diff --git a/classes/api.php b/classes/api.php
index c28d36524..4c321d77e 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -26,7 +26,7 @@ class API extends Handler {
return false;
}
- $this->seq = (int) $_REQUEST['seq'];
+ $this->seq = (int) clean($_REQUEST['seq']);
return true;
}
@@ -53,9 +53,9 @@ class API extends Handler {
@session_destroy();
@session_start();
- $login = $_REQUEST["user"];
- $password = $_REQUEST["password"];
- $password_base64 = base64_decode($_REQUEST["password"]);
+ $login = clean($_REQUEST["user"]);
+ $password = clean($_REQUEST["password"]);
+ $password_base64 = base64_decode(clean($_REQUEST["password"]));
if (SINGLE_USER_MODE) $login = "admin";
@@ -100,8 +100,8 @@ class API extends Handler {
}
function getUnread() {
- $feed_id = $_REQUEST["feed_id"];
- $is_cat = $_REQUEST["is_cat"];
+ $feed_id = clean($_REQUEST["feed_id"]);
+ $is_cat = clean($_REQUEST["is_cat"]);
if ($feed_id) {
$this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
@@ -116,11 +116,11 @@ class API extends Handler {
}
function getFeeds() {
- $cat_id = $_REQUEST["cat_id"];
- $unread_only = API::param_to_bool($_REQUEST["unread_only"]);
- $limit = (int) $_REQUEST["limit"];
- $offset = (int) $_REQUEST["offset"];
- $include_nested = API::param_to_bool($_REQUEST["include_nested"]);
+ $cat_id = clean($_REQUEST["cat_id"]);
+ $unread_only = API::param_to_bool(clean($_REQUEST["unread_only"]));
+ $limit = (int) clean($_REQUEST["limit"]);
+ $offset = (int) clean($_REQUEST["offset"]);
+ $include_nested = API::param_to_bool(clean($_REQUEST["include_nested"]));
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
@@ -128,9 +128,9 @@ class API extends Handler {
}
function getCategories() {
- $unread_only = API::param_to_bool($_REQUEST["unread_only"]);
- $enable_nested = API::param_to_bool($_REQUEST["enable_nested"]);
- $include_empty = API::param_to_bool($_REQUEST['include_empty']);
+ $unread_only = API::param_to_bool(clean($_REQUEST["unread_only"]));
+ $enable_nested = API::param_to_bool(clean($_REQUEST["enable_nested"]));
+ $include_empty = API::param_to_bool(clean($_REQUEST['include_empty']));
// TODO do not return empty categories, return Uncategorized and standard virtual cats
@@ -185,39 +185,39 @@ class API extends Handler {
}
function getHeadlines() {
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
if ($feed_id != "") {
if (is_numeric($feed_id)) $feed_id = (int) $feed_id;
- $limit = (int)$_REQUEST["limit"];
+ $limit = (int)clean($_REQUEST["limit"]);
if (!$limit || $limit >= 200) $limit = 200;
- $offset = (int)$_REQUEST["skip"];
- $filter = $_REQUEST["filter"];
- $is_cat = API::param_to_bool($_REQUEST["is_cat"]);
- $show_excerpt = API::param_to_bool($_REQUEST["show_excerpt"]);
- $show_content = API::param_to_bool($_REQUEST["show_content"]);
+ $offset = (int)clean($_REQUEST["skip"]);
+ $filter = clean($_REQUEST["filter"]);
+ $is_cat = API::param_to_bool(clean($_REQUEST["is_cat"]));
+ $show_excerpt = API::param_to_bool(clean($_REQUEST["show_excerpt"]));
+ $show_content = API::param_to_bool(clean($_REQUEST["show_content"]));
/* all_articles, unread, adaptive, marked, updated */
- $view_mode = $_REQUEST["view_mode"];
- $include_attachments = API::param_to_bool($_REQUEST["include_attachments"]);
- $since_id = (int)$_REQUEST["since_id"];
- $include_nested = API::param_to_bool($_REQUEST["include_nested"]);
+ $view_mode = clean($_REQUEST["view_mode"]);
+ $include_attachments = API::param_to_bool(clean($_REQUEST["include_attachments"]));
+ $since_id = (int)clean($_REQUEST["since_id"]);
+ $include_nested = API::param_to_bool(clean($_REQUEST["include_nested"]));
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
API::param_to_bool($_REQUEST["sanitize"]);
- $force_update = API::param_to_bool($_REQUEST["force_update"]);
- $has_sandbox = API::param_to_bool($_REQUEST["has_sandbox"]);
- $excerpt_length = (int)$_REQUEST["excerpt_length"];
- $check_first_id = (int)$_REQUEST["check_first_id"];
- $include_header = API::param_to_bool($_REQUEST["include_header"]);
+ $force_update = API::param_to_bool(clean($_REQUEST["force_update"]));
+ $has_sandbox = API::param_to_bool(clean($_REQUEST["has_sandbox"]));
+ $excerpt_length = (int)clean($_REQUEST["excerpt_length"]);
+ $check_first_id = (int)clean($_REQUEST["check_first_id"]);
+ $include_header = API::param_to_bool(clean($_REQUEST["include_header"]));
$_SESSION['hasSandbox'] = $has_sandbox;
$skip_first_id_check = false;
$override_order = false;
- switch ($_REQUEST["order_by"]) {
+ switch (clean($_REQUEST["order_by"])) {
case "title":
$override_order = "ttrss_entries.title, date_entered, updated";
break;
@@ -232,7 +232,7 @@ class API extends Handler {
/* do not rely on params below */
- $search = $_REQUEST["search"];
+ $search = clean($_REQUEST["search"]);
list($headlines, $headlines_header) = $this->api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
@@ -250,10 +250,10 @@ class API extends Handler {
}
function updateArticle() {
- $article_ids = explode(",", $_REQUEST["article_ids"]);
- $mode = (int) $_REQUEST["mode"];
- $data = $_REQUEST["data"];
- $field_raw = (int)$_REQUEST["field"];
+ $article_ids = explode(",", clean($_REQUEST["article_ids"]));
+ $mode = (int) clean($_REQUEST["mode"]);
+ $data = clean($_REQUEST["data"]);
+ $field_raw = (int)clean($_REQUEST["field"]);
$field = "";
$set_to = "";
@@ -321,7 +321,7 @@ class API extends Handler {
function getArticle() {
- $article_ids = explode(",", $_REQUEST["article_id"]);
+ $article_ids = explode(",", clean($_REQUEST["article_id"]));
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
API::param_to_bool($_REQUEST["sanitize"]);
@@ -407,7 +407,7 @@ class API extends Handler {
}
function updateFeed() {
- $feed_id = (int) $_REQUEST["feed_id"];
+ $feed_id = (int) clean($_REQUEST["feed_id"]);
if (!ini_get("open_basedir")) {
RSSUtils::update_rss_feed($feed_id);
@@ -417,8 +417,8 @@ class API extends Handler {
}
function catchupFeed() {
- $feed_id = $_REQUEST["feed_id"];
- $is_cat = $_REQUEST["is_cat"];
+ $feed_id = clean($_REQUEST["feed_id"]);
+ $is_cat = clean($_REQUEST["is_cat"]);
Feeds::catchup_feed($feed_id, $is_cat);
@@ -426,13 +426,13 @@ class API extends Handler {
}
function getPref() {
- $pref_name = $_REQUEST["pref_name"];
+ $pref_name = clean($_REQUEST["pref_name"]);
$this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
}
function getLabels() {
- $article_id = (int)$_REQUEST['article_id'];
+ $article_id = (int)clean($_REQUEST['article_id']);
$rv = array();
@@ -469,9 +469,9 @@ class API extends Handler {
function setArticleLabel() {
- $article_ids = explode(",", $_REQUEST["article_ids"]);
- $label_id = (int) $_REQUEST['label_id'];
- $assign = API::param_to_bool($_REQUEST['assign']);
+ $article_ids = explode(",", clean($_REQUEST["article_ids"]));
+ $label_id = (int) clean($_REQUEST['label_id']);
+ $assign = API::param_to_bool(clean($_REQUEST['assign']));
$label = Labels::find_caption(Labels::feed_to_label_id($label_id), $_SESSION["uid"]);
@@ -510,9 +510,9 @@ class API extends Handler {
}
function shareToPublished() {
- $title = strip_tags($_REQUEST["title"]);
- $url = strip_tags($_REQUEST["url"]);
- $content = strip_tags($_REQUEST["content"]);
+ $title = strip_tags(clean($_REQUEST["title"]));
+ $url = strip_tags(clean($_REQUEST["url"]));
+ $content = strip_tags(clean($_REQUEST["content"]));
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
$this->wrap(self::STATUS_OK, array("status" => 'OK'));
@@ -809,7 +809,7 @@ class API extends Handler {
}
function unsubscribeFeed() {
- $feed_id = (int) $_REQUEST["feed_id"];
+ $feed_id = (int) clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
id = ? AND owner_uid = ?");
@@ -824,10 +824,10 @@ class API extends Handler {
}
function subscribeToFeed() {
- $feed_url = $_REQUEST["feed_url"];
- $category_id = (int) $_REQUEST["category_id"];
- $login = $_REQUEST["login"];
- $password = $_REQUEST["password"];
+ $feed_url = clean($_REQUEST["feed_url"]);
+ $category_id = (int) clean($_REQUEST["category_id"]);
+ $login = clean($_REQUEST["login"]);
+ $password = clean($_REQUEST["password"]);
if ($feed_url) {
$rc = Feeds::subscribe_to_feed($feed_url, $category_id, $login, $password);
@@ -839,7 +839,7 @@ class API extends Handler {
}
function getFeedTree() {
- $include_empty = API::param_to_bool($_REQUEST['include_empty']);
+ $include_empty = API::param_to_bool(clean($_REQUEST['include_empty']));
$pf = new Pref_Feeds($_REQUEST);
diff --git a/classes/article.php b/classes/article.php
index 62794ddf6..f1271284e 100644
--- a/classes/article.php
+++ b/classes/article.php
@@ -8,7 +8,7 @@ class Article extends Handler_Protected {
}
function redirect() {
- $id = $_REQUEST['id'];
+ $id = clean($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = ? AND id = ref_id AND owner_uid = ?
@@ -28,9 +28,9 @@ class Article extends Handler_Protected {
}
function view() {
- $id = $_REQUEST["id"];
- $cids = explode(",", $_REQUEST["cids"]);
- $mode = $_REQUEST["mode"];
+ $id = clean($_REQUEST["id"]);
+ $cids = explode(",", clean($_REQUEST["cids"]));
+ $mode = clean($_REQUEST["mode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
@@ -210,7 +210,7 @@ class Article extends Handler_Protected {
print __("Tags for this article (separated by commas):")."
";
- $param = $_REQUEST['param'];
+ $param = clean($_REQUEST['param']);
$tags = Article::get_article_tags($param);
@@ -241,8 +241,8 @@ class Article extends Handler_Protected {
}
function setScore() {
- $ids = explode(",", $_REQUEST['id']);
- $score = (int)$_REQUEST['score'];
+ $ids = explode(",", clean($_REQUEST['id']));
+ $score = (int)clean($_REQUEST['score']);
$ids_qmarks = arr_qmarks($ids);
@@ -257,7 +257,7 @@ class Article extends Handler_Protected {
}
function getScore() {
- $id = $_REQUEST['id'];
+ $id = clean($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
@@ -273,9 +273,9 @@ class Article extends Handler_Protected {
function setArticleTags() {
- $id = $_REQUEST["id"];
+ $id = clean($_REQUEST["id"]);
- $tags_str = $_REQUEST["tags_str"];
+ $tags_str = clean($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
$this->pdo->beginTransaction();
@@ -342,7 +342,7 @@ class Article extends Handler_Protected {
function completeTags() {
- $search = $_REQUEST["search"];
+ $search = clean($_REQUEST["search"]);
$sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = ? AND
@@ -369,8 +369,8 @@ class Article extends Handler_Protected {
private function labelops($assign) {
$reply = array();
- $ids = explode(",", $_REQUEST["ids"]);
- $label_id = $_REQUEST["lid"];
+ $ids = explode(",", clean($_REQUEST["ids"]));
+ $label_id = clean($_REQUEST["lid"]);
$label = db_escape_string(Labels::find_caption($label_id,
$_SESSION["uid"]));
diff --git a/classes/backend.php b/classes/backend.php
index c9a595b86..d5d0f5a01 100644
--- a/classes/backend.php
+++ b/classes/backend.php
@@ -84,7 +84,7 @@ class Backend extends Handler {
}
function help() {
- $topic = basename($_REQUEST["topic"]);
+ $topic = basename(clean($_REQUEST["topic"]));
switch ($topic) {
case "main":
diff --git a/classes/handler/public.php b/classes/handler/public.php
index e2df4a3cc..8440bc355 100644
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -139,7 +139,7 @@ class Handler_Public extends Handler {
$tpl->addBlock('feed');
$tpl->generateOutputToString($tmp);
- if (@!$_REQUEST["noxml"]) {
+ if (@!clean($_REQUEST["noxml"])) {
header("Content-Type: text/xml; charset=utf-8");
} else {
header("Content-Type: text/plain; charset=utf-8");
@@ -219,8 +219,8 @@ class Handler_Public extends Handler {
}
function getUnread() {
- $login = $_REQUEST["login"];
- $fresh = $_REQUEST["fresh"] == "1";
+ $login = clean($_REQUEST["login"]);
+ $fresh = clean($_REQUEST["fresh"]) == "1";
$sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
$sth->execute([$login]);
@@ -241,7 +241,7 @@ class Handler_Public extends Handler {
}
function getProfiles() {
- $login = $_REQUEST["login"];
+ $login = clean($_REQUEST["login"]);
$sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title");
@@ -267,7 +267,7 @@ class Handler_Public extends Handler {
}
function share() {
- $uuid = $_REQUEST["key"];
+ $uuid = clean($_REQUEST["key"]);
$sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = ?");
@@ -290,19 +290,19 @@ class Handler_Public extends Handler {
}
function rss() {
- $feed = $_REQUEST["id"];
- $key = $_REQUEST["key"];
- $is_cat = $_REQUEST["is_cat"];
- $limit = (int)$_REQUEST["limit"];
- $offset = (int)$_REQUEST["offset"];
+ $feed = clean($_REQUEST["id"]);
+ $key = clean($_REQUEST["key"]);
+ $is_cat = clean($_REQUEST["is_cat"]);
+ $limit = (int)clean($_REQUEST["limit"]);
+ $offset = (int)clean($_REQUEST["offset"]);
- $search = $_REQUEST["q"];
- $view_mode = $_REQUEST["view-mode"];
- $order = $_REQUEST["order"];
- $start_ts = $_REQUEST["ts"];
+ $search = clean($_REQUEST["q"]);
+ $view_mode = clean($_REQUEST["view-mode"]);
+ $order = clean($_REQUEST["order"]);
+ $start_ts = clean($_REQUEST["ts"]);
- $format = $_REQUEST['format'];
- $orig_guid = $_REQUEST["orig_guid"];
+ $format = clean($_REQUEST['format']);
+ $orig_guid = clean($_REQUEST["orig_guid"]);
if (!$format) $format = 'atom';
@@ -359,16 +359,16 @@ class Handler_Public extends Handler {
print "