Merge pull request #2001 from FreshRSS/dev1.11.2

FreshRSS 1.11.2

8 files changed, 30 insertions, 20 deletions

diff --git a/p/api/fever.php b/p/api/fever.php
index d1482e8a1..55baa6d16 100644
--- a/p/api/fever.php
+++ b/p/api/fever.php
@@ -69,14 +69,16 @@ class FeverDAO extends Minz_ModelPdo
 		if (!empty($entry_ids)) {
 			$bindEntryIds = $this->bindParamArray('id', $entry_ids, $values);
 			$sql .= " id IN($bindEntryIds)";
-		} else if (!empty($max_id)) {
+		} elseif ($max_id != null) {
 			$sql .= ' id < :id';
 			$values[':id'] = $max_id;
 			$order = ' ORDER BY id DESC';
-		} else {
+		} elseif ($since_id != null) {
 			$sql .= ' id > :id';
 			$values[':id'] = $since_id;
 			$order = ' ORDER BY id ASC';
+		} else {
+			$sql .= ' 1=1';
 		}
 
 		if (!empty($feed_ids)) {
@@ -204,14 +206,14 @@ class FeverAPI
 			$response_arr['saved_item_ids'] = $this->getSavedItemIds();
 		}
 
-		if (isset($_REQUEST['mark'], $_REQUEST['as'], $_REQUEST['id']) && is_numeric($_REQUEST['id'])) {
+		$id = isset($_REQUEST['id']) ? '' . $_REQUEST['id'] : '';
+		if (isset($_REQUEST['mark'], $_REQUEST['as'], $_REQUEST['id']) && ctype_digit($id)) {
 			$method_name = 'set' . ucfirst($_REQUEST['mark']) . 'As' . ucfirst($_REQUEST['as']);
 			$allowedMethods = array(
 				'setFeedAsRead', 'setGroupAsRead', 'setItemAsRead',
 				'setItemAsSaved', 'setItemAsUnread', 'setItemAsUnsaved'
 			);
 			if (in_array($method_name, $allowedMethods)) {
-				$id = intval($_REQUEST['id']);
 				switch (strtolower($_REQUEST['mark'])) {
 					case 'item':
 						$this->{$method_name}($id);
@@ -471,17 +473,18 @@ class FeverAPI
 
 		if (isset($_REQUEST['max_id'])) {
 			// use the max_id argument to request the previous $item_limit items
-			if (is_numeric($_REQUEST['max_id'])) {
-				$max = $_REQUEST['max_id'] > 0 ? intval($_REQUEST['max_id']) : 0;
-				if ($max) {
-					$max_id = $max;
-				}
+			$max_id = '' . $_REQUEST['max_id'];
+			if (!ctype_digit($max_id)) {
+				$max_id = null;
 			}
 		} else if (isset($_REQUEST['with_ids'])) {
 			$entry_ids = explode(',', $_REQUEST['with_ids']);
 		} else {
 			// use the since_id argument to request the next $item_limit items
-			$since_id = isset($_REQUEST['since_id']) && is_numeric($_REQUEST['since_id']) ? intval($_REQUEST['since_id']) : 0;
+			$since_id = '' . $_REQUEST['since_id'];
+			if (!ctype_digit($since_id)) {
+				$since_id = null;
+			}
 		}
 
 		$items = array();
diff --git a/p/api/greader.php b/p/api/greader.php
index 5ab6c8115..4affc2826 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -176,7 +176,7 @@ function authorizationToUser() {
 }
 
 function clientLogin($email, $pass) {	//http://web.archive.org/web/20130604091042/http://undoc.in/clientLogin.html
-	if (ctype_alnum($email)) {
+	if (FreshRSS_user_Controller::checkUsername($email)) {
 		if (!function_exists('password_verify')) {
 			include_once(LIB_PATH . '/password_compat.php');
 		}
diff --git a/p/f.php b/p/f.php
index 81df8984b..b68109cd5 100644
--- a/p/f.php
+++ b/p/f.php
@@ -28,7 +28,7 @@ $txt_mtime = @filemtime($txt);
 
 header('Content-Type: image/x-icon');
 
-if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (rand(15, 20) * 86400))) {
+if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (mt_rand(15, 20) * 86400))) {
 	if ($txt_mtime == false) {
 		show_default_favicon(1800);
 		exit();
@@ -49,6 +49,6 @@ if ($ico_mtime == false || $ico_mtime < $txt_mtime || ($ico_mtime < time() - (ra
 
 header('Content-Disposition: inline; filename="' . $id . '.ico"');
 
-if (!httpConditional($ico_mtime, rand(14, 21) * 86400, 2)) {
+if (!httpConditional($ico_mtime, mt_rand(14, 21) * 86400, 2)) {
 	readfile($ico);
 }
diff --git a/p/themes/BlueLagoon/BlueLagoon.css b/p/themes/BlueLagoon/BlueLagoon.css
index 186258752..424970501 100644
--- a/p/themes/BlueLagoon/BlueLagoon.css
+++ b/p/themes/BlueLagoon/BlueLagoon.css
@@ -115,6 +115,9 @@ form th {
 }
 
 /*=== Buttons */
+button.as-link[disabled] {
+	color:#555 !important;
+}
 
 .dropdown-menu .input select, .dropdown-menu .input input {
     background:#444;
diff --git a/p/themes/Dark/dark.css b/p/themes/Dark/dark.css
index 348b00009..38a78a277 100644
--- a/p/themes/Dark/dark.css
+++ b/p/themes/Dark/dark.css
@@ -113,6 +113,9 @@ form th {
 }
 
 /*=== Buttons */
+button.as-link[disabled] {
+	color:#445 !important;
+}
 .stick {
 	vertical-align: middle;
 	font-size: 0;
diff --git a/p/themes/Origine-compact/origine-compact.css b/p/themes/Origine-compact/origine-compact.css
index 8447e2486..26129415a 100644
--- a/p/themes/Origine-compact/origine-compact.css
+++ b/p/themes/Origine-compact/origine-compact.css
@@ -1,11 +1,5 @@
 @charset "UTF-8";
 
-/*=== FONTS */
-@font-face {
-	font-family: "OpenSans";
-	src: url("../fonts/openSans.woff") format("woff");
-}
-
 /*=== GENERAL */
 /*============*/
 html, body {
diff --git a/p/themes/Screwdriver/screwdriver.css b/p/themes/Screwdriver/screwdriver.css
index 969695f13..a142c3860 100644
--- a/p/themes/Screwdriver/screwdriver.css
+++ b/p/themes/Screwdriver/screwdriver.css
@@ -115,6 +115,9 @@ form th {
 }
 
 /*=== Buttons */
+button.as-link[disabled] {
+	color:#555 !important;
+}
 
 .dropdown-menu .input select, .dropdown-menu .input input {
     background:#444;
diff --git a/p/themes/base-theme/template.css b/p/themes/base-theme/template.css
index 9b8ad902b..26143a5d5 100644
--- a/p/themes/base-theme/template.css
+++ b/p/themes/base-theme/template.css
@@ -118,6 +118,9 @@ button.as-link:active {
 	font-size: 1.1em;
 	text-align: left;
 }
+button.as-link[disabled] {
+	color:#DDD !important;
+}
 
 /*=== Tables */
 table {
@@ -630,7 +633,8 @@ br + br + br {
 #bigMarkAsRead {
 	display: block;
 	width: 100%;
-	padding: 1em 0;
+	padding: 1em 0 100% 0;
+	padding: 1em 0 100vh 0;
 	text-align: center;
 	font-size: 1.4em;
 }