Add token for the bookmarklet
This commit is contained in:
parent
4071b2bd2b
commit
3e1229a4d1
@ -218,14 +218,19 @@ Router\get_action('add', function() {
|
|||||||
// Add a feed with the form or directly from the url, it can be used by a bookmarklet by example
|
// Add a feed with the form or directly from the url, it can be used by a bookmarklet by example
|
||||||
Router\action('subscribe', function() {
|
Router\action('subscribe', function() {
|
||||||
|
|
||||||
if (Request\param('url')) {
|
if (Request\is_post()) {
|
||||||
$values = array();
|
|
||||||
$url = Request\param('url');
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
$values = Request\values();
|
$values = Request\values();
|
||||||
$url = isset($values['url']) ? $values['url'] : '';
|
$url = isset($values['url']) ? $values['url'] : '';
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$values = array();
|
||||||
|
$url = Request\param('url');
|
||||||
|
$token = Request\param('token');
|
||||||
|
|
||||||
|
if ($token !== Model\Config\get('bookmarklet_token')) {
|
||||||
|
Response\text('Access Forbidden', 403);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$values += array('download_content' => 0);
|
$values += array('download_content' => 0);
|
||||||
$url = trim($url);
|
$url = trim($url);
|
||||||
|
@ -8,7 +8,7 @@ use PicoDb\Database;
|
|||||||
use PicoFeed\Config as ReaderConfig;
|
use PicoFeed\Config as ReaderConfig;
|
||||||
use PicoFeed\Logging;
|
use PicoFeed\Logging;
|
||||||
|
|
||||||
const DB_VERSION = 25;
|
const DB_VERSION = 26;
|
||||||
const HTTP_USER_AGENT = 'Miniflux (http://miniflux.net)';
|
const HTTP_USER_AGENT = 'Miniflux (http://miniflux.net)';
|
||||||
|
|
||||||
// Get PicoFeed config
|
// Get PicoFeed config
|
||||||
@ -155,7 +155,7 @@ function get_nothing_to_read_redirections()
|
|||||||
function generate_token()
|
function generate_token()
|
||||||
{
|
{
|
||||||
if (function_exists('openssl_random_pseudo_bytes')) {
|
if (function_exists('openssl_random_pseudo_bytes')) {
|
||||||
return bin2hex(\openssl_random_pseudo_bytes(16));
|
return bin2hex(\openssl_random_pseudo_bytes(25));
|
||||||
}
|
}
|
||||||
else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
|
else if (ini_get('open_basedir') === '' && strtoupper(substr(PHP_OS, 0, 3)) !== 'WIN') {
|
||||||
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
|
return hash('sha256', file_get_contents('/dev/urandom', false, null, 0, 30));
|
||||||
@ -170,6 +170,7 @@ function new_tokens()
|
|||||||
$values = array(
|
$values = array(
|
||||||
'api_token' => generate_token(),
|
'api_token' => generate_token(),
|
||||||
'feed_token' => generate_token(),
|
'feed_token' => generate_token(),
|
||||||
|
'bookmarklet_token' => generate_token(),
|
||||||
);
|
);
|
||||||
|
|
||||||
return Database::get('db')->table('config')->update($values);
|
return Database::get('db')->table('config')->update($values);
|
||||||
@ -232,6 +233,7 @@ function get_all()
|
|||||||
'theme',
|
'theme',
|
||||||
'api_token',
|
'api_token',
|
||||||
'feed_token',
|
'feed_token',
|
||||||
|
'bookmarklet_token',
|
||||||
'auth_google_token',
|
'auth_google_token',
|
||||||
'auth_mozilla_token',
|
'auth_mozilla_token',
|
||||||
'items_sorting_direction',
|
'items_sorting_direction',
|
||||||
|
@ -3,6 +3,12 @@
|
|||||||
namespace Schema;
|
namespace Schema;
|
||||||
|
|
||||||
|
|
||||||
|
function version_26($pdo)
|
||||||
|
{
|
||||||
|
$pdo->exec('ALTER TABLE config ADD COLUMN bookmarklet_token TEXT DEFAULT "'.\Model\Config\generate_token().'"');
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
function version_25($pdo)
|
function version_25($pdo)
|
||||||
{
|
{
|
||||||
$pdo->exec(
|
$pdo->exec(
|
||||||
|
@ -73,7 +73,7 @@
|
|||||||
<ul>
|
<ul>
|
||||||
<li>
|
<li>
|
||||||
<?= t('Bookmarklet:') ?>
|
<?= t('Bookmarklet:') ?>
|
||||||
<a href="javascript:location.href='<?= Helper\get_current_base_url() ?>?action=subscribe&url='+encodeURIComponent(location.href)"><?= t('Subscribe with Miniflux') ?></a> (<?= t('Drag and drop this link to your bookmarks') ?>)
|
<a href="javascript:location.href='<?= Helper\get_current_base_url() ?>?action=subscribe&token=<?= urlencode($values['bookmarklet_token']) ?>&url='+encodeURIComponent(location.href)"><?= t('Subscribe with Miniflux') ?></a> (<?= t('Drag and drop this link to your bookmarks') ?>)
|
||||||
<li>
|
<li>
|
||||||
<?= t('Bookmarks RSS Feed:') ?>
|
<?= t('Bookmarks RSS Feed:') ?>
|
||||||
<a href="<?= Helper\get_current_base_url().'?action=bookmark-feed&token='.urlencode($values['feed_token']) ?>" target="_blank"><?= Helper\get_current_base_url().'?action=bookmark-feed&token='.urlencode($values['feed_token']) ?></a>
|
<a href="<?= Helper\get_current_base_url().'?action=bookmark-feed&token='.urlencode($values['feed_token']) ?>" target="_blank"><?= Helper\get_current_base_url().'?action=bookmark-feed&token='.urlencode($values['feed_token']) ?></a>
|
||||||
|
6
vendor/PicoFarad/Request.php
vendored
6
vendor/PicoFarad/Request.php
vendored
@ -76,3 +76,9 @@ function file_move($field, $destination)
|
|||||||
move_uploaded_file($_FILES[$field]['tmp_name'], $destination);
|
move_uploaded_file($_FILES[$field]['tmp_name'], $destination);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function is_post()
|
||||||
|
{
|
||||||
|
return isset($_SERVER['REQUEST_METHOD']) && $_SERVER['REQUEST_METHOD'] === 'POST';
|
||||||
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user