[tt-rss.git] / modules / pref-labels.php

<?php
	// We need to accept raw SQL data in label queries, so not everything is escaped
	// here, this is by design. If you don't like it, disable labels
	// altogether with GLOBAL_ENABLE_LABELS = false

	function module_pref_labels($link) {
		if (!GLOBAL_ENABLE_LABELS) { 

			print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
			return; 
		}

		$subop = $_GET["subop"];

		if ($subop == "edit") {

			$label_id = db_escape_string($_GET["id"]);

			$result = db_query($link, "SELECT sql_exp,description	FROM ttrss_labels WHERE 
				owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");

			$line = db_fetch_assoc($result);

			$sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
			$description = htmlspecialchars(db_unescape_string($line["description"]));

			print "<div id=\"infoBoxTitle\">Label editor</div>";
			print "<div class=\"infoBoxContents\">";

			print "<form id=\"label_edit_form\" onsubmit='return false'>";

			print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
			print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
			print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; 

			print "<table width='100%'>";

			print "<tr><td>Caption:</td>
				<td><input onkeypress=\"return filterCR(event, labelEditSave)\"
					onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					 name=\"description\" class=\"iedit\" value=\"$description\">";

			print "</td></tr>";

			print "<tr><td colspan=\"2\">
				<p>SQL Expression:</p>";

			print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
					 rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";

			print "</td></tr></table>";

			print "</form>";

			print "<div style=\"display : none\" id=\"label_test_result\"></div>";

			print "<div align='right'>";

			$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";

			print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
				";

			print "<input type=\"submit\" 
				id=\"infobox_submit\"
				class=\"button\" onclick=\"return labelEditSave()\" 
				value=\"Save\"> ";

			print "<input class=\"button\"
				type=\"submit\" onclick=\"return labelEditCancel()\" 
				value=\"Cancel\">";

			print "</div>";

			return;
		}

		if ($subop == "test") {

			$expr = db_unescape_string(trim($_GET["expr"]));
			$descr = db_unescape_string(trim($_GET["descr"]));

			print "<div>";

			error_reporting(0);


			$result = db_query($link, 
				"SELECT count(ttrss_entries.id) AS num_matches
					FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
					WHERE ($expr) AND 
						ttrss_user_entries.ref_id = ttrss_entries.id AND
						ttrss_user_entries.feed_id = ttrss_feeds.id AND
						ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);

			error_reporting (DEFAULT_ERROR_LEVEL);

			if (!$result) {
				print "<p>" . db_last_error($link) . "</p>";
				print "</div>";
				return;
			}

			$num_matches = db_fetch_result($result, 0, "num_matches");;
			
			if ($num_matches > 0) { 

				if ($num_matches > 10) {
					$showing_msg = ", showing first 10";
				}

				print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";

				$result = db_query($link, 
					"SELECT ttrss_entries.title, 
						(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
					FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
							WHERE ($expr) AND 
							ttrss_user_entries.ref_id = ttrss_entries.id
							AND ttrss_user_entries.feed_id = ttrss_feeds.id
							AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " 
							ORDER BY date_entered DESC LIMIT 10", false);

				print "<ul class=\"labelTestResults\">";

				$row_class = "even";
				
				while ($line = db_fetch_assoc($result)) {
					$row_class = toggleEvenOdd($row_class);
					
					print "<li class=\"$row_class\">".$line["title"].
						" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
				}
				print "</ul>";

			} else {
				print "<p>Query didn't return any matches.</p>";
			}

			print "</div>";

			return;
		}

		if ($subop == "editSave") {

			$sql_exp = trim($_GET["sql_exp"]);
			$descr = db_escape_string(trim($_GET["description"]));
			$label_id = db_escape_string($_GET["id"]);
			
			$result = db_query($link, "UPDATE ttrss_labels SET 
				sql_exp = '$sql_exp', 
				description = '$descr'
				WHERE id = '$label_id'");
		}

		if ($subop == "remove") {

			if (!WEB_DEMO_MODE) {

				$ids = split(",", db_escape_string($_GET["ids"]));

				foreach ($ids as $id) {
					db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
					
				}
			}
		}

		if ($subop == "add") {
		
			if (!WEB_DEMO_MODE) {

				// no escaping is done here on purpose
				$sql_exp = trim($_GET["sql_exp"]);
				$description = db_escape_string($_GET["description"]);

				if (!$sql_exp || !$description) return;

				$result = db_query($link,
					"INSERT INTO ttrss_labels (sql_exp,description,owner_uid) 
						VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
			} 
		}

		$sort = db_escape_string($_GET["sort"]);

		if (!$sort || $sort == "undefined") {
			$sort = "description";
		}

		print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
			<img src='images/sign_quest.png'></a>";

		print "<div class=\"prefGenericAddBox\">";

		print"<input type=\"submit\" class=\"button\" 
			id=\"label_create_btn\"
			onclick=\"return displayDlg('quickAddLabel', false)\" 
			value=\"Create label\"></div>";

		$result = db_query($link, "SELECT 
				id,sql_exp,description
			FROM 
				ttrss_labels 
			WHERE 
				owner_uid = ".$_SESSION["uid"]."
			ORDER BY $sort");

//		print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";

		if (db_num_rows($result) != 0) {

			print "<p><table width=\"100%\" cellspacing=\"0\" 
				class=\"prefLabelList\" id=\"prefLabelList\">";

			print "<tr><td class=\"selectPrompt\" colspan=\"8\">
				Select: 
					<a href=\"javascript:selectPrefRows('label', true)\">All</a>,
					<a href=\"javascript:selectPrefRows('label', false)\">None</a>
				</td</tr>";

			print "<tr class=\"title\">
						<td width=\"5%\">&nbsp;</td>
						<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">Caption</a></td>
						<td width=\"50%\"><a href=\"javascript:updateLabelList('sql_exp')\">SQL Expression</a>
						</td>
						</tr>";
			
			$lnum = 0;
			
			while ($line = db_fetch_assoc($result)) {
	
				$class = ($lnum % 2) ? "even" : "odd";
	
				$label_id = $line["id"];
				$edit_label_id = $_GET["id"];
	
				if ($subop == "edit" && $label_id != $edit_label_id) {
					$class .= "Grayed";
					$this_row_id = "";
				} else {
					$this_row_id = "id=\"LILRR-$label_id\"";
				}
	
				print "<tr class=\"$class\" $this_row_id>";
	
				$line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
				$line["description"] = htmlspecialchars(
						db_unescape_string($line["description"]));
	
				if (!$line["description"]) $line["description"] = "[No caption]";
	
				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' 
					type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
	
				print "<td><a href=\"javascript:editLabel($label_id);\">" . 
					$line["description"] . "</td>";			

				print "<td><a href=\"javascript:editLabel($label_id);\">" . 
					$line["sql_exp"] . "</td>";		

				print "</tr>";
	
				++$lnum;
			}
	
			if ($lnum == 0) {
				print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>";
			}
	
			print "</table>";
	
			print "<p id=\"labelOpToolbar\">";
	
			print "
					Selection:
				<input type=\"submit\" class=\"button\" disabled=\"true\"
					onclick=\"javascript:editSelectedLabel()\" value=\"Edit\">
				<input type=\"submit\" class=\"button\" disabled=\"true\"
				onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">";

		} else {
			print "<p>No labels defined.</p>";
		}
	}
?>
Commit	Line	Data
ef8be8ea AD	1	<?php
	2	// We need to accept raw SQL data in label queries, so not everything is escaped
	3	// here, this is by design. If you don't like it, disable labels
	4	// altogether with GLOBAL_ENABLE_LABELS = false
	5
	6	function module_pref_labels($link) {
	7	if (!GLOBAL_ENABLE_LABELS) {
	8
	9	print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
	10	return;
	11	}
	12
	13	$subop = $_GET["subop"];
	14
	15	if ($subop == "edit") {
	16
	17	$label_id = db_escape_string($_GET["id"]);
	18
	19	$result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
	20	owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
	21
	22	$line = db_fetch_assoc($result);
	23
	24	$sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
	25	$description = htmlspecialchars(db_unescape_string($line["description"]));
	26
	27	print "<div id=\"infoBoxTitle\">Label editor</div>";
	28	print "<div class=\"infoBoxContents\">";
	29
e6312f6c	30	print "<form id=\"label_edit_form\" onsubmit='return false'>";
ef8be8ea AD	31
	32	print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
	33	print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
	34	print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
	35
	36	print "<table width='100%'>";
	37
	38	print "<tr><td>Caption:</td>
	39	<td><input onkeypress=\"return filterCR(event, labelEditSave)\"
b5015f72 AD	40	onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
b5015f72 AD	41	onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
ef8be8ea AD	42	name=\"description\" class=\"iedit\" value=\"$description\">";
	43
	44	print "</td></tr>";
	45
	46	print "<tr><td colspan=\"2\">
	47	<p>SQL Expression:</p>";
	48
	49	print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
	50	rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";
	51
	52	print "</td></tr></table>";
	53
	54	print "</form>";
	55
	56	print "<div style=\"display : none\" id=\"label_test_result\"></div>";
	57
	58	print "<div align='right'>";
	59
	60	$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
	61
	62	print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
	63	";
	64
	65	print "<input type=\"submit\"
	66	id=\"infobox_submit\"
	67	class=\"button\" onclick=\"return labelEditSave()\"
	68	value=\"Save\"> ";
	69
	70	print "<input class=\"button\"
	71	type=\"submit\" onclick=\"return labelEditCancel()\"
	72	value=\"Cancel\">";
	73
	74	print "</div>";
	75
	76	return;
	77	}
	78
	79	if ($subop == "test") {
	80
	81	$expr = db_unescape_string(trim($_GET["expr"]));
	82	$descr = db_unescape_string(trim($_GET["descr"]));
	83
	84	print "<div>";
	85
	86	error_reporting(0);
	87
	88
	89	$result = db_query($link,
	90	"SELECT count(ttrss_entries.id) AS num_matches
	91	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
	92	WHERE ($expr) AND
	93	ttrss_user_entries.ref_id = ttrss_entries.id AND
	94	ttrss_user_entries.feed_id = ttrss_feeds.id AND
	95	ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
	96
	97	error_reporting (DEFAULT_ERROR_LEVEL);
	98
	99	if (!$result) {
	100	print "<p>" . db_last_error($link) . "</p>";
	101	print "</div>";
	102	return;
	103	}
	104
	105	$num_matches = db_fetch_result($result, 0, "num_matches");;
106
107	if ($num_matches > 0) {
108
109	if ($num_matches > 10) {
110	$showing_msg = ", showing first 10";
111	}
112
113	print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
114
115	$result = db_query($link,
116	"SELECT ttrss_entries.title,
117	(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
118	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
119	WHERE ($expr) AND
120	ttrss_user_entries.ref_id = ttrss_entries.id
121	AND ttrss_user_entries.feed_id = ttrss_feeds.id
122	AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
123	ORDER BY date_entered DESC LIMIT 10", false);
124
125	print "<ul class=\"labelTestResults\">";
126
127	$row_class = "even";
128
129	while ($line = db_fetch_assoc($result)) {
130	$row_class = toggleEvenOdd($row_class);
131
132	print "<li class=\"$row_class\">".$line["title"].
133	" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
134	}
135	print "</ul>";
136
137	} else {
138	print "<p>Query didn't return any matches.</p>";
139	}
140
141	print "</div>";
142
143	return;
144	}
145
146	if ($subop == "editSave") {
147
148	$sql_exp = trim($_GET["sql_exp"]);
149	$descr = db_escape_string(trim($_GET["description"]));
150	$label_id = db_escape_string($_GET["id"]);
151
152	$result = db_query($link, "UPDATE ttrss_labels SET
153	sql_exp = '$sql_exp',
154	description = '$descr'
155	WHERE id = '$label_id'");
156	}
157
158	if ($subop == "remove") {
159
160	if (!WEB_DEMO_MODE) {
161
162	$ids = split(",", db_escape_string($_GET["ids"]));
163
164	foreach ($ids as $id) {
165	db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
166
167	}
168	}
169	}
170
171	if ($subop == "add") {
172
173	if (!WEB_DEMO_MODE) {
174
175	// no escaping is done here on purpose
176	$sql_exp = trim($_GET["sql_exp"]);
177	$description = db_escape_string($_GET["description"]);
178
179	if (!$sql_exp \|\| !$description) return;
180
181	$result = db_query($link,
182	"INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
183	VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
184	}
185	}
186
187	$sort = db_escape_string($_GET["sort"]);
188
189	if (!$sort \|\| $sort == "undefined") {
190	$sort = "description";
191	}
192
0d32b41e AD	193	print "<a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
	194	<img src='images/sign_quest.png'></a>";
	195
ef8be8ea AD	196	print "<div class=\"prefGenericAddBox\">";
	197
	198	print"<input type=\"submit\" class=\"button\"
	199	id=\"label_create_btn\"
	200	onclick=\"return displayDlg('quickAddLabel', false)\"
	201	value=\"Create label\"></div>";
	202
	203	$result = db_query($link, "SELECT
	204	id,sql_exp,description
	205	FROM
	206	ttrss_labels
	207	WHERE
	208	owner_uid = ".$_SESSION["uid"]."
	209	ORDER BY $sort");
	210
	211	// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
	212
	213	if (db_num_rows($result) != 0) {
	214
ef8be8ea AD	215	print "<p><table width=\"100%\" cellspacing=\"0\"
	216	class=\"prefLabelList\" id=\"prefLabelList\">";
	217
	218	print "<tr><td class=\"selectPrompt\" colspan=\"8\">
	219	Select:
	220	<a href=\"javascript:selectPrefRows('label', true)\">All</a>,
	221	<a href=\"javascript:selectPrefRows('label', false)\">None</a>
	222	</td</tr>";
	223
	224	print "<tr class=\"title\">
	225	<td width=\"5%\"> </td>
	226	<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">Caption</a></td>
	227	<td width=\"50%\"><a href=\"javascript:updateLabelList('sql_exp')\">SQL Expression</a>
ef8be8ea AD	228	</td>
	229	</tr>";
	230
	231	$lnum = 0;
	232
	233	while ($line = db_fetch_assoc($result)) {
	234
	235	$class = ($lnum % 2) ? "even" : "odd";
	236
	237	$label_id = $line["id"];
	238	$edit_label_id = $_GET["id"];
	239
	240	if ($subop == "edit" && $label_id != $edit_label_id) {
	241	$class .= "Grayed";
	242	$this_row_id = "";
	243	} else {
	244	$this_row_id = "id=\"LILRR-$label_id\"";
	245	}
	246
	247	print "<tr class=\"$class\" $this_row_id>";
	248
	249	$line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
	250	$line["description"] = htmlspecialchars(
	251	db_unescape_string($line["description"]));
	252
	253	if (!$line["description"]) $line["description"] = "[No caption]";
	254
	255	print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
	256	type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
	257
	258	print "<td><a href=\"javascript:editLabel($label_id);\">" .
	259	$line["description"] . "</td>";
	260
	261	print "<td><a href=\"javascript:editLabel($label_id);\">" .
	262	$line["sql_exp"] . "</td>";
	263
	264	print "</tr>";
	265
	266	++$lnum;
	267	}
	268
	269	if ($lnum == 0) {
	270	print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>";
	271	}
	272
	273	print "</table>";
ef8be8ea AD	274
	275	print "<p id=\"labelOpToolbar\">";
	276
	277	print "
	278	Selection:
	279	<input type=\"submit\" class=\"button\" disabled=\"true\"
	280	onclick=\"javascript:editSelectedLabel()\" value=\"Edit\">
	281	<input type=\"submit\" class=\"button\" disabled=\"true\"
	282	onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">";
	283
	284	} else {
	285	print "<p>No labels defined.</p>";
	286	}
	287	}
	288	?>