From c8b54ae807f583723748b5a8cebf9925fb288f9d Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 14 Oct 2018 13:48:59 +0200
Subject: Fix MySQL create table feeds (#2047)

https://github.com/FreshRSS/FreshRSS/issues/2042
---
 app/Controllers/userController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 75a4303d6..2f066e25f 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -166,7 +166,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			$entryDAO = FreshRSS_Factory::createEntryDao($this->view->current_user);
 			$this->view->nb_articles = $entryDAO->count();
 
-			$databaseDAO = FreshRSS_Factory::createDatabaseDAO();
+			$databaseDAO = FreshRSS_Factory::createDatabaseDAO($this->view->current_user);
 			$this->view->size_user = $databaseDAO->size();
 		}
 	}
-- 
cgit v1.2.3


From 46510febf18951b05bfc9afbbdbaf7d5cadf96a9 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Sun, 21 Oct 2018 16:33:28 +0200
Subject: Improved flow for password change (#2057)

https://github.com/FreshRSS/FreshRSS/issues/2056
---
 app/Controllers/userController.php | 19 +++++++++++++++----
 1 file changed, 15 insertions(+), 4 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 2f066e25f..95859c92c 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -91,6 +91,10 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	}
 
 	public function updateAction() {
+		if (!FreshRSS_Auth::hasAccess('admin')) {
+			Minz_Error::error(403);
+		}
+
 		if (Minz_Request::isPost()) {
 			$passwordPlain = Minz_Request::param('newPasswordPlain', '', true);
 			Minz_Request::_param('newPasswordPlain');	//Discard plain-text password ASAP
@@ -104,8 +108,12 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			));
 
 			if ($ok) {
-				Minz_Request::good(_t('feedback.user.updated', $username),
-				                   array('c' => 'user', 'a' => 'manage'));
+				$isSelfUpdate = Minz_Session::param('currentUser', '_') === $username;
+				if ($passwordPlain == '' || !$isSelfUpdate) {
+					Minz_Request::good(_t('feedback.user.updated', $username), array('c' => 'user', 'a' => 'manage'));
+				} else {
+					Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index'));
+				}
 			} else {
 				Minz_Request::bad(_t('feedback.user.updated.error', $username),
 				                  array('c' => 'user', 'a' => 'manage'));
@@ -138,8 +146,11 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 			Minz_Session::_param('passwordHash', FreshRSS_Context::$user_conf->passwordHash);
 
 			if ($ok) {
-				Minz_Request::good(_t('feedback.profile.updated'),
-				                   array('c' => 'user', 'a' => 'profile'));
+				if ($passwordPlain == '') {
+					Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'user', 'a' => 'profile'));
+				} else {
+					Minz_Request::good(_t('feedback.profile.updated'), array('c' => 'index', 'a' => 'index'));
+				}
 			} else {
 				Minz_Request::bad(_t('feedback.profile.error'),
 				                  array('c' => 'user', 'a' => 'profile'));
-- 
cgit v1.2.3


From 6a686daafa526d4b0a247d6db407edca540e5083 Mon Sep 17 00:00:00 2001
From: Alexandre Alapetite <alexandre@alapetite.fr>
Date: Wed, 24 Oct 2018 13:07:39 +0200
Subject: Allow dot in username (#2062)

* Allow dot in username

https://github.com/FreshRSS/FreshRSS/issues/2061

* Missing quotes for special chars in PostgreSQL
---
 app/Controllers/userController.php |  2 +-
 app/Models/CategoryDAO.php         |  2 +-
 app/SQL/install.sql.mysql.php      |  2 +-
 app/SQL/install.sql.pgsql.php      | 24 ++++++++++++------------
 app/SQL/install.sql.sqlite.php     |  2 +-
 5 files changed, 16 insertions(+), 16 deletions(-)

(limited to 'app/Controllers/userController.php')

diff --git a/app/Controllers/userController.php b/app/Controllers/userController.php
index 95859c92c..2338c8b2a 100644
--- a/app/Controllers/userController.php
+++ b/app/Controllers/userController.php
@@ -38,7 +38,7 @@ class FreshRSS_user_Controller extends Minz_ActionController {
 	 * The username is also used as folder name, file name, and part of SQL table name.
 	 * '_' is a reserved internal username.
 	 */
-	const USERNAME_PATTERN = '[0-9a-zA-Z_]{2,38}|[0-9a-zA-Z]';
+	const USERNAME_PATTERN = '[0-9a-zA-Z_][0-9a-zA-Z_.]{1,38}|[0-9a-zA-Z]';
 
 	public static function checkUsername($username) {
 		return preg_match('/^' . self::USERNAME_PATTERN . '$/', $username) === 1;
diff --git a/app/Models/CategoryDAO.php b/app/Models/CategoryDAO.php
index 0519fc4c7..ba7eb765e 100644
--- a/app/Models/CategoryDAO.php
+++ b/app/Models/CategoryDAO.php
@@ -158,7 +158,7 @@ class FreshRSS_CategoryDAO extends Minz_ModelPdo implements FreshRSS_Searchable
 			$sql = 'INSERT INTO `' . $this->prefix . 'category`(id, name) VALUES(?, ?)';
 			if (parent::$sharedDbType === 'pgsql') {
 				//Force call to nextval()
-				$sql .= " RETURNING nextval('" . $this->prefix . "category_id_seq');";
+				$sql .= ' RETURNING nextval(\'"' . $this->prefix . 'category_id_seq"\');';
 			}
 			$stm = $this->bd->prepare($sql);
 
diff --git a/app/SQL/install.sql.mysql.php b/app/SQL/install.sql.mysql.php
index 222f7e8a7..1fc7e44d3 100644
--- a/app/SQL/install.sql.mysql.php
+++ b/app/SQL/install.sql.mysql.php
@@ -1,5 +1,5 @@
 <?php
-define('SQL_CREATE_DB', 'CREATE DATABASE IF NOT EXISTS %1$s DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;');
+define('SQL_CREATE_DB', 'CREATE DATABASE IF NOT EXISTS `%1$s` DEFAULT CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;');
 
 define('SQL_CREATE_TABLES', '
 CREATE TABLE IF NOT EXISTS `%1$scategory` (
diff --git a/app/SQL/install.sql.pgsql.php b/app/SQL/install.sql.pgsql.php
index b956ebd2f..e68e6f3be 100644
--- a/app/SQL/install.sql.pgsql.php
+++ b/app/SQL/install.sql.pgsql.php
@@ -1,5 +1,5 @@
 <?php
-define('SQL_CREATE_DB', 'CREATE DATABASE %1$s ENCODING \'UTF8\';');
+define('SQL_CREATE_DB', 'CREATE DATABASE "%1$s" ENCODING \'UTF8\';');
 
 global $SQL_CREATE_TABLES;
 $SQL_CREATE_TABLES = array(
@@ -27,9 +27,9 @@ $SQL_CREATE_TABLES = array(
 	"cache_nbUnreads" INT DEFAULT 0,
 	FOREIGN KEY ("category") REFERENCES "%1$scategory" ("id") ON DELETE SET NULL ON UPDATE CASCADE
 );',
-'CREATE INDEX %1$sname_index ON "%1$sfeed" ("name");',
-'CREATE INDEX %1$spriority_index ON "%1$sfeed" ("priority");',
-'CREATE INDEX %1$skeep_history_index ON "%1$sfeed" ("keep_history");',
+'CREATE INDEX "%1$sname_index" ON "%1$sfeed" ("name");',
+'CREATE INDEX "%1$spriority_index" ON "%1$sfeed" ("priority");',
+'CREATE INDEX "%1$skeep_history_index" ON "%1$sfeed" ("keep_history");',
 
 'CREATE TABLE IF NOT EXISTS "%1$sentry" (
 	"id" BIGINT NOT NULL PRIMARY KEY,
@@ -48,14 +48,14 @@ $SQL_CREATE_TABLES = array(
 	FOREIGN KEY ("id_feed") REFERENCES "%1$sfeed" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
 	UNIQUE ("id_feed","guid")
 );',
-'CREATE INDEX %1$sis_favorite_index ON "%1$sentry" ("is_favorite");',
-'CREATE INDEX %1$sis_read_index ON "%1$sentry" ("is_read");',
-'CREATE INDEX %1$sentry_lastSeen_index ON "%1$sentry" ("lastSeen");',
+'CREATE INDEX "%1$sis_favorite_index" ON "%1$sentry" ("is_favorite");',
+'CREATE INDEX "%1$sis_read_index" ON "%1$sentry" ("is_read");',
+'CREATE INDEX "%1$sentry_lastSeen_index" ON "%1$sentry" ("lastSeen");',
 
 'INSERT INTO "%1$scategory" (id, name)
 	SELECT 1, \'%2$s\'
 	WHERE NOT EXISTS (SELECT id FROM "%1$scategory" WHERE id = 1)
-	RETURNING nextval(\'%1$scategory_id_seq\');',
+	RETURNING nextval(\'"%1$scategory_id_seq"\');',
 );
 
 global $SQL_CREATE_TABLE_ENTRYTMP;
@@ -77,9 +77,9 @@ $SQL_CREATE_TABLE_ENTRYTMP = array(
 	FOREIGN KEY ("id_feed") REFERENCES "%1$sfeed" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
 	UNIQUE ("id_feed","guid")
 );',
-'CREATE INDEX %1$sentrytmp_date_index ON "%1$sentrytmp" ("date");',
+'CREATE INDEX "%1$sentrytmp_date_index" ON "%1$sentrytmp" ("date");',
 
-'CREATE INDEX %1$sentry_feed_read_index ON "%1$sentry" ("id_feed","is_read");',	//v1.7
+'CREATE INDEX "%1$sentry_feed_read_index" ON "%1$sentry" ("id_feed","is_read");',	//v1.7
 );
 
 global $SQL_CREATE_TABLE_TAGS;
@@ -96,7 +96,7 @@ $SQL_CREATE_TABLE_TAGS = array(
 	FOREIGN KEY ("id_tag") REFERENCES "%1$stag" ("id") ON DELETE CASCADE ON UPDATE CASCADE,
 	FOREIGN KEY ("id_entry") REFERENCES "%1$sentry" ("id") ON DELETE CASCADE ON UPDATE CASCADE
 );',
-'CREATE INDEX %1$sentrytag_id_entry_index ON "%1$sentrytag" ("id_entry");',
+'CREATE INDEX "%1$sentrytag_id_entry_index" ON "%1$sentrytag" ("id_entry");',
 );
 
 global $SQL_INSERT_FEEDS;
@@ -109,4 +109,4 @@ $SQL_INSERT_FEEDS = array(
 	WHERE NOT EXISTS (SELECT id FROM "%1$sfeed" WHERE url = \'https://github.com/FreshRSS/FreshRSS/releases.atom\');',
 );
 
-define('SQL_DROP_TABLES', 'DROP TABLE IF EXISTS "%1$sentrytmp", "%1$sentry", "%1$sfeed", "%1$scategory"');
+define('SQL_DROP_TABLES', 'DROP TABLE IF EXISTS "%1$sentrytag", "%1$stag", "%1$sentrytmp", "%1$sentry", "%1$sfeed", "%1$scategory"');
diff --git a/app/SQL/install.sql.sqlite.php b/app/SQL/install.sql.sqlite.php
index 1babe7d86..1dd5f2647 100644
--- a/app/SQL/install.sql.sqlite.php
+++ b/app/SQL/install.sql.sqlite.php
@@ -107,4 +107,4 @@ $SQL_INSERT_FEEDS = array(
 	VALUES ("https://github.com/FreshRSS/FreshRSS/releases.atom", 1, "FreshRSS releases", "https://github.com/FreshRSS/FreshRSS/", "FreshRSS releases @ GitHub", 86400);',
 );
 
-define('SQL_DROP_TABLES', 'DROP TABLE IF EXISTS `entrytmp`, `entry`, `feed`, `category`');
+define('SQL_DROP_TABLES', 'DROP TABLE IF EXISTS `entrytag`, `tag`, `entrytmp`, `entry`, `feed`, `category`');
-- 
cgit v1.2.3