}
function filtersortreset() {
- $this->dbh->query("UPDATE ttrss_filters2
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
return;
}
function savefilterorder() {
- $data = json_decode($_POST['payload'], true);
+ $data = json_decode(clean($_POST['payload']), true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
$index = 0;
if (is_array($data) && is_array($data['items'])) {
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET
+ order_id = ? WHERE id = ? AND
+ owner_uid = ?");
+
foreach ($data['items'][0]['items'] as $item) {
$filter_id = (int) str_replace("FILTER:", "", $item['_reference']);
if ($filter_id > 0) {
-
- $this->dbh->query("UPDATE ttrss_filters2 SET
- order_id = $index WHERE id = '$filter_id' AND
- owner_uid = " .$_SESSION["uid"]);
-
+ $sth->execute([$index, $filter_id, $_SESSION['uid']]);
++$index;
}
}
}
function testFilterDo() {
- $offset = (int) db_escape_string($_REQUEST["offset"]);
- $limit = (int) db_escape_string($_REQUEST["limit"]);
+ $offset = (int) clean($_REQUEST["offset"]);
+ $limit = (int) clean($_REQUEST["limit"]);
$filter = array();
$filter["enabled"] = true;
- $filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])));
- $filter["inverse"] = sql_bool_to_bool(
- checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])));
+ $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
$filter["rules"] = array();
$filter["actions"] = array("dummy-action");
- $result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types");
+ $res = $this->pdo->query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$filter_types[$line["id"]] = $line["name"];
}
$scope_qparts = array();
$rctr = 0;
- foreach ($_REQUEST["rule"] AS $r) {
+ foreach (clean($_REQUEST["rule"]) AS $r) {
$rule = json_decode($r, true);
if ($rule && $rctr < 5) {
if (strpos($feed_id, "CAT:") === 0) {
$cat_id = (int) substr($feed_id, 4);
- array_push($scope_inner_qparts, "cat_id = " . $cat_id);
+ array_push($scope_inner_qparts, "cat_id = " . $this->pdo->quote($cat_id));
} else if ($feed_id > 0) {
- array_push($scope_inner_qparts, "feed_id = " . $feed_id);
+ array_push($scope_inner_qparts, "feed_id = " . $this->pdo->quote($feed_id));
}
}
//while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) {
- $result = db_query("SELECT ttrss_entries.id,
- ttrss_entries.title,
- ttrss_feeds.id AS feed_id,
- ttrss_feeds.title AS feed_title,
- ttrss_feed_categories.id AS cat_id,
- content,
- date_entered,
- link,
- author,
- tag_cache
- FROM
- ttrss_entries, ttrss_user_entries
- LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)
- LEFT JOIN ttrss_feed_categories ON (ttrss_feeds.cat_id = ttrss_feed_categories.id)
- WHERE
- ref_id = ttrss_entries.id AND
- ($scope_qpart) AND
- ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
- ORDER BY date_entered DESC LIMIT $limit OFFSET $offset");
-
- while ($line = db_fetch_assoc($result)) {
-
- $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
- $line['author'], explode(",", $line['tag_cache']));
-
- if (count($rc) > 0) {
-
- $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '…');
-
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
- $line = $p->hook_query_headlines($line, 100);
- }
+ $sth = $this->pdo->prepare("SELECT ttrss_entries.id,
+ ttrss_entries.title,
+ ttrss_feeds.id AS feed_id,
+ ttrss_feeds.title AS feed_title,
+ ttrss_feed_categories.id AS cat_id,
+ content,
+ date_entered,
+ link,
+ author,
+ tag_cache
+ FROM
+ ttrss_entries, ttrss_user_entries
+ LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)
+ LEFT JOIN ttrss_feed_categories ON (ttrss_feeds.cat_id = ttrss_feed_categories.id)
+ WHERE
+ ref_id = ttrss_entries.id AND
+ ($scope_qpart) AND
+ ttrss_user_entries.owner_uid = ?
+ ORDER BY date_entered DESC LIMIT $limit OFFSET $offset");
- $content_preview = $line["content_preview"];
+ $sth->execute([$_SESSION['uid']]);
- $tmp = "<tr style='margin-top : 5px'>";
+ while ($line = $sth->fetch()) {
- #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
- # checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
+ $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
+ $line['author'], explode(",", $line['tag_cache']));
- $id = $line['id'];
- $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
- src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
+ if (count($rc) > 0) {
- /*foreach ($filter['rules'] as $rule) {
- $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
+ $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '…');
- $line["title"] = preg_replace("/($reg_exp)/i",
- "<span class=\"highlight\">$1</span>", $line["title"]);
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
+ $line = $p->hook_query_headlines($line, 100);
+ }
- $content_preview = preg_replace("/($reg_exp)/i",
- "<span class=\"highlight\">$1</span>", $content_preview);
- }*/
+ $content_preview = $line["content_preview"];
- $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
- $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
- $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
- $tmp .= "</td></tr>";
+ $tmp = "<tr style='margin-top : 5px'>";
- array_push($rv, $tmp);
+ #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
+ # checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
- /*array_push($rv, array("title" => $line["title"],
- "content" => $content_preview,
- "date" => $line["date_entered"],
- "feed" => $line["feed_title"])); */
+ $id = $line['id'];
+ $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
+ src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
+
+ /*foreach ($filter['rules'] as $rule) {
+ $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
+
+ $line["title"] = preg_replace("/($reg_exp)/i",
+ "<span class=\"highlight\">$1</span>", $line["title"]);
+
+ $content_preview = preg_replace("/($reg_exp)/i",
+ "<span class=\"highlight\">$1</span>", $content_preview);
+ }*/
+
+ $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
+ $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
+ $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
+ $tmp .= "</td></tr>";
+
+ array_push($rv, $tmp);
+
+ /*array_push($rv, array("title" => $line["title"],
+ "content" => $content_preview,
+ "date" => $line["date_entered"],
+ "feed" => $line["feed_title"])); */
- }
}
+ }
//$offset += $limit;
//}
}
private function getfilterrules_concise($filter_id) {
- $result = $this->dbh->query("SELECT reg_exp,
+ $sth = $this->pdo->prepare("SELECT reg_exp,
inverse,
match_on,
feed_id,
FROM
ttrss_filters2_rules, ttrss_filter_types
WHERE
- filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id
+ filter_id = ? AND filter_type = ttrss_filter_types.id
ORDER BY reg_exp");
+ $sth->execute([$filter_id]);
$rv = "";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if ($line["match_on"]) {
$feeds = json_decode($line["match_on"], true);
} else {
- $where = sql_bool_to_bool($line["cat_filter"]) ?
+ $where = $line["cat_filter"] ?
Feeds::getCategoryTitle($line["cat_id"]) :
($line["feed_id"] ?
Feeds::getFeedTitle($line["feed_id"]) : __("All feeds"));
# $where = $line["cat_id"] . "/" . $line["feed_id"];
- $inverse = sql_bool_to_bool($line["inverse"]) ? "inverse" : "";
+ $inverse = $line["inverse"] ? "inverse" : "";
$rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
htmlspecialchars($line["reg_exp"]),
$line["field"],
$where,
- sql_bool_to_bool($line["inverse"]) ? __("(inverse)") : "") . "</span>";
+ $line["inverse"] ? __("(inverse)") : "") . "</span>";
}
return $rv;
$filter_search = $_SESSION["prefs_filter_search"];
- $result = $this->dbh->query("SELECT *,
+ $sth = $this->pdo->prepare("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions
(SELECT reg_exp FROM ttrss_filters2_rules
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp
FROM ttrss_filters2 WHERE
- owner_uid = ".$_SESSION["uid"]." ORDER BY order_id, title");
-
+ owner_uid = ? ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid']]);
$folder = array();
$folder['items'] = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$name = $this->getFilterName($line["id"]);
$match_ok = false;
if ($filter_search) {
- $rules_result = $this->dbh->query(
- "SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]);
+ $rules_sth = $this->pdo->prepare("SELECT reg_exp
+ FROM ttrss_filters2_rules WHERE filter_id = ?");
+ $rules_sth->execute([$line['id']]);
- while ($rule_line = $this->dbh->fetch_assoc($rules_result)) {
+ while ($rule_line = $rules_sth->fetch()) {
if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
$match_ok = true;
break;
}
if ($line['action_id'] == 7) {
- $label_result = $this->dbh->query("SELECT fg_color, bg_color
- FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND
- owner_uid = " . $_SESSION["uid"]);
+ $label_sth = $this->pdo->prepare("SELECT fg_color, bg_color
+ FROM ttrss_labels2 WHERE caption = ? AND
+ owner_uid = ?");
+ $label_sth->execute([$line['action_param'], $_SESSION['uid']]);
- if ($this->dbh->num_rows($label_result) > 0) {
- $fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color");
- $bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color");
+ if ($label_row = $label_sth->fetch()) {
+ $fg_color = $label_row["fg_color"];
+ $bg_color = $label_row["bg_color"];
$name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>α</span>" . $name[1];
}
$filter['name'] = $name[0];
$filter['param'] = $name[1];
$filter['checkbox'] = false;
- $filter['enabled'] = sql_bool_to_bool($line["enabled"]);
+ $filter['enabled'] = $line["enabled"];
$filter['rules'] = $this->getfilterrules_concise($line['id']);
if (!$filter_search || $match_ok) {
}
}
- /* if (count($folder['items']) > 0) {
- array_push($root['items'], $folder);
- } */
-
$root['items'] = $folder['items'];
$fl = array();
function edit() {
- $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
+ $filter_id = clean($_REQUEST["id"]);
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$filter_id, $_SESSION['uid']]);
- $enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled"));
- $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
- $inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse"));
- $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
+ if ($row = $sth->fetch()) {
- print "<form id=\"filter_edit_form\" onsubmit='return false'>";
+ $enabled = $row["enabled"];
+ $match_any_rule = $row["match_any_rule"];
+ $inverse = $row["inverse"];
+ $title = htmlspecialchars($row["title"]);
- print_hidden("op", "pref-filters");
- print_hidden("id", "$filter_id");
- print_hidden("method", "editSave");
- print_hidden("csrf_token", $_SESSION['csrf_token']);
+ print "<form id=\"filter_edit_form\" onsubmit='return false'>";
- print "<div class=\"dlgSec\">".__("Caption")."</div>";
+ print_hidden("op", "pref-filters");
+ print_hidden("id", "$filter_id");
+ print_hidden("method", "editSave");
+ print_hidden("csrf_token", $_SESSION['csrf_token']);
- print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
+ print "<div class=\"dlgSec\">".__("Caption")."</div>";
- print "</div>";
+ print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
- print "<div class=\"dlgSec\">".__("Match")."</div>";
+ print "</div>";
- print "<div dojoType=\"dijit.Toolbar\">";
+ print "<div class=\"dlgSec\">".__("Match")."</div>";
- print "<div dojoType=\"dijit.form.DropDownButton\">".
+ print "<div dojoType=\"dijit.Toolbar\">";
+
+ print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
- print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
+
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
- print "</div></div>";
+ print "</div></div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
- __('Add')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
+ __('Add')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
- __('Delete')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
+ __('Delete')."</button> ";
- print "</div>";
+ print "</div>";
- print "<ul id='filterDlg_Matches'>";
+
print "<ul id='filterDlg_Matches'>";
- $rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
- WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
+ $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
+ WHERE filter_id = ? ORDER BY reg_exp, id");
+ $rules_sth->execute([$filter_id]);
- while ($line = $this->dbh->fetch_assoc($rules_result)) {
- if ($line["match_on"]) {
- $line["feed_id"] = json_decode($line["match_on"], true);
- } else {
- if (sql_bool_to_bool($line["cat_filter"])) {
- $feed_id = "CAT:" . (int)$line["cat_id"];
- } else {
- $feed_id = (int)$line["cat_id"];
- }
+ while ($line = $rules_sth->fetch()) {
+ if ($line["match_on"]) {
+ $line["feed_id"] = json_decode($line["match_on"], true);
+ } else {
+ if ($line["cat_filter"]) {
+ $feed_id = "CAT:" . (int)$line["cat_id"];
+ } else {
+ $feed_id = (int)$line["feed_id"];
+ }
- $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
- }
+ $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
+ }
- unset($line["cat_filter"]);
- unset($line["cat_id"]);
- unset($line["filter_id"]);
- unset($line["id"]);
- if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
- unset($line["match_on"]);
+ unset($line["cat_filter"]);
+ unset($line["cat_id"]);
+ unset($line["filter_id"]);
+ unset($line["id"]);
+ if (!$line["inverse"]) unset($line["inverse"]);
+ unset($line["match_on"]);
- $data = htmlspecialchars(json_encode($line));
+ $data = htmlspecialchars(json_encode($line));
- print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
- "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
- "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
- }
+ print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
+ "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
+ "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
+ }
- print "</ul>";
+ print "</ul>";
- print "</div>";
+ print "</div>";
- print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
+
print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
- print "<div dojoType=\"dijit.Toolbar\">";
+
print "<div dojoType=\"dijit.Toolbar\">";
- print "<div dojoType=\"dijit.form.DropDownButton\">".
+
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
- print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
+
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
- print "</div></div>";
+ print "</div></div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
- __('Add')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
+ __('Add')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
- __('Delete')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
+ __('Delete')."</button> ";
- print "</div>";
+ print "</div>";
- print "<ul id='filterDlg_Actions'>";
+
print "<ul id='filterDlg_Actions'>";
- $actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
- WHERE filter_id = '$filter_id' ORDER BY id");
+ $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ? ORDER BY id");
+ $actions_sth->execute([$filter_id]);
- while ($line = $this->dbh->fetch_assoc($actions_result)) {
- $line["action_param_label"] = $line["action_param"];
+ while ($line = $actions_sth->fetch()) {
+ $line["action_param_label"] = $line["action_param"];
- unset($line["filter_id"]);
- unset($line["id"]);
+ unset($line["filter_id"]);
+ unset($line["id"]);
- $data = htmlspecialchars(json_encode($line));
+ $data = htmlspecialchars(json_encode($line));
- print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
- "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
- "<input type='hidden' name='action[]' value=\"$data\"/></li>";
- }
+ print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
+ "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
+ "<input type='hidden' name='action[]' value=\"$data\"/></li>";
+ }
- print "</ul>";
+ print "</ul>";
- print "</div>";
+ print "</div>";
- if ($enabled) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($enabled) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
+ print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
<label for=\"enabled\">".__('Enabled')."</label>";
- if ($match_any_rule) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($match_any_rule) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
<label for=\"match_any_rule\">".__('Match any rule')."</label>";
- if ($inverse) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($inverse) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse matching')."</label>";
- print "<p/>";
- print "<div class=\"dlgButtons\">";
+
print "<div class=\"dlgButtons\">";
- print "<div style=\"float : left\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
- __('Remove')."</button>";
- print "</div>";
+
print "<div style=\"float : left\">";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
+ __('Remove')."</button>";
+ print "</div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
- __('Test')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
+ __('Test')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
- __('Save')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
+ __('Save')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
- __('Cancel')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
+ __('Cancel')."</button>";
- print "</div>";
+ print "</div>";
+
+ }
}
private function getRuleName($rule) {
- if (!$rule) $rule = json_decode($_REQUEST["rule"], true);
+ if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true);
$feeds = $rule["feed_id"];
$feeds_fmt = [];
$feed = implode(", ", $feeds_fmt);
- $result = $this->dbh->query("SELECT description FROM ttrss_filter_types
- WHERE id = ".(int)$rule["filter_type"]);
- $filter_type = $this->dbh->fetch_result($result, 0, "description");
+ $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_types
+ WHERE id = ?");
+ $sth->execute([(int)$rule["filter_type"]]);
+
+ if ($row = $sth->fetch()) {
+ $filter_type = $row["description"];
+ } else {
+ $filter_type = "?UNKNOWN?";
+ }
$inverse = isset($rule["inverse"]) ? "inverse" : "";
}
function printRuleName() {
- print $this->getRuleName(json_decode($_REQUEST["rule"], true));
+ print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true));
}
private function getActionName($action) {
- $result = $this->dbh->query("SELECT description FROM
- ttrss_filter_actions WHERE id = " .(int)$action["action_id"]);
+ $sth = $this->pdo->prepare("SELECT description FROM
+ ttrss_filter_actions WHERE id = ?");
+ $sth->execute([(int)$action["action_id"]]);
+
+ $title = "";
- $title = __($this->dbh->fetch_result($result, 0, "description"));
+ if ($row = $sth->fetch()) {
- if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
- $action["action_id"] == 7)
+ $title = __($row["description"]);
+
+ if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
+ $action["action_id"] == 7)
$title .= ": " . $action["action_param"];
- if ($action["action_id"] == 9) {
- list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
+ if ($action["action_id"] == 9) {
+ list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
- $filter_actions = PluginHost::getInstance()->get_filter_actions();
+ $filter_actions = PluginHost::getInstance()->get_filter_actions();
- foreach ($filter_actions as $fclass => $factions) {
- foreach ($factions as $faction) {
- if ($pfaction == $faction["action"] && $pfclass == $fclass) {
- $title .= ": " . $fclass . ": " . $faction["description"];
- break;
+ foreach ($filter_actions as $fclass => $factions) {
+ foreach ($factions as $faction) {
+ if ($pfaction == $faction["action"] && $pfclass == $fclass) {
+ $title .= ": " . $fclass . ": " . $faction["description"];
+ break;
+ }
}
}
}
}
function printActionName() {
- print $this->getActionName(json_decode($_REQUEST["action"], true));
+ print $this->getActionName(json_decode(clean($_REQUEST["action"]), true));
}
function editSave() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
-# print_r($_REQUEST);
+ $filter_id = clean($_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
+ $title = clean($_REQUEST["title"]);
- $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
- $enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"]));
- $match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]));
- $inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]));
- $title = $this->dbh->escape_string($_REQUEST["title"]);
+ $this->pdo->beginTransaction();
- $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled,
- match_any_rule = $match_any_rule,
- inverse = $inverse,
- title = '$title'
- WHERE id = '$filter_id'
- AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET enabled = ?,
+ match_any_rule = ?,
+ inverse = ?,
+ title = ?
+ WHERE id = ? AND owner_uid = ?");
+
+ $sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]);
$this->saveRulesAndActions($filter_id);
+ $this->pdo->commit();
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", clean($_REQUEST["ids"]));
+ $ids_qmarks = arr_qmarks($ids);
- foreach ($ids as $id) {
- $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
- }
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
+ AND owner_uid = ?");
+ $sth->execute(array_merge($ids, [$_SESSION['uid']]));
}
- private function saveRulesAndActions($filter_id) {
+ private function saveRulesAndActions($filter_id)
+ {
- $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
- $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?");
+ $sth->execute([$filter_id]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
+ $sth->execute([$filter_id]);
+
+ if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
+ if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
+
if ($filter_id) {
/* create rules */
$rules = array();
$actions = array();
- foreach ($_REQUEST["rule"] as $rule) {
+ foreach (clean($_REQUEST["rule"]) as $rule) {
$rule = json_decode($rule, true);
unset($rule["id"]);
}
}
- foreach ($_REQUEST["action"] as $action) {
+ foreach (clean($_REQUEST["action"]) as $action) {
$action = json_decode($action, true);
unset($action["id"]);
}
}
+ $rsth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
+ (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
+ (?, ?, ?, NULL, NULL, ?, ?)");
+
foreach ($rules as $rule) {
if ($rule) {
- $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false);
- $inverse = isset($rule["inverse"]) ? "true" : "false";
-
- $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));
- $match_on = $this->dbh->escape_string(json_encode($rule["feed_id"]));
-
- /*if (strpos($feed_id, "CAT:") === 0) {
-
- $cat_filter = bool_to_sql_bool(true);
- $cat_id = (int) substr($feed_id, 4);
- $feed_id = "NULL";
+ $reg_exp = trim($rule["reg_exp"]);
+ $inverse = isset($rule["inverse"]) ? 1 : 0;
- if (!$cat_id) $cat_id = "NULL"; // Uncategorized
- } else {
- $cat_filter = bool_to_sql_bool(false);
- $feed_id = (int) $feed_id;
- $cat_id = "NULL";
-
- if (!$feed_id) $feed_id = "NULL"; // Uncategorized
- }*/
+ $filter_type = (int)trim($rule["filter_type"]);
+ $match_on = json_encode($rule["feed_id"]);
- $query = "INSERT INTO ttrss_filters2_rules
- (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
- ('$filter_id', '$reg_exp', '$filter_type', NULL, NULL, '$match_on', $inverse)";
-
- $this->dbh->query($query);
+ $rsth->execute([$filter_id, $reg_exp, $filter_type, $match_on, $inverse]);
}
}
+ $asth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions
+ (filter_id, action_id, action_param) VALUES
+ (?, ?, ?)");
+
foreach ($actions as $action) {
if ($action) {
- $action_id = (int) $this->dbh->escape_string($action["action_id"]);
- $action_param = $this->dbh->escape_string($action["action_param"]);
- $action_param_label = $this->dbh->escape_string($action["action_param_label"]);
+ $action_id = (int)$action["action_id"];
+ $action_param = $action["action_param"];
+ $action_param_label = $action["action_param_label"];
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
- $action_param = (int) str_replace("+", "", $action_param);
+ $action_param = (int)str_replace("+", "", $action_param);
}
- $query = "INSERT INTO ttrss_filters2_actions
- (filter_id, action_id, action_param) VALUES
- ('$filter_id', '$action_id', '$action_param')";
-
- $this->dbh->query($query);
+ $asth->execute([$filter_id, $action_id, $action_param]);
}
}
}
-
-
}
function add() {
- if ($_REQUEST["savemode"] && $_REQUEST["savemode"] == "test") {
+ if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
return $this->testFilter();
}
-# print_r($_REQUEST);
-
- $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
- $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $title = $this->dbh->escape_string($_REQUEST["title"]);
- $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
+ $title = clean($_REQUEST["title"]);
+ $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
/* create base filter */
- $result = $this->dbh->query("INSERT INTO ttrss_filters2
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title, inverse) VALUES
- (".$_SESSION["uid"].",$match_any_rule,$enabled, '$title', $inverse)");
+ (?, ?, ?, ?, ?)");
- $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2
- WHERE owner_uid = ".$_SESSION["uid"]);
+ $sth->execute([$_SESSION['uid'], $match_any_rule, $enabled, $title, $inverse]);
- $filter_id = $this->dbh->fetch_result($result, 0, "id");
+ $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2
+ WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $this->saveRulesAndActions($filter_id);
+ if ($row = $sth->fetch()) {
+ $filter_id = $row['id'];
+ $this->saveRulesAndActions($filter_id);
+ }
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
function index() {
- $sort = $this->dbh->escape_string($_REQUEST["sort"]);
-
- if (!$sort || $sort == "undefined") {
- $sort = "reg_exp";
- }
-
- $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $filter_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
-
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
} else {
print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
__('Remove')."</button> ";
- if (defined('_ENABLE_FEED_DEBUGGING')) {
- print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
- __('Rescore articles')."</button> ";
- }
-
print "</div>"; # toolbar
print "</div>"; # toolbar-frame
print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
}
function newrule() {
- $rule = json_decode($_REQUEST["rule"], true);
+ $rule = json_decode(clean($_REQUEST["rule"]), true);
if ($rule) {
$reg_exp = htmlspecialchars($rule["reg_exp"]);
$inverse_checked = "";
}
- /*if (strpos($feed_id, "CAT:") === 0) {
- $feed_id = substr($feed_id, 4);
- $cat_filter = true;
- } else {
- $cat_filter = false;
- }*/
-
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
- $result = $this->dbh->query("SELECT id,description
+ $res = $this->pdo->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$filter_types[$line["id"]] = __($line["description"]);
}
print "<span id='filterDlg_feeds'>";
print_feed_multi_select("feed_id",
$feed_id,
- 'dojoType="dijit.form.MultiSelect" style="height : 150px"');
+ 'dojoType="dijit.form.MultiSelect"');
print "</span>";
print "</div>";
}
function newaction() {
- $action = json_decode($_REQUEST["action"], true);
+ $action = json_decode(clean($_REQUEST["action"]), true);
if ($action) {
- $action_param = $this->dbh->escape_string($action["action_param"]);
+ $action_param = $action["action_param"];
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
- $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions
+ $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
}
private function getFilterName($id) {
- $result = $this->dbh->query(
+ $sth = $this->pdo->prepare(
"SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
ON (r.filter_id = f.id)
LEFT JOIN ttrss_filters2_actions AS a
- ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title, f.match_any_rule");
+ ON (a.filter_id = f.id) WHERE f.id = ? GROUP BY f.title, f.match_any_rule");
+ $sth->execute([$id]);
- $title = $this->dbh->fetch_result($result, 0, "title");
- $num_rules = $this->dbh->fetch_result($result, 0, "num_rules");
- $num_actions = $this->dbh->fetch_result($result, 0, "num_actions");
- $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
+ if ($row = $sth->fetch()) {
- if (!$title) $title = __("[No caption]");
+ $title = $row["title"];
+ $num_rules = $row["num_rules"];
+ $num_actions = $row["num_actions"];
+ $match_any_rule = $row["match_any_rule"];
- $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
+ if (!$title) $title = __("[No caption]");
+ $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ? ORDER BY id LIMIT 1");
+ $sth->execute([$id]);
- $actions = "";
+ $actions = "";
- if ($this->dbh->num_rows($result) > 0) {
- $line = $this->dbh->fetch_assoc($result);
- $actions = $this->getActionName($line);
+ if ($line = $sth->fetch()) {
+ $actions = $this->getActionName($line);
- $num_actions -= 1;
- }
+ $num_actions -= 1;
+ }
+
+ if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
- if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
+ if ($num_actions > 0)
+ $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
- if ($num_actions > 0)
- $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
+ return [$title, $actions];
+ }
- return array($title, $actions);
+ return [];
}
function join() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", clean($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
- $ids_str = join(",", $ids);
+ $ids_qmarks = arr_qmarks($ids);
+
+ $this->pdo->beginTransaction();
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_rules
+ SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
+ $sth->execute(array_merge([$base_id], $ids));
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions
+ SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
+ $sth->execute(array_merge([$base_id], $ids));
- $this->dbh->query("BEGIN");
- $this->dbh->query("UPDATE ttrss_filters2_rules
- SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
- $this->dbh->query("UPDATE ttrss_filters2_actions
- SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)");
+ $sth->execute($ids);
- $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
- $this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = ?");
+ $sth->execute([$base_id]);
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
$this->optimizeFilter($base_id);
}
private function optimizeFilter($id) {
- $this->dbh->query("BEGIN");
- $result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
- WHERE filter_id = '$id'");
+
+ $this->pdo->beginTransaction();
+
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ?");
+ $sth->execute([$id]);
$tmp = array();
$dupe_ids = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
unset($line["id"]);
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
- $this->dbh->query("DELETE FROM ttrss_filters2_actions
- WHERE id IN ($ids_str)");
+
+ $this->pdo->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)");
}
- $result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
- WHERE filter_id = '$id'");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
+ WHERE filter_id = ?");
+ $sth->execute([$id]);
$tmp = array();
$dupe_ids = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
unset($line["id"]);
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
- $this->dbh->query("DELETE FROM ttrss_filters2_rules
- WHERE id IN ($ids_str)");
+
+ $this->pdo->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)");
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
\ No newline at end of file
git.wh0rd.org / tt-rss.git / blobdiff