use print_hidden() for hidden dojo form fields

[tt-rss.git] / classes / pref / filters.php

diff --git a/classes/pref/filters.php b/classes/pref/filters.php
index 6170f7a08366bb6410ebd5e65a192a54c115d5d8..5629f530cb44422088951be1029e834c28e2a602 100755 (executable)
--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -134,7 +134,7 @@ class Pref_Filters extends Handler_Protected {
 
                                if (count($rc) > 0) {
 
-                                       $line["content_preview"] = truncate_string(strip_tags($line["content"]), 100, '...');
+                                       $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '…');
 
                                        foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
                                                $line = $p->hook_query_headlines($line, 100);
@@ -142,12 +142,16 @@ class Pref_Filters extends Handler_Protected {
 
                                        $content_preview = $line["content_preview"];
 
-                                       if ($line["feed_title"]) $feed_title = "(" . $line["feed_title"] . ")";
+                                       $tmp = "<tr style='margin-top : 5px'>";
 
-                                       $tmp = "<tr><td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
-                                               checked=\"1\" disabled=\"1\" type=\"checkbox\"></td><td>";
+                                       #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
+                                       #       checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
 
-                                       foreach ($filter['rules'] as $rule) {
+                                       $id = $line['id'];
+                                       $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
+                                               src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
+
+                                       /*foreach ($filter['rules'] as $rule) {
                                                $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
 
                                                $line["title"] = preg_replace("/($reg_exp)/i",
@@ -155,12 +159,11 @@ class Pref_Filters extends Handler_Protected {
 
                                                $content_preview = preg_replace("/($reg_exp)/i",
                                                        "<span class=\"highlight\">$1</span>", $content_preview);
-                                       }
+                                       }*/
 
-                                       $tmp .= "<strong>" . $line["title"] . "</strong>";
-                                       $tmp .= "<div class='small' style='float : right'>" . $feed_title . "</div>";
-                                       $tmp .= "<div class=\"insensitive\">" . $content_preview . "</div>";
-                                       $tmp .= " " . mb_substr($line["date_entered"], 0, 16);
+                                       $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
+                                       $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
+                                       $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
                                        $tmp .= "</td></tr>";
 
                                        array_push($rv, $tmp);
@@ -213,7 +216,8 @@ class Pref_Filters extends Handler_Protected {
                        FROM
                                ttrss_filters2_rules, ttrss_filter_types
                        WHERE
-                               filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id");
+                               filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id
+                       ORDER BY reg_exp");
 
                $rv = "";
 
@@ -229,7 +233,7 @@ class Pref_Filters extends Handler_Protected {
                        $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : "";
 
                        $rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
-                               strip_tags($line["reg_exp"]),
+                               htmlspecialchars($line["reg_exp"]),
                                $line["field"],
                                $where,
                                sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>";
@@ -336,10 +340,10 @@ class Pref_Filters extends Handler_Protected {
 
                print "<form id=\"filter_edit_form\" onsubmit='return false'>";
 
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
+               print_hidden("op", "pref-filters");
+               print_hidden("id", "$filter_id");
+               print_hidden("method", "editSave");
+               print_hidden("csrf_token", $_SESSION['csrf_token']);
 
                print "<div class=\"dlgSec\">".__("Caption")."</div>";
 
@@ -510,7 +514,7 @@ class Pref_Filters extends Handler_Protected {
                $inverse = isset($rule["inverse"]) ? "inverse" : "";
 
                return "<span class='filterRule $inverse'>" .
-                       T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]),
+                       T_sprintf("%s on %s in %s %s", htmlspecialchars($rule["reg_exp"]),
                        $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "") . "</span>";
        }
 
@@ -615,7 +619,7 @@ class Pref_Filters extends Handler_Protected {
                        foreach ($rules as $rule) {
                                if ($rule) {
 
-                                       $reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"])));
+                                       $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false);
                                        $inverse = isset($rule["inverse"]) ? "true" : "false";
 
                                        $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));
@@ -812,9 +816,9 @@ class Pref_Filters extends Handler_Protected {
 
                print "<form name='filter_new_form' id='filter_new_form'>";
 
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"add\">";
-               print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
+               print_hidden("op", "pref-filters");
+               print_hidden("method", "add");
+               print_hidden("csrf_token", $_SESSION['csrf_token']);
 
                print "<div class=\"dlgSec\">".__("Caption")."</div>";
 
@@ -1092,7 +1096,7 @@ class Pref_Filters extends Handler_Protected {
 
                if (!$title) $title = __("[No caption]");
 
-               $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules);
+               $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
 
 
                $result = $this->dbh->query(
@@ -1110,7 +1114,7 @@ class Pref_Filters extends Handler_Protected {
                if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
 
                if ($num_actions > 0)
-                       $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", $num_actions), $actions, $num_actions);
+                       $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
 
                return array($title, $actions);
        }