[tt-rss.git] / modules / pref-labels.php

<?php
	// We need to accept raw SQL data in label queries, so not everything is escaped
	// here, this is by design. If you don't like it, disable labels
	// altogether with GLOBAL_ENABLE_LABELS = false

	function module_pref_labels($link) {
		if (!GLOBAL_ENABLE_LABELS) { 

			print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
			return; 
		}

		$subop = $_GET["subop"];

		if ($subop == "edit") {

			$label_id = db_escape_string($_GET["id"]);

			$result = db_query($link, "SELECT sql_exp,description	FROM ttrss_labels WHERE 
				owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");

			$line = db_fetch_assoc($result);

			$sql_exp = htmlspecialchars($line["sql_exp"]);
			$description = htmlspecialchars($line["description"]);

			print "<div id=\"infoBoxTitle\">Label editor</div>";
			print "<div class=\"infoBoxContents\">";

			print "<form id=\"label_edit_form\" onsubmit='return false'>";

			print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
			print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
			print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; 

			print "<table width='100%'>";

			print "<tr><td>Caption:</td>
				<td><input onkeypress=\"return filterCR(event, labelEditSave)\"
					onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					 name=\"description\" class=\"iedit\" value=\"$description\">";

			print "</td></tr>";

			print "<tr><td colspan=\"2\">
				<p>SQL Expression:</p>";

			print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					 rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";

			print "</td></tr></table>";

			print "</form>";

			print "<div style=\"display : none\" id=\"label_test_result\"></div>";

			print "<div align='right'>";

			$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";

			print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
				";

			print "<input type=\"submit\" 
				id=\"infobox_submit\"
				class=\"button\" onclick=\"return labelEditSave()\" 
				value=\"Save\"> ";

			print "<input class=\"button\"
				type=\"submit\" onclick=\"return labelEditCancel()\" 
				value=\"Cancel\">";

			print "</div>";

			return;
		}

		if ($subop == "test") {

			// no escaping here on purpose
			$expr = trim($_GET["expr"]);
			$descr = db_escape_string(trim($_GET["descr"]));

			if (!$expr) {
				print "<div>Error: SQL expression is blank.</div>";
				return;
			}

			print "<div>";

			error_reporting(0);


			$result = db_query($link, 
				"SELECT count(ttrss_entries.id) AS num_matches
					FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
					WHERE ($expr) AND 
						ttrss_user_entries.ref_id = ttrss_entries.id AND
						ttrss_user_entries.feed_id = ttrss_feeds.id AND
						ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);

			error_reporting (DEFAULT_ERROR_LEVEL);

			if (!$result) {
				print "<p>" . db_last_error($link) . "</p>";
				print "</div>";
				return;
			}

			$num_matches = db_fetch_result($result, 0, "num_matches");;
			
			if ($num_matches > 0) { 

				if ($num_matches > 10) {
					$showing_msg = ", showing first 10";
				}

				print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";

				$result = db_query($link, 
					"SELECT ttrss_entries.title, 
						(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
					FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
							WHERE ($expr) AND 
							ttrss_user_entries.ref_id = ttrss_entries.id
							AND ttrss_user_entries.feed_id = ttrss_feeds.id
							AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " 
							ORDER BY date_entered DESC LIMIT 10", false);

				print "<ul class=\"labelTestResults\">";

				$row_class = "even";
				
				while ($line = db_fetch_assoc($result)) {
					$row_class = toggleEvenOdd($row_class);
					
					print "<li class=\"$row_class\">".$line["title"].
						" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
				}
				print "</ul>";

			} else {
				print "<p>Query didn't return any matches.</p>";
			}

			print "</div>";

			return;
		}

		if ($subop == "editSave") {

			$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
			$descr = db_escape_string(trim($_GET["description"]));
			$label_id = db_escape_string($_GET["id"]);
			
			$result = db_query($link, "UPDATE ttrss_labels SET 
				sql_exp = '$sql_exp', 
				description = '$descr'
				WHERE id = '$label_id'");

			if (db_affected_rows($link, $result) != 0) {
				print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr)));
			}

		}

		if ($subop == "remove") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", db_escape_string($_GET["ids"]));

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
					
				}
			}
		}

		if ($subop == "add") {

			$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
			$description = db_escape_string($_GET["description"]);

			if (!$sql_exp || !$description) return;

			$result = db_query($link,
				"INSERT INTO ttrss_labels (sql_exp,description,owner_uid) 
				VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");

			if (db_affected_rows($link, $result) != 0) {
				print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description));
			}

			return;
		}

		set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");

		$sort = db_escape_string($_GET["sort"]);

		if (!$sort || $sort == "undefined") {
			$sort = "description";
		}

		print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
			<img src='images/sign_quest.png'></a>";

		print "<div class=\"prefGenericAddBox\">";

		print"<input type=\"submit\" class=\"button\" 
			id=\"label_create_btn\"
			onclick=\"return displayDlg('quickAddLabel', false)\" 
			value=\"".__('Create label')."\"></div>";

		$result = db_query($link, "SELECT 
				id,sql_exp,description
			FROM 
				ttrss_labels 
			WHERE 
				owner_uid = ".$_SESSION["uid"]."
			ORDER BY $sort");

//		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		if (db_num_rows($result) != 0) {

			print "<p><table width=\"100%\" cellspacing=\"0\" 
				class=\"prefLabelList\" id=\"prefLabelList\">";

			print "<tr><td class=\"selectPrompt\" colspan=\"8\">
				".__('Select:')." 
					<a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>,
					<a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a>
				</td</tr>";

			print "<tr class=\"title\">
						<td width=\"5%\">&nbsp;</td>
						<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
						<td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
						</td>
						</tr>";
			
			$lnum = 0;
			
			while ($line = db_fetch_assoc($result)) {
	
				$class = ($lnum % 2) ? "even" : "odd";
	
				$label_id = $line["id"];
				$edit_label_id = $_GET["id"];
	
				if ($subop == "edit" && $label_id != $edit_label_id) {
					$class .= "Grayed";
					$this_row_id = "";
				} else {
					$this_row_id = "id=\"LILRR-$label_id\"";
				}
	
				print "<tr class=\"$class\" $this_row_id>";
	
				$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
				$line["description"] = htmlspecialchars($line["description"]);
	
				if (!$line["description"]) $line["description"] = "[No caption]";
	
				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' 
					type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
	
				print "<td><a href=\"javascript:editLabel($label_id);\">" . 
					$line["description"] . "</td>";			

				print "<td><a href=\"javascript:editLabel($label_id);\">" . 
					$line["sql_exp"] . "</td>";		

				print "</tr>";
	
				++$lnum;
			}
	
			if ($lnum == 0) {
				print "<tr><td colspan=\"4\" align=\"center\">".__('No labels defined.')."</td></tr>";
			}
	
			print "</table>";
	
			print "<p id=\"labelOpToolbar\">";
	
			print "<input type=\"submit\" class=\"button\" disabled=\"true\"
					onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
				<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";

		} else {
			print "<p>".__('No labels defined.')."</p>";
		}
	}
?>
Commit	Line	Data
ef8be8ea AD	1	<?php
	2	// We need to accept raw SQL data in label queries, so not everything is escaped
	3	// here, this is by design. If you don't like it, disable labels
	4	// altogether with GLOBAL_ENABLE_LABELS = false
	5
	6	function module_pref_labels($link) {
	7	if (!GLOBAL_ENABLE_LABELS) {
	8
	9	print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
	10	return;
	11	}
	12
	13	$subop = $_GET["subop"];
	14
	15	if ($subop == "edit") {
	16
	17	$label_id = db_escape_string($_GET["id"]);
	18
	19	$result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
	20	owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
	21
	22	$line = db_fetch_assoc($result);
	23
47439031 AD	24	$sql_exp = htmlspecialchars($line["sql_exp"]);
47439031 AD	25	$description = htmlspecialchars($line["description"]);
ef8be8ea AD	26
	27	print "<div id=\"infoBoxTitle\">Label editor</div>";
	28	print "<div class=\"infoBoxContents\">";
	29
e6312f6c	30	print "<form id=\"label_edit_form\" onsubmit='return false'>";
ef8be8ea AD	31
	32	print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
	33	print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
	34	print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
	35
	36	print "<table width='100%'>";
	37
	38	print "<tr><td>Caption:</td>
	39	<td><input onkeypress=\"return filterCR(event, labelEditSave)\"
b5015f72 AD	40	onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
b5015f72 AD	41	onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
ef8be8ea AD	42	name=\"description\" class=\"iedit\" value=\"$description\">";
	43
	44	print "</td></tr>";
	45
	46	print "<tr><td colspan=\"2\">
	47	<p>SQL Expression:</p>";
	48
	49	print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
	50	rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";
	51
	52	print "</td></tr></table>";
	53
	54	print "</form>";
	55
	56	print "<div style=\"display : none\" id=\"label_test_result\"></div>";
	57
	58	print "<div align='right'>";
	59
	60	$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
	61
	62	print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
	63	";
	64
	65	print "<input type=\"submit\"
	66	id=\"infobox_submit\"
	67	class=\"button\" onclick=\"return labelEditSave()\"
	68	value=\"Save\"> ";
	69
	70	print "<input class=\"button\"
	71	type=\"submit\" onclick=\"return labelEditCancel()\"
	72	value=\"Cancel\">";
	73
	74	print "</div>";
	75
	76	return;
	77	}
	78
	79	if ($subop == "test") {
	80
47439031 AD	81	// no escaping here on purpose
	82	$expr = trim($_GET["expr"]);
	83	$descr = db_escape_string(trim($_GET["descr"]));
ef8be8ea	84
a4919a16 AD	85	if (!$expr) {
	86	print "<div>Error: SQL expression is blank.</div>";
	87	return;
	88	}
	89
ef8be8ea AD	90	print "<div>";
	91
	92	error_reporting(0);
	93
	94
	95	$result = db_query($link,
	96	"SELECT count(ttrss_entries.id) AS num_matches
	97	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
	98	WHERE ($expr) AND
	99	ttrss_user_entries.ref_id = ttrss_entries.id AND
	100	ttrss_user_entries.feed_id = ttrss_feeds.id AND
	101	ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
	102
	103	error_reporting (DEFAULT_ERROR_LEVEL);
	104
	105	if (!$result) {
	106	print "<p>" . db_last_error($link) . "</p>";
	107	print "</div>";
	108	return;
	109	}
	110
	111	$num_matches = db_fetch_result($result, 0, "num_matches");;
	112
	113	if ($num_matches > 0) {
	114
	115	if ($num_matches > 10) {
	116	$showing_msg = ", showing first 10";
	117	}
	118
	119	print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
	120
	121	$result = db_query($link,
	122	"SELECT ttrss_entries.title,
	123	(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
	124	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
	125	WHERE ($expr) AND
	126	ttrss_user_entries.ref_id = ttrss_entries.id
	127	AND ttrss_user_entries.feed_id = ttrss_feeds.id
	128	AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
	129	ORDER BY date_entered DESC LIMIT 10", false);
	130
	131	print "<ul class=\"labelTestResults\">";
	132
	133	$row_class = "even";
	134
	135	while ($line = db_fetch_assoc($result)) {
	136	$row_class = toggleEvenOdd($row_class);
	137
	138	print "<li class=\"$row_class\">".$line["title"].
	139	" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
	140	}
	141	print "</ul>";
	142
	143	} else {
	144	print "<p>Query didn't return any matches.</p>";
	145	}
	146
	147	print "</div>";
	148
	149	return;
	150	}
	151
	152	if ($subop == "editSave") {
	153
5b10ad15	154	$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
ef8be8ea AD	155	$descr = db_escape_string(trim($_GET["description"]));
	156	$label_id = db_escape_string($_GET["id"]);
	157
	158	$result = db_query($link, "UPDATE ttrss_labels SET
	159	sql_exp = '$sql_exp',
	160	description = '$descr'
	161	WHERE id = '$label_id'");
5e6f933a AD	162
	163	if (db_affected_rows($link, $result) != 0) {
	164	print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr)));
	165	}
	166
ef8be8ea AD	167	}
	168
	169	if ($subop == "remove") {
	170
	171	if (!WEB_DEMO_MODE) {
	172
	173	$ids = split(",", db_escape_string($_GET["ids"]));
	174
	175	foreach ($ids as $id) {
	176	db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
	177
	178	}
	179	}
	180	}
	181
	182	if ($subop == "add") {
ef8be8ea	183
5b10ad15	184	$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
5e6f933a	185	$description = db_escape_string($_GET["description"]);
ef8be8ea	186
5e6f933a	187	if (!$sql_exp \|\| !$description) return;
ef8be8ea	188
5e6f933a AD	189	$result = db_query($link,
	190	"INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
	191	VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
	192
	193	if (db_affected_rows($link, $result) != 0) {
	194	print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description));
	195	}
	196
	197	return;
ef8be8ea AD	198	}
ef8be8ea AD	199
fe8d2059 AD	200	set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
fe8d2059 AD	201
ef8be8ea AD	202	$sort = db_escape_string($_GET["sort"]);
	203
	204	if (!$sort \|\| $sort == "undefined") {
	205	$sort = "description";
	206	}
	207
0d32b41e AD	208	print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
	209	<img src='images/sign_quest.png'></a>";
	210
ef8be8ea AD	211	print "<div class=\"prefGenericAddBox\">";
	212
	213	print"<input type=\"submit\" class=\"button\"
	214	id=\"label_create_btn\"
	215	onclick=\"return displayDlg('quickAddLabel', false)\"
a3c159c4	216	value=\"".__('Create label')."\"></div>";
ef8be8ea AD	217
	218	$result = db_query($link, "SELECT
	219	id,sql_exp,description
	220	FROM
	221	ttrss_labels
	222	WHERE
	223	owner_uid = ".$_SESSION["uid"]."
	224	ORDER BY $sort");
	225
	226	// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
	227
	228	if (db_num_rows($result) != 0) {
	229
ef8be8ea AD	230	print "<p><table width=\"100%\" cellspacing=\"0\"
	231	class=\"prefLabelList\" id=\"prefLabelList\">";
	232
	233	print "<tr><td class=\"selectPrompt\" colspan=\"8\">
e8d0177d AD	234	".__('Select:')."
	235	<a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>,
	236	<a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a>
ef8be8ea AD	237	</td</tr>";
	238
	239	print "<tr class=\"title\">
	240	<td width=\"5%\"> </td>
a3c159c4	241	<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
5ede560f	242	<td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
ef8be8ea AD	243	</td>
	244	</tr>";
	245
	246	$lnum = 0;
	247
	248	while ($line = db_fetch_assoc($result)) {
	249
	250	$class = ($lnum % 2) ? "even" : "odd";
	251
	252	$label_id = $line["id"];
	253	$edit_label_id = $_GET["id"];
	254
	255	if ($subop == "edit" && $label_id != $edit_label_id) {
	256	$class .= "Grayed";
	257	$this_row_id = "";
	258	} else {
	259	$this_row_id = "id=\"LILRR-$label_id\"";
	260	}
	261
	262	print "<tr class=\"$class\" $this_row_id>";
	263
47439031 AD	264	$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
47439031 AD	265	$line["description"] = htmlspecialchars($line["description"]);
ef8be8ea AD	266
	267	if (!$line["description"]) $line["description"] = "[No caption]";
	268
	269	print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
	270	type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
	271
	272	print "<td><a href=\"javascript:editLabel($label_id);\">" .
	273	$line["description"] . "</td>";
	274
	275	print "<td><a href=\"javascript:editLabel($label_id);\">" .
	276	$line["sql_exp"] . "</td>";
	277
	278	print "</tr>";
	279
	280	++$lnum;
	281	}
	282
	283	if ($lnum == 0) {
a3c159c4	284	print "<tr><td colspan=\"4\" align=\"center\">".__('No labels defined.')."</td></tr>";
ef8be8ea AD	285	}
	286
	287	print "</table>";
ef8be8ea AD	288
	289	print "<p id=\"labelOpToolbar\">";
	290
a3c159c4 AD	291	print "<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4 AD	292	onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
ef8be8ea	293	<input type=\"submit\" class=\"button\" disabled=\"true\"
a3c159c4	294	onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";
ef8be8ea AD	295
ef8be8ea AD	296	} else {
a3c159c4	297	print "<p>".__('No labels defined.')."</p>";
ef8be8ea AD	298	}
	299	}
	300	?>