From 8dccabedaee3450642c58c75101ff52c38508112 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Fri, 1 Aug 2008 04:38:17 +0100
Subject: merge two patches: STRIP_IMAGES and ENABLE_FLASH_PLAYER from Sten
 (bump schema)

---
 functions.php | 30 +++++++++++++++++++++++++++---
 1 file changed, 27 insertions(+), 3 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 8e2acb222..e00faf6b6 100644
--- a/functions.php
+++ b/functions.php
@@ -3522,6 +3522,12 @@
 //			$res = strip_tags_long($res, "<p><a><i><em><b><strong><blockquote><br><img><div><span>");			
 		}
 
+		if (get_pref($link, "STRIP_IMAGES")) {
+			
+			$res = preg_replace('/<img[^>]+>/is', '', $res);
+
+		}
+
 		return $res;
 	}
 
@@ -4704,7 +4710,16 @@
 
 					$filename = substr($url, strrpos($url, "/")+1);
 
-					$entry = "<a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
+					$entry = ""; 
+					
+					if (($ctype = __("audio/mpeg")) && 
+						(get_pref($link, "ENABLE_FLASH_PLAYER")) ) { 
+					
+						$entry .= "<object type=\"application/x-shockwave-flash\" data=\"extras/button/musicplayer.swf?song_url=$url\" width=\"20\" height=\"20\"> <param name=\"movie\" value=\"extras/button/musicplayer.swf?song_url=$url\" /> </object>";
+
+					}
+
+					$entry .= "<a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
 						$filename . " (" . $ctype . ")" . "</a>";
 
 					array_push($entries, $entry);
@@ -5139,7 +5154,7 @@
 
 //					print "<div class=\"cdmInnerContent\" id=\"CICD-$id\" $cdm_cstyle>";
 
-					print $line["content_preview"];
+					print sanitize_rss($line["content_preview"]);
 
 					$e_result = db_query($link, "SELECT * FROM ttrss_enclosures WHERE
 						post_id = '$id' AND content_url != ''");
@@ -5163,7 +5178,16 @@
 
 					$filename = substr($url, strrpos($url, "/")+1);
 
-					$entry = "<a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
+					$entry = ""; 
+					
+					if (($ctype = __("audio/mpeg")) && 
+						(get_pref($link, "ENABLE_FLASH_PLAYER")) ) { 
+						
+						$entry .= "<object type=\"application/x-shockwave-flash\" data=\"extras/button/musicplayer.swf?song_url=$url\" width=\"20\" height=\"20\"> <param name=\"movie\" value=\"extras/button/musicplayer.swf?song_url=$url\" /> </object>"; 
+					
+					}
+
+					$entry .= "<a target=\"_blank\" href=\"" . htmlspecialchars($url) . "\">" .
 						$filename . " (" . $ctype . ")" . "</a>";
 
 					array_push($entries, $entry);
-- 
cgit v1.2.3


From 73f5f114ec76d32db19f3dcc2aa571c912ed360b Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Fri, 1 Aug 2008 04:47:16 +0100
Subject: merge tweaks to ALLOW_REMOTE_USER_AUTH functionality from Erick
 Rudiak

---
 functions.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index e00faf6b6..f1836edd8 100644
--- a/functions.php
+++ b/functions.php
@@ -1682,11 +1682,11 @@
 			$pwd_hash2 = encrypt_password($password, $login);
 
 			if (defined('ALLOW_REMOTE_USER_AUTH') && ALLOW_REMOTE_USER_AUTH 
-					&& $_SERVER["REMOTE_USER"]) {
+					&& $_SERVER["REMOTE_USER"] && $login != "admin") {
 
 				$login = db_escape_string($_SERVER["REMOTE_USER"]);
 
-				$query = "SELECT id,login,access_level
+				$query = "SELECT id,login,access_level,pwd_hash
 	            FROM ttrss_users WHERE
 					login = '$login'";
 
-- 
cgit v1.2.3