]> git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
fix label and filter editors for safari (borked markup)
[tt-rss.git] / modules / pref-labels.php
1 <?php
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
5
6 function module_pref_labels($link) {
7 if (!GLOBAL_ENABLE_LABELS) {
8
9 print "<p>Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.</p>";
10 return;
11 }
12
13 $subop = $_GET["subop"];
14
15 if ($subop == "edit") {
16
17 $label_id = db_escape_string($_GET["id"]);
18
19 $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
21
22 $line = db_fetch_assoc($result);
23
24 $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
25 $description = htmlspecialchars(db_unescape_string($line["description"]));
26
27 print "<div id=\"infoBoxTitle\">Label editor</div>";
28 print "<div class=\"infoBoxContents\">";
29
30 print "<form id=\"label_edit_form\">";
31
32 print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
33 print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
34 print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
35
36 print "<table width='100%'>";
37
38 print "<tr><td>Caption:</td>
39 <td><input onkeypress=\"return filterCR(event, labelEditSave)\"
40 onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
41 onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
42 name=\"description\" class=\"iedit\" value=\"$description\">";
43
44 print "</td></tr>";
45
46 print "<tr><td colspan=\"2\">
47 <p>SQL Expression:</p>";
48
49 print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
50 rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";
51
52 print "</td></tr></table>";
53
54 print "</form>";
55
56 print "<div style=\"display : none\" id=\"label_test_result\"></div>";
57
58 print "<div align='right'>";
59
60 $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
61
62 print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
63 ";
64
65 print "<input type=\"submit\"
66 id=\"infobox_submit\"
67 class=\"button\" onclick=\"return labelEditSave()\"
68 value=\"Save\"> ";
69
70 print "<input class=\"button\"
71 type=\"submit\" onclick=\"return labelEditCancel()\"
72 value=\"Cancel\">";
73
74 print "</div>";
75
76 return;
77 }
78
79 if ($subop == "test") {
80
81 $expr = db_unescape_string(trim($_GET["expr"]));
82 $descr = db_unescape_string(trim($_GET["descr"]));
83
84 print "<div>";
85
86 error_reporting(0);
87
88
89 $result = db_query($link,
90 "SELECT count(ttrss_entries.id) AS num_matches
91 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
92 WHERE ($expr) AND
93 ttrss_user_entries.ref_id = ttrss_entries.id AND
94 ttrss_user_entries.feed_id = ttrss_feeds.id AND
95 ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
96
97 error_reporting (DEFAULT_ERROR_LEVEL);
98
99 if (!$result) {
100 print "<p>" . db_last_error($link) . "</p>";
101 print "</div>";
102 return;
103 }
104
105 $num_matches = db_fetch_result($result, 0, "num_matches");;
106
107 if ($num_matches > 0) {
108
109 if ($num_matches > 10) {
110 $showing_msg = ", showing first 10";
111 }
112
113 print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
114
115 $result = db_query($link,
116 "SELECT ttrss_entries.title,
117 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
118 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
119 WHERE ($expr) AND
120 ttrss_user_entries.ref_id = ttrss_entries.id
121 AND ttrss_user_entries.feed_id = ttrss_feeds.id
122 AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
123 ORDER BY date_entered DESC LIMIT 10", false);
124
125 print "<ul class=\"labelTestResults\">";
126
127 $row_class = "even";
128
129 while ($line = db_fetch_assoc($result)) {
130 $row_class = toggleEvenOdd($row_class);
131
132 print "<li class=\"$row_class\">".$line["title"].
133 " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
134 }
135 print "</ul>";
136
137 } else {
138 print "<p>Query didn't return any matches.</p>";
139 }
140
141 print "</div>";
142
143 return;
144 }
145
146 if ($subop == "editSave") {
147
148 $sql_exp = trim($_GET["sql_exp"]);
149 $descr = db_escape_string(trim($_GET["description"]));
150 $label_id = db_escape_string($_GET["id"]);
151
152 $result = db_query($link, "UPDATE ttrss_labels SET
153 sql_exp = '$sql_exp',
154 description = '$descr'
155 WHERE id = '$label_id'");
156 }
157
158 if ($subop == "remove") {
159
160 if (!WEB_DEMO_MODE) {
161
162 $ids = split(",", db_escape_string($_GET["ids"]));
163
164 foreach ($ids as $id) {
165 db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
166
167 }
168 }
169 }
170
171 if ($subop == "add") {
172
173 if (!WEB_DEMO_MODE) {
174
175 // no escaping is done here on purpose
176 $sql_exp = trim($_GET["sql_exp"]);
177 $description = db_escape_string($_GET["description"]);
178
179 if (!$sql_exp || !$description) return;
180
181 $result = db_query($link,
182 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
183 VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
184 }
185 }
186
187 $sort = db_escape_string($_GET["sort"]);
188
189 if (!$sort || $sort == "undefined") {
190 $sort = "description";
191 }
192
193 print "<div class=\"prefGenericAddBox\">";
194
195 print"<input type=\"submit\" class=\"button\"
196 id=\"label_create_btn\"
197 onclick=\"return displayDlg('quickAddLabel', false)\"
198 value=\"Create label\"></div>";
199
200 $result = db_query($link, "SELECT
201 id,sql_exp,description
202 FROM
203 ttrss_labels
204 WHERE
205 owner_uid = ".$_SESSION["uid"]."
206 ORDER BY $sort");
207
208 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
209
210 if (db_num_rows($result) != 0) {
211
212 print "<p><table width=\"100%\" cellspacing=\"0\"
213 class=\"prefLabelList\" id=\"prefLabelList\">";
214
215 print "<tr><td class=\"selectPrompt\" colspan=\"8\">
216 Select:
217 <a href=\"javascript:selectPrefRows('label', true)\">All</a>,
218 <a href=\"javascript:selectPrefRows('label', false)\">None</a>
219 </td</tr>";
220
221 print "<tr class=\"title\">
222 <td width=\"5%\">&nbsp;</td>
223 <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">Caption</a></td>
224 <td width=\"50%\"><a href=\"javascript:updateLabelList('sql_exp')\">SQL Expression</a>
225 <a class=\"helpLink\" href=\"javascript:displayHelpInfobox(1)\">(?)</a>
226 </td>
227 </tr>";
228
229 $lnum = 0;
230
231 while ($line = db_fetch_assoc($result)) {
232
233 $class = ($lnum % 2) ? "even" : "odd";
234
235 $label_id = $line["id"];
236 $edit_label_id = $_GET["id"];
237
238 if ($subop == "edit" && $label_id != $edit_label_id) {
239 $class .= "Grayed";
240 $this_row_id = "";
241 } else {
242 $this_row_id = "id=\"LILRR-$label_id\"";
243 }
244
245 print "<tr class=\"$class\" $this_row_id>";
246
247 $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
248 $line["description"] = htmlspecialchars(
249 db_unescape_string($line["description"]));
250
251 if (!$line["description"]) $line["description"] = "[No caption]";
252
253 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
254 type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
255
256 print "<td><a href=\"javascript:editLabel($label_id);\">" .
257 $line["description"] . "</td>";
258
259 print "<td><a href=\"javascript:editLabel($label_id);\">" .
260 $line["sql_exp"] . "</td>";
261
262 print "</tr>";
263
264 ++$lnum;
265 }
266
267 if ($lnum == 0) {
268 print "<tr><td colspan=\"4\" align=\"center\">No labels defined.</td></tr>";
269 }
270
271 print "</table>";
272
273 print "<p id=\"labelOpToolbar\">";
274
275 print "
276 Selection:
277 <input type=\"submit\" class=\"button\" disabled=\"true\"
278 onclick=\"javascript:editSelectedLabel()\" value=\"Edit\">
279 <input type=\"submit\" class=\"button\" disabled=\"true\"
280 onclick=\"javascript:removeSelectedLabels()\" value=\"Remove\">";
281
282 } else {
283 print "<p>No labels defined.</p>";
284 }
285 }
286 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/