From 41694a956d4cbe4da633a967c06908b69e942c17 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 13 Apr 2013 18:58:09 +0400
Subject: [PATCH] fix double-escaping possible with encrypted passwords

---
 classes/pref/feeds.php | 8 ++++++--
 classes/rpc.php        | 2 +-
 include/functions.php  | 2 ++
 3 files changed, 9 insertions(+), 3 deletions(-)

diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 4a77ed8cf..c57cccc44 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -932,7 +932,7 @@ class Pref_Feeds extends Handler_Protected {
 		$feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */
 		$cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]);
 		$auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
-		$auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
+		$auth_pass = trim($_POST["auth_pass"]);
 		$private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"]));
 		$include_in_digest = checkbox_to_sql_bool(
 			db_escape_string($this->link, $_POST["include_in_digest"]));
@@ -954,6 +954,8 @@ class Pref_Feeds extends Handler_Protected {
 			$auth_pass_encrypted = 'false';
 		}
 
+		$auth_pass = db_escape_string($this->link, $auth_pass);
+
 		if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
 			if ($cat_id && $cat_id != 0) {
 				$category_qpart = "cat_id = '$cat_id',";
@@ -1842,7 +1844,7 @@ class Pref_Feeds extends Handler_Protected {
 		$cat_id = db_escape_string($this->link, $_REQUEST['cat']);
 		$feeds = explode("\n", $_REQUEST['feeds']);
 		$login = db_escape_string($this->link, $_REQUEST['login']);
-		$pass = db_escape_string($this->link, $_REQUEST['pass']);
+		$pass = trim($_REQUEST['pass']);
 
 		foreach ($feeds as $feed) {
 			$feed = db_escape_string($this->link, trim($feed));
@@ -1869,6 +1871,8 @@ class Pref_Feeds extends Handler_Protected {
 					$auth_pass_encrypted = 'false';
 				}
 
+				$pass = db_escape_string($this->link, $pass);
+
 				if (db_num_rows($result) == 0) {
 					$result = db_query($this->link,
 						"INSERT INTO ttrss_feeds
diff --git a/classes/rpc.php b/classes/rpc.php
index 508dd8d41..1569a9a35 100644
--- a/classes/rpc.php
+++ b/classes/rpc.php
@@ -104,7 +104,7 @@ class RPC extends Handler_Protected {
 		$feed = db_escape_string($this->link, $_REQUEST['feed']);
 		$cat = db_escape_string($this->link, $_REQUEST['cat']);
 		$login = db_escape_string($this->link, $_REQUEST['login']);
-		$pass = db_escape_string($this->link, $_REQUEST['pass']);
+		$pass = trim($_REQUEST['pass']); // escaped later
 
 		$rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass);
 
diff --git a/include/functions.php b/include/functions.php
index 73ed97d08..1b6b3e820 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -1622,6 +1622,8 @@
 			$auth_pass_encrypted = 'false';
 		}
 
+		$auth_pass = db_escape_string($this->link, $auth_pass);
+
 		if (db_num_rows($result) == 0) {
 			$result = db_query($link,
 				"INSERT INTO ttrss_feeds