From cbc75befb5bdf368bec15f47413bd7669273a181 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 30 May 2014 17:14:53 +0300 Subject: small xss vulnerability and translation ability fix --- inc/poche/Poche.class.php | 41 ++++++++++++++++++++--------------------- 1 file changed, 20 insertions(+), 21 deletions(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 37cf66a3..b0c0adf8 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1083,11 +1083,10 @@ class Poche $config = $this->store->getConfigUser($user_id); if ($config == null) { - die(_('User with this id (' . $user_id . ') does not exist.')); + die(_( sprintf('User with this id (%d) does not exist.', $user_id) )); } - if (!in_array($type, $allowed_types) || - $token != $config['token']) { + if (!in_array($type, $allowed_types) || $token != $config['token']) { die(_('Uh, there is a problem while generating feeds.')); } // Check the token @@ -1150,12 +1149,12 @@ class Poche return new HTMLPurifier($config); } - + /** * handle epub */ public function createEpub() { - + switch ($_GET['method']) { case 'id': $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); @@ -1191,7 +1190,7 @@ class Poche break; case 'default': die(_('Uh, there is a problem while generating epub.')); - + } $content_start = @@ -1204,11 +1203,11 @@ class Poche . "\n"; $bookEnd = "\n\n"; - + $log = new Logger("wallabag", TRUE); $fileDir = CACHE; - + $book = new EPub(EPub::BOOK_VERSION_EPUB3); $log->logLine("new EPub()"); $log->logLine("EPub class version: " . EPub::VERSION); @@ -1216,7 +1215,7 @@ class Poche $log->logLine("Zip version: " . Zip::VERSION); $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); - + $book->setTitle(_('wallabag\'s articles')); $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. @@ -1226,39 +1225,39 @@ class Poche $book->setDate(time()); // Strictly not needed as the book date defaults to time(). //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. $book->setSourceURL("http://$_SERVER[HTTP_HOST]"); - + $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); - + $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; - + $log->logLine("Add Cover"); - + $fullTitle = "

" . $bookTitle . "

\n"; - + $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); - + $cover = $content_start . '

' . _('Produced by wallabag with PHPePub') . '

'. _('Please open an issue if you have trouble with the display of this E-Book on your device.') . '

' . $bookEnd; - + //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); $book->addChapter("Notices", "Cover2.html", $cover); - + $book->buildTOC(); - + foreach ($entries as $entry) { //set tags as subjects $tags = $this->store->retrieveTagsByEntry($entry['id']); foreach ($tags as $tag) { $book->setSubject($tag['value']); } - + $log->logLine("Set up parameters"); - + $chapter = $content_start . $entry['content'] . $bookEnd; $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); $log->logLine("Added chapter " . $entry['title']); } - if (DEBUG_POCHE) { + if (DEBUG_POCHE) { $epuplog = $book->getLog(); $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n" . $bookEnd); // log generation } -- cgit v1.2.3 From 30bd273580a326db1fcc7263e1f52948672f9848 Mon Sep 17 00:00:00 2001 From: Maryana Rozhankivska Date: Fri, 30 May 2014 17:17:34 +0300 Subject: small xss vulnerability and translation ability fix --- inc/poche/Poche.class.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index b0c0adf8..3d1337f3 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1083,7 +1083,7 @@ class Poche $config = $this->store->getConfigUser($user_id); if ($config == null) { - die(_( sprintf('User with this id (%d) does not exist.', $user_id) )); + die(sprintf(_('User with this id (%d) does not exist.'), $user_id)); } if (!in_array($type, $allowed_types) || $token != $config['token']) { -- cgit v1.2.3 From ec15d0a784a84e07b284c76e71fd8496e00559d5 Mon Sep 17 00:00:00 2001 From: tcit Date: Sat, 7 Jun 2014 15:53:39 +0200 Subject: do not debug inside an epub --- inc/poche/Poche.class.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 1b69cd61..4139c4f4 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -1142,11 +1142,11 @@ class Poche * return new purifier object with actual config */ protected function getPurifier() { - $config = HTMLPurifier_Config::createDefault(); - $config->set('Cache.SerializerPath', CACHE); - $config->set('HTML.SafeIframe', true); + $config = HTMLPurifier_Config::createDefault(); + $config->set('Cache.SerializerPath', CACHE); + $config->set('HTML.SafeIframe', true); $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config); - + return new HTMLPurifier($config); } @@ -1208,7 +1208,7 @@ class Poche $fileDir = CACHE; - $book = new EPub(EPub::BOOK_VERSION_EPUB3); + $book = new EPub(EPub::BOOK_VERSION_EPUB3, DEBUG_POCHE); $log->logLine("new EPub()"); $log->logLine("EPub class version: " . EPub::VERSION); $log->logLine("EPub Req. Zip version: " . EPub::REQ_ZIP_VERSION); -- cgit v1.2.3 From 5425b0dd82863d548f49dcbd81636ed8dabd7866 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Tue, 8 Jul 2014 21:46:32 +0200 Subject: new fields in database, reading time / date and domain name are stored --- inc/poche/Poche.class.php | 8 -------- 1 file changed, 8 deletions(-) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index 09a9f5ff..e8c32024 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -232,14 +232,6 @@ class Poche $this->tpl = new Twig_Environment($loaderChain, $twigParams); $this->tpl->addExtension(new Twig_Extensions_Extension_I18n()); - - # filter to display domain name of an url - $filter = new Twig_SimpleFilter('getDomain', 'Tools::getDomain'); - $this->tpl->addFilter($filter); - - # filter for reading time - $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); - $this->tpl->addFilter($filter); } public function createNewUser() { -- cgit v1.2.3 From 6400371ff93782d25cdbd50aa224c70145b3890a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20L=C5=93uillet?= Date: Thu, 10 Jul 2014 13:17:04 +0200 Subject: I removed my previous commit. We have to create a new branch for that. --- inc/poche/Poche.class.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'inc/poche/Poche.class.php') diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php index e8c32024..09a9f5ff 100755 --- a/inc/poche/Poche.class.php +++ b/inc/poche/Poche.class.php @@ -232,6 +232,14 @@ class Poche $this->tpl = new Twig_Environment($loaderChain, $twigParams); $this->tpl->addExtension(new Twig_Extensions_Extension_I18n()); + + # filter to display domain name of an url + $filter = new Twig_SimpleFilter('getDomain', 'Tools::getDomain'); + $this->tpl->addFilter($filter); + + # filter for reading time + $filter = new Twig_SimpleFilter('getReadingTime', 'Tools::getReadingTime'); + $this->tpl->addFilter($filter); } public function createNewUser() { -- cgit v1.2.3