Merge branch 'master' of binfalse/tt-rss into master

[tt-rss.git] / classes / rssutils.php

diff --git a/classes/rssutils.php b/classes/rssutils.php
index c9e6bc0ea156462f4038465c42a61df5430154c8..e5233b71ca8f8255df592b663bdf3037a22b3fe2 100644 (file)
--- a/classes/rssutils.php
+++ b/classes/rssutils.php
@@ -304,7 +304,7 @@ class RSSUtils {
         */
        static function update_rss_feed($feed, $no_cache = false) {
 
-               $debug_enabled = defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug'];
+               $debug_enabled = defined('DAEMON_EXTENDED_DEBUG') || clean($_REQUEST['xdebug']);
 
                _debug_suppress(!$debug_enabled);
                _debug("start", $debug_enabled);
@@ -492,8 +492,6 @@ class RSSUtils {
                $rss = new FeedParser($feed_data);
                $rss->init();
 
-               $feed = $feed;
-
                if (!$rss->error()) {
 
                        // We use local pluginhost here because we need to load different per-user feed plugins
@@ -593,7 +591,7 @@ class RSSUtils {
                        foreach ($items as $item) {
                                $pdo->beginTransaction();
 
-                               if ($_REQUEST['xdebug'] == 3) {
+                               if (clean($_REQUEST['xdebug']) == 3) {
                                        print_r($item);
                                }
 
@@ -642,7 +640,7 @@ class RSSUtils {
                                $entry_content = $item->get_content();
                                if (!$entry_content) $entry_content = $item->get_description();
 
-                               if ($_REQUEST["xdebug"] == 2) {
+                               if (clean($_REQUEST["xdebug"]) == 2) {
                                        print "content: ";
                                        print htmlspecialchars($entry_content);
                                        print "\n";
@@ -751,7 +749,7 @@ class RSSUtils {
                                        $entry_plugin_data .= mb_strtolower(get_class($plugin)) . ",";
                                }
 
-                               if ($_REQUEST["xdebug"] == 2) {
+                               if (clean($_REQUEST["xdebug"]) == 2) {
                                        print "processed content: ";
                                        print htmlspecialchars($article["content"]);
                                        print "\n";
@@ -932,7 +930,7 @@ class RSSUtils {
                                                        $last_read_qpart = null;
                                                } else {
                                                        $unread = 0;
-                                                       $last_read_qpart = 'NOW()';
+                                                       $last_read_qpart = date("Y-m-d H:i"); // we can't use NOW() here because it gets quoted
                                                }
 
                                                if (RSSUtils::find_article_filter($article_filters, 'mark') || $score > 1000) {
@@ -955,10 +953,10 @@ class RSSUtils {
                                                                (ref_id, owner_uid, feed_id, unread, last_read, marked,
                                                                published, score, tag_cache, label_cache, uuid,
                                                                last_marked, last_published)
-                                                       VALUES (?, ?, ?, ?, ?, ?, ?, ?, '', '', '', ?, ?)");
+                                                       VALUES (?, ?, ?, ?, ?, ?, ?, ?, '', '', '', ".$last_marked.", ".$last_published.")");
 
                                                $sth->execute([$ref_id, $owner_uid, $feed, $unread, $last_read_qpart, $marked,
-                                                       $published, $score, $last_marked, $last_published]);
+                                                       $published, $score]);
 
                                                $sth = $pdo->prepare("SELECT int_id FROM ttrss_user_entries WHERE
                                                                ref_id = ? AND owner_uid = ? AND