1
0
mirror of https://github.com/moparisthebest/wallabag synced 2024-11-27 11:22:17 -05:00

Merge pull request #713 from mariroz/dev

small xss vulnerability and translation ability fix
This commit is contained in:
Nicolas Lœuillet 2014-05-30 16:51:13 +02:00
commit 67a8848aed

View File

@ -1083,11 +1083,10 @@ class Poche
$config = $this->store->getConfigUser($user_id); $config = $this->store->getConfigUser($user_id);
if ($config == null) { if ($config == null) {
die(_('User with this id (' . $user_id . ') does not exist.')); die(sprintf(_('User with this id (%d) does not exist.'), $user_id));
} }
if (!in_array($type, $allowed_types) || if (!in_array($type, $allowed_types) || $token != $config['token']) {
$token != $config['token']) {
die(_('Uh, there is a problem while generating feeds.')); die(_('Uh, there is a problem while generating feeds.'));
} }
// Check the token // Check the token
@ -1150,12 +1149,12 @@ class Poche
return new HTMLPurifier($config); return new HTMLPurifier($config);
} }
/** /**
* handle epub * handle epub
*/ */
public function createEpub() { public function createEpub() {
switch ($_GET['method']) { switch ($_GET['method']) {
case 'id': case 'id':
$entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT); $entryID = filter_var($_GET['id'],FILTER_SANITIZE_NUMBER_INT);
@ -1191,7 +1190,7 @@ class Poche
break; break;
case 'default': case 'default':
die(_('Uh, there is a problem while generating epub.')); die(_('Uh, there is a problem while generating epub.'));
} }
$content_start = $content_start =
@ -1204,11 +1203,11 @@ class Poche
. "<body>\n"; . "<body>\n";
$bookEnd = "</body>\n</html>\n"; $bookEnd = "</body>\n</html>\n";
$log = new Logger("wallabag", TRUE); $log = new Logger("wallabag", TRUE);
$fileDir = CACHE; $fileDir = CACHE;
$book = new EPub(EPub::BOOK_VERSION_EPUB3); $book = new EPub(EPub::BOOK_VERSION_EPUB3);
$log->logLine("new EPub()"); $log->logLine("new EPub()");
$log->logLine("EPub class version: " . EPub::VERSION); $log->logLine("EPub class version: " . EPub::VERSION);
@ -1216,7 +1215,7 @@ class Poche
$log->logLine("Zip version: " . Zip::VERSION); $log->logLine("Zip version: " . Zip::VERSION);
$log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL()); $log->logLine("getCurrentServerURL: " . $book->getCurrentServerURL());
$log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL()); $log->logLine("getCurrentPageURL..: " . $book->getCurrentPageURL());
$book->setTitle(_('wallabag\'s articles')); $book->setTitle(_('wallabag\'s articles'));
$book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID. $book->setIdentifier("http://$_SERVER[HTTP_HOST]", EPub::IDENTIFIER_URI); // Could also be the ISBN number, prefered for published books, or a UUID.
//$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc. //$book->setLanguage("en"); // Not needed, but included for the example, Language is mandatory, but EPub defaults to "en". Use RFC3066 Language codes, such as "en", "da", "fr" etc.
@ -1226,39 +1225,39 @@ class Poche
$book->setDate(time()); // Strictly not needed as the book date defaults to time(). $book->setDate(time()); // Strictly not needed as the book date defaults to time().
//$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book. //$book->setRights("Copyright and licence information specific for the book."); // As this is generated, this _could_ contain the name or licence information of the user who purchased the book, if needed. If this is used that way, the identifier must also be made unique for the book.
$book->setSourceURL("http://$_SERVER[HTTP_HOST]"); $book->setSourceURL("http://$_SERVER[HTTP_HOST]");
$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP"); $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "PHP");
$book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag"); $book->addDublinCoreMetadata(DublinCore::CONTRIBUTOR, "wallabag");
$cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n"; $cssData = "body {\n margin-left: .5em;\n margin-right: .5em;\n text-align: justify;\n}\n\np {\n font-family: serif;\n font-size: 10pt;\n text-align: justify;\n text-indent: 1em;\n margin-top: 0px;\n margin-bottom: 1ex;\n}\n\nh1, h2 {\n font-family: sans-serif;\n font-style: italic;\n text-align: center;\n background-color: #6b879c;\n color: white;\n width: 100%;\n}\n\nh1 {\n margin-bottom: 2px;\n}\n\nh2 {\n margin-top: -2px;\n margin-bottom: 2px;\n}\n";
$log->logLine("Add Cover"); $log->logLine("Add Cover");
$fullTitle = "<h1> " . $bookTitle . "</h1>\n"; $fullTitle = "<h1> " . $bookTitle . "</h1>\n";
$book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle); $book->setCoverImage("Cover.png", file_get_contents("themes/baggy/img/apple-touch-icon-152.png"), "image/png", $fullTitle);
$cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd; $cover = $content_start . '<div style="text-align:center;"><p>' . _('Produced by wallabag with PHPePub') . '</p><p>'. _('Please open <a href="https://github.com/wallabag/wallabag/issues" >an issue</a> if you have trouble with the display of this E-Book on your device.') . '</p></div>' . $bookEnd;
//$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE); //$book->addChapter("Table of Contents", "TOC.xhtml", NULL, false, EPub::EXTERNAL_REF_IGNORE);
$book->addChapter("Notices", "Cover2.html", $cover); $book->addChapter("Notices", "Cover2.html", $cover);
$book->buildTOC(); $book->buildTOC();
foreach ($entries as $entry) { //set tags as subjects foreach ($entries as $entry) { //set tags as subjects
$tags = $this->store->retrieveTagsByEntry($entry['id']); $tags = $this->store->retrieveTagsByEntry($entry['id']);
foreach ($tags as $tag) { foreach ($tags as $tag) {
$book->setSubject($tag['value']); $book->setSubject($tag['value']);
} }
$log->logLine("Set up parameters"); $log->logLine("Set up parameters");
$chapter = $content_start . $entry['content'] . $bookEnd; $chapter = $content_start . $entry['content'] . $bookEnd;
$book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD); $book->addChapter($entry['title'], htmlspecialchars($entry['title']) . ".html", $chapter, true, EPub::EXTERNAL_REF_ADD);
$log->logLine("Added chapter " . $entry['title']); $log->logLine("Added chapter " . $entry['title']);
} }
if (DEBUG_POCHE) { if (DEBUG_POCHE) {
$epuplog = $book->getLog(); $epuplog = $book->getLog();
$book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation $book->addChapter("Log", "Log.html", $content_start . $log->getLog() . "\n</pre>" . $bookEnd); // log generation
} }