-
Notifications
You must be signed in to change notification settings - Fork 57
/
Copy pathpreview.php
executable file
·101 lines (79 loc) · 3.37 KB
/
preview.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
// access configuration settings
require_once('feed2js_config.php');
// Get variables from input
$src = (isset($_GET['src'])) ? $_GET['src'] : '';
$chan = (isset($_GET['chan'])) ? $_GET['chan'] : 'y';
$num = (isset($_GET['num'])) ? $_GET['num'] : 0;
$desc = (isset($_GET['desc'])) ? $_GET['desc'] : 1;
$auth = (isset($_GET['au'])) ? 'y' : 'n';
$date = (isset($_GET['date'])) ? $_GET['date'] : 'n';
$tz = (isset($_GET['tz'])) ? $_GET['tz'] : 'feed';
$targ = (isset($_GET['targ'])) ? $_GET['targ'] : 'n';
$html = (isset($_GET['html'])) ? $_GET['html'] : 'n';
$utf = (isset($_GET['utf'])) ? $_GET['utf'] : 'y';
$rss_box_id = (isset($_GET['rss_box_id'])) ? $_GET['rss_box_id'] : '';
$pc = (isset($_GET['pc'])) ? $_GET['pc'] : 'n';
// test for malicious use of script tages
if (strpos($src, '<script>')) {
$src = preg_replace("/(\<script)(.*?)(script>)/si", "SCRIPT DELETED", "$src");
die("Warning! Attempt to inject javascript detected. Aborted and tracking log updated.");
}
// trap for missing src param for the feed, use a dummy one so it gets displayed.
if (!$src or (strpos($src, 'http://') !==0 and strpos($src, 'https://') !==0))
die('Feed URL missing, incomplete, or not valid. Must start with http:// or https:// and be a valid URL');
// update to full descriptions for html turned on
if ($html=='a') $desc = 0;
// build parameter string for the feed2js url
$options = '';
if ($chan != 'n') $options .= "&chan=$chan";
if ($num != 0) $options .= "&num=$num";
if ($desc != 0) $options .= "&desc=$desc";
if ($auth != 'n') $options .= "&au=$auth";
if ($date != 'n') $options .= "&date=$date";
if ($tz != 'feed') $options .= "&tz=$tz";
if ($targ != 'n') $options .= "&targ=$targ";
if ($html != 'n') $html_options = "&html=$html";
if ($utf == 'y') $options .= '&utf=y';
if ($rss_box_id != '') $options .= "&css=$rss_box_id";
if ($pc == 'y') $options .= '&pc=y';
$rss_str = "feed2js.php?src=" . urlencode($src) . $options . $html_options;
$noscript_rss_str = "feed2js.php?src=" . urlencode($src) . $options . '&html=y';
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en">
<head>
<?php
if ($utf== 'y') {
echo '<meta http-equiv="content-type" content="text/html; charset=utf-8">';
} else {
echo '<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">';
}
?>
<title>Feed Sneak Preview</title>
<link rel="stylesheet" href="style/basic1.css">
<style type="text/css">
body {background-color:#fff; margin: 12px;}
h1 { font-family: Verdana, Arial, Helvetica, sans-serif;
margin-bottom:0;}
p, li { font-family: Verdana, Arial, Helvetica, sans-serif; font-size: 13px; color:#444; margin:0 0 1em;}
</style>
<script src="popup.js" type="text/javascript" language="Javascript"></script>
</head>
<body>
<div id="main">
<h1>Look At Your Feed</h1>
<p>Below is a preview of your feed using a basic style (learn how to customize this via the Feed2JS style pages). If this looks like the correct content and display, close this window and use the <strong>Generate JavaScript</strong> button to create your own web page code.</p>
<script language="JavaScript" src="<?php echo $rss_str?>"></script>
<noscript>
<a href="<?php echo $noscript_rss_str?>">View Feed</a>
</noscript>
<div align="center">
<form>
<input type="button" value="Close Window" onClick="self.close()">
</form>
</div>
</div>
</body>
</html>