2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
6 function module_pref_labels($link) {
7 if (!GLOBAL_ENABLE_LABELS) {
9 print __("Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.");
13 $subop = $_GET["subop"];
15 if ($subop == "edit") {
17 $label_id = db_escape_string($_GET["id"]);
19 $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
22 $line = db_fetch_assoc($result);
24 $sql_exp = htmlspecialchars($line["sql_exp"]);
25 $description = htmlspecialchars($line["description"]);
27 print "<div id=\"infoBoxTitle\">Label Editor</div>";
28 print "<div class=\"infoBoxContents\">";
30 print "<form id=\"label_edit_form\" onsubmit='return false'>";
32 print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
33 print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
34 print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
36 print "<div class=\"dlgSec\">".__("Caption")."</div>";
38 print "<div class=\"dlgSecCont\">";
40 print "<input onkeypress=\"return filterCR(event, labelEditSave)\"
41 onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
42 onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
43 name=\"description\" size=\"30\" value=\"$description\">";
46 print "<div class=\"dlgSec\">".__("Match SQL")."</div>";
48 print "<div class=\"dlgSecCont\">";
50 print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
51 rows=\"6\" name=\"sql_exp\" class=\"labelSQL\" cols=\"50\">$sql_exp</textarea>";
57 print "<div style=\"display : none\" id=\"label_test_result\"></div>";
59 print "<div class=\"dlgButtons\">";
61 print "<div style='float : left'>";
62 print "<input type=\"submit\"
63 class=\"button\" onclick=\"return displayHelpInfobox(1)\"
64 value=\"".__('Help')."\"> ";
67 $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
69 print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
72 print "<input type=\"submit\"
74 class=\"button\" onclick=\"return labelEditSave()\"
77 print "<input class=\"button\"
78 type=\"submit\" onclick=\"return labelEditCancel()\"
86 if ($subop == "test") {
88 // no escaping here on purpose
89 $expr = trim($_GET["expr"]);
90 $descr = db_escape_string(trim($_GET["descr"]));
92 $expr = str_replace(";", "", $expr);
95 print "<div>Error: SQL expression is blank.</div>";
104 $result = db_query($link,
105 "SELECT count(ttrss_entries.id) AS num_matches
106 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
108 ttrss_user_entries.ref_id = ttrss_entries.id AND
109 ttrss_user_entries.feed_id = ttrss_feeds.id AND
110 ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
112 error_reporting (DEFAULT_ERROR_LEVEL);
115 print "<div class=\"labelTestError\">" . db_last_error($link) . "</div>";
120 $num_matches = db_fetch_result($result, 0, "num_matches");;
122 if ($num_matches > 0) {
124 if ($num_matches > 10) {
125 $showing_msg = ", showing first 10";
128 print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
130 $result = db_query($link,
131 "SELECT ttrss_entries.title,
132 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
133 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
135 ttrss_user_entries.ref_id = ttrss_entries.id
136 AND ttrss_user_entries.feed_id = ttrss_feeds.id
137 AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
138 ORDER BY date_entered LIMIT 10", false);
140 print "<ul class=\"labelTestResults\">";
144 while ($line = db_fetch_assoc($result)) {
145 $row_class = toggleEvenOdd($row_class);
147 print "<li class=\"$row_class\">".$line["title"].
148 " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
153 print "<p>Query didn't return any matches.</p>";
161 if ($subop == "editSave") {
163 $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
164 $descr = db_escape_string(trim($_GET["description"]));
165 $label_id = db_escape_string($_GET["id"]);
167 $sql_exp = str_replace(";", "", $sql_exp);
169 $result = db_query($link, "UPDATE ttrss_labels SET
170 sql_exp = '$sql_exp',
171 description = '$descr'
172 WHERE id = '$label_id'");
174 if (db_affected_rows($link, $result) != 0) {
175 print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr)));
180 if ($subop == "remove") {
182 if (!WEB_DEMO_MODE) {
184 $ids = split(",", db_escape_string($_GET["ids"]));
186 foreach ($ids as $id) {
187 db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
193 if ($subop == "add") {
195 $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
196 $description = db_escape_string($_GET["description"]);
198 $sql_exp = str_replace(";", "", $sql_exp);
200 if (!$sql_exp || !$description) return;
202 $result = db_query($link,
203 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
204 VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
206 if (db_affected_rows($link, $result) != 0) {
207 print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description));
213 set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
215 $sort = db_escape_string($_GET["sort"]);
217 if (!$sort || $sort == "undefined") {
218 $sort = "description";
221 $label_search = db_escape_string($_GET["search"]);
223 if (array_key_exists("search", $_GET)) {
224 $_SESSION["prefs_label_search"] = $label_search;
226 $label_search = $_SESSION["prefs_label_search"];
229 print "<div class=\"feedEditSearch\">
230 <input id=\"label_search\" size=\"20\" type=\"search\"
231 onfocus=\"javascript:disableHotkeys();\"
232 onblur=\"javascript:enableHotkeys();\"
233 onchange=\"javascript:updateLabelList()\" value=\"$label_search\">
234 <input type=\"submit\" class=\"button\"
235 onclick=\"javascript:updateLabelList()\" value=\"".__('Search')."\">
236 <p><a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
237 <img src='images/sign_quest.gif'></a></p>
240 print "<div class=\"prefGenericAddBox\">";
242 print"<input type=\"submit\" class=\"button\"
243 id=\"label_create_btn\"
244 onclick=\"return displayDlg('quickAddLabel', false)\"
245 value=\"".__('Create label')."\"></div>";
248 $label_search_query = "(sql_exp LIKE '%$label_search%' OR
249 description LIKE '%$label_search%') AND";
251 $label_search_query = "";
254 $result = db_query($link, "SELECT
255 id,sql_exp,description
260 owner_uid = ".$_SESSION["uid"]."
263 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
265 if (db_num_rows($result) != 0) {
267 print "<p><table width=\"100%\" cellspacing=\"0\"
268 class=\"prefLabelList\" id=\"prefLabelList\">";
270 print "<tr><td class=\"selectPrompt\" colspan=\"8\">
272 <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>,
273 <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a>
276 print "<tr class=\"title\">
277 <td width=\"5%\"> </td>
278 <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
279 <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
285 while ($line = db_fetch_assoc($result)) {
287 $class = ($lnum % 2) ? "even" : "odd";
289 $label_id = $line["id"];
290 $edit_label_id = $_GET["id"];
292 if ($subop == "edit" && $label_id != $edit_label_id) {
296 $this_row_id = "id=\"LILRR-$label_id\"";
299 print "<tr class=\"$class\" $this_row_id>";
301 $line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
302 $line["description"] = htmlspecialchars($line["description"]);
304 if (!$line["description"]) $line["description"] = __("[No caption]");
306 $onclick = "onclick='editLabel($label_id)' title='".__('Click to edit')."'";
308 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
309 type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
311 print "<td $onclick>" . $line["description"] . "</td>";
312 print "<td $onclick>" . $line["sql_exp"] . "</td>";
321 print "<p id=\"labelOpToolbar\">";
323 print "<input type=\"submit\" class=\"button\" disabled=\"true\"
324 onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
325 <input type=\"submit\" class=\"button\" disabled=\"true\"
326 onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";
330 if (!$label_search) {
331 print __('No labels defined.');
333 print __('No matching labels found.');
projects / tt-rss.git / blob