- remove the pseudo group 'All', the API description doesn't say that a group is required and Reeder on iOS works fine without groups
- mark feeds/groups only as read since the API doesn't allow to mark them as unread
Check if a requested database can be selected. Error out if not.
This prevents automatic fallbacks to the default database.
Remove the authorized information from the session if a new database
gets selected.
Factor out logout function to reuse existing code.
Utilize apaches mod_rewrite to append a database parameter to the fever
api script based on the requested URL. Basically everything after
/fever/ is treated as the desired database. E.g. using
https://www.miniflux.net/fever/custom.sqlite/ as server url selects this
database as sync source/target.
The user supplied database parameter is compared with the output of
Model\Database\get_all(), which ensures that only files within the
DATA_DIRECTORY can be referenced (prevents File Inclusion/Directory
Traversal vulnerabilities).
I've tested it against Reeder on iOS. Note that Reeder does not allow
the same user name to be used multiple times within the same domain
name, even if the used URLs are different.
Zero is a valid super group id according to the "mark the Kindling super group
as read" example in the Fever API docs. But the php function empty considers 0
as an empty value and the condition is never true.
The condition has been changed to accept -1 for the "Sparks" super group,
0 for the "Kindling" super group and any other positive integer (feed and
item id must be positive integers).
The group id Zero is used by Reeder for iOS for the virtual feed "unread".