forks/tinytinyrss-fever-plugin
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

base: forks:1.4.6
Branches Tags
forks:master
forks:2.2.0 forks:2.1.0 forks:1.4.7 forks:1.4.6 forks:v1.4.4 forks:v1.4.3 forks:v1.4.2 forks:v1.4.1 forks:v1.4 forks:v1.3 forks:v1.2 forks:v1.4.5
...
compare: forks:2.1.0
Branches Tags
forks:master
forks:2.2.0 forks:2.1.0 forks:1.4.7 forks:1.4.6 forks:v1.4.4 forks:v1.4.3 forks:v1.4.2 forks:v1.4.1 forks:v1.4 forks:v1.3 forks:v1.2 forks:v1.4.5

17 Commits
1.4.6 ... 2.1.0

Author SHA1 Message Date
Grant Pannell
5bd3261dc2 Fix readme version 2017-12-25 04:15:16 +10:30
Grant Pannell
0c31d8c37a Version bump 2.1 2017-12-25 04:14:39 +10:30
Grant Pannell
56f9d06435 Sync with tt-rss, use pdo for db queries 2017-12-25 04:11:49 +10:30
Grant Pannell
408e0d7695 Fix missing argument, php 7.1 2017-10-20 01:14:44 +10:30
root
da3f333f98 Fix execute perms 2017-05-16 01:20:09 +09:30
Grant Pannell
254d5fdd9e update readme 2017-05-16 01:15:53 +09:30
Grant Pannell
6d26584d34 Take back my plugin - fix a bunch of bugs which counters not updating, 
clean things up, sync back with ttrss source
 2017-05-16 01:10:32 +09:30
chyiz
a7fd1e385e Merge branch 'fixCCache' 2017-05-12 02:19:18 -04:00
Matt S
9c75e5a1e2 Update fever_api.php to support CCache class 2017-05-08 21:40:29 +01:00
Colin Dunn
0b1475d938 Update fever_api.php to support Article class 
The latest commit to tt-rss now has classes for various objects, including an Article class, which causes errors in the plugin. This update make the plugin functional again.
 2017-05-05 11:22:53 +10:00
Torsten Stelling
c4c8660215 Merge pull request #20 from AbeEstrada/patch-1 
Update version, closes #18
 2015-11-23 18:46:02 +01:00
Abe Estrada
bf23afd8ac Update version, closes #18 2015-05-19 15:22:35 -06:00
Torsten Stelling
16fcb8852c Updated documentation 
with Press ;) Seems to work now...
 2014-01-15 23:18:59 +01:00
Torsten Stelling
30e3d5cd93 renamed $IS_PRESS to $ID_HACK_FOR_MRREADER 
Renamed $IS_PRESS to $ID_HACK_FOR_MRREADER to make code more readable. This helps others understand the code.
 2014-01-15 22:48:49 +01:00
Torsten Stelling
cfdb4e92f8 Updates to download section in dokumentation 2014-01-15 17:36:18 +01:00
Torsten Stelling
04dfc947a8 added release notes 2014-01-15 17:31:42 +01:00
Torsten Stelling
1706ba074f added rewrite_urls function since it was removed from tinytinyrss 2014-01-15 17:30:20 +01:00
4 changed files with 973 additions and 983 deletions
Expand all files Collapse all files

19
README.md
View File

@@ -29,7 +29,7 @@ Following Features are implemented:
## <a name="downloads">Downloads</a>
Please click the [```Download ZIP```](https://github.com/dasmurphy/tinytinyrss-fever-plugin/archive/master.zip) button to download current version. ;)
Please click on [```releases```](https://github.com/dasmurphy/tinytinyrss-fever-plugin/releases) button to download the latest stable version. Or click the [```Download ZIP```](https://github.com/dasmurphy/tinytinyrss-fever-plugin/archive/master.zip) button to download the edge version. ;)
## <a name="supported">Supported/Tested Clients</a>
@@ -38,6 +38,7 @@ These clients should be working fine with this API emulation.
* [Reeder](http://reederapp.com) - iPhone
* [Mr.Reader](http://www.curioustimes.de/mrreader/index.html) - iPad
* [ReadKit](http://readkitapp.com) - OS X
* [Press](https://play.google.com/store/apps/details?id=com.twentyfivesquares.press) - Android
* [Meltdown](https://github.com/phubbard/Meltdown) - Android
* displays feeds as 'orphan' items, but runs fine
@@ -114,3 +115,19 @@ v1.4.6 - 2014/1/15
* merged bigger pull request to get more Fever API RSS Readers to work
v1.4.7 - 2014/1/15
* added rewrite url function to module, since it was removed from tinytinyrss
v2.0 - 2017/5/16
* Fix ccache exceptions
* Sync previously copied snipets with latest tt-rss source
* General clean up / refactor
* Replace clunky sanitization with what is provided by tt-rss
* Use new Article class for enclosures
v2.1 - 2017/12/25
* Sync previously copied snipets with latest tt-rss source
* Use PDO API for DB queries

645
fever/fever_api.php Executable file → Normal file
View File

@@ -1,7 +1,4 @@
<?php
// v1.4.6
class FeverAPI extends Handler {
const API_LEVEL = 3;
@@ -9,45 +6,185 @@ class FeverAPI extends Handler {
const STATUS_OK = 1;
const STATUS_ERR = 0;
// debugging only functions with JSON
const DEBUG = false; // enable if you need some debug output in your tinytinyrss root
const DEBUG_USER = 0; // your user id you need to debug - look it up in your mysql database and set it to a value bigger than 0
const DEBUG_FILE = './debug_fever.txt'; // the file for debugging output
const ADD_ATTACHED_FILES = 1; //add link in bottom for attached files
// enable if you need some debug output in your tinytinyrss root
const DEBUG = FALSE;
// your user id you need to debug - look it up in your mysql database and set it to a value bigger than 0
const DEBUG_USER = 0;
private $IS_PRESS = 0;
const PLUGIN_NAME = "Fever";
private $id_hack = FALSE;
// add link in bottom for attached files
private $add_attached_files = TRUE;
// output as xml or json
private $xml;
// find the user in the db with a particular api key
private function setUser()
{
$apikey = isset($_REQUEST["api_key"]) ? clean($_REQUEST["api_key"]) : "";
// Login for Mr. Reader
if (strlen($apikey) <= 0 &&
isset($_REQUEST["action"]) &&
clean($_REQUEST["action"]) === "login" &&
isset($_REQUEST["email"])&&
isset($_REQUEST["password"]))
{
$email = $_REQUEST["email"];
$password = $_REQUEST["password"];
$apikey = strtoupper(md5($email . ":" . $password));
setcookie("fever_auth", $apikey, time() + max(SESSION_COOKIE_LIFETIME, 60 * 60 * 24));
}
// override for Mr.Reader when doing some stuff
if (strlen($apikey) <= 0 && isset($_COOKIE["fever_auth"]))
{
$apikey = $_COOKIE['fever_auth'];
}
if (strlen($apikey) > 0)
{
$sth = $this->pdo->prepare("SELECT owner_uid, content FROM ttrss_plugin_storage
WHERE name = ?");
$sth->execute([self::PLUGIN_NAME]);
while ($line = $sth->fetch())
{
$obj = unserialize($line["content"], array("allowed_classes" => FALSE));
if ($obj &&
isset($obj["password"]) &&
strtolower($obj["password"]) === strtolower($apikey))
{
$_SESSION["uid"] = $line["owner_uid"];
break;
}
}
if (self::DEBUG_USER > 0)
{
$_SESSION["uid"] = self::DEBUG_USER; // always authenticate and set debug user
}
}
}
// set whether xml or json
private function setXml()
{
$this->xml = false;
if (isset($_REQUEST["api"]))
{
if (strtolower(clean($_REQUEST["api"])) === "xml")
{
$this->xml = true;
}
}
}
private function setIdHack()
{
$this->id_hack = false;
$user_agent = false;
if (isset($_SERVER["HTTP_USER_AGENT"]))
{
$user_agent = $_SERVER["HTTP_USER_AGENT"];
}
// Check for all client in Android except ReadKit in Mac, Mr. Reader and Dalvik
if ($user_agent &&
(strpos($user_agent, "Dalvik") !== FALSE ||
strpos($user_agent, "ReadKit") !== FALSE ||
strpos($user_agent, "Mr. Reader") !== FALSE))
{
$this->id_hack = true;
}
}
// validate the api_key, user preferences
function before($method) {
/* classes/api.php before */
if (parent::before($method)) {
if (self::DEBUG) {
// add request to debug log
error_log(print_r($_REQUEST, true));
}
// set the user from the db
$this->setUser();
// are we xml or json?
$this->setXml();
// do we need to apply the ID hack
$this->setIdHack();
if ($this->xml)
header("Content-Type: text/xml");
else
header("Content-Type: text/json");
// check we have a valid user
if (!$_SESSION["uid"]) {
$this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
return false;
}
// check if user has api access enabled
if ($_SESSION["uid"] && !get_pref('ENABLE_API_ACCESS')) {
$this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
return false;
}
return true;
}
return false;
}
// always include api_version, status as 'auth'
// output json/xml
function wrap($status, $reply)
{
/* classes/api.php wrap */
$arr = array("api_version" => self::API_LEVEL,
"auth" => $status);
if ($status == self::STATUS_OK)
{
$arr["last_refreshed_on_time"] = $this->lastRefreshedOnTime()."";
if (!empty($reply) && is_array($reply))
{
$arr = array_merge($arr, $reply);
}
if ($status == self::STATUS_OK)
{
$arr["last_refreshed_on_time"] = (string)$this->lastRefreshedOnTime();
}
$resp = "";
if ($this->xml)
{
print $this->array_to_xml($arr);
$resp = $this->array_to_xml($arr);
}
else
{
print json_encode($arr);
if (self::DEBUG) {
// debug output
file_put_contents(self::DEBUG_FILE,'answer : '.json_encode($arr)."\n",FILE_APPEND);
$resp = json_encode($arr);
}
print $resp;
if (self::DEBUG)
{
// debug output
error_log(print_r($resp, true));
}
}
// fever supports xml wrapped in <response> tags
// TODO: holy crap replace this junk
private function array_to_xml($array, $container = 'response', $is_root = true)
{
if (!is_array($array)) return array_to_xml(array($array));
@@ -102,14 +239,15 @@ class FeverAPI extends Handler {
// every authenticated method includes last_refreshed_on_time
private function lastRefreshedOnTime()
{
$result = $this->dbh->query("SELECT last_updated
$sth = $this->pdo->prepare("SELECT " . SUBSTRING_FOR_DATE . "(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE owner_uid = " . $_SESSION["uid"] . "
WHERE owner_uid = ?
ORDER BY last_updated DESC");
$sth->execute([clean($_SESSION["uid"])]);
if ($this->dbh->num_rows($result) > 0)
if ($row = $sth->fetch())
{
$last_refreshed_on_time = strtotime($this->dbh->fetch_result($result, 0, "last_updated"));
$last_refreshed_on_time = (int) strtotime($row["last_updated"]);
}
else
{
@@ -119,59 +257,6 @@ class FeverAPI extends Handler {
return $last_refreshed_on_time;
}
// find the user in the db with a particular api key
private function setUser()
{
$apikey = isset($_REQUEST["api_key"])?$_REQUEST["api_key"]:'';
// here comes Mr.Reader special API for logging in
if ((strlen($apikey)==0)&&
(isset($_REQUEST["action"]))&&
($_REQUEST["action"]=='login')&&
(isset($_REQUEST["email"]))&&
(isset($_REQUEST["password"]))) {
$email = $_REQUEST["email"];
$password = $_REQUEST["password"];
$apikey = strtoupper(md5($email.":".$password));
setcookie('fever_auth',$apikey,time()+60*60*24*30);
if (self::DEBUG) {
// debug output
$output = array();
$output['email'] = $email;
$output['apikey'] = $apikey;
file_put_contents(self::DEBUG_FILE,'auth POST: '.json_encode($output)."\n",FILE_APPEND);
}
}
if ((strlen($apikey)==0)&&isset($_COOKIE['fever_auth'])) { // override for Mr.Reader when doing some stuff
$apikey = $_COOKIE['fever_auth'];
}
if (strlen($apikey)>0)
{
$result = $this->dbh->query("SELECT owner_uid
FROM ttrss_plugin_storage
WHERE content = '".db_escape_string('a:1:{s:8:"password";s:32:"'.strtolower($apikey).'";}') . "'");
if ($this->dbh->num_rows($result) > 0)
{
$_SESSION["uid"] = $this->dbh->fetch_result($result, 0, "owner_uid");
}
if (self::DEBUG_USER>0) {
$_SESSION["uid"] = self::DEBUG_USER; // always authenticate and set debug user
}
}
}
// set whether xml or json
private function setXml()
{
$this->xml = false;
if (isset($_REQUEST["api"]))
{
if (strtolower($_REQUEST["api"]) == "xml")
$this->xml = true;
}
}
private function flattenGroups(&$groupsToGroups, &$groups, &$groupsToTitle, $index)
{
foreach ($groupsToGroups[$index] as $item)
@@ -188,15 +273,16 @@ class FeverAPI extends Handler {
// TODO: ordering of child categories etc
$groups = array();
$result = $this->dbh->query("SELECT id, title, parent_cat
$sth = $this->pdo->prepare("SELECT id, title, parent_cat
FROM ttrss_feed_categories
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'
WHERE owner_uid = ?
ORDER BY order_id ASC");
$sth->execute([clean($_SESSION["uid"])]);
$groupsToGroups = array();
$groupsToTitle = array();
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
if ($line["parent_cat"] === NULL)
{
@@ -235,20 +321,21 @@ class FeverAPI extends Handler {
{
$feeds = array();
$result = $this->dbh->query("SELECT id, title, feed_url, site_url, last_updated
$sth = $this->pdo->prepare("SELECT id, title, feed_url, site_url, " . SUBSTRING_FOR_DATE . "(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'
WHERE owner_uid = ?
ORDER BY order_id ASC");
$sth->execute([clean($_SESSION["uid"])]);
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
array_push($feeds, array("id" => intval($line["id"]),
"favicon_id" => intval($line["id"]),
"title" => $line["title"],
"url" => $line["feed_url"],
"site_url" => $line["site_url"],
"is_spark" => 0, // unsported
"last_updated_on_time" => strtotime($line["last_updated"])
"is_spark" => 0, // unsupported
"last_updated_on_time" => (int) strtotime($line["last_updated"])
));
}
return $feeds;
@@ -258,13 +345,14 @@ class FeverAPI extends Handler {
{
$favicons = array();
$result = $this->dbh->query("SELECT id
$sth = $this->pdo->prepare("SELECT id
FROM ttrss_feeds
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'
WHERE owner_uid = ?
ORDER BY order_id ASC");
$sth->execute([clean($_SESSION["uid"])]);
// data = "image/gif;base64,<base64 encoded image>
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
$filename = "feed-icons/" . $line["id"] . ".ico";
if (file_exists($filename))
@@ -287,76 +375,6 @@ class FeverAPI extends Handler {
return $links;
}
function my_sanitize($str, $site_url = false) {
$res = trim($str); if (!$res) return '';
if (strpos($res, "href=") === false)
$res = rewrite_urls($res);
$charset_hack = '<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>';
$res = trim($res); if (!$res) return '';
libxml_use_internal_errors(true);
$doc = new DOMDocument();
$doc->loadHTML($charset_hack . $res);
$xpath = new DOMXPath($doc);
$entries = $xpath->query('(//a[@href]|//img[@src])');
foreach ($entries as $entry) {
if ($site_url) {
if ($entry->hasAttribute('href'))
$entry->setAttribute('href',
rewrite_relative_url($site_url, $entry->getAttribute('href')));
if ($entry->hasAttribute('src')) {
$src = rewrite_relative_url($site_url, $entry->getAttribute('src'));
$entry->setAttribute('src', $src);
}
}
if (strtolower($entry->nodeName) == "a") {
$entry->setAttribute("target", "_blank");
}
}
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
$entry->setAttribute('sandbox', 'allow-scripts');
}
$disallowed_attributes = array('id', 'style', 'class');
$entries = $xpath->query('//*');
foreach ($entries as $entry) {
if ($entry->hasAttributes()) {
$attrs_to_remove = array();
foreach ($entry->attributes as $attr) {
if (strpos($attr->nodeName, 'on') === 0) { //remove onclick and other on* attributes
array_push($attrs_to_remove, $attr);
}
if (in_array($attr->nodeName, $disallowed_attributes)) {
array_push($attrs_to_remove, $attr);
}
}
foreach ($attrs_to_remove as $attr) {
$entry->removeAttributeNode($attr);
}
}
}
$doc->removeChild($doc->firstChild); //remove doctype
$res = $doc->saveHTML();
return $res;
}
function formatBytes($bytes, $precision = 2) {
$units = array('B', 'KB', 'MB', 'GB', 'TB');
@@ -377,38 +395,30 @@ class FeverAPI extends Handler {
$items = array();
$item_limit = 50;
$where = " owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND ref_id = id ";
$where = " owner_uid = ? AND ref_id = id ";
$where_items = array();
array_push($where_items, clean($_SESSION["uid"]));
if (isset($_REQUEST["feed_ids"]) || isset($_REQUEST["group_ids"])) // added 0.3
{
$feed_ids = array();
if (isset($_REQUEST["feed_ids"]))
{
$feed_ids = explode(",", $_REQUEST["feed_ids"]);
$feed_ids = explode(",", clean($_REQUEST["feed_ids"]));
}
if (isset($_REQUEST["group_ids"]))
{
$group_ids = explode(",", $_REQUEST["group_ids"]);
$num_group_ids = sizeof($group_ids);
$groups_query = " AND cat_id IN (";
foreach ($group_ids as $group_id)
{
if (is_numeric($group_id))
$groups_query .= db_escape_string(intval($group_id)) . ",";
else
$num_group_ids--;
}
if ($num_group_ids <= 0)
$groups_query = " AND cat_id IN ('') ";
else
$groups_query = trim($groups_query, ",") . ")";
$group_ids = array_map("intval", array_filter(explode(",", clean($_REQUEST["group_ids"])), "is_numeric"));
$group_ids_qmarks = arr_qmarks($group_ids);
$feeds_in_group_result = $this->dbh->query("SELECT id".
"FROM ttrss_feeds".
"WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' " . $groups_query);
$sth = $this->pdo->prepare("SELECT id
FROM ttrss_feeds
WHERE owner_uid = ? AND cat_id IN ($group_ids_qmarks)");
$sth->execute(array_merge([clean($_SESSION["uid"])], $group_ids));
$group_feed_ids = array();
while ($line = $this->dbh->fetch_assoc($feeds_in_group_result))
while ($line = $sth->fetch())
{
array_push($group_feed_ids, $line["id"]);
}
@@ -416,23 +426,11 @@ class FeverAPI extends Handler {
$feed_ids = array_unique(array_merge($feed_ids, $group_feed_ids));
}
$query = " feed_id IN (";
$num_feed_ids = sizeof($feed_ids);
foreach ($feed_ids as $feed_id)
{
if (is_numeric($feed_id))
$query.= db_escape_string(intval($feed_id)) . ",";
else
$num_feed_ids--;
}
$feed_ids = array_map("intval", array_filter($feed_ids, "is_numeric"));
$feed_ids_qmarks = arr_qmarks($feed_ids);
if ($num_feed_ids <= 0)
$query = " feed_id IN ('') ";
else
$query = trim($query, ",") . ")";
if (!empty($where)) $where .= " AND ";
$where .= $query;
$where .= " AND feed_id IN ($feed_ids_qmarks) ";
$where_items = array_merge($where_items, $feed_ids);
}
if (isset($_REQUEST["max_id"])) // descending from most recently added
@@ -440,15 +438,11 @@ class FeverAPI extends Handler {
// use the max_id argument to request the previous $item_limit items
if (is_numeric($_REQUEST["max_id"]))
{
$max_id = ($_REQUEST["max_id"] > 0) ? intval($_REQUEST["max_id"]) : 0;
$max_id = ($_REQUEST["max_id"] > 0) ? intval(clean($_REQUEST["max_id"])) : 0;
if ($max_id)
{
if (!empty($where)) $where .= " AND ";
$where .= "id < " . db_escape_string($max_id) . " ";
}
else if (empty($where))
{
$where .= "1";
$where .= " AND id < ? ";
array_push($where_items, $max_id);
}
$where .= " ORDER BY id DESC ";
@@ -456,45 +450,33 @@ class FeverAPI extends Handler {
}
else if (isset($_REQUEST["with_ids"])) // selective
{
if (!empty($where)) $where .= " AND "; // group_ids & feed_ids don't make sense with this query but just in case
$item_ids = array_map("intval", array_filter(explode(",", clean($_REQUEST["with_ids"])), "is_numeric"));
$item_ids_qmarks = arr_qmarks($item_ids);
$item_ids = explode(",", $_REQUEST["with_ids"]);
$query = "id IN (";
$num_ids = sizeof($item_ids);
foreach ($item_ids as $item_id)
{
if (is_numeric($item_id))
$query .= db_escape_string(intval($item_id)) . ",";
else
$num_ids--;
}
if ($num_ids <= 0)
$query = "id IN ('') ";
else
$query = trim($query, ",") . ") ";
$where .= $query;
$where .= " AND id IN ($item_ids_qmarks) ";
$where_items = array_merge($where_items, $item_ids);
}
else // ascending from first added
{
if (is_numeric($_REQUEST["since_id"]))
{
// use the since_id argument to request the next $item_limit items
$since_id = isset($_GET["since_id"]) ? intval($_GET["since_id"]) : 0;
$since_id = isset($_GET["since_id"]) ? intval(clean($_GET["since_id"])) : 0;
if ($since_id)
{
if (!empty($where)) $where .= " AND ";
if ($this->IS_PRESS) {
$where .= "id > " . db_escape_string($since_id) . " ";
} else {
$where .= "id > " . db_escape_string($since_id*1000) . " "; // NASTY hack for Mr. Reader 2.0 on iOS and TinyTiny RSS Fever
}
}
else if (empty($where))
$where .= " AND id > ? ";
if ($this->id_hack)
{
$where .= "1";
$val = $since_id * 1000; // NASTY hack for Mr. Reader 2.0 on iOS and TinyTiny RSS Fever
}
else
{
$val = $since_id;
}
array_push($where_items, $val);
}
$where .= " ORDER BY id ASC ";
@@ -503,43 +485,54 @@ class FeverAPI extends Handler {
$where .= " LIMIT " . $item_limit;
/* classes/api.php getArticle */
// id, feed_id, title, author, html, url, is_saved, is_read, created_on_time
$result = $this->dbh->query("SELECT ref_id, feed_id, title, link, content, id, marked, unread, author, updated
$sth = $this->pdo->prepare("SELECT ref_id, feed_id, title, link, content, id, marked, unread, author,
" . SUBSTRING_FOR_DATE . "(updated,1,16) as updated,
(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) AS site_url,
(SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) AS hide_images
FROM ttrss_entries, ttrss_user_entries
WHERE " . $where);
$sth->execute($where_items);
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
$line_content = $this->my_sanitize($line["content"], $line["link"]);
if (ADD_ATTACHED_FILES){
$enclosures = get_article_enclosures($line["id"]);
$line_content = sanitize(
$line["content"],
API::param_to_bool($line['hide_images']),
false, $line["site_url"], false, $line["id"]);
if ($this->add_attached_files){
$enclosures = Article::get_article_enclosures($line["id"]);
if (count($enclosures) > 0) {
$line_content .= '<ul type="lower-greek">';
foreach ($enclosures as $enclosure) {
if (!empty($enclosure['content_url'])) {
$enc_type = '';
if (!empty($enclosure['content_type'])) {
$enc_type = ', '.$enclosure['content_type'];
if (!empty($enclosure["content_url"])) {
$enc_type = "";
if (!empty($enclosure["content_type"])) {
$enc_type = ", " . $enclosure["content_type"];
}
$enc_size = '';
if (!empty($enclosure['duration'])) {
$enc_size = ' , '.$this->formatBytes($enclosure['duration']);
$enc_size = "";
if (!empty($enclosure["duration"])) {
$enc_size = " , " . $this->formatBytes($enclosure["duration"]);
}
$line_content .= '<li><a href="'.$enclosure['content_url'].'" target="_blank">'.basename($enclosure['content_url']).$enc_type.$enc_size.'</a>'.'</li>';
$line_content .= '<li><a href="' . $enclosure["content_url"] . '" target="_blank">' . basename($enclosure["content_url"]) . $enc_type . $enc_size . '</a></li>';
}
}
$line_content .= '</ul>';
}
}
array_push($items, array("id" => intval($line["id"]),
"feed_id" => intval($line["feed_id"]),
"title" => $line["title"],
"author" => $line["author"],
"html" => $line_content,
"url" => $line["link"],
"is_saved" => (sql_bool_to_bool($line["marked"]) ? 1 : 0),
"is_read" => ( (!sql_bool_to_bool($line["unread"])) ? 1 : 0),
"created_on_time" => strtotime($line["updated"])
"is_saved" => (API::param_to_bool($line["marked"]) ? 1 : 0),
"is_read" => ( (!API::param_to_bool($line["unread"])) ? 1 : 0),
"created_on_time" => (int) strtotime($line["updated"])
));
}
@@ -551,14 +544,14 @@ class FeverAPI extends Handler {
// number of total items
$total_items = 0;
$where = " owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'";
$result = $this->dbh->query("SELECT COUNT(ref_id) as total_items
$sth = $this->pdo->prepare("SELECT COUNT(ref_id) as total_items
FROM ttrss_user_entries
WHERE " . $where);
WHERE owner_uid = ?");
$sth->execute([clean($_SESSION["uid"])]);
if ($this->dbh->num_rows($result) > 0)
if ($line = $sth->fetch())
{
$total_items = $this->dbh->fetch_result($result, 0, "total_items");
$total_items = $line["total_items"];
}
return $total_items;
@@ -568,15 +561,16 @@ class FeverAPI extends Handler {
{
$feeds_groups = array();
$result = $this->dbh->query("SELECT id, cat_id
$sth = $this->pdo->prepare("SELECT id, cat_id
FROM ttrss_feeds
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'
WHERE owner_uid = ?
AND cat_id IS NOT NULL
ORDER BY id ASC");
$sth->execute([clean($_SESSION["uid"])]);
$groupsToFeeds = array();
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
if (!array_key_exists($line["cat_id"], $groupsToFeeds))
$groupsToFeeds[$line["cat_id"]] = array();
@@ -600,11 +594,12 @@ class FeverAPI extends Handler {
function getUnreadItemIds()
{
$unreadItemIdsCSV = "";
$result = $this->dbh->query("SELECT ref_id
$sth = $this->pdo->prepare("SELECT ref_id
FROM ttrss_user_entries
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND unread"); // ORDER BY red_id DESC
WHERE owner_uid = ? AND unread = true"); // ORDER BY red_id DESC
$sth->execute([clean($_SESSION["uid"])]);
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
$unreadItemIdsCSV .= $line["ref_id"] . ",";
}
@@ -616,11 +611,12 @@ class FeverAPI extends Handler {
function getSavedItemIds()
{
$savedItemIdsCSV = "";
$result = $this->dbh->query("SELECT ref_id
$sth = $this->pdo->prepare("SELECT ref_id
FROM ttrss_user_entries
WHERE owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND marked");
WHERE owner_uid = ? AND marked = true");
$sth->execute([clean($_SESSION["uid"])]);
while ($line = $this->dbh->fetch_assoc($result))
while ($line = $sth->fetch())
{
$savedItemIdsCSV .= $line["ref_id"] . ",";
}
@@ -629,8 +625,14 @@ class FeverAPI extends Handler {
return $savedItemIdsCSV;
}
function setItem($id, $field_raw, $mode, $before = 0)
function setItem($id, $field_raw, $mode)
{
/* classes/api.php updateArticle */
$article_ids = array_map("intval", array_filter(explode(",", clean($id)), "is_numeric"));
$mode = (int) clean($mode);
$field_raw = (int) clean($field_raw);
$field = "";
$set_to = "";
@@ -654,20 +656,23 @@ class FeverAPI extends Handler {
break;
}
if ($field && $set_to)
{
$article_ids = db_escape_string($id);
if ($field && $set_to && count($article_ids) > 0) {
$article_qmarks = arr_qmarks($article_ids);
$result = $this->dbh->query("UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = '" . db_escape_string($_SESSION["uid"]) . "'");
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
$field = $set_to $additional_fields
WHERE ref_id IN ($article_qmarks) AND owner_uid = ?");
$sth->execute(array_merge($article_ids, [clean($_SESSION["uid"])]));
$num_updated = $this->dbh->affected_rows($result);
$num_updated = $sth->rowCount();
if ($num_updated > 0 && $field == "unread") {
$result = $this->dbh->query("SELECT DISTINCT feed_id FROM ttrss_user_entries
WHERE ref_id IN ($article_ids)");
$sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries
WHERE ref_id IN ($article_qmarks)");
$sth->execute($article_ids);
while ($line = $this->dbh->fetch_assoc($result)) {
ccache_update($line["feed_id"], $_SESSION["uid"]);
while ($line = $sth->fetch()) {
CCache::update($line["feed_id"], clean($_SESSION["uid"]));
}
}
}
@@ -695,6 +700,8 @@ class FeverAPI extends Handler {
function setFeed($id, $cat, $before=0)
{
/* classes/feeds.php catchup_feed */
// if before is zero, set it to now so feeds all items are read from before this point in time
if ($before == 0)
$before = time();
@@ -707,36 +714,38 @@ class FeverAPI extends Handler {
// if not special feed
if ($id > 0)
{
db_query("UPDATE ttrss_user_entries
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND unread = true AND feed_id IN
(SELECT id FROM ttrss_feeds WHERE cat_id IN (" . intval($id) . ")) AND date_entered < '" . date("Y-m-d H:i:s", $before) . "' ) as tmp)");
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = ? AND unread = true AND feed_id IN
(SELECT id FROM ttrss_feeds WHERE cat_id IN (?)) AND updated < ? ) as tmp)");
$sth->execute([clean($_SESSION["uid"]), intval($id), date("Y-m-d H:i:s", $before)]);
}
// this is "all" to fever, but internally "all" is -4
else if ($id == 0)
{
$id = -4;
db_query("UPDATE ttrss_user_entries
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND unread = true AND date_entered < '" . date("Y-m-d H:i:s", $before) . "' ) as tmp)");
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = ? AND unread = true AND updated < ? ) as tmp)");
$sth->execute([clean($_SESSION["uid"]), date("Y-m-d H:i:s", $before)]);
}
}
// not a category
else if ($id > 0)
{
db_query("UPDATE ttrss_user_entries
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = '" . db_escape_string($_SESSION["uid"]) . "' AND unread = true AND feed_id = " . intval($id) . " AND date_entered < '" . date("Y-m-d H:i:s", $before) . "' ) as tmp)");
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
AND owner_uid = ? AND unread = true AND feed_id = ? AND updated < ? ) as tmp)");
$sth->execute([clean($_SESSION["uid"]), intval($id), date("Y-m-d H:i:s", $before)]);
}
ccache_update($id,$_SESSION["uid"], $cat);
CCache::update($id, clean($_SESSION["uid"]), $cat);
}
}
@@ -790,19 +799,34 @@ class FeverAPI extends Handler {
if (isset($_REQUEST["mark"], $_REQUEST["as"], $_REQUEST["id"]))
{
if (is_numeric($_REQUEST["id"]))
foreach (explode(",", clean($_REQUEST["id"])) as $id) {
$this->markId($id);
}
}
/* classes/api.php index */
if ($_SESSION["uid"])
$this->wrap(self::STATUS_OK, $response_arr);
else if (!$_SESSION["uid"])
$this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD'));
}
function markId($id)
{
$before = (isset($_REQUEST["before"])) ? $_REQUEST["before"] : null;
if ($before > pow(10,10) ) {
if (is_numeric($id))
{
$before = (isset($_REQUEST["before"])) ? clean($_REQUEST["before"]) : null;
if ($before !== null && $before > pow(10,10)) {
$before = round($before / 1000);
}
$method_name = "set" . ucfirst($_REQUEST["mark"]) . "As" . ucfirst($_REQUEST["as"]);
$method_name = "set" . ucfirst(clean($_REQUEST["mark"])) . "As" . ucfirst(clean($_REQUEST["as"]));
if (method_exists($this, $method_name))
{
$id = intval($_REQUEST["id"]);
$this->{$method_name}($id, $before);
switch($_REQUEST["as"])
$this->{$method_name}(intval($id), $before);
switch(clean($_REQUEST["as"]))
{
case "read":
case "unread":
@@ -817,57 +841,6 @@ class FeverAPI extends Handler {
}
}
}
if ($_SESSION["uid"])
$this->wrap(self::STATUS_OK, $response_arr);
else if (!$_SESSION["uid"])
$this->wrap(self::STATUS_ERR, NULL);
}
// validate the api_key, user preferences
function before($method) {
if ( strpos($_SERVER['HTTP_USER_AGENT'],"Dalvik") !== false ||
strpos($_SERVER['HTTP_USER_AGENT'],"ReadKit") !== false ||
strpos($_SERVER['HTTP_USER_AGENT'],"Mr. Reader") !== false
) { //Check for Press client in Android, ReadKit in Mac, Mr. Reader
$this->IS_PRESS = 1;
} else {
$this->IS_PRESS = 0;
}
if (parent::before($method)) {
if (self::DEBUG) {
// add request to debug log
file_put_contents(self::DEBUG_FILE,'parameter: '.json_encode($_REQUEST)."\n",FILE_APPEND);
}
// set the user from the db
$this->setUser();
// are we xml or json?
$this->setXml();
if ($this->xml)
header("Content-Type: text/xml");
else
header("Content-Type: application/json");
// check we have a valid user
if (!$_SESSION["uid"]) {
$this->wrap(self::STATUS_ERR, NULL);
return false;
}
// check if user has api access enabled
if ($_SESSION["uid"] && !get_pref('ENABLE_API_ACCESS')) {
$this->wrap(self::STATUS_ERR, NULL);
return false;
}
return true;
}
return false;
}
}
?>

40
fever/index.php Executable file → Normal file
View File

@@ -6,33 +6,31 @@
exit;
}
/* api/index.php */
error_reporting(E_ERROR | E_PARSE);
$tt_root = dirname(dirname(dirname($_SERVER['SCRIPT_FILENAME'])));
$tt_root2 = $tt_root;
if (file_exists($tt_root."/config.php")) {
require_once $tt_root."/config.php";
} else { //if (file_exists("../../config.php")) {
$tt_root = "../..";
$tt_root2 = dirname(dirname(dirname(__FILE__)));
require_once $tt_root."/config.php";
}
require_once "../../config.php";
set_include_path(dirname(__FILE__) . PATH_SEPARATOR .
$tt_root2 . PATH_SEPARATOR .
$tt_root2 . "/include" . PATH_SEPARATOR .
dirname(dirname(dirname(__FILE__))) . PATH_SEPARATOR .
dirname(dirname(dirname(__FILE__))) . "/include" . PATH_SEPARATOR .
get_include_path());
chdir($tt_root);
chdir("../..");
define('TTRSS_SESSION_NAME', 'ttrss_api_sid');
define('NO_SESSION_AUTOSTART', true);
require_once "autoload.php";
require_once "db.php";
require_once "db-prefs.php";
require_once "functions.php";
require_once "sessions.php";
require_once "fever_api.php";
ini_set("session.gc_maxlifetime", 86400);
define('AUTH_DISABLE_OTP', true);
if (defined('ENABLE_GZIP_OUTPUT') && ENABLE_GZIP_OUTPUT &&
@@ -43,17 +41,27 @@
ob_start();
}
if ($_REQUEST["sid"]) {
session_id($_REQUEST["sid"]);
@session_start();
} else if (defined('_API_DEBUG_HTTP_ENABLED')) {
@session_start();
}
startup_gettext();
if (!init_plugins()) return;
$handler = new FeverAPI(Db::get(), $_REQUEST);
$handler = new FeverAPI($_REQUEST);
if ($handler->before($method)) {
if ($handler->before("")) {
if (method_exists($handler, 'index')) {
$handler->index($method);
$handler->index();
}
$handler->after();
}
ob_end_flush();
header("Api-Content-Length: " . ob_get_length());
ob_end_flush();
?>

28
fever/init.php Executable file → Normal file
View File

@@ -1,26 +1,20 @@
<?php
class Fever extends Plugin {
private $host;
function about() {
return array(1.45,
return array(2.1,
"Emulates the Fever API for Tiny Tiny RSS",
"digitaldj & murphy");
"DigitalDJ & murphy");
}
function init($host) {
$this->host = $host;
$host->add_hook($host::HOOK_PREFS_TAB, $this);
}
function before($method) {
return true;
}
function csrf_ignore($method) {
return true;
}
/* plugins/main/init.php hook_prefs_tab */
function hook_prefs_tab($args) {
if ($args != "prefPrefs") return;
@@ -47,15 +41,17 @@ class Fever extends Plugin {
//this.reset();
}
</script>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\" />";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\" />";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"fever\" />";
print_hidden("op", "pluginhandler");
print_hidden("method", "save");
print_hidden("plugin", "fever");
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\" type=\"password\" name=\"password\" />";
print "<button dojoType=\"dijit.form.Button\" type=\"submit\">" . __("Set Password") . "</button>";
print "</form>";
print "<p>" . __("To login with the Fever API, set your server details in your favourite RSS application to: ") . get_self_url_prefix() . "/plugins/fever/" . "</p>";
print "<p>" . __("Additional details can be found at ") . "<a href=\"http://www.feedafever.com/api\" target=\"_blank\">http://www.feedafever.com/api</a></p>";
print "<p>" . __("Additional details can be found at ") . "<a href=\"http://www.feedafever.com/api\" target=\"_blank\">https://feedafever.com/api</a></p>";
print "<p>" . __("Note: Due to the limitations of the API and some RSS clients (for example, Reeder on iOS), some features are unavailable: \"Special\" Feeds (Published / Tags / Labels / Fresh / Recent), Nested Categories (hierarchy is flattened)") . "</p>";
@@ -76,10 +72,6 @@ class Fever extends Plugin {
}
}
function after() {
}
function api_version() {
return 2;
}