$count = 0;
while ($line = db_fetch_assoc($result)) {
- $subscribers = db_escape_string($line["subscribers"]);
- $feed_url = db_escape_string($line["feed_url"]);
- $title = db_escape_string($line["title"]);
- $site_url = db_escape_string($line["site_url"]);
+ $subscribers = db_escape_string($link, $line["subscribers"]);
+ $feed_url = db_escape_string($link, $line["feed_url"]);
+ $title = db_escape_string($link, $line["title"]);
+ $site_url = db_escape_string($link, $line["site_url"]);
$tmp_result = db_query($link, "SELECT subscribers FROM
ttrss_feedbrowser_cache WHERE feed_url = '$feed_url'");
$result = db_query($link, "SELECT id,update_interval,auth_login,
feed_url,auth_pass,cache_images,last_updated,
- mark_unread_on_update, owner_uid, update_on_checksum_change,
+ mark_unread_on_update, owner_uid,
pubsub_state
FROM ttrss_feeds WHERE id = '$feed'");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result,
0, "mark_unread_on_update"));
- $update_on_checksum_change = sql_bool_to_bool(db_fetch_result($result,
- 0, "update_on_checksum_change"));
$pubsub_state = db_fetch_result($result, 0, "pubsub_state");
db_query($link, "UPDATE ttrss_feeds SET last_update_started = NOW()
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
$fetch_url = db_fetch_result($result, 0, "feed_url");
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
/* if ($auth_login && $auth_pass ){
$url_parts = array();
_debug("update_rss_feed: unable to fetch: $fetch_last_error");
}
+ $error_escaped = db_escape_string($link, $fetch_last_error);
+
db_query($link,
- "UPDATE ttrss_feeds SET last_error = '$fetch_last_error',
+ "UPDATE ttrss_feeds SET last_error = '$error_escaped',
last_updated = NOW() WHERE id = '$feed'");
return;
}
$pluginhost = new PluginHost($link);
+ $pluginhost->set_debug($debug_enabled);
$user_plugins = get_pref($link, "_ENABLED_PLUGINS", $owner_uid);
$pluginhost->load(PLUGINS, $pluginhost::KIND_ALL);
}
$rss = new SimplePie();
+ $rss->set_sanitize_class("SanitizeDummy");
+ // simplepie ignores the above and creates default sanitizer anyway,
+ // so let's override it...
+ $rss->sanitize = new SanitizeDummy();
$rss->set_output_encoding('UTF-8');
$rss->set_raw_data($feed_data);
$rss->set_cache_duration($cache_age);
}
- $rss->init();
+ @$rss->init();
// print_r($rss);
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
if (!$rss->error()) {
$owner_uid = db_fetch_result($result, 0, "owner_uid");
- $site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
+ $site_url = db_escape_string($link, mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
if ($debug_enabled) {
_debug("update_rss_feed: checking favicon...");
if (!$registered_title || $registered_title == "[Unknown]") {
- $feed_title = db_escape_string($rss->get_title());
+ $feed_title = db_escape_string($link, $rss->get_title());
if ($debug_enabled) {
_debug("update_rss_feed: registering title: $feed_title");
}
foreach ($items as $item) {
- if ($_REQUEST['xdebug'] == 2) {
+ if ($_REQUEST['xdebug'] == 3) {
print_r($item);
}
$entry_title = $item->get_title();
- $entry_link = rewrite_relative_url($site_url, htmlspecialchars_decode($item->get_link()));
+ $entry_link = rewrite_relative_url($site_url, $item->get_link());
if ($debug_enabled) {
_debug("update_rss_feed: title $entry_title");
$entry_author = $entry_author_item->get_name();
if (!$entry_author) $entry_author = $entry_author_item->get_email();
- $entry_author = db_escape_string($entry_author);
+ $entry_author = db_escape_string($link, $entry_author);
}
- $entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245));
+ $entry_guid = db_escape_string($link, mb_substr($entry_guid, 0, 245));
- $entry_comments = db_escape_string(mb_substr($entry_comments, 0, 245));
- $entry_author = db_escape_string(mb_substr($entry_author, 0, 245));
+ $entry_comments = db_escape_string($link, mb_substr($entry_comments, 0, 245));
+ $entry_author = db_escape_string($link, mb_substr($entry_author, 0, 245));
$num_comments = $item->get_item_tags('http://purl.org/rss/1.0/modules/slash/', 'comments');
}
if ($debug_enabled) {
- _debug("update_rss_feed: done collecting data [TITLE:$entry_title]");
+ _debug("update_rss_feed: done collecting data.");
}
// TODO: less memory-hungry implementation
// FIXME not sure if owner_uid is a good idea here, we may have a base entry without user entry (?)
$result = db_query($link, "SELECT plugin_data,title,content,link,tag_cache,author FROM ttrss_entries, ttrss_user_entries
- WHERE ref_id = id AND guid = '".db_escape_string($entry_guid)."' AND owner_uid = $owner_uid");
+ WHERE ref_id = id AND guid = '".db_escape_string($link, $entry_guid)."' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
$entry_plugin_data = db_fetch_result($result, 0, "plugin_data");
}
$entry_tags = $article["tags"];
- $entry_guid = db_escape_string($entry_guid);
- $entry_content = db_escape_string($article["content"], false);
- $entry_title = db_escape_string($article["title"]);
- $entry_author = db_escape_string($article["author"]);
- $entry_link = db_escape_string($article["link"]);
- $entry_plugin_data = db_escape_string($article["plugin_data"]);
+ $entry_guid = db_escape_string($link, $entry_guid);
+ $entry_title = db_escape_string($link, $article["title"]);
+ $entry_author = db_escape_string($link, $article["author"]);
+ $entry_link = db_escape_string($link, $article["link"]);
+ $entry_plugin_data = db_escape_string($link, $article["plugin_data"]);
+ $entry_content = $article["content"]; // escaped below
+
if ($debug_enabled) {
_debug("update_rss_feed: plugin data: $entry_plugin_data");
}
if ($cache_images && is_writable(CACHE_DIR . '/images'))
- $entry_content = cache_images($entry_content, $site_url, $debug_enabled);
+ cache_images($entry_content, $site_url, $debug_enabled);
+
+ $entry_content = db_escape_string($link, $entry_content, false);
$content_hash = "SHA1:" . sha1($entry_content);
}
}
+ $last_marked = ($marked == 'true') ? 'NOW()' : 'NULL';
+ $last_published = ($published == 'true') ? 'NOW()' : 'NULL';
+
$result = db_query($link,
"INSERT INTO ttrss_user_entries
(ref_id, owner_uid, feed_id, unread, last_read, marked,
- published, score, tag_cache, label_cache, uuid)
+ published, score, tag_cache, label_cache, uuid,
+ last_marked, last_published)
VALUES ('$ref_id', '$owner_uid', '$feed', $unread,
- $last_read_qpart, $marked, $published, '$score', '', '', '')");
+ $last_read_qpart, $marked, $published, '$score', '', '',
+ '', $last_marked, $last_published)");
if (PUBSUBHUBBUB_HUB && $published == 'true') {
$rss_link = get_self_url_prefix() .
$update_insignificant = false;
}
- if (db_escape_string($orig_title) != $entry_title) {
+ if (db_escape_string($link, $orig_title) != $entry_title) {
$post_needs_update = true;
$update_insignificant = false;
}
if ($mark_unread_on_update) {
db_query($link, "UPDATE ttrss_user_entries
SET last_read = null, unread = true WHERE ref_id = '$ref_id'");
- } else if ($update_on_checksum_change) {
- db_query($link, "UPDATE ttrss_user_entries
- SET last_read = null WHERE ref_id = '$ref_id'
- AND unread = false");
}
}
}
db_query($link, "BEGIN");
foreach ($enclosures as $enc) {
- $enc_url = db_escape_string($enc[0]);
- $enc_type = db_escape_string($enc[1]);
- $enc_dur = db_escape_string($enc[2]);
+ $enc_url = db_escape_string($link, $enc[0]);
+ $enc_type = db_escape_string($link, $enc[1]);
+ $enc_dur = db_escape_string($link, $enc[2]);
$result = db_query($link, "SELECT id FROM ttrss_enclosures
WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'");
foreach ($filtered_tags as $tag) {
$tag = sanitize_tag($tag);
- $tag = db_escape_string($tag);
+ $tag = db_escape_string($link, $tag);
if (!tag_is_valid($tag)) continue;
$tags_to_cache = array_unique($tags_to_cache);
- $tags_str = db_escape_string(join(",", $tags_to_cache));
+ $tags_str = db_escape_string($link, join(",", $tags_to_cache));
db_query($link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id'
}
foreach ($labels as $label) {
- $caption = $label["caption"];
+ $caption = preg_quote($label["caption"]);
- if (preg_match("/\b$caption\b/i", "$tags_str " . strip_tags($entry_content) . " $entry_title")) {
+ if ($caption && preg_match("/\b$caption\b/i", "$tags_str " . strip_tags($entry_content) . " $entry_title")) {
if (!labels_contains_caption($article_labels, $caption)) {
label_add_article($link, $entry_ref_id, $caption, $owner_uid);
}
} else {
- $error_msg = db_escape_string(mb_substr($rss->error(), 0, 245));
+ $error_msg = db_escape_string($link, mb_substr($rss->error(), 0, 245));
if ($debug_enabled) {
_debug("update_rss_feed: error fetching feed: $error_msg");
$node = $doc->getElementsByTagName('body')->item(0);
- return $doc->saveXML($node, LIBXML_NOEMPTYTAG);
+ return $doc->saveXML($node);
}
function expire_lock_files($debug) {
}
}
- function cache_content($link, $url, $login, $pass) {
-
- $content = fetch_file_contents($url, $login, $pass);
-
- if ($content) {
- $doc = new DOMDocument();
- @$doc->loadHTML($content);
- $xpath = new DOMXPath($doc);
-
- $node = $doc->getElementsByTagName('body')->item(0);
-
- if ($node) {
- $content = $doc->saveXML($node, LIBXML_NOEMPTYTAG);
-
- return $content;
- }
- }
-
- return "";
- }
-
function make_guid_from_title($title) {
return preg_replace("/[ \"\',.:;]/", "-",
mb_strtolower(strip_tags($title), 'utf-8'));
git.wh0rd.org / tt-rss.git / blobdiff