remove the subscriblet due to security concerns: no way to prevent CSRF attacks that may add a feed which exploits possible security bugs, fix #48

3 files changed, 0 insertions, 67 deletions

diff --git a/templates/part.settings.php b/templates/part.settings.php
index dd3f0378c..446e45c9d 100644
--- a/templates/part.settings.php
+++ b/templates/part.settings.php
@@ -37,9 +37,4 @@
 		</p>
 
 	</fieldset>
-	<fieldset class="personalblock">
-		<legend><strong><?php p($l->t('Subscribelet')); ?></strong></legend>
-		<p><?php print_unescaped($this->inc('part.subscribelet'));?>
-		</p>
-	</fieldset>
 </div>
\ No newline at end of file
diff --git a/templates/part.subscribelet.php b/templates/part.subscribelet.php
deleted file mode 100644
index 2997edbf2..000000000
--- a/templates/part.subscribelet.php
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<small>
-	<?php p($l->t('Drag this to your browser bookmarks and click on it whenever you want to subscribe to a webpage quickly:')) ?>
-</small>
-<a class="button bookmarklet" 
-   href="javascript:(function() {
-   	var a=window,
-   	    b=document,
-   	    c=encodeURIComponent,
-   	    d=a.open('<?php print_unescaped(\OCP\Util::linkToAbsolute('news', 'subscribe.php'))?>?output=popup&url='+c(b.location),
-   	    			'bkmk_popup','left='+((a.screenX||a.screenLeft)+10)+',
-   	    			 top='+((a.screenY||a.screenTop)+10)+',
-   	    			 height=150px,width=360px,resizable=1,alwaysRaised=1');
-   	    a.setTimeout(function() {
-   	    	d.focus()},300);
-   	    })();">
-	<?php p($l->t('Subscribe')) ?>
-</a>
-
diff --git a/templates/subscribe.php b/templates/subscribe.php
deleted file mode 100644
index 41f00e98e..000000000
--- a/templates/subscribe.php
+++ /dev/null
@@ -1,43 +0,0 @@
-<!DOCTYPE html>
-<html lang="en">
-  <head>
-    <meta charset="utf-8">
-    <title>News - ownCloud</title>
-  </head>
-  <body>
-  	<div class="message">
-	<?php
-
-	// Check if we are a user
-	OCP\User::checkLoggedIn();
-	OCP\App::checkAppEnabled('news');
-	$userid = OCP\USER::getUser();
-
-	$feedurl = isset($_GET['url']) ? $_GET['url'] : null;
-	$feedmapper = new OCA\News\FeedMapper($userid);
-	$feedid = $feedmapper->findIdFromUrl($feedurl);
-
-	$l = OC_L10N::get('news');
-
-	if ($feedid === null) {
-		$feed = OCA\News\Utils::slimFetch($feedurl);
-
-		if ($feed !== null) {
-		      $feedid = $feedmapper->save($feed, 0); //adds in the root folder
-		}
-
-		if($feed === null || !$feedid) {
-			p($l->t('An error occurred'));
-		} else {
-			p($l->t('Nice! You have subscribed to ')) . $feed->getTitle();
-		}
-	}
-	else {
-		p($l->t('You had already subscribed to this feed!'));
-	}
-
-	?>
-	</div>
-	<a href="javascript:self.close()" >Close this window</a>
-  </body>
-</html>