"fox");
}
+ /* @var PluginHost $host */
function init($host) {
$this->host = $host;
function unshare() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = $_REQUEST['id'];
- db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id'
- AND owner_uid = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
print "OK";
}
function hook_prefs_tab_section($id) {
if ($id == "prefFeedsPublishedGenerated") {
- print_warning(__("You can disable all articles shared by unique URLs here."));
+ print "<p>" . __("You can disable all articles shared by unique URLs here.") . "</p>";
- print "<p>";
-
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">".
+ print "<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">".
__('Unshare all articles')."</button> ";
print "</p>";
// Silent
function clearArticleKeys() {
- db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE
+ owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
return;
}
function newkey() {
- $id = db_escape_string($_REQUEST['id']);
-
- $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
+ $id = $_REQUEST['id'];
+ $uuid = uniqid_short();
- db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
- AND owner_uid = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+ AND owner_uid = ?");
+ $sth->execute([$uuid, $id, $_SESSION['uid']]);
print json_encode(array("link" => $uuid));
}
}
function shareArticle() {
- $param = db_escape_string($_REQUEST['param']);
+ $param = $_REQUEST['param'];
- $result = db_query("SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
- AND owner_uid = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ?
+ AND owner_uid = ?");
+ $sth->execute([$param, $_SESSION['uid']]);
- if (db_num_rows($result) == 0) {
- print "Article not found.";
- } else {
+ if ($row = $sth->fetch()) {
- $uuid = db_fetch_result($result, 0, "uuid");
- $ref_id = db_fetch_result($result, 0, "ref_id");
+ $uuid = $row['uuid'];
if (!$uuid) {
- $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
- db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
- AND owner_uid = " . $_SESSION['uid']);
+ $uuid = uniqid_short();
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+ AND owner_uid = ?");
+ $sth->execute([$uuid, $param, $_SESSION['uid']]);
}
- print "<h2>". __("You can share this article by the following unique URL:") . "</h2>";
+ print __("You can share this article by the following unique URL:") . "<br/>";
$url_path = get_self_url_prefix();
$url_path .= "/public.php?op=share&key=$uuid";
print "<div class=\"tagCloudContainer\">";
- print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+ print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
print "</div>";
/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
label_create(__('Shared'), $_SESSION["uid"]);
label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */
+
+
+ } else {
+ print "Article not found.";
}
print "<div align='center'>";
return 2;
}
-}
-?>
+}
\ No newline at end of file