]>
Commit | Line | Data |
---|---|---|
ef8be8ea AD |
1 | <?php |
2 | // We need to accept raw SQL data in label queries, so not everything is escaped | |
3 | // here, this is by design. If you don't like it, disable labels | |
4 | // altogether with GLOBAL_ENABLE_LABELS = false | |
5 | ||
6 | function module_pref_labels($link) { | |
7 | if (!GLOBAL_ENABLE_LABELS) { | |
8 | ||
9 | print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>"; | |
10 | return; | |
11 | } | |
12 | ||
13 | $subop = $_GET["subop"]; | |
14 | ||
15 | if ($subop == "edit") { | |
16 | ||
17 | $label_id = db_escape_string($_GET["id"]); | |
18 | ||
19 | $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE | |
20 | owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description"); | |
21 | ||
22 | $line = db_fetch_assoc($result); | |
23 | ||
47439031 AD |
24 | $sql_exp = htmlspecialchars($line["sql_exp"]); |
25 | $description = htmlspecialchars($line["description"]); | |
ef8be8ea AD |
26 | |
27 | print "<div id=\"infoBoxTitle\">Label editor</div>"; | |
28 | print "<div class=\"infoBoxContents\">"; | |
29 | ||
e6312f6c | 30 | print "<form id=\"label_edit_form\" onsubmit='return false'>"; |
ef8be8ea AD |
31 | |
32 | print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; | |
33 | print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; | |
34 | print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; | |
35 | ||
36 | print "<table width='100%'>"; | |
37 | ||
38 | print "<tr><td>Caption:</td> | |
39 | <td><input onkeypress=\"return filterCR(event, labelEditSave)\" | |
b5015f72 AD |
40 | onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" |
41 | onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
ef8be8ea AD |
42 | name=\"description\" class=\"iedit\" value=\"$description\">"; |
43 | ||
44 | print "</td></tr>"; | |
45 | ||
46 | print "<tr><td colspan=\"2\"> | |
47 | <p>SQL Expression:</p>"; | |
48 | ||
49 | print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
50 | rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>"; | |
51 | ||
52 | print "</td></tr></table>"; | |
53 | ||
54 | print "</form>"; | |
55 | ||
56 | print "<div style=\"display : none\" id=\"label_test_result\"></div>"; | |
57 | ||
58 | print "<div align='right'>"; | |
59 | ||
60 | $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : ""; | |
61 | ||
62 | print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\"> | |
63 | "; | |
64 | ||
65 | print "<input type=\"submit\" | |
66 | id=\"infobox_submit\" | |
67 | class=\"button\" onclick=\"return labelEditSave()\" | |
68 | value=\"Save\"> "; | |
69 | ||
70 | print "<input class=\"button\" | |
71 | type=\"submit\" onclick=\"return labelEditCancel()\" | |
72 | value=\"Cancel\">"; | |
73 | ||
74 | print "</div>"; | |
75 | ||
76 | return; | |
77 | } | |
78 | ||
79 | if ($subop == "test") { | |
80 | ||
47439031 AD |
81 | // no escaping here on purpose |
82 | $expr = trim($_GET["expr"]); | |
83 | $descr = db_escape_string(trim($_GET["descr"])); | |
ef8be8ea | 84 | |
a4919a16 AD |
85 | if (!$expr) { |
86 | print "<div>Error: SQL expression is blank.</div>"; | |
87 | return; | |
88 | } | |
89 | ||
ef8be8ea AD |
90 | print "<div>"; |
91 | ||
92 | error_reporting(0); | |
93 | ||
94 | ||
95 | $result = db_query($link, | |
96 | "SELECT count(ttrss_entries.id) AS num_matches | |
97 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
98 | WHERE ($expr) AND | |
99 | ttrss_user_entries.ref_id = ttrss_entries.id AND | |
100 | ttrss_user_entries.feed_id = ttrss_feeds.id AND | |
101 | ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false); | |
102 | ||
103 | error_reporting (DEFAULT_ERROR_LEVEL); | |
104 | ||
105 | if (!$result) { | |
106 | print "<p>" . db_last_error($link) . "</p>"; | |
107 | print "</div>"; | |
108 | return; | |
109 | } | |
110 | ||
111 | $num_matches = db_fetch_result($result, 0, "num_matches");; | |
112 | ||
113 | if ($num_matches > 0) { | |
114 | ||
115 | if ($num_matches > 10) { | |
116 | $showing_msg = ", showing first 10"; | |
117 | } | |
118 | ||
119 | print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>"; | |
120 | ||
121 | $result = db_query($link, | |
122 | "SELECT ttrss_entries.title, | |
123 | (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title | |
124 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
125 | WHERE ($expr) AND | |
126 | ttrss_user_entries.ref_id = ttrss_entries.id | |
127 | AND ttrss_user_entries.feed_id = ttrss_feeds.id | |
128 | AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " | |
129 | ORDER BY date_entered DESC LIMIT 10", false); | |
130 | ||
131 | print "<ul class=\"labelTestResults\">"; | |
132 | ||
133 | $row_class = "even"; | |
134 | ||
135 | while ($line = db_fetch_assoc($result)) { | |
136 | $row_class = toggleEvenOdd($row_class); | |
137 | ||
138 | print "<li class=\"$row_class\">".$line["title"]. | |
139 | " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>"; | |
140 | } | |
141 | print "</ul>"; | |
142 | ||
143 | } else { | |
144 | print "<p>Query didn't return any matches.</p>"; | |
145 | } | |
146 | ||
147 | print "</div>"; | |
148 | ||
149 | return; | |
150 | } | |
151 | ||
152 | if ($subop == "editSave") { | |
153 | ||
5b10ad15 | 154 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
ef8be8ea AD |
155 | $descr = db_escape_string(trim($_GET["description"])); |
156 | $label_id = db_escape_string($_GET["id"]); | |
157 | ||
158 | $result = db_query($link, "UPDATE ttrss_labels SET | |
159 | sql_exp = '$sql_exp', | |
160 | description = '$descr' | |
161 | WHERE id = '$label_id'"); | |
5e6f933a AD |
162 | |
163 | if (db_affected_rows($link, $result) != 0) { | |
164 | print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr))); | |
165 | } | |
166 | ||
ef8be8ea AD |
167 | } |
168 | ||
169 | if ($subop == "remove") { | |
170 | ||
171 | if (!WEB_DEMO_MODE) { | |
172 | ||
173 | $ids = split(",", db_escape_string($_GET["ids"])); | |
174 | ||
175 | foreach ($ids as $id) { | |
176 | db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); | |
177 | ||
178 | } | |
179 | } | |
180 | } | |
181 | ||
182 | if ($subop == "add") { | |
ef8be8ea | 183 | |
5b10ad15 | 184 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
5e6f933a | 185 | $description = db_escape_string($_GET["description"]); |
ef8be8ea | 186 | |
5e6f933a | 187 | if (!$sql_exp || !$description) return; |
ef8be8ea | 188 | |
5e6f933a AD |
189 | $result = db_query($link, |
190 | "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) | |
191 | VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')"); | |
192 | ||
193 | if (db_affected_rows($link, $result) != 0) { | |
194 | print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description)); | |
195 | } | |
196 | ||
197 | return; | |
ef8be8ea AD |
198 | } |
199 | ||
fe8d2059 AD |
200 | set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig"); |
201 | ||
ef8be8ea AD |
202 | $sort = db_escape_string($_GET["sort"]); |
203 | ||
204 | if (!$sort || $sort == "undefined") { | |
205 | $sort = "description"; | |
206 | } | |
207 | ||
0d32b41e AD |
208 | print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\"> |
209 | <img src='images/sign_quest.png'></a>"; | |
210 | ||
ef8be8ea AD |
211 | print "<div class=\"prefGenericAddBox\">"; |
212 | ||
213 | print"<input type=\"submit\" class=\"button\" | |
214 | id=\"label_create_btn\" | |
215 | onclick=\"return displayDlg('quickAddLabel', false)\" | |
a3c159c4 | 216 | value=\"".__('Create label')."\"></div>"; |
ef8be8ea AD |
217 | |
218 | $result = db_query($link, "SELECT | |
219 | id,sql_exp,description | |
220 | FROM | |
221 | ttrss_labels | |
222 | WHERE | |
223 | owner_uid = ".$_SESSION["uid"]." | |
224 | ORDER BY $sort"); | |
225 | ||
226 | // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>"; | |
227 | ||
228 | if (db_num_rows($result) != 0) { | |
229 | ||
ef8be8ea AD |
230 | print "<p><table width=\"100%\" cellspacing=\"0\" |
231 | class=\"prefLabelList\" id=\"prefLabelList\">"; | |
232 | ||
233 | print "<tr><td class=\"selectPrompt\" colspan=\"8\"> | |
e8d0177d AD |
234 | ".__('Select:')." |
235 | <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>, | |
236 | <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a> | |
ef8be8ea AD |
237 | </td</tr>"; |
238 | ||
239 | print "<tr class=\"title\"> | |
240 | <td width=\"5%\"> </td> | |
a3c159c4 | 241 | <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td> |
5ede560f | 242 | <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a> |
ef8be8ea AD |
243 | </td> |
244 | </tr>"; | |
245 | ||
246 | $lnum = 0; | |
247 | ||
248 | while ($line = db_fetch_assoc($result)) { | |
249 | ||
250 | $class = ($lnum % 2) ? "even" : "odd"; | |
251 | ||
252 | $label_id = $line["id"]; | |
253 | $edit_label_id = $_GET["id"]; | |
254 | ||
255 | if ($subop == "edit" && $label_id != $edit_label_id) { | |
256 | $class .= "Grayed"; | |
257 | $this_row_id = ""; | |
258 | } else { | |
259 | $this_row_id = "id=\"LILRR-$label_id\""; | |
260 | } | |
261 | ||
262 | print "<tr class=\"$class\" $this_row_id>"; | |
263 | ||
47439031 AD |
264 | $line["sql_exp"] = htmlspecialchars($line["sql_exp"]); |
265 | $line["description"] = htmlspecialchars($line["description"]); | |
ef8be8ea AD |
266 | |
267 | if (!$line["description"]) $line["description"] = "[No caption]"; | |
268 | ||
269 | print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' | |
270 | type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>"; | |
271 | ||
272 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
273 | $line["description"] . "</td>"; | |
274 | ||
275 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
276 | $line["sql_exp"] . "</td>"; | |
277 | ||
278 | print "</tr>"; | |
279 | ||
280 | ++$lnum; | |
281 | } | |
282 | ||
283 | if ($lnum == 0) { | |
a3c159c4 | 284 | print "<tr><td colspan=\"4\" align=\"center\">".__('No labels defined.')."</td></tr>"; |
ef8be8ea AD |
285 | } |
286 | ||
287 | print "</table>"; | |
ef8be8ea AD |
288 | |
289 | print "<p id=\"labelOpToolbar\">"; | |
290 | ||
a3c159c4 AD |
291 | print "<input type=\"submit\" class=\"button\" disabled=\"true\" |
292 | onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\"> | |
ef8be8ea | 293 | <input type=\"submit\" class=\"button\" disabled=\"true\" |
a3c159c4 | 294 | onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">"; |
ef8be8ea AD |
295 | |
296 | } else { | |
a3c159c4 | 297 | print "<p>".__('No labels defined.')."</p>"; |
ef8be8ea AD |
298 | } |
299 | } | |
300 | ?> |