$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
+ $_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
}
}
+ function validate_csrf($csrf_token) {
+ return $csrf_token == $_SESSION['csrf_token'];
+ }
+
function validate_session($link) {
if (SINGLE_USER_MODE) return true;
$params["collapsed_feedlist"] = (int) get_pref($link, "_COLLAPSED_FEEDLIST");
+ $params["csrf_token"] = $_SESSION["csrf_token"];
+
return $params;
}
$rv['content'] .= " ";
$rv['content'] .= "<a target='_blank' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
- $rv['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.gif'></a>";
+ $rv['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.png'></a>";
$rv['content'] .= "</div>";
}
inverse,
action_param,
filter_param
- FROM ttrss_filters,ttrss_filter_types,ttrss_filter_actions WHERE
+ FROM ttrss_filters
+ LEFT JOIN ttrss_feeds ON (ttrss_feeds.id = '$feed'),
+ ttrss_filter_types,ttrss_filter_actions
+ WHERE
enabled = true AND
$ftype_query_part
- owner_uid = $owner_uid AND
+ ttrss_filters.owner_uid = $owner_uid AND
ttrss_filter_types.id = filter_type AND
ttrss_filter_actions.id = action_id AND
- (feed_id IS NULL OR feed_id = '$feed') ORDER BY reg_exp");
+ ((cat_filter = true AND ttrss_feeds.cat_id = ttrss_filters.cat_id) OR
+ (cat_filter = true AND ttrss_feeds.cat_id IS NULL AND
+ ttrss_filters.cat_id IS NULL) OR
+ (cat_filter = false AND (feed_id IS NULL OR feed_id = '$feed')))
+ ORDER BY reg_exp");
while ($line = db_fetch_assoc($result)) {
+
if (!$filters[$line["name"]]) $filters[$line["name"]] = array();
$filter["reg_exp"] = $line["reg_exp"];
$filter["action"] = $line["action"];