X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Ffeeds.php;h=2bd9b0e6573f7afc0b6c3d4551b287bd262fdf56;hb=b9585004e68fdd7718e042083a4d9fb2dc351e0c;hp=bf5425e75063ed867f02c090a18baabaa816139c;hpb=b5791f11c5d07b5903287cff4f06a1f959f316c4;p=tt-rss.git diff --git a/classes/feeds.php b/classes/feeds.php index bf5425e7..2bd9b0e6 100755 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -39,7 +39,7 @@ class Feeds extends Handler_Protected { $search_q = ""; } - $reply .= ""; + $reply = ""; $rss_link = htmlspecialchars(get_self_url_prefix() . "/public.php?op=rss&id=$feed_id$cat_q$search_q"); @@ -64,7 +64,7 @@ class Feeds extends Handler_Protected { $target = "target=\"_blank\""; $reply .= "". - truncate_string($feed_title, 30).""; + truncate_string(strip_tags($feed_title), 30).""; if ($error) { $error = htmlspecialchars($error); @@ -72,7 +72,7 @@ class Feeds extends Handler_Protected { } } else { - $reply .= $feed_title; + $reply .= strip_tags($feed_title); } $reply .= ""; @@ -173,49 +173,10 @@ class Feeds extends Handler_Protected { $method_split = explode(":", $method); if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) { - // Update the feed if required with some basic flood control - - $any_needs_curl = false; - - if (ini_get("open_basedir")) { - $pluginhost = PluginHost::getInstance(); - foreach ($pluginhost->get_plugins() as $plugin) { - $flags = $plugin->flags(); - - if (isset($flags["needs_curl"]) && $flags["needs_curl"]) { - $any_needs_curl = true; - break; - } - } - } - - //if ($_REQUEST["debug"]) print ""; - - if (!$any_needs_curl) { - - $sth = $this->pdo->prepare("SELECT cache_images," . SUBSTRING_FOR_DATE . "(last_updated,1,19) AS last_updated - FROM ttrss_feeds WHERE id = ?"); - $sth->execute([$feed]); - - if ($row = $sth->fetch()) { - $last_updated = strtotime($row["last_updated"]); - $cache_images = sql_bool_to_bool($row["cache_images"]); - - if (!$cache_images && time() - $last_updated > 120) { - RSSUtils::update_rss_feed($feed, true); - } else { - $sth = $this->pdo->prepare("UPDATE ttrss_feeds - SET last_updated = '1970-01-01', last_update_started = '1970-01-01' - WHERE id = ?"); - $sth->execute([$feed]); - } - } - } else { - $sth = $this->pdo->prepare("UPDATE ttrss_feeds - SET last_updated = '1970-01-01', last_update_started = '1970-01-01' - WHERE id = ?"); - $sth->execute([$feed]); - } + $sth = $this->pdo->prepare("UPDATE ttrss_feeds + SET last_updated = '1970-01-01', last_update_started = '1970-01-01' + WHERE id = ?"); + $sth->execute([$feed]); } if ($method_split[0] == "MarkAllReadGR") { @@ -233,8 +194,8 @@ class Feeds extends Handler_Protected { } } - @$search = db_escape_string($_REQUEST["query"]); - @$search_language = db_escape_string($_REQUEST["search_language"]); // PGSQL only + @$search = $_REQUEST["query"]; + @$search_language = $_REQUEST["search_language"]; // PGSQL only if ($search) { $disable_cache = true; @@ -286,7 +247,7 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H1", $timing_info); - $result = $qfh_ret[0]; + $result = $qfh_ret[0]; // this could be either a PDO query result or a -1 if first id changed $feed_title = $qfh_ret[1]; $feed_site_url = $qfh_ret[2]; $last_error = $qfh_ret[3]; @@ -316,442 +277,399 @@ class Feeds extends Handler_Protected { $lnum = $offset; $num_unread = 0; if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info); - $expand_cdm = get_pref('CDM_EXPANDED'); - - while ($line = $result->fetch()) { - - ++$headlines_count; - - $line["content_preview"] = "— " . truncate_string(strip_tags($line["content"]), 250); - - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { - $line = $p->hook_query_headlines($line, 250, false); - } - - if (get_pref('SHOW_CONTENT_PREVIEW')) { - $content_preview = $line["content_preview"]; - } - - $id = $line["id"]; - $feed_id = $line["feed_id"]; - $label_cache = $line["label_cache"]; - $labels = false; - - if ($label_cache) { - $label_cache = json_decode($label_cache, true); - - if ($label_cache) { - if ($label_cache["no-labels"] == 1) - $labels = array(); - else - $labels = $label_cache; - } - } - - if (!is_array($labels)) $labels = Article::get_article_labels($id); - - $labels_str = ""; - $labels_str .= Article::format_article_labels($labels); - $labels_str .= ""; - - if (count($topmost_article_ids) < 3) { - array_push($topmost_article_ids, $id); - } - - $class = ""; - - if (sql_bool_to_bool($line["unread"])) { - $class .= " Unread"; - ++$num_unread; - } - - if (sql_bool_to_bool($line["marked"])) { - $marked_pic = "\"Unstar"; - $class .= " marked"; - } else { - $marked_pic = "\"Star"; - } - - if (sql_bool_to_bool($line["published"])) { - $published_pic = "\"Unpublish"; - $class .= " published"; - } else { - $published_pic = "\"Publish"; - } - - $updated_fmt = make_local_datetime($line["updated"], false, false, false, true); - $date_entered_fmt = T_sprintf("Imported at %s", - make_local_datetime($line["date_entered"], false)); - - $score = $line["score"]; - - $score_pic = "images/" . get_score_pic($score); - - $score_pic = ""; - if ($score > 500) { - $hlc_suffix = "high"; - } else if ($score < -100) { - $hlc_suffix = "low"; - } else { - $hlc_suffix = ""; - } + if (is_object($result)) { - $entry_author = $line["author"]; + while ($line = $result->fetch()) { - if ($entry_author) { - $entry_author = " — $entry_author"; - } + ++$headlines_count; - $has_feed_icon = feed_has_icon($feed_id); + $line["content_preview"] = "— " . truncate_string(strip_tags($line["content"]), 250); - if ($has_feed_icon) { - $feed_icon_img = "\"\""; - } else { - $feed_icon_img = "\"\""; - } + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) { + $line = $p->hook_query_headlines($line, 250, false); + } - $entry_site_url = $line["site_url"]; + if (get_pref('SHOW_CONTENT_PREVIEW')) { + $content_preview = $line["content_preview"]; + } - //setting feed headline background color, needs to change text color based on dark/light - $fav_color = $line['favicon_avg_color']; + $id = $line["id"]; + $feed_id = $line["feed_id"]; + $label_cache = $line["label_cache"]; + $labels = false; - require_once "colors.php"; + $mouseover_attrs = "onmouseover='postMouseIn(event, $id)' onmouseout='postMouseOut($id)'"; - if ($fav_color && $fav_color != 'fail') { - if (!isset($rgba_cache[$feed_id])) { - $rgba_cache[$feed_id] = join(",", _color_unpack($fav_color)); - } - } + if ($label_cache) { + $label_cache = json_decode($label_cache, true); - if (!get_pref('COMBINED_DISPLAY_MODE')) { + if ($label_cache) { + if ($label_cache["no-labels"] == 1) + $labels = array(); + else + $labels = $label_cache; + } + } - if ($vfeed_group_enabled) { - if ($feed_id != $vgroup_last_feed && $line["feed_title"]) { + if (!is_array($labels)) $labels = Article::get_article_labels($id); - $cur_feed_title = $line["feed_title"]; - $vgroup_last_feed = $feed_id; + $labels_str = ""; + $labels_str .= Article::format_article_labels($labels); + $labels_str .= ""; - $cur_feed_title = htmlspecialchars($cur_feed_title); + if (count($topmost_article_ids) < 3) { + array_push($topmost_article_ids, $id); + } - $vf_catchup_link = "".__('mark feed as read').""; + $class = ""; - $reply['content'] .= "
". - "
$feed_icon_img
". - "". - $line["feed_title"]." - $vf_catchup_link
"; + if ($line["unread"]) { + $class .= " Unread"; + ++$num_unread; + } + + $marked_pic_src = $line["marked"] ? "mark_set.png" : "mark_unset.png"; + $class .= $line["marked"] ? " marked" : ""; + $marked_pic = ""; + + $published_pic_src = $line["published"] ? "pub_set.png" : "pub_unset.png"; + $class .= $line["published"] ? " published" : ""; + $published_pic = ""; + + $updated_fmt = make_local_datetime($line["updated"], false, false, false, true); + $date_entered_fmt = T_sprintf("Imported at %s", + make_local_datetime($line["date_entered"], false)); + + $score = $line["score"]; + + $score_pic = "images/" . get_score_pic($score); + + $score_pic = ""; + + if ($score > 500) { + $hlc_suffix = "high"; + } else if ($score < -100) { + $hlc_suffix = "low"; + } else { + $hlc_suffix = ""; + } + + $entry_author = $line["author"]; + + if ($entry_author) { + $entry_author = " — $entry_author"; + } + + $has_feed_icon = feeds::feedHasIcon($feed_id); + if ($has_feed_icon) { + $feed_icon_img = "\"\""; + } else { + $feed_icon_img = "\"\""; + } + + $entry_site_url = $line["site_url"]; + + //setting feed headline background color, needs to change text color based on dark/light + $fav_color = $line['favicon_avg_color']; + + require_once "colors.php"; + + if ($fav_color && $fav_color != 'fail') { + if (!isset($rgba_cache[$feed_id])) { + $rgba_cache[$feed_id] = join(",", _color_unpack($fav_color)); + } + } - } - } + if (!get_pref('COMBINED_DISPLAY_MODE')) { - $mouseover_attrs = "onmouseover='postMouseIn(event, $id)' - onmouseout='postMouseOut($id)'"; + if ($vfeed_group_enabled) { + if ($feed_id != $vgroup_last_feed && $line["feed_title"]) { - $reply['content'] .= "
"; + $vgroup_last_feed = $feed_id; - $reply['content'] .= "
"; + $vf_catchup_link = "".__('mark feed as read').""; - $reply['content'] .= "$feed_icon_img
". + "". + $line["feed_title"]." + $vf_catchup_link
"; + + + } + } + + $reply['content'] .= "
"; + + $reply['content'] .= "
"; + + $reply['content'] .= ""; - $reply['content'] .= "$marked_pic"; - $reply['content'] .= "$published_pic"; + $reply['content'] .= "$marked_pic"; + $reply['content'] .= "$published_pic"; - $reply['content'] .= "
"; + $reply['content'] .= "
"; - $reply['content'] .= "
"; - $reply['content'] .= "" . - truncate_string($line["title"], 200); + truncate_string($line["title"], 200); - if (get_pref('SHOW_CONTENT_PREVIEW')) { - $reply['content'] .= "" . $line["content_preview"] . ""; - } + if (get_pref('SHOW_CONTENT_PREVIEW')) { + $reply['content'] .= "" . $line["content_preview"] . ""; + } - $reply['content'] .= ""; + $reply['content'] .= ""; - $reply['content'] .= $labels_str; + $reply['content'] .= $labels_str; - $reply['content'] .= "
"; + $reply['content'] .= ""; - if (!$vfeed_group_enabled) { - if (@$line["feed_title"]) { - $rgba = @$rgba_cache[$feed_id]; + if (!$vfeed_group_enabled) { + if (@$line["feed_title"]) { + $rgba = @$rgba_cache[$feed_id]; - $reply['content'] .= "". - truncate_string($line["feed_title"],30).""; - } - } + $reply['content'] .= "". + truncate_string($line["feed_title"],30).""; + } + } - $reply['content'] .= ""; + $reply['content'] .= ""; - $reply['content'] .= "
$updated_fmt
+ $reply['content'] .= "
$updated_fmt
"; - $reply['content'] .= "
"; + $reply['content'] .= "
"; - $reply['content'] .= $score_pic; + $reply['content'] .= $score_pic; - if ($line["feed_title"] && !$vfeed_group_enabled) { + if ($line["feed_title"] && !$vfeed_group_enabled) { - $reply['content'] .= " $feed_icon_img"; - } - - $reply['content'] .= "
"; - $reply['content'] .= "
"; - - } else { + } - if ($line["tag_cache"]) - $tags = explode(",", $line["tag_cache"]); - else - $tags = false; + $reply['content'] .= ""; + $reply['content'] .= ""; - $line["content"] = sanitize($line["content"], - sql_bool_to_bool($line['hide_images']), false, $entry_site_url, $highlight_words, $line["id"]); + } else { - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_CDM) as $p) { - $line = $p->hook_render_article_cdm($line); - } + if ($line["tag_cache"]) + $tags = explode(",", $line["tag_cache"]); + else + $tags = false; - if ($vfeed_group_enabled && $line["feed_title"]) { - if ($feed_id != $vgroup_last_feed) { + $line["content"] = sanitize($line["content"], + $line['hide_images'], false, $entry_site_url, $highlight_words, $line["id"]); - $cur_feed_title = $line["feed_title"]; - $vgroup_last_feed = $feed_id; + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_CDM) as $p) { + $line = $p->hook_render_article_cdm($line); + } - $cur_feed_title = htmlspecialchars($cur_feed_title); + $line['content'] = rewrite_cached_urls($line['content']); - $vf_catchup_link = "".__('mark feed as read').""; + if ($vfeed_group_enabled && $line["feed_title"]) { + if ($feed_id != $vgroup_last_feed) { - $has_feed_icon = feed_has_icon($feed_id); + $vgroup_last_feed = $feed_id; - if ($has_feed_icon) { - $feed_icon_img = "\"\""; - } else { - //$feed_icon_img = "\"\""; - } + $vf_catchup_link = "".__('mark feed as read').""; - $reply['content'] .= "
". - "
$feed_icon_img
". - "". - $line["feed_title"]." $vf_catchup_link
"; + $feed_icon_src = Feeds::getFeedIcon($feed_id); + $feed_icon_img = ""; - } - } + $reply['content'] .= "
". + "
$feed_icon_img
". + "". + $line["feed_title"]." $vf_catchup_link
"; - $mouseover_attrs = "onmouseover='postMouseIn(event, $id)' - onmouseout='postMouseOut($id)'"; + } + } - $expanded_class = $expand_cdm ? "expanded" : "expandable"; + $content_encoded = htmlspecialchars($line["content"]); - $tmp_content = "
"; + $tmp_content = "
"; - $tmp_content .= "
"; - $tmp_content .= "
"; + $tmp_content .= "
"; + $tmp_content .= "
"; - $tmp_content .= ""; - $tmp_content .= "$marked_pic"; - $tmp_content .= "$published_pic"; + $tmp_content .= "$marked_pic"; + $tmp_content .= "$published_pic"; + + $tmp_content .= "
"; - $tmp_content .= "
"; + if ($highlight_words && count($highlight_words) > 0) { + foreach ($highlight_words as $word) { + $word = preg_quote($word, "/"); - if ($highlight_words && count($highlight_words > 0)) { - foreach ($highlight_words as $word) { - $line["title"] = preg_replace("/(\Q$word\E)/i", - "$1", $line["title"]); - } - } + $line["title"] = preg_replace("/($word)/i", + "$1", $line["title"]); + } + } - // data-article-id included for context menu - $tmp_content .= " + class=\"titleWrap hlMenuAttach $hlc_suffix\"> ". - $line["title"] . - " $entry_author"; - - $tmp_content .= $labels_str; - - $tmp_content .= ""; + htmlspecialchars($line["link"])."\">". + $line["title"] . + " $entry_author"; - if (!$expand_cdm) - $content_hidden = "style=\"display : none\""; - else - $excerpt_hidden = "style=\"display : none\""; + $tmp_content .= $labels_str; - $tmp_content .= "" . $content_preview . ""; + $tmp_content .= ""; - $tmp_content .= ""; + if (!$vfeed_group_enabled) { + if (@$line["feed_title"]) { + $rgba = @$rgba_cache[$feed_id]; - if (!$vfeed_group_enabled) { - if (@$line["feed_title"]) { - $rgba = @$rgba_cache[$feed_id]; - - $tmp_content .= "
+ $tmp_content .= "
". - truncate_string($line["feed_title"],30)." + truncate_string($line["feed_title"],30)."
"; - } - } + } + } - $tmp_content .= "$updated_fmt"; + $tmp_content .= "$updated_fmt"; - $tmp_content .= "
"; - $tmp_content .= "$score_pic"; + $tmp_content .= "
"; + $tmp_content .= "$score_pic"; - if (!get_pref("VFEED_GROUP_BY_FEED") && $line["feed_title"]) { - $tmp_content .= "$feed_icon_img"; - } - $tmp_content .= "
"; //scoreWrap + } + $tmp_content .= "
"; //scoreWrap - $tmp_content .= "
"; //cdmHeader + $tmp_content .= "
"; //cdmHeader - $tmp_content .= "
"; + $tmp_content .= "
"; - $tmp_content .= "
"; - if ($line['note']) { - $tmp_content .= Article::format_article_note($id, $line['note']); - } - $tmp_content .= "
"; //POSTNOTE + $tmp_content .= "
"; + if ($line['note']) { + $tmp_content .= Article::format_article_note($id, $line['note']); + } + $tmp_content .= "
"; //POSTNOTE - if (!$line['lang']) $line['lang'] = 'en'; + if (!$line['lang']) $line['lang'] = 'en'; - $tmp_content .= "
"; + // this is filled from RROW data-content + $tmp_content .= "
"; - if ($line["orig_feed_id"]) { + if ($line["orig_feed_id"]) { - $ofgh = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds + $ofgh = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds WHERE id = ? AND owner_uid = ?"); - $ofgh->execute([$line["orig_feed_id"], $_SESSION['uid']]); + $ofgh->execute([$line["orig_feed_id"], $_SESSION['uid']]); - if ($tmp_line = $ofgh->fetch()) { + if ($tmp_line = $ofgh->fetch()) { - $tmp_content .= "
"; - $tmp_content .= __("Originally from:"); + $tmp_content .= "
"; + $tmp_content .= __("Originally from:"); - $tmp_content .= " "; + $tmp_content .= " "; - $tmp_content .= "" . - $tmp_line['title'] . ""; - - $tmp_content .= " "; + $tmp_line['title'] . ""; - $tmp_content .= ""; - $tmp_content .= ""; + $tmp_content .= " "; - $tmp_content .= "
"; - } - } + $tmp_content .= ""; + $tmp_content .= ""; - $tmp_content .= ""; - $tmp_content .= ""; - $tmp_content .= htmlspecialchars($line["content"]); - $tmp_content .= ""; - $tmp_content .= ""; - - $tmp_content .= "
"; //cdmContentInner + $tmp_content .= "
"; + } + } - $tmp_content .= "
"; + $tmp_content .= "
"; //cdmContentInner + $tmp_content .= "
"; - $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]); - $tmp_content .= Article::format_article_enclosures($id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"])); + $always_display_enclosures = $line["always_display_enclosures"]; + $tmp_content .= Article::format_article_enclosures($id, $always_display_enclosures, + $line["content"], $line["hide_images"]); - $tmp_content .= "
"; // cdmIntermediate + $tmp_content .= "
"; // cdmIntermediate - $tmp_content .= "
"; + $tmp_content .= "
"; - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_LEFT_BUTTON) as $p) { - $tmp_content .= $p->hook_article_left_button($line); - } + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_LEFT_BUTTON) as $p) { + $tmp_content .= $p->hook_article_left_button($line); + } - $tags_str = Article::format_tags_string($tags, $id); + $tags_str = Article::format_tags_string($tags, $id); - $tmp_content .= ""; + $tmp_content .= ""; - $tmp_content .= "Tags + $tmp_content .= "Tags $tags_str (+)"; - $num_comments = (int) $line["num_comments"]; - $entry_comments = ""; + $num_comments = (int) $line["num_comments"]; + $entry_comments = ""; - if ($num_comments > 0) { - if ($line["comments"]) { - $comments_url = htmlspecialchars($line["comments"]); - } else { - $comments_url = htmlspecialchars($line["link"]); - } - $entry_comments = " 0) { + if ($line["comments"]) { + $comments_url = htmlspecialchars($line["comments"]); + } else { + $comments_url = htmlspecialchars($line["link"]); + } + $entry_comments = "$num_comments ". - _ngettext("comment", "comments", $num_comments).""; + _ngettext("comment", "comments", $num_comments).""; - } else { - if ($line["comments"] && $line["link"] != $line["comments"]) { - $entry_comments = "".__("comments").""; - } - } + } else { + if ($line["comments"] && $line["link"] != $line["comments"]) { + $entry_comments = "".__("comments").""; + } + } - if ($entry_comments) $tmp_content .= " ($entry_comments)"; + if ($entry_comments) $tmp_content .= " ($entry_comments)"; - $tmp_content .= ""; - $tmp_content .= "
"; + $tmp_content .= ""; + $tmp_content .= "
"; - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_BUTTON) as $p) { - $tmp_content .= $p->hook_article_button($line); - } + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_BUTTON) as $p) { + $tmp_content .= $p->hook_article_button($line); + } - $tmp_content .= "
"; // buttons + $tmp_content .= "
"; // buttons - $tmp_content .= "
"; // cdmFooter - $tmp_content .= "
"; // cdmContent - $tmp_content .= "
"; // RROW.cdm + $tmp_content .= "
"; // cdmFooter + $tmp_content .= "
"; // cdmContent + $tmp_content .= "
"; // RROW.cdm - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FORMAT_ARTICLE_CDM) as $p) { - $tmp_content = $p->hook_format_article_cdm($tmp_content, $line); - } + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FORMAT_ARTICLE_CDM) as $p) { + $tmp_content = $p->hook_format_article_cdm($tmp_content, $line); + } - $reply['content'] .= $tmp_content; - } + $reply['content'] .= $tmp_content; + } - ++$lnum; + ++$lnum; + } } if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PE", $timing_info); @@ -833,16 +751,16 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - $feed = db_escape_string($_REQUEST["feed"]); - $method = db_escape_string($_REQUEST["m"]); - $view_mode = db_escape_string($_REQUEST["view_mode"]); + $feed = $_REQUEST["feed"]; + $method = $_REQUEST["m"]; + $view_mode = $_REQUEST["view_mode"]; $limit = 30; @$cat_view = $_REQUEST["cat"] == "true"; - @$next_unread_feed = db_escape_string($_REQUEST["nuf"]); - @$offset = db_escape_string($_REQUEST["skip"]); - @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); - $order_by = db_escape_string($_REQUEST["order_by"]); - $check_first_id = db_escape_string($_REQUEST["fid"]); + @$next_unread_feed = $_REQUEST["nuf"]; + @$offset = $_REQUEST["skip"]; + @$vgroup_last_feed = $_REQUEST["vgrlf"]; + $order_by = $_REQUEST["order_by"]; + $check_first_id = $_REQUEST["fid"]; if (is_numeric($feed)) $feed = (int) $feed; @@ -1023,6 +941,8 @@ class Feeds extends Handler_Protected { } function quickAddFeed() { + print "
"; + print_hidden("op", "rpc"); print_hidden("method", "addfeed"); @@ -1087,10 +1007,8 @@ class Feeds extends Handler_Protected {
"; - print ""; - print "
- "; + "; if (!(defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER)) { print ""; @@ -1099,13 +1017,15 @@ class Feeds extends Handler_Protected { print "
"; + print ""; + //return; } function feedBrowser() { if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; - $browser_search = db_escape_string($_REQUEST["search"]); + $browser_search = $_REQUEST["search"]; print_hidden("op", "rpc"); print_hidden("method", "updateFeedBrowser"); @@ -1151,11 +1071,13 @@ class Feeds extends Handler_Protected { } function search() { - $this->params = explode(":", db_escape_string($_REQUEST["param"]), 2); + $this->params = explode(":", $_REQUEST["param"], 2); $active_feed_id = sprintf("%d", $this->params[0]); $is_cat = $this->params[1] != "false"; + print "
"; + print "
".__('Look for')."
"; print "
"; @@ -1182,28 +1104,41 @@ class Feeds extends Handler_Protected {
"; } - print " + print " "; + + print "
"; } function update_debugger() { header("Content-type: text/html"); + Debug::set_enabled(true); + Debug::set_loglevel($_REQUEST["xdebug"]); + $feed_id = (int)$_REQUEST["feed_id"]; @$do_update = $_REQUEST["action"] == "do_update"; $csrf_token = $_REQUEST["csrf_token"]; + $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); + $sth->execute([$feed_id, $_SESSION['uid']]); + + if (!$sth->fetch()) { + print "Access denied."; + return; + } + $refetch_checked = isset($_REQUEST["force_refetch"]) ? "checked" : ""; $rehash_checked = isset($_REQUEST["force_rehash"]) ? "checked" : ""; ?> - + Feed Debugger - +

Feed Debugger: getFeedTitle($feed_id) ?>

@@ -1278,6 +1213,7 @@ class Feeds extends Handler_Protected { if ($feed > 0) { $children = Feeds::getChildCategories($feed, $owner_uid); array_push($children, $feed); + $children = array_map("intval", $children); $children = join(",", $children); @@ -1444,7 +1380,7 @@ class Feeds extends Handler_Protected { } else if ($n_feed >= 0) { if ($n_feed != 0) { - $match_part = "feed_id = '$n_feed'"; + $match_part = "feed_id = " . (int)$n_feed; } else { $match_part = "feed_id IS NULL"; } @@ -1515,6 +1451,10 @@ class Feeds extends Handler_Protected { $contents = @fetch_file_contents($url, false, $auth_login, $auth_pass); + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SUBSCRIBE_FEED) as $plugin) { + $contents = $plugin->hook_subscribe_feed($contents, $url, $auth_login, $auth_pass); + } + if (!$contents) { if (preg_match("/cloudflare\.com/", $fetch_last_error_content)) { $fetch_last_error .= " (feed behind Cloudflare)"; @@ -1523,10 +1463,6 @@ class Feeds extends Handler_Protected { return array("code" => 5, "message" => $fetch_last_error); } - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_SUBSCRIBE_FEED) as $plugin) { - $contents = $plugin->hook_subscribe_feed($contents, $url, $auth_login, $auth_pass); - } - if (is_html($contents)) { $feedUrls = get_feeds_from_html($url, $contents); @@ -1539,13 +1475,7 @@ class Feeds extends Handler_Protected { $url = key($feedUrls); } - if ($cat_id == "0" || !$cat_id) { - $cat_qpart = "NULL"; - } else { - $cat_qpart = "'$cat_id'"; - } - - if (!(int)$cat_id) $cat_id = null; + if (!$cat_id) $cat_id = null; $sth = $pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ? AND owner_uid = ?"); @@ -1559,7 +1489,7 @@ class Feeds extends Handler_Protected { (owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method,auth_pass_encrypted) VALUES (?, ?, ?, ?, ?, ?, 0, false)"); - $sth->execute([$_SESSION['uid'], $url, "[Unknown]", $cat_id, $auth_login, $auth_pass]); + $sth->execute([$_SESSION['uid'], $url, "[Unknown]", $cat_id, (string)$auth_login, (string)$auth_pass]); $sth = $pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ? AND owner_uid = ?"); @@ -1577,6 +1507,14 @@ class Feeds extends Handler_Protected { } } + static function getIconFile($feed_id) { + return ICONS_DIR . "/$feed_id.ico"; + } + + static function feedHasIcon($id) { + return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0; + } + static function getFeedIcon($id) { switch ($id) { case 0: @@ -1601,8 +1539,11 @@ class Feeds extends Handler_Protected { if ($id < LABEL_BASE_INDEX) { return "images/label.png"; } else { - if (file_exists(ICONS_DIR . "/$id.ico")) - return ICONS_URL . "/$id.ico"; + $icon = self::getIconFile($id); + + if ($icon && file_exists($icon)) { + return ICONS_URL . "/" . basename($icon) . "?" . filemtime($icon); + } } break; } @@ -1668,13 +1609,13 @@ class Feeds extends Handler_Protected { $sth = $pdo->prepare("SELECT id FROM ttrss_feeds WHERE (cat_id = :cat OR (:cat IS NULL AND cat_id IS NULL)) - AND owner_uid = ?"); + AND owner_uid = :uid"); $sth->execute([":cat" => $cat, ":uid" => $owner_uid]); $cat_feeds = array(); while ($line = $sth->fetch()) { - array_push($cat_feeds, "feed_id = " . $line["id"]); + array_push($cat_feeds, "feed_id = " . (int)$line["id"]); } if (count($cat_feeds) == 0) return 0; @@ -1829,7 +1770,7 @@ class Feeds extends Handler_Protected { } if ($since_id) { - $since_id_part = "ttrss_entries.id > $since_id AND "; + $since_id_part = "ttrss_entries.id > ".$pdo->quote($since_id)." AND "; } else { $since_id_part = ""; } @@ -1869,7 +1810,7 @@ class Feeds extends Handler_Protected { } if ($limit > 0) { - $limit_query_part = "LIMIT " . $limit; + $limit_query_part = "LIMIT " . (int)$limit; } $allow_archived = false; @@ -1889,13 +1830,14 @@ class Feeds extends Handler_Protected { if ($include_children) { # sub-cats $subcats = Feeds::getChildCategories($feed, $owner_uid); - array_push($subcats, $feed); + $subcats = array_map("intval", $subcats); + $query_strategy_part = "cat_id IN (". implode(",", $subcats).")"; } else { - $query_strategy_part = "cat_id = '$feed'"; + $query_strategy_part = "cat_id = " . $pdo->quote($feed); } } else { @@ -1905,7 +1847,7 @@ class Feeds extends Handler_Protected { $vfeed_query_part = "ttrss_feeds.title AS feed_title,"; } else { - $query_strategy_part = "feed_id = '$feed'"; + $query_strategy_part = "feed_id = " . $pdo->quote($feed); } } else if ($feed == 0 && !$cat_view) { // archive virtual feed $query_strategy_part = "feed_id IS NULL"; @@ -1960,7 +1902,7 @@ class Feeds extends Handler_Protected { } else if ($feed == -3) { // fresh virtual feed $query_strategy_part = "unread = true AND score >= 0"; - $intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid); + $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid); if (DB_TYPE == "pgsql") { $query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' "; @@ -1976,7 +1918,7 @@ class Feeds extends Handler_Protected { } else if ($feed <= LABEL_BASE_INDEX) { // labels $label_id = Labels::feed_to_label_id($feed); - $query_strategy_part = "label_id = '$label_id' AND + $query_strategy_part = "label_id = ".$pdo->quote($label_id)." AND ttrss_labels2.id = ttrss_user_labels2.label_id AND ttrss_user_labels2.article_id = ref_id"; @@ -2027,7 +1969,7 @@ class Feeds extends Handler_Protected { $content_query_part = "content, "; if ($limit_query_part) { - $offset_query_part = "OFFSET $offset"; + $offset_query_part = "OFFSET " . (int)$offset; } else { $offset_query_part = ""; } @@ -2036,9 +1978,9 @@ class Feeds extends Handler_Protected { // proper override_order applied above if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) { if (!$override_order) { - $order_by = "ttrss_feeds.title, $order_by"; + $order_by = "ttrss_feeds.title, ".$order_by; } else { - $order_by = "ttrss_feeds.title, $override_order"; + $order_by = "ttrss_feeds.title, ".$override_order; } } @@ -2091,16 +2033,16 @@ class Feeds extends Handler_Protected { $from_qpart WHERE $feed_check_qpart - ttrss_user_entries.owner_uid = '$owner_uid' AND + ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND $search_query_part $start_ts_query_part $since_id_part $sanity_interval_qpart $first_id_query_strategy_part ORDER BY $order_by LIMIT 1"; - if ($_REQUEST["debug"]) { + /*if ($_REQUEST["debug"]) { print $query; - } + }*/ $res = $pdo->query($query); @@ -2138,7 +2080,7 @@ class Feeds extends Handler_Protected { $from_qpart WHERE $feed_check_qpart - ttrss_user_entries.owner_uid = '$owner_uid' AND + ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND $search_query_part $start_ts_query_part $view_query_part @@ -2146,7 +2088,7 @@ class Feeds extends Handler_Protected { $query_strategy_part ORDER BY $order_by $limit_query_part $offset_query_part"; - if ($_REQUEST["debug"]) print $query; + //if ($_REQUEST["debug"]) print $query; $res = $pdo->query($query); @@ -2182,9 +2124,9 @@ class Feeds extends Handler_Protected { FROM ttrss_entries, ttrss_user_entries, ttrss_tags WHERE ref_id = ttrss_entries.id AND - ttrss_user_entries.owner_uid = $owner_uid AND + ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND post_int_id = int_id AND - tag_name = '$feed' AND + tag_name = ".$pdo->quote($feed)." AND $view_query_part $search_query_part $query_strategy_part ORDER BY $order_by