Merge branch 'release' into bug-1131
[cacert-devel.git] / pages / index / 0.php
index 7ee2286..6cca117 100644 (file)
 */ ?>
 <h3><?=_("Are you new to CAcert?")?></h3>
 
-<p><?=sprintf(_("If you want to have free certificates issued to you, join the %s CAcert Community %s."),"<a href=\"https://www.cacert.org/index.php?id=1\">","</a>")?></p>
+<p><?=_("CAcert.org is a community-driven Certificate Authority that issues certificates to the public at large for free.")?></p>
+
+<p><?=_("CAcert's goal is to promote awareness and education on computer security through the use of encryption, specifically by providing cryptographic certificates. These certificates can be used to digitally sign and encrypt email, authenticate and authorize users connecting to websites and secure data transmission over the internet. Any application that supports the Secure Socket Layer Protocol (SSL or TLS) can make use of certificates signed by CAcert, as can any application that uses X.509 certificates, e.g. for encryption or code signing and document signatures.")?></p>
+
+<p><?=sprintf(_("If you want to have free certificates issued to you, %s join the CAcert Community %s."),'<a href="https://www.cacert.org/index.php?id=1">', '</a>')?></p>
 
 <p><?=sprintf(_("If you want to use certificates issued by CAcert, read the CAcert %s Root Distribution License %s."),'<a href="/policy/RootDistributionLicense.html">',"</a>")?>
 <?=sprintf(_("This license applies to using the CAcert %s root keys %s."),'<a href="/index.php?id=3">','</a>')?></p>
 
 <div class="newsbox">
 <?
-/*
-       $query = "select *, UNIX_TIMESTAMP(`when`) as `TS` from news order by `when` desc limit 5";
-       $res = mysql_query($query);
-       while($row = mysql_fetch_assoc($res))
-       {
-               echo "<p><b>".date("Y-m-d", $row['TS'])."</b> - ".$row['short']."</p>\n";
-               if($row['story'] != "")
-                       echo "<p>[ <a href='news.php?id=".$row['id']."'>"._("Full Story")."</a> ]</p>\n";
-       }
-       if(mysql_num_rows(mysql_query("select * from `news`")) > 2)
-               echo "<p>[ <a href='news.php'>"._("More News Items")."</a> ]</p>";
-*/
-       $rss = "";
-       $open = $items = 0;
-       $fp = @fopen("/www/pages/index/feed.rss", "r");
-       if($fp)
-       {
-               echo '<p id="lnews">'._('Latest News').'</p>';
-
-
-               while(!feof($fp))
-                       $rss .= trim(fgets($fp, 4096));
-               fclose($fp);
-               $rss = str_replace("><", ">\n<", $rss);
-               $lines = explode("\n", $rss);
-               foreach($lines as $line)
-               {
-                       $line = trim($line);
-
-                       if($line != "<item>" && $open == 0)
-                               continue;
-
-                       if($line == "<item>" && $open == 0)
-                       {
-                               $open = 1;
-                               continue;
-                       }
-
-                       if($line == "</item>" && $open == 1)
-                       {
-                               $items++;
-                               if($items >= 3)
-                                       break;
-                               $open == 0;
-                               continue;
-                       }
-                       if(substr($line, 0, 7) == "<title>")
-                               echo "<h3>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 7, -8)))))."</h3>\n";
-                       if(substr($line, 0, 13) == "<description>")
-                               echo "<p>".str_replace("&amp;#", "&#", recode_string("UTF8..html", str_replace("&amp;", "", trim(substr($line, 13, -14)))))."</p>\n";
-                       if(substr($line, 0, 6) == "<link>")
-                               echo "<p>[ <a href='".trim(substr($line, 6, -7))."'>"._("Full Story")."</a> ]</p>\n";
+       printf("<p id='lnews'>%s</p>\n\n",_('Latest News'));
+
+       $xml = "/www/pages/index/feed.rss"; // FIXME: use relative path to allow operation with different document root
+       $dom = new DOMDocument();
+       $dom->preserveWhiteSpace = false;
+       $dom->Load($xml);
+
+       $xpath = new DOMXPath($dom);    //Create an XPath query
+
+       $query = "//channel/item";
+       $items = $xpath->query($query);
+
+       $count = 0;
+       foreach($items as $id => $item) {
+               $query = "./title";
+               $nodeList = $xpath->query($query, $item);
+               $title = recode_string("UTF8..html" , $nodeList->item(0)->nodeValue);
+
+               $query = "./link";
+               $nodeList = $xpath->query($query, $item);
+               $link = htmlspecialchars($nodeList->item(0)->nodeValue);
+
+               $query = "./description";
+               $nodeList = $xpath->query($query, $item);
+               $description = $nodeList->item(0)->nodeValue;
+               // The description may contain HTML entities => convert them
+               $description = html_entity_decode($description, ENT_COMPAT | ENT_HTML401, 'UTF-8');
+               // Description may contain HTML markup and unicode characters => encode them
+               // If we didn't decode and then encode again, (i.e. take the content
+               // as it is in the RSS feed) we might inject harmful markup
+               $description = recode_string("UTF8..html", $description);
+
+               printf("<h3><a href=\"%s\">%s</a></h3>\n", $link, $title);
+               printf("<p>%s</p>\n", nl2br($description));
+
+               $title = '';
+               $description = '';
+               $link = '';
+
+               $count++;
+               if ($count >= 3) {
+                       break;
                }
        }
 ?>
+
 [ <a href="http://blog.CAcert.org/"><?=_('More News Items')?></a> ]
 </div>
 <hr/>
 <br /><br />
 
 <?=_("If you want to participate in CAcert.org, have a look")?> <a href="http://wiki.cacert.org/wiki/HelpingCAcert"><?=_("here")?></a> <?=_("and")?> <a href="http://wiki.cacert.org/wiki/SystemTasks"><?=_("here")?></a>.
-