$search_q = "";
}
- $reply .= "<span class=\"holder\">";
+ $reply = "<span class=\"holder\">";
$rss_link = htmlspecialchars(get_self_url_prefix() .
"/public.php?op=rss&id=$feed_id$cat_q$search_q");
if ($row = $sth->fetch()) {
$last_updated = strtotime($row["last_updated"]);
- $cache_images = sql_bool_to_bool($row["cache_images"]);
+ $cache_images = $row["cache_images"];
if (!$cache_images && time() - $last_updated > 120) {
RSSUtils::update_rss_feed($feed, true);
}
}
- @$search = db_escape_string($_REQUEST["query"]);
- @$search_language = db_escape_string($_REQUEST["search_language"]); // PGSQL only
+ @$search = $_REQUEST["query"];
+ @$search_language = $_REQUEST["search_language"]; // PGSQL only
if ($search) {
$disable_cache = true;
$class = "";
- if (sql_bool_to_bool($line["unread"])) {
+ if ($line["unread"]) {
$class .= " Unread";
++$num_unread;
}
- if (sql_bool_to_bool($line["marked"])) {
+ if ($line["marked"]) {
$marked_pic = "<img
src=\"images/mark_set.png\"
class=\"markedPic\" alt=\"Unstar article\"
onclick='toggleMark($id)'>";
}
- if (sql_bool_to_bool($line["published"])) {
+ if ($line["published"]) {
$published_pic = "<img src=\"images/pub_set.png\"
class=\"pubPic\"
alt=\"Unpublish article\" onclick='togglePub($id)'>";
$tags = false;
$line["content"] = sanitize($line["content"],
- sql_bool_to_bool($line['hide_images']), false, $entry_site_url, $highlight_words, $line["id"]);
+ $line['hide_images'], false, $entry_site_url, $highlight_words, $line["id"]);
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_CDM) as $p) {
$line = $p->hook_render_article_cdm($line);
$tmp_content .= "<div class=\"cdmIntermediate\">";
- $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]);
+ $always_display_enclosures = $line["always_display_enclosures"];
$tmp_content .= Article::format_article_enclosures($id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"]));
$tmp_content .= "</div>"; // cdmIntermediate
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
- $feed = db_escape_string($_REQUEST["feed"]);
- $method = db_escape_string($_REQUEST["m"]);
- $view_mode = db_escape_string($_REQUEST["view_mode"]);
+ $feed = $_REQUEST["feed"];
+ $method = $_REQUEST["m"];
+ $view_mode = $_REQUEST["view_mode"];
$limit = 30;
@$cat_view = $_REQUEST["cat"] == "true";
- @$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
- @$offset = db_escape_string($_REQUEST["skip"]);
- @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
- $order_by = db_escape_string($_REQUEST["order_by"]);
- $check_first_id = db_escape_string($_REQUEST["fid"]);
+ @$next_unread_feed = $_REQUEST["nuf"];
+ @$offset = $_REQUEST["skip"];
+ @$vgroup_last_feed = $_REQUEST["vgrlf"];
+ $order_by = $_REQUEST["order_by"];
+ $check_first_id = $_REQUEST["fid"];
if (is_numeric($feed)) $feed = (int) $feed;
function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $browser_search = db_escape_string($_REQUEST["search"]);
+ $browser_search = $_REQUEST["search"];
print_hidden("op", "rpc");
print_hidden("method", "updateFeedBrowser");
}
function search() {
- $this->params = explode(":", db_escape_string($_REQUEST["param"]), 2);
+ $this->params = explode(":", $_REQUEST["param"], 2);
$active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false";
$sth = $pdo->prepare("SELECT id FROM ttrss_feeds
WHERE (cat_id = :cat OR (:cat IS NULL AND cat_id IS NULL))
- AND owner_uid = ?");
+ AND owner_uid = :uid");
$sth->execute([":cat" => $cat, ":uid" => $owner_uid]);
}
if ($since_id) {
- $since_id_part = "ttrss_entries.id > $since_id AND ";
+ $since_id_part = "ttrss_entries.id > ".$pdo->quote($since_id)." AND ";
} else {
$since_id_part = "";
}
}
if ($limit > 0) {
- $limit_query_part = "LIMIT " . $limit;
+ $limit_query_part = "LIMIT " . (int)$limit;
}
$allow_archived = false;
implode(",", $subcats).")";
} else {
- $query_strategy_part = "cat_id = '$feed'";
+ $query_strategy_part = "cat_id = " . $pdo->quote($feed);
}
} else {
$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
} else {
- $query_strategy_part = "feed_id = '$feed'";
+ $query_strategy_part = "feed_id = " . $pdo->quote($feed);
}
} else if ($feed == 0 && !$cat_view) { // archive virtual feed
$query_strategy_part = "feed_id IS NULL";
} else if ($feed == -3) { // fresh virtual feed
$query_strategy_part = "unread = true AND score >= 0";
- $intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
+ $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
if (DB_TYPE == "pgsql") {
$query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
} else if ($feed <= LABEL_BASE_INDEX) { // labels
$label_id = Labels::feed_to_label_id($feed);
- $query_strategy_part = "label_id = '$label_id' AND
+ $query_strategy_part = "label_id = ".$pdo->quote($label_id)." AND
ttrss_labels2.id = ttrss_user_labels2.label_id AND
ttrss_user_labels2.article_id = ref_id";
$content_query_part = "content, ";
if ($limit_query_part) {
- $offset_query_part = "OFFSET $offset";
+ $offset_query_part = "OFFSET " . (int)$offset;
} else {
$offset_query_part = "";
}
// proper override_order applied above
if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) {
if (!$override_order) {
- $order_by = "ttrss_feeds.title, $order_by";
+ $order_by = "ttrss_feeds.title, ".$pdo->quote($order_by);
} else {
- $order_by = "ttrss_feeds.title, $override_order";
+ $order_by = "ttrss_feeds.title, ".$pdo->quote($override_order);
}
}
$from_qpart
WHERE
$feed_check_qpart
- ttrss_user_entries.owner_uid = '$owner_uid' AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$since_id_part
$from_qpart
WHERE
$feed_check_qpart
- ttrss_user_entries.owner_uid = '$owner_uid' AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$view_query_part
FROM ttrss_entries, ttrss_user_entries, ttrss_tags
WHERE
ref_id = ttrss_entries.id AND
- ttrss_user_entries.owner_uid = $owner_uid AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
post_int_id = int_id AND
- tag_name = '$feed' AND
+ tag_name = ".$pdo->quote($feed)." AND
$view_query_part
$search_query_part
$query_strategy_part ORDER BY $order_by