}
function redirect() {
+ $id = clean($_REQUEST['id']);
+
$sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = ? AND id = ref_id AND owner_uid = ?
LIMIT 1");
}
function view() {
- $id = $_REQUEST["id"];
- $cids = explode(",", $_REQUEST["cids"]);
- $mode = $_REQUEST["mode"];
+ $id = clean($_REQUEST["id"]);
+ $cids = explode(",", clean($_REQUEST["cids"]));
+ $mode = clean($_REQUEST["mode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
print __("Tags for this article (separated by commas):")."<br>";
- $param = $_REQUEST['param'];
+ $param = clean($_REQUEST['param']);
$tags = Article::get_article_tags($param);
}
function setScore() {
- $ids = explode(",", $_REQUEST['id']);
- $score = (int)$_REQUEST['score'];
+ $ids = explode(",", clean($_REQUEST['id']));
+ $score = (int)clean($_REQUEST['score']);
$ids_qmarks = arr_qmarks($ids);
}
function getScore() {
- $id = $_REQUEST['id'];
+ $id = clean($_REQUEST['id']);
$sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
function setArticleTags() {
- $id = $_REQUEST["id"];
+ $id = clean($_REQUEST["id"]);
- $tags_str = $_REQUEST["tags_str"];
+ $tags_str = clean($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
$this->pdo->beginTransaction();
function completeTags() {
- $search = $_REQUEST["search"];
+ $search = clean($_REQUEST["search"]);
$sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = ? AND
private function labelops($assign) {
$reply = array();
- $ids = explode(",", $_REQUEST["ids"]);
- $label_id = $_REQUEST["lid"];
+ $ids = explode(",", clean($_REQUEST["ids"]));
+ $label_id = clean($_REQUEST["lid"]);
$label = db_escape_string(Labels::find_caption($label_id,
$_SESSION["uid"]));
unset($line["tag_cache"]);
$line["content"] = sanitize($line["content"],
- sql_bool_to_bool($line['hide_images']),
+ $line['hide_images'],
$owner_uid, $line["site_url"], false, $line["id"]);
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE) as $p) {
$rv['content'] .= "<html><head>
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/>
<title>".$line["title"]."</title>".
- stylesheet_tag("css/default.css")."
-
+ stylesheet_tag("css/default.css")."
<link rel=\"shortcut icon\" type=\"image/png\" href=\"images/favicon.png\">
<link rel=\"icon\" type=\"image/png\" sizes=\"72x72\" href=\"images/favicon-72px.png\">
- </head><body id=\"ttrssZoom\">";
+ </head><body class=\"claro ttrss_utility ttrss_zoom\">";
}
$rv['content'] .= "<div class=\"postReply\" id=\"POST-$id\">";
if (!$zoom_mode) {
$rv['content'] .= Article::format_article_enclosures($id,
- sql_bool_to_bool($line["always_display_enclosures"]),
+ $line["always_display_enclosures"],
$line["content"],
- sql_bool_to_bool($line["hide_images"]));
+ $line["hide_images"]);
}
$rv['content'] .= "</div>";
// purge orphaned posts in main content table
+ if (DB_TYPE == "mysql")
+ $limit_qpart = "LIMIT 5000";
+ else
+ $limit_qpart = "";
+
$pdo = Db::pdo();
$res = $pdo->query("DELETE FROM ttrss_entries WHERE
- NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id)");
+ NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id) $limit_qpart");
if ($do_output) {
$rows = $res->rowCount();
$label_cache = $row["label_cache"];
if ($label_cache) {
- $label_cache = json_decode($label_cache, true);
+ $tmp = json_decode($label_cache, true);
- if ($label_cache["no-labels"] == 1)
+ if (!$tmp || $tmp["no-labels"] == 1)
return $rv;
else
- return $label_cache;
+ return $tmp;
}
}