log->logLine("Set up parameters"); |
1255 | 1254 | ||
1256 | $chapter = $content_start . $entry['content'] . $bookEnd; | 1255 | $chapter = $content_start . $entry['content'] . $bookEnd; |
1257 | $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); | 1256 | $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); |
1258 | $log->logLine("Added chapter " . $entry['title']); | 1257 | $log->logLine("Added chapter " . $entry['title']); |
1259 | } | 1258 | } |
1260 | 1259 | ||
1261 | if (DEBUG_POCHE) { | 1260 | if (DEBUG_POCHE) { |
1262 | $epuplog = $book->getLog(); | 1261 | $epuplog = $book->getLog(); |
1263 | $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation | 1262 | $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation |
1264 | } | 1263 | } |