fail better if requested article URL is blank

3 years ago · eec5871f5f
parent d3940b6259
commit eec5871f5f
4 changed files with 27 additions and 24 deletions
--- a/classes/article.php
+++ b/classes/article.php
@ -5,7 +5,7 @@ class Article extends Handler_Protected {
 	const ARTICLE_KIND_YOUTUBE = 3;

 	function redirect() {
-		$id = clean($_REQUEST['id']);
+		$id = (int) clean($_REQUEST['id'] ?? 0);

 		$sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
 						WHERE id = ? AND id = ref_id AND owner_uid = ?
@ -13,11 +13,14 @@ class Article extends Handler_Protected {
        $sth->execute([$id, $_SESSION['uid']]);

 		if ($row = $sth->fetch()) {
-			$article_url = $row['link'];
-			$article_url = str_replace("\n", "", $article_url);
+			$article_url = UrlHelper::validate(str_replace("\n", "", $row['link']));

-			header("Location: $article_url");
-			return;
+			if ($article_url) {
+				header("Location: $article_url");
+			} else {
+				header($_SERVER["SERVER_PROTOCOL"]." 404 Not Found");
+				print "URL of article $id is blank.";
+			}

 		} else {
 			print_error(__("Article not found."));
@ -595,6 +598,21 @@ class Article extends Handler_Protected {
 			</div>";
 	}

+	function get_metadata_by_id() {
+		$id = clean($_REQUEST['id']);
+
+		$sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries
+			WHERE ref_id = ? AND ref_id = id AND owner_uid = ?");
+		$sth->execute([$id, $_SESSION['uid']]);
+
+		if ($row = $sth->fetch()) {
+			$link = $row['link'];
+			$title = $row['title'];
+
+			echo json_encode(["link" => $link, "title" => $title]);
+		}
+	}
+
 	static function get_article_enclosures($id) {

 		$pdo = Db::pdo();
--- a/classes/rpc.php
+++ b/classes/rpc.php
@ -382,23 +382,6 @@ class RPC extends Handler_Protected {
 		$sth->execute(array_merge($ids, [$_SESSION['uid']]));
 	}

-	function getlinktitlebyid() {
-		$id = clean($_REQUEST['id']);
-
-		$sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries
-			WHERE ref_id = ? AND ref_id = id AND owner_uid = ?");
-		$sth->execute([$id, $_SESSION['uid']]);
-
-		if ($row = $sth->fetch()) {
-			$link = $row['link'];
-			$title = $row['title'];
-
-			echo json_encode(array("link" => $link, "title" => $title));
-		} else {
-			echo json_encode(array("error" => "ARTICLE_NOT_FOUND"));
-		}
-	}
-
 	function log() {
 		$msg = clean($_REQUEST['msg']);
 		$file = basename(clean($_REQUEST['file']));
--- a/js/Article.js
+++ b/js/Article.js
@ -123,11 +123,13 @@ const Article = {
 		Article.setActive(0);
 	},
 	displayUrl: function (id) {
-		const query = {op: "rpc", method: "getlinktitlebyid", id: id};
+		const query = {op: "article", method: "get_metadata_by_id", id: id};

 		xhrJson("backend.php", query, (reply) => {
 			if (reply && reply.link) {
 				prompt(__("Article URL:"), reply.link);
+			} else {
+				alert(__("No URL could be displayed for this article."));
 			}
 		});
 	},
--- a/js/CommonFilters.js
+++ b/js/CommonFilters.js
@ -332,7 +332,7 @@ const	Filters = {

 						} else {

-							const query = {op: "rpc", method: "getlinktitlebyid", id: Article.getActive()};
+							const query = {op: "article", method: "get_metadata_by_id", id: Article.getActive()};

 							xhrPost("backend.php", query, (transport) => {
 								const reply = JSON.parse(transport.responseText);