6 files changed, 38 insertions, 143 deletions

diff --git a/classes/api.php b/classes/api.php
index ea57a61ab..f0f943698 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -198,14 +198,22 @@ class API extends Handler {
 			$since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]);
 			$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 			$sanitize_content = true;
-
+			$override_order = false;
+			switch ($_REQUEST["order_by"]) {
+				case "date_reverse":
+					$override_order = "date_entered, updated";
+					break;
+				case "feed_dates":
+					$override_order = "updated DESC";
+					break;
+			}
 			/* do not rely on params below */
 
 			$search = db_escape_string($this->link, $_REQUEST["search"]);
 			$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]);
 
 			$headlines = $this->api_get_headlines($this->link, $feed_id, $limit, $offset,
-				$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
+				$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
 				$include_attachments, $since_id, $search, $search_mode,
 				$include_nested, $sanitize_content);
 
diff --git a/classes/opml.php b/classes/opml.php
index 4c188de5e..7a49f757c 100644
--- a/classes/opml.php
+++ b/classes/opml.php
@@ -253,13 +253,13 @@ class Opml extends Handler_Protected {
 	private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
 		$attrs = $node->attributes;
 
-		$feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
-		if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
+		$feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
+		if (!$feed_title) $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
 
-		$feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
-		if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue);
+		$feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
+		if (!$feed_url) $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
 
-		$site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue);
+		$site_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
 
 		if ($feed_url && $feed_title) {
 			$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
@@ -386,10 +386,10 @@ class Opml extends Handler_Protected {
 		$default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
 
 		if ($root_node) {
-			$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue);
+			$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
 
 			if (!$cat_title)
-				$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue);
+				$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
 
 			if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
 				$cat_id = get_feed_category($this->link, $cat_title, $parent_id);
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 46c3d083b..eda03d126 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -1279,6 +1279,8 @@ class Pref_Feeds extends Handler_Protected {
 			dojoType=\"dijit.MenuItem\">".__('Reset sort order')."</div>";
 		print "<div onclick=\"batchSubscribe()\"
 			dojoType=\"dijit.MenuItem\">".__('Batch subscribe')."</div>";
+		print "<div dojoType=\"dijit.MenuItem\" onclick=\"removeSelectedFeeds()\">"
+			.__('Unsubscribe')."</div> ";
 		print "</div></div>";
 
 		if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
@@ -1287,8 +1289,6 @@ class Pref_Feeds extends Handler_Protected {
 			print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
 			print "<div onclick=\"createCategory()\"
 				dojoType=\"dijit.MenuItem\">".__('Add category')."</div>";
-			print "<div onclick=\"toggleHiddenFeedCats()\"
-				dojoType=\"dijit.MenuItem\">".__('(Un)hide empty categories')."</div>";
 			print "<div onclick=\"resetCatOrder()\"
 				dojoType=\"dijit.MenuItem\">".__('Reset sort order')."</div>";
 			print "<div onclick=\"removeSelectedCategories()\"
@@ -1300,8 +1300,8 @@ class Pref_Feeds extends Handler_Protected {
 		print $error_button;
 		print $inactive_button;
 
-		print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedFeeds()\">"
-			.__('Unsubscribe')."</button dojoType=\"dijit.form.Button\"> ";
+		print "<button onclick=\"toggleHiddenFeedCats()\"
+			dojoType=\"dijit.form.Button\">".__('(Un)hide empty categories')."</button>";
 
 		if (defined('_ENABLE_FEED_DEBUGGING')) {
 
diff --git a/include/functions.php b/include/functions.php
index a559ed1da..c04e6a81a 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -3406,6 +3406,8 @@
 			$parent_insert = "NULL";
 		}
 
+		$feed_cat = mb_substr($feed_cat, 0, 250);
+
 		$result = db_query($link,
 			"SELECT id FROM ttrss_feed_categories
 			WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
@@ -3934,121 +3936,9 @@
 	}
 
 	if (!function_exists('gzdecode')) {
-		/* function gzdecode($string) { // no support for 2nd argument
+		function gzdecode($string) { // no support for 2nd argument
 			return file_get_contents('compress.zlib://data:who/cares;base64,'.
 				base64_encode($string));
-		} */
-
-
-		function gzdecode($data, &$filename = '', &$error = '', $maxlength = null) {
-		    $len = strlen($data);
-		    if ($len < 18 || strcmp(substr($data,0,2),"\x1f\x8b")) {
-		        $error = "Not in GZIP format.";
-		        return null;  // Not GZIP format (See RFC 1952)
-		    }
-		    $method = ord(substr($data,2,1));  // Compression method
-		    $flags  = ord(substr($data,3,1));  // Flags
-		    if ($flags & 31 != $flags) {
-		        $error = "Reserved bits not allowed.";
-		        return null;
-		    }
-		    // NOTE: $mtime may be negative (PHP integer limitations)
-		    $mtime = unpack("V", substr($data,4,4));
-		    $mtime = $mtime[1];
-		    $xfl   = substr($data,8,1);
-		    $os    = substr($data,8,1);
-		    $headerlen = 10;
-		    $extralen  = 0;
-		    $extra     = "";
-		    if ($flags & 4) {
-		        // 2-byte length prefixed EXTRA data in header
-		        if ($len - $headerlen - 2 < 8) {
-		            return false;  // invalid
-		        }
-		        $extralen = unpack("v",substr($data,8,2));
-		        $extralen = $extralen[1];
-		        if ($len - $headerlen - 2 - $extralen < 8) {
-		            return false;  // invalid
-		        }
-		        $extra = substr($data,10,$extralen);
-		        $headerlen += 2 + $extralen;
-		    }
-		    $filenamelen = 0;
-		    $filename = "";
-		    if ($flags & 8) {
-		        // C-style string
-		        if ($len - $headerlen - 1 < 8) {
-		            return false; // invalid
-		        }
-		        $filenamelen = strpos(substr($data,$headerlen),chr(0));
-		        if ($filenamelen === false || $len - $headerlen - $filenamelen - 1 < 8) {
-		            return false; // invalid
-		        }
-		        $filename = substr($data,$headerlen,$filenamelen);
-		        $headerlen += $filenamelen + 1;
-		    }
-		    $commentlen = 0;
-		    $comment = "";
-		    if ($flags & 16) {
-		        // C-style string COMMENT data in header
-		        if ($len - $headerlen - 1 < 8) {
-		            return false;    // invalid
-		        }
-		        $commentlen = strpos(substr($data,$headerlen),chr(0));
-		        if ($commentlen === false || $len - $headerlen - $commentlen - 1 < 8) {
-		            return false;    // Invalid header format
-		        }
-		        $comment = substr($data,$headerlen,$commentlen);
-		        $headerlen += $commentlen + 1;
-		    }
-		    $headercrc = "";
-		    if ($flags & 2) {
-		        // 2-bytes (lowest order) of CRC32 on header present
-		        if ($len - $headerlen - 2 < 8) {
-		            return false;    // invalid
-		        }
-		        $calccrc = crc32(substr($data,0,$headerlen)) & 0xffff;
-		        $headercrc = unpack("v", substr($data,$headerlen,2));
-		        $headercrc = $headercrc[1];
-		        if ($headercrc != $calccrc) {
-		            $error = "Header checksum failed.";
-		            return false;    // Bad header CRC
-		        }
-		        $headerlen += 2;
-		    }
-		    // GZIP FOOTER
-		    $datacrc = unpack("V",substr($data,-8,4));
-		    $datacrc = sprintf('%u',$datacrc[1] & 0xFFFFFFFF);
-		    $isize = unpack("V",substr($data,-4));
-		    $isize = $isize[1];
-		    // decompression:
-		    $bodylen = $len-$headerlen-8;
-		    if ($bodylen < 1) {
-		        // IMPLEMENTATION BUG!
-		        return null;
-		    }
-		    $body = substr($data,$headerlen,$bodylen);
-		    $data = "";
-		    if ($bodylen > 0) {
-		        switch ($method) {
-		        case 8:
-		            // Currently the only supported compression method:
-		            $data = gzinflate($body,$maxlength);
-		            break;
-		        default:
-		            $error = "Unknown compression method.";
-		            return false;
-		        }
-		    }  // zero-byte body content is allowed
-		    // Verifiy CRC32
-		    $crc   = sprintf("%u",crc32($data));
-		    $crcOK = $crc == $datacrc;
-		    $lenOK = $isize == strlen($data);
-		    if (!$lenOK || !$crcOK) {
-		        $error = ( $lenOK ? '' : 'Length check FAILED. ') . ( $crcOK ? '' : 'Checksum FAILED.');
-		        return false;
-		    }
-		    return $data;
 		}
 	}
 
diff --git a/index.php b/index.php
index ac2762f7f..3b905d1b1 100644
--- a/index.php
+++ b/index.php
@@ -201,15 +201,15 @@
 
 		</form>
 
-		<?php
-			global $pluginhost;
-			foreach ($pluginhost->get_hooks($pluginhost::HOOK_TOOLBAR_BUTTON) as $p) {
-				 echo $p->hook_toolbar_button();
-			}
-		?>
-
 		<div class="actionChooser">
 
+			<?php
+				global $pluginhost;
+				foreach ($pluginhost->get_hooks($pluginhost::HOOK_TOOLBAR_BUTTON) as $p) {
+					 echo $p->hook_toolbar_button();
+				}
+			?>
+
 			<button id="net-alert" dojoType="dijit.form.Button" style="display : none" disabled="true"
 				title="<?php echo __("Communication problem with server.") ?>">
 			<img
diff --git a/plugins/import_export/init.php b/plugins/import_export/init.php
index 5a3051edb..ab47288b3 100644
--- a/plugins/import_export/init.php
+++ b/plugins/import_export/init.php
@@ -9,7 +9,7 @@ class Import_Export extends Plugin implements IHandler {
 		$this->host = $host;
 
 		$host->add_hook($host::HOOK_PREFS_TAB, $this);
-		$host->add_command("xml-import", "USER FILE: import articles from XML", $this);
+		$host->add_command("xml-import", "import articles from XML", $this, ":", "FILE");
 	}
 
 	function about() {
@@ -19,21 +19,18 @@ class Import_Export extends Plugin implements IHandler {
 	}
 
 	function xml_import($args) {
-		array_shift($args);
 
-		$username = $args[count($args) - 2];
-		$filename = $args[count($args) - 1];
-
-		if (!$username) {
-			print "error: please specify username.\n";
-			return;
-		}
+		$filename = $args['xml_import'];
 
 		if (!is_file($filename)) {
 			print "error: input filename ($filename) doesn't exist.\n";
 			return;
 		}
 
+		_debug("please enter your username:");
+
+		$username = db_escape_string($this->link, trim(read_stdin()));
+
 		_debug("importing $filename for user $username...\n");
 
 		$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$username'");
@@ -382,7 +379,7 @@ class Import_Export extends Plugin implements IHandler {
 			}
 
 			print "<p>" .
-				vsprintf(__("Finished: ")).
+				__("Finished: ").
 				vsprintf(ngettext("%d article processed, ", "%d articles processed, ", $num_processed), $num_processed).
 				vsprintf(ngettext("%d imported, ", "%d imported, ", $num_imported), $num_imported).
 				vsprintf(ngettext("%d feed created.", "%d feeds created.", $num_feeds_created), $num_feeds_created).