]>
git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
6 function module_pref_labels ( $link ) {
7 if (! GLOBAL_ENABLE_LABELS
) {
9 print __ ( "Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality." );
13 $subop = $_GET [ "subop" ];
15 if ( $subop == "edit" ) {
17 $label_id = db_escape_string ( $_GET [ "id" ]);
19 $result = db_query ( $link , "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = " . $_SESSION [ "uid" ]. " AND id = ' $label_id ' ORDER by description" );
22 $line = db_fetch_assoc ( $result );
24 $sql_exp = htmlspecialchars ( $line [ "sql_exp" ]);
25 $description = htmlspecialchars ( $line [ "description" ]);
27 print "<div id= \" infoBoxTitle \" >Label Editor</div>" ;
28 print "<div class= \" infoBoxContents \" >" ;
30 print "<form id= \" label_edit_form \" onsubmit='return false'>" ;
32 print "<input type= \" hidden \" name= \" op \" value= \" pref-labels \" >" ;
33 print "<input type= \" hidden \" name= \" id \" value= \" $label_id\" >" ;
34 print "<input type= \" hidden \" name= \" subop \" value= \" editSave \" >" ;
36 print "<div class= \" dlgSec \" >" . __ ( "Caption" ). "</div>" ;
38 print "<div class= \" dlgSecCont \" >" ;
40 print "<input onkeypress= \" return filterCR(event, labelEditSave) \"
41 onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
42 onchange= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
43 name= \" description \" size= \" 30 \" value= \" $description\" >" ;
46 print "<div class= \" dlgSec \" >" . __ ( "Match SQL" ). "</div>" ;
48 print "<div class= \" dlgSecCont \" >" ;
50 print "<textarea onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
51 rows= \" 6 \" name= \" sql_exp \" class= \" labelSQL \" cols= \" 50 \" > $sql_exp </textarea>" ;
55 print_label_dlg_common_examples ();
61 print "<div style= \" display : none \" id= \" label_test_result \" ></div>" ;
63 print "<div class= \" dlgButtons \" >" ;
65 print "<div style='float : left'>" ;
66 print "<input type= \" submit \"
67 class= \" button \" onclick= \" return displayHelpInfobox(1) \"
68 value= \" " . __ ( 'Help' ). " \" > " ;
71 $is_disabled = ( strpos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'Opera' ) !== FALSE ) ?
"disabled" : "" ;
73 print "<input $is_disabled type= \" submit \" onclick= \" return labelTest() \" value= \" Test \" >
76 print "<input type= \" submit \"
78 class= \" button \" onclick= \" return labelEditSave() \"
81 print "<input class= \" button \"
82 type= \" submit \" onclick= \" return labelEditCancel() \"
90 if ( $subop == "test" ) {
92 // no escaping here on purpose
93 $expr = trim ( $_GET [ "expr" ]);
94 $descr = db_escape_string ( trim ( $_GET [ "descr" ]));
96 $expr = str_replace ( ";" , "" , $expr );
99 print "<p>" . __ ( "Error: SQL expression is blank." ). "</p>" ;
108 $result = db_query ( $link ,
109 "SELECT count(ttrss_entries.id) AS num_matches
110 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
112 ttrss_user_entries.ref_id = ttrss_entries.id AND
113 ttrss_user_entries.feed_id = ttrss_feeds.id AND
114 ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ], false );
116 error_reporting ( DEFAULT_ERROR_LEVEL
);
119 print "<div class= \" labelTestError \" >" . db_last_error ( $link ) . "</div>" ;
124 $num_matches = db_fetch_result ( $result , 0 , "num_matches" );;
126 if ( $num_matches > 0 ) {
128 if ( $num_matches > 10 ) {
129 $showing_msg = ", showing first 10" ;
132 print "<p>Query returned <b> $num_matches </b> matches $showing_msg :</p>" ;
134 $result = db_query ( $link ,
135 "SELECT ttrss_entries.title,
136 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
137 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
139 ttrss_user_entries.ref_id = ttrss_entries.id
140 AND ttrss_user_entries.feed_id = ttrss_feeds.id
141 AND ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ] . "
142 ORDER BY date_entered LIMIT 10" , false );
144 print "<ul class= \" labelTestResults \" >" ;
148 while ( $line = db_fetch_assoc ( $result )) {
149 $row_class = toggleEvenOdd ( $row_class );
151 print "<li class= \" $row_class\" >" . $line [ "title" ].
152 " <span class= \" insensitive \" >(" . $line [ "feed_title" ]. ")</span></li>" ;
157 print "<p>Query didn't return any matches.</p>" ;
165 if ( $subop == "editSave" ) {
167 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
168 $descr = db_escape_string ( trim ( $_GET [ "description" ]));
169 $label_id = db_escape_string ( $_GET [ "id" ]);
171 $sql_exp = str_replace ( ";" , "" , $sql_exp );
173 $result = db_query ( $link , "UPDATE ttrss_labels SET
174 sql_exp = ' $sql_exp ',
175 description = ' $descr '
176 WHERE id = ' $label_id '" );
178 if ( db_affected_rows ( $link , $result ) != 0 ) {
179 print_notice ( T_sprintf ( "Saved label <b> %s </b>" , htmlspecialchars ( $descr )));
184 if ( $subop == "remove" ) {
186 if (! WEB_DEMO_MODE
) {
188 $ids = split ( "," , db_escape_string ( $_GET [ "ids" ]));
190 foreach ( $ids as $id ) {
191 db_query ( $link , "DELETE FROM ttrss_labels WHERE id = ' $id '" );
197 if ( $subop == "add" ) {
199 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
200 $description = db_escape_string ( $_GET [ "description" ]);
202 $sql_exp = str_replace ( ";" , "" , $sql_exp );
204 if (! $sql_exp ||
! $description ) return ;
206 $result = db_query ( $link ,
207 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
208 VALUES (' $sql_exp ', ' $description ', '" . $_SESSION [ "uid" ]. "')" );
210 if ( db_affected_rows ( $link , $result ) != 0 ) {
211 print T_sprintf ( "Created label <b> %s </b>" , htmlspecialchars ( $description ));
217 set_pref ( $link , "_PREFS_ACTIVE_TAB" , "labelConfig" );
219 $sort = db_escape_string ( $_GET [ "sort" ]);
221 if (! $sort ||
$sort == "undefined" ) {
222 $sort = "description" ;
225 $label_search = db_escape_string ( $_GET [ "search" ]);
227 if ( array_key_exists ( "search" , $_GET )) {
228 $_SESSION [ "prefs_label_search" ] = $label_search ;
230 $label_search = $_SESSION [ "prefs_label_search" ];
233 print "<div class= \" feedEditSearch \" >
234 <input id= \" label_search \" size= \" 20 \" type= \" search \"
235 onfocus= \" javascript:disableHotkeys(); \"
236 onblur= \" javascript:enableHotkeys(); \"
237 onchange= \" javascript:updateLabelList() \" value= \" $label_search\" >
238 <input type= \" submit \" class= \" button \"
239 onclick= \" javascript:updateLabelList() \" value= \" " . __ ( 'Search' ). " \" >
240 <p><a class='helpLinkPic' href= \" javascript:displayHelpInfobox(1) \" >
241 <img src='images/sign_quest.gif'></a></p>
244 print "<div class= \" prefGenericAddBox \" >" ;
246 print "<input type= \" submit \" class= \" button \"
247 id= \" label_create_btn \"
248 onclick= \" return displayDlg('quickAddLabel', false) \"
249 value= \" " . __ ( 'Create label' ). " \" ></div>" ;
252 $label_search_query = "(sql_exp LIKE '% $label_search %' OR
253 description LIKE '% $label_search %') AND" ;
255 $label_search_query = "" ;
258 $result = db_query ( $link , "SELECT
259 id,sql_exp,description
264 owner_uid = " . $_SESSION [ "uid" ]. "
267 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
269 if ( db_num_rows ( $result ) != 0 ) {
271 print "<p><table width= \" 100% \" cellspacing= \" 0 \"
272 class= \" prefLabelList \" id= \" prefLabelList \" >" ;
274 print "<tr><td class= \" selectPrompt \" colspan= \" 8 \" >
276 <a href= \" javascript:selectPrefRows('label', true) \" >" . __ ( 'All' ). "</a>,
277 <a href= \" javascript:selectPrefRows('label', false) \" >" . __ ( 'None' ). "</a>
280 print "<tr class= \" title \" >
281 <td width= \" 5% \" > </td>
282 <td width= \" 30% \" ><a href= \" javascript:updateLabelList('description') \" >" . __ ( 'Caption' ). "</a></td>
283 <td width= \"\" ><a href= \" javascript:updateLabelList('sql_exp') \" >" . __ ( 'SQL Expression' ). "</a>
289 while ( $line = db_fetch_assoc ( $result )) {
291 $class = ( $lnum %
2 ) ?
"even" : "odd" ;
293 $label_id = $line [ "id" ];
294 $edit_label_id = $_GET [ "id" ];
296 if ( $subop == "edit" && $label_id != $edit_label_id ) {
300 $this_row_id = "id= \" LILRR- $label_id\" " ;
303 print "<tr class= \" $class\" $this_row_id >" ;
305 $line [ "sql_exp" ] = htmlspecialchars ( $line [ "sql_exp" ]);
306 $line [ "description" ] = htmlspecialchars ( $line [ "description" ]);
308 if (! $line [ "description" ]) $line [ "description" ] = __ ( "[No caption]" );
310 $onclick = "onclick='editLabel( $label_id )' title='" . __ ( 'Click to edit' ). "'" ;
312 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \" label \" );'
313 type= \" checkbox \" id= \" LICHK-" . $line [ "id" ]. " \" ></td>" ;
315 print "<td $onclick >" . $line [ "description" ] . "</td>" ;
316 print "<td $onclick >" . $line [ "sql_exp" ] . "</td>" ;
325 print "<p id= \" labelOpToolbar \" >" ;
327 print "<input type= \" submit \" class= \" button \" disabled= \" true \"
328 onclick= \" javascript:editSelectedLabel() \" value= \" " . __ ( 'Edit' ). " \" >
329 <input type= \" submit \" class= \" button \" disabled= \" true \"
330 onclick= \" javascript:removeSelectedLabels() \" value= \" " . __ ( 'Remove' ). " \" >" ;
334 if (! $label_search ) {
335 print __ ( 'No labels defined.' );
337 print __ ( 'No matching labels found.' );