From f01c8ec4f1324ed8b68e912220735af96c86883c Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 14:55:55 +0400
Subject: prevent absolutely useless 'exploit' (not really) while editing
 filters (closes #572)

---
 classes/pref/filters.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'classes')

diff --git a/classes/pref/filters.php b/classes/pref/filters.php
index 74a29c619..20abae1d0 100644
--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -372,7 +372,7 @@ class Pref_Filters extends Handler_Protected {
 			WHERE id = ".(int)$rule["filter_type"]);
 		$match_on = db_fetch_result($result, 0, "description");
 
-		return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed);
+		return T_sprintf("%s on %s in %s", strip_tags($rule["reg_exp"]), $match_on, $feed);
 	}
 
 	function printRuleName() {
-- 
cgit v1.2.3-54-g00ecf


From 7873d588227cba4c66e2535b1be631736415ef6f Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 15:32:44 +0400
Subject: implement proper last_marked/last_published feeds for proper sorting
 of published and marked virtual feeds, remove sorting by last_read workaround
 api: add pubsubhubbub ping when article is being set published bump schema

---
 classes/api.php               | 23 +++++++++++++++--------
 classes/rpc.php               | 17 +++++++++--------
 include/functions.php         |  8 ++++++--
 include/rssfuncs.php          |  9 +++++++--
 schema/ttrss_schema_mysql.sql |  4 +++-
 schema/ttrss_schema_pgsql.sql |  4 +++-
 schema/versions/mysql/105.sql | 11 +++++++++++
 schema/versions/pgsql/105.sql | 11 +++++++++++
 8 files changed, 65 insertions(+), 22 deletions(-)
 create mode 100644 schema/versions/mysql/105.sql
 create mode 100644 schema/versions/pgsql/105.sql

(limited to 'classes')

diff --git a/classes/api.php b/classes/api.php
index a23f20ae2..1ee620863 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -219,12 +219,15 @@ class API extends Handler {
 		switch ($field_raw) {
 			case 0:
 				$field = "marked";
+				$additional_fields = ",last_marked = NOW()";
 				break;
 			case 1:
 				$field = "published";
+				$additional_fields = ",last_published = NOW()";
 				break;
 			case 2:
 				$field = "unread";
+				$additional_fields = ",last_read = NOW()";
 				break;
 			case 3:
 				$field = "note";
@@ -248,14 +251,7 @@ class API extends Handler {
 
 			$article_ids = join(", ", $article_ids);
 
-			if ($field == "unread") {
-				$result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to,
-					last_read = NOW()
-					WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
-			} else {
-				$result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to
-					WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
-			}
+			$result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
 
 			$num_updated = db_affected_rows($this->link, $result);
 
@@ -268,6 +264,17 @@ class API extends Handler {
 				}
 			}
 
+			if ($num_updated > 0 && $field == "published") {
+				if (PUBSUBHUBBUB_HUB) {
+					$rss_link = get_self_url_prefix() .
+						"/public.php?op=rss&id=-2&key=" .
+						get_feed_access_key($this->link, -2, false);
+
+					$p = new Publisher(PUBSUBHUBBUB_HUB);
+					$pubsub_result = $p->publish_update($rss_link);
+				}
+			}
+
 			print $this->wrap(self::STATUS_OK, array("status" => "OK",
 				"updated" => $num_updated));
 
diff --git a/classes/rpc.php b/classes/rpc.php
index 46c8b0d85..5d77b1ae8 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -140,7 +140,8 @@ class RPC extends Handler_Protected {
 			$mark = "false";
 		}
 
-		$result = db_query($this->link, "UPDATE ttrss_user_entries SET marked = $mark
+		$result = db_query($this->link, "UPDATE ttrss_user_entries SET marked = $mark,
+					last_marked = NOW()
 					WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 
 		print json_encode(array("message" => "UPDATE_COUNTERS"));
@@ -219,7 +220,7 @@ class RPC extends Handler_Protected {
 		}
 
 		$result = db_query($this->link, "UPDATE ttrss_user_entries SET
-			published = $pub, last_read = NOW()
+			published = $pub, last_published = NOW()
 			WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
 
 		$pubsub_result = false;
@@ -779,15 +780,15 @@ class RPC extends Handler_Protected {
 
 		if ($cmode == 0) {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			marked = false,last_read = NOW()
+			marked = false, last_marked = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		} else if ($cmode == 1) {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			marked = true
+			marked = true, last_marked = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		} else {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			marked = NOT marked,last_read = NOW()
+			marked = NOT marked,last_marked = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		}
 	}
@@ -804,15 +805,15 @@ class RPC extends Handler_Protected {
 
 		if ($cmode == 0) {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			published = false,last_read = NOW()
+			published = false,last_published = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		} else if ($cmode == 1) {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			published = true,last_read = NOW()
+			published = true,last_published = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		} else {
 			db_query($link, "UPDATE ttrss_user_entries SET
-			published = NOT published,last_read = NOW()
+			published = NOT published,last_published = NOW()
 			WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
 		}
 
diff --git a/include/functions.php b/include/functions.php
index f17828d1d..bc8d48217 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1,6 +1,6 @@
 <?php
 	define('EXPECTED_CONFIG_VERSION', 26);
-	define('SCHEMA_VERSION', 104);
+	define('SCHEMA_VERSION', 105);
 
 	$fetch_last_error = false;
 	$pluginhost = false;
@@ -2310,6 +2310,8 @@
 				$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
 				$allow_archived = true;
 
+				if (!$override_order) $override_order = "last_marked DESC, updated DESC";
+
 			} else if ($feed == -2) { // published virtual feed OR labels category
 
 				if (!$cat_view) {
@@ -2317,7 +2319,7 @@
 					$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
 					$allow_archived = true;
 
-					if (!$override_order) $override_order = "last_read DESC, updated DESC";
+					if (!$override_order) $override_order = "last_published DESC, updated DESC";
 				} else {
 					$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
 
@@ -2450,6 +2452,7 @@
 						comments,
 						int_id,
 						unread,feed_id,marked,published,link,last_read,orig_feed_id,
+						last_marked, last_published,
 						".SUBSTRING_FOR_DATE."(last_read,1,19) as last_read_noms,
 						$vfeed_query_part
 						$content_query_part
@@ -2492,6 +2495,7 @@
 								"label_cache," .
 								"link," .
 								"last_read," .
+								"last_marked, last_published, " .
 								SUBSTRING_FOR_DATE . "(last_read,1,19) as last_read_noms," .
 								$since_id_part .
 								$vfeed_query_part .
diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index 5c49008c5..a95280a31 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -766,12 +766,17 @@
 							}
 						}
 
+						$last_marked = ($marked == 'true') ? 'NOW()' : 'NULL';
+						$last_published = ($published == 'true') ? 'NOW()' : 'NULL';
+
 						$result = db_query($link,
 							"INSERT INTO ttrss_user_entries
 								(ref_id, owner_uid, feed_id, unread, last_read, marked,
-									published, score, tag_cache, label_cache, uuid)
+								published, score, tag_cache, label_cache, uuid,
+								last_marked, last_published)
 							VALUES ('$ref_id', '$owner_uid', '$feed', $unread,
-								$last_read_qpart, $marked, $published, '$score', '', '', '')");
+								$last_read_qpart, $marked, $published, '$score', '', '',
+								'', $last_marked, $last_published)");
 
 						if (PUBSUBHUBBUB_HUB && $published == 'true') {
 							$rss_link = get_self_url_prefix() .
diff --git a/schema/ttrss_schema_mysql.sql b/schema/ttrss_schema_mysql.sql
index bf02e7b1e..d4873ecb0 100644
--- a/schema/ttrss_schema_mysql.sql
+++ b/schema/ttrss_schema_mysql.sql
@@ -179,6 +179,8 @@ create table ttrss_user_entries (
 	last_read datetime,
 	score int not null default 0,
 	note longtext,
+	last_marked datetime,
+	last_published datetime,
 	unread bool not null default 1,
 	index (ref_id),
 	foreign key (ref_id) references ttrss_entries(id) ON DELETE CASCADE,
@@ -310,7 +312,7 @@ create table ttrss_tags (id integer primary key auto_increment,
 
 create table ttrss_version (schema_version int not null) ENGINE=InnoDB DEFAULT CHARSET=UTF8;
 
-insert into ttrss_version values (104);
+insert into ttrss_version values (105);
 
 create table ttrss_enclosures (id integer primary key auto_increment,
 	content_url text not null,
diff --git a/schema/ttrss_schema_pgsql.sql b/schema/ttrss_schema_pgsql.sql
index e19b8cbc6..5063c4dd8 100644
--- a/schema/ttrss_schema_pgsql.sql
+++ b/schema/ttrss_schema_pgsql.sql
@@ -159,6 +159,8 @@ create table ttrss_user_entries (
 	label_cache text not null,
 	last_read timestamp,
 	score int not null default 0,
+	last_marked timestamp,
+	last_published timestamp,
 	note text,
 	unread boolean not null default true);
 
@@ -258,7 +260,7 @@ create index ttrss_tags_post_int_id_idx on ttrss_tags(post_int_id);
 
 create table ttrss_version (schema_version int not null);
 
-insert into ttrss_version values (104);
+insert into ttrss_version values (105);
 
 create table ttrss_enclosures (id serial not null primary key,
 	content_url text not null,
diff --git a/schema/versions/mysql/105.sql b/schema/versions/mysql/105.sql
new file mode 100644
index 000000000..a96101784
--- /dev/null
+++ b/schema/versions/mysql/105.sql
@@ -0,0 +1,11 @@
+begin;
+
+alter table ttrss_user_entries add column last_marked datetime;
+alter table ttrss_user_entries add column last_published datetime;
+
+update ttrss_user_entries set last_published = last_read where published = true;
+update ttrss_user_entries set last_marked = last_read where marked = true;
+
+update ttrss_version set schema_version = 105;
+
+commit;
diff --git a/schema/versions/pgsql/105.sql b/schema/versions/pgsql/105.sql
new file mode 100644
index 000000000..11ef679f1
--- /dev/null
+++ b/schema/versions/pgsql/105.sql
@@ -0,0 +1,11 @@
+begin;
+
+alter table ttrss_user_entries add column last_marked timestamp;
+alter table ttrss_user_entries add column last_published timestamp;
+
+update ttrss_user_entries set last_published = last_read where published = true;
+update ttrss_user_entries set last_marked = last_read where marked = true;
+
+update ttrss_version set schema_version = 105;
+
+commit;
-- 
cgit v1.2.3-54-g00ecf


From cf2f643edb0a74da8b7f80fda3070843f1dd4cc0 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 16:35:05 +0400
Subject: hlFeed: remove unnecessary br

---
 classes/feeds.php | 6 +++---
 tt-rss.css        | 4 ++--
 2 files changed, 5 insertions(+), 5 deletions(-)

(limited to 'classes')

diff --git a/classes/feeds.php b/classes/feeds.php
index e96aaba30..b5010a05f 100644
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -446,10 +446,10 @@ class Feeds extends Handler_Protected {
 					$reply['content'] .= "<span class=\"hlUpdated\">";
 
 					if (@$line["feed_title"]) {
-							$reply['content'] .= "<span class=\"hlFeed\">
+							$reply['content'] .= "<div class=\"hlFeed\">
 								<a href=\"#\" onclick=\"viewfeed($feed_id)\">".
-								$line["feed_title"]."</a><br/>
-							</span>";
+								$line["feed_title"]."</a>
+							</div>";
 						}
 
 					$reply['content'] .= "$updated_fmt</span>";
diff --git a/tt-rss.css b/tt-rss.css
index 0b7e8ec7e..6c8659e07 100644
--- a/tt-rss.css
+++ b/tt-rss.css
@@ -583,14 +583,14 @@ div.postHeader div {
 	display : none;
 }
 
-span.hlFeed, span.hlFeed a {
+div.hlFeed, div.hlFeed a {
 	font-size : 10px;
 	color : gray;
 	font-style : italic;
 	font-weight : normal;
 }
 
-span.hlFeed a:hover {
+div.hlFeed a:hover {
 	color : #4684ff;
 }
 
-- 
cgit v1.2.3-54-g00ecf


From 9955a134621e75a1490a2cdc75c2a00c23f54507 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 21:04:16 +0400
Subject: properly allow false parameters passed through to API calls (refs
 #576)

---
 classes/api.php       | 18 +++++++++---------
 include/functions.php |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

(limited to 'classes')

diff --git a/classes/api.php b/classes/api.php
index 1ee620863..74464821f 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -109,10 +109,10 @@ class API extends Handler {
 
 	function getFeeds() {
 		$cat_id = db_escape_string($_REQUEST["cat_id"]);
-		$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
+		$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
 		$limit = (int) db_escape_string($_REQUEST["limit"]);
 		$offset = (int) db_escape_string($_REQUEST["offset"]);
-		$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
+		$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 
 		$feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
 
@@ -120,8 +120,8 @@ class API extends Handler {
 	}
 
 	function getCategories() {
-		$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
-		$enable_nested = (bool)db_escape_string($_REQUEST["enable_nested"]);
+		$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
+		$enable_nested = sql_bool_to_bool($_REQUEST["enable_nested"]);
 
 		// TODO do not return empty categories, return Uncategorized and standard virtual cats
 
@@ -180,14 +180,14 @@ class API extends Handler {
 
 			$offset = (int)db_escape_string($_REQUEST["skip"]);
 			$filter = db_escape_string($_REQUEST["filter"]);
-			$is_cat = (bool)db_escape_string($_REQUEST["is_cat"]);
-			$show_excerpt = (bool)db_escape_string($_REQUEST["show_excerpt"]);
-			$show_content = (bool)db_escape_string($_REQUEST["show_content"]);
+			$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
+			$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
+			$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
 			/* all_articles, unread, adaptive, marked, updated */
 			$view_mode = db_escape_string($_REQUEST["view_mode"]);
-			$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
+			$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
 			$since_id = (int)db_escape_string($_REQUEST["since_id"]);
-			$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
+			$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 			$sanitize_content = true;
 
 			/* do not rely on params below */
diff --git a/include/functions.php b/include/functions.php
index 6e48a700a..b43fda3a1 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -852,7 +852,7 @@
 	}
 
 	function sql_bool_to_bool($s) {
-		if ($s == "t" || $s == "1" || $s == "true") {
+		if ($s == "t" || $s == "1" || strtolower($s) == "true") {
 			return true;
 		} else {
 			return false;
-- 
cgit v1.2.3-54-g00ecf