plugin base class: init pdo object

[tt-rss.git] / plugins / share / init.php

diff --git a/plugins/share/init.php b/plugins/share/init.php
index a1b0146a1d2599fa133838466d53fb33c5810dac..84bc78eb4ed6508c139885eb5b5bb2fea6865078 100644 (file)
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -8,75 +8,112 @@ class Share extends Plugin {
                        "fox");
        }
 
+       /* @var PluginHost $host */
        function init($host) {
                $this->host = $host;
 
                $host->add_hook($host::HOOK_ARTICLE_BUTTON, $this);
+               $host->add_hook($host::HOOK_PREFS_TAB_SECTION, $this);
        }
 
        function get_js() {
                return file_get_contents(dirname(__FILE__) . "/share.js");
        }
 
+       function get_prefs_js() {
+               return file_get_contents(dirname(__FILE__) . "/share_prefs.js");
+       }
+
+
        function unshare() {
-               $id = db_escape_string($_REQUEST['id']);
+               $id = $_REQUEST['id'];
 
-               db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id'
-                       AND owner_uid = " . $_SESSION['uid']);
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$id, $_SESSION['uid']]);
 
                print "OK";
        }
 
-       function newkey() {
-               $id = db_escape_string($_REQUEST['id']);
+       function hook_prefs_tab_section($id) {
+               if ($id == "prefFeedsPublishedGenerated") {
+
+                       print "<p>" . __("You can disable all articles shared by unique URLs here.") . "</p>";
+
+                       print "<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">".
+                               __('Unshare all articles')."</button> ";
 
-               $uuid = db_escape_string(sha1(uniqid(rand(), true)));
+                       print "</p>";
+
+               }
+       }
+
+       // Silent
+       function clearArticleKeys() {
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE
+                       owner_uid = ?");
+               $sth->execute([$_SESSION['uid']]);
+
+               return;
+       }
 
-               db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
-                       AND owner_uid = " . $_SESSION['uid']);
+
+       function newkey() {
+               $id = $_REQUEST['id'];
+               $uuid = uniqid_short();
+
+               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$uuid, $id, $_SESSION['uid']]);
 
                print json_encode(array("link" => $uuid));
        }
 
        function hook_article_button($line) {
-               return "<img src=\"plugins/share/share.png\"
+               $img = $line['uuid'] ? "share.png" : "notshared.png";
+
+               return "<img id='SHARE-IMG-".$line['int_id']."' src=\"plugins/share/$img\"
                        class='tagsPic' style=\"cursor : pointer\"
                        onclick=\"shareArticle(".$line['int_id'].")\"
                        title='".__('Share by URL')."'>";
        }
 
        function shareArticle() {
-               $param = db_escape_string($_REQUEST['param']);
+               $param = $_REQUEST['param'];
 
-               $result = db_query("SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
-                       AND owner_uid = " . $_SESSION['uid']);
+               $sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ?
+                       AND owner_uid = ?");
+               $sth->execute([$param, $_SESSION['uid']]);
 
-               if (db_num_rows($result) == 0) {
-                       print "Article not found.";
-               } else {
+               if ($row = $sth->fetch()) {
 
-                       $uuid = db_fetch_result($result, 0, "uuid");
-                       $ref_id = db_fetch_result($result, 0, "ref_id");
+                       $uuid = $row['uuid'];
 
                        if (!$uuid) {
-                               $uuid = db_escape_string(sha1(uniqid(rand(), true)));
-                               db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
-                                       AND owner_uid = " . $_SESSION['uid']);
+                               $uuid = uniqid_short();
+
+                               $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+                                       AND owner_uid = ?");
+                               $sth->execute([$uuid, $param, $_SESSION['uid']]);
                        }
 
-                       print "<h2>". __("You can share this article by the following unique URL:") . "</h2>";
+                       print __("You can share this article by the following unique URL:") . "<br/>";
 
                        $url_path = get_self_url_prefix();
                        $url_path .= "/public.php?op=share&key=$uuid";
 
                        print "<div class=\"tagCloudContainer\">";
-                       print "<a id='gen_article_url' href='$url_path' target='_blank'>$url_path</a>";
+                       print "<a id='gen_article_url' href='$url_path' target='_blank' rel='noopener noreferrer'>$url_path</a>";
                        print "</div>";
 
                        /* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
                                label_create(__('Shared'), $_SESSION["uid"]);
 
                        label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */
+
+
+               } else {
+                       print "Article not found.";
                }
 
                print "<div align='center'>";
@@ -97,5 +134,4 @@ class Share extends Plugin {
                return 2;
        }
 
-}
-?>
+}
\ No newline at end of file