]>
Commit | Line | Data |
---|---|---|
ef8be8ea AD |
1 | <?php |
2 | // We need to accept raw SQL data in label queries, so not everything is escaped | |
3 | // here, this is by design. If you don't like it, disable labels | |
4 | // altogether with GLOBAL_ENABLE_LABELS = false | |
5 | ||
6 | function module_pref_labels($link) { | |
7 | if (!GLOBAL_ENABLE_LABELS) { | |
8 | ||
9 | print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>"; | |
10 | return; | |
11 | } | |
12 | ||
13 | $subop = $_GET["subop"]; | |
14 | ||
15 | if ($subop == "edit") { | |
16 | ||
17 | $label_id = db_escape_string($_GET["id"]); | |
18 | ||
19 | $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE | |
20 | owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description"); | |
21 | ||
22 | $line = db_fetch_assoc($result); | |
23 | ||
24 | $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"])); | |
25 | $description = htmlspecialchars(db_unescape_string($line["description"])); | |
26 | ||
27 | print "<div id=\"infoBoxTitle\">Label editor</div>"; | |
28 | print "<div class=\"infoBoxContents\">"; | |
29 | ||
e6312f6c | 30 | print "<form id=\"label_edit_form\" onsubmit='return false'>"; |
ef8be8ea AD |
31 | |
32 | print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; | |
33 | print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; | |
34 | print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; | |
35 | ||
36 | print "<table width='100%'>"; | |
37 | ||
38 | print "<tr><td>Caption:</td> | |
39 | <td><input onkeypress=\"return filterCR(event, labelEditSave)\" | |
b5015f72 AD |
40 | onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" |
41 | onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
ef8be8ea AD |
42 | name=\"description\" class=\"iedit\" value=\"$description\">"; |
43 | ||
44 | print "</td></tr>"; | |
45 | ||
46 | print "<tr><td colspan=\"2\"> | |
47 | <p>SQL Expression:</p>"; | |
48 | ||
49 | print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
50 | rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>"; | |
51 | ||
52 | print "</td></tr></table>"; | |
53 | ||
54 | print "</form>"; | |
55 | ||
56 | print "<div style=\"display : none\" id=\"label_test_result\"></div>"; | |
57 | ||
58 | print "<div align='right'>"; | |
59 | ||
60 | $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : ""; | |
61 | ||
62 | print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\"> | |
63 | "; | |
64 | ||
65 | print "<input type=\"submit\" | |
66 | id=\"infobox_submit\" | |
67 | class=\"button\" onclick=\"return labelEditSave()\" | |
68 | value=\"Save\"> "; | |
69 | ||
70 | print "<input class=\"button\" | |
71 | type=\"submit\" onclick=\"return labelEditCancel()\" | |
72 | value=\"Cancel\">"; | |
73 | ||
74 | print "</div>"; | |
75 | ||
76 | return; | |
77 | } | |
78 | ||
79 | if ($subop == "test") { | |
80 | ||
81 | $expr = db_unescape_string(trim($_GET["expr"])); | |
82 | $descr = db_unescape_string(trim($_GET["descr"])); | |
83 | ||
84 | print "<div>"; | |
85 | ||
86 | error_reporting(0); | |
87 | ||
88 | ||
89 | $result = db_query($link, | |
90 | "SELECT count(ttrss_entries.id) AS num_matches | |
91 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
92 | WHERE ($expr) AND | |
93 | ttrss_user_entries.ref_id = ttrss_entries.id AND | |
94 | ttrss_user_entries.feed_id = ttrss_feeds.id AND | |
95 | ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false); | |
96 | ||
97 | error_reporting (DEFAULT_ERROR_LEVEL); | |
98 | ||
99 | if (!$result) { | |
100 | print "<p>" . db_last_error($link) . "</p>"; | |
101 | print "</div>"; | |
102 | return; | |
103 | } | |
104 | ||
105 | $num_matches = db_fetch_result($result, 0, "num_matches");; | |
106 | ||
107 | if ($num_matches > 0) { | |
108 | ||
109 | if ($num_matches > 10) { | |
110 | $showing_msg = ", showing first 10"; | |
111 | } | |
112 | ||
113 | print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>"; | |
114 | ||
115 | $result = db_query($link, | |
116 | "SELECT ttrss_entries.title, | |
117 | (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title | |
118 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
119 | WHERE ($expr) AND | |
120 | ttrss_user_entries.ref_id = ttrss_entries.id | |
121 | AND ttrss_user_entries.feed_id = ttrss_feeds.id | |
122 | AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " | |
123 | ORDER BY date_entered DESC LIMIT 10", false); | |
124 | ||
125 | print "<ul class=\"labelTestResults\">"; | |
126 | ||
127 | $row_class = "even"; | |
128 | ||
129 | while ($line = db_fetch_assoc($result)) { | |
130 | $row_class = toggleEvenOdd($row_class); | |
131 | ||
132 | print "<li class=\"$row_class\">".$line["title"]. | |
133 | " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>"; | |
134 | } | |
135 | print "</ul>"; | |
136 | ||
137 | } else { | |
138 | print "<p>Query didn't return any matches.</p>"; | |
139 | } | |
140 | ||
141 | print "</div>"; | |
142 | ||
143 | return; | |
144 | } | |
145 | ||
146 | if ($subop == "editSave") { | |
147 | ||
148 | $sql_exp = trim($_GET["sql_exp"]); | |
149 | $descr = db_escape_string(trim($_GET["description"])); | |
150 | $label_id = db_escape_string($_GET["id"]); | |
151 | ||
152 | $result = db_query($link, "UPDATE ttrss_labels SET | |
153 | sql_exp = '$sql_exp', | |
154 | description = '$descr' | |
155 | WHERE id = '$label_id'"); | |
5e6f933a AD |
156 | |
157 | if (db_affected_rows($link, $result) != 0) { | |
158 | print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr))); | |
159 | } | |
160 | ||
ef8be8ea AD |
161 | } |
162 | ||
163 | if ($subop == "remove") { | |
164 | ||
165 | if (!WEB_DEMO_MODE) { | |
166 | ||
167 | $ids = split(",", db_escape_string($_GET["ids"])); | |
168 | ||
169 | foreach ($ids as $id) { | |
170 | db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); | |
171 | ||
172 | } | |
173 | } | |
174 | } | |
175 | ||
176 | if ($subop == "add") { | |
ef8be8ea | 177 | |
5e6f933a AD |
178 | // no escaping is done here on purpose |
179 | $sql_exp = trim($_GET["sql_exp"]); | |
180 | $description = db_escape_string($_GET["description"]); | |
ef8be8ea | 181 | |
5e6f933a | 182 | if (!$sql_exp || !$description) return; |
ef8be8ea | 183 | |
5e6f933a AD |
184 | $result = db_query($link, |
185 | "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) | |
186 | VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')"); | |
187 | ||
188 | if (db_affected_rows($link, $result) != 0) { | |
189 | print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description)); | |
190 | } | |
191 | ||
192 | return; | |
ef8be8ea AD |
193 | } |
194 | ||
fe8d2059 AD |
195 | set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig"); |
196 | ||
ef8be8ea AD |
197 | $sort = db_escape_string($_GET["sort"]); |
198 | ||
199 | if (!$sort || $sort == "undefined") { | |
200 | $sort = "description"; | |
201 | } | |
202 | ||
0d32b41e AD |
203 | print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\"> |
204 | <img src='images/sign_quest.png'></a>"; | |
205 | ||
ef8be8ea AD |
206 | print "<div class=\"prefGenericAddBox\">"; |
207 | ||
208 | print"<input type=\"submit\" class=\"button\" | |
209 | id=\"label_create_btn\" | |
210 | onclick=\"return displayDlg('quickAddLabel', false)\" | |
a3c159c4 | 211 | value=\"".__('Create label')."\"></div>"; |
ef8be8ea AD |
212 | |
213 | $result = db_query($link, "SELECT | |
214 | id,sql_exp,description | |
215 | FROM | |
216 | ttrss_labels | |
217 | WHERE | |
218 | owner_uid = ".$_SESSION["uid"]." | |
219 | ORDER BY $sort"); | |
220 | ||
221 | // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>"; | |
222 | ||
223 | if (db_num_rows($result) != 0) { | |
224 | ||
ef8be8ea AD |
225 | print "<p><table width=\"100%\" cellspacing=\"0\" |
226 | class=\"prefLabelList\" id=\"prefLabelList\">"; | |
227 | ||
228 | print "<tr><td class=\"selectPrompt\" colspan=\"8\"> | |
e8d0177d AD |
229 | ".__('Select:')." |
230 | <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>, | |
231 | <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a> | |
ef8be8ea AD |
232 | </td</tr>"; |
233 | ||
234 | print "<tr class=\"title\"> | |
235 | <td width=\"5%\"> </td> | |
a3c159c4 | 236 | <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td> |
5ede560f | 237 | <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a> |
ef8be8ea AD |
238 | </td> |
239 | </tr>"; | |
240 | ||
241 | $lnum = 0; | |
242 | ||
243 | while ($line = db_fetch_assoc($result)) { | |
244 | ||
245 | $class = ($lnum % 2) ? "even" : "odd"; | |
246 | ||
247 | $label_id = $line["id"]; | |
248 | $edit_label_id = $_GET["id"]; | |
249 | ||
250 | if ($subop == "edit" && $label_id != $edit_label_id) { | |
251 | $class .= "Grayed"; | |
252 | $this_row_id = ""; | |
253 | } else { | |
254 | $this_row_id = "id=\"LILRR-$label_id\""; | |
255 | } | |
256 | ||
257 | print "<tr class=\"$class\" $this_row_id>"; | |
258 | ||
259 | $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"])); | |
260 | $line["description"] = htmlspecialchars( | |
261 | db_unescape_string($line["description"])); | |
262 | ||
263 | if (!$line["description"]) $line["description"] = "[No caption]"; | |
264 | ||
265 | print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' | |
266 | type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>"; | |
267 | ||
268 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
269 | $line["description"] . "</td>"; | |
270 | ||
271 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
272 | $line["sql_exp"] . "</td>"; | |
273 | ||
274 | print "</tr>"; | |
275 | ||
276 | ++$lnum; | |
277 | } | |
278 | ||
279 | if ($lnum == 0) { | |
a3c159c4 | 280 | print "<tr><td colspan=\"4\" align=\"center\">".__('No labels defined.')."</td></tr>"; |
ef8be8ea AD |
281 | } |
282 | ||
283 | print "</table>"; | |
ef8be8ea AD |
284 | |
285 | print "<p id=\"labelOpToolbar\">"; | |
286 | ||
a3c159c4 AD |
287 | print "<input type=\"submit\" class=\"button\" disabled=\"true\" |
288 | onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\"> | |
ef8be8ea | 289 | <input type=\"submit\" class=\"button\" disabled=\"true\" |
a3c159c4 | 290 | onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">"; |
ef8be8ea AD |
291 | |
292 | } else { | |
a3c159c4 | 293 | print "<p>".__('No labels defined.')."</p>"; |
ef8be8ea AD |
294 | } |
295 | } | |
296 | ?> |