Commit e6532439 authored by Andrew Dolgov's avatar Andrew Dolgov

force strip_tags() on all user input unless explicitly allowed

parent 7c6f7bb0
......@@ -26,7 +26,7 @@ class API extends Handler {
return false;
}
$this->seq = (int) $_REQUEST['seq'];
$this->seq = (int) clean($_REQUEST['seq']);
return true;
}
......@@ -53,9 +53,9 @@ class API extends Handler {
@session_destroy();
@session_start();
$login = $_REQUEST["user"];
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
$login = clean($_REQUEST["user"]);
$password = clean($_REQUEST["password"]);
$password_base64 = base64_decode(clean($_REQUEST["password"]));
if (SINGLE_USER_MODE) $login = "admin";
......@@ -100,8 +100,8 @@ class API extends Handler {
}
function getUnread() {
$feed_id = $_REQUEST["feed_id"];
$is_cat = $_REQUEST["is_cat"];
$feed_id = clean($_REQUEST["feed_id"]);
$is_cat = clean($_REQUEST["is_cat"]);
if ($feed_id) {
$this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
......@@ -116,11 +116,11 @@ class API extends Handler {
}
function getFeeds() {
$cat_id = $_REQUEST["cat_id"];
$unread_only = API::param_to_bool($_REQUEST["unread_only"]);
$limit = (int) $_REQUEST["limit"];
$offset = (int) $_REQUEST["offset"];
$include_nested = API::param_to_bool($_REQUEST["include_nested"]);
$cat_id = clean($_REQUEST["cat_id"]);
$unread_only = API::param_to_bool(clean($_REQUEST["unread_only"]));
$limit = (int) clean($_REQUEST["limit"]);
$offset = (int) clean($_REQUEST["offset"]);
$include_nested = API::param_to_bool(clean($_REQUEST["include_nested"]));
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
......@@ -128,9 +128,9 @@ class API extends Handler {
}
function getCategories() {
$unread_only = API::param_to_bool($_REQUEST["unread_only"]);
$enable_nested = API::param_to_bool($_REQUEST["enable_nested"]);
$include_empty = API::param_to_bool($_REQUEST['include_empty']);
$unread_only = API::param_to_bool(clean($_REQUEST["unread_only"]));
$enable_nested = API::param_to_bool(clean($_REQUEST["enable_nested"]));
$include_empty = API::param_to_bool(clean($_REQUEST['include_empty']));
// TODO do not return empty categories, return Uncategorized and standard virtual cats
......@@ -185,39 +185,39 @@ class API extends Handler {
}
function getHeadlines() {
$feed_id = $_REQUEST["feed_id"];
$feed_id = clean($_REQUEST["feed_id"]);
if ($feed_id != "") {
if (is_numeric($feed_id)) $feed_id = (int) $feed_id;
$limit = (int)$_REQUEST["limit"];
$limit = (int)clean($_REQUEST["limit"]);
if (!$limit || $limit >= 200) $limit = 200;
$offset = (int)$_REQUEST["skip"];
$filter = $_REQUEST["filter"];
$is_cat = API::param_to_bool($_REQUEST["is_cat"]);
$show_excerpt = API::param_to_bool($_REQUEST["show_excerpt"]);
$show_content = API::param_to_bool($_REQUEST["show_content"]);
$offset = (int)clean($_REQUEST["skip"]);
$filter = clean($_REQUEST["filter"]);
$is_cat = API::param_to_bool(clean($_REQUEST["is_cat"]));
$show_excerpt = API::param_to_bool(clean($_REQUEST["show_excerpt"]));
$show_content = API::param_to_bool(clean($_REQUEST["show_content"]));
/* all_articles, unread, adaptive, marked, updated */
$view_mode = $_REQUEST["view_mode"];
$include_attachments = API::param_to_bool($_REQUEST["include_attachments"]);
$since_id = (int)$_REQUEST["since_id"];
$include_nested = API::param_to_bool($_REQUEST["include_nested"]);
$view_mode = clean($_REQUEST["view_mode"]);
$include_attachments = API::param_to_bool(clean($_REQUEST["include_attachments"]));
$since_id = (int)clean($_REQUEST["since_id"]);
$include_nested = API::param_to_bool(clean($_REQUEST["include_nested"]));
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
API::param_to_bool($_REQUEST["sanitize"]);
$force_update = API::param_to_bool($_REQUEST["force_update"]);
$has_sandbox = API::param_to_bool($_REQUEST["has_sandbox"]);
$excerpt_length = (int)$_REQUEST["excerpt_length"];
$check_first_id = (int)$_REQUEST["check_first_id"];
$include_header = API::param_to_bool($_REQUEST["include_header"]);
$force_update = API::param_to_bool(clean($_REQUEST["force_update"]));
$has_sandbox = API::param_to_bool(clean($_REQUEST["has_sandbox"]));
$excerpt_length = (int)clean($_REQUEST["excerpt_length"]);
$check_first_id = (int)clean($_REQUEST["check_first_id"]);
$include_header = API::param_to_bool(clean($_REQUEST["include_header"]));
$_SESSION['hasSandbox'] = $has_sandbox;
$skip_first_id_check = false;
$override_order = false;
switch ($_REQUEST["order_by"]) {
switch (clean($_REQUEST["order_by"])) {
case "title":
$override_order = "ttrss_entries.title, date_entered, updated";
break;
......@@ -232,7 +232,7 @@ class API extends Handler {
/* do not rely on params below */
$search = $_REQUEST["search"];
$search = clean($_REQUEST["search"]);
list($headlines, $headlines_header) = $this->api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
......@@ -250,10 +250,10 @@ class API extends Handler {
}
function updateArticle() {
$article_ids = explode(",", $_REQUEST["article_ids"]);
$mode = (int) $_REQUEST["mode"];
$data = $_REQUEST["data"];
$field_raw = (int)$_REQUEST["field"];
$article_ids = explode(",", clean($_REQUEST["article_ids"]));
$mode = (int) clean($_REQUEST["mode"]);
$data = clean($_REQUEST["data"]);
$field_raw = (int)clean($_REQUEST["field"]);
$field = "";
$set_to = "";
......@@ -321,7 +321,7 @@ class API extends Handler {
function getArticle() {
$article_ids = explode(",", $_REQUEST["article_id"]);
$article_ids = explode(",", clean($_REQUEST["article_id"]));
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
API::param_to_bool($_REQUEST["sanitize"]);
......@@ -407,7 +407,7 @@ class API extends Handler {
}
function updateFeed() {
$feed_id = (int) $_REQUEST["feed_id"];
$feed_id = (int) clean($_REQUEST["feed_id"]);
if (!ini_get("open_basedir")) {
RSSUtils::update_rss_feed($feed_id);
......@@ -417,8 +417,8 @@ class API extends Handler {
}
function catchupFeed() {
$feed_id = $_REQUEST["feed_id"];
$is_cat = $_REQUEST["is_cat"];
$feed_id = clean($_REQUEST["feed_id"]);
$is_cat = clean($_REQUEST["is_cat"]);
Feeds::catchup_feed($feed_id, $is_cat);
......@@ -426,13 +426,13 @@ class API extends Handler {
}
function getPref() {
$pref_name = $_REQUEST["pref_name"];
$pref_name = clean($_REQUEST["pref_name"]);
$this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
}
function getLabels() {
$article_id = (int)$_REQUEST['article_id'];
$article_id = (int)clean($_REQUEST['article_id']);
$rv = array();
......@@ -469,9 +469,9 @@ class API extends Handler {
function setArticleLabel() {
$article_ids = explode(",", $_REQUEST["article_ids"]);
$label_id = (int) $_REQUEST['label_id'];
$assign = API::param_to_bool($_REQUEST['assign']);
$article_ids = explode(",", clean($_REQUEST["article_ids"]));
$label_id = (int) clean($_REQUEST['label_id']);
$assign = API::param_to_bool(clean($_REQUEST['assign']));
$label = Labels::find_caption(Labels::feed_to_label_id($label_id), $_SESSION["uid"]);
......@@ -510,9 +510,9 @@ class API extends Handler {
}
function shareToPublished() {
$title = strip_tags($_REQUEST["title"]);
$url = strip_tags($_REQUEST["url"]);
$content = strip_tags($_REQUEST["content"]);
$title = strip_tags(clean($_REQUEST["title"]));
$url = strip_tags(clean($_REQUEST["url"]));
$content = strip_tags(clean($_REQUEST["content"]));
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
$this->wrap(self::STATUS_OK, array("status" => 'OK'));
......@@ -809,7 +809,7 @@ class API extends Handler {
}
function unsubscribeFeed() {
$feed_id = (int) $_REQUEST["feed_id"];
$feed_id = (int) clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
id = ? AND owner_uid = ?");
......@@ -824,10 +824,10 @@ class API extends Handler {
}
function subscribeToFeed() {
$feed_url = $_REQUEST["feed_url"];
$category_id = (int) $_REQUEST["category_id"];
$login = $_REQUEST["login"];
$password = $_REQUEST["password"];
$feed_url = clean($_REQUEST["feed_url"]);
$category_id = (int) clean($_REQUEST["category_id"]);
$login = clean($_REQUEST["login"]);
$password = clean($_REQUEST["password"]);
if ($feed_url) {
$rc = Feeds::subscribe_to_feed($feed_url, $category_id, $login, $password);
......@@ -839,7 +839,7 @@ class API extends Handler {
}
function getFeedTree() {
$include_empty = API::param_to_bool($_REQUEST['include_empty']);
$include_empty = API::param_to_bool(clean($_REQUEST['include_empty']));
$pf = new Pref_Feeds($_REQUEST);
......
......@@ -8,7 +8,7 @@ class Article extends Handler_Protected {
}
function redirect() {
$id = $_REQUEST['id'];
$id = clean($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = ? AND id = ref_id AND owner_uid = ?
......@@ -28,9 +28,9 @@ class Article extends Handler_Protected {
}
function view() {
$id = $_REQUEST["id"];
$cids = explode(",", $_REQUEST["cids"]);
$mode = $_REQUEST["mode"];
$id = clean($_REQUEST["id"]);
$cids = explode(",", clean($_REQUEST["cids"]));
$mode = clean($_REQUEST["mode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
......@@ -210,7 +210,7 @@ class Article extends Handler_Protected {
print __("Tags for this article (separated by commas):")."<br>";
$param = $_REQUEST['param'];
$param = clean($_REQUEST['param']);
$tags = Article::get_article_tags($param);
......@@ -241,8 +241,8 @@ class Article extends Handler_Protected {
}
function setScore() {
$ids = explode(",", $_REQUEST['id']);
$score = (int)$_REQUEST['score'];
$ids = explode(",", clean($_REQUEST['id']));
$score = (int)clean($_REQUEST['score']);
$ids_qmarks = arr_qmarks($ids);
......@@ -257,7 +257,7 @@ class Article extends Handler_Protected {
}
function getScore() {
$id = $_REQUEST['id'];
$id = clean($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
......@@ -273,9 +273,9 @@ class Article extends Handler_Protected {
function setArticleTags() {
$id = $_REQUEST["id"];
$id = clean($_REQUEST["id"]);
$tags_str = $_REQUEST["tags_str"];
$tags_str = clean($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
$this->pdo->beginTransaction();
......@@ -342,7 +342,7 @@ class Article extends Handler_Protected {
function completeTags() {
$search = $_REQUEST["search"];
$search = clean($_REQUEST["search"]);
$sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = ? AND
......@@ -369,8 +369,8 @@ class Article extends Handler_Protected {
private function labelops($assign) {
$reply = array();
$ids = explode(",", $_REQUEST["ids"]);
$label_id = $_REQUEST["lid"];
$ids = explode(",", clean($_REQUEST["ids"]));
$label_id = clean($_REQUEST["lid"]);
$label = db_escape_string(Labels::find_caption($label_id,
$_SESSION["uid"]));
......
......@@ -84,7 +84,7 @@ class Backend extends Handler {
}
function help() {
$topic = basename($_REQUEST["topic"]);
$topic = basename(clean($_REQUEST["topic"]));
switch ($topic) {
case "main":
......
......@@ -139,7 +139,7 @@ class Handler_Public extends Handler {
$tpl->addBlock('feed');
$tpl->generateOutputToString($tmp);
if (@!$_REQUEST["noxml"]) {
if (@!clean($_REQUEST["noxml"])) {
header("Content-Type: text/xml; charset=utf-8");
} else {
header("Content-Type: text/plain; charset=utf-8");
......@@ -219,8 +219,8 @@ class Handler_Public extends Handler {
}
function getUnread() {
$login = $_REQUEST["login"];
$fresh = $_REQUEST["fresh"] == "1";
$login = clean($_REQUEST["login"]);
$fresh = clean($_REQUEST["fresh"]) == "1";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
$sth->execute([$login]);
......@@ -241,7 +241,7 @@ class Handler_Public extends Handler {
}
function getProfiles() {
$login = $_REQUEST["login"];
$login = clean($_REQUEST["login"]);
$sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title");
......@@ -267,7 +267,7 @@ class Handler_Public extends Handler {
}
function share() {
$uuid = $_REQUEST["key"];
$uuid = clean($_REQUEST["key"]);
$sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = ?");
......@@ -290,19 +290,19 @@ class Handler_Public extends Handler {
}
function rss() {
$feed = $_REQUEST["id"];
$key = $_REQUEST["key"];
$is_cat = $_REQUEST["is_cat"];
$limit = (int)$_REQUEST["limit"];
$offset = (int)$_REQUEST["offset"];
$feed = clean($_REQUEST["id"]);
$key = clean($_REQUEST["key"]);
$is_cat = clean($_REQUEST["is_cat"]);
$limit = (int)clean($_REQUEST["limit"]);
$offset = (int)clean($_REQUEST["offset"]);
$search = $_REQUEST["q"];
$view_mode = $_REQUEST["view-mode"];
$order = $_REQUEST["order"];
$start_ts = $_REQUEST["ts"];
$search = clean($_REQUEST["q"]);
$view_mode = clean($_REQUEST["view-mode"]);
$order = clean($_REQUEST["order"]);
$start_ts = clean($_REQUEST["ts"]);
$format = $_REQUEST['format'];
$orig_guid = $_REQUEST["orig_guid"];
$format = clean($_REQUEST['format']);
$orig_guid = clean($_REQUEST["orig_guid"]);
if (!$format) $format = 'atom';
......@@ -359,16 +359,16 @@ class Handler_Public extends Handler {
print "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
</head><body id='sharepopup' class='ttrss_utility'>";
$action = $_REQUEST["action"];
$action = clean($_REQUEST["action"]);
if ($_SESSION["uid"]) {
if ($action == 'share') {
$title = strip_tags($_REQUEST["title"]);
$url = strip_tags($_REQUEST["url"]);
$content = strip_tags($_REQUEST["content"]);
$labels = strip_tags($_REQUEST["labels"]);
$title = strip_tags(clean($_REQUEST["title"]));
$url = strip_tags(clean($_REQUEST["url"]));
$content = strip_tags(clean($_REQUEST["content"]));
$labels = strip_tags(clean($_REQUEST["labels"]));
Article::create_published_article($title, $url, $content, $labels,
$_SESSION["uid"]);
......@@ -378,8 +378,8 @@ class Handler_Public extends Handler {
print "</script>";
} else {
$title = htmlspecialchars($_REQUEST["title"]);
$url = htmlspecialchars($_REQUEST["url"]);
$title = htmlspecialchars(clean($_REQUEST["title"]));
$url = htmlspecialchars(clean($_REQUEST["url"]));
?>
......@@ -466,9 +466,9 @@ class Handler_Public extends Handler {
function login() {
if (!SINGLE_USER_MODE) {
$login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
$login = clean($_POST["login"]);
$password = clean($_POST["password"]);
$remember_me = clean($_POST["remember_me"]);
if ($remember_me) {
session_set_cookie_params(SESSION_COOKIE_LIFETIME);
......@@ -486,11 +486,11 @@ class Handler_Public extends Handler {
}
$_SESSION["ref_schema_version"] = get_schema_version(true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
$_SESSION["bw_limit"] = !!clean($_POST["bw_limit"]);
if ($_POST["profile"]) {
if (clean($_POST["profile"])) {
$profile = $_POST["profile"];
$profile = clean($_POST["profile"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
WHERE id = ? AND owner_uid = ?");
......@@ -505,8 +505,8 @@ class Handler_Public extends Handler {
user_error("Failed login attempt for $login from {$_SERVER['REMOTE_ADDR']}", E_USER_WARNING);
}
if ($_REQUEST['return']) {
header("Location: " . $_REQUEST['return']);
if (clean($_REQUEST['return'])) {
header("Location: " . clean($_REQUEST['return']));
} else {
header("Location: " . get_self_url_prefix());
}
......@@ -516,7 +516,7 @@ class Handler_Public extends Handler {
/* function subtest() {
header("Content-type: text/plain; charset=utf-8");
$url = $_REQUEST["url"];
$url = clean($_REQUEST["url"]);
print "$url\n\n";
......@@ -532,7 +532,7 @@ class Handler_Public extends Handler {
if ($_SESSION["uid"]) {
$feed_url = trim($_REQUEST["feed_url"]);
$feed_url = trim(clean($_REQUEST["feed_url"]));
header('Content-Type: text/html; charset=utf-8');
print "<html>
......@@ -638,7 +638,7 @@ class Handler_Public extends Handler {
function forgotpass() {
startup_gettext();
@$hash = $_REQUEST["hash"];
@$hash = clean($_REQUEST["hash"]);
header('Content-Type: text/html; charset=utf-8');
print "<html><head><title>Tiny Tiny RSS</title>
......@@ -656,10 +656,10 @@ class Handler_Public extends Handler {
print "<h1>".__("Password recovery")."</h1>";
print "<div class='content'>";
@$method = $_POST['method'];
@$method = clean($_POST['method']);
if ($hash) {
$login = $_REQUEST["login"];
$login = clean($_REQUEST["login"]);
if ($login) {
$sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
......@@ -725,9 +725,9 @@ class Handler_Public extends Handler {
print "</form>";
} else if ($method == 'do') {
$login = $_POST["login"];
$email = $_POST["email"];
$test = $_POST["test"];
$login = clean($_POST["login"]);
$email = clean($_POST["email"]);
$test = clean($_POST["test"]);
if (($test != 4 && $test != 'four') || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.'));
......@@ -852,7 +852,7 @@ class Handler_Public extends Handler {
<div class="content">
<?php
@$op = $_REQUEST["subop"];
@$op = clean($_REQUEST["subop"]);
$updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION);
if ($op == "performupdate") {
......@@ -968,8 +968,8 @@ class Handler_Public extends Handler {
public function pluginhandler() {
$host = new PluginHost();
$plugin = basename($_REQUEST["plugin"]);
$method = $_REQUEST["pmethod"];
$plugin = basename(clean($_REQUEST["plugin"]));
$method = clean($_REQUEST["pmethod"]);
$host->load($plugin, PluginHost::KIND_USER, 0);
$host->load_data();
......
......@@ -5,7 +5,7 @@ class PluginHandler extends Handler_Protected {
}
function catchall($method) {
$plugin = PluginHost::getInstance()->get_plugin($_REQUEST["plugin"]);
$plugin = PluginHost::getInstance()->get_plugin(clean($_REQUEST["plugin"]));
if ($plugin) {
if (method_exists($plugin, $method)) {
......
......@@ -17,8 +17,8 @@ class Pref_Feeds extends Handler_Protected {
}
function renamecat() {
$title = $_REQUEST['title'];
$id = $_REQUEST['id'];
$title = clean($_REQUEST['title']);
$id = clean($_REQUEST['id']);
if ($title) {
$sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
......@@ -29,14 +29,14 @@ class Pref_Feeds extends Handler_Protected {
private function get_category_items($cat_id) {
if ($_REQUEST['mode'] != 2)
if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
// first one is set by API
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search);
$show_empty_cats = clean($_REQUEST['force_show_empty']) ||
(clean($_REQUEST['mode']) != 2 && !$search);
$items = array();
......@@ -103,7 +103,7 @@ class Pref_Feeds extends Handler_Protected {
function makefeedtree() {
if ($_REQUEST['mode'] != 2)
if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
......@@ -116,7 +116,7 @@ class Pref_Feeds extends Handler_Protected {
$enable_cats = get_pref('ENABLE_FEED_CATS');
if ($_REQUEST['mode'] == 2) {
if (clean($_REQUEST['mode']) == 2) {
if ($enable_cats) {
$cat = $this->feedlist_init_cat(-1);
......@@ -193,8 +193,8 @@ class Pref_Feeds extends Handler_Protected {
}
if ($enable_cats) {
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search);
$show_empty_cats = clean($_REQUEST['force_show_empty']) ||
(clean($_REQUEST['mode']) != 2 && !$search);
$sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
......@@ -303,7 +303,7 @@ class Pref_Feeds extends Handler_Protected {
$fl['identifier'] = 'id';
$fl['label'] = 'name';
if ($_REQUEST['mode'] != 2) {
if (clean($_REQUEST['mode']) != 2) {
$fl['items'] = array($root);
} else {
$fl['items'] = $root['items'];
......@@ -389,9 +389,9 @@ class Pref_Feeds extends Handler_Protected {
}
function savefeedorder() {
$data = json_decode($_POST['payload'], true);
$data = json_decode(clean($_POST['payload']), true);
#file_put_contents("/tmp/saveorder.json", $_POST['payload']);
#file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
......@@ -425,7 +425,7 @@ class Pref_Feeds extends Handler_Protected {
}
function removeicon() {
$feed_id = $_REQUEST["feed_id"];
$feed_id = clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
WHERE id = ? AND owner_uid = ?");
......@@ -457,7 +457,7 @@ class Pref_Feeds extends Handler_Protected {
}
$icon_file = $tmp_file;
$feed_id = $_REQUEST["feed_id"];
$feed_id = clean($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 65535) {
......@@ -500,7 +500,7 @@ class Pref_Feeds extends Handler_Protected {
global $update_intervals;
$feed_id = $_REQUEST["id"];
$feed_id = clean($_REQUEST["id"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
owner_uid = ?");
......@@ -775,7 +775,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
$feed_ids = $_REQUEST["ids"];
$feed_ids = clean($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
......@@ -924,32 +924,32 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
$feed_title = trim($_POST["title"]);
$feed_url = trim($_POST["feed_url"]);
$upd_intl = (int) $_POST["update_interval"];
$purge_intl = (int) $_POST["purge_interval"];
$feed_id = (int) $_POST["id"]; /* editSave */
$feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */
$cat_id = (int) $_POST["cat_id"];
$auth_login = trim($_POST["auth_login"]);
$auth_pass = trim($_POST["auth_pass"]);
$private = checkbox_to_sql_bool($_POST["private"]);