diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2018-09-09 13:03:51 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2018-09-09 13:03:51 +0200 |
| commit | 44bd07e506ade204151c276fdc05994d51efdd7a (patch) | |
| tree | 2efe48133d2c874c65a99ae3a6cd92bb0dff4fe8 /p/api/fever.php | |
| parent | 3306a1679c2570c30d4b662c887b4a71ce147398 (diff) | |
| parent | 1802c1e9ae7d3d55a0e37e1cc2e7c0acc25f70ba (diff) | |
Merge pull request #2001 from FreshRSS/dev1.11.2
FreshRSS 1.11.2
Diffstat (limited to 'p/api/fever.php')
| -rw-r--r-- | p/api/fever.php | 23 |
1 files changed, 13 insertions, 10 deletions
diff --git a/p/api/fever.php b/p/api/fever.php index d1482e8a1..55baa6d16 100644 --- a/p/api/fever.php +++ b/p/api/fever.php @@ -69,14 +69,16 @@ class FeverDAO extends Minz_ModelPdo if (!empty($entry_ids)) { $bindEntryIds = $this->bindParamArray('id', $entry_ids, $values); $sql .= " id IN($bindEntryIds)"; - } else if (!empty($max_id)) { + } elseif ($max_id != null) { $sql .= ' id < :id'; $values[':id'] = $max_id; $order = ' ORDER BY id DESC'; - } else { + } elseif ($since_id != null) { $sql .= ' id > :id'; $values[':id'] = $since_id; $order = ' ORDER BY id ASC'; + } else { + $sql .= ' 1=1'; } if (!empty($feed_ids)) { @@ -204,14 +206,14 @@ class FeverAPI $response_arr['saved_item_ids'] = $this->getSavedItemIds(); } - if (isset($_REQUEST['mark'], $_REQUEST['as'], $_REQUEST['id']) && is_numeric($_REQUEST['id'])) { + $id = isset($_REQUEST['id']) ? '' . $_REQUEST['id'] : ''; + if (isset($_REQUEST['mark'], $_REQUEST['as'], $_REQUEST['id']) && ctype_digit($id)) { $method_name = 'set' . ucfirst($_REQUEST['mark']) . 'As' . ucfirst($_REQUEST['as']); $allowedMethods = array( 'setFeedAsRead', 'setGroupAsRead', 'setItemAsRead', 'setItemAsSaved', 'setItemAsUnread', 'setItemAsUnsaved' ); if (in_array($method_name, $allowedMethods)) { - $id = intval($_REQUEST['id']); switch (strtolower($_REQUEST['mark'])) { case 'item': $this->{$method_name}($id); @@ -471,17 +473,18 @@ class FeverAPI if (isset($_REQUEST['max_id'])) { // use the max_id argument to request the previous $item_limit items - if (is_numeric($_REQUEST['max_id'])) { - $max = $_REQUEST['max_id'] > 0 ? intval($_REQUEST['max_id']) : 0; - if ($max) { - $max_id = $max; - } + $max_id = '' . $_REQUEST['max_id']; + if (!ctype_digit($max_id)) { + $max_id = null; } } else if (isset($_REQUEST['with_ids'])) { $entry_ids = explode(',', $_REQUEST['with_ids']); } else { // use the since_id argument to request the next $item_limit items - $since_id = isset($_REQUEST['since_id']) && is_numeric($_REQUEST['since_id']) ? intval($_REQUEST['since_id']) : 0; + $since_id = '' . $_REQUEST['since_id']; + if (!ctype_digit($since_id)) { + $since_id = null; + } } $items = array(); |