mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2026-02-10 16:01:33 +00:00
Fixing bugs found by static analysis
This commit is contained in:
Rasmus Lerdorf
+38
-39
@@ -14,12 +14,12 @@ class API extends Handler {
|
||||
header("Content-Type: text/json");
|
||||
|
||||
if (!$_SESSION["uid"] && $method != "login" && $method != "isloggedin") {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'NOT_LOGGED_IN'));
|
||||
return false;
|
||||
}
|
||||
|
||||
if ($_SESSION["uid"] && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
|
||||
return false;
|
||||
}
|
||||
|
||||
@@ -38,12 +38,12 @@ class API extends Handler {
|
||||
|
||||
function getVersion() {
|
||||
$rv = array("version" => VERSION);
|
||||
print $this->wrap(self::STATUS_OK, $rv);
|
||||
$this->wrap(self::STATUS_OK, $rv);
|
||||
}
|
||||
|
||||
function getApiLevel() {
|
||||
$rv = array("level" => self::API_LEVEL);
|
||||
print $this->wrap(self::STATUS_OK, $rv);
|
||||
$this->wrap(self::STATUS_OK, $rv);
|
||||
}
|
||||
|
||||
function login() {
|
||||
@@ -65,33 +65,33 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
if (!$uid) {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
return;
|
||||
}
|
||||
|
||||
if (get_pref("ENABLE_API_ACCESS", $uid)) {
|
||||
if (authenticate_user($login, $password)) { // try login with normal password
|
||||
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
|
||||
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
$this->wrap(self::STATUS_OK, array("session_id" => session_id(),
|
||||
"api_level" => self::API_LEVEL));
|
||||
} else { // else we are not logged in
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "LOGIN_ERROR"));
|
||||
}
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "API_DISABLED"));
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
function logout() {
|
||||
logout_user();
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
}
|
||||
|
||||
function isLoggedIn() {
|
||||
print $this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != ''));
|
||||
$this->wrap(self::STATUS_OK, array("status" => $_SESSION["uid"] != ''));
|
||||
}
|
||||
|
||||
function getUnread() {
|
||||
@@ -99,15 +99,15 @@ class API extends Handler {
|
||||
$is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
|
||||
|
||||
if ($feed_id) {
|
||||
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
|
||||
$this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread()));
|
||||
$this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread()));
|
||||
}
|
||||
}
|
||||
|
||||
/* Method added for ttrss-reader for Android */
|
||||
function getCounters() {
|
||||
print $this->wrap(self::STATUS_OK, getAllCounters());
|
||||
$this->wrap(self::STATUS_OK, getAllCounters());
|
||||
}
|
||||
|
||||
function getFeeds() {
|
||||
@@ -119,7 +119,7 @@ class API extends Handler {
|
||||
|
||||
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $feeds);
|
||||
$this->wrap(self::STATUS_OK, $feeds);
|
||||
}
|
||||
|
||||
function getCategories() {
|
||||
@@ -176,7 +176,7 @@ class API extends Handler {
|
||||
}
|
||||
}
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $cats);
|
||||
$this->wrap(self::STATUS_OK, $cats);
|
||||
}
|
||||
|
||||
function getHeadlines() {
|
||||
@@ -219,9 +219,9 @@ class API extends Handler {
|
||||
$include_attachments, $since_id, $search, $search_mode,
|
||||
$include_nested, $sanitize_content);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $headlines);
|
||||
$this->wrap(self::STATUS_OK, $headlines);
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -293,11 +293,11 @@ class API extends Handler {
|
||||
}
|
||||
}
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK",
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK",
|
||||
"updated" => $num_updated));
|
||||
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
}
|
||||
|
||||
}
|
||||
@@ -352,7 +352,7 @@ class API extends Handler {
|
||||
}
|
||||
}
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $articles);
|
||||
$this->wrap(self::STATUS_OK, $articles);
|
||||
|
||||
}
|
||||
|
||||
@@ -370,7 +370,7 @@ class API extends Handler {
|
||||
|
||||
$config["num_feeds"] = (int)$num_feeds;
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $config);
|
||||
$this->wrap(self::STATUS_OK, $config);
|
||||
}
|
||||
|
||||
function updateFeed() {
|
||||
@@ -380,7 +380,7 @@ class API extends Handler {
|
||||
|
||||
update_rss_feed($feed_id, true);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
}
|
||||
|
||||
function catchupFeed() {
|
||||
@@ -389,13 +389,13 @@ class API extends Handler {
|
||||
|
||||
catchup_feed($feed_id, $is_cat);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
}
|
||||
|
||||
function getPref() {
|
||||
$pref_name = $this->dbh->escape_string($_REQUEST["pref_name"]);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
|
||||
$this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
|
||||
}
|
||||
|
||||
function getLabels() {
|
||||
@@ -432,7 +432,7 @@ class API extends Handler {
|
||||
"checked" => $checked));
|
||||
}
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $rv);
|
||||
$this->wrap(self::STATUS_OK, $rv);
|
||||
}
|
||||
|
||||
function setArticleLabel() {
|
||||
@@ -460,7 +460,7 @@ class API extends Handler {
|
||||
}
|
||||
}
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK",
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK",
|
||||
"updated" => $num_updated));
|
||||
|
||||
}
|
||||
@@ -471,10 +471,10 @@ class API extends Handler {
|
||||
if ($plugin && method_exists($plugin, $method)) {
|
||||
$reply = $plugin->$method();
|
||||
|
||||
print $this->wrap($reply[0], $reply[1]);
|
||||
$this->wrap($reply[0], $reply[1]);
|
||||
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'UNKNOWN_METHOD', "method" => $method));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -484,9 +484,9 @@ class API extends Handler {
|
||||
$content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
|
||||
|
||||
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
|
||||
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
|
||||
$this->wrap(self::STATUS_OK, array("status" => 'OK'));
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -714,9 +714,9 @@ class API extends Handler {
|
||||
|
||||
if ($this->dbh->num_rows($result) != 0) {
|
||||
Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]);
|
||||
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
$this->wrap(self::STATUS_OK, array("status" => "OK"));
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND"));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND"));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -727,12 +727,11 @@ class API extends Handler {
|
||||
$password = $this->dbh->escape_string($_REQUEST["password"]);
|
||||
|
||||
if ($feed_url) {
|
||||
$rc = subscribe_to_feed($feed_url, $category_id,
|
||||
$login, $password, false);
|
||||
$rc = subscribe_to_feed($feed_url, $category_id, $login, $password);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("status" => $rc));
|
||||
$this->wrap(self::STATUS_OK, array("status" => $rc));
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
$this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -746,9 +745,9 @@ class API extends Handler {
|
||||
|
||||
if ($pf){
|
||||
$data = $pf->makefeedtree();
|
||||
print $this->wrap(self::STATUS_OK, array("categories" => $data));
|
||||
$this->wrap(self::STATUS_OK, array("categories" => $data));
|
||||
} else {
|
||||
print $this->wrap(self::STATUS_ERR, array("error" =>
|
||||
$this->wrap(self::STATUS_ERR, array("error" =>
|
||||
'UNABLE_TO_INSTANTIATE_OBJECT'));
|
||||
}
|
||||
|
||||
|
||||
+1
-1
@@ -215,7 +215,7 @@ class Article extends Handler_Protected {
|
||||
$this->dbh->query("UPDATE ttrss_user_entries SET
|
||||
score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
|
||||
|
||||
print json_encode(array("id" => $id,
|
||||
print json_encode(array("id" => $ids,
|
||||
"score_pic" => get_score_pic($score)));
|
||||
}
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@ class Auth_Base {
|
||||
|
||||
// Auto-creates specified user if allowed by system configuration
|
||||
// Can be used instead of find_user_by_login() by external auth modules
|
||||
function auto_create_user($login) {
|
||||
function auto_create_user($login, $password) {
|
||||
if ($login && defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE) {
|
||||
$user_id = $this->find_user_by_login($login);
|
||||
|
||||
|
||||
+1
-1
@@ -79,7 +79,7 @@ class Db_PDO implements IDb {
|
||||
}
|
||||
|
||||
function last_error() {
|
||||
return join(" ", $pdo->errorInfo());
|
||||
return join(" ", $this->pdo->errorInfo());
|
||||
}
|
||||
|
||||
function init() {
|
||||
|
||||
@@ -382,9 +382,9 @@ class Handler_Public extends Handler {
|
||||
header('Content-Type: text/html; charset=utf-8');
|
||||
print "<html><head><title>Tiny Tiny RSS</title>";
|
||||
|
||||
print stylesheet_tag("utility.css");
|
||||
print javascript_tag("lib/prototype.js");
|
||||
print javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls");
|
||||
stylesheet_tag("utility.css");
|
||||
javascript_tag("lib/prototype.js");
|
||||
javascript_tag("lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls");
|
||||
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
|
||||
</head><body id='sharepopup'>";
|
||||
|
||||
@@ -643,6 +643,7 @@ class Handler_Public extends Handler {
|
||||
$feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
|
||||
$cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
|
||||
$from = $this->dbh->escape_string($_REQUEST["from"]);
|
||||
$feed_urls = array();
|
||||
|
||||
/* only read authentication information from POST */
|
||||
|
||||
@@ -666,8 +667,10 @@ class Handler_Public extends Handler {
|
||||
break;
|
||||
case 4:
|
||||
print_notice(__("Multiple feed URLs found."));
|
||||
|
||||
$feed_urls = get_feeds_from_html($feed_url);
|
||||
$contents = @fetch_file_contents($url, false, $auth_login, $auth_pass);
|
||||
if (is_html($contents)) {
|
||||
$feed_urls = get_feeds_from_html($url, $contents);
|
||||
}
|
||||
break;
|
||||
case 5:
|
||||
print_error(T_sprintf("Could not subscribe to <b>%s</b>.<br>Can't download the Feed URL.", $feed_url));
|
||||
@@ -732,8 +735,8 @@ class Handler_Public extends Handler {
|
||||
header('Content-Type: text/html; charset=utf-8');
|
||||
print "<html><head><title>Tiny Tiny RSS</title>";
|
||||
|
||||
print stylesheet_tag("utility.css");
|
||||
print javascript_tag("lib/prototype.js");
|
||||
stylesheet_tag("utility.css");
|
||||
javascript_tag("lib/prototype.js");
|
||||
|
||||
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
|
||||
</head><body id='forgotpass'>";
|
||||
|
||||
@@ -186,7 +186,7 @@ class PluginHost {
|
||||
}
|
||||
}
|
||||
|
||||
function del_handler($handler, $method) {
|
||||
function del_handler($handler, $method, $sender) {
|
||||
$handler = str_replace("-", "_", strtolower($handler));
|
||||
$method = strtolower($method);
|
||||
|
||||
@@ -252,8 +252,6 @@ class PluginHost {
|
||||
|
||||
function load_data($force = false) {
|
||||
if ($this->owner_uid) {
|
||||
$plugin = $this->dbh->escape_string($plugin);
|
||||
|
||||
$result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
|
||||
WHERE owner_uid = '".$this->owner_uid."'");
|
||||
|
||||
|
||||
@@ -83,8 +83,6 @@ class Pref_Filters extends Handler_Protected {
|
||||
}
|
||||
}
|
||||
|
||||
$feed_title = getFeedTitle($feed);
|
||||
|
||||
$qfh_ret = queryFeedHeadlines(-4, 30, "", false, false, false,
|
||||
"date_entered DESC", 0, $_SESSION["uid"], $filter);
|
||||
|
||||
|
||||
@@ -747,7 +747,7 @@ class Pref_Prefs extends Handler_Protected {
|
||||
$system_enabled = array_map("trim", explode(",", PLUGINS));
|
||||
$user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS")));
|
||||
|
||||
$tmppluginhost = new PluginHost(Db::get());
|
||||
$tmppluginhost = new PluginHost();
|
||||
$tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]);
|
||||
$tmppluginhost->load_data(true);
|
||||
|
||||
|
||||
+2
-2
@@ -291,7 +291,7 @@ class RPC extends Handler_Protected {
|
||||
|
||||
$reply = array();
|
||||
|
||||
if ($seq) $reply['seq'] = $seq;
|
||||
if (!empty($_REQUEST['seq'])) $reply['seq'] = (int) $_REQUEST['seq'];
|
||||
|
||||
if ($last_article_id != getLastArticleId()) {
|
||||
$reply['counters'] = getAllCounters();
|
||||
@@ -464,7 +464,7 @@ class RPC extends Handler_Protected {
|
||||
$id = 0;
|
||||
}
|
||||
|
||||
print_feed_cat_select("cat_id", $id);
|
||||
print_feed_cat_select("cat_id", $id, '');
|
||||
}
|
||||
|
||||
// Silent
|
||||
|
||||
@@ -28,7 +28,7 @@ class ttrssMailer extends PHPMailer {
|
||||
$this->Host = $pair[0];
|
||||
$this->Port = $pair[1];
|
||||
|
||||
if (!$Port) $Port = 25;
|
||||
if (!$this->Port) $this->Port = 25;
|
||||
} else {
|
||||
$this->Host = '';
|
||||
$this->Port = '';
|
||||
|
||||
Reference in New Issue
Block a user