]>
Commit | Line | Data |
---|---|---|
ef8be8ea AD |
1 | <?php |
2 | // We need to accept raw SQL data in label queries, so not everything is escaped | |
3 | // here, this is by design. If you don't like it, disable labels | |
4 | // altogether with GLOBAL_ENABLE_LABELS = false | |
5 | ||
6 | function module_pref_labels($link) { | |
7 | if (!GLOBAL_ENABLE_LABELS) { | |
8 | ||
746dcf42 | 9 | print __("Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality."); |
ef8be8ea AD |
10 | return; |
11 | } | |
12 | ||
13 | $subop = $_GET["subop"]; | |
14 | ||
15 | if ($subop == "edit") { | |
16 | ||
17 | $label_id = db_escape_string($_GET["id"]); | |
18 | ||
19 | $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE | |
20 | owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description"); | |
21 | ||
22 | $line = db_fetch_assoc($result); | |
23 | ||
47439031 AD |
24 | $sql_exp = htmlspecialchars($line["sql_exp"]); |
25 | $description = htmlspecialchars($line["description"]); | |
ef8be8ea | 26 | |
ecace165 | 27 | print "<div id=\"infoBoxTitle\">Label Editor</div>"; |
ef8be8ea AD |
28 | print "<div class=\"infoBoxContents\">"; |
29 | ||
e6312f6c | 30 | print "<form id=\"label_edit_form\" onsubmit='return false'>"; |
ef8be8ea AD |
31 | |
32 | print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">"; | |
33 | print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">"; | |
34 | print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">"; | |
35 | ||
10fa6615 | 36 | print "<div class=\"dlgSec\">".__("Caption")."</div>"; |
ef8be8ea | 37 | |
10fa6615 AD |
38 | print "<div class=\"dlgSecCont\">"; |
39 | ||
40 | print "<input onkeypress=\"return filterCR(event, labelEditSave)\" | |
b5015f72 AD |
41 | onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" |
42 | onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
10fa6615 AD |
43 | name=\"description\" size=\"30\" value=\"$description\">"; |
44 | print "</div>"; | |
ef8be8ea | 45 | |
10fa6615 | 46 | print "<div class=\"dlgSec\">".__("Match SQL")."</div>"; |
ef8be8ea | 47 | |
10fa6615 | 48 | print "<div class=\"dlgSecCont\">"; |
ef8be8ea AD |
49 | |
50 | print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\" | |
10fa6615 AD |
51 | rows=\"6\" name=\"sql_exp\" class=\"labelSQL\" cols=\"50\">$sql_exp</textarea>"; |
52 | ||
53 | print "</div>"; | |
ef8be8ea AD |
54 | |
55 | print "</form>"; | |
56 | ||
57 | print "<div style=\"display : none\" id=\"label_test_result\"></div>"; | |
58 | ||
10fa6615 | 59 | print "<div class=\"dlgButtons\">"; |
ef8be8ea | 60 | |
b44d8c51 | 61 | print "<div style='float : left'>"; |
6a5efb07 AD |
62 | print "<input type=\"submit\" |
63 | class=\"button\" onclick=\"return displayHelpInfobox(1)\" | |
64 | value=\"".__('Help')."\"> "; | |
b44d8c51 | 65 | print "</div>"; |
6a5efb07 | 66 | |
ef8be8ea AD |
67 | $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : ""; |
68 | ||
69 | print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\"> | |
70 | "; | |
71 | ||
72 | print "<input type=\"submit\" | |
73 | id=\"infobox_submit\" | |
74 | class=\"button\" onclick=\"return labelEditSave()\" | |
75 | value=\"Save\"> "; | |
76 | ||
77 | print "<input class=\"button\" | |
78 | type=\"submit\" onclick=\"return labelEditCancel()\" | |
79 | value=\"Cancel\">"; | |
80 | ||
81 | print "</div>"; | |
82 | ||
83 | return; | |
84 | } | |
85 | ||
86 | if ($subop == "test") { | |
87 | ||
47439031 AD |
88 | // no escaping here on purpose |
89 | $expr = trim($_GET["expr"]); | |
90 | $descr = db_escape_string(trim($_GET["descr"])); | |
ef8be8ea | 91 | |
caf1f12f AD |
92 | $expr = str_replace(";", "", $expr); |
93 | ||
a4919a16 AD |
94 | if (!$expr) { |
95 | print "<div>Error: SQL expression is blank.</div>"; | |
96 | return; | |
97 | } | |
98 | ||
ef8be8ea AD |
99 | print "<div>"; |
100 | ||
101 | error_reporting(0); | |
102 | ||
103 | ||
104 | $result = db_query($link, | |
105 | "SELECT count(ttrss_entries.id) AS num_matches | |
106 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
107 | WHERE ($expr) AND | |
108 | ttrss_user_entries.ref_id = ttrss_entries.id AND | |
109 | ttrss_user_entries.feed_id = ttrss_feeds.id AND | |
110 | ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false); | |
111 | ||
112 | error_reporting (DEFAULT_ERROR_LEVEL); | |
113 | ||
114 | if (!$result) { | |
768858f1 | 115 | print "<div class=\"labelTestError\">" . db_last_error($link) . "</div>"; |
ef8be8ea AD |
116 | print "</div>"; |
117 | return; | |
118 | } | |
119 | ||
120 | $num_matches = db_fetch_result($result, 0, "num_matches");; | |
121 | ||
122 | if ($num_matches > 0) { | |
123 | ||
124 | if ($num_matches > 10) { | |
125 | $showing_msg = ", showing first 10"; | |
126 | } | |
127 | ||
128 | print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>"; | |
129 | ||
130 | $result = db_query($link, | |
131 | "SELECT ttrss_entries.title, | |
132 | (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title | |
133 | FROM ttrss_entries,ttrss_user_entries,ttrss_feeds | |
134 | WHERE ($expr) AND | |
135 | ttrss_user_entries.ref_id = ttrss_entries.id | |
136 | AND ttrss_user_entries.feed_id = ttrss_feeds.id | |
137 | AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " | |
0ecd2499 | 138 | ORDER BY date_entered LIMIT 10", false); |
ef8be8ea AD |
139 | |
140 | print "<ul class=\"labelTestResults\">"; | |
141 | ||
142 | $row_class = "even"; | |
143 | ||
144 | while ($line = db_fetch_assoc($result)) { | |
145 | $row_class = toggleEvenOdd($row_class); | |
146 | ||
147 | print "<li class=\"$row_class\">".$line["title"]. | |
148 | " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>"; | |
149 | } | |
150 | print "</ul>"; | |
151 | ||
152 | } else { | |
153 | print "<p>Query didn't return any matches.</p>"; | |
154 | } | |
155 | ||
156 | print "</div>"; | |
157 | ||
158 | return; | |
159 | } | |
160 | ||
161 | if ($subop == "editSave") { | |
162 | ||
5b10ad15 | 163 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
ef8be8ea AD |
164 | $descr = db_escape_string(trim($_GET["description"])); |
165 | $label_id = db_escape_string($_GET["id"]); | |
caf1f12f AD |
166 | |
167 | $sql_exp = str_replace(";", "", $sql_exp); | |
168 | ||
ef8be8ea AD |
169 | $result = db_query($link, "UPDATE ttrss_labels SET |
170 | sql_exp = '$sql_exp', | |
171 | description = '$descr' | |
172 | WHERE id = '$label_id'"); | |
5e6f933a AD |
173 | |
174 | if (db_affected_rows($link, $result) != 0) { | |
175 | print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr))); | |
176 | } | |
177 | ||
ef8be8ea AD |
178 | } |
179 | ||
180 | if ($subop == "remove") { | |
181 | ||
182 | if (!WEB_DEMO_MODE) { | |
183 | ||
184 | $ids = split(",", db_escape_string($_GET["ids"])); | |
185 | ||
186 | foreach ($ids as $id) { | |
187 | db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); | |
188 | ||
189 | } | |
190 | } | |
191 | } | |
192 | ||
193 | if ($subop == "add") { | |
ef8be8ea | 194 | |
5b10ad15 | 195 | $sql_exp = db_escape_string(trim($_GET["sql_exp"])); |
5e6f933a | 196 | $description = db_escape_string($_GET["description"]); |
ef8be8ea | 197 | |
caf1f12f AD |
198 | $sql_exp = str_replace(";", "", $sql_exp); |
199 | ||
5e6f933a | 200 | if (!$sql_exp || !$description) return; |
ef8be8ea | 201 | |
5e6f933a AD |
202 | $result = db_query($link, |
203 | "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) | |
204 | VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')"); | |
205 | ||
206 | if (db_affected_rows($link, $result) != 0) { | |
207 | print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description)); | |
208 | } | |
209 | ||
210 | return; | |
ef8be8ea AD |
211 | } |
212 | ||
fe8d2059 AD |
213 | set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig"); |
214 | ||
ef8be8ea AD |
215 | $sort = db_escape_string($_GET["sort"]); |
216 | ||
217 | if (!$sort || $sort == "undefined") { | |
218 | $sort = "description"; | |
219 | } | |
220 | ||
112d2aec AD |
221 | $label_search = db_escape_string($_GET["search"]); |
222 | ||
223 | if (array_key_exists("search", $_GET)) { | |
224 | $_SESSION["prefs_label_search"] = $label_search; | |
225 | } else { | |
226 | $label_search = $_SESSION["prefs_label_search"]; | |
227 | } | |
228 | ||
229 | print "<div class=\"feedEditSearch\"> | |
230 | <input id=\"label_search\" size=\"20\" type=\"search\" | |
4cf6fc6a AD |
231 | onfocus=\"javascript:disableHotkeys();\" |
232 | onblur=\"javascript:enableHotkeys();\" | |
112d2aec AD |
233 | onchange=\"javascript:updateLabelList()\" value=\"$label_search\"> |
234 | <input type=\"submit\" class=\"button\" | |
235 | onclick=\"javascript:updateLabelList()\" value=\"".__('Search')."\"> | |
236 | <p><a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\"> | |
237 | <img src='images/sign_quest.gif'></a></p> | |
238 | </div>"; | |
0d32b41e | 239 | |
ef8be8ea AD |
240 | print "<div class=\"prefGenericAddBox\">"; |
241 | ||
242 | print"<input type=\"submit\" class=\"button\" | |
243 | id=\"label_create_btn\" | |
244 | onclick=\"return displayDlg('quickAddLabel', false)\" | |
a3c159c4 | 245 | value=\"".__('Create label')."\"></div>"; |
ef8be8ea | 246 | |
112d2aec AD |
247 | if ($label_search) { |
248 | $label_search_query = "(sql_exp LIKE '%$label_search%' OR | |
249 | description LIKE '%$label_search%') AND"; | |
250 | } else { | |
251 | $label_search_query = ""; | |
252 | } | |
253 | ||
ef8be8ea AD |
254 | $result = db_query($link, "SELECT |
255 | id,sql_exp,description | |
256 | FROM | |
257 | ttrss_labels | |
258 | WHERE | |
112d2aec | 259 | $label_search_query |
ef8be8ea AD |
260 | owner_uid = ".$_SESSION["uid"]." |
261 | ORDER BY $sort"); | |
262 | ||
263 | // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>"; | |
264 | ||
265 | if (db_num_rows($result) != 0) { | |
266 | ||
ef8be8ea AD |
267 | print "<p><table width=\"100%\" cellspacing=\"0\" |
268 | class=\"prefLabelList\" id=\"prefLabelList\">"; | |
269 | ||
270 | print "<tr><td class=\"selectPrompt\" colspan=\"8\"> | |
e8d0177d AD |
271 | ".__('Select:')." |
272 | <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>, | |
273 | <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a> | |
ef8be8ea AD |
274 | </td</tr>"; |
275 | ||
276 | print "<tr class=\"title\"> | |
277 | <td width=\"5%\"> </td> | |
a3c159c4 | 278 | <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td> |
5ede560f | 279 | <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a> |
ef8be8ea AD |
280 | </td> |
281 | </tr>"; | |
282 | ||
283 | $lnum = 0; | |
284 | ||
285 | while ($line = db_fetch_assoc($result)) { | |
286 | ||
287 | $class = ($lnum % 2) ? "even" : "odd"; | |
288 | ||
289 | $label_id = $line["id"]; | |
290 | $edit_label_id = $_GET["id"]; | |
291 | ||
292 | if ($subop == "edit" && $label_id != $edit_label_id) { | |
293 | $class .= "Grayed"; | |
294 | $this_row_id = ""; | |
295 | } else { | |
296 | $this_row_id = "id=\"LILRR-$label_id\""; | |
297 | } | |
298 | ||
299 | print "<tr class=\"$class\" $this_row_id>"; | |
300 | ||
47439031 AD |
301 | $line["sql_exp"] = htmlspecialchars($line["sql_exp"]); |
302 | $line["description"] = htmlspecialchars($line["description"]); | |
ef8be8ea | 303 | |
a95da136 AD |
304 | if (!$line["description"]) $line["description"] = __("[No caption]"); |
305 | ||
306 | $onclick = "onclick='editLabel($label_id)' title='".__('Click to edit')."'"; | |
ef8be8ea AD |
307 | |
308 | print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");' | |
309 | type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>"; | |
310 | ||
a95da136 AD |
311 | print "<td $onclick>" . $line["description"] . "</td>"; |
312 | print "<td $onclick>" . $line["sql_exp"] . "</td>"; | |
ef8be8ea AD |
313 | |
314 | print "</tr>"; | |
315 | ||
316 | ++$lnum; | |
317 | } | |
a5bd7bf0 | 318 | |
ef8be8ea | 319 | print "</table>"; |
ef8be8ea AD |
320 | |
321 | print "<p id=\"labelOpToolbar\">"; | |
322 | ||
a3c159c4 AD |
323 | print "<input type=\"submit\" class=\"button\" disabled=\"true\" |
324 | onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\"> | |
ef8be8ea | 325 | <input type=\"submit\" class=\"button\" disabled=\"true\" |
a3c159c4 | 326 | onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">"; |
ef8be8ea AD |
327 | |
328 | } else { | |
a5bd7bf0 AD |
329 | print "<p>"; |
330 | if (!$label_search) { | |
331 | print __('No labels defined.'); | |
332 | } else { | |
333 | print __('No matching labels found.'); | |
334 | } | |
335 | print "</p>"; | |
336 | ||
ef8be8ea AD |
337 | } |
338 | } | |
339 | ?> |