The use of another RSS Reader beyond CFX-Newsgrabber

Posted: Sat Aug 28, 2004 11:19 pm

Hi folks

Well, after playing with my code all day, I've discovered what most probably already knew, that the problems I'm having with RSS formatting are directly related to the Newsgrabber integrated with Nuke.

Anyway, I'm wondering if anyone has had any success integrating any other "includes" or module functioning News Reader such as the previously discussed Magpie RSS Reader (http://magpierss.sourceforge.net/) or any other solution.

The bottom line is that I can read UTF-8 code fairly well, but any other formats are giving problems. Even Raven's feeds aren't coming out right with periods stripped out as well as a few other problems.

Depending on the feed format, it either looks bad, or real bad. (See my site for a few examples). Also, it probably wouldn't hurt to also look at my other post that goes into some details about the problems with various types of feeds which can be found at: [ Only registered users can see links on this board! Get registered or login! ]

Last (But not least) I also noticed that the Newsfeed module has ZERO protection against intrusion or direct file access. I'm not sure if this is just an oversight or what the deal is, but given what it does, I'm thinking there should be something in there.

Anyway... Ideas anyone?

Thanks!

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

64bitguy wrote:

Even Raven's feeds aren't coming out right with periods stripped out as well as a few other problems.

How about now?

Posted: Mon Aug 30, 2004 12:35 pm

Yeah, Unfortunately, l'm Still seeing it the same way.

To check for yourself, you can simply visit.
[ Only registered users can see links on this board! Get registered or login! ]

This will show you how news formatted using the various methods/standards comes out in 7.4 patched 2.5.

Thanks

Posted: Mon Aug 30, 2004 1:17 pm

Goto Your_Account and type the backend.php url into the nuke rss news reader. What's the result?

Posted: Mon Aug 30, 2004 1:25 pm

When I read my news (http://64bit.us/backend.php) it looks fine. Please keep in mind that I have no periods or single quotes in any of my news stories!

When I read your news (http://www.ravenphpscripts.com/backend.php) I get the exact same format that appears in my Syndicated News feeds which shows all periods and ( ) stripped out, etc...

Quote:

AmNuke Net tops 1000 Members
TB2 Swishmax SQL Banner MenuLogo
The modified PH2 Theme available at Lorkan Themes FREE
The Amazing Swenpaper
Show Forum Group Memberships_74
PALConditional_Blocks_Nuke_74
Modules_Tweak_for_nuke74
Compare Nuke Security Tools
64BITUS Release Enhanced Statistics Module 11b
Nuke Gangsta This distro may not be for you

Posted: Mon Aug 30, 2004 1:38 pm

UPDATE:

Things just keep getting stranger.
I went ahead and created a new news article with all of the things in question. My site is reading that article just fine both in My_Account and in the syndicated news module. What bothers me is that I pointed out that there are many differences between this and what Bob was posting (in a PM that I sent to Bob after he posted a completely different backend.php to use relative to others reporting Sentinel problems) and he later pointed out that my assumptions that those differences between what he posted and the Chatserv version (below) of backend.php potentially causing problems is false, and that I shouldn't be using this, but rather what he posted.. Now I'm wondering.

Please remember that my backend.php looks like this:

Code:

<?php





/************************************************************************/


/* PHP-NUKE: Advanced Content Management System                         */


/* ============================================                         */


/*                                                                      */


/* Copyright (c) 2002 by Francisco Burzi                                */


/* http://phpnuke.org                                                   */


/*                                                                      */


/* This program is free software. You can redistribute it and/or modify */


/* it under the terms of the GNU General Public License as published by */


/* the Free Software Foundation; either version 2 of the License.       */


/*                                                                      */


/************************************************************************/


/* Additional security checking code 2003 by chatserv                   */


/* http://www.nukefixes.com -- http://www.nukeresources.com             */


/************************************************************************/





//include("mainfile.php"); 


require_once("config.php"); 


require_once("db/db.php"); 


$row = $db->sql_fetchrow($db->sql_query("SELECT * FROM ".$prefix."_config")); 


$sitename = $row[sitename]; 


$nukeurl = $row[nukeurl]; 


$backend_title = $row[backend_title]; 


$backend_language = $row[backend_language]; 





header("Content-Type: application/rss+xml");


    $cat = intval($cat);


if ($cat != "") {


    $catid = $db->sql_fetchrow($db->sql_query("SELECT catid FROM ".$prefix."_stories_cat WHERE title LIKE '%$cat%' LIMIT 1"));


    if ($catid == "") {


   $result = $db->sql_query("SELECT sid, title FROM ".$prefix."_stories ORDER BY sid DESC LIMIT 10");


    } else {


   $catid = intval($catid);


   $result = $db->sql_query("SELECT sid, title FROM ".$prefix."_stories WHERE catid='$catid' ORDER BY sid DESC LIMIT 10");


    }


} else {


    $result = $db->sql_query("SELECT sid, title FROM ".$prefix."_stories ORDER BY sid DESC LIMIT 10");


}





echo "<?xml version=\"1.0\" encoding=\"ISO-8859-1\"?>\n\n";


echo "<!DOCTYPE rss PUBLIC \"-//Netscape Communications//DTD RSS 0.91//EN\"\n";


echo " \"http://my.netscape.com/publish/formats/rss-0.91.dtd\">\n\n";


echo "<rss version=\"0.91\">\n\n";


echo "<channel>\n";


echo "<title>".htmlspecialchars($sitename)."</title>\n";


echo "<link>$nukeurl</link>\n";


echo "<description>".htmlspecialchars($backend_title)."</description>\n";


echo "<language>$backend_language</language>\n\n";





while ($row = $db->sql_fetchrow($result)) {


    $rsid = intval($row['sid']);


    $rtitle = $row['title'];


    echo "<item>\n";


    echo "<title>".htmlspecialchars($rtitle)."</title>\n";


    echo "<link>$nukeurl/modules.php?name=News&amp;file=article&amp;sid=$rsid</link>\n";


    echo "</item>\n\n";


}


echo "</channel>\n";


echo "</rss>";





?>

Both the Your_Account and Syndicated news are displaying it correctly as:

Quote:

News From This Site
[ Only registered users can see links on this board! Get registered or login! ]

This Is A Test. This, is only a "$test" of (Test's):
New Enhanced Statistics Module Released
Hackers Beware! The FBI Begins Major Crackdown!
Syndicated News Module Released
Your Account Module Being Reworked
Gopher: Underground Technology
Data Disclosure Contradicts Feds
Sun gambles big on future chip design
E-mail fingerprinting attacks bounce storms
Space Celebration Circles Globe

Posted: Mon Aug 30, 2004 1:50 pm

Strange is it do do with the line
header("Content-Type: application/rss+xml");
vs
header("Content-Type: text/xml");

?

Posted: Mon Aug 30, 2004 1:56 pm

No.

I made the change you indicated above in my backend.php and it had no impact. AT LEAST RELATIVE to how my site is reading news from my site.

I'll leave that change intact and published as backend2.php for a while so others can test if they so choose.

My original backend.php (as posted above) will stay as posted for continual testing.

Posted: Mon Aug 30, 2004 2:05 pm

Try it now.

Posted: Mon Aug 30, 2004 2:14 pm

YOU GOT IT! FIXED!

What did you do?

Posted: Mon Aug 30, 2004 2:19 pm

For right now I used yours. I will dig deeper when I can.

Posted: Mon Aug 30, 2004 2:34 pm

Okay and thanks!

I should point out that I have no idea if my backend.php has any problems relative to Sentinel.

Tthe fact is, the first part of it is that way because of problems reported about Sentinel by others. I didn't have those problems, but I changed it because of Bob's first posts about the problems.

So if there ARE Sentinel problems OR if you are somehow exposed by having it this way, I don't know about it so care should be used until the security of this configuration can be confirmed one way or another.

Thanks for the help Raven!
RavensScripts

Posted: Mon Aug 30, 2004 2:41 pm

Sentinel shouldn't be entering in as mainfile.php is commented out.

Posted: Mon Aug 30, 2004 2:50 pm

Correct. As I said above. But what I don't know is, if Sentinal is NOT monitoring this file, does that situation create any kind of potential Site/Security exposure.

Posted: Mon Aug 30, 2004 3:34 pm

It is patched quite well.

Posted: Mon Aug 30, 2004 10:51 pm

Couple of [possibly] timely articles [ Only registered users can see links on this board! Get registered or login! ] [ Only registered users can see links on this board! Get registered or login! ]

Posted: Tue Aug 31, 2004 2:50 pm

Last thing... The TM (used in Sentinel news posts) is coming out with an extra symbol (comes out as Â™ ). Any ideas on how to strip that extra-symbol out?

Posted: Tue Aug 31, 2004 3:08 pm

This one off phpnet worked pretty slick I thought. I added the little bit at the end to strip out multi spaces. I played with some that used

Code:




function superhtmlentities($text) {


        // Thanks to mirrorball_girl for this


        $entities = array(128 => 'euro', 130 => 'sbquo', 131 => 'fnof', 132 => 'bdquo', 133 => 'hellip', 134 => 'dagger', 135 => 'Dagger', 136 => 'circ', 137 => 'permil', 138 => 'Scaron', 139 => 'lsaquo', 140 => 'OElig', 145 => 'lsquo', 146 => 'rsquo', 147 => 'ldquo', 148 => 'rdquo', 149 => 'bull', 150 => '#45', 151 => 'mdash', 152 => 'tilde', 153 => 'trade', 154 => 'scaron', 155 => 'rsaquo', 156 => 'oelig', 159 => 'Yuml');


        $new_text = '';


        for($i = 0; $i < strlen($text); $i++) {


            $num = ord($text {


                $i }


            );


            if (array_key_exists($num, $entities)) {


                switch ($num) {


                    case 150:


                    $new_text .= '-';


                    break;


                    default:


                    $new_text .= '&'.$entities[$num].';';


                }


            }


            else


                if ($num < 127 || $num > 159) {


                $new_text .= htmlentities($text {


                    $i }


                );


            }


        }


        $new_text = ereg_replace("  +", " ", $new_text);


        ## remove double spaces.


        return $new_text;


    }

I tried using get_html_translation_table with array_flip but it didn't seem to work as I expected most of the time.

Posted: Tue Aug 31, 2004 5:26 pm

You lost me, where are you putting that?

Thanks!

Posted: Tue Aug 31, 2004 6:11 pm

I guess with TM and COPY being used so often I'd apply it to both the $title and $hometext.

You can put it in the page or if it has a config file in there or even your mainfile.php if you want.

But anyway just use it like
$title = superhtmlentities($title);

Posted: Wed Sep 01, 2004 12:17 am

This works very well! Just one small change to make it clear the XML validation. Change

Code:

                    $new_text .= '&'.$entities[$num].';';

to

Code:

                    $new_text .= '&amp;'.$entities[$num].';';