}
function renamecat() {
- $title = $_REQUEST['title'];
- $id = $_REQUEST['id'];
+ $title = clean($_REQUEST['title']);
+ $id = clean($_REQUEST['id']);
if ($title) {
$sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
private function get_category_items($cat_id) {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
// first one is set by API
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$items = array();
function makefeedtree() {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
$enable_cats = get_pref('ENABLE_FEED_CATS');
- if ($_REQUEST['mode'] == 2) {
+ if (clean($_REQUEST['mode']) == 2) {
if ($enable_cats) {
$cat = $this->feedlist_init_cat(-1);
}
if ($enable_cats) {
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
$fl['identifier'] = 'id';
$fl['label'] = 'name';
- if ($_REQUEST['mode'] != 2) {
+ if (clean($_REQUEST['mode']) != 2) {
$fl['items'] = array($root);
} else {
$fl['items'] = $root['items'];
}
function savefeedorder() {
- $data = json_decode($_POST['payload'], true);
+ $data = json_decode(clean($_POST['payload']), true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
}
function removeicon() {
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
WHERE id = ? AND owner_uid = ?");
}
$icon_file = $tmp_file;
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 65535) {
global $update_intervals;
- $feed_id = $_REQUEST["id"];
+ $feed_id = clean($_REQUEST["id"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
owner_uid = ?");
print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
<div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
- $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]);
+ $auth_pass_encrypted = $row["auth_pass_encrypted"];
$title = htmlspecialchars($row["title"]);
//print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecSimple\">";
- $private = sql_bool_to_bool($row["private"]);
+ $private = $row["private"];
if ($private) {
$checked = "checked=\"1\"";
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
$checked> <label for=\"private\">".__('Hide from Popular feeds')."</label>";
- $include_in_digest = sql_bool_to_bool($row["include_in_digest"]);
+ $include_in_digest = $row["include_in_digest"];
if ($include_in_digest) {
$checked = "checked=\"1\"";
$checked> <label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>";
- $always_display_enclosures = sql_bool_to_bool($row["always_display_enclosures"]);
+ $always_display_enclosures = $row["always_display_enclosures"];
if ($always_display_enclosures) {
$checked = "checked";
name=\"always_display_enclosures\"
$checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
- $hide_images = sql_bool_to_bool($row["hide_images"]);
+ $hide_images = $row["hide_images"];
if ($hide_images) {
$checked = "checked=\"1\"";
$checked> <label for=\"hide_images\">".
__('Do not embed images')."</label>";
- $cache_images = sql_bool_to_bool($row["cache_images"]);
+ $cache_images = $row["cache_images"];
if ($cache_images) {
$checked = "checked=\"1\"";
$checked> <label for=\"cache_images\">".
__('Cache media')."</label>";
- $mark_unread_on_update = sql_bool_to_bool($row["mark_unread_on_update"]);
+ $mark_unread_on_update = $row["mark_unread_on_update"];
if ($mark_unread_on_update) {
$checked = "checked";
print "<div class=\"dlgSecSimple\">";
+ print "<img class=\"feedIcon\" src=\"".Feeds::getFeedIcon($feed_id)."\">";
+
print "<iframe name=\"icon_upload_iframe\"
- style=\"width: 400px; height: 100px; display: none;\"></iframe>";
+ style=\"width: 400px; height: 100px; display: none;\"></iframe>";
print "<form style='display : block' target=\"icon_upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
- <input id=\"icon_file\" size=\"10\" name=\"icon_file\" type=\"file\">
+ <label class=\"dijitButton\">".__("Choose file...")."
+ <input style=\"display: none\" id=\"icon_file\" size=\"10\" name=\"icon_file\" type=\"file\">
+ </label>
<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">
<input type=\"hidden\" name=\"feed_id\" value=\"$feed_id\">
- <input type=\"hidden\" name=\"method\" value=\"uploadicon\"><p>
+ <input type=\"hidden\" name=\"method\" value=\"uploadicon\">
<button class=\"\" dojoType=\"dijit.form.Button\" onclick=\"return uploadFeedIcon();\"
type=\"submit\">".__('Replace')."</button>
- <button class=\"\" dojoType=\"dijit.form.Button\" onclick=\"return removeFeedIcon($feed_id);\"
+ <button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"return removeFeedIcon($feed_id);\"
type=\"submit\">".__('Remove')."</button>
</form>";
global $purge_intervals;
global $update_intervals;
- $feed_ids = $_REQUEST["ids"];
+ $feed_ids = clean($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
function editsaveops($batch) {
- $feed_title = trim($_POST["title"]);
- $feed_url = trim($_POST["feed_url"]);
- $upd_intl = (int) $_POST["update_interval"];
- $purge_intl = (int) $_POST["purge_interval"];
- $feed_id = (int) $_POST["id"]; /* editSave */
- $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */
- $cat_id = (int) $_POST["cat_id"];
- $auth_login = trim($_POST["auth_login"]);
- $auth_pass = trim($_POST["auth_pass"]);
- $private = checkbox_to_sql_bool($_POST["private"]);
+ $feed_title = trim(clean($_POST["title"]));
+ $feed_url = trim(clean($_POST["feed_url"]));
+ $upd_intl = (int) clean($_POST["update_interval"]);
+ $purge_intl = (int) clean($_POST["purge_interval"]);
+ $feed_id = (int) clean($_POST["id"]); /* editSave */
+ $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */
+ $cat_id = (int) clean($_POST["cat_id"]);
+ $auth_login = trim(clean($_POST["auth_login"]));
+ $auth_pass = trim(clean($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(clean($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- $_POST["include_in_digest"]);
+ clean($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- $_POST["cache_images"]);
+ clean($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
- $_POST["hide_images"]);
+ clean($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- $_POST["always_display_enclosures"]);
+ clean($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- $_POST["mark_unread_on_update"]);
+ clean($_POST["mark_unread_on_update"]));
- $feed_language = trim($_POST["feed_language"]);
+ $feed_language = trim(clean($_POST["feed_language"]));
if (!$batch) {
- if ($_POST["need_auth"] !== 'on') {
+ if (clean($_POST["need_auth"]) !== 'on') {
$auth_login = '';
$auth_pass = '';
}
foreach (array_keys($_POST) as $k) {
if ($k != "op" && $k != "method" && $k != "ids") {
- $feed_data[$k] = $_POST[$k];
+ $feed_data[$k] = clean($_POST[$k]);
}
}
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
}
function removeCat() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = trim($_REQUEST["cat"]);
+ $feed_cat = trim(clean($_REQUEST["cat"]));
add_feed_category($feed_cat);
}
onclick=\"showInactiveFeeds()\">" .
__("Inactive feeds") . "</button>";
- $feed_search = $_REQUEST["search"];
+ $feed_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
print $error_button;
print $inactive_button;
- if (defined('_ENABLE_FEED_DEBUGGING')) {
-
- print "<select id=\"feedActionChooser\" onchange=\"feedActionChange()\">
- <option value=\"facDefault\" selected>".__('More actions...')."</option>";
-
- if (FORCE_ARTICLE_PURGE == 0) {
- print
- "<option value=\"facPurge\">".__('Manual purge')."</option>";
- }
-
- print "
- <option value=\"facClear\">".__('Clear feed data')."</option>
- <option value=\"facRescore\">".__('Rescore articles')."</option>";
-
- print "</select>";
-
- }
-
print "</div>"; # toolbar
//print '</div>';
print "<form name=\"opml_form\" style='display : block' target=\"upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
- <input id=\"opml_file\" name=\"opml_file\" type=\"file\">
+ <label class=\"dijitButton\">".__("Choose file...")."
+ <input style=\"display : none\" id=\"opml_file\" name=\"opml_file\" type=\"file\">
+ </label>
<input type=\"hidden\" name=\"op\" value=\"dlg\">
<input type=\"hidden\" name=\"method\" value=\"importOpml\">
<button dojoType=\"dijit.form.Button\" onclick=\"return opmlImport();\" type=\"submit\">" .
$opml_export_filename = "TinyTinyRSS_".date("Y-m-d").".opml";
print "<p>" . __('Filename:') .
- " <input type=\"text\" id=\"filename\" value=\"$opml_export_filename\" /> " .
+ " <input class=\"input input-text\" type=\"text\" id=\"filename\" value=\"$opml_export_filename\" /> " .
__('Include settings') . "<input type=\"checkbox\" id=\"settings\" checked=\"1\"/>";
print "</p><button dojoType=\"dijit.form.Button\"
}
function batchAddFeeds() {
- $cat_id = $_REQUEST['cat'];
- $feeds = explode("\n", $_REQUEST['feeds']);
- $login = $_REQUEST['login'];
- $pass = trim($_REQUEST['pass']);
+ $cat_id = clean($_REQUEST['cat']);
+ $feeds = explode("\n", clean($_REQUEST['feeds']));
+ $login = clean($_REQUEST['login']);
+ $pass = trim(clean($_REQUEST['pass']));
foreach ($feeds as $feed) {
$feed = trim($feed);
}
function regenFeedKey() {
- $feed_id = $_REQUEST['id'];
- $is_cat = $_REQUEST['is_cat'] == "true";
+ $feed_id = clean($_REQUEST['id']);
+ $is_cat = clean($_REQUEST['is_cat']) == "true";
$new_key = $this->update_feed_access_key($feed_id, $is_cat);