}
function savefilterorder() {
- $data = json_decode($_POST['payload'], true);
+ $data = json_decode(clean($_POST['payload']), true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
}
function testFilterDo() {
- $offset = (int) $_REQUEST["offset"];
- $limit = (int) $_REQUEST["limit"];
+ $offset = (int) clean($_REQUEST["offset"]);
+ $limit = (int) clean($_REQUEST["limit"]);
$filter = array();
$filter["enabled"] = true;
- $filter["match_any_rule"] = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $filter["inverse"] = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$filter["rules"] = array();
$filter["actions"] = array("dummy-action");
$scope_qparts = array();
$rctr = 0;
- foreach ($_REQUEST["rule"] AS $r) {
+ foreach (clean($_REQUEST["rule"]) AS $r) {
$rule = json_decode($r, true);
if ($rule && $rctr < 5) {
function edit() {
- $filter_id = $_REQUEST["id"];
+ $filter_id = clean($_REQUEST["id"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
WHERE id = ? AND owner_uid = ?");
}
private function getRuleName($rule) {
- if (!$rule) $rule = json_decode($_REQUEST["rule"], true);
+ if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true);
$feeds = $rule["feed_id"];
$feeds_fmt = [];
}
function printRuleName() {
- print $this->getRuleName(json_decode($_REQUEST["rule"], true));
+ print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true));
}
private function getActionName($action) {
}
function printActionName() {
- print $this->getActionName(json_decode($_REQUEST["action"], true));
+ print $this->getActionName(json_decode(clean($_REQUEST["action"]), true));
}
function editSave() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $filter_id = $_REQUEST["id"];
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
- $title = $_REQUEST["title"];
+ $filter_id = clean($_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
+ $title = clean($_REQUEST["title"]);
$this->pdo->beginTransaction();
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
$ids_qmarks = arr_qmarks($ids);
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
$sth->execute([$filter_id]);
- if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = [];
- if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = [];
+ if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
+ if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
if ($filter_id) {
/* create rules */
$rules = array();
$actions = array();
- foreach ($_REQUEST["rule"] as $rule) {
+ foreach (clean($_REQUEST["rule"]) as $rule) {
$rule = json_decode($rule, true);
unset($rule["id"]);
}
}
- foreach ($_REQUEST["action"] as $action) {
+ foreach (clean($_REQUEST["action"]) as $action) {
$action = json_decode($action, true);
unset($action["id"]);
}
function add() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $title = $_REQUEST["title"];
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $title = clean($_REQUEST["title"]);
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$this->pdo->beginTransaction();
function index() {
- $filter_search = $_REQUEST["search"];
+ $filter_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
}
function newrule() {
- $rule = json_decode($_REQUEST["rule"], true);
+ $rule = json_decode(clean($_REQUEST["rule"]), true);
if ($rule) {
$reg_exp = htmlspecialchars($rule["reg_exp"]);
}
function newaction() {
- $action = json_decode($_REQUEST["action"], true);
+ $action = json_decode(clean($_REQUEST["action"]), true);
if ($action) {
$action_param = $action["action_param"];
}
function join() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
git.wh0rd.org / tt-rss.git / blobdiff