Merge dev: custom ports for PostgreSQL too

FreshRSS#1241 FreshRSS#1244
Alkarex · Sep 11, 2016 · 2757aec · 2757aec
2 parents 9f04e2b + c3589ca
commit 2757aec
Show file tree

Hide file tree

Showing 17 changed files with 41 additions and 38 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,13 @@
 
 ## 2016-XX-XX FreshRSS 1.6.0-dev
 
+* Features
+	* Support custom ports `localhost:3306` for database servers [#1241](https://github.com/FreshRSS/FreshRSS/issues/1241)
+* Security
+	* Prevent `<a target="_blank">` attacks with `window.opener` [#1245](https://github.com/FreshRSS/FreshRSS/issues/1245)
+* UI
+	* Download icon 💾 for podcasts [#1236](https://github.com/FreshRSS/FreshRSS/issues/1236)
+
 
 ## 2016-08-29 FreshRSS 1.5.0
 

diff --git a/app/Models/Feed.php b/app/Models/Feed.php
@@ -309,11 +309,11 @@ public function loadEntries($feed) {
 					$elinks[$elink] = '1';
 					$mime = strtolower($enclosure->get_type());
 					if (strpos($mime, 'image/') === 0) {
-						$content .= '<br /><img lazyload="" postpone="" src="' . $elink . '" alt="" />';
+						$content .= '<p class="enclosure"><img lazyload="" src="' . $elink . '" alt="" /></p>';
 					} elseif (strpos($mime, 'audio/') === 0) {
-						$content .= '<br /><audio lazyload="" postpone="" preload="none" src="' . $elink . '" controls="controls" />';
+						$content .= '<p class="enclosure"><audio preload="none" src="' . $elink . '" controls="controls"></audio> <a download="" href="' . $elink . '">💾</a></p>';
 					} elseif (strpos($mime, 'video/') === 0) {
-						$content .= '<br /><video lazyload="" postpone="" preload="none" src="' . $elink . '" controls="controls" />';
+						$content .= '<p class="enclosure"><video preload="none" src="' . $elink . '" controls="controls"></video> <a download="" href="' . $elink . '">💾</a></p>';
 					} else {
 						unset($elinks[$elink]);
 					}

diff --git a/app/install.php b/app/install.php
@@ -725,7 +725,7 @@ function printStep3() {
 		<div class="form-group">
 			<label class="group-name" for="host"><?php echo _t('install.bdd.host'); ?></label>
 			<div class="group-controls">
-				<input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}" value="<?php echo isset($_SESSION['bd_host']) ? $_SESSION['bd_host'] : $system_default_config->db['host']; ?>" tabindex="2" />
+				<input type="text" id="host" name="host" pattern="[0-9A-Za-z_.-]{1,64}(:[0-9]{2,5})?" value="<?php echo isset($_SESSION['bd_host']) ? $_SESSION['bd_host'] : $system_default_config->db['host']; ?>" tabindex="2" />
 			</div>
 		</div>
 

diff --git a/app/layout/aside_feed.phtml b/app/layout/aside_feed.phtml
@@ -79,7 +79,7 @@
 		<?php if (FreshRSS_Auth::hasAccess()) { ?>
 		<li class="item"><a href="<?php echo _url('stats', 'repartition', 'id', '------'); ?>"><?php echo _t('index.menu.stats'); ?></a></li>
 		<?php } ?>
-		<li class="item"><a target="_blank" href="http://example.net/"><?php echo _t('gen.action.see_website'); ?></a></li>
+		<li class="item"><a target="_blank" rel="noreferrer" href="http://example.net/"><?php echo _t('gen.action.see_website'); ?></a></li>
 		<?php if (FreshRSS_Auth::hasAccess()) { ?>
 		<li class="separator"></li>
 		<li class="item"><a href="<?php echo _url('subscription', 'index', 'id', '------'); ?>"><?php echo _t('gen.action.manage'); ?></a></li>

diff --git a/app/layout/aside_subscription.phtml b/app/layout/aside_subscription.phtml
@@ -10,7 +10,7 @@
 	</li>
 
 	<li class="item">
-		<a class="bookmarkClick" href="javascript:(function(){var%20url%20=%20location.href;window.open('<?php echo Minz_Url::display(array('c' => 'feed', 'a' => 'add'), 'html', true); ?>&amp;url_rss='+encodeURIComponent(url), '_blank');})();">
+		<a class="bookmarkClick" href="javascript:(function(){var%20url%20=%20location.href;var%20otherWindow=window.open('about:blank','_blank');otherWindow.opener=null;otherWindow.location='<?php echo Minz_Url::display(array('c' => 'feed', 'a' => 'add'), 'html', true); ?>&amp;url_rss='+encodeURIComponent(url);})();">
 			<?php echo _t('sub.menu.bookmark'); ?>
 		</a>
 	</li>

diff --git a/app/layout/nav_menu.phtml b/app/layout/nav_menu.phtml
@@ -152,7 +152,7 @@
 				$url_output['params']['token'] = FreshRSS_Context::$user_conf->token;
 			}
 		?>
-		<a class="view_rss btn" target="_blank" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
+		<a class="view_rss btn" target="_blank" rel="noreferrer" title="<?php echo _t('index.menu.rss_view'); ?>" href="<?php echo Minz_Url::display($url_output); ?>">
 			<?php echo _i('rss'); ?>
 		</a>
 	</div>

diff --git a/app/views/configure/sharing.phtml b/app/views/configure/sharing.phtml
@@ -13,7 +13,7 @@
 			<input type="text" id="share_##key##_name" name="share[##key##][name]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_name'); ?>" size="64" />
 			<input type="url" id="share_##key##_url" name="share[##key##][url]" class="extend" value="" placeholder="<?php echo _t('conf.sharing.share_url'); ?>" size="64" />
 			<a href="#" class="remove btn btn-attention" data-remove="group-share-##key##"><?php echo _i('close'); ?></a></div>
-			<a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a>
+			<a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="##help##"><?php echo _i('help'); ?></a>
 			</div></div>'>
 		<input type="hidden" name="_csrf" value="<?php echo FreshRSS_Auth::csrfToken(); ?>" />
 		<legend><?php echo _t('conf.sharing'); ?></legend>
@@ -38,7 +38,7 @@
 						<a href='#' class='remove btn btn-attention' data-remove="group-share-<?php echo $key; ?>"><?php echo _i('close'); ?></a>
 					</div>
 					<?php if ($share->formType() === 'advanced') { ?>
-						<a target="_blank" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a>
+						<a target="_blank" rel="noreferrer" class="btn" title="<?php echo _t('conf.sharing.more_information'); ?>" href="<?php echo $share->help(); ?>"><?php echo _i('help'); ?></a>
 					<?php } ?>
 				</div>
 			</div>

diff --git a/app/views/feed/add.phtml b/app/views/feed/add.phtml
@@ -30,7 +30,7 @@
 			<label class="group-name"><?php echo _t('sub.feed.website'); ?></label>
 			<div class="group-controls">
 				<?php echo $this->feed->website(); ?>
-				<a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
+				<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
 			</div>
 		</div>
 		<?php } ?>
@@ -40,9 +40,9 @@
 			<div class="group-controls">
 				<div class="stick">
 					<input type="text" name="url_rss" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" />
-					<a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
+					<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
 				</div>
-				<a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a>
+				<a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo $this->feed->url(); ?>"><?php echo _t('sub.feed.validator'); ?></a>
 			</div>
 		</div>
 		<div class="form-group">

diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml
@@ -37,7 +37,7 @@
 			<div class="group-controls">
 				<div class="stick">
 					<input type="text" name="website" id="website" class="extend" value="<?php echo $this->feed->website(); ?>" />
-					<a class="btn" target="_blank" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
+					<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->website(); ?>"><?php echo _i('link'); ?></a>
 				</div>
 			</div>
 		</div>
@@ -46,10 +46,10 @@
 			<div class="group-controls">
 				<div class="stick">
 					<input type="text" name="url" id="url" class="extend" value="<?php echo $this->feed->url(); ?>" />
-					<a class="btn" target="_blank" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
+					<a class="btn" target="_blank" rel="noreferrer" href="<?php echo $this->feed->url(); ?>"><?php echo _i('link'); ?></a>
 				</div>
 
-				<a class="btn" target="_blank" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a>
+				<a class="btn" target="_blank" rel="noreferrer" href="http://validator.w3.org/feed/check.cgi?url=<?php echo rawurlencode(htmlspecialchars_decode($this->feed->url(), ENT_QUOTES)); ?>"><?php echo _t('sub.feed.validator'); ?></a>
 			</div>
 		</div>
 		<div class="form-group">

diff --git a/app/views/helpers/index/normal/entry_bottom.phtml b/app/views/helpers/index/normal/entry_bottom.phtml
@@ -52,7 +52,7 @@
 						$share_options['title'] = $title;
 						$share->update($share_options);
 				?><li class="item share">
-					<a target="_blank" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a>
+					<a target="_blank" rel="noreferrer" href="<?php echo $share->url(); ?>"><?php echo $share->name(); ?></a>
 				</li><?php
 					}
 			?></ul>
@@ -81,6 +81,6 @@
 		?><li class="item date"><?php echo $this->entry->date(); ?></li><?php
 	}
 	if ($bottomline_link) {
-		?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php
+		?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php
 	} ?>
 </ul>
diff --git a/app/views/helpers/index/normal/entry_header.phtml b/app/views/helpers/index/normal/entry_header.phtml
@@ -27,7 +27,7 @@
 		}
 	}
 	?><li class="item website"><a href="<?php echo _url('index', 'index', 'get', 'f_' . $this->feed->id()); ?>"><img class="favicon" src="<?php echo $this->feed->favicon(); ?>" alt="✇" /> <span><?php echo $this->feed->name(); ?></span></a></li>
-	<li class="item title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li>
+	<li class="item title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></li>
 	<?php if ($topline_date) { ?><li class="item date"><?php echo $this->entry->date(); ?> </li><?php } ?>
-	<?php if ($topline_link) { ?><li class="item link"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?>
+	<?php if ($topline_link) { ?><li class="item link"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo _i('link'); ?></a></li><?php } ?>
 </ul>
diff --git a/app/views/index/normal.phtml b/app/views/index/normal.phtml
@@ -66,7 +66,7 @@ if (!empty($this->entries)) {
 
 		?><div class="flux_content">
 			<div class="content <?php echo $content_width; ?>">
-				<h1 class="title"><a target="_blank" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></h1>
+				<h1 class="title"><a target="_blank" rel="noreferrer" href="<?php echo $this->entry->link(); ?>"><?php echo $this->entry->title(); ?></a></h1>
 				<?php
 					$author = $this->entry->author();
 					echo $author != '' ? '<div class="author">' . _t('gen.short.by_author', $author) . '</div>' : '',

diff --git a/data/persona/.gitignore b/data/persona/.gitignore
diff --git a/data/persona/index.html b/data/persona/index.html
diff --git a/lib/Minz/ModelPdo.php b/lib/Minz/ModelPdo.php
@@ -53,15 +53,18 @@ public function __construct($currentUser = null) {
 		self::$sharedCurrentUser = $currentUser;
 
 		$driver_options = isset($conf->db['pdo_options']) && is_array($conf->db['pdo_options']) ? $conf->db['pdo_options'] : array();
+		$dbServer = parse_url('db://' . $db['host']);
 
 		try {
 			switch ($db['type']) {
 				case 'mysql':
-					$string = 'mysql:host=' . $db['host'] . ';dbname=' . $db['base'] . ';charset=utf8mb4';
+					$string = 'mysql:host=' . $dbServer['host'] . ';dbname=' . $db['base'] . ';charset=utf8mb4';
+					if (!empty($dbServer['port'])) {
+						$string .= ';port=' . $dbServer['port'];
+					}
 					$driver_options[PDO::MYSQL_ATTR_INIT_COMMAND] = 'SET NAMES utf8mb4';
 					$this->prefix = $db['prefix'] . $currentUser . '_';
 					$this->bd = new MinzPDOMySql($string, $db['user'], $db['password'], $driver_options);
-					//TODO Consider: $this->bd->exec("SET SESSION sql_mode = 'ANSI_QUOTES';");
 					break;
 				case 'sqlite':
 					$string = 'sqlite:' . join_path(DATA_PATH, 'users', $currentUser, 'db.sqlite');
@@ -70,7 +73,10 @@ public function __construct($currentUser = null) {
 					$this->bd->exec('PRAGMA foreign_keys = ON;');
 					break;
 				case 'pgsql':
-					$string = 'pgsql:host=' . $db['host'] . ';dbname=' . $db['base'];
+					$string = 'pgsql:host=' . $dbServer['host'] . ';dbname=' . $db['base'];
+					if (!empty($dbServer['port'])) {
+						$string .= ';port=' . $dbServer['port'];
+					}
 					$this->prefix = $db['prefix'] . $currentUser . '_';
 					$this->bd = new MinzPDOPGSQL($string, $db['user'], $db['password'], $driver_options);
 					$this->bd->exec("SET NAMES 'UTF8';");

diff --git a/p/scripts/main.js b/p/scripts/main.js
@@ -752,7 +752,7 @@ function init_stream(divStream) {
 	});
 
 	divStream.on('click', '.flux .content a', function () {
-		$(this).attr('target', '_blank');
+		$(this).attr('target', '_blank').attr('rel', 'noreferrer');
 	});
 
 	if (context.auto_mark_site) {

diff --git a/p/themes/base-theme/template.css b/p/themes/base-theme/template.css
@@ -807,6 +807,10 @@ input:checked + .slide-container .properties {
 	display: none;
 }
 
+.enclosure > [download] {
+	font-size: xx-large;
+	margin-left: .8em;
+}
 
 /*=== MOBILE */
 /*===========*/