}
function savefilterorder() {
- $data = json_decode($_POST['payload'], true);
+ $data = json_decode(clean($_POST['payload']), true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
}
function testFilterDo() {
- $offset = (int) $_REQUEST["offset"];
- $limit = (int) $_REQUEST["limit"];
+ $offset = (int) clean($_REQUEST["offset"]);
+ $limit = (int) clean($_REQUEST["limit"]);
$filter = array();
$filter["enabled"] = true;
- $filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool($_REQUEST["match_any_rule"]));
- $filter["inverse"] = sql_bool_to_bool(
- checkbox_to_sql_bool($_REQUEST["inverse"]));
+ $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$filter["rules"] = array();
$filter["actions"] = array("dummy-action");
$scope_qparts = array();
$rctr = 0;
- foreach ($_REQUEST["rule"] AS $r) {
+ foreach (clean($_REQUEST["rule"]) AS $r) {
$rule = json_decode($r, true);
if ($rule && $rctr < 5) {
} else {
- $where = sql_bool_to_bool($line["cat_filter"]) ?
+ $where = $line["cat_filter"] ?
Feeds::getCategoryTitle($line["cat_id"]) :
($line["feed_id"] ?
Feeds::getFeedTitle($line["feed_id"]) : __("All feeds"));
# $where = $line["cat_id"] . "/" . $line["feed_id"];
- $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : "";
+ $inverse = $line["inverse"] ? "inverse" : "";
$rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
htmlspecialchars($line["reg_exp"]),
$line["field"],
$where,
- sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>";
+ $line["inverse"] ? __("(inverse)") : "") . "</span>";
}
return $rv;
$filter['name'] = $name[0];
$filter['param'] = $name[1];
$filter['checkbox'] = false;
- $filter['enabled'] = sql_bool_to_bool($line["enabled"]);
+ $filter['enabled'] = $line["enabled"];
$filter['rules'] = $this->getfilterrules_concise($line['id']);
if (!$filter_search || $match_ok) {
function edit() {
- $filter_id = $_REQUEST["id"];
+ $filter_id = clean($_REQUEST["id"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
WHERE id = ? AND owner_uid = ?");
if ($row = $sth->fetch()) {
- $enabled = sql_bool_to_bool($row["enabled"]);
- $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
- $inverse = sql_bool_to_bool($row["inverse"]);
+ $enabled = $row["enabled"];
+ $match_any_rule = $row["match_any_rule"];
+ $inverse = $row["inverse"];
$title = htmlspecialchars($row["title"]);
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
if ($line["match_on"]) {
$line["feed_id"] = json_decode($line["match_on"], true);
} else {
- if (sql_bool_to_bool($line["cat_filter"])) {
+ if ($line["cat_filter"]) {
$feed_id = "CAT:" . (int)$line["cat_id"];
} else {
$feed_id = (int)$line["feed_id"];
unset($line["cat_id"]);
unset($line["filter_id"]);
unset($line["id"]);
- if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
+ if (!$line["inverse"]) unset($line["inverse"]);
unset($line["match_on"]);
$data = htmlspecialchars(json_encode($line));
}
private function getRuleName($rule) {
- if (!$rule) $rule = json_decode($_REQUEST["rule"], true);
+ if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true);
$feeds = $rule["feed_id"];
$feeds_fmt = [];
}
function printRuleName() {
- print $this->getRuleName(json_decode($_REQUEST["rule"], true));
+ print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true));
}
private function getActionName($action) {
}
function printActionName() {
- print $this->getActionName(json_decode($_REQUEST["action"], true));
+ print $this->getActionName(json_decode(clean($_REQUEST["action"]), true));
}
function editSave() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $filter_id = $_REQUEST["id"];
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
- $title = $_REQUEST["title"];
+ $filter_id = clean($_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
+ $title = clean($_REQUEST["title"]);
$this->pdo->beginTransaction();
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
$ids_qmarks = arr_qmarks($ids);
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
$sth->execute([$filter_id]);
- if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = [];
- if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = [];
+ if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
+ if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
if ($filter_id) {
/* create rules */
$rules = array();
$actions = array();
- foreach ($_REQUEST["rule"] as $rule) {
+ foreach (clean($_REQUEST["rule"]) as $rule) {
$rule = json_decode($rule, true);
unset($rule["id"]);
}
}
- foreach ($_REQUEST["action"] as $action) {
+ foreach (clean($_REQUEST["action"]) as $action) {
$action = json_decode($action, true);
unset($action["id"]);
if ($rule) {
$reg_exp = trim($rule["reg_exp"]);
- $inverse = isset($rule["inverse"]) ? "true" : "false";
+ $inverse = isset($rule["inverse"]) ? 1 : 0;
$filter_type = (int)trim($rule["filter_type"]);
$match_on = json_encode($rule["feed_id"]);
}
function add() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $title = $_REQUEST["title"];
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $title = clean($_REQUEST["title"]);
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$this->pdo->beginTransaction();
function index() {
- $sort = $_REQUEST["sort"];
-
- if (!$sort || $sort == "undefined") {
- $sort = "reg_exp";
- }
-
- $filter_search = $_REQUEST["search"];
+ $filter_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = $_REQUEST["search"];
-
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
} else {
print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
__('Remove')."</button> ";
- if (defined('_ENABLE_FEED_DEBUGGING')) {
- print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
- __('Rescore articles')."</button> ";
- }
-
print "</div>"; # toolbar
print "</div>"; # toolbar-frame
print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
}
function newrule() {
- $rule = json_decode($_REQUEST["rule"], true);
+ $rule = json_decode(clean($_REQUEST["rule"]), true);
if ($rule) {
$reg_exp = htmlspecialchars($rule["reg_exp"]);
}
function newaction() {
- $action = json_decode($_REQUEST["action"], true);
+ $action = json_decode(clean($_REQUEST["action"]), true);
if ($action) {
$action_param = $action["action_param"];
$title = $row["title"];
$num_rules = $row["num_rules"];
$num_actions = $row["num_actions"];
- $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
+ $match_any_rule = $row["match_any_rule"];
if (!$title) $title = __("[No caption]");
}
function join() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);