]>
git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
6 function module_pref_labels ( $link ) {
7 if (! GLOBAL_ENABLE_LABELS
) {
9 print __ ( "Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality." );
13 $subop = $_GET [ "subop" ];
15 if ( $subop == "edit" ) {
17 $label_id = db_escape_string ( $_GET [ "id" ]);
19 $result = db_query ( $link , "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = " . $_SESSION [ "uid" ]. " AND id = ' $label_id ' ORDER by description" );
22 $line = db_fetch_assoc ( $result );
24 $sql_exp = htmlspecialchars ( $line [ "sql_exp" ]);
25 $description = htmlspecialchars ( $line [ "description" ]);
27 print "<div id= \" infoBoxTitle \" >Label Editor</div>" ;
28 print "<div class= \" infoBoxContents \" >" ;
30 print "<form id= \" label_edit_form \" onsubmit='return false'>" ;
32 print "<input type= \" hidden \" name= \" op \" value= \" pref-labels \" >" ;
33 print "<input type= \" hidden \" name= \" id \" value= \" $label_id\" >" ;
34 print "<input type= \" hidden \" name= \" subop \" value= \" editSave \" >" ;
36 print "<div class= \" dlgSec \" >" . __ ( "Caption" ). "</div>" ;
38 print "<div class= \" dlgSecCont \" >" ;
40 print "<input onkeypress= \" return filterCR(event, labelEditSave) \"
41 onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
42 onchange= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
43 name= \" description \" size= \" 30 \" value= \" $description\" >" ;
46 print "<div class= \" dlgSec \" >" . __ ( "Match SQL" ). "</div>" ;
48 print "<div class= \" dlgSecCont \" >" ;
50 print "<textarea onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
51 rows= \" 6 \" name= \" sql_exp \" class= \" labelSQL \" cols= \" 50 \" > $sql_exp </textarea>" ;
57 print "<div style= \" display : none \" id= \" label_test_result \" ></div>" ;
59 print "<div class= \" dlgButtons \" >" ;
61 print "<div style='float : left'>" ;
62 print "<input type= \" submit \"
63 class= \" button \" onclick= \" return displayHelpInfobox(1) \"
64 value= \" " . __ ( 'Help' ). " \" > " ;
67 $is_disabled = ( strpos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'Opera' ) !== FALSE ) ?
"disabled" : "" ;
69 print "<input $is_disabled type= \" submit \" onclick= \" return labelTest() \" value= \" Test \" >
72 print "<input type= \" submit \"
74 class= \" button \" onclick= \" return labelEditSave() \"
77 print "<input class= \" button \"
78 type= \" submit \" onclick= \" return labelEditCancel() \"
86 if ( $subop == "test" ) {
88 // no escaping here on purpose
89 $expr = trim ( $_GET [ "expr" ]);
90 $descr = db_escape_string ( trim ( $_GET [ "descr" ]));
92 $expr = str_replace ( ";" , "" , $expr );
95 print "<div>Error: SQL expression is blank.</div>" ;
104 $result = db_query ( $link ,
105 "SELECT count(ttrss_entries.id) AS num_matches
106 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
108 ttrss_user_entries.ref_id = ttrss_entries.id AND
109 ttrss_user_entries.feed_id = ttrss_feeds.id AND
110 ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ], false );
112 error_reporting ( DEFAULT_ERROR_LEVEL
);
115 print "<div class= \" labelTestError \" >" . db_last_error ( $link ) . "</div>" ;
120 $num_matches = db_fetch_result ( $result , 0 , "num_matches" );;
122 if ( $num_matches > 0 ) {
124 if ( $num_matches > 10 ) {
125 $showing_msg = ", showing first 10" ;
128 print "<p>Query returned <b> $num_matches </b> matches $showing_msg :</p>" ;
130 $result = db_query ( $link ,
131 "SELECT ttrss_entries.title,
132 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
133 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
135 ttrss_user_entries.ref_id = ttrss_entries.id
136 AND ttrss_user_entries.feed_id = ttrss_feeds.id
137 AND ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ] . "
138 ORDER BY date_entered LIMIT 10" , false );
140 print "<ul class= \" labelTestResults \" >" ;
144 while ( $line = db_fetch_assoc ( $result )) {
145 $row_class = toggleEvenOdd ( $row_class );
147 print "<li class= \" $row_class\" >" . $line [ "title" ].
148 " <span class= \" insensitive \" >(" . $line [ "feed_title" ]. ")</span></li>" ;
153 print "<p>Query didn't return any matches.</p>" ;
161 if ( $subop == "editSave" ) {
163 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
164 $descr = db_escape_string ( trim ( $_GET [ "description" ]));
165 $label_id = db_escape_string ( $_GET [ "id" ]);
167 $sql_exp = str_replace ( ";" , "" , $sql_exp );
169 $result = db_query ( $link , "UPDATE ttrss_labels SET
170 sql_exp = ' $sql_exp ',
171 description = ' $descr '
172 WHERE id = ' $label_id '" );
174 if ( db_affected_rows ( $link , $result ) != 0 ) {
175 print_notice ( T_sprintf ( "Saved label <b> %s </b>" , htmlspecialchars ( $descr )));
180 if ( $subop == "remove" ) {
182 if (! WEB_DEMO_MODE
) {
184 $ids = split ( "," , db_escape_string ( $_GET [ "ids" ]));
186 foreach ( $ids as $id ) {
187 db_query ( $link , "DELETE FROM ttrss_labels WHERE id = ' $id '" );
193 if ( $subop == "add" ) {
195 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
196 $description = db_escape_string ( $_GET [ "description" ]);
198 $sql_exp = str_replace ( ";" , "" , $sql_exp );
200 if (! $sql_exp ||
! $description ) return ;
202 $result = db_query ( $link ,
203 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
204 VALUES (' $sql_exp ', ' $description ', '" . $_SESSION [ "uid" ]. "')" );
206 if ( db_affected_rows ( $link , $result ) != 0 ) {
207 print T_sprintf ( "Created label <b> %s </b>" , htmlspecialchars ( $description ));
213 set_pref ( $link , "_PREFS_ACTIVE_TAB" , "labelConfig" );
215 $sort = db_escape_string ( $_GET [ "sort" ]);
217 if (! $sort ||
$sort == "undefined" ) {
218 $sort = "description" ;
221 $label_search = db_escape_string ( $_GET [ "search" ]);
223 if ( array_key_exists ( "search" , $_GET )) {
224 $_SESSION [ "prefs_label_search" ] = $label_search ;
226 $label_search = $_SESSION [ "prefs_label_search" ];
229 print "<div class= \" feedEditSearch \" >
230 <input id= \" label_search \" size= \" 20 \" type= \" search \"
231 onfocus= \" javascript:disableHotkeys(); \"
232 onblur= \" javascript:enableHotkeys(); \"
233 onchange= \" javascript:updateLabelList() \" value= \" $label_search\" >
234 <input type= \" submit \" class= \" button \"
235 onclick= \" javascript:updateLabelList() \" value= \" " . __ ( 'Search' ). " \" >
236 <p><a class='helpLinkPic' href= \" javascript:displayHelpInfobox(1) \" >
237 <img src='images/sign_quest.gif'></a></p>
240 print "<div class= \" prefGenericAddBox \" >" ;
242 print "<input type= \" submit \" class= \" button \"
243 id= \" label_create_btn \"
244 onclick= \" return displayDlg('quickAddLabel', false) \"
245 value= \" " . __ ( 'Create label' ). " \" ></div>" ;
248 $label_search_query = "(sql_exp LIKE '% $label_search %' OR
249 description LIKE '% $label_search %') AND" ;
251 $label_search_query = "" ;
254 $result = db_query ( $link , "SELECT
255 id,sql_exp,description
260 owner_uid = " . $_SESSION [ "uid" ]. "
263 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
265 if ( db_num_rows ( $result ) != 0 ) {
267 print "<p><table width= \" 100% \" cellspacing= \" 0 \"
268 class= \" prefLabelList \" id= \" prefLabelList \" >" ;
270 print "<tr><td class= \" selectPrompt \" colspan= \" 8 \" >
272 <a href= \" javascript:selectPrefRows('label', true) \" >" . __ ( 'All' ). "</a>,
273 <a href= \" javascript:selectPrefRows('label', false) \" >" . __ ( 'None' ). "</a>
276 print "<tr class= \" title \" >
277 <td width= \" 5% \" > </td>
278 <td width= \" 30% \" ><a href= \" javascript:updateLabelList('description') \" >" . __ ( 'Caption' ). "</a></td>
279 <td width= \"\" ><a href= \" javascript:updateLabelList('sql_exp') \" >" . __ ( 'SQL Expression' ). "</a>
285 while ( $line = db_fetch_assoc ( $result )) {
287 $class = ( $lnum %
2 ) ?
"even" : "odd" ;
289 $label_id = $line [ "id" ];
290 $edit_label_id = $_GET [ "id" ];
292 if ( $subop == "edit" && $label_id != $edit_label_id ) {
296 $this_row_id = "id= \" LILRR- $label_id\" " ;
299 print "<tr class= \" $class\" $this_row_id >" ;
301 $line [ "sql_exp" ] = htmlspecialchars ( $line [ "sql_exp" ]);
302 $line [ "description" ] = htmlspecialchars ( $line [ "description" ]);
304 if (! $line [ "description" ]) $line [ "description" ] = __ ( "[No caption]" );
306 $onclick = "onclick='editLabel( $label_id )' title='" . __ ( 'Click to edit' ). "'" ;
308 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \" label \" );'
309 type= \" checkbox \" id= \" LICHK-" . $line [ "id" ]. " \" ></td>" ;
311 print "<td $onclick >" . $line [ "description" ] . "</td>" ;
312 print "<td $onclick >" . $line [ "sql_exp" ] . "</td>" ;
321 print "<p id= \" labelOpToolbar \" >" ;
323 print "<input type= \" submit \" class= \" button \" disabled= \" true \"
324 onclick= \" javascript:editSelectedLabel() \" value= \" " . __ ( 'Edit' ). " \" >
325 <input type= \" submit \" class= \" button \" disabled= \" true \"
326 onclick= \" javascript:removeSelectedLabels() \" value= \" " . __ ( 'Remove' ). " \" >" ;
330 if (! $label_search ) {
331 print __ ( 'No labels defined.' );
333 print __ ( 'No matching labels found.' );