X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Ffeeds.php;h=8249f756a75726cb46d2b71a4389e1b9cd4adf23;hb=81fc862e370a1dfbd3941206fd00076e3cbf0551;hp=5b7e52ac094aa633f8776063bf1081a02b7797f8;hpb=5f5b0de423196c4f752f001bb7f39df4e6122694;p=tt-rss.git diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 5b7e52ac..8249f756 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -17,8 +17,8 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = $_REQUEST['title']; - $id = $_REQUEST['id']; + $title = clean($_REQUEST['title']); + $id = clean($_REQUEST['id']); if ($title) { $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET @@ -29,14 +29,14 @@ class Pref_Feeds extends Handler_Protected { private function get_category_items($cat_id) { - if ($_REQUEST['mode'] != 2) + if (clean($_REQUEST['mode']) != 2) $search = $_SESSION["prefs_feed_search"]; else $search = ""; // first one is set by API - $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search); + $show_empty_cats = clean($_REQUEST['force_show_empty']) || + (clean($_REQUEST['mode']) != 2 && !$search); $items = array(); @@ -69,9 +69,9 @@ class Pref_Feeds extends Handler_Protected { } $fsth = $this->pdo->prepare("SELECT id, title, last_error, - ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated + ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval FROM ttrss_feeds - WHERE cat_id = :cat AND + WHERE cat_id = :cat AND owner_uid = :uid AND (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search)) ORDER BY order_id, title"); @@ -90,6 +90,7 @@ class Pref_Feeds extends Handler_Protected { $feed['icon'] = Feeds::getFeedIcon($feed_line['id']); $feed['param'] = make_local_datetime( $feed_line['last_updated'], true); + $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0); array_push($items, $feed); } @@ -103,7 +104,7 @@ class Pref_Feeds extends Handler_Protected { function makefeedtree() { - if ($_REQUEST['mode'] != 2) + if (clean($_REQUEST['mode']) != 2) $search = $_SESSION["prefs_feed_search"]; else $search = ""; @@ -116,7 +117,7 @@ class Pref_Feeds extends Handler_Protected { $enable_cats = get_pref('ENABLE_FEED_CATS'); - if ($_REQUEST['mode'] == 2) { + if (clean($_REQUEST['mode']) == 2) { if ($enable_cats) { $cat = $this->feedlist_init_cat(-1); @@ -193,8 +194,8 @@ class Pref_Feeds extends Handler_Protected { } if ($enable_cats) { - $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search); + $show_empty_cats = clean($_REQUEST['force_show_empty']) || + (clean($_REQUEST['mode']) != 2 && !$search); $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title"); @@ -237,9 +238,9 @@ class Pref_Feeds extends Handler_Protected { $cat['child_unread'] = 0; $fsth = $this->pdo->prepare("SELECT id, title,last_error, - ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated + ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval FROM ttrss_feeds - WHERE cat_id IS NULL AND + WHERE cat_id IS NULL AND owner_uid = :uid AND (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search)) ORDER BY order_id, title"); @@ -258,6 +259,7 @@ class Pref_Feeds extends Handler_Protected { $feed_line['last_updated'], true); $feed['unread'] = 0; $feed['type'] = 'feed'; + $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0); array_push($cat['items'], $feed); } @@ -272,7 +274,7 @@ class Pref_Feeds extends Handler_Protected { } else { $fsth = $this->pdo->prepare("SELECT id, title, last_error, - ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated + ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval FROM ttrss_feeds WHERE owner_uid = :uid AND (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search)) @@ -292,6 +294,7 @@ class Pref_Feeds extends Handler_Protected { $feed_line['last_updated'], true); $feed['unread'] = 0; $feed['type'] = 'feed'; + $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0); array_push($root['items'], $feed); } @@ -303,7 +306,7 @@ class Pref_Feeds extends Handler_Protected { $fl['identifier'] = 'id'; $fl['label'] = 'name'; - if ($_REQUEST['mode'] != 2) { + if (clean($_REQUEST['mode']) != 2) { $fl['items'] = array($root); } else { $fl['items'] = $root['items']; @@ -325,13 +328,12 @@ class Pref_Feeds extends Handler_Protected { } private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) { - $debug = isset($_REQUEST["debug"]); $prefix = ""; for ($i = 0; $i < $nest_level; $i++) $prefix .= " "; - if ($debug) _debug("$prefix C: $item_id P: $parent_id"); + Debug::log("$prefix C: $item_id P: $parent_id"); $bare_item_id = substr($item_id, strpos($item_id, ':')+1); @@ -358,7 +360,7 @@ class Pref_Feeds extends Handler_Protected { $id = $item['_reference']; $bare_id = substr($id, strpos($id, ':')+1); - if ($debug) _debug("$prefix [$order_id] $id/$bare_id"); + Debug::log("$prefix [$order_id] $id/$bare_id"); if ($item['_reference']) { @@ -391,7 +393,7 @@ class Pref_Feeds extends Handler_Protected { function savefeedorder() { $data = json_decode($_POST['payload'], true); - #file_put_contents("/tmp/saveorder.json", $_POST['payload']); + #file_put_contents("/tmp/saveorder.json", clean($_POST['payload'])); #$data = json_decode(file_get_contents("/tmp/saveorder.json"), true); if (!is_array($data['items'])) @@ -425,7 +427,7 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = $_REQUEST["feed_id"]; + $feed_id = clean($_REQUEST["feed_id"]); $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); @@ -457,7 +459,7 @@ class Pref_Feeds extends Handler_Protected { } $icon_file = $tmp_file; - $feed_id = $_REQUEST["feed_id"]; + $feed_id = clean($_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 65535) { @@ -500,7 +502,7 @@ class Pref_Feeds extends Handler_Protected { global $update_intervals; - $feed_id = $_REQUEST["id"]; + $feed_id = clean($_REQUEST["id"]); $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND owner_uid = ?"); @@ -510,8 +512,6 @@ class Pref_Feeds extends Handler_Protected { print '
'; - $auth_pass_encrypted = $row["auth_pass_encrypted"]; - $title = htmlspecialchars($row["title"]); print_hidden("id", "$feed_id"); @@ -562,6 +562,18 @@ class Pref_Feeds extends Handler_Protected { 'dojoType="dijit.form.Select"'); } + /* Site URL */ + + $site_url = htmlspecialchars($row["site_url"]); + + print "
"; + + print __('Site URL:') . " "; + print ""; + /* FTS Stemming Language */ if (DB_TYPE == "pgsql") { @@ -600,14 +612,8 @@ class Pref_Feeds extends Handler_Protected { print "
"; $auth_login = htmlspecialchars($row["auth_login"]); - $auth_pass = $row["auth_pass"]; - - if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { - require_once "crypt.php"; - $auth_pass = decrypt_string($auth_pass); - } + $auth_pass = htmlspecialchars($row["auth_pass"]); - $auth_pass = htmlspecialchars($auth_pass); $auth_enabled = $auth_login !== '' || $auth_pass !== ''; $auth_style = $auth_enabled ? '' : 'display: none'; @@ -620,7 +626,6 @@ class Pref_Feeds extends Handler_Protected { autocomplete=\"new-password\" name=\"auth_login\" value=\"$auth_login\">
"; - print " "; + if (DIGEST_SUBJECT !== false) { $include_in_digest = $row["include_in_digest"]; if ($include_in_digest) { @@ -666,6 +672,7 @@ class Pref_Feeds extends Handler_Protected { print "
 "; + } $always_display_enclosures = $row["always_display_enclosures"]; @@ -691,7 +698,7 @@ class Pref_Feeds extends Handler_Protected { print "
 "; + __('Do not embed media').""; $cache_images = $row["cache_images"]; @@ -739,10 +746,10 @@ class Pref_Feeds extends Handler_Protected { - + - "; @@ -760,7 +767,7 @@ class Pref_Feeds extends Handler_Protected { print "
- "; print "
"; @@ -775,7 +782,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_ids = $_REQUEST["ids"]; + $feed_ids = clean($_REQUEST["ids"]); print_notice("Enable the options you wish to apply using checkboxes on the right:"); @@ -882,7 +889,7 @@ class Pref_Feeds extends Handler_Protected { name=\"hide_images\" dojoType=\"dijit.form.CheckBox\"> "; + __('Do not embed media').""; print " "; $this->batch_edit_cbox("hide_images", "hide_images_l"); @@ -924,47 +931,48 @@ class Pref_Feeds extends Handler_Protected { function editsaveops($batch) { - $feed_title = trim($_POST["title"]); - $feed_url = trim($_POST["feed_url"]); - $upd_intl = (int) $_POST["update_interval"]; - $purge_intl = (int) $_POST["purge_interval"]; - $feed_id = (int) $_POST["id"]; /* editSave */ - $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */ - $cat_id = (int) $_POST["cat_id"]; - $auth_login = trim($_POST["auth_login"]); - $auth_pass = trim($_POST["auth_pass"]); - $private = checkbox_to_sql_bool($_POST["private"]); + $feed_title = trim(clean($_POST["title"])); + $feed_url = trim(clean($_POST["feed_url"])); + $site_url = trim(clean($_POST["site_url"])); + $upd_intl = (int) clean($_POST["update_interval"]); + $purge_intl = (int) clean($_POST["purge_interval"]); + $feed_id = (int) clean($_POST["id"]); /* editSave */ + $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */ + $cat_id = (int) clean($_POST["cat_id"]); + $auth_login = trim(clean($_POST["auth_login"])); + $auth_pass = trim(clean($_POST["auth_pass"])); + $private = checkbox_to_sql_bool(clean($_POST["private"])); $include_in_digest = checkbox_to_sql_bool( - $_POST["include_in_digest"]); + clean($_POST["include_in_digest"])); $cache_images = checkbox_to_sql_bool( - $_POST["cache_images"]); + clean($_POST["cache_images"])); $hide_images = checkbox_to_sql_bool( - $_POST["hide_images"]); + clean($_POST["hide_images"])); $always_display_enclosures = checkbox_to_sql_bool( - $_POST["always_display_enclosures"]); + clean($_POST["always_display_enclosures"])); $mark_unread_on_update = checkbox_to_sql_bool( - $_POST["mark_unread_on_update"]); + clean($_POST["mark_unread_on_update"])); - $feed_language = trim($_POST["feed_language"]); + $feed_language = trim(clean($_POST["feed_language"])); if (!$batch) { - if ($_POST["need_auth"] !== 'on') { + if (clean($_POST["need_auth"]) !== 'on') { $auth_login = ''; $auth_pass = ''; } - $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?"); + /* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?"); $sth->execute([$feed_id]); - $row = $sth->fetch(); - $orig_feed_url = $row["feed_url"]; + $row = $sth->fetch();$orig_feed_url = $row["feed_url"]; - $reset_basic_info = $orig_feed_url != $feed_url; + $reset_basic_info = $orig_feed_url != $feed_url; */ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET cat_id = :cat_id, - title = :title, + title = :title, feed_url = :feed_url, + site_url = :site_url, update_interval = :upd_intl, purge_interval = :purge_intl, auth_login = :auth_login, @@ -982,6 +990,7 @@ class Pref_Feeds extends Handler_Protected { $sth->execute([":title" => $feed_title, ":cat_id" => $cat_id ? $cat_id : null, ":feed_url" => $feed_url, + ":site_url" => $site_url, ":upd_intl" => $upd_intl, ":purge_intl" => $purge_intl, ":auth_login" => $auth_login, @@ -996,9 +1005,9 @@ class Pref_Feeds extends Handler_Protected { ":id" => $feed_id, ":uid" => $_SESSION['uid']]); - if ($reset_basic_info) { +/* if ($reset_basic_info) { RSSUtils::set_basic_feed_info($feed_id); - } + } */ PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_SAVE_FEED, "hook_prefs_save_feed", $feed_id); @@ -1008,7 +1017,7 @@ class Pref_Feeds extends Handler_Protected { foreach (array_keys($_POST) as $k) { if ($k != "op" && $k != "method" && $k != "ids") { - $feed_data[$k] = $_POST[$k]; + $feed_data[$k] = clean($_POST[$k]); } } @@ -1102,7 +1111,7 @@ class Pref_Feeds extends Handler_Protected { function remove() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { Pref_Feeds::remove_feed($id, $_SESSION["uid"]); @@ -1112,14 +1121,14 @@ class Pref_Feeds extends Handler_Protected { } function removeCat() { - $ids = explode(",", $_REQUEST["ids"]); + $ids = explode(",", clean($_REQUEST["ids"])); foreach ($ids as $id) { $this->remove_feed_category($id, $_SESSION["uid"]); } } function addCat() { - $feed_cat = trim($_REQUEST["cat"]); + $feed_cat = trim(clean($_REQUEST["cat"])); add_feed_category($feed_cat); } @@ -1152,7 +1161,7 @@ class Pref_Feeds extends Handler_Protected { onclick=\"showInactiveFeeds()\">" . __("Inactive feeds") . ""; - $feed_search = $_REQUEST["search"]; + $feed_search = clean($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; @@ -1212,24 +1221,6 @@ class Pref_Feeds extends Handler_Protected { print $error_button; print $inactive_button; - if (defined('_ENABLE_FEED_DEBUGGING')) { - - print ""; - - } - print "
"; # toolbar //print '
'; @@ -1239,6 +1230,8 @@ class Pref_Feeds extends Handler_Protected { ". __("Loading, please wait...").""; + $auto_expand = $feed_search != "" ? "true" : "false"; + print "
@@ -1249,7 +1242,7 @@ class Pref_Feeds extends Handler_Protected {