From 9955a134621e75a1490a2cdc75c2a00c23f54507 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sun, 17 Mar 2013 21:04:16 +0400
Subject: [PATCH] properly allow false parameters passed through to API calls
 (refs #576)

---
 classes/api.php       | 18 +++++++++---------
 include/functions.php |  2 +-
 2 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/classes/api.php b/classes/api.php
index 1ee620863..74464821f 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -109,10 +109,10 @@ class API extends Handler {
 
 	function getFeeds() {
 		$cat_id = db_escape_string($_REQUEST["cat_id"]);
-		$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
+		$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
 		$limit = (int) db_escape_string($_REQUEST["limit"]);
 		$offset = (int) db_escape_string($_REQUEST["offset"]);
-		$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
+		$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 
 		$feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
 
@@ -120,8 +120,8 @@ class API extends Handler {
 	}
 
 	function getCategories() {
-		$unread_only = (bool)db_escape_string($_REQUEST["unread_only"]);
-		$enable_nested = (bool)db_escape_string($_REQUEST["enable_nested"]);
+		$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
+		$enable_nested = sql_bool_to_bool($_REQUEST["enable_nested"]);
 
 		// TODO do not return empty categories, return Uncategorized and standard virtual cats
 
@@ -180,14 +180,14 @@ class API extends Handler {
 
 			$offset = (int)db_escape_string($_REQUEST["skip"]);
 			$filter = db_escape_string($_REQUEST["filter"]);
-			$is_cat = (bool)db_escape_string($_REQUEST["is_cat"]);
-			$show_excerpt = (bool)db_escape_string($_REQUEST["show_excerpt"]);
-			$show_content = (bool)db_escape_string($_REQUEST["show_content"]);
+			$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
+			$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
+			$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
 			/* all_articles, unread, adaptive, marked, updated */
 			$view_mode = db_escape_string($_REQUEST["view_mode"]);
-			$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
+			$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
 			$since_id = (int)db_escape_string($_REQUEST["since_id"]);
-			$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
+			$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 			$sanitize_content = true;
 
 			/* do not rely on params below */
diff --git a/include/functions.php b/include/functions.php
index 6e48a700a..b43fda3a1 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -852,7 +852,7 @@
 	}
 
 	function sql_bool_to_bool($s) {
-		if ($s == "t" || $s == "1" || $s == "true") {
+		if ($s == "t" || $s == "1" || strtolower($s) == "true") {
 			return true;
 		} else {
 			return false;