]>
Commit | Line | Data |
---|---|---|
ef8be8ea AD |
1 | <?php |
2 | // We need to accept raw SQL data in label queries, so not everything is escaped | |
3 | // here, this is by design. If you don't like it, disable labels | |
4 | // altogether with GLOBAL_ENABLE_LABELS = false | |
5 | ||
6 | function module_pref_labels($link) { | |
7 | if (!GLOBAL_ENABLE_LABELS) { | |
8 | ||
9 | print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>"; | |
10 | return; | |
11 | } | |
12 | ||
13 | $subop = $_GET["subop"]; | |
14 | ||
15 | if ($subop == "edit") { | |
16 | ||
17 | $label_id = db_escape_string($_GET["id"]); | |
18 | ||
19 | $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE | |
20 | owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description"); | |
21 | ||
22 | $line = db_fetch_assoc($result); | |
23 | ||
24 | $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"])); | |
25 | $description = htmlspecialchars(db_unescape_string($line["description"])); | |
26 | ||
27 | print "<div id=\"infoBoxTitle\">Label editor</div>"; | |
28 | print "<div class=\"infoBoxContents\">"; | |
29 | ||
e6312f6c | 30 | print "<form id=\"label_edit_form\" onsubmit='return false'>"; |
ef8be8ea AD |
31 | |
32 | print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; | |
33 | print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; | |
34 | print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; | |
35 | ||
36 | print "<table width='100%'>"; | |
37 | ||
38 | print "<tr><td>Caption:</td> | |
39 | <td><input onkeypress=\"return filterCR(event, labelEditSave)\" | |
b5015f72 AD |
40 | onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" |
41 | onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
ef8be8ea AD |
42 | name=\"description\" class=\"iedit\" value=\"$description\">"; |
43 | ||
44 | print "</td></tr>"; | |
45 | ||
46 | print "<tr><td colspan=\"2\"> | |
47 | <p>SQL Expression:</p>"; | |
48 | ||
49 | print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
50 | rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>"; | |
51 | ||
52 | print "</td></tr></table>"; | |
53 | ||
54 | print "</form>"; | |
55 | ||
56 | print "<div style=\"display : none\" id=\"label_test_result\"></div>"; | |
57 | ||
58 | print "<div align='right'>"; | |
59 | ||
60 | $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : ""; | |
61 | ||
62 | print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\"> | |
63 | "; | |
64 | ||
65 | print "<input type=\"submit\" | |
66 | id=\"infobox_submit\" | |
67 | class=\"button\" onclick=\"return labelEditSave()\" | |
68 | value=\"Save\"> "; | |
69 | ||
70 | print "<input class=\"button\" | |
71 | type=\"submit\" onclick=\"return labelEditCancel()\" | |
72 | value=\"Cancel\">"; | |
73 | ||
74 | print "</div>"; | |
75 | ||
76 | return; | |
77 | } | |
78 | ||
79 | if ($subop == "test") { | |
80 | ||
81 | $expr = db_unescape_string(trim($_GET["expr"])); | |
82 | $descr = db_unescape_string(trim($_GET["descr"])); | |
83 | ||
84 | print "<div>"; | |
85 | ||
86 | error_reporting(0); | |
87 | ||
88 | ||
89 | $result = db_query($link, | |
90 | "SELECT count(ttrss_entries.id) AS num_matches | |
91 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
92 | WHERE ($expr) AND | |
93 | ttrss_user_entries.ref_id = ttrss_entries.id AND | |
94 | ttrss_user_entries.feed_id = ttrss_feeds.id AND | |
95 | ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false); | |
96 | ||
97 | error_reporting (DEFAULT_ERROR_LEVEL); | |
98 | ||
99 | if (!$result) { | |
100 | print "<p>" . db_last_error($link) . "</p>"; | |
101 | print "</div>"; | |
102 | return; | |
103 | } | |
104 | ||
105 | $num_matches = db_fetch_result($result, 0, "num_matches");; | |
106 | ||
107 | if ($num_matches > 0) { | |
108 | ||
109 | if ($num_matches > 10) { | |
110 | $showing_msg = ", showing first 10"; | |
111 | } | |
112 | ||
113 | print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>"; | |
114 | ||
115 | $result = db_query($link, | |
116 | "SELECT ttrss_entries.title, | |
117 | (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title | |
118 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
119 | WHERE ($expr) AND | |
120 | ttrss_user_entries.ref_id = ttrss_entries.id | |
121 | AND ttrss_user_entries.feed_id = ttrss_feeds.id | |
122 | AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " | |
123 | ORDER BY date_entered DESC LIMIT 10", false); | |
124 | ||
125 | print "<ul class=\"labelTestResults\">"; | |
126 | ||
127 | $row_class = "even"; | |
128 | ||
129 | while ($line = db_fetch_assoc($result)) { | |
130 | $row_class = toggleEvenOdd($row_class); | |
131 | ||
132 | print "<li class=\"$row_class\">".$line["title"]. | |
133 | " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>"; | |
134 | } | |
135 | print "</ul>"; | |
136 | ||
137 | } else { | |
138 | print "<p>Query didn't return any matches.</p>"; | |
139 | } | |
140 | ||
141 | print "</div>"; | |
142 | ||
143 | return; | |
144 | } | |
145 | ||
146 | if ($subop == "editSave") { | |
147 | ||
148 | $sql_exp = trim($_GET["sql_exp"]); | |
149 | $descr = db_escape_string(trim($_GET["description"])); | |
150 | $label_id = db_escape_string($_GET["id"]); | |
151 | ||
152 | $result = db_query($link, "UPDATE ttrss_labels SET | |
153 | sql_exp = '$sql_exp', | |
154 | description = '$descr' | |
155 | WHERE id = '$label_id'"); | |
156 | } | |
157 | ||
158 | if ($subop == "remove") { | |
159 | ||
160 | if (!WEB_DEMO_MODE) { | |
161 | ||
162 | $ids = split(",", db_escape_string($_GET["ids"])); | |
163 | ||
164 | foreach ($ids as $id) { | |
165 | db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); | |
166 | ||
167 | } | |
168 | } | |
169 | } | |
170 | ||
171 | if ($subop == "add") { | |
172 | ||
173 | if (!WEB_DEMO_MODE) { | |
174 | ||
175 | // no escaping is done here on purpose | |
176 | $sql_exp = trim($_GET["sql_exp"]); | |
177 | $description = db_escape_string($_GET["description"]); | |
178 | ||
179 | if (!$sql_exp || !$description) return; | |
180 | ||
181 | $result = db_query($link, | |
182 | "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) | |
183 | VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')"); | |
184 | } | |
185 | } | |
186 | ||
187 | $sort = db_escape_string($_GET["sort"]); | |
188 | ||
189 | if (!$sort || $sort == "undefined") { | |
190 | $sort = "description"; | |
191 | } | |
192 | ||
0d32b41e AD |
193 | print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\"> |
194 | <img src='images/sign_quest.png'></a>"; | |
195 | ||
ef8be8ea AD |
196 | print "<div class=\"prefGenericAddBox\">"; |
197 | ||
198 | print"<input type=\"submit\" class=\"button\" | |
199 | id=\"label_create_btn\" | |
200 | onclick=\"return displayDlg('quickAddLabel', false)\" | |
201 | value=\"Create label\"></div>"; | |
202 | ||
203 | $result = db_query($link, "SELECT | |
204 | id,sql_exp,description | |
205 | FROM | |
206 | ttrss_labels | |
207 | WHERE | |
208 | owner_uid = ".$_SESSION["uid"]." | |
209 | ORDER BY $sort"); | |
210 | ||
211 | // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>"; | |
212 | ||
213 | if (db_num_rows($result) != 0) { | |
214 | ||
ef8be8ea AD |
215 | print "<p><table width=\"100%\" cellspacing=\"0\" |
216 | class=\"prefLabelList\" id=\"prefLabelList\">"; | |
217 | ||
218 | print "<tr><td class=\"selectPrompt\" colspan=\"8\"> | |
219 | Select: | |
220 | <a href=\"javascript:selectPrefRows('label', true)\">All</a>, | |
221 | <a href=\"javascript:selectPrefRows('label', false)\">None</a> | |
222 | </td</tr>"; | |
223 | ||
224 | print "<tr class=\"title\"> | |
225 | <td width=\"5%\"> </td> | |
226 | <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">Caption</a></td> | |
227 | <td width=\"50%\"><a href=\"javascript:updateLabelList('sql_exp')\">SQL Expression</a> | |
ef8be8ea AD |
228 | </td> |
229 | </tr>"; | |
230 | ||
231 | $lnum = 0; | |
232 | ||
233 | while ($line = db_fetch_assoc($result)) { | |
234 | ||
235 | $class = ($lnum % 2) ? "even" : "odd"; | |
236 | ||
237 | $label_id = $line["id"]; | |
238 | $edit_label_id = $_GET["id"]; | |
239 | ||
240 | if ($subop == "edit" && $label_id != $edit_label_id) { | |
241 | $class .= "Grayed"; | |
242 | $this_row_id = ""; | |
243 | } else { | |
244 | $this_row_id = "id=\"LILRR-$label_id\""; | |
245 | } | |
246 | ||
247 | print "<tr class=\"$class\" $this_row_id>"; | |
248 | ||
249 | $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"])); | |
250 | $line["description"] = htmlspecialchars( | |
251 | db_unescape_string($line["description"])); | |
252 | ||
253 | if (!$line["description"]) $line["description"] = "[No caption]"; | |
254 | ||
255 | print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' | |
256 | type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>"; | |
257 | ||
258 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
259 | $line["description"] . "</td>"; | |
260 | ||
261 | print "<td><a href=\"javascript:editLabel($label_id);\">" . | |
262 | $line["sql_exp"] . "</td>"; | |
263 | ||
264 | print "</tr>"; | |
265 | ||
266 | ++$lnum; | |
267 | } | |
268 | ||
269 | if ($lnum == 0) { | |
270 | print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>"; | |
271 | } | |
272 | ||
273 | print "</table>"; | |
ef8be8ea AD |
274 | |
275 | print "<p id=\"labelOpToolbar\">"; | |
276 | ||
277 | print " | |
278 | Selection: | |
279 | <input type=\"submit\" class=\"button\" disabled=\"true\" | |
280 | onclick=\"javascript:editSelectedLabel()\" value=\"Edit\"> | |
281 | <input type=\"submit\" class=\"button\" disabled=\"true\" | |
282 | onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">"; | |
283 | ||
284 | } else { | |
285 | print "<p>No labels defined.</p>"; | |
286 | } | |
287 | } | |
288 | ?> |