]>
git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
6 function module_pref_labels ( $link ) {
7 if (! GLOBAL_ENABLE_LABELS
) {
9 print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>" ;
13 $subop = $_GET [ "subop" ];
15 if ( $subop == "edit" ) {
17 $label_id = db_escape_string ( $_GET [ "id" ]);
19 $result = db_query ( $link , "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = " . $_SESSION [ "uid" ]. " AND id = ' $label_id ' ORDER by description" );
22 $line = db_fetch_assoc ( $result );
24 $sql_exp = htmlspecialchars ( $line [ "sql_exp" ]);
25 $description = htmlspecialchars ( $line [ "description" ]);
27 print "<div id= \" infoBoxTitle \" >Label editor</div>" ;
28 print "<div class= \" infoBoxContents \" >" ;
30 print "<form id= \" label_edit_form \" onsubmit='return false'>" ;
32 print "<input type= \" hidden \" name= \" op \" value= \" pref-labels \" >" ;
33 print "<input type= \" hidden \" name= \" id \" value= \" $label_id\" >" ;
34 print "<input type= \" hidden \" name= \" subop \" value= \" editSave \" >" ;
36 print "<table width='100%'>" ;
38 print "<tr><td>Caption:</td>
39 <td><input onkeypress= \" return filterCR(event, labelEditSave) \"
40 onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
41 onchange= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
42 name= \" description \" class= \" iedit \" value= \" $description\" >" ;
46 print "<tr><td colspan= \" 2 \" >
47 <p>SQL Expression:</p>" ;
49 print "<textarea onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
50 rows= \" 4 \" name= \" sql_exp \" class= \" iedit \" > $sql_exp </textarea>" ;
54 print "<a class='small' href= \" javascript:displayHelpInfobox(1) \" >
55 " . __ ( 'Click here for help' ). "</a>" ;
57 print "</td></tr></table>" ;
61 print "<div style= \" display : none \" id= \" label_test_result \" ></div>" ;
63 print "<div align='right'>" ;
65 $is_disabled = ( strpos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'Opera' ) !== FALSE ) ?
"disabled" : "" ;
67 print "<input $is_disabled type= \" submit \" onclick= \" return labelTest() \" value= \" Test \" >
70 print "<input type= \" submit \"
72 class= \" button \" onclick= \" return labelEditSave() \"
75 print "<input class= \" button \"
76 type= \" submit \" onclick= \" return labelEditCancel() \"
84 if ( $subop == "test" ) {
86 // no escaping here on purpose
87 $expr = trim ( $_GET [ "expr" ]);
88 $descr = db_escape_string ( trim ( $_GET [ "descr" ]));
91 print "<div>Error: SQL expression is blank.</div>" ;
100 $result = db_query ( $link ,
101 "SELECT count(ttrss_entries.id) AS num_matches
102 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
104 ttrss_user_entries.ref_id = ttrss_entries.id AND
105 ttrss_user_entries.feed_id = ttrss_feeds.id AND
106 ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ], false );
108 error_reporting ( DEFAULT_ERROR_LEVEL
);
111 print "<div class= \" labelTestError \" >" . db_last_error ( $link ) . "</div>" ;
116 $num_matches = db_fetch_result ( $result , 0 , "num_matches" );;
118 if ( $num_matches > 0 ) {
120 if ( $num_matches > 10 ) {
121 $showing_msg = ", showing first 10" ;
124 print "<p>Query returned <b> $num_matches </b> matches $showing_msg :</p>" ;
126 $result = db_query ( $link ,
127 "SELECT ttrss_entries.title,
128 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
129 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
131 ttrss_user_entries.ref_id = ttrss_entries.id
132 AND ttrss_user_entries.feed_id = ttrss_feeds.id
133 AND ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ] . "
134 ORDER BY date_entered LIMIT 10" , false );
136 print "<ul class= \" labelTestResults \" >" ;
140 while ( $line = db_fetch_assoc ( $result )) {
141 $row_class = toggleEvenOdd ( $row_class );
143 print "<li class= \" $row_class\" >" . $line [ "title" ].
144 " <span class= \" insensitive \" >(" . $line [ "feed_title" ]. ")</span></li>" ;
149 print "<p>Query didn't return any matches.</p>" ;
157 if ( $subop == "editSave" ) {
159 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
160 $descr = db_escape_string ( trim ( $_GET [ "description" ]));
161 $label_id = db_escape_string ( $_GET [ "id" ]);
163 $result = db_query ( $link , "UPDATE ttrss_labels SET
164 sql_exp = ' $sql_exp ',
165 description = ' $descr '
166 WHERE id = ' $label_id '" );
168 if ( db_affected_rows ( $link , $result ) != 0 ) {
169 print_notice ( T_sprintf ( "Saved label <b> %s </b>" , htmlspecialchars ( $descr )));
174 if ( $subop == "remove" ) {
176 if (! WEB_DEMO_MODE
) {
178 $ids = split ( "," , db_escape_string ( $_GET [ "ids" ]));
180 foreach ( $ids as $id ) {
181 db_query ( $link , "DELETE FROM ttrss_labels WHERE id = ' $id '" );
187 if ( $subop == "add" ) {
189 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
190 $description = db_escape_string ( $_GET [ "description" ]);
192 if (! $sql_exp ||
! $description ) return ;
194 $result = db_query ( $link ,
195 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
196 VALUES (' $sql_exp ', ' $description ', '" . $_SESSION [ "uid" ]. "')" );
198 if ( db_affected_rows ( $link , $result ) != 0 ) {
199 print T_sprintf ( "Created label <b> %s </b>" , htmlspecialchars ( $description ));
205 set_pref ( $link , "_PREFS_ACTIVE_TAB" , "labelConfig" );
207 $sort = db_escape_string ( $_GET [ "sort" ]);
209 if (! $sort ||
$sort == "undefined" ) {
210 $sort = "description" ;
213 print "<a class='helpLinkPic' href= \" javascript:displayHelpInfobox(1) \" >
214 <img src='images/sign_quest.gif'></a>" ;
216 print "<div class= \" prefGenericAddBox \" >" ;
218 print "<input type= \" submit \" class= \" button \"
219 id= \" label_create_btn \"
220 onclick= \" return displayDlg('quickAddLabel', false) \"
221 value= \" " . __ ( 'Create label' ). " \" ></div>" ;
223 $result = db_query ( $link , "SELECT
224 id,sql_exp,description
228 owner_uid = " . $_SESSION [ "uid" ]. "
231 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
233 if ( db_num_rows ( $result ) != 0 ) {
235 print "<p><table width= \" 100% \" cellspacing= \" 0 \"
236 class= \" prefLabelList \" id= \" prefLabelList \" >" ;
238 print "<tr><td class= \" selectPrompt \" colspan= \" 8 \" >
240 <a href= \" javascript:selectPrefRows('label', true) \" >" . __ ( 'All' ). "</a>,
241 <a href= \" javascript:selectPrefRows('label', false) \" >" . __ ( 'None' ). "</a>
244 print "<tr class= \" title \" >
245 <td width= \" 5% \" > </td>
246 <td width= \" 30% \" ><a href= \" javascript:updateLabelList('description') \" >" . __ ( 'Caption' ). "</a></td>
247 <td width= \"\" ><a href= \" javascript:updateLabelList('sql_exp') \" >" . __ ( 'SQL Expression' ). "</a>
253 while ( $line = db_fetch_assoc ( $result )) {
255 $class = ( $lnum %
2 ) ?
"even" : "odd" ;
257 $label_id = $line [ "id" ];
258 $edit_label_id = $_GET [ "id" ];
260 if ( $subop == "edit" && $label_id != $edit_label_id ) {
264 $this_row_id = "id= \" LILRR- $label_id\" " ;
267 print "<tr class= \" $class\" $this_row_id >" ;
269 $line [ "sql_exp" ] = htmlspecialchars ( $line [ "sql_exp" ]);
270 $line [ "description" ] = htmlspecialchars ( $line [ "description" ]);
272 if (! $line [ "description" ]) $line [ "description" ] = "[No caption]" ;
274 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \" label \" );'
275 type= \" checkbox \" id= \" LICHK-" . $line [ "id" ]. " \" ></td>" ;
277 print "<td><a href= \" javascript:editLabel( $label_id ); \" >" .
278 $line [ "description" ] . "</td>" ;
280 print "<td><a href= \" javascript:editLabel( $label_id ); \" >" .
281 $line [ "sql_exp" ] . "</td>" ;
289 print "<tr><td colspan= \" 4 \" align= \" center \" >" . __ ( 'No labels defined.' ). "</td></tr>" ;
294 print "<p id= \" labelOpToolbar \" >" ;
296 print "<input type= \" submit \" class= \" button \" disabled= \" true \"
297 onclick= \" javascript:editSelectedLabel() \" value= \" " . __ ( 'Edit' ). " \" >
298 <input type= \" submit \" class= \" button \" disabled= \" true \"
299 onclick= \" javascript:removeSelectedLabels() \" value= \" " . __ ( 'Remove' ). " \" >" ;
302 print "<p>" . __ ( 'No labels defined.' ). "</p>" ;