mirror of
https://code.mensbeam.com/MensBeam/Arsse.git
synced 2024-12-22 21:22:40 +00:00
Consolidate subscription icon querying
Users and tests still need adjusting
This commit is contained in:
parent
4fc208d940
commit
dd1a80f279
1 changed files with 13 additions and 30 deletions
|
@ -911,30 +911,6 @@ class Database {
|
||||||
return $out ? array_column($out, $field) : [];
|
return $out ? array_column($out, $field) : [];
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Retrieves the URL of the icon for a subscription.
|
|
||||||
*
|
|
||||||
* Note that while the $user parameter is optional, it
|
|
||||||
* is NOT recommended to omit it, as this can lead to
|
|
||||||
* leaks of private information. The parameter is only
|
|
||||||
* optional because this is required for Tiny Tiny RSS,
|
|
||||||
* the original implementation of which leaks private
|
|
||||||
* information due to a design flaw.
|
|
||||||
*
|
|
||||||
* @param integer $id The numeric identifier of the subscription
|
|
||||||
* @param string|null $user The user who owns the subscription being queried
|
|
||||||
*/
|
|
||||||
public function subscriptionFavicon(int $id, string $user = null): string {
|
|
||||||
$q = new Query("SELECT i.url as favicon from arsse_feeds as f left join arsse_icons as i on i.id = f.icon join arsse_subscriptions as s on s.feed = f.id");
|
|
||||||
$q->setWhere("s.id = ?", "int", $id);
|
|
||||||
if (isset($user)) {
|
|
||||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
|
||||||
}
|
|
||||||
$q->setWhere("s.owner = ?", "str", $user);
|
|
||||||
}
|
|
||||||
return (string) $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues())->getValue();
|
|
||||||
}
|
|
||||||
|
|
||||||
/** Retrieves detailed information about the icon for a subscription.
|
/** Retrieves detailed information about the icon for a subscription.
|
||||||
*
|
*
|
||||||
* The returned information is:
|
* The returned information is:
|
||||||
|
@ -944,16 +920,23 @@ class Database {
|
||||||
* - "type": The Content-Type of the icon e.g. "image/png"
|
* - "type": The Content-Type of the icon e.g. "image/png"
|
||||||
* - "data": The icon itself, as a binary sring; if $withData is false this will be null
|
* - "data": The icon itself, as a binary sring; if $withData is false this will be null
|
||||||
*
|
*
|
||||||
* @param string $user The user whose subscription icon is to be retrieved
|
* @param string|null $user The user who owns the subscription being queried; using null here is supported for TT-RSS and SHOULD NOT be used elsewhere as it leaks information
|
||||||
* @param int $subscription The numeric identifier of the subscription
|
* @param int $subscription The numeric identifier of the subscription
|
||||||
|
* @param bool $includeData Whether to include the binary data of the icon itself in the result
|
||||||
*/
|
*/
|
||||||
public function subscriptionIcon(string $user, int $subscription): array {
|
public function subscriptionIcon(?string $user, int $id, bool $includeData = true): array {
|
||||||
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
$data = $includeData ? "i.data" : "null as data";
|
||||||
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
$q = new Query("SELECT i.id, i.url, i.type, $data from arsse_icons as i join arsse_feeds as f on i.id = f.icon join arsse_subscriptions as s on s.feed = f.id");
|
||||||
|
$q->setWhere("s.id = ?", "int", $id);
|
||||||
|
if (isset($user)) {
|
||||||
|
if (!Arsse::$user->authorize($user, __FUNCTION__)) {
|
||||||
|
throw new User\ExceptionAuthz("notAuthorized", ["action" => __FUNCTION__, "user" => $user]);
|
||||||
|
}
|
||||||
|
$q->setWhere("s.owner = ?", "str", $user);
|
||||||
}
|
}
|
||||||
$out = $this->db->prepare("SELECT i.id, i.url, i.type, i.data from arsse_icons as i join arsse_feeds as f on i.id = f.icon join arsse_subscriptions as s on s.feed = f.id where s.owner = ? and s.id = ?", "str", "int")->run($user, $subscription)->getRow();
|
$out = $this->db->prepare($q->getQuery(), $q->getTypes())->run($q->getValues())->getRow();
|
||||||
if (!$out) {
|
if (!$out) {
|
||||||
throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "subscription", 'id' => $subscription]);
|
throw new Db\ExceptionInput("idMissing", ["action" => __FUNCTION__, "field" => "subscription", 'id' => $id]);
|
||||||
}
|
}
|
||||||
return $out;
|
return $out;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue