]>
git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
fda73ecf069e6436be1268de805d63bcbd7abc6d
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
6 function module_pref_labels ( $link ) {
7 if (! GLOBAL_ENABLE_LABELS
) {
9 print __ ( "Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality." );
13 $subop = $_GET [ "subop" ];
15 if ( $subop == "edit" ) {
17 $label_id = db_escape_string ( $_GET [ "id" ]);
19 $result = db_query ( $link , "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = " . $_SESSION [ "uid" ]. " AND id = ' $label_id ' ORDER by description" );
22 $line = db_fetch_assoc ( $result );
24 $sql_exp = htmlspecialchars ( $line [ "sql_exp" ]);
25 $description = htmlspecialchars ( $line [ "description" ]);
27 print "<div id= \" infoBoxTitle \" >Label editor</div>" ;
28 print "<div class= \" infoBoxContents \" >" ;
30 print "<form id= \" label_edit_form \" onsubmit='return false'>" ;
32 print "<input type= \" hidden \" name= \" op \" value= \" pref-labels \" >" ;
33 print "<input type= \" hidden \" name= \" id \" value= \" $label_id\" >" ;
34 print "<input type= \" hidden \" name= \" subop \" value= \" editSave \" >" ;
36 print "<table width='100%'>" ;
38 print "<tr><td>Caption:</td>
39 <td><input onkeypress= \" return filterCR(event, labelEditSave) \"
40 onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
41 onchange= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
42 name= \" description \" class= \" iedit \" value= \" $description\" >" ;
46 print "<tr><td colspan= \" 2 \" >
47 <p>SQL Expression:</p>" ;
49 print "<textarea onkeyup= \" toggleSubmitNotEmpty(this, 'infobox_submit') \"
50 rows= \" 4 \" name= \" sql_exp \" class= \" iedit \" > $sql_exp </textarea>" ;
51 print "</td></tr></table>" ;
55 print "<div style= \" display : none \" id= \" label_test_result \" ></div>" ;
57 print "<div align='right'>" ;
59 print "<div style='float : left'>" ;
60 print "<input type= \" submit \"
61 class= \" button \" onclick= \" return displayHelpInfobox(1) \"
62 value= \" " . __ ( 'Help' ). " \" > " ;
65 $is_disabled = ( strpos ( $_SERVER [ 'HTTP_USER_AGENT' ], 'Opera' ) !== FALSE ) ?
"disabled" : "" ;
67 print "<input $is_disabled type= \" submit \" onclick= \" return labelTest() \" value= \" Test \" >
70 print "<input type= \" submit \"
72 class= \" button \" onclick= \" return labelEditSave() \"
75 print "<input class= \" button \"
76 type= \" submit \" onclick= \" return labelEditCancel() \"
84 if ( $subop == "test" ) {
86 // no escaping here on purpose
87 $expr = trim ( $_GET [ "expr" ]);
88 $descr = db_escape_string ( trim ( $_GET [ "descr" ]));
90 $expr = str_replace ( ";" , "" , $expr );
93 print "<div>Error: SQL expression is blank.</div>" ;
102 $result = db_query ( $link ,
103 "SELECT count(ttrss_entries.id) AS num_matches
104 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
106 ttrss_user_entries.ref_id = ttrss_entries.id AND
107 ttrss_user_entries.feed_id = ttrss_feeds.id AND
108 ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ], false );
110 error_reporting ( DEFAULT_ERROR_LEVEL
);
113 print "<div class= \" labelTestError \" >" . db_last_error ( $link ) . "</div>" ;
118 $num_matches = db_fetch_result ( $result , 0 , "num_matches" );;
120 if ( $num_matches > 0 ) {
122 if ( $num_matches > 10 ) {
123 $showing_msg = ", showing first 10" ;
126 print "<p>Query returned <b> $num_matches </b> matches $showing_msg :</p>" ;
128 $result = db_query ( $link ,
129 "SELECT ttrss_entries.title,
130 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
131 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
133 ttrss_user_entries.ref_id = ttrss_entries.id
134 AND ttrss_user_entries.feed_id = ttrss_feeds.id
135 AND ttrss_user_entries.owner_uid = " . $_SESSION [ "uid" ] . "
136 ORDER BY date_entered LIMIT 10" , false );
138 print "<ul class= \" labelTestResults \" >" ;
142 while ( $line = db_fetch_assoc ( $result )) {
143 $row_class = toggleEvenOdd ( $row_class );
145 print "<li class= \" $row_class\" >" . $line [ "title" ].
146 " <span class= \" insensitive \" >(" . $line [ "feed_title" ]. ")</span></li>" ;
151 print "<p>Query didn't return any matches.</p>" ;
159 if ( $subop == "editSave" ) {
161 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
162 $descr = db_escape_string ( trim ( $_GET [ "description" ]));
163 $label_id = db_escape_string ( $_GET [ "id" ]);
165 $sql_exp = str_replace ( ";" , "" , $sql_exp );
167 $result = db_query ( $link , "UPDATE ttrss_labels SET
168 sql_exp = ' $sql_exp ',
169 description = ' $descr '
170 WHERE id = ' $label_id '" );
172 if ( db_affected_rows ( $link , $result ) != 0 ) {
173 print_notice ( T_sprintf ( "Saved label <b> %s </b>" , htmlspecialchars ( $descr )));
178 if ( $subop == "remove" ) {
180 if (! WEB_DEMO_MODE
) {
182 $ids = split ( "," , db_escape_string ( $_GET [ "ids" ]));
184 foreach ( $ids as $id ) {
185 db_query ( $link , "DELETE FROM ttrss_labels WHERE id = ' $id '" );
191 if ( $subop == "add" ) {
193 $sql_exp = db_escape_string ( trim ( $_GET [ "sql_exp" ]));
194 $description = db_escape_string ( $_GET [ "description" ]);
196 $sql_exp = str_replace ( ";" , "" , $sql_exp );
198 if (! $sql_exp ||
! $description ) return ;
200 $result = db_query ( $link ,
201 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
202 VALUES (' $sql_exp ', ' $description ', '" . $_SESSION [ "uid" ]. "')" );
204 if ( db_affected_rows ( $link , $result ) != 0 ) {
205 print T_sprintf ( "Created label <b> %s </b>" , htmlspecialchars ( $description ));
211 set_pref ( $link , "_PREFS_ACTIVE_TAB" , "labelConfig" );
213 $sort = db_escape_string ( $_GET [ "sort" ]);
215 if (! $sort ||
$sort == "undefined" ) {
216 $sort = "description" ;
219 $label_search = db_escape_string ( $_GET [ "search" ]);
221 if ( array_key_exists ( "search" , $_GET )) {
222 $_SESSION [ "prefs_label_search" ] = $label_search ;
224 $label_search = $_SESSION [ "prefs_label_search" ];
227 print "<div class= \" feedEditSearch \" >
228 <input id= \" label_search \" size= \" 20 \" type= \" search \"
229 onfocus= \" javascript:disableHotkeys(); \"
230 onblur= \" javascript:enableHotkeys(); \"
231 onchange= \" javascript:updateLabelList() \" value= \" $label_search\" >
232 <input type= \" submit \" class= \" button \"
233 onclick= \" javascript:updateLabelList() \" value= \" " . __ ( 'Search' ). " \" >
234 <p><a class='helpLinkPic' href= \" javascript:displayHelpInfobox(1) \" >
235 <img src='images/sign_quest.gif'></a></p>
238 print "<div class= \" prefGenericAddBox \" >" ;
240 print "<input type= \" submit \" class= \" button \"
241 id= \" label_create_btn \"
242 onclick= \" return displayDlg('quickAddLabel', false) \"
243 value= \" " . __ ( 'Create label' ). " \" ></div>" ;
246 $label_search_query = "(sql_exp LIKE '% $label_search %' OR
247 description LIKE '% $label_search %') AND" ;
249 $label_search_query = "" ;
252 $result = db_query ( $link , "SELECT
253 id,sql_exp,description
258 owner_uid = " . $_SESSION [ "uid" ]. "
261 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
263 if ( db_num_rows ( $result ) != 0 ) {
265 print "<p><table width= \" 100% \" cellspacing= \" 0 \"
266 class= \" prefLabelList \" id= \" prefLabelList \" >" ;
268 print "<tr><td class= \" selectPrompt \" colspan= \" 8 \" >
270 <a href= \" javascript:selectPrefRows('label', true) \" >" . __ ( 'All' ). "</a>,
271 <a href= \" javascript:selectPrefRows('label', false) \" >" . __ ( 'None' ). "</a>
274 print "<tr class= \" title \" >
275 <td width= \" 5% \" > </td>
276 <td width= \" 30% \" ><a href= \" javascript:updateLabelList('description') \" >" . __ ( 'Caption' ). "</a></td>
277 <td width= \"\" ><a href= \" javascript:updateLabelList('sql_exp') \" >" . __ ( 'SQL Expression' ). "</a>
283 while ( $line = db_fetch_assoc ( $result )) {
285 $class = ( $lnum %
2 ) ?
"even" : "odd" ;
287 $label_id = $line [ "id" ];
288 $edit_label_id = $_GET [ "id" ];
290 if ( $subop == "edit" && $label_id != $edit_label_id ) {
294 $this_row_id = "id= \" LILRR- $label_id\" " ;
297 print "<tr class= \" $class\" $this_row_id >" ;
299 $line [ "sql_exp" ] = htmlspecialchars ( $line [ "sql_exp" ]);
300 $line [ "description" ] = htmlspecialchars ( $line [ "description" ]);
302 if (! $line [ "description" ]) $line [ "description" ] = __ ( "[No caption]" );
304 $onclick = "onclick='editLabel( $label_id )' title='" . __ ( 'Click to edit' ). "'" ;
306 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \" label \" );'
307 type= \" checkbox \" id= \" LICHK-" . $line [ "id" ]. " \" ></td>" ;
309 print "<td $onclick >" . $line [ "description" ] . "</td>" ;
310 print "<td $onclick >" . $line [ "sql_exp" ] . "</td>" ;
319 print "<p id= \" labelOpToolbar \" >" ;
321 print "<input type= \" submit \" class= \" button \" disabled= \" true \"
322 onclick= \" javascript:editSelectedLabel() \" value= \" " . __ ( 'Edit' ). " \" >
323 <input type= \" submit \" class= \" button \" disabled= \" true \"
324 onclick= \" javascript:removeSelectedLabels() \" value= \" " . __ ( 'Remove' ). " \" >" ;
328 if (! $label_search ) {
329 print __ ( 'No labels defined.' );
331 print __ ( 'No matching labels found.' );