]>
Commit | Line | Data |
---|---|---|
ef8be8ea AD |
1 | <?php |
2 | // We need to accept raw SQL data in label queries, so not everything is escaped | |
3 | // here, this is by design. If you don't like it, disable labels | |
4 | // altogether with GLOBAL_ENABLE_LABELS = false | |
5 | ||
6 | function module_pref_labels($link) { | |
7 | if (!GLOBAL_ENABLE_LABELS) { | |
8 | ||
746dcf42 | 9 | print __("Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality."); |
ef8be8ea AD |
10 | return; |
11 | } | |
12 | ||
13 | $subop = $_GET["subop"]; | |
14 | ||
15 | if ($subop == "edit") { | |
16 | ||
17 | $label_id = db_escape_string($_GET["id"]); | |
18 | ||
19 | $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE | |
20 | owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description"); | |
21 | ||
22 | $line = db_fetch_assoc($result); | |
23 | ||
47439031 AD |
24 | $sql_exp = htmlspecialchars($line["sql_exp"]); |
25 | $description = htmlspecialchars($line["description"]); | |
ef8be8ea | 26 | |
ecace165 | 27 | print "<div id=\"infoBoxTitle\">Label Editor</div>"; |
ef8be8ea AD |
28 | print "<div class=\"infoBoxContents\">"; |
29 | ||
e6312f6c | 30 | print "<form id=\"label_edit_form\" onsubmit='return false'>"; |
ef8be8ea AD |
31 | |
32 | print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; | |
33 | print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; | |
34 | print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; | |
35 | ||
10fa6615 | 36 | print "<div class=\"dlgSec\">".__("Caption")."</div>"; |
ef8be8ea | 37 | |
10fa6615 AD |
38 | print "<div class=\"dlgSecCont\">"; |
39 | ||
40 | print "<input onkeypress=\"return filterCR(event, labelEditSave)\" | |
b5015f72 AD |
41 | onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" |
42 | onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
10fa6615 AD |
43 | name=\"description\" size=\"30\" value=\"$description\">"; |
44 | print "</div>"; | |
ef8be8ea | 45 | |
10fa6615 | 46 | print "<div class=\"dlgSec\">".__("Match SQL")."</div>"; |
ef8be8ea | 47 | |
10fa6615 | 48 | print "<div class=\"dlgSecCont\">"; |
ef8be8ea AD |
49 | |
50 | print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
071ec48f AD |
51 | rows=\"6\" name=\"sql_exp\" class=\"labelSQL\" cols=\"50\">$sql_exp</textarea>"; |
52 | ||
53 | print "<br/>"; | |
54 | ||
55 | print_label_dlg_common_examples(); | |
10fa6615 AD |
56 | |
57 | print "</div>"; | |
ef8be8ea AD |
58 | |
59 | print "</form>"; | |
60 | ||
61 | print "<div style=\"display : none\" id=\"label_test_result\"></div>"; | |
62 | ||
10fa6615 | 63 | print "<div class=\"dlgButtons\">"; |
ef8be8ea | 64 | |
b44d8c51 | 65 | print "<div style='float : left'>"; |
6a5efb07 AD |
66 | print "<input type=\"submit\" |
67 | class=\"button\" onclick=\"return displayHelpInfobox(1)\" | |
68 | value=\"".__('Help')."\"> "; | |
b44d8c51 | 69 | print "</div>"; |
6a5efb07 | 70 | |
ef8be8ea AD |
71 | $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : ""; |
72 | ||
73 | print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\"> | |
74 | "; | |
75 | ||
76 | print "<input type=\"submit\" | |
77 | id=\"infobox_submit\" | |
78 | class=\"button\" onclick=\"return labelEditSave()\" | |
79 | value=\"Save\"> "; | |
80 | ||
81 | print "<input class=\"button\" | |
82 | type=\"submit\" onclick=\"return labelEditCancel()\" | |
83 | value=\"Cancel\">"; | |
84 | ||
85 | print "</div>"; | |
86 | ||
87 | return; | |
88 | } | |
89 | ||
90 | if ($subop == "test") { | |
91 | ||
47439031 AD |
92 | // no escaping here on purpose |
93 | $expr = trim($_GET["expr"]); | |
94 | $descr = db_escape_string(trim($_GET["descr"])); | |
ef8be8ea | 95 | |
caf1f12f AD |
96 | $expr = str_replace(";", "", $expr); |
97 | ||
a4919a16 | 98 | if (!$expr) { |
8df90057 | 99 | print "<p>".__("Error: SQL expression is blank.")."</p>"; |
a4919a16 AD |
100 | return; |
101 | } | |
102 | ||
ef8be8ea AD |
103 | print "<div>"; |
104 | ||
105 | error_reporting(0); | |
106 | ||
107 | ||
108 | $result = db_query($link, | |
109 | "SELECT count(ttrss_entries.id) AS num_matches | |
110 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
111 | WHERE ($expr) AND | |
112 | ttrss_user_entries.ref_id = ttrss_entries.id AND | |
113 | ttrss_user_entries.feed_id = ttrss_feeds.id AND | |
114 | ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false); | |
115 | ||
116 | error_reporting (DEFAULT_ERROR_LEVEL); | |
117 | ||
118 | if (!$result) { | |
768858f1 | 119 | print "<div class=\"labelTestError\">" . db_last_error($link) . "</div>"; |
ef8be8ea AD |
120 | print "</div>"; |
121 | return; | |
122 | } | |
123 | ||
124 | $num_matches = db_fetch_result($result, 0, "num_matches");; | |
125 | ||
126 | if ($num_matches > 0) { | |
127 | ||
128 | if ($num_matches > 10) { | |
129 | $showing_msg = ", showing first 10"; | |
130 | } | |
131 | ||
132 | print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>"; | |
133 | ||
134 | $result = db_query($link, | |
135 | "SELECT ttrss_entries.title, | |
136 | (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title | |
137 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
138 | WHERE ($expr) AND | |
139 | ttrss_user_entries.ref_id = ttrss_entries.id | |
140 | AND ttrss_user_entries.feed_id = ttrss_feeds.id | |
141 | AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " | |
0ecd2499 | 142 | ORDER BY date_entered LIMIT 10", false); |
ef8be8ea AD |
143 | |
144 | print "<ul class=\"labelTestResults\">"; | |
145 | ||
146 | $row_class = "even"; | |
147 | ||
148 | while ($line = db_fetch_assoc($result)) { | |
149 | $row_class = toggleEvenOdd($row_class); | |
150 | ||
151 | print "<li class=\"$row_class\">".$line["title"]. | |
152 | " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>"; | |
153 | } | |
154 | print "</ul>"; | |
155 | ||
156 | } else { | |
157 | print "<p>Query didn't return any matches.</p>"; | |
158 | } | |
159 | ||
160 | print "</div>"; | |
161 | ||
162 | return; | |
163 | } | |
164 | ||
165 | if ($subop == "editSave") { | |
166 | ||
5b10ad15 | 167 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
ef8be8ea AD |
168 | $descr = db_escape_string(trim($_GET["description"])); |
169 | $label_id = db_escape_string($_GET["id"]); | |
caf1f12f AD |
170 | |
171 | $sql_exp = str_replace(";", "", $sql_exp); | |
172 | ||
ef8be8ea AD |
173 | $result = db_query($link, "UPDATE ttrss_labels SET |
174 | sql_exp = '$sql_exp', | |
175 | description = '$descr' | |
176 | WHERE id = '$label_id'"); | |
5e6f933a AD |
177 | |
178 | if (db_affected_rows($link, $result) != 0) { | |
179 | print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr))); | |
180 | } | |
181 | ||
ef8be8ea AD |
182 | } |
183 | ||
184 | if ($subop == "remove") { | |
185 | ||
186 | if (!WEB_DEMO_MODE) { | |
187 | ||
188 | $ids = split(",", db_escape_string($_GET["ids"])); | |
189 | ||
190 | foreach ($ids as $id) { | |
191 | db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); | |
192 | ||
193 | } | |
194 | } | |
195 | } | |
196 | ||
197 | if ($subop == "add") { | |
ef8be8ea | 198 | |
5b10ad15 | 199 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
5e6f933a | 200 | $description = db_escape_string($_GET["description"]); |
ef8be8ea | 201 | |
caf1f12f AD |
202 | $sql_exp = str_replace(";", "", $sql_exp); |
203 | ||
5e6f933a | 204 | if (!$sql_exp || !$description) return; |
ef8be8ea | 205 | |
5e6f933a AD |
206 | $result = db_query($link, |
207 | "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) | |
208 | VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')"); | |
209 | ||
210 | if (db_affected_rows($link, $result) != 0) { | |
211 | print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description)); | |
212 | } | |
213 | ||
214 | return; | |
ef8be8ea AD |
215 | } |
216 | ||
fe8d2059 AD |
217 | set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig"); |
218 | ||
ef8be8ea AD |
219 | $sort = db_escape_string($_GET["sort"]); |
220 | ||
221 | if (!$sort || $sort == "undefined") { | |
222 | $sort = "description"; | |
223 | } | |
224 | ||
112d2aec AD |
225 | $label_search = db_escape_string($_GET["search"]); |
226 | ||
227 | if (array_key_exists("search", $_GET)) { | |
228 | $_SESSION["prefs_label_search"] = $label_search; | |
229 | } else { | |
230 | $label_search = $_SESSION["prefs_label_search"]; | |
231 | } | |
232 | ||
233 | print "<div class=\"feedEditSearch\"> | |
234 | <input id=\"label_search\" size=\"20\" type=\"search\" | |
4cf6fc6a AD |
235 | onfocus=\"javascript:disableHotkeys();\" |
236 | onblur=\"javascript:enableHotkeys();\" | |
112d2aec AD |
237 | onchange=\"javascript:updateLabelList()\" value=\"$label_search\"> |
238 | <input type=\"submit\" class=\"button\" | |
239 | onclick=\"javascript:updateLabelList()\" value=\"".__('Search')."\"> | |
240 | <p><a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\"> | |
241 | <img src='images/sign_quest.gif'></a></p> | |
242 | </div>"; | |
0d32b41e | 243 | |
ef8be8ea AD |
244 | print "<div class=\"prefGenericAddBox\">"; |
245 | ||
246 | print"<input type=\"submit\" class=\"button\" | |
247 | id=\"label_create_btn\" | |
248 | onclick=\"return displayDlg('quickAddLabel', false)\" | |
a3c159c4 | 249 | value=\"".__('Create label')."\"></div>"; |
ef8be8ea | 250 | |
112d2aec AD |
251 | if ($label_search) { |
252 | $label_search_query = "(sql_exp LIKE '%$label_search%' OR | |
253 | description LIKE '%$label_search%') AND"; | |
254 | } else { | |
255 | $label_search_query = ""; | |
256 | } | |
257 | ||
ef8be8ea AD |
258 | $result = db_query($link, "SELECT |
259 | id,sql_exp,description | |
260 | FROM | |
261 | ttrss_labels | |
262 | WHERE | |
112d2aec | 263 | $label_search_query |
ef8be8ea AD |
264 | owner_uid = ".$_SESSION["uid"]." |
265 | ORDER BY $sort"); | |
266 | ||
267 | // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>"; | |
268 | ||
269 | if (db_num_rows($result) != 0) { | |
270 | ||
ef8be8ea AD |
271 | print "<p><table width=\"100%\" cellspacing=\"0\" |
272 | class=\"prefLabelList\" id=\"prefLabelList\">"; | |
273 | ||
274 | print "<tr><td class=\"selectPrompt\" colspan=\"8\"> | |
e8d0177d AD |
275 | ".__('Select:')." |
276 | <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>, | |
277 | <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a> | |
ef8be8ea AD |
278 | </td</tr>"; |
279 | ||
280 | print "<tr class=\"title\"> | |
281 | <td width=\"5%\"> </td> | |
a3c159c4 | 282 | <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td> |
5ede560f | 283 | <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a> |
ef8be8ea AD |
284 | </td> |
285 | </tr>"; | |
286 | ||
287 | $lnum = 0; | |
288 | ||
289 | while ($line = db_fetch_assoc($result)) { | |
290 | ||
291 | $class = ($lnum % 2) ? "even" : "odd"; | |
292 | ||
293 | $label_id = $line["id"]; | |
294 | $edit_label_id = $_GET["id"]; | |
295 | ||
296 | if ($subop == "edit" && $label_id != $edit_label_id) { | |
297 | $class .= "Grayed"; | |
298 | $this_row_id = ""; | |
299 | } else { | |
300 | $this_row_id = "id=\"LILRR-$label_id\""; | |
301 | } | |
302 | ||
303 | print "<tr class=\"$class\" $this_row_id>"; | |
304 | ||
47439031 AD |
305 | $line["sql_exp"] = htmlspecialchars($line["sql_exp"]); |
306 | $line["description"] = htmlspecialchars($line["description"]); | |
ef8be8ea | 307 | |
a95da136 AD |
308 | if (!$line["description"]) $line["description"] = __("[No caption]"); |
309 | ||
310 | $onclick = "onclick='editLabel($label_id)' title='".__('Click to edit')."'"; | |
ef8be8ea AD |
311 | |
312 | print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' | |
313 | type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>"; | |
314 | ||
a95da136 AD |
315 | print "<td $onclick>" . $line["description"] . "</td>"; |
316 | print "<td $onclick>" . $line["sql_exp"] . "</td>"; | |
ef8be8ea AD |
317 | |
318 | print "</tr>"; | |
319 | ||
320 | ++$lnum; | |
321 | } | |
a5bd7bf0 | 322 | |
ef8be8ea | 323 | print "</table>"; |
ef8be8ea AD |
324 | |
325 | print "<p id=\"labelOpToolbar\">"; | |
326 | ||
a3c159c4 AD |
327 | print "<input type=\"submit\" class=\"button\" disabled=\"true\" |
328 | onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\"> | |
ef8be8ea | 329 | <input type=\"submit\" class=\"button\" disabled=\"true\" |
a3c159c4 | 330 | onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">"; |
ef8be8ea AD |
331 | |
332 | } else { | |
a5bd7bf0 AD |
333 | print "<p>"; |
334 | if (!$label_search) { | |
335 | print __('No labels defined.'); | |
336 | } else { | |
337 | print __('No matching labels found.'); | |
338 | } | |
339 | print "</p>"; | |
340 | ||
ef8be8ea AD |
341 | } |
342 | } | |
343 | ?> |