From 83b1ddafef6d5f771ef3a6cc79a0c62fe98d2b96 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 3 Apr 2013 22:55:46 +0400
Subject: plugins/mail: remove secretkey stuff

---
 plugins/mail/init.php | 44 +++++++++++++++-----------------------------
 1 file changed, 15 insertions(+), 29 deletions(-)

(limited to 'plugins')

diff --git a/plugins/mail/init.php b/plugins/mail/init.php
index 49de96afd..40da8720c 100644
--- a/plugins/mail/init.php
+++ b/plugins/mail/init.php
@@ -32,11 +32,6 @@ class Mail extends Plugin {
 
 		$param = db_escape_string($this->link, $_REQUEST['param']);
 
-		$secretkey = sha1(uniqid(rand(), true));
-
-		$_SESSION['email_secretkey'] = $secretkey;
-
-		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"secretkey\" value=\"$secretkey\">";
 		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
 		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"mail\">";
 		print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"sendEmail\">";
@@ -135,41 +130,32 @@ class Mail extends Plugin {
 	}
 
 	function sendEmail() {
-		$secretkey = $_REQUEST['secretkey'];
-
 		require_once 'classes/ttrssmailer.php';
 
 		$reply = array();
 
-		if ($_SESSION['email_secretkey'] &&
-		$secretkey == $_SESSION['email_secretkey']) {
+		$_SESSION['email_secretkey'] = '';
 
-			$_SESSION['email_secretkey'] = '';
+		$replyto = strip_tags($_SESSION['email_replyto']);
+		$fromname = strip_tags($_SESSION['email_fromname']);
 
-			$replyto = strip_tags($_SESSION['email_replyto']);
-			$fromname = strip_tags($_SESSION['email_fromname']);
+		$mail = new ttrssMailer();
 
-			$mail = new ttrssMailer();
+		$mail->From = $replyto;
+		$mail->FromName = $fromname;
+		$mail->AddAddress($_REQUEST['destination']);
 
-			$mail->From = $replyto;
-			$mail->FromName = $fromname;
-			$mail->AddAddress($_REQUEST['destination']);
+		$mail->IsHTML(false);
+		$mail->Subject = $_REQUEST['subject'];
+		$mail->Body = $_REQUEST['content'];
 
-			$mail->IsHTML(false);
-			$mail->Subject = $_REQUEST['subject'];
-			$mail->Body = $_REQUEST['content'];
-
-			$rc = $mail->Send();
-
-			if (!$rc) {
-				$reply['error'] =  $mail->ErrorInfo;
-			} else {
-				save_email_address($this->link, db_escape_string($this->link, $destination));
-				$reply['message'] = "UPDATE_COUNTERS";
-			}
+		$rc = $mail->Send();
 
+		if (!$rc) {
+			$reply['error'] =  $mail->ErrorInfo;
 		} else {
-			$reply['error'] = "Not authorized.";
+			save_email_address($this->link, db_escape_string($this->link, $destination));
+			$reply['message'] = "UPDATE_COUNTERS";
 		}
 
 		print json_encode($reply);
-- 
cgit v1.2.3


From cd4d71b41b7e3e7ea394cdbc20b7d62e4e3bc36b Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Wed, 3 Apr 2013 23:24:27 +0400
Subject: updater: fix is_writable checking

---
 plugins/updater/init.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'plugins')

diff --git a/plugins/updater/init.php b/plugins/updater/init.php
index ef5a94967..adab6bc80 100644
--- a/plugins/updater/init.php
+++ b/plugins/updater/init.php
@@ -42,7 +42,7 @@ class Updater extends Plugin {
 			case 0:
 				array_push($log, "Work directory: $work_dir");
 
-				if (!is_writable($work_dir) && !is_writable("$parent_dir")) {
+				if (!is_writable($work_dir) || !is_writable("$parent_dir")) {
 					$user = posix_getpwuid(posix_geteuid());
 					$user = $user["name"];
 					array_push($log, "Both tt-rss and parent directories should be writable as current user ($user).");
-- 
cgit v1.2.3


From 61096207b6b856a67a062dd7fdfc4e8724f3b2ec Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 4 Apr 2013 10:21:48 +0400
Subject: add several checks to googleimportplugin to make importing more
 stable

---
 plugins/googlereaderimport/init.php | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

(limited to 'plugins')

diff --git a/plugins/googlereaderimport/init.php b/plugins/googlereaderimport/init.php
index da5e9adb1..8f14bdaa7 100644
--- a/plugins/googlereaderimport/init.php
+++ b/plugins/googlereaderimport/init.php
@@ -125,14 +125,14 @@ class GoogleReaderImport extends Plugin {
 						if (strpos($item['origin']['streamId'], 'feed/') === 0) {
 
 							$orig_feed_data['feed_url'] = db_escape_string($this->link,
-								preg_replace("/^feed\//",
-									"", $item['origin']['streamId']));
+								mb_substr(preg_replace("/^feed\//",
+									"", $item['origin']['streamId']), 0, 200));
 
 							$orig_feed_data['title'] = db_escape_string($this->link,
-								$item['origin']['title']);
+								mb_substr($item['origin']['title'], 0, 200));
 
 							$orig_feed_data['site_url'] = db_escape_string($this->link,
-								$item['origin']['htmlUrl']);
+								mb_substr($item['origin']['htmlUrl'], 0, 200));
 						}
 					}
 
@@ -225,7 +225,7 @@ class GoogleReaderImport extends Plugin {
 			}
 		}
 
-		if ($feed_id) {
+		if ($feed_id && $feed_id != 'NULL') {
 			// locate archived entry to file entries in, we don't want to file them in actual feeds because of purging
 			// maybe file marked in real feeds because eh
 
@@ -254,6 +254,8 @@ class GoogleReaderImport extends Plugin {
 				db_query($this->link, "DELETE FROM ttrss_feeds WHERE id = $feed_id");
 		}
 
+		if (!$orig_feed_id) $orig_feed_id = 'NULL';
+
 		$result = db_query($this->link, "SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
 			guid = '$guid' AND ref_id = id AND owner_uid = '$owner_uid' LIMIT 1");
 
-- 
cgit v1.2.3