$_SESSION["uid"] = db_fetch_result($result, 0, "id");
$_SESSION["name"] = db_fetch_result($result, 0, "login");
$_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
+ $_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
db_query($link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
}
}
+ function validate_csrf($csrf_token) {
+ return $csrf_token == $_SESSION['csrf_token'];
+ }
+
function validate_session($link) {
if (SINGLE_USER_MODE) return true;
$params["collapsed_feedlist"] = (int) get_pref($link, "_COLLAPSED_FEEDLIST");
+ $params["csrf_token"] = $_SESSION["csrf_token"];
+
return $params;
}
* @param integer $limit The maximum number of articles by digest.
* @return boolean Return false if digests are not enabled.
*/
- function send_headlines_digests($link, $limit = 100) {
+ function send_headlines_digests($link, $limit = 100, $debug = true) {
require_once 'lib/phpmailer/class.phpmailer.php';
$user_limit = 15; // amount of users to process (e.g. emails to send out)
$days = 1;
- print "Sending digests, batch of max $user_limit users, days = $days, headline limit = $limit\n\n";
+ if ($debug) _debug("Sending digests, batch of max $user_limit users, days = $days, headline limit = $limit");
if (DB_TYPE == "pgsql") {
$interval_query = "last_digest_sent < NOW() - INTERVAL '$days days'";
}
}
- print "All done.\n";
+ if ($debug) _debug("All done.");
}
onclick=\"postOpenInNewTab(event, $id)\"
alt='Zoom' title='".__('Open article in new tab')."'>";
- //$note_escaped = htmlspecialchars($line['note'], ENT_QUOTES);
+ $button_plugins = explode(",", ARTICLE_BUTTON_PLUGINS);
- $rv['content'] .= "<img src=\"".theme_image($link, 'images/art-pub-note.png')."\"
- class='tagsPic' style=\"cursor : pointer\"
- onclick=\"editArticleNote($id)\"
- alt='PubNote' title='".__('Edit article note')."'>";
-
- $rv['content'] .= "<img src=\"".theme_image($link, 'images/art-email.png')."\"
- class='tagsPic' style=\"cursor : pointer\"
- onclick=\"emailArticle($id)\"
- alt='Zoom' title='".__('Forward by email')."'>";
-
- if (ENABLE_TWEET_BUTTON) {
- $rv['content'] .= "<img src=\"".theme_image($link, 'images/art-tweet.png')."\"
- class='tagsPic' style=\"cursor : pointer\"
- onclick=\"tweetArticle($id)\"
- alt='Zoom' title='".__('Share on Twitter')."'>";
- }
+ foreach ($button_plugins as $p) {
+ $pclass = trim("${p}_button");
- $rv['content'] .= "<img src=\"".theme_image($link, 'images/art-share.png')."\"
- class='tagsPic' style=\"cursor : pointer\"
- onclick=\"shareArticle(".$line['int_id'].")\"
- alt='Zoom' title='".__('Share by URL')."'>";
+ if (class_exists($pclass)) {
+ $plugin = new $pclass($link);
+ $rv['content'] .= $plugin->render($id, $line);
+ }
+ }
$rv['content'] .= "<img src=\"".theme_image($link, 'images/digest_checkbox.png')."\"
class='tagsPic' style=\"cursor : pointer\"
onclick=\"closeArticlePanel($id)\"
- alt='Zoom' title='".__('Close this panel')."'>";
+ title='".__('Close article')."'>";
} else {
$tags_str = strip_tags($tags_str);
$rv['content'] .= " ";
$rv['content'] .= "<a target='_blank' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
- $rv['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.gif'></a>";
+ $rv['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.png'></a>";
$rv['content'] .= "</div>";
}
inverse,
action_param,
filter_param
- FROM ttrss_filters,ttrss_filter_types,ttrss_filter_actions WHERE
+ FROM ttrss_filters
+ LEFT JOIN ttrss_feeds ON (ttrss_feeds.id = '$feed'),
+ ttrss_filter_types,ttrss_filter_actions
+ WHERE
enabled = true AND
$ftype_query_part
- owner_uid = $owner_uid AND
+ ttrss_filters.owner_uid = $owner_uid AND
ttrss_filter_types.id = filter_type AND
ttrss_filter_actions.id = action_id AND
- (feed_id IS NULL OR feed_id = '$feed') ORDER BY reg_exp");
+ ((cat_filter = true AND ttrss_feeds.cat_id = ttrss_filters.cat_id) OR
+ (cat_filter = true AND ttrss_feeds.cat_id IS NULL AND
+ ttrss_filters.cat_id IS NULL) OR
+ (cat_filter = false AND (feed_id IS NULL OR feed_id = '$feed')))
+ ORDER BY reg_exp");
while ($line = db_fetch_assoc($result)) {
+
if (!$filters[$line["name"]]) $filters[$line["name"]] = array();
$filter["reg_exp"] = $line["reg_exp"];
$filter["action"] = $line["action"];
db_query($link, "COMMIT");
}
- function label_create($link, $caption) {
+ function label_create($link, $caption, $fg_color = '', $bg_color = '') {
db_query($link, "BEGIN");
if (db_num_rows($result) == 0) {
$result = db_query($link,
- "INSERT INTO ttrss_labels2 (caption,owner_uid)
- VALUES ('$caption', '".$_SESSION["uid"]."')");
+ "INSERT INTO ttrss_labels2 (caption,owner_uid,fg_color,bg_color)
+ VALUES ('$caption', '".$_SESSION["uid"]."', '$fg_color', '$bg_color')");
$result = db_affected_rows($link, $result) != 0;
}