From af120fdda3622c1e03570507cfb597b119a4ad4a Mon Sep 17 00:00:00 2001
From: ahaber <haber@se-rwth.de>
Date: Wed, 22 Jan 2014 15:27:05 +0100
Subject: [PATCH 1/3] fix for issue #8

adds checks for file extension of referenced bibtexfiles
---
 .gitignore        | 1 +
 bibtexbrowser.php | 4 ++++
 2 files changed, 5 insertions(+)
 create mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..d8fe4fa
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+/.project
diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index af8c346..ddb281c 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -213,6 +213,10 @@ function _zetDB($bibtex_filenames) {
       set_magic_quotes_runtime(false);
   }
   
+  // get file extension to only allow .bib files
+  $ext = pathinfo($bib, PATHINFO_EXTENSION);
+  // this is a security protection
+  if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) {
   // default bib file, if no file is specified in the query string.
   if (!isset($bibtex_filenames) || $bibtex_filenames == "") {
     default_message();

From 275c1a41b5cc23a039b4b5c4f14dec81df60c00b Mon Sep 17 00:00:00 2001
From: ahaber <haber@se-rwth.de>
Date: Wed, 22 Jan 2014 15:45:32 +0100
Subject: [PATCH 2/3] issue #9 Adds properties to also disable the links [pdf],
 [doi] and [gsid]

---
 bibtexbrowser.php | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index ddb281c..6288293 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -86,6 +86,12 @@ function bibtexbrowser_configure($key, $value) {
 // do we add [bibtex] links ?
 // suggested by Sascha Schnepp
 @define('BIBTEXBROWSER_BIBTEX_LINKS',true);
+// do we add [pdf] links ?
+@define('BIBTEXBROWSER_PDF_LINKS',true);
+// do we add [doi] links ?
+@define('BIBTEXBROWSER_DOI_LINKS',true);
+// do we add [gsid] links (Google Scholar)?
+@define('BIBTEXBROWSER_GSID_LINKS',true);
 
 // should authors be linked to [none/homepage/resultpage]
 // none: nothing
@@ -213,10 +219,6 @@ function _zetDB($bibtex_filenames) {
       set_magic_quotes_runtime(false);
   }
   
-  // get file extension to only allow .bib files
-  $ext = pathinfo($bib, PATHINFO_EXTENSION);
-  // this is a security protection
-  if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) {
   // default bib file, if no file is specified in the query string.
   if (!isset($bibtex_filenames) || $bibtex_filenames == "") {
     default_message();
@@ -231,8 +233,11 @@ function _zetDB($bibtex_filenames) {
   // ---------------------------- HANDLING unexistent files
   foreach(explode(MULTIPLE_BIB_SEPARATOR, $bibtex_filenames) as $bib) {
   
+    // get file extension to only allow .bib files
+    $ext = pathinfo($bib, PATHINFO_EXTENSION);
     // this is a security protection
-    if (BIBTEXBROWSER_LOCAL_BIB_ONLY && !file_exists($bib)) {
+    if (BIBTEXBROWSER_LOCAL_BIB_ONLY && (!file_exists($bib) || strcasecmp($ext, 'bib') != 0)) {
+
      // to automate dectection of faulty links with tools such as webcheck
      header('HTTP/1.1 404 Not found');
      die('<b>the bib file '.$bib.' does not exist !</b>');
@@ -1483,15 +1488,17 @@ class BibEntry {
       $str .= " <a".(BIBTEXBROWSER_BIB_IN_NEW_WINDOW?' target="_blank" ':'')." class=\"biburl\" title=\"".$this->getKey()."\" {$href}>[bibtex]</a>";
     }
 
-    // returns an empty string if no url present
-    $str .= $this->getUrlLink();
+    if (BIBTEXBROWSER_PDF_LINKS) {
+      // returns an empty string if no url present
+      $str .= $this->getUrlLink();
+    }
 
-    if ($this->hasField('doi')) {
+    if (BIBTEXBROWSER_DOI_LINKS && $this->hasField('doi')) {
       $str .= ' <a href="http://dx.doi.org/'.$this->getField("doi").'">[doi]</a>';
     }
 
     // Google Scholar ID
-    if ($this->hasField('gsid')) {
+    if (BIBTEXBROWSER_GSID_LINKS && $this->hasField('gsid')) {
       $str .= ' <a href="http://scholar.google.com/scholar?cites='.$this->getField("gsid").'">[cites]</a>';
     }
 

From 0092442d838ffd95977b718c9d06f87324e48aeb Mon Sep 17 00:00:00 2001
From: ahaber <haber@se-rwth.de>
Date: Thu, 30 Jan 2014 13:51:50 +0100
Subject: [PATCH 3/3] preserve ENCODING in text2rss() while decoding characters
 encoded by latex2html

---
 bibtexbrowser.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/bibtexbrowser.php b/bibtexbrowser.php
index 6288293..5d1c01d 100755
--- a/bibtexbrowser.php
+++ b/bibtexbrowser.php
@@ -3424,8 +3424,8 @@ class RSSDisplay {
     // first strip HTML tags 
     $desc = strip_tags($desc);
   
-    // then decode characters encoded by latex2html
-    $desc= html_entity_decode($desc);
+    // then decode characters encoded by latex2html, preserve ENCODING
+    $desc = html_entity_decode($desc, ENT_COMPAT, ENCODING);
 
     // some entities may still be here, we remove them
     // we replace html entities e.g. &eacute; by nothing