diff options
Diffstat (limited to 'inc/functions.php')
| -rw-r--r-- | inc/functions.php | 67 |
1 files changed, 14 insertions, 53 deletions
diff --git a/inc/functions.php b/inc/functions.php index 936ec6ea..13acd36f 100644 --- a/inc/functions.php +++ b/inc/functions.php | |||
| @@ -91,7 +91,7 @@ function get_external_file($url) | |||
| 91 | function prepare_url($url) | 91 | function prepare_url($url) |
| 92 | { | 92 | { |
| 93 | $parametres = array(); | 93 | $parametres = array(); |
| 94 | $url = html_entity_decode(trim($url)); | 94 | $url = html_entity_decode(trim($url)); |
| 95 | 95 | ||
| 96 | // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) | 96 | // We remove the annoying parameters added by FeedBurner and GoogleFeedProxy (?utm_source=...) |
| 97 | // from shaarli, by sebsauvage | 97 | // from shaarli, by sebsauvage |
| @@ -99,7 +99,7 @@ function prepare_url($url) | |||
| 99 | $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); | 99 | $i=strpos($url,'?utm_source='); if ($i!==false) $url=substr($url,0,$i); |
| 100 | $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); | 100 | $i=strpos($url,'#xtor=RSS-'); if ($i!==false) $url=substr($url,0,$i); |
| 101 | 101 | ||
| 102 | $title = $url; | 102 | $title = $url; |
| 103 | if (!preg_match('!^https?://!i', $url)) | 103 | if (!preg_match('!^https?://!i', $url)) |
| 104 | $url = 'http://' . $url; | 104 | $url = 'http://' . $url; |
| 105 | 105 | ||
| @@ -230,7 +230,7 @@ function remove_directory($directory) | |||
| 230 | * Appel d'une action (mark as fav, archive, delete) | 230 | * Appel d'une action (mark as fav, archive, delete) |
| 231 | */ | 231 | */ |
| 232 | 232 | ||
| 233 | function action_to_do($action, $url, $token, $id = 0) | 233 | function action_to_do($action, $url, $id = 0) |
| 234 | { | 234 | { |
| 235 | global $db; | 235 | global $db; |
| 236 | 236 | ||
| @@ -248,29 +248,20 @@ function action_to_do($action, $url, $token, $id = 0) | |||
| 248 | logm('add link ' . $url); | 248 | logm('add link ' . $url); |
| 249 | break; | 249 | break; |
| 250 | case 'delete': | 250 | case 'delete': |
| 251 | if (verif_token($token)) { | 251 | remove_directory(ABS_PATH . $id); |
| 252 | remove_directory(ABS_PATH . $id); | 252 | $sql_action = "DELETE FROM entries WHERE id=?"; |
| 253 | $sql_action = "DELETE FROM entries WHERE id=?"; | 253 | $params_action = array($id); |
| 254 | $params_action = array($id); | 254 | logm('delete link #' . $id); |
| 255 | logm('delete link #' . $id); | ||
| 256 | } | ||
| 257 | else logm('csrf problem while deleting entry'); | ||
| 258 | break; | 255 | break; |
| 259 | case 'toggle_fav' : | 256 | case 'toggle_fav' : |
| 260 | if (verif_token($token)) { | 257 | $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; |
| 261 | $sql_action = "UPDATE entries SET is_fav=~is_fav WHERE id=?"; | 258 | $params_action = array($id); |
| 262 | $params_action = array($id); | 259 | logm('mark as favorite link #' . $id); |
| 263 | logm('mark as favorite link #' . $id); | ||
| 264 | } | ||
| 265 | else logm('csrf problem while fav entry'); | ||
| 266 | break; | 260 | break; |
| 267 | case 'toggle_archive' : | 261 | case 'toggle_archive' : |
| 268 | if (verif_token($token)) { | 262 | $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; |
| 269 | $sql_action = "UPDATE entries SET is_read=~is_read WHERE id=?"; | 263 | $params_action = array($id); |
| 270 | $params_action = array($id); | 264 | logm('archive link #' . $id); |
| 271 | logm('archive link #' . $id); | ||
| 272 | } | ||
| 273 | else logm('csrf problem while archive entry'); | ||
| 274 | break; | 265 | break; |
| 275 | default: | 266 | default: |
| 276 | break; | 267 | break; |
| @@ -305,7 +296,7 @@ function action_to_do($action, $url, $token, $id = 0) | |||
| 305 | /** | 296 | /** |
| 306 | * Détermine quels liens afficher : home, fav ou archives | 297 | * Détermine quels liens afficher : home, fav ou archives |
| 307 | */ | 298 | */ |
| 308 | function display_view($view) | 299 | function get_entries($view) |
| 309 | { | 300 | { |
| 310 | global $db; | 301 | global $db; |
| 311 | 302 | ||
| @@ -385,36 +376,6 @@ function get_article($id) | |||
| 385 | return $entry; | 376 | return $entry; |
| 386 | } | 377 | } |
| 387 | 378 | ||
| 388 | /** | ||
| 389 | * Vérifie si le jeton passé en $_POST correspond à celui en session | ||
| 390 | */ | ||
| 391 | function verif_token($token) | ||
| 392 | { | ||
| 393 | if(isset($_SESSION['token_poche']) && isset($_SESSION['token_time_poche']) && isset($token)) | ||
| 394 | { | ||
| 395 | if($_SESSION['token_poche'] == $token) | ||
| 396 | { | ||
| 397 | $old_timestamp = time() - (15*60); | ||
| 398 | if($_SESSION['token_time_poche'] >= $old_timestamp) | ||
| 399 | { | ||
| 400 | return TRUE; | ||
| 401 | } | ||
| 402 | else { | ||
| 403 | session_destroy(); | ||
| 404 | logm('session expired'); | ||
| 405 | } | ||
| 406 | } | ||
| 407 | else { | ||
| 408 | logm('token error : the token is different'); | ||
| 409 | return FALSE; | ||
| 410 | } | ||
| 411 | } | ||
| 412 | else { | ||
| 413 | logm('token error : the token is not here'); | ||
| 414 | return FALSE; | ||
| 415 | } | ||
| 416 | } | ||
| 417 | |||
| 418 | function logm($message) | 379 | function logm($message) |
| 419 | { | 380 | { |
| 420 | $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n"; | 381 | $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n"; |