Merge pull request #712 from wallabag/dev1.7.0

1.7, call me "Premium version"

7 files changed, 427 insertions, 113 deletions

diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index 036c9d1b..9e901974 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -33,6 +33,8 @@ class Database {
                 $db_path = 'pgsql:host=' . STORAGE_SERVER . ';dbname=' . STORAGE_DB;
                 $this->handle = new PDO($db_path, STORAGE_USER, STORAGE_PASSWORD);
                 break;
+            default:
+                die(STORAGE . ' is not a recognised database system !');
         }
 
         $this->handle->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
@@ -229,12 +231,49 @@ class Database {
             return FALSE;
         }
     }
+    
+    public function listUsers($username=null) {
+        $sql = 'SELECT count(*) FROM users'.( $username ? ' WHERE username=?' : '');
+        $query = $this->executeQuery($sql, ( $username ? array($username) : array()));
+        list($count) = $query->fetch();
+        return $count;
+    }
+    
+    public function getUserPassword($userID) {
+        $sql = "SELECT * FROM users WHERE id=?";
+        $query = $this->executeQuery($sql, array($userID));
+        $password = $query->fetchAll();
+        return isset($password[0]['password']) ? $password[0]['password'] : null;
+    }
+    
+    public function deleteUserConfig($userID) {
+        $sql_action = 'DELETE from users_config WHERE user_id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+        return $query;
+    }
+    
+    public function deleteTagsEntriesAndEntries($userID) {
+        $entries = $this->retrieveAll($userID);
+        foreach($entries as $entryid) {
+            $tags = $this->retrieveTagsByEntry($entryid);
+            foreach($tags as $tag) {
+                $this->removeTagForEntry($entryid,$tags);
+            }
+            $this->deleteById($entryid,$userID);
+        }
+    }
+    
+    public function deleteUser($userID) {
+        $sql_action = 'DELETE from users WHERE id=?';
+        $params_action = array($userID);
+        $query = $this->executeQuery($sql_action, $params_action);
+    }
 
     public function updateContentAndTitle($id, $title, $body, $user_id) {
         $sql_action = 'UPDATE entries SET content = ?, title = ? WHERE id=? AND user_id=?';
         $params_action = array($body, $title, $id, $user_id);
         $query = $this->executeQuery($sql_action, $params_action);
-
         return $query;
     }
 
@@ -472,6 +511,25 @@ class Database {
         $query          = $this->executeQuery($sql_action, $params_action);
         return $query;
     }
+    
+    public function cleanUnusedTag($tag_id) {
+        $sql_action = "SELECT tags.* FROM tags JOIN tags_entries ON tags_entries.tag_id=tags.id WHERE tags.id=?";
+        $query = $this->executeQuery($sql_action,array($tag_id));
+        $tagstokeep = $query->fetchAll();
+        $sql_action = "SELECT tags.* FROM tags LEFT JOIN tags_entries ON tags_entries.tag_id=tags.id WHERE tags.id=?";
+        $query = $this->executeQuery($sql_action,array($tag_id));
+        $alltags = $query->fetchAll();
+        
+        foreach ($alltags as $tag) {
+            if ($tag && !in_array($tag,$tagstokeep)) {
+                $sql_action = "DELETE FROM tags WHERE id=?";
+                $params_action = array($tag[0]);
+                $this->executeQuery($sql_action, $params_action);
+                return true;
+            }
+        }
+        
+    }
 
     public function retrieveTagByValue($value) {
         $tag  = NULL;
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 811895dc..37cf66a3 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -72,7 +72,7 @@ class Poche
 
         # l10n
         $language = $this->user->getConfigValue('language');
-        putenv('LC_ALL=' . $language);
+        @putenv('LC_ALL=' . $language);
         setlocale(LC_ALL, $language);
         bindtextdomain($language, LOCALE);
         textdomain($language);
@@ -101,7 +101,7 @@ class Poche
 
     public function configFileIsAvailable() {
         if (! self::$configFileAvailable) {
-            $this->notInstalledMessage[] = 'You have to rename inc/poche/config.inc.php.new to inc/poche/config.inc.php.';
+            $this->notInstalledMessage[] = 'You have to copy (don\'t just rename!) inc/poche/config.inc.default.php to inc/poche/config.inc.php.';
 
             return false;
         }
@@ -242,6 +242,58 @@ class Poche
         $this->tpl->addFilter($filter);
     }
 
+    public function createNewUser() {
+        if (isset($_GET['newuser'])){
+            if ($_POST['newusername'] != "" && $_POST['password4newuser'] != ""){
+                $newusername = filter_var($_POST['newusername'], FILTER_SANITIZE_STRING);
+                if (!$this->store->userExists($newusername)){
+                    if ($this->store->install($newusername, Tools::encodeString($_POST['password4newuser'] . $newusername))) {
+                        Tools::logm('The new user '.$newusername.' has been installed');
+                        $this->messages->add('s', sprintf(_('The new user %s has been installed. Do you want to <a href="?logout">logout ?</a>'),$newusername));
+                        Tools::redirect();
+                    }
+                    else {
+                        Tools::logm('error during adding new user');
+                        Tools::redirect();
+                    }
+                }
+                else {
+                    $this->messages->add('e', sprintf(_('Error : An user with the name %s already exists !'),$newusername));
+                    Tools::logm('An user with the name '.$newusername.' already exists !');
+                    Tools::redirect();
+                }
+            }
+        }
+    }
+
+    public function deleteUser(){
+        if (isset($_GET['deluser'])){
+            if ($this->store->listUsers() > 1) {
+                if (Tools::encodeString($_POST['password4deletinguser'].$this->user->getUsername()) == $this->store->getUserPassword($this->user->getId())) {
+                    $username = $this->user->getUsername();
+                    $this->store->deleteUserConfig($this->user->getId());
+                    Tools::logm('The configuration for user '. $username .' has been deleted !');
+                    $this->store->deleteTagsEntriesAndEntries($this->user->getId());
+                    Tools::logm('The entries for user '. $username .' has been deleted !');
+                    $this->store->deleteUser($this->user->getId());
+                    Tools::logm('User '. $username .' has been completely deleted !');
+                    Session::logout();
+                    Tools::logm('logout');
+                    Tools::redirect();
+                    $this->messages->add('s', sprintf(_('User %s has been successfully deleted !'),$newusername));
+                }
+                else {
+                    Tools::logm('Bad password !');
+                    $this->messages->add('e', _('Error : The password is wrong !'));
+                }
+            }
+            else {
+                Tools::logm('Only user !');
+                $this->messages->add('e', _('Error : You are the only user, you cannot delete your account !'));
+            }
+        }
+    }
+
     private function install()
     {
         Tools::logm('poche still not installed');
@@ -434,12 +486,24 @@ class Poche
             case 'toggle_fav' :
                 $this->store->favoriteById($id, $this->user->getId());
                 Tools::logm('mark as favorite link #' . $id);
-                Tools::redirect();
+                if ( Tools::isAjaxRequest() ) {
+                  echo 1;
+                  exit;
+                }
+                else {
+                  Tools::redirect();
+                }
                 break;
             case 'toggle_archive' :
                 $this->store->archiveById($id, $this->user->getId());
                 Tools::logm('archive link #' . $id);
-                Tools::redirect();
+                if ( Tools::isAjaxRequest() ) {
+                  echo 1;
+                  exit;
+                }
+                else {
+                  Tools::redirect();
+                }
                 break;
             case 'archive_all' :
                 $this->store->archiveAll($this->user->getId());
@@ -447,42 +511,55 @@ class Poche
                 Tools::redirect();
                 break;
             case 'add_tag' :
-                $tags = explode(',', $_POST['value']);
-                $entry_id = $_POST['entry_id'];
-                $entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
-                if (!$entry) {
-                    $this->messages->add('e', _('Article not found!'));
-                    Tools::logm('error : article not found');
-                    Tools::redirect();
-                }
-                //get all already set tags to preven duplicates
-                $already_set_tags = array();
-                $entry_tags = $this->store->retrieveTagsByEntry($entry_id);
-                foreach ($entry_tags as $tag) {
-                  $already_set_tags[] = $tag['value'];
+                if (isset($_GET['search'])) {
+                    //when we want to apply a tag to a search
+                    $tags = array($_GET['search']);
+                    $allentry_ids = $this->store->search($tags[0], $this->user->getId());
+                    $entry_ids = array();
+                    foreach ($allentry_ids as $eachentry) {
+                        $entry_ids[] = $eachentry[0];
+                    }
+                } else { //add a tag to a single article
+                    $tags = explode(',', $_POST['value']);
+                    $entry_ids = array($_POST['entry_id']);
                 }
-                foreach($tags as $key => $tag_value) {
-                    $value = trim($tag_value);
-                    if ($value && !in_array($value, $already_set_tags)) {
-                      $tag = $this->store->retrieveTagByValue($value);
-
-                      if (is_null($tag)) {
-                          # we create the tag
-                          $tag = $this->store->createTag($value);
-                          $sequence = '';
-                          if (STORAGE == 'postgres') {
-                              $sequence = 'tags_id_seq';
+                foreach($entry_ids as $entry_id) {
+                    $entry = $this->store->retrieveOneById($entry_id, $this->user->getId());
+                    if (!$entry) {
+                        $this->messages->add('e', _('Article not found!'));
+                        Tools::logm('error : article not found');
+                        Tools::redirect();
+                    }
+                    //get all already set tags to preven duplicates
+                    $already_set_tags = array();
+                    $entry_tags = $this->store->retrieveTagsByEntry($entry_id);
+                    foreach ($entry_tags as $tag) {
+                      $already_set_tags[] = $tag['value'];
+                    }
+                    foreach($tags as $key => $tag_value) {
+                        $value = trim($tag_value);
+                        if ($value && !in_array($value, $already_set_tags)) {
+                          $tag = $this->store->retrieveTagByValue($value);
+                          if (is_null($tag)) {
+                              # we create the tag
+                              $tag = $this->store->createTag($value);
+                              $sequence = '';
+                              if (STORAGE == 'postgres') {
+                                  $sequence = 'tags_id_seq';
+                              }
+                              $tag_id = $this->store->getLastId($sequence);
                           }
-                          $tag_id = $this->store->getLastId($sequence);
-                      }
-                      else {
-                          $tag_id = $tag['id'];
-                      }
-
-                      # we assign the tag to the article
-                      $this->store->setTagToEntry($tag_id, $entry_id);
+                          else {
+                              $tag_id = $tag['id'];
+                          }
+
+                          # we assign the tag to the article
+                          $this->store->setTagToEntry($tag_id, $entry_id);
+                        }
                     }
                 }
+                $this->messages->add('s', _('The tag has been applied successfully'));
+                Tools::logm('The tag has been applied successfully');
                 Tools::redirect();
                 break;
             case 'remove_tag' :
@@ -494,6 +571,11 @@ class Poche
                     Tools::redirect();
                 }
                 $this->store->removeTagForEntry($id, $tag_id);
+                Tools::logm('tag entry deleted');
+                if ($this->store->cleanUnusedTag($tag_id)) {
+                    Tools::logm('tag deleted');
+                }
+                $this->messages->add('s', _('The tag has been successfully deleted'));
                 Tools::redirect();
                 break;
             default:
@@ -520,6 +602,7 @@ class Poche
                 $languages = $this->getInstalledLanguages();
                 $token = $this->user->getConfigValue('token');
                 $http_auth = (isset($_SERVER['PHP_AUTH_USER']) || isset($_SERVER['REMOTE_USER'])) ? true : false;
+                $only_user = ($this->store->listUsers() > 1) ? false : true;
                 $tpl_vars = array(
                     'themes' => $themes,
                     'languages' => $languages,
@@ -532,6 +615,7 @@ class Poche
                     'token' => $token,
                     'user_id' => $this->user->getId(),
                     'http_auth' => $http_auth,
+                    'only_user' => $only_user
                 );
                 Tools::logm('config view');
                 break;
@@ -822,13 +906,6 @@ class Poche
      */
     public function import() {
 
-      if (!defined('IMPORT_LIMIT')) {
-        define('IMPORT_LIMIT', 5);
-      }
-      if (!defined('IMPORT_DELAY')) {
-        define('IMPORT_DELAY', 5);
-      }
-
       if ( isset($_FILES['file']) ) {
         Tools::logm('Import stated: parsing file');
 
@@ -1065,11 +1142,127 @@ class Poche
      * return new purifier object with actual config
      */
     protected function getPurifier() {
-      $config = HTMLPurifier_Config::createDefault();

-      $config->set('Cache.SerializerPath', CACHE);

-      $config->set('HTML.SafeIframe', true);

-      $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);
-

+      $config = HTMLPurifier_Config::createDefault();
+      $config->set('Cache.SerializerPath', CACHE);
+      $config->set('HTML.SafeIframe', true);
+      //allow YouTube, Vimeo and dailymotion videos
+      $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/|www\.dailymotion\.com/embed/video/)%');
+
       return new HTMLPurifier($config);
     }
+    
+    /**
+     * handle epub
+     */
+    public function createEpub() {
+       
+        switch ($_GET['method']) {
+            case 'id':
+                $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
+                $entry = $this->store->retrieveOneById($entryID, $this->user->getId());
+                $entries = array($entry);
+                $bookTitle = $entry['title'];
+                $bookFileName = substr($bookTitle, 0, 200);
+                break;
+            case 'all':
+                $entries = $this->store->retrieveAll($this->user->getId());
+                $bookTitle = sprintf(_('All my articles on '), date(_('d.m.y'))); #translatable because each country has it's own date format system
+                $bookFileName = _('Allarticles') . date(_('dmY'));
+                break;
+            case 'tag':
+                $tag = filter_var($_GET['tag'],FILTER_SANITIZE_STRING);
+                $tags_id = $this->store->retrieveAllTags($this->user->getId(),$tag);
+                $tag_id = $tags_id[0]["id"]; // we take the first result, which is supposed to match perfectly. There must be a workaround.
+                $entries = $this->store->retrieveEntriesByTag($tag_id,$this->user->getId());
+                $bookTitle = sprintf(_('Articles tagged %s'),$tag);
+                $bookFileName = substr(sprintf(_('Tag %s'),$tag), 0, 200);
+                break;
+            case 'category':
+                $category = filter_var($_GET['category'],FILTER_SANITIZE_STRING);
+                $entries = $this->store->getEntriesByView($category,$this->user->getId());
+                $bookTitle = sprintf(_('All articles in category %s'), $category);
+                $bookFileName = substr(sprintf(_('Category %s'),$category), 0, 200);
+                break;
+            case 'search':
+                $search = filter_var($_GET['search'],FILTER_SANITIZE_STRING);
+                $entries = $this->store->search($search,$this->user->getId());
+                $bookTitle = sprintf(_('All articles for search %s'), $search);
+                $bookFileName = substr(sprintf(_('Search %s'), $search), 0, 200);
+                break;
+            case 'default':
+                die(_('Uh, there is a problem while generating epub.'));
+            
+        }
+
+        $content_start =
+        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
+        . "<html xmlns=\"http://www.w3.org/1999/xhtml\" xmlns:epub=\"http://www.idpf.org/2007/ops\">\n"
+        . "<head>"
+        . "<meta http-equiv=\"Default-Style\" content=\"text/html; charset=utf-8\" />\n"
+        . "<title>wallabag articles book</title>\n"
+        . "</head>\n"
+        . "<body>\n";
+
+        $bookEnd = "</body>\n</html>\n";
+        
+        $log = new Logger("wallabag", TRUE);
+        $fileDir = CACHE;
+
+        
+        $book = new EPub(EPub::BOOK_VERSION_EPUB3);
+        $log->logLine("new EPub()");
+        $log->logLine("EPub class version: " . EPub::VERSION);
+        $log->logLine("EPub Req. Zip version: " . EPub::REQ_ZIP_VERSION);
+        $log->logLine("Zip version: " . Zip::VERSION);
+        $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());
+        $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());
+        
+        $book->setTitle(_('wallabag\'s articles'));
+        $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.
+        //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.
+        $book->setDescription(_("Some articles saved on my wallabag"));
+        $book->setAuthor("wallabag","wallabag");
+        $book->setPublisher("wallabag","wallabag"); // I hope this is a non existant address :)
+        $book->setDate(time()); // Strictly not needed as the book date defaults to time().
+        //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.
+        $book->setSourceURL("http://$_SERVER[HTTP_HOST]");
+        
+        $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");
+        $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");
+        
+        $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";
+        
+        $log->logLine("Add Cover");
+        
+        $fullTitle = "<h1> " . $bookTitle . "</h1>\n";
+        
+        $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);
+        
+        $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;
+        
+        //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);
+        $book->addChapter("Notices", "Cover2.html", $cover);
+        
+        $book->buildTOC();
+        
+        foreach ($entries as $entry) { //set tags as subjects
+            $tags = $this->store->retrieveTagsByEntry($entry['id']);
+            foreach ($tags as $tag) {
+                $book->setSubject($tag['value']);
+            }
+            
+            $log->logLine("Set up parameters");
+            
+            $chapter = $content_start . $entry['content'] . $bookEnd;
+            $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);
+            $log->logLine("Added chapter " . $entry['title']);
+        }
+
+        if (DEBUG_POCHE) { 
+            $epuplog = $book->getLog();
+            $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation
+        }
+        $book->finalize();
+        $zipData = $book->sendBook($bookFileName);
+    }
 }
diff --git a/inc/poche/Tools.class.php b/inc/poche/Tools.class.php
index 7f064020..8073a3fe 100755
--- a/inc/poche/Tools.class.php
+++ b/inc/poche/Tools.class.php
@@ -60,6 +60,10 @@ class Tools
         }
 
         $host = (isset($_SERVER['HTTP_X_FORWARDED_HOST']) ? $_SERVER['HTTP_X_FORWARDED_HOST'] : (isset($_SERVER['HTTP_HOST']) ? $_SERVER['HTTP_HOST'] : $_SERVER['SERVER_NAME']));
+
+        if (strpos($host, ':') !== false) {
+            $serverport = '';
+        }
         
         return 'http' . ($https ? 's' : '') . '://'
             . $host . $serverport . $scriptname;
diff --git a/inc/poche/config.inc.default.php b/inc/poche/config.inc.default.php
new file mode 100755
index 00000000..ffcd205d
--- /dev/null
+++ b/inc/poche/config.inc.default.php
@@ -0,0 +1,64 @@
+<?php
+/**
+ * wallabag, self hostable application allowing you to not miss any content anymore
+ *
+ * @category   wallabag
+ * @author     Nicolas Lœuillet <nicolas@loeuillet.org>
+ * @copyright  2013
+ * @license    http://www.wtfpl.net/ see COPYING file
+ */
+
+@define ('SALT', ''); # put a strong string here
+@define ('LANG', 'en_EN.utf8');
+
+@define ('STORAGE', 'sqlite'); # postgres, mysql or sqlite
+
+@define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located
+
+# only for postgres & mysql
+@define ('STORAGE_SERVER', 'localhost');
+@define ('STORAGE_DB', 'poche');
+@define ('STORAGE_USER', 'poche');
+@define ('STORAGE_PASSWORD', 'poche');
+
+#################################################################################
+# Do not trespass unless you know what you are doing
+#################################################################################
+
+// Change this if not using the standart port for SSL - i.e you server is behind sslh
+@define ('SSL_PORT', 443);
+
+@define ('MODE_DEMO', FALSE);
+@define ('DEBUG_POCHE', FALSE);
+@define ('DOWNLOAD_PICTURES', FALSE); # This can slow down the process of adding articles
+@define ('REGENERATE_PICTURES_QUALITY', 75);
+@define ('CONVERT_LINKS_FOOTNOTES', FALSE);
+@define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
+@define ('SHARE_TWITTER', TRUE);
+@define ('SHARE_MAIL', TRUE);
+@define ('SHARE_SHAARLI', FALSE);
+@define ('SHAARLI_URL', 'http://myshaarliurl.com');
+@define ('FLATTR', TRUE);
+@define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url=');
+@define ('NOT_FLATTRABLE', '0');
+@define ('FLATTRABLE', '1');
+@define ('FLATTRED', '2');
+// display or not print link in article view
+@define ('SHOW_PRINTLINK', '1');
+// display or not percent of read in article view. Affects only default theme.
+@define ('SHOW_READPERCENT', '1');
+@define ('ABS_PATH', 'assets/');
+
+@define ('DEFAULT_THEME', 'baggy');
+
+@define ('THEME', ROOT . '/themes');
+@define ('LOCALE', ROOT . '/locale');
+@define ('CACHE', ROOT . '/cache');
+
+@define ('PAGINATION', '10');
+
+//limit for download of articles during import
+@define ('IMPORT_LIMIT', 5);
+//delay between downloads (in sec)
+@define ('IMPORT_DELAY', 5);
+
diff --git a/inc/poche/config.inc.php.new b/inc/poche/config.inc.php.new
deleted file mode 100755
index 83b3c4c0..00000000
--- a/inc/poche/config.inc.php.new
+++ /dev/null
@@ -1,59 +0,0 @@
-<?php
-/**
- * wallabag, self hostable application allowing you to not miss any content anymore
- *
- * @category   wallabag
- * @author     Nicolas Lœuillet <nicolas@loeuillet.org>
- * @copyright  2013
- * @license    http://www.wtfpl.net/ see COPYING file
- */
-
-define ('SALT', ''); # put a strong string here
-define ('LANG', 'en_EN.utf8');
-
-define ('STORAGE', 'sqlite'); # postgres, mysql or sqlite
-
-define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located
-
-# only for postgres & mysql
-define ('STORAGE_SERVER', 'localhost');
-define ('STORAGE_DB', 'poche');
-define ('STORAGE_USER', 'poche');
-define ('STORAGE_PASSWORD', 'poche');
-
-#################################################################################
-# Do not trespass unless you know what you are doing
-#################################################################################
-
-// Change this if not using the standart port for SSL - i.e you server is behind sslh
-define ('SSL_PORT', 443); 
-
-define ('MODE_DEMO', FALSE);
-define ('DEBUG_POCHE', FALSE);
-define ('DOWNLOAD_PICTURES', FALSE);
-define ('CONVERT_LINKS_FOOTNOTES', FALSE);
-define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
-define ('SHARE_TWITTER', TRUE);
-define ('SHARE_MAIL', TRUE);
-define ('SHARE_SHAARLI', FALSE);
-define ('SHAARLI_URL', 'http://myshaarliurl.com');
-define ('FLATTR', TRUE);
-define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url=');
-define ('NOT_FLATTRABLE', '0');
-define ('FLATTRABLE', '1');
-define ('FLATTRED', '2');
-define ('ABS_PATH', 'assets/');
-
-define ('DEFAULT_THEME', 'baggy');
-
-define ('THEME', ROOT . '/themes');
-define ('LOCALE', ROOT . '/locale');
-define ('CACHE', ROOT . '/cache');
-
-define ('PAGINATION', '10');
-
-//limit for download of articles during import
-define ('IMPORT_LIMIT', 5);
-//delay between downloads (in sec)
-define ('IMPORT_DELAY', 5);
-
diff --git a/inc/poche/global.inc.php b/inc/poche/global.inc.php
index 15091387..8cf86d03 100644..100755
--- a/inc/poche/global.inc.php
+++ b/inc/poche/global.inc.php
@@ -31,6 +31,11 @@ require_once INCLUDES . '/3rdparty/FlattrItem.class.php';
 
 require_once INCLUDES . '/3rdparty/htmlpurifier/HTMLPurifier.auto.php';
 
+# epub library
+require_once INCLUDES . '/3rdparty/libraries/PHPePub/Logger.php';
+require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPub.php';
+require_once INCLUDES . '/3rdparty/libraries/PHPePub/EPubChapterSplitter.php';
+
 # Composer its autoloader for automatically loading Twig
 if (! file_exists(ROOT . '/vendor/autoload.php')) {
     Poche::$canRenderTemplates = false;
@@ -43,6 +48,7 @@ if (! file_exists(INCLUDES . '/poche/config.inc.php')) {
     Poche::$configFileAvailable = false;
 } else {
     require_once INCLUDES . '/poche/config.inc.php';
+    require_once INCLUDES . '/poche/config.inc.default.php';
 }
 
 if (Poche::$configFileAvailable && DOWNLOAD_PICTURES) {
diff --git a/inc/poche/pochePictures.php b/inc/poche/pochePictures.php
index e4b0b160..7c319a85 100644
--- a/inc/poche/pochePictures.php
+++ b/inc/poche/pochePictures.php
@@ -14,6 +14,7 @@
 function filtre_picture($content, $url, $id)
 {
     $matches = array();
+    $processing_pictures = array(); // list of processing image to avoid processing the same pictures twice
     preg_match_all('#<\s*(img)[^>]+src="([^"]*)"[^>]*>#Si', $content, $matches, PREG_SET_ORDER);
     foreach($matches as $i => $link) {
         $link[1] = trim($link[1]);
@@ -22,8 +23,17 @@ function filtre_picture($content, $url, $id)
             $filename = basename(parse_url($absolute_path, PHP_URL_PATH));
             $directory = create_assets_directory($id);
             $fullpath = $directory . '/' . $filename;
-            download_pictures($absolute_path, $fullpath);
-            $content = str_replace($matches[$i][2], $fullpath, $content);
+            
+            if (in_array($absolute_path, $processing_pictures) === true) {
+                // replace picture's URL only if processing is OK : already processing -> go to next picture
+                continue;
+            }
+            
+            if (download_pictures($absolute_path, $fullpath) === true) {
+                $content = str_replace($matches[$i][2], $fullpath, $content);
+            }
+            
+            $processing_pictures[] = $absolute_path;
         }
 
     }
@@ -64,17 +74,55 @@ function get_absolute_link($relative_link, $url) {
 
 /**
  * Téléchargement des images
+ * 
+ * @return bool true if the download and processing is OK, false else
  */
 function download_pictures($absolute_path, $fullpath)
 {
     $rawdata = Tools::getFile($absolute_path);
+    $fullpath = urldecode($fullpath);
 
     if(file_exists($fullpath)) {
         unlink($fullpath);
     }
-    $fp = fopen($fullpath, 'x');
-    fwrite($fp, $rawdata);
-    fclose($fp);
+    
+    // check extension
+    $file_ext = strrchr($fullpath, '.');
+    $whitelist = array(".jpg",".jpeg",".gif",".png"); 
+    if (!(in_array($file_ext, $whitelist))) {
+        Tools::logm('processed image with not allowed extension. Skipping ' . $fullpath);
+        return false;
+    }
+    
+    // check headers
+    $imageinfo = getimagesize($absolute_path);
+    if ($imageinfo['mime'] != 'image/gif' && $imageinfo['mime'] != 'image/jpeg'&& $imageinfo['mime'] != 'image/jpg'&& $imageinfo['mime'] != 'image/png') {
+        Tools::logm('processed image with bad header. Skipping ' . $fullpath);
+        return false;
+    }
+    
+    // regenerate image
+    $im = imagecreatefromstring($rawdata);
+    if ($im === false) {
+        Tools::logm('error while regenerating image ' . $fullpath);
+        return false;
+    }
+    
+    switch ($imageinfo['mime']) {
+        case 'image/gif':
+            $result = imagegif($im, $fullpath);
+            break;
+        case 'image/jpeg':
+        case 'image/jpg':
+            $result = imagejpeg($im, $fullpath, REGENERATE_PICTURES_QUALITY);
+            break;
+        case 'image/png':
+            $result = imagepng($im, $fullpath, ceil(REGENERATE_PICTURES_QUALITY / 100 * 9));
+            break;
+    }
+    imagedestroy($im);
+    
+    return $result;
 }
 
 /**