aboutsummaryrefslogtreecommitdiffhomepage
diff options
context:
space:
mode:
authorMaryana Rozhankivska <mariroz@mr.lviv.ua>2014-05-30 17:14:53 +0300
committerMaryana Rozhankivska <mariroz@mr.lviv.ua>2014-05-30 17:14:53 +0300
commitcbc75befb5bdf368bec15f47413bd7669273a181 (patch)
tree8b3b1be99367cfced78647eebca83a685550a3a4
parent8038b38802769031e050c753fc0a388a2276629e (diff)
downloadwallabag-cbc75befb5bdf368bec15f47413bd7669273a181.tar.gz
wallabag-cbc75befb5bdf368bec15f47413bd7669273a181.tar.zst
wallabag-cbc75befb5bdf368bec15f47413bd7669273a181.zip
small xss vulnerability and translation ability fix
-rwxr-xr-xinc/poche/Poche.class.php41
1 files changed, 20 insertions, 21 deletions
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 37cf66a3..b0c0adf8 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -1083,11 +1083,10 @@ class Poche
1083 $config = $this->store->getConfigUser($user_id); 1083 $config = $this->store->getConfigUser($user_id);
1084 1084
1085 if ($config == null) { 1085 if ($config == null) {
1086 die(_('User with this id (' . $user_id . ') does not exist.')); 1086 die(_( sprintf('User with this id (%d) does not exist.', $user_id) ));
1087 } 1087 }
1088 1088
1089 if (!in_array($type, $allowed_types) || 1089 if (!in_array($type, $allowed_types) || $token != $config['token']) {
1090 $token != $config['token']) {
1091 die(_('Uh, there is a problem while generating feeds.')); 1090 die(_('Uh, there is a problem while generating feeds.'));
1092 } 1091 }
1093 // Check the token 1092 // Check the token
@@ -1150,12 +1149,12 @@ class Poche
1150 1149
1151 return new HTMLPurifier($config); 1150 return new HTMLPurifier($config);
1152 } 1151 }
1153 1152
1154 /** 1153 /**
1155 * handle epub 1154 * handle epub
1156 */ 1155 */
1157 public function createEpub() { 1156 public function createEpub() {
1158 1157
1159 switch ($_GET['method']) { 1158 switch ($_GET['method']) {
1160 case 'id': 1159 case 'id':
1161 $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); 1160 $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
@@ -1191,7 +1190,7 @@ class Poche
1191 break; 1190 break;
1192 case 'default': 1191 case 'default':
1193 die(_('Uh, there is a problem while generating epub.')); 1192 die(_('Uh, there is a problem while generating epub.'));
1194 1193
1195 } 1194 }
1196 1195
1197 $content_start = 1196 $content_start =
@@ -1204,11 +1203,11 @@ class Poche
1204 . "<body>\n"; 1203 . "<body>\n";
1205 1204
1206 $bookEnd = "</body>\n</html>\n"; 1205 $bookEnd = "</body>\n</html>\n";
1207 1206
1208 $log = new Logger("wallabag", TRUE); 1207 $log = new Logger("wallabag", TRUE);
1209 $fileDir = CACHE; 1208 $fileDir = CACHE;
1210 1209
1211 1210
1212 $book = new EPub(EPub::BOOK_VERSION_EPUB3); 1211 $book = new EPub(EPub::BOOK_VERSION_EPUB3);
1213 $log->logLine("new EPub()"); 1212 $log->logLine("new EPub()");
1214 $log->logLine("EPub class version: " . EPub::VERSION); 1213 $log->logLine("EPub class version: " . EPub::VERSION);
@@ -1216,7 +1215,7 @@ class Poche
1216 $log->logLine("Zip version: " . Zip::VERSION); 1215 $log->logLine("Zip version: " . Zip::VERSION);
1217 $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); 1216 $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());
1218 $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); 1217 $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());
1219 1218
1220 $book->setTitle(_('wallabag\'s articles')); 1219 $book->setTitle(_('wallabag\'s articles'));
1221 $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. 1220 $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.
1222 //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. 1221 //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.
@@ -1226,39 +1225,39 @@ class Poche
1226 $book->setDate(time()); // Strictly not needed as the book date defaults to time(). 1225 $book->setDate(time()); // Strictly not needed as the book date defaults to time().
1227 //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. 1226 //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.
1228 $book->setSourceURL("http://$_SERVER[HTTP_HOST]"); 1227 $book->setSourceURL("http://$_SERVER[HTTP_HOST]");
1229 1228
1230 $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); 1229 $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");
1231 $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); 1230 $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");
1232 1231
1233 $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; 1232 $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";
1234 1233
1235 $log->logLine("Add Cover"); 1234 $log->logLine("Add Cover");
1236 1235
1237 $fullTitle = "<h1> " . $bookTitle . "</h1>\n"; 1236 $fullTitle = "<h1> " . $bookTitle . "</h1>\n";
1238 1237
1239 $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); 1238 $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);
1240 1239
1241 $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd; 1240 $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;
1242 1241
1243 //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); 1242 //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);
1244 $book->addChapter("Notices", "Cover2.html", $cover); 1243 $book->addChapter("Notices", "Cover2.html", $cover);
1245 1244
1246 $book->buildTOC(); 1245 $book->buildTOC();
1247 1246
1248 foreach ($entries as $entry) { //set tags as subjects 1247 foreach ($entries as $entry) { //set tags as subjects
1249 $tags = $this->store->retrieveTagsByEntry($entry['id']); 1248 $tags = $this->store->retrieveTagsByEntry($entry['id']);
1250 foreach ($tags as $tag) { 1249 foreach ($tags as $tag) {
1251 $book->setSubject($tag['value']); 1250 $book->setSubject($tag['value']);
1252 } 1251 }
1253 1252
1254 $log->logLine("Set up parameters"); 1253 $log->logLine("Set up parameters");
1255 1254
1256 $chapter = $content_start . $entry['content'] . $bookEnd; 1255 $chapter = $content_start . $entry['content'] . $bookEnd;
1257 $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); 1256 $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);
1258 $log->logLine("Added chapter " . $entry['title']); 1257 $log->logLine("Added chapter " . $entry['title']);
1259 } 1258 }
1260 1259
1261 if (DEBUG_POCHE) { 1260 if (DEBUG_POCHE) {
1262 $epuplog = $book->getLog(); 1261 $epuplog = $book->getLog();
1263 $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation 1262 $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation
1264 } 1263 }