function savefilterorder() {
$data = json_decode($_POST['payload'], true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
}
function testFilterDo() {
- $offset = (int) $_REQUEST["offset"];
- $limit = (int) $_REQUEST["limit"];
+ $offset = (int) clean($_REQUEST["offset"]);
+ $limit = (int) clean($_REQUEST["limit"]);
$filter = array();
$filter["enabled"] = true;
- $filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool($_REQUEST["match_any_rule"]));
- $filter["inverse"] = sql_bool_to_bool(
- checkbox_to_sql_bool($_REQUEST["inverse"]));
+ $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$filter["rules"] = array();
$filter["actions"] = array("dummy-action");
$scope_qparts = array();
$rctr = 0;
- foreach ($_REQUEST["rule"] AS $r) {
+ foreach (clean($_REQUEST["rule"]) AS $r) {
$rule = json_decode($r, true);
if ($rule && $rctr < 5) {
} else {
- $where = sql_bool_to_bool($line["cat_filter"]) ?
+ $where = $line["cat_filter"] ?
Feeds::getCategoryTitle($line["cat_id"]) :
($line["feed_id"] ?
Feeds::getFeedTitle($line["feed_id"]) : __("All feeds"));
# $where = $line["cat_id"] . "/" . $line["feed_id"];
- $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : "";
+ $inverse = $line["inverse"] ? "inverse" : "";
$rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
htmlspecialchars($line["reg_exp"]),
$line["field"],
$where,
- sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>";
+ $line["inverse"] ? __("(inverse)") : "") . "</span>";
}
return $rv;
$match_ok = false;
if ($filter_search) {
- $rules_sth = $this->pdo->prepare("SELECT reg_exp
+ $rules_sth = $this->pdo->prepare("SELECT reg_exp
FROM ttrss_filters2_rules WHERE filter_id = ?");
$rules_sth->execute([$line['id']]);
$filter['name'] = $name[0];
$filter['param'] = $name[1];
$filter['checkbox'] = false;
- $filter['enabled'] = sql_bool_to_bool($line["enabled"]);
+ $filter['enabled'] = $line["enabled"];
$filter['rules'] = $this->getfilterrules_concise($line['id']);
if (!$filter_search || $match_ok) {
function edit() {
- $filter_id = $_REQUEST["id"];
+ $filter_id = clean($_REQUEST["id"]);
- $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
WHERE id = ? AND owner_uid = ?");
$sth->execute([$filter_id, $_SESSION['uid']]);
if ($row = $sth->fetch()) {
- $enabled = sql_bool_to_bool($row["enabled"]);
- $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
- $inverse = sql_bool_to_bool($row["inverse"]);
+ $enabled = $row["enabled"];
+ $match_any_rule = $row["match_any_rule"];
+ $inverse = $row["inverse"];
$title = htmlspecialchars($row["title"]);
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
if ($line["match_on"]) {
$line["feed_id"] = json_decode($line["match_on"], true);
} else {
- if (sql_bool_to_bool($line["cat_filter"])) {
+ if ($line["cat_filter"]) {
$feed_id = "CAT:" . (int)$line["cat_id"];
} else {
$feed_id = (int)$line["feed_id"];
unset($line["cat_id"]);
unset($line["filter_id"]);
unset($line["id"]);
- if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
+ if (!$line["inverse"]) unset($line["inverse"]);
unset($line["match_on"]);
$data = htmlspecialchars(json_encode($line));
print "<div class=\"dlgButtons\">";
print "<div style=\"float : left\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
+ print "<button dojoType=\"dijit.form.Button\" class=\"btn-danger\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
__('Remove')."</button>";
print "</div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
__('Test')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
+ print "<button dojoType=\"dijit.form.Button\" type=\"submit\" class=\"btn-primary\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
__('Save')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
-
+ print "</form>";
+
}
}
private function getRuleName($rule) {
- if (!$rule) $rule = json_decode($_REQUEST["rule"], true);
+ if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true);
$feeds = $rule["feed_id"];
$feeds_fmt = [];
}
function printRuleName() {
- print $this->getRuleName(json_decode($_REQUEST["rule"], true));
+ print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true));
}
private function getActionName($action) {
}
function printActionName() {
- print $this->getActionName(json_decode($_REQUEST["action"], true));
+ print $this->getActionName(json_decode(clean($_REQUEST["action"]), true));
}
function editSave() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $filter_id = $_REQUEST["id"];
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
- $title = $_REQUEST["title"];
+ $filter_id = clean($_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
+ $title = clean($_REQUEST["title"]);
$this->pdo->beginTransaction();
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
$ids_qmarks = arr_qmarks($ids);
- $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
AND owner_uid = ?");
$sth->execute(array_merge($ids, [$_SESSION['uid']]));
}
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
$sth->execute([$filter_id]);
- if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = [];
- if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = [];
-
+ if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
+ if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
+
if ($filter_id) {
/* create rules */
$rules = array();
$actions = array();
- foreach ($_REQUEST["rule"] as $rule) {
+ foreach (clean($_REQUEST["rule"]) as $rule) {
$rule = json_decode($rule, true);
unset($rule["id"]);
}
}
- foreach ($_REQUEST["action"] as $action) {
+ foreach (clean($_REQUEST["action"]) as $action) {
$action = json_decode($action, true);
unset($action["id"]);
}
function add() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $title = $_REQUEST["title"];
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $title = clean($_REQUEST["title"]);
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$this->pdo->beginTransaction();
function index() {
- $sort = $_REQUEST["sort"];
-
- if (!$sort || $sort == "undefined") {
- $sort = "reg_exp";
- }
-
- $filter_search = $_REQUEST["search"];
+ $filter_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = $_REQUEST["search"];
-
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
} else {
}
function newrule() {
- $rule = json_decode($_REQUEST["rule"], true);
+ $rule = json_decode(clean($_REQUEST["rule"]), true);
if ($rule) {
$reg_exp = htmlspecialchars($rule["reg_exp"]);
$inverse_checked = "";
}
- print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
+ print "<form name='filter_new_rule_form' id='filter_new_rule_form' onsubmit='return false;'>";
$res = $this->pdo->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
style=\"font-size : 16px; width : 20em;\"
name=\"reg_exp\" value=\"$reg_exp\"/>";
+ print "<div dojoType=\"dijit.Tooltip\" connectId=\"filterDlg_regExp\" position=\"below\">
+ ".__("Regular expression, without outer delimiters (i.e. slashes)")."
+ </div>";
+
print "<hr/>";
print "<input id=\"filterDlg_inverse\" dojoType=\"dijit.form.CheckBox\"
name=\"inverse\" $inverse_checked/>";
</div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewRuleDlg').execute()\">".
+ print "<button dojoType=\"dijit.form.Button\" class=\"btn-primary \" type=\"submit\" onclick=\"return dijit.byId('filterNewRuleDlg').execute()\">".
($rule ? __("Save rule") : __('Add rule'))."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewRuleDlg').hide()\">".
}
function newaction() {
- $action = json_decode($_REQUEST["action"], true);
+ $action = json_decode(clean($_REQUEST["action"]), true);
if ($action) {
$action_param = $action["action_param"];
$action_id = 0;
}
- print "<form name='filter_new_action_form' id='filter_new_action_form'>";
+ print "<form name='filter_new_action_form' id='filter_new_action_form' onsubmit='return false;'>";
print "<div class=\"dlgSec\">".__("Perform Action")."</div>";
print "<div class=\"dlgButtons\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewActionDlg').execute()\">".
+ print "<button dojoType=\"dijit.form.Button\" class=\"btn-primary\" type=\"submit\" onclick=\"return dijit.byId('filterNewActionDlg').execute()\">".
($action ? __("Save action") : __('Add action'))."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewActionDlg').hide()\">".
$title = $row["title"];
$num_rules = $row["num_rules"];
$num_actions = $row["num_actions"];
- $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
+ $match_any_rule = $row["match_any_rule"];
if (!$title) $title = __("[No caption]");
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
- $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = ? ORDER BY id LIMIT 1");
$sth->execute([$id]);
}
function join() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
$this->pdo->commit();
}
-}
\ No newline at end of file
+}