1 files changed, 66 insertions, 40 deletions

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index bfcc75f0d..ca4ae344f 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -14,8 +14,8 @@ class Pref_Feeds extends Handler_Protected {
 	}
 
 	function renamecat() {
-		$title = db_escape_string($_REQUEST['title']);
-		$id = db_escape_string($_REQUEST['id']);
+		$title = db_escape_string($this->link, $_REQUEST['title']);
+		$id = db_escape_string($this->link, $_REQUEST['id']);
 
 		if ($title) {
 			db_query($this->link, "UPDATE ttrss_feed_categories SET
@@ -55,7 +55,7 @@ class Pref_Feeds extends Handler_Protected {
 
 			$cat['items'] = $this->get_category_items($line['id']);
 
-			$cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+			$cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
 
 			if (count($cat['items']) > 0 || $show_empty_cats)
 				array_push($items, $cat);
@@ -172,7 +172,7 @@ class Pref_Feeds extends Handler_Protected {
 
 				$cat['items'] = $this->get_category_items($line['id']);
 
-				$cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+				$cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
 
 				if (count($cat['items']) > 0 || $show_empty_cats)
 					array_push($root['items'], $cat);
@@ -214,13 +214,13 @@ class Pref_Feeds extends Handler_Protected {
 				array_push($cat['items'], $feed);
 			}
 
-			$cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+			$cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
 
 			if (count($cat['items']) > 0 || $show_empty_cats)
 				array_push($root['items'], $cat);
 
 			$root['param'] += count($cat['items']);
-			$root['param'] = T_sprintf('(%d feeds)', $root['param']);
+			$root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
 
 		} else {
 			$feed_result = db_query($this->link, "SELECT id, title, last_error,
@@ -245,7 +245,7 @@ class Pref_Feeds extends Handler_Protected {
 				array_push($root['items'], $feed);
 			}
 
-			$root['param'] = T_sprintf('(%d feeds)', count($root['items']));
+			$root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
 		}
 
 		$fl = array();
@@ -293,7 +293,7 @@ class Pref_Feeds extends Handler_Protected {
 		if ($item_id != 'root') {
 			if ($parent_id && $parent_id != 'root') {
 				$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
-				$parent_qpart = db_escape_string($parent_bare_id);
+				$parent_qpart = db_escape_string($this->link, $parent_bare_id);
 			} else {
 				$parent_qpart = 'NULL';
 			}
@@ -319,7 +319,7 @@ class Pref_Feeds extends Handler_Protected {
 					if (strpos($id, "FEED") === 0) {
 
 						$cat_id = ($item_id != "root") ?
-							db_escape_string($bare_item_id) : "NULL";
+							db_escape_string($this->link, $bare_item_id) : "NULL";
 
 						$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
 							"cat_id = NULL";
@@ -334,7 +334,7 @@ class Pref_Feeds extends Handler_Protected {
 							$nest_level+1);
 
 						if ($item_id != 'root') {
-							$parent_qpart = db_escape_string($bare_id);
+							$parent_qpart = db_escape_string($this->link, $bare_id);
 						} else {
 							$parent_qpart = 'NULL';
 						}
@@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected {
 	}
 
 	function removeicon() {
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
 
 		$result = db_query($this->link, "SELECT id FROM ttrss_feeds
 			WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
@@ -440,7 +440,7 @@ class Pref_Feeds extends Handler_Protected {
 		header("Content-type: text/html");
 
 		$icon_file = $_FILES['icon_file']['tmp_name'];
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
 
 		if (is_file($icon_file) && $feed_id) {
 			if (filesize($icon_file) < 20000) {
@@ -472,7 +472,7 @@ class Pref_Feeds extends Handler_Protected {
 		global $purge_intervals;
 		global $update_intervals;
 
-		$feed_id = db_escape_string($_REQUEST["id"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["id"]);
 
 		$result = db_query($this->link,
 			"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
@@ -613,6 +613,18 @@ class Pref_Feeds extends Handler_Protected {
 			name=\"always_display_enclosures\"
 			$checked>&nbsp;<label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
 
+		$hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images"));
+
+		if ($hide_images) {
+			$checked = "checked=\"1\"";
+		} else {
+			$checked = "";
+		}
+
+		print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
+		name=\"hide_images\"
+			$checked>&nbsp;<label for=\"hide_images\">".
+		__('Do not embed images')."</label>";
 
 		$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
 
@@ -696,7 +708,7 @@ class Pref_Feeds extends Handler_Protected {
 		global $purge_intervals;
 		global $update_intervals;
 
-		$feed_ids = db_escape_string($_REQUEST["ids"]);
+		$feed_ids = db_escape_string($this->link, $_REQUEST["ids"]);
 
 		print "<div class=\"dialogNotice\">" . __("Enable the options you wish to apply using checkboxes on the right:") . "</div>";
 
@@ -804,6 +816,14 @@ class Pref_Feeds extends Handler_Protected {
 
 		print "&nbsp;"; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l");
 
+		print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"hide_images\"
+			name=\"hide_images\"
+			dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"hide_images_l\"
+			for=\"hide_images\">".
+		__('Do not embed images')."</label>";
+
+		print "&nbsp;"; $this->batch_edit_cbox("hide_images", "hide_images_l");
+
 		print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\"
 			name=\"cache_images\"
 			dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"cache_images_l\"
@@ -842,26 +862,27 @@ class Pref_Feeds extends Handler_Protected {
 
 	function editsaveops($batch) {
 
-		$feed_title = db_escape_string(trim($_POST["title"]));
-		$feed_link = db_escape_string(trim($_POST["feed_url"]));
-		$upd_intl = (int) db_escape_string($_POST["update_interval"]);
-		$purge_intl = (int) db_escape_string($_POST["purge_interval"]);
-		$feed_id = (int) db_escape_string($_POST["id"]); /* editSave */
-		$feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */
-		$cat_id = (int) db_escape_string($_POST["cat_id"]);
-		$auth_login = db_escape_string(trim($_POST["auth_login"]));
-		$auth_pass = db_escape_string(trim($_POST["auth_pass"]));
-		$private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
+		$feed_title = db_escape_string($this->link, trim($_POST["title"]));
+		$feed_link = db_escape_string($this->link, trim($_POST["feed_url"]));
+		$upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]);
+		$purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]);
+		$feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */
+		$feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */
+		$cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]);
+		$auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
+		$auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
+		$private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"]));
 		$include_in_digest = checkbox_to_sql_bool(
-			db_escape_string($_POST["include_in_digest"]));
+			db_escape_string($this->link, $_POST["include_in_digest"]));
 		$cache_images = checkbox_to_sql_bool(
-			db_escape_string($_POST["cache_images"]));
-
+			db_escape_string($this->link, $_POST["cache_images"]));
+		$hide_images = checkbox_to_sql_bool(
+			db_escape_string($this->link, $_POST["hide_images"]));
 		$always_display_enclosures = checkbox_to_sql_bool(
-			db_escape_string($_POST["always_display_enclosures"]));
+			db_escape_string($this->link, $_POST["always_display_enclosures"]));
 
 		$mark_unread_on_update = checkbox_to_sql_bool(
-			db_escape_string($_POST["mark_unread_on_update"]));
+			db_escape_string($this->link, $_POST["mark_unread_on_update"]));
 
 		if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
 			if ($cat_id && $cat_id != 0) {
@@ -887,6 +908,7 @@ class Pref_Feeds extends Handler_Protected {
 				auth_pass = '$auth_pass',
 				private = $private,
 				cache_images = $cache_images,
+				hide_images = $hide_images,
 				include_in_digest = $include_in_digest,
 				always_display_enclosures = $always_display_enclosures,
 				mark_unread_on_update = $mark_unread_on_update
@@ -952,6 +974,10 @@ class Pref_Feeds extends Handler_Protected {
 						$qpart = "cache_images = $cache_images";
 						break;
 
+					case "hide_images":
+						$qpart = "hide_images = $hide_images";
+						break;
+
 					case "cat_id":
 						$qpart = $category_qpart_nocomma;
 						break;
@@ -973,7 +999,7 @@ class Pref_Feeds extends Handler_Protected {
 
 	function resetPubSub() {
 
-		$ids = db_escape_string($_REQUEST["ids"]);
+		$ids = db_escape_string($this->link, $_REQUEST["ids"]);
 
 		db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
 			AND owner_uid = " . $_SESSION["uid"]);
@@ -983,24 +1009,24 @@ class Pref_Feeds extends Handler_Protected {
 
 	function remove() {
 
-		$ids = split(",", db_escape_string($_REQUEST["ids"]));
+		$ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
 
 		foreach ($ids as $id) {
-			$this->remove_feed($this->link, $id, $_SESSION["uid"]);
+			Pref_Feeds::remove_feed($this->link, $id, $_SESSION["uid"]);
 		}
 
 		return;
 	}
 
 	function clear() {
-		$id = db_escape_string($_REQUEST["id"]);
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
 		$this->clear_feed_articles($this->link, $id);
 	}
 
 	function rescore() {
 		require_once "rssfuncs.php";
 
-		$ids = split(",", db_escape_string($_REQUEST["ids"]));
+		$ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
 
 		foreach ($ids as $id) {
 
@@ -1106,9 +1132,9 @@ class Pref_Feeds extends Handler_Protected {
 	}
 
 	function categorize() {
-		$ids = split(",", db_escape_string($_REQUEST["ids"]));
+		$ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
 
-		$cat_id = db_escape_string($_REQUEST["cat_id"]);
+		$cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
 
 		if ($cat_id == 0) {
 			$cat_id_qpart = 'NULL';
@@ -1130,14 +1156,14 @@ class Pref_Feeds extends Handler_Protected {
 	}
 
 	function removeCat() {
-		$ids = split(",", db_escape_string($_REQUEST["ids"]));
+		$ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
 		foreach ($ids as $id) {
 			$this->remove_feed_category($this->link, $id, $_SESSION["uid"]);
 		}
 	}
 
 	function addCat() {
-		$feed_cat = db_escape_string(trim($_REQUEST["cat"]));
+		$feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"]));
 
 		add_feed_category($this->link, $feed_cat);
 	}
@@ -1179,7 +1205,7 @@ class Pref_Feeds extends Handler_Protected {
 					__("Inactive feeds") . "</button>";
 		}
 
-		$feed_search = db_escape_string($_REQUEST["search"]);
+		$feed_search = db_escape_string($this->link, $_REQUEST["search"]);
 
 		if (array_key_exists("search", $_REQUEST)) {
 			$_SESSION["prefs_feed_search"] = $feed_search;
@@ -1631,7 +1657,7 @@ class Pref_Feeds extends Handler_Protected {
 		ccache_remove($link, $id, $owner_uid, true);
 	}
 
-	private function remove_feed($link, $id, $owner_uid) {
+	static function remove_feed($link, $id, $owner_uid) {
 
 		if ($id > 0) {