deprecate encrypted feed passwords because mcrypt is getting removed from php 7.1

[tt-rss.git] / classes / pref / feeds.php

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
old mode 100644 (file)
new mode 100755 (executable)
index e839af3..6795236
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -34,7 +34,7 @@ class Pref_Feeds extends Handler_Protected {
                else
                        $search = "";
 
-               if ($search) $search_qpart = " AND LOWER(title) LIKE LOWER('%$search%')";
+               if ($search) $search_qpart = " AND (LOWER(title) LIKE LOWER('%$search%') OR LOWER(feed_url) LIKE LOWER('%$search%'))";
 
                // first one is set by API
                $show_empty_cats = $_REQUEST['force_show_empty'] ||
@@ -297,7 +297,7 @@ class Pref_Feeds extends Handler_Protected {
                if ($_REQUEST['mode'] != 2) {
                        $fl['items'] = array($root);
                } else {
-                       $fl['items'] =& $root['items'];
+                       $fl['items'] = $root['items'];
                }
 
                return $fl;
@@ -324,7 +324,7 @@ class Pref_Feeds extends Handler_Protected {
 
                if ($debug) _debug("$prefix C: $item_id P: $parent_id");
 
-               $bare_item_id = substr($item_id, strpos($item_id, ':')+1);
+               $bare_item_id = $this->dbh->escape_string(substr($item_id, strpos($item_id, ':')+1));
 
                if ($item_id != 'root') {
                        if ($parent_id && $parent_id != 'root') {
@@ -346,7 +346,7 @@ class Pref_Feeds extends Handler_Protected {
                if ($cat && is_array($cat)) {
                        foreach ($cat as $item) {
                                $id = $item['_reference'];
-                               $bare_id = substr($id, strpos($id, ':')+1);
+                               $bare_id = $this->dbh->escape_string(substr($id, strpos($id, ':')+1));
 
                                if ($debug) _debug("$prefix [$order_id] $id/$bare_id");
 
@@ -410,7 +410,7 @@ class Pref_Feeds extends Handler_Protected {
                                                if (isset($item['items']['_reference'])) {
                                                        $data_map[$item['id']] = array($item['items']);
                                                } else {
-                                                       $data_map[$item['id']] =& $item['items'];
+                                                       $data_map[$item['id']] = $item['items'];
                                                }
                                        }
                                if ($item['id'] == 'root') {
@@ -641,11 +641,12 @@ class Pref_Feeds extends Handler_Protected {
 
                print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
                        placeHolder=\"".__("Login")."\"
+                       autocomplete=\"new-password\"
                        name=\"auth_login\" value=\"$auth_login\"><hr/>";
 
                $auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
 
-               if ($auth_pass_encrypted) {
+               if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
                        require_once "crypt.php";
                        $auth_pass = decrypt_string($auth_pass);
                }
@@ -653,6 +654,7 @@ class Pref_Feeds extends Handler_Protected {
                $auth_pass = htmlspecialchars($auth_pass);
 
                print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
+                       autocomplete=\"new-password\"
                        placeHolder=\"".__("Password")."\"
                        value=\"$auth_pass\">";
 
@@ -878,11 +880,13 @@ class Pref_Feeds extends Handler_Protected {
 
                print "<input dojoType=\"dijit.form.TextBox\"
                        placeHolder=\"".__("Login")."\" disabled=\"1\"
+                       autocomplete=\"new-password\"
                        name=\"auth_login\" value=\"\">";
 
                $this->batch_edit_cbox("auth_login");
 
                print "<hr/> <input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
+                       autocomplete=\"new-password\"
                        placeHolder=\"".__("Password")."\" disabled=\"1\"
                        value=\"\">";
 
@@ -979,14 +983,7 @@ class Pref_Feeds extends Handler_Protected {
 
                $feed_language = $this->dbh->escape_string(trim($_POST["feed_language"]));
 
-               if (strlen(FEED_CRYPT_KEY) > 0) {
-                       require_once "crypt.php";
-                       $auth_pass = substr(encrypt_string($auth_pass), 0, 250);
-                       $auth_pass_encrypted = 'true';
-               } else {
-                       $auth_pass_encrypted = 'false';
-               }
-
+               $auth_pass_encrypted = 'false';
                $auth_pass = $this->dbh->escape_string($auth_pass);
 
                if (get_pref('ENABLE_FEED_CATS')) {
@@ -1840,6 +1837,7 @@ class Pref_Feeds extends Handler_Protected {
                                " <input
                                        placeHolder=\"".__("Password")."\"
                                        dojoType=\"dijit.form.TextBox\" type='password'
+                                       autocomplete=\"new-password\"
                                        style=\"width : 10em;\" name='pass'\">".
                                "</div>";
 
@@ -1884,14 +1882,7 @@ class Pref_Feeds extends Handler_Protected {
                                        "SELECT id FROM ttrss_feeds
                                        WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
 
-                               if (strlen(FEED_CRYPT_KEY) > 0) {
-                                       require_once "crypt.php";
-                                       $pass = substr(encrypt_string($pass), 0, 250);
-                                       $auth_pass_encrypted = 'true';
-                               } else {
-                                       $auth_pass_encrypted = 'false';
-                               }
-
+                               $auth_pass_encrypted = 'false';
                                $pass = $this->dbh->escape_string($pass);
 
                                if ($this->dbh->num_rows($result) == 0) {