From af120fdda3622c1e03570507cfb597b119a4ad4a Mon Sep 17 00:00:00 2001 From: ahaber Date: Wed, 22 Jan 2014 15:27:05 +0100 Subject: [PATCH 1/3] fix for issue #8 adds checks for file extension of referenced bibtexfiles --- .gitignore | 1 + bibtexbrowser.php | 4 ++++ 2 files changed, 5 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..d8fe4fa --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +/.project diff --git a/bibtexbrowser.php b/bibtexbrowser.php index af8c346..ddb281c 100755 --- a/bibtexbrowser.php +++ b/bibtexbrowser.php @@ -213,6 +213,10 @@ function _zetDB($bibtex_filenames) { set_magic_quotes_runtime(false); } + // get file extension to only allow .bib files + $ext = pathinfo($bib, PATHINFO_EXTENSION); + // this is a security protection + if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) { // default bib file, if no file is specified in the query string. if (!isset($bibtex_filenames) || $bibtex_filenames == "") { default_message(); From 275c1a41b5cc23a039b4b5c4f14dec81df60c00b Mon Sep 17 00:00:00 2001 From: ahaber Date: Wed, 22 Jan 2014 15:45:32 +0100 Subject: [PATCH 2/3] issue #9 Adds properties to also disable the links [pdf], [doi] and [gsid] --- bibtexbrowser.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/bibtexbrowser.php b/bibtexbrowser.php index ddb281c..6288293 100755 --- a/bibtexbrowser.php +++ b/bibtexbrowser.php @@ -86,6 +86,12 @@ function bibtexbrowser_configure($key, $value) { // do we add [bibtex] links ? // suggested by Sascha Schnepp @define('BIBTEXBROWSER_BIBTEX_LINKS',true); +// do we add [pdf] links ? +@define('BIBTEXBROWSER_PDF_LINKS',true); +// do we add [doi] links ? +@define('BIBTEXBROWSER_DOI_LINKS',true); +// do we add [gsid] links (Google Scholar)? +@define('BIBTEXBROWSER_GSID_LINKS',true); // should authors be linked to [none/homepage/resultpage] // none: nothing @@ -213,10 +219,6 @@ function _zetDB($bibtex_filenames) { set_magic_quotes_runtime(false); } - // get file extension to only allow .bib files - $ext = pathinfo($bib, PATHINFO_EXTENSION); - // this is a security protection - if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) { // default bib file, if no file is specified in the query string. if (!isset($bibtex_filenames) || $bibtex_filenames == "") { default_message(); @@ -231,8 +233,11 @@ function _zetDB($bibtex_filenames) { // ---------------------------- HANDLING unexistent files foreach(explode(MULTIPLE_BIB_SEPARATOR, $bibtex_filenames) as $bib) { + // get file extension to only allow .bib files + $ext = pathinfo($bib, PATHINFO_EXTENSION); // this is a security protection - if (BIBTEXBROWSER_LOCAL_BIB_ONLY && !file_exists($bib)) { + if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) { + // to automate dectection of faulty links with tools such as webcheck header('HTTP/1.1 404 Not found'); die('the bib file '.$bib.' does not exist !'); @@ -1483,15 +1488,17 @@ class BibEntry { $str .= " getKey()."\" {$href}>[bibtex]"; } - // returns an empty string if no url present - $str .= $this->getUrlLink(); + if (BIBTEXBROWSER_PDF_LINKS) { + // returns an empty string if no url present + $str .= $this->getUrlLink(); + } - if ($this->hasField('doi')) { + if (BIBTEXBROWSER_DOI_LINKS && $this->hasField('doi')) { $str .= ' [doi]'; } // Google Scholar ID - if ($this->hasField('gsid')) { + if (BIBTEXBROWSER_GSID_LINKS && $this->hasField('gsid')) { $str .= ' [cites]'; } From 0092442d838ffd95977b718c9d06f87324e48aeb Mon Sep 17 00:00:00 2001 From: ahaber Date: Thu, 30 Jan 2014 13:51:50 +0100 Subject: [PATCH 3/3] preserve ENCODING in text2rss() while decoding characters encoded by latex2html --- bibtexbrowser.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/bibtexbrowser.php b/bibtexbrowser.php index 6288293..5d1c01d 100755 --- a/bibtexbrowser.php +++ b/bibtexbrowser.php @@ -3424,8 +3424,8 @@ class RSSDisplay { // first strip HTML tags $desc = strip_tags($desc); - // then decode characters encoded by latex2html - $desc= html_entity_decode($desc); + // then decode characters encoded by latex2html, preserve ENCODING + $desc = html_entity_decode($desc, ENT_COMPAT, ENCODING); // some entities may still be here, we remove them // we replace html entities e.g. é by nothing