]> git.wh0rd.org - tt-rss.git/blob - modules/pref-labels.php
git.wh0rd.org / tt-rss.git / blob
? search:


fda73ecf069e6436be1268de805d63bcbd7abc6d
[tt-rss.git] / modules / pref-labels.php
1 <?php
2 // We need to accept raw SQL data in label queries, so not everything is escaped
3 // here, this is by design. If you don't like it, disable labels
4 // altogether with GLOBAL_ENABLE_LABELS = false
5
6 function module_pref_labels($link) {
7 if (!GLOBAL_ENABLE_LABELS) {
8
9 print __("Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.");
10 return;
11 }
12
13 $subop = $_GET["subop"];
14
15 if ($subop == "edit") {
16
17 $label_id = db_escape_string($_GET["id"]);
18
19 $result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
20 owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
21
22 $line = db_fetch_assoc($result);
23
24 $sql_exp = htmlspecialchars($line["sql_exp"]);
25 $description = htmlspecialchars($line["description"]);
26
27 print "<div id=\"infoBoxTitle\">Label editor</div>";
28 print "<div class=\"infoBoxContents\">";
29
30 print "<form id=\"label_edit_form\" onsubmit='return false'>";
31
32 print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
33 print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
34 print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
35
36 print "<table width='100%'>";
37
38 print "<tr><td>Caption:</td>
39 <td><input onkeypress=\"return filterCR(event, labelEditSave)\"
40 onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
41 onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
42 name=\"description\" class=\"iedit\" value=\"$description\">";
43
44 print "</td></tr>";
45
46 print "<tr><td colspan=\"2\">
47 <p>SQL Expression:</p>";
48
49 print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
50 rows=\"4\" name=\"sql_exp\" class=\"iedit\">$sql_exp</textarea>";
51 print "</td></tr></table>";
52
53 print "</form>";
54
55 print "<div style=\"display : none\" id=\"label_test_result\"></div>";
56
57 print "<div align='right'>";
58
59 print "<div style='float : left'>";
60 print "<input type=\"submit\"
61 class=\"button\" onclick=\"return displayHelpInfobox(1)\"
62 value=\"".__('Help')."\"> ";
63 print "</div>";
64
65 $is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
66
67 print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
68 ";
69
70 print "<input type=\"submit\"
71 id=\"infobox_submit\"
72 class=\"button\" onclick=\"return labelEditSave()\"
73 value=\"Save\"> ";
74
75 print "<input class=\"button\"
76 type=\"submit\" onclick=\"return labelEditCancel()\"
77 value=\"Cancel\">";
78
79 print "</div>";
80
81 return;
82 }
83
84 if ($subop == "test") {
85
86 // no escaping here on purpose
87 $expr = trim($_GET["expr"]);
88 $descr = db_escape_string(trim($_GET["descr"]));
89
90 $expr = str_replace(";", "", $expr);
91
92 if (!$expr) {
93 print "<div>Error: SQL expression is blank.</div>";
94 return;
95 }
96
97 print "<div>";
98
99 error_reporting(0);
100
101
102 $result = db_query($link,
103 "SELECT count(ttrss_entries.id) AS num_matches
104 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
105 WHERE ($expr) AND
106 ttrss_user_entries.ref_id = ttrss_entries.id AND
107 ttrss_user_entries.feed_id = ttrss_feeds.id AND
108 ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
109
110 error_reporting (DEFAULT_ERROR_LEVEL);
111
112 if (!$result) {
113 print "<div class=\"labelTestError\">" . db_last_error($link) . "</div>";
114 print "</div>";
115 return;
116 }
117
118 $num_matches = db_fetch_result($result, 0, "num_matches");;
119
120 if ($num_matches > 0) {
121
122 if ($num_matches > 10) {
123 $showing_msg = ", showing first 10";
124 }
125
126 print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
127
128 $result = db_query($link,
129 "SELECT ttrss_entries.title,
130 (SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
131 FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
132 WHERE ($expr) AND
133 ttrss_user_entries.ref_id = ttrss_entries.id
134 AND ttrss_user_entries.feed_id = ttrss_feeds.id
135 AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
136 ORDER BY date_entered LIMIT 10", false);
137
138 print "<ul class=\"labelTestResults\">";
139
140 $row_class = "even";
141
142 while ($line = db_fetch_assoc($result)) {
143 $row_class = toggleEvenOdd($row_class);
144
145 print "<li class=\"$row_class\">".$line["title"].
146 " <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
147 }
148 print "</ul>";
149
150 } else {
151 print "<p>Query didn't return any matches.</p>";
152 }
153
154 print "</div>";
155
156 return;
157 }
158
159 if ($subop == "editSave") {
160
161 $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
162 $descr = db_escape_string(trim($_GET["description"]));
163 $label_id = db_escape_string($_GET["id"]);
164
165 $sql_exp = str_replace(";", "", $sql_exp);
166
167 $result = db_query($link, "UPDATE ttrss_labels SET
168 sql_exp = '$sql_exp',
169 description = '$descr'
170 WHERE id = '$label_id'");
171
172 if (db_affected_rows($link, $result) != 0) {
173 print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr)));
174 }
175
176 }
177
178 if ($subop == "remove") {
179
180 if (!WEB_DEMO_MODE) {
181
182 $ids = split(",", db_escape_string($_GET["ids"]));
183
184 foreach ($ids as $id) {
185 db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
186
187 }
188 }
189 }
190
191 if ($subop == "add") {
192
193 $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
194 $description = db_escape_string($_GET["description"]);
195
196 $sql_exp = str_replace(";", "", $sql_exp);
197
198 if (!$sql_exp || !$description) return;
199
200 $result = db_query($link,
201 "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
202 VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
203
204 if (db_affected_rows($link, $result) != 0) {
205 print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description));
206 }
207
208 return;
209 }
210
211 set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
212
213 $sort = db_escape_string($_GET["sort"]);
214
215 if (!$sort || $sort == "undefined") {
216 $sort = "description";
217 }
218
219 $label_search = db_escape_string($_GET["search"]);
220
221 if (array_key_exists("search", $_GET)) {
222 $_SESSION["prefs_label_search"] = $label_search;
223 } else {
224 $label_search = $_SESSION["prefs_label_search"];
225 }
226
227 print "<div class=\"feedEditSearch\">
228 <input id=\"label_search\" size=\"20\" type=\"search\"
229 onfocus=\"javascript:disableHotkeys();\"
230 onblur=\"javascript:enableHotkeys();\"
231 onchange=\"javascript:updateLabelList()\" value=\"$label_search\">
232 <input type=\"submit\" class=\"button\"
233 onclick=\"javascript:updateLabelList()\" value=\"".__('Search')."\">
234 <p><a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
235 <img src='images/sign_quest.gif'></a></p>
236 </div>";
237
238 print "<div class=\"prefGenericAddBox\">";
239
240 print"<input type=\"submit\" class=\"button\"
241 id=\"label_create_btn\"
242 onclick=\"return displayDlg('quickAddLabel', false)\"
243 value=\"".__('Create label')."\"></div>";
244
245 if ($label_search) {
246 $label_search_query = "(sql_exp LIKE '%$label_search%' OR
247 description LIKE '%$label_search%') AND";
248 } else {
249 $label_search_query = "";
250 }
251
252 $result = db_query($link, "SELECT
253 id,sql_exp,description
254 FROM
255 ttrss_labels
256 WHERE
257 $label_search_query
258 owner_uid = ".$_SESSION["uid"]."
259 ORDER BY $sort");
260
261 // print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
262
263 if (db_num_rows($result) != 0) {
264
265 print "<p><table width=\"100%\" cellspacing=\"0\"
266 class=\"prefLabelList\" id=\"prefLabelList\">";
267
268 print "<tr><td class=\"selectPrompt\" colspan=\"8\">
269 ".__('Select:')."
270 <a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>,
271 <a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a>
272 </td</tr>";
273
274 print "<tr class=\"title\">
275 <td width=\"5%\">&nbsp;</td>
276 <td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
277 <td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
278 </td>
279 </tr>";
280
281 $lnum = 0;
282
283 while ($line = db_fetch_assoc($result)) {
284
285 $class = ($lnum % 2) ? "even" : "odd";
286
287 $label_id = $line["id"];
288 $edit_label_id = $_GET["id"];
289
290 if ($subop == "edit" && $label_id != $edit_label_id) {
291 $class .= "Grayed";
292 $this_row_id = "";
293 } else {
294 $this_row_id = "id=\"LILRR-$label_id\"";
295 }
296
297 print "<tr class=\"$class\" $this_row_id>";
298
299 $line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
300 $line["description"] = htmlspecialchars($line["description"]);
301
302 if (!$line["description"]) $line["description"] = __("[No caption]");
303
304 $onclick = "onclick='editLabel($label_id)' title='".__('Click to edit')."'";
305
306 print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
307 type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
308
309 print "<td $onclick>" . $line["description"] . "</td>";
310 print "<td $onclick>" . $line["sql_exp"] . "</td>";
311
312 print "</tr>";
313
314 ++$lnum;
315 }
316
317 print "</table>";
318
319 print "<p id=\"labelOpToolbar\">";
320
321 print "<input type=\"submit\" class=\"button\" disabled=\"true\"
322 onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
323 <input type=\"submit\" class=\"button\" disabled=\"true\"
324 onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";
325
326 } else {
327 print "<p>";
328 if (!$label_search) {
329 print __('No labels defined.');
330 } else {
331 print __('No matching labels found.');
332 }
333 print "</p>";
334
335 }
336 }
337 ?>
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/