6 files changed, 31 insertions, 33 deletions

diff --git a/classes/api.php b/classes/api.php
index 82d3ce208..f911cd591 100755
--- a/classes/api.php
+++ b/classes/api.php
@@ -17,13 +17,6 @@ class API extends Handler {
 	private $seq;
 
 	/**
-	 * @param mixed $p
-	 */
-	private static function _param_to_bool($p): bool {
-		return $p && ($p !== "f" && $p !== "false");
-	}
-
-	/**
 	 * @param array<int|string, mixed> $reply
 	 */
 	private function _wrap(int $status, array $reply): bool {
@@ -110,7 +103,7 @@ class API extends Handler {
 
 	function getUnread(): bool {
 		$feed_id = clean($_REQUEST["feed_id"] ?? "");
-		$is_cat = clean($_REQUEST["is_cat"] ?? "");
+		$is_cat = self::_param_to_bool($_REQUEST["is_cat"] ?? null);
 
 		if ($feed_id) {
 			return $this->_wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
@@ -126,10 +119,10 @@ class API extends Handler {
 
 	function getFeeds(): bool {
 		$cat_id = (int) clean($_REQUEST["cat_id"]);
-		$unread_only = self::_param_to_bool(clean($_REQUEST["unread_only"] ?? 0));
+		$unread_only = self::_param_to_bool($_REQUEST["unread_only"] ?? null);
 		$limit = (int) clean($_REQUEST["limit"] ?? 0);
 		$offset = (int) clean($_REQUEST["offset"] ?? 0);
-		$include_nested = self::_param_to_bool(clean($_REQUEST["include_nested"] ?? false));
+		$include_nested = self::_param_to_bool($_REQUEST["include_nested"] ?? null);
 
 		$feeds = $this->_api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
 
@@ -137,9 +130,9 @@ class API extends Handler {
 	}
 
 	function getCategories(): bool {
-		$unread_only = self::_param_to_bool(clean($_REQUEST["unread_only"] ?? false));
-		$enable_nested = self::_param_to_bool(clean($_REQUEST["enable_nested"] ?? false));
-		$include_empty = self::_param_to_bool(clean($_REQUEST['include_empty'] ?? false));
+		$unread_only = self::_param_to_bool($_REQUEST["unread_only"] ?? null);
+		$enable_nested = self::_param_to_bool($_REQUEST["enable_nested"] ?? null);
+		$include_empty = self::_param_to_bool($_REQUEST["include_empty"] ?? null);
 
 		// TODO do not return empty categories, return Uncategorized and standard virtual cats
 
@@ -204,21 +197,20 @@ class API extends Handler {
 
 			$offset = (int)clean($_REQUEST["skip"] ?? 0);
 			$filter = clean($_REQUEST["filter"] ?? "");
-			$is_cat = self::_param_to_bool(clean($_REQUEST["is_cat"] ?? false));
-			$show_excerpt = self::_param_to_bool(clean($_REQUEST["show_excerpt"] ?? false));
-			$show_content = self::_param_to_bool(clean($_REQUEST["show_content"] ?? false));
+			$is_cat = self::_param_to_bool($_REQUEST["is_cat"] ?? null);
+			$show_excerpt = self::_param_to_bool($_REQUEST["show_excerpt"] ?? null);
+			$show_content = self::_param_to_bool($_REQUEST["show_content"] ?? null);
 			/* all_articles, unread, adaptive, marked, updated */
 			$view_mode = clean($_REQUEST["view_mode"] ?? null);
-			$include_attachments = self::_param_to_bool(clean($_REQUEST["include_attachments"] ?? false));
+			$include_attachments = self::_param_to_bool($_REQUEST["include_attachments"] ?? null);
 			$since_id = (int)clean($_REQUEST["since_id"] ?? 0);
-			$include_nested = self::_param_to_bool(clean($_REQUEST["include_nested"] ?? false));
-			$sanitize_content = !isset($_REQUEST["sanitize"]) ||
-				self::_param_to_bool($_REQUEST["sanitize"]);
-			$force_update = self::_param_to_bool(clean($_REQUEST["force_update"] ?? false));
-			$has_sandbox = self::_param_to_bool(clean($_REQUEST["has_sandbox"] ?? false));
+			$include_nested = self::_param_to_bool($_REQUEST["include_nested"] ?? null);
+			$sanitize_content = self::_param_to_bool($_REQUEST["sanitize"] ?? true);
+			$force_update = self::_param_to_bool($_REQUEST["force_update"] ?? null);
+			$has_sandbox = self::_param_to_bool($_REQUEST["has_sandbox"] ?? null);
 			$excerpt_length = (int)clean($_REQUEST["excerpt_length"] ?? 0);
 			$check_first_id = (int)clean($_REQUEST["check_first_id"] ?? 0);
-			$include_header = self::_param_to_bool(clean($_REQUEST["include_header"] ?? false));
+			$include_header = self::_param_to_bool($_REQUEST["include_header"] ?? null);
 
 			$_SESSION['hasSandbox'] = $has_sandbox;
 
@@ -417,7 +409,7 @@ class API extends Handler {
 
 	function catchupFeed(): bool {
 		$feed_id = clean($_REQUEST["feed_id"]);
-		$is_cat = self::_param_to_bool($_REQUEST["is_cat"] ?? false);
+		$is_cat = self::_param_to_bool($_REQUEST["is_cat"] ?? null);
 		$mode = clean($_REQUEST["mode"] ?? "");
 
 		if (!in_array($mode, ["all", "1day", "1week", "2week"]))
diff --git a/classes/feeds.php b/classes/feeds.php
index 970db0107..f71e4b3e8 100755
--- a/classes/feeds.php
+++ b/classes/feeds.php
@@ -456,7 +456,7 @@ class Feeds extends Handler_Protected {
 		$method = $_REQUEST["m"] ?? "";
 		$view_mode = $_REQUEST["view_mode"] ?? "";
 		$limit = 30;
-		$cat_view = $_REQUEST["cat"] == "true";
+		$cat_view = self::_param_to_bool($_REQUEST["cat"] ?? null);
 		$next_unread_feed = $_REQUEST["nuf"] ?? 0;
 		$offset = (int) ($_REQUEST["skip"] ?? 0);
 		$order_by = $_REQUEST["order_by"] ?? "";
diff --git a/classes/handler.php b/classes/handler.php
index 3ee42cedb..aca5bf4d2 100644
--- a/classes/handler.php
+++ b/classes/handler.php
@@ -27,4 +27,10 @@ class Handler implements IHandler {
 		return true;
 	}
 
+	/**
+	 * @param mixed $p
+	 */
+	protected static function _param_to_bool($p): bool {
+		return $p && ($p !== "f" && $p !== "false");
+	}
 }
diff --git a/classes/handler/public.php b/classes/handler/public.php
index b5282c222..6d8f0bd8f 100755
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@@ -307,7 +307,7 @@ class Handler_Public extends Handler {
 	function rss(): void {
 		$feed = clean($_REQUEST["id"]);
 		$key = clean($_REQUEST["key"]);
-		$is_cat = clean($_REQUEST["is_cat"] ?? false);
+		$is_cat = self::_param_to_bool($_REQUEST["is_cat"] ?? null);
 		$limit = (int)clean($_REQUEST["limit"] ?? 0);
 		$offset = (int)clean($_REQUEST["offset"] ?? 0);
 
@@ -317,7 +317,7 @@ class Handler_Public extends Handler {
 		$start_ts = clean($_REQUEST["ts"] ?? "");
 
 		$format = clean($_REQUEST['format'] ?? "atom");
-		$orig_guid = clean($_REQUEST["orig_guid"] ?? false);
+		$orig_guid = clean($_REQUEST["orig_guid"] ?? "");
 
 		if (Config::get(Config::SINGLE_USER_MODE)) {
 			UserHelper::authenticate("admin", null);
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 47479e124..00fd140fe 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -47,7 +47,7 @@ class Pref_Feeds extends Handler_Protected {
 			$search = "";
 
 		// first one is set by API
-		$show_empty_cats = clean($_REQUEST['force_show_empty'] ?? false) ||
+		$show_empty_cats = self::_param_to_bool($_REQUEST['force_show_empty'] ?? null) ||
 			(clean($_REQUEST['mode'] ?? 0) != 2 && !$search);
 
 		$items = [];
@@ -208,7 +208,7 @@ class Pref_Feeds extends Handler_Protected {
 		}
 
 		if ($enable_cats) {
-			$show_empty_cats = clean($_REQUEST['force_show_empty'] ?? false) ||
+			$show_empty_cats = self::_param_to_bool($_REQUEST['force_show_empty'] ?? null) ||
 				(clean($_REQUEST['mode'] ?? 0) != 2 && !$search);
 
 			$feed_categories = ORM::for_table('ttrss_feed_categories')
@@ -1260,7 +1260,7 @@ class Pref_Feeds extends Handler_Protected {
 
 	function regenFeedKey(): void {
 		$feed_id = clean($_REQUEST['id']);
-		$is_cat = clean($_REQUEST['is_cat']);
+		$is_cat = self::_param_to_bool($_REQUEST['is_cat'] ?? null);
 
 		$new_key = Feeds::_update_access_key($feed_id, $is_cat, $_SESSION["uid"]);
 
@@ -1269,7 +1269,7 @@ class Pref_Feeds extends Handler_Protected {
 
 	function getSharedURL(): void {
 		$feed_id = clean($_REQUEST['id']);
-		$is_cat = clean($_REQUEST['is_cat']) == "true";
+		$is_cat = self::_param_to_bool($_REQUEST['is_cat'] ?? null);
 		$search = clean($_REQUEST['search']);
 
 		$link = Config::get_self_url() . "/public.php?" . http_build_query([
diff --git a/classes/rpc.php b/classes/rpc.php
index 75d008b8b..584b86b23 100755
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -173,7 +173,7 @@ class RPC extends Handler_Protected {
 	}
 
 	function sanityCheck(): void {
-		$_SESSION["hasSandbox"] = clean($_REQUEST["hasSandbox"]) === "true";
+		$_SESSION["hasSandbox"] = self::_param_to_bool($_REQUEST["hasSandbox"] ?? null);
 		$_SESSION["clientTzOffset"] = clean($_REQUEST["clientTzOffset"]);
 
 		$client_location = $_REQUEST["clientLocation"];
@@ -225,7 +225,7 @@ class RPC extends Handler_Protected {
 
 	function catchupFeed(): void {
 		$feed_id = clean($_REQUEST['feed_id']);
-		$is_cat = clean($_REQUEST['is_cat']) == "true";
+		$is_cat = self::_param_to_bool($_REQUEST['is_cat'] ?? null);
 		$mode = clean($_REQUEST['mode'] ?? '');
 		$search_query = clean($_REQUEST['search_query']);
 		$search_lang = clean($_REQUEST['search_lang']);