mirror/RSS-Bridge.rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-07-30 23:55:24 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

refactor: general code base refactor (#2950)

Browse source 
* refactor

* fix: bug in previous refactor

* chore: exclude phpcompat sniff due to bug in phpcompat

* fix: do not leak absolute paths

* refactor/fix: batch extensions checking, fix DOS issue
This commit is contained in:
Dag 2022-08-06 22:46:28 +02:00 committed by GitHub
parent b042412416
commit 2bbce8ebef
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
45 changed files with 679 additions and 827 deletions
Download patch file Download diff file Expand all files Collapse all files

34
formats/AtomFormat.php
View file

@ -18,17 +18,21 @@ class AtomFormat extends FormatAbstract
public function stringify()
{
$urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
$urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : '';
$urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : '';
$urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : '';
$https = $_SERVER['HTTPS'] ?? null;
$urlPrefix = $https === 'on' ? 'https://' : 'http://';
$urlHost = $_SERVER['HTTP_HOST'] ?? '';
$urlRequest = $_SERVER['REQUEST_URI'] ?? '';
$feedUrl = $urlPrefix . $urlHost . $urlRequest;
$extraInfos = $this->getExtraInfos();
$uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : REPOSITORY;
if (empty($extraInfos['uri'])) {
$uri = REPOSITORY;
} else {
$uri = $extraInfos['uri'];
}
$document = new DomDocument('1.0', $this->getCharset());
$document = new \DomDocument('1.0', $this->getCharset());
$document->formatOutput = true;
$feed = $document->createElementNS(self::ATOM_NS, 'feed');
$document->appendChild($feed);
@ -44,10 +48,10 @@ class AtomFormat extends FormatAbstract
$id->appendChild($document->createTextNode($feedUrl));
$uriparts = parse_url($uri);
if (!empty($extraInfos['icon'])) {
$iconUrl = $extraInfos['icon'];
} else {
if (empty($extraInfos['icon'])) {
$iconUrl = $uriparts['scheme'] . '://' . $uriparts['host'] . '/favicon.ico';
} else {
$iconUrl = $extraInfos['icon'];
}
$icon = $document->createElement('icon');
$feed->appendChild($icon);
@ -94,11 +98,13 @@ class AtomFormat extends FormatAbstract
$entryID = 'urn:sha1:' . $item->getUid();
}
if (empty($entryID)) { // Fallback to provided URI
if (empty($entryID)) {
// Fallback to provided URI
$entryID = $entryUri;
}
if (empty($entryID)) { // Fallback to title and content
if (empty($entryID)) {
// Fallback to title and content
$entryID = 'urn:sha1:' . hash('sha1', $entryTitle . $entryContent);
}
@ -126,7 +132,7 @@ class AtomFormat extends FormatAbstract
$title->setAttribute('type', 'html');
$title->appendChild($document->createTextNode($entryTitle));
$entryTimestamp = gmdate(DATE_ATOM, $entryTimestamp);
$entryTimestamp = gmdate(\DATE_ATOM, $entryTimestamp);
$published = $document->createElement('published');
$entry->appendChild($published);
$published->appendChild($document->createTextNode($entryTimestamp));
@ -157,14 +163,14 @@ class AtomFormat extends FormatAbstract
$content = $document->createElement('content');
$content->setAttribute('type', 'html');
$content->appendChild($document->createTextNode($this->sanitizeHtml($entryContent)));
$content->appendChild($document->createTextNode(sanitize_html($entryContent)));
$entry->appendChild($content);
foreach ($item->getEnclosures() as $enclosure) {
$entryEnclosure = $document->createElement('link');
$entry->appendChild($entryEnclosure);
$entryEnclosure->setAttribute('rel', 'enclosure');
$entryEnclosure->setAttribute('type', getMimeType($enclosure));
$entryEnclosure->setAttribute('type', parse_mime_type($enclosure));
$entryEnclosure->setAttribute('href', $enclosure);
}

67
formats/HtmlFormat.php
View file

@ -7,9 +7,9 @@ class HtmlFormat extends FormatAbstract
public function stringify()
{
$extraInfos = $this->getExtraInfos();
$title = htmlspecialchars($extraInfos['name']);
$uri = htmlspecialchars($extraInfos['uri']);
$donationUri = htmlspecialchars($extraInfos['donationUri']);
$title = e($extraInfos['name']);
$uri = e($extraInfos['uri']);
$donationUri = e($extraInfos['donationUri']);
$donationsAllowed = Configuration::getConfig('admin', 'donations');
// Dynamically build buttons for all formats (except HTML)
@ -19,32 +19,39 @@ class HtmlFormat extends FormatAbstract
$links = '';
foreach ($formatFactory->getFormatNames() as $format) {
if (strcasecmp($format, 'HTML') === 0) {
if ($format === 'Html') {
continue;
}
$query = str_ireplace('format=Html', 'format=' . $format, htmlentities($_SERVER['QUERY_STRING']));
$buttons .= $this->buildButton($format, $query) . PHP_EOL;
$queryString = $_SERVER['QUERY_STRING'];
$query = str_ireplace('format=Html', 'format=' . $format, htmlentities($queryString));
$buttons .= sprintf('<a href="./?%s"><button class="rss-feed">%s</button></a>', $query, $format) . "\n";
$mime = $formatFactory->create($format)->getMimeType();
$links .= $this->buildLink($format, $query, $mime) . PHP_EOL;
$links .= sprintf('<link href="./?%s" title="%s" rel="alternate" type="%s">', $query, $format, $mime) . "\n";
}
if ($donationUri !== '' && $donationsAllowed) {
$buttons .= '<a href="'
. $donationUri
. '" target="_blank"><button class="highlight">Donate to maintainer</button></a>'
. PHP_EOL;
$links .= '<link href="'
. $donationUri
. ' target="_blank"" title="Donate to Maintainer" rel="alternate">'
. PHP_EOL;
$str = sprintf(
'<a href="%s" target="_blank"><button class="highlight">Donate to maintainer</button></a>',
$donationUri
);
$buttons .= $str;
$str1 = sprintf(
'<link href="%s target="_blank"" title="Donate to Maintainer" rel="alternate">',
$donationUri
);
$links .= $str1;
}
$entries = '';
foreach ($this->getItems() as $item) {
$entryAuthor = $item->getAuthor() ? '<br /><p class="author">by: ' . $item->getAuthor() . '</p>' : '';
$entryTitle = $this->sanitizeHtml(strip_tags($item->getTitle()));
if ($item->getAuthor()) {
$entryAuthor = sprintf('<br /><p class="author">by: %s</p>', $item->getAuthor());
} else {
$entryAuthor = '';
}
$entryTitle = sanitize_html(strip_tags($item->getTitle()));
$entryUri = $item->getURI() ?: $uri;
$entryDate = '';
@ -58,9 +65,8 @@ class HtmlFormat extends FormatAbstract
$entryContent = '';
if ($item->getContent()) {
$entryContent = '<div class="content">'
. $this->sanitizeHtml($item->getContent())
. '</div>';
$str2 = sprintf('<div class="content">%s</div>', sanitize_html($item->getContent()));
$entryContent = $str2;
}
$entryEnclosures = '';
@ -69,7 +75,7 @@ class HtmlFormat extends FormatAbstract
foreach ($item->getEnclosures() as $enclosure) {
$template = '<li class="enclosure"><a href="%s" rel="noopener noreferrer nofollow">%s</a></li>';
$url = $this->sanitizeHtml($enclosure);
$url = sanitize_html($enclosure);
$anchorText = substr($url, strrpos($url, '/') + 1);
$entryEnclosures .= sprintf($template, $url, $anchorText);
@ -84,7 +90,7 @@ class HtmlFormat extends FormatAbstract
foreach ($item->getCategories() as $category) {
$entryCategories .= '<li class="category">'
. $this->sanitizeHtml($category)
. sanitize_html($category)
. '</li>';
}
@ -106,8 +112,6 @@ EOD;
}
$charset = $this->getCharset();
/* Data are prepared, now let's begin the "MAGIE !!!" */
$toReturn = <<<EOD
<!DOCTYPE html>
<html>
@ -136,19 +140,4 @@ EOD;
$toReturn = mb_convert_encoding($toReturn, $this->getCharset(), 'UTF-8');
return $toReturn;
}
private function buildButton($format, $query)
{
return <<<EOD
<a href="./?{$query}"><button class="rss-feed">{$format}</button></a>
EOD;
}
private function buildLink($format, $query, $mime)
{
return <<<EOD
<link href="./?{$query}" title="{$format}" rel="alternate" type="{$mime}">
EOD;
}
}

23
formats/JsonFormat.php
View file

@ -25,10 +25,10 @@ class JsonFormat extends FormatAbstract
public function stringify()
{
$urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
$urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : '';
$urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : '';
$urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : '';
$https = $_SERVER['HTTPS'] ?? null;
$urlPrefix = $https === 'on' ? 'https://' : 'http://';
$urlHost = $_SERVER['HTTP_HOST'] ?? '';
$urlRequest = $_SERVER['REQUEST_URI'] ?? '';
$extraInfos = $this->getExtraInfos();
@ -52,7 +52,7 @@ class JsonFormat extends FormatAbstract
$entryTitle = $item->getTitle();
$entryUri = $item->getURI();
$entryTimestamp = $item->getTimestamp();
$entryContent = $item->getContent() ? $this->sanitizeHtml($item->getContent()) : '';
$entryContent = $item->getContent() ? sanitize_html($item->getContent()) : '';
$entryEnclosures = $item->getEnclosures();
$entryCategories = $item->getCategories();
@ -76,13 +76,13 @@ class JsonFormat extends FormatAbstract
];
}
if (!empty($entryTimestamp)) {
$entry['date_modified'] = gmdate(DATE_ATOM, $entryTimestamp);
$entry['date_modified'] = gmdate(\DATE_ATOM, $entryTimestamp);
}
if (!empty($entryUri)) {
$entry['url'] = $entryUri;
}
if (!empty($entryContent)) {
if ($this->isHTML($entryContent)) {
if (is_html($entryContent)) {
$entry['content_html'] = $entryContent;
} else {
$entry['content_text'] = $entryContent;
@ -93,7 +93,7 @@ class JsonFormat extends FormatAbstract
foreach ($entryEnclosures as $enclosure) {
$entry['attachments'][] = [
'url' => $enclosure,
'mime_type' => getMimeType($enclosure)
'mime_type' => parse_mime_type($enclosure)
];
}
}
@ -121,13 +121,8 @@ class JsonFormat extends FormatAbstract
* So consider this a hack.
* Switch to JSON_INVALID_UTF8_IGNORE when PHP 7.2 is the latest platform requirement.
*/
$json = json_encode($data, JSON_PRETTY_PRINT | JSON_PARTIAL_OUTPUT_ON_ERROR);
$json = json_encode($data, \JSON_PRETTY_PRINT | \JSON_PARTIAL_OUTPUT_ON_ERROR);
return $json;
}
private function isHTML($text)
{
return (strlen(strip_tags($text)) != strlen($text));
}
}

33
formats/MrssFormat.php
View file

@ -33,22 +33,28 @@ class MrssFormat extends FormatAbstract
protected const MRSS_NS = 'http://search.yahoo.com/mrss/';
const ALLOWED_IMAGE_EXT = [
'.gif', '.jpg', '.png'
'.gif',
'.jpg',
'.png',
];
public function stringify()
{
$urlPrefix = (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on') ? 'https://' : 'http://';
$urlHost = (isset($_SERVER['HTTP_HOST'])) ? $_SERVER['HTTP_HOST'] : '';
$urlPath = (isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : '';
$urlRequest = (isset($_SERVER['REQUEST_URI'])) ? $_SERVER['REQUEST_URI'] : '';
$https = $_SERVER['HTTPS'] ?? null;
$urlPrefix = $https == 'on' ? 'https://' : 'http://';
$urlHost = $_SERVER['HTTP_HOST'] ?? '';
$urlRequest = $_SERVER['REQUEST_URI'] ?? '';
$feedUrl = $urlPrefix . $urlHost . $urlRequest;
$extraInfos = $this->getExtraInfos();
$uri = !empty($extraInfos['uri']) ? $extraInfos['uri'] : REPOSITORY;
if (empty($extraInfos['uri'])) {
$uri = REPOSITORY;
} else {
$uri = $extraInfos['uri'];
}
$document = new DomDocument('1.0', $this->getCharset());
$document = new \DomDocument('1.0', $this->getCharset());
$document->formatOutput = true;
$feed = $document->createElement('rss');
$document->appendChild($feed);
@ -103,16 +109,18 @@ class MrssFormat extends FormatAbstract
$itemTimestamp = $item->getTimestamp();
$itemTitle = $item->getTitle();
$itemUri = $item->getURI();
$itemContent = $item->getContent() ? $this->sanitizeHtml($item->getContent()) : '';
$itemContent = $item->getContent() ? sanitize_html($item->getContent()) : '';
$entryID = $item->getUid();
$isPermaLink = 'false';
if (empty($entryID) && !empty($itemUri)) { // Fallback to provided URI
if (empty($entryID) && !empty($itemUri)) {
// Fallback to provided URI
$entryID = $itemUri;
$isPermaLink = 'true';
}
if (empty($entryID)) { // Fallback to title and content
if (empty($entryID)) {
// Fallback to title and content
$entryID = hash('sha1', $itemTitle . $itemContent);
}
@ -139,7 +147,7 @@ class MrssFormat extends FormatAbstract
if (!empty($itemTimestamp)) {
$entryPublished = $document->createElement('pubDate');
$entry->appendChild($entryPublished);
$entryPublished->appendChild($document->createTextNode(gmdate(DATE_RFC2822, $itemTimestamp)));
$entryPublished->appendChild($document->createTextNode(gmdate(\DATE_RFC2822, $itemTimestamp)));
}
if (!empty($itemContent)) {
@ -152,10 +160,9 @@ class MrssFormat extends FormatAbstract
$entryEnclosure = $document->createElementNS(self::MRSS_NS, 'content');
$entry->appendChild($entryEnclosure);
$entryEnclosure->setAttribute('url', $enclosure);
$entryEnclosure->setAttribute('type', getMimeType($enclosure));
$entryEnclosure->setAttribute('type', parse_mime_type($enclosure));
}
$entryCategories = '';
foreach ($item->getCategories() as $category) {
$entryCategory = $document->createElement('category');
$entry->appendChild($entryCategory);

4
formats/PlaintextFormat.php
View file

@ -1,9 +1,5 @@
<?php
/**
* Plaintext
* Returns $this->items as raw php data.
*/
class PlaintextFormat extends FormatAbstract
{
const MIME_TYPE = 'text/plain';