plugin base class: init pdo object

[tt-rss.git] / plugins / share / init.php

diff --git a/plugins/share/init.php b/plugins/share/init.php
index 899677c32e5d5bc40010f430c4b521acb2b2c1b0..84bc78eb4ed6508c139885eb5b5bb2fea6865078 100644 (file)
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -8,6 +8,7 @@ class Share extends Plugin {
                        "fox");
        }
 
+       /* @var PluginHost $host */
        function init($host) {
                $this->host = $host;
 
@@ -25,10 +26,11 @@ class Share extends Plugin {
 
 
        function unshare() {
-               $id = db_escape_string($_REQUEST['id']);
+               $id = $_REQUEST['id'];
 
-               db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id'
-                       AND owner_uid = " . $_SESSION['uid']);
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$id, $_SESSION['uid']]);
 
                print "OK";
        }
@@ -36,11 +38,9 @@ class Share extends Plugin {
        function hook_prefs_tab_section($id) {
                if ($id == "prefFeedsPublishedGenerated") {
 
-                       print_warning(__("You can disable all articles shared by unique URLs here."));
+                       print "<p>" . __("You can disable all articles shared by unique URLs here.") . "</p>";
 
-                       print "<p>";
-
-                       print "<button dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">".
+                       print "<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">".
                                __('Unshare all articles')."</button> ";
 
                        print "</p>";
@@ -50,20 +50,21 @@ class Share extends Plugin {
 
        // Silent
        function clearArticleKeys() {
-               db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE
-                       owner_uid = " . $_SESSION["uid"]);
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE
+                       owner_uid = ?");
+               $sth->execute([$_SESSION['uid']]);
 
                return;
        }
 
 
        function newkey() {
-               $id = db_escape_string($_REQUEST['id']);
-
-               $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
+               $id = $_REQUEST['id'];
+               $uuid = uniqid_short();
 
-               db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
-                       AND owner_uid = " . $_SESSION['uid']);
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$uuid, $id, $_SESSION['uid']]);
 
                print json_encode(array("link" => $uuid));
        }
@@ -78,37 +79,41 @@ class Share extends Plugin {
        }
 
        function shareArticle() {
-               $param = db_escape_string($_REQUEST['param']);
+               $param = $_REQUEST['param'];
 
-               $result = db_query("SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
-                       AND owner_uid = " . $_SESSION['uid']);
+               $sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$param, $_SESSION['uid']]);
 
-               if (db_num_rows($result) == 0) {
-                       print "Article not found.";
-               } else {
+               if ($row = $sth->fetch()) {
 
-                       $uuid = db_fetch_result($result, 0, "uuid");
-                       $ref_id = db_fetch_result($result, 0, "ref_id");
+                       $uuid = $row['uuid'];
 
                        if (!$uuid) {
-                               $uuid = db_escape_string(uniqid(base_convert(rand(), 10, 36)));
-                               db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
-                                       AND owner_uid = " . $_SESSION['uid']);
+                               $uuid = uniqid_short();
+
+                               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+                                       AND owner_uid = ?");
+                               $sth->execute([$uuid, $param, $_SESSION['uid']]);
                        }
 
-                       print "<h2>". __("You can share this article by the following unique URL:") . "</h2>";
+                       print __("You can share this article by the following unique URL:") . "<br/>";
 
                        $url_path = get_self_url_prefix();
                        $url_path .= "/public.php?op=share&key=$uuid";
 
                        print "<div class=\"tagCloudContainer\">";
-                       print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+                       print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
                        print "</div>";
 
                        /* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
                                label_create(__('Shared'), $_SESSION["uid"]);
 
                        label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */
+
+
+               } else {
+                       print "Article not found.";
                }
 
                print "<div align='center'>";
@@ -129,5 +134,4 @@ class Share extends Plugin {
                return 2;
        }
 
-}
-?>
+}
\ No newline at end of file