Commit 50633ad8 authored by Malcolm Blaney's avatar Malcolm Blaney

Renamed rss.php function page_modified to page_not_modified to make

role clearer and added missing Cache-Control header which stopped
If-Modified-Since header being sent from browsers. Copied to
page.php so that caching can also be done for h-feeds.
parent 0116e95a
Pipeline #36367668 passed with stage
in 1 minute and 15 seconds
......@@ -15,7 +15,7 @@
// You should have received a copy of the GNU Affero General Public License
// along with this program. If not, see <http://www.gnu.org/licenses/>.
function page_modified($username, $page, $action) {
function page_not_modified($username, $page, $action) {
$timestamp = 0;
$mysqli = connect_db();
$query = 'SELECT timestamp FROM page_updates WHERE ' .
......@@ -28,14 +28,15 @@ function page_modified($username, $page, $action) {
$result->close();
}
else {
log_db('page_modified: ' . $mysqli->error);
log_db('page_not_modified: ' . $mysqli->error);
}
$mysqli->close();
header('Cache-Control: private, must-revalidate');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s T', $timestamp));
// Always report that the page has been modified if the header isn't set.
if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return true;
return $timestamp > strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return false;
return $timestamp <= strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
}
function rss($username) {
......@@ -50,7 +51,7 @@ function rss($username) {
if (isset($_GET['action'])) {
$action = $mysqli->escape_string($_GET['action']);
}
if (!page_modified($username, $page, $action)) {
if (page_not_modified($username, $page, $action)) {
$mysqli->close();
header('HTTP/1.1 304 Not Modified');
return;
......
......@@ -59,6 +59,19 @@ class Page {
else header('Location: ' . $this->Url($this->user->config->Unavailable()));
}
private function DefaultPage($name = '') {
if ($name === '') $name = $this->user->config->LoginPage();
// Override current scheme if secure is true in config.
$secure = $this->user->config->Secure();
// If not logged in user->name will be an empty string.
if ($this->user->name === 'admin' || $this->user->name === '') {
header('Location: ' . $this->Url($name, 'admin', $secure));
}
else {
header('Location: ' . $this->Url($name, $this->user->name, $secure));
}
}
private function Display() {
$content = ['outside' => '', 'header' => '', 'left' => '', 'right' => '',
'middle' => '', 'footer' => ''];
......@@ -145,14 +158,14 @@ class Page {
}
$mysqli->close();
$title = $this->owner === 'admin' ?
$this->name : $this->owner . '/' . $this->name;
$title = $this->user->config->TitleIncludesPage() ?
$title . ' - ' . $this->user->config->Title() :
$this->user->config->Title();
$feed = '';
$h_feed = '';
if ($post_feed) {
if ($this->NotModified($this->owner, $this->name, 'feed')) {
header('HTTP/1.1 304 Not Modified');
return;
}
// WebSub headers are provided for the html version of the feed, which
// requires the reader module to be installed (because it handles the
// callbacks), but not on the current page because it also handles item
......@@ -171,15 +184,26 @@ class Page {
$h_feed = ' h-feed';
}
if ($comment_feed) {
if ($this->NotModified($this->owner, $this->name, 'comment')) {
header('HTTP/1.1 304 Not Modified');
return;
}
$feed .= '<link rel="alternate" type="application/rss+xml" ' .
'title="new comments" href="rss/index.php?page=' . $this->name .
'&action=comment">' . "\n";
}
header('X-Frame-Options: DENY');
$title = $this->owner === 'admin' ?
$this->name : $this->owner . '/' . $this->name;
$title = $this->user->config->TitleIncludesPage() ?
$title . ' - ' . $this->user->config->Title() :
$this->user->config->Title();
// Always create a token to send back with requests, but re-use the
// current one if it exists so that user's can have multiple pages open.
if (!isset($_SESSION['token'])) {
$_SESSION['token'] = md5(mt_rand() . mt_rand());
$_SESSION['token'] = bin2hex(openssl_random_pseudo_bytes(16));
}
echo '<!DOCTYPE html>' . "\n" .
......@@ -219,27 +243,56 @@ class Page {
'</html>';
}
private function Stylesheets() {
$stylesheets = '';
$theme = $this->user->config->Theme();
if ($this->owner === 'admin') {
$stylesheets .= '<link rel="stylesheet" href="3rdparty.css">' . "\n" .
'<link rel="stylesheet" href="themes/' . $theme . '/theme.css">' . "\n".
'<link rel="stylesheet" href="site.css">' . "\n";
private function NotModified($username, $page, $action) {
$timestamp = 0;
$mysqli = connect_db();
$query = 'SELECT timestamp FROM page_updates WHERE ' .
'user = "' . $username . '" AND page = "' . $page . '" AND ' .
'action = "' . $action . '"';
if ($result = $mysqli->query($query)) {
if ($page_updates = $result->fetch_assoc()) {
$timestamp = $page_updates['timestamp'];
}
$result->close();
}
else {
$stylesheets .= '<link rel="stylesheet" href="../3rdparty.css">' . "\n" .
'<link rel="stylesheet" href="../themes/' . $theme .'/theme.css">'."\n".
'<link rel="stylesheet" href="../site.css">' . "\n";
log_db('Page->NotModified: ' . $mysqli->error);
}
if (file_exists('style.css')) {
$stylesheets .= '<link rel="stylesheet" href="style.css">' . "\n";
$mysqli->close();
header('Cache-Control: private, must-revalidate');
header('Last-Modified: ' . gmdate('D, d M Y H:i:s T', $timestamp));
// Always report that the page has been modified if the header isn't set.
if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) return false;
return $timestamp <= strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']);
}
private function Permission() {
if ($this->user->canEditPage ||
$this->user->canCopyPage ||
$this->user->canViewPage) {
return true;
}
if (file_exists($this->name . '.css')) {
$stylesheets .=
'<link rel="stylesheet" href="' . $this->name . '.css">' . "\n";
// Don't check permission for the page that user's are directed to
// when permission is not granted for the referring page.
if ($this->name === $this->user->config->Unavailable()) return true;
$published_page = false;
$mysqli = connect_db();
$query = 'SELECT published FROM published WHERE ' .
'user = "' . $this->owner . '" AND page = "' . $this->name . '"';
if ($result = $mysqli->query($query)) {
if ($published = $result->fetch_assoc()) {
$published_page = $published['published'] === '1';
}
$result->close();
}
return $stylesheets;
else {
log_db('Page->Permission: ' . $mysqli->error);
}
$mysqli->close();
return $published_page;
}
private function Scripts($include_scripts) {
......@@ -277,45 +330,27 @@ class Page {
'<script type="text/javascript" src="/js/dobrado.pub.js"></script>' ."\n";
}
private function DefaultPage($name = '') {
if ($name === '') $name = $this->user->config->LoginPage();
// Override current scheme if secure is true in config.
$secure = $this->user->config->Secure();
// If not logged in user->name will be an empty string.
if ($this->user->name === 'admin' || $this->user->name === '') {
header('Location: ' . $this->Url($name, 'admin', $secure));
private function Stylesheets() {
$stylesheets = '';
$theme = $this->user->config->Theme();
if ($this->owner === 'admin') {
$stylesheets .= '<link rel="stylesheet" href="3rdparty.css">' . "\n" .
'<link rel="stylesheet" href="themes/' . $theme . '/theme.css">' . "\n".
'<link rel="stylesheet" href="site.css">' . "\n";
}
else {
header('Location: ' . $this->Url($name, $this->user->name, $secure));
}
}
private function Permission() {
if ($this->user->canEditPage ||
$this->user->canCopyPage ||
$this->user->canViewPage) {
return true;
$stylesheets .= '<link rel="stylesheet" href="../3rdparty.css">' . "\n" .
'<link rel="stylesheet" href="../themes/' . $theme .'/theme.css">'."\n".
'<link rel="stylesheet" href="../site.css">' . "\n";
}
// Don't check permission for the page that user's are directed to
// when permission is not granted for the referring page.
if ($this->name === $this->user->config->Unavailable()) return true;
$published_page = false;
$mysqli = connect_db();
$query = 'SELECT published FROM published WHERE ' .
'user = "' . $this->owner . '" AND page = "' . $this->name . '"';
if ($result = $mysqli->query($query)) {
if ($published = $result->fetch_assoc()) {
$published_page = $published['published'] === '1';
}
$result->close();
if (file_exists('style.css')) {
$stylesheets .= '<link rel="stylesheet" href="style.css">' . "\n";
}
else {
log_db('Page->Permission: ' . $mysqli->error);
if (file_exists($this->name . '.css')) {
$stylesheets .=
'<link rel="stylesheet" href="' . $this->name . '.css">' . "\n";
}
$mysqli->close();
return $published_page;
return $stylesheets;
}
private function Url($name, $owner = 'admin', $secure = false) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment