X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;ds=sidebyside;f=classes%2Fpref%2Ffeeds.php;h=8249f756a75726cb46d2b71a4389e1b9cd4adf23;hb=81fc862e370a1dfbd3941206fd00076e3cbf0551;hp=5b7e52ac094aa633f8776063bf1081a02b7797f8;hpb=5f5b0de423196c4f752f001bb7f39df4e6122694;p=tt-rss.git
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index 5b7e52ac..8249f756 100755
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -17,8 +17,8 @@ class Pref_Feeds extends Handler_Protected {
}
function renamecat() {
- $title = $_REQUEST['title'];
- $id = $_REQUEST['id'];
+ $title = clean($_REQUEST['title']);
+ $id = clean($_REQUEST['id']);
if ($title) {
$sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
@@ -29,14 +29,14 @@ class Pref_Feeds extends Handler_Protected {
private function get_category_items($cat_id) {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
// first one is set by API
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$items = array();
@@ -69,9 +69,9 @@ class Pref_Feeds extends Handler_Protected {
}
$fsth = $this->pdo->prepare("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id = :cat AND
+ WHERE cat_id = :cat AND
owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
ORDER BY order_id, title");
@@ -90,6 +90,7 @@ class Pref_Feeds extends Handler_Protected {
$feed['icon'] = Feeds::getFeedIcon($feed_line['id']);
$feed['param'] = make_local_datetime(
$feed_line['last_updated'], true);
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($items, $feed);
}
@@ -103,7 +104,7 @@ class Pref_Feeds extends Handler_Protected {
function makefeedtree() {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
@@ -116,7 +117,7 @@ class Pref_Feeds extends Handler_Protected {
$enable_cats = get_pref('ENABLE_FEED_CATS');
- if ($_REQUEST['mode'] == 2) {
+ if (clean($_REQUEST['mode']) == 2) {
if ($enable_cats) {
$cat = $this->feedlist_init_cat(-1);
@@ -193,8 +194,8 @@ class Pref_Feeds extends Handler_Protected {
}
if ($enable_cats) {
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
@@ -237,9 +238,9 @@ class Pref_Feeds extends Handler_Protected {
$cat['child_unread'] = 0;
$fsth = $this->pdo->prepare("SELECT id, title,last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id IS NULL AND
+ WHERE cat_id IS NULL AND
owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
ORDER BY order_id, title");
@@ -258,6 +259,7 @@ class Pref_Feeds extends Handler_Protected {
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($cat['items'], $feed);
}
@@ -272,7 +274,7 @@ class Pref_Feeds extends Handler_Protected {
} else {
$fsth = $this->pdo->prepare("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
WHERE owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
@@ -292,6 +294,7 @@ class Pref_Feeds extends Handler_Protected {
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($root['items'], $feed);
}
@@ -303,7 +306,7 @@ class Pref_Feeds extends Handler_Protected {
$fl['identifier'] = 'id';
$fl['label'] = 'name';
- if ($_REQUEST['mode'] != 2) {
+ if (clean($_REQUEST['mode']) != 2) {
$fl['items'] = array($root);
} else {
$fl['items'] = $root['items'];
@@ -325,13 +328,12 @@ class Pref_Feeds extends Handler_Protected {
}
private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) {
- $debug = isset($_REQUEST["debug"]);
$prefix = "";
for ($i = 0; $i < $nest_level; $i++)
$prefix .= " ";
- if ($debug) _debug("$prefix C: $item_id P: $parent_id");
+ Debug::log("$prefix C: $item_id P: $parent_id");
$bare_item_id = substr($item_id, strpos($item_id, ':')+1);
@@ -358,7 +360,7 @@ class Pref_Feeds extends Handler_Protected {
$id = $item['_reference'];
$bare_id = substr($id, strpos($id, ':')+1);
- if ($debug) _debug("$prefix [$order_id] $id/$bare_id");
+ Debug::log("$prefix [$order_id] $id/$bare_id");
if ($item['_reference']) {
@@ -391,7 +393,7 @@ class Pref_Feeds extends Handler_Protected {
function savefeedorder() {
$data = json_decode($_POST['payload'], true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
@@ -425,7 +427,7 @@ class Pref_Feeds extends Handler_Protected {
}
function removeicon() {
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
WHERE id = ? AND owner_uid = ?");
@@ -457,7 +459,7 @@ class Pref_Feeds extends Handler_Protected {
}
$icon_file = $tmp_file;
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 65535) {
@@ -500,7 +502,7 @@ class Pref_Feeds extends Handler_Protected {
global $update_intervals;
- $feed_id = $_REQUEST["id"];
+ $feed_id = clean($_REQUEST["id"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
owner_uid = ?");
@@ -510,8 +512,6 @@ class Pref_Feeds extends Handler_Protected {
print '
';
- $auth_pass_encrypted = $row["auth_pass_encrypted"];
-
$title = htmlspecialchars($row["title"]);
print_hidden("id", "$feed_id");
@@ -562,6 +562,18 @@ class Pref_Feeds extends Handler_Protected {
'dojoType="dijit.form.Select"');
}
+ /* Site URL */
+
+ $site_url = htmlspecialchars($row["site_url"]);
+
+ print "
";
+
+ print __('Site URL:') . " ";
+ print "";
+
/* FTS Stemming Language */
if (DB_TYPE == "pgsql") {
@@ -600,14 +612,8 @@ class Pref_Feeds extends Handler_Protected {
print "";
$auth_login = htmlspecialchars($row["auth_login"]);
- $auth_pass = $row["auth_pass"];
-
- if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
- }
+ $auth_pass = htmlspecialchars($row["auth_pass"]);
- $auth_pass = htmlspecialchars($auth_pass);
$auth_enabled = $auth_login !== '' || $auth_pass !== '';
$auth_style = $auth_enabled ? '' : 'display: none';
@@ -620,7 +626,6 @@ class Pref_Feeds extends Handler_Protected {
autocomplete=\"new-password\"
name=\"auth_login\" value=\"$auth_login\">
";
-
print "
";
+ if (DIGEST_SUBJECT !== false) {
$include_in_digest = $row["include_in_digest"];
if ($include_in_digest) {
@@ -666,6 +672,7 @@ class Pref_Feeds extends Handler_Protected {
print "
";
+ }
$always_display_enclosures = $row["always_display_enclosures"];
@@ -691,7 +698,7 @@ class Pref_Feeds extends Handler_Protected {
print "
";
+ __('Do not embed media')."";
$cache_images = $row["cache_images"];
@@ -739,10 +746,10 @@ class Pref_Feeds extends Handler_Protected {
-
+
-
";
@@ -760,7 +767,7 @@ class Pref_Feeds extends Handler_Protected {
print "
-
";
@@ -775,7 +782,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
- $feed_ids = $_REQUEST["ids"];
+ $feed_ids = clean($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
@@ -882,7 +889,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"hide_images\"
dojoType=\"dijit.form.CheckBox\">
";
+ __('Do not embed media')."";
print " "; $this->batch_edit_cbox("hide_images", "hide_images_l");
@@ -924,47 +931,48 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
- $feed_title = trim($_POST["title"]);
- $feed_url = trim($_POST["feed_url"]);
- $upd_intl = (int) $_POST["update_interval"];
- $purge_intl = (int) $_POST["purge_interval"];
- $feed_id = (int) $_POST["id"]; /* editSave */
- $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */
- $cat_id = (int) $_POST["cat_id"];
- $auth_login = trim($_POST["auth_login"]);
- $auth_pass = trim($_POST["auth_pass"]);
- $private = checkbox_to_sql_bool($_POST["private"]);
+ $feed_title = trim(clean($_POST["title"]));
+ $feed_url = trim(clean($_POST["feed_url"]));
+ $site_url = trim(clean($_POST["site_url"]));
+ $upd_intl = (int) clean($_POST["update_interval"]);
+ $purge_intl = (int) clean($_POST["purge_interval"]);
+ $feed_id = (int) clean($_POST["id"]); /* editSave */
+ $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */
+ $cat_id = (int) clean($_POST["cat_id"]);
+ $auth_login = trim(clean($_POST["auth_login"]));
+ $auth_pass = trim(clean($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(clean($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- $_POST["include_in_digest"]);
+ clean($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- $_POST["cache_images"]);
+ clean($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
- $_POST["hide_images"]);
+ clean($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- $_POST["always_display_enclosures"]);
+ clean($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- $_POST["mark_unread_on_update"]);
+ clean($_POST["mark_unread_on_update"]));
- $feed_language = trim($_POST["feed_language"]);
+ $feed_language = trim(clean($_POST["feed_language"]));
if (!$batch) {
- if ($_POST["need_auth"] !== 'on') {
+ if (clean($_POST["need_auth"]) !== 'on') {
$auth_login = '';
$auth_pass = '';
}
- $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
+ /* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
$sth->execute([$feed_id]);
- $row = $sth->fetch();
- $orig_feed_url = $row["feed_url"];
+ $row = $sth->fetch();$orig_feed_url = $row["feed_url"];
- $reset_basic_info = $orig_feed_url != $feed_url;
+ $reset_basic_info = $orig_feed_url != $feed_url; */
$sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
cat_id = :cat_id,
- title = :title,
+ title = :title,
feed_url = :feed_url,
+ site_url = :site_url,
update_interval = :upd_intl,
purge_interval = :purge_intl,
auth_login = :auth_login,
@@ -982,6 +990,7 @@ class Pref_Feeds extends Handler_Protected {
$sth->execute([":title" => $feed_title,
":cat_id" => $cat_id ? $cat_id : null,
":feed_url" => $feed_url,
+ ":site_url" => $site_url,
":upd_intl" => $upd_intl,
":purge_intl" => $purge_intl,
":auth_login" => $auth_login,
@@ -996,9 +1005,9 @@ class Pref_Feeds extends Handler_Protected {
":id" => $feed_id,
":uid" => $_SESSION['uid']]);
- if ($reset_basic_info) {
+/* if ($reset_basic_info) {
RSSUtils::set_basic_feed_info($feed_id);
- }
+ } */
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_SAVE_FEED,
"hook_prefs_save_feed", $feed_id);
@@ -1008,7 +1017,7 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($_POST) as $k) {
if ($k != "op" && $k != "method" && $k != "ids") {
- $feed_data[$k] = $_POST[$k];
+ $feed_data[$k] = clean($_POST[$k]);
}
}
@@ -1102,7 +1111,7 @@ class Pref_Feeds extends Handler_Protected {
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
@@ -1112,14 +1121,14 @@ class Pref_Feeds extends Handler_Protected {
}
function removeCat() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = trim($_REQUEST["cat"]);
+ $feed_cat = trim(clean($_REQUEST["cat"]));
add_feed_category($feed_cat);
}
@@ -1152,7 +1161,7 @@ class Pref_Feeds extends Handler_Protected {
onclick=\"showInactiveFeeds()\">" .
__("Inactive feeds") . "";
- $feed_search = $_REQUEST["search"];
+ $feed_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
@@ -1212,24 +1221,6 @@ class Pref_Feeds extends Handler_Protected {
print $error_button;
print $inactive_button;
- if (defined('_ENABLE_FEED_DEBUGGING')) {
-
- print "
";
-
- }
-
print "
"; # toolbar
//print '
';
@@ -1239,6 +1230,8 @@ class Pref_Feeds extends Handler_Protected {
".
__("Loading, please wait...")."";
+ $auto_expand = $feed_search != "" ? "true" : "false";
+
print "
@@ -1249,7 +1242,7 @@ class Pref_Feeds extends Handler_Protected {