X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Ffeeds.php;h=ca6fffde08cce40fc2124499aed4cf46d06150e2;hb=bf4a79eaa9d207f71cf09abd8d5eb83f903b5a2b;hp=a86a1af94b369a81b05faa9b54db8b83d18faa16;hpb=f594717d18a89c189559d6da72253e769bce2656;p=tt-rss.git diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index a86a1af9..ca6fffde 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -17,12 +17,13 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = $this->dbh->escape_string($_REQUEST['title']); - $id = $this->dbh->escape_string($_REQUEST['id']); + $title = $_REQUEST['title']; + $id = $_REQUEST['id']; if ($title) { - $this->dbh->query("UPDATE ttrss_feed_categories SET - title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET + title = ? WHERE id = ? AND owner_uid = ?"); + $sth->execute([$title, $id, $_SESSION['uid']]); } return; } @@ -34,18 +35,17 @@ class Pref_Feeds extends Handler_Protected { else $search = ""; - if ($search) $search_qpart = " AND (LOWER(title) LIKE LOWER('%$search%') OR LOWER(feed_url) LIKE LOWER('%$search%'))"; - // first one is set by API $show_empty_cats = $_REQUEST['force_show_empty'] || ($_REQUEST['mode'] != 2 && !$search); $items = array(); - $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories - WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title"); + $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories + WHERE owner_uid = ? AND parent_cat = ? ORDER BY order_id, title"); + $sth->execute([$_SESSION['uid'], $cat_id]); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { $cat = array(); $cat['id'] = 'CAT:' . $line['id']; @@ -69,13 +69,17 @@ class Pref_Feeds extends Handler_Protected { } - $feed_result = $this->dbh->query("SELECT id, title, last_error, + $fsth = $this->pdo->prepare("SELECT id, title, last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds - WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"]. - "$search_qpart ORDER BY order_id, title"); + WHERE cat_id = :cat AND + owner_uid = :uid AND + (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search)) + ORDER BY order_id, title"); + + $fsth->execute([":cat" => $cat_id, ":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]); - while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { + while ($feed_line = $fsth->fetch()) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -158,10 +162,10 @@ class Pref_Feeds extends Handler_Protected { $root['items'] = array_merge($root['items'], $cat['items']); } - $result = $this->dbh->query("SELECT * FROM + $result = db_query("SELECT * FROM ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption"); - if ($this->dbh->num_rows($result) > 0) { + if (db_num_rows($result) > 0) { if (get_pref('ENABLE_FEED_CATS')) { $cat = $this->feedlist_init_cat(-2); @@ -169,7 +173,7 @@ class Pref_Feeds extends Handler_Protected { $cat['items'] = array(); } - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = db_fetch_assoc($result)) { $label_id = Labels::label_to_feed_id($line['id']); @@ -193,10 +197,10 @@ class Pref_Feeds extends Handler_Protected { $show_empty_cats = $_REQUEST['force_show_empty'] || ($_REQUEST['mode'] != 2 && !$search); - $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories + $result = db_query("SELECT id, title FROM ttrss_feed_categories WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title"); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = db_fetch_assoc($result)) { $cat = array(); $cat['id'] = 'CAT:' . $line['id']; $cat['bare_id'] = (int)$line['id']; @@ -232,13 +236,13 @@ class Pref_Feeds extends Handler_Protected { $cat['unread'] = 0; $cat['child_unread'] = 0; - $feed_result = $this->dbh->query("SELECT id, title,last_error, + $feed_result = db_query("SELECT id, title,last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"]. "$search_qpart ORDER BY order_id, title"); - while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { + while ($feed_line = db_fetch_assoc($feed_result)) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -264,13 +268,13 @@ class Pref_Feeds extends Handler_Protected { $root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children); } else { - $feed_result = $this->dbh->query("SELECT id, title, last_error, + $feed_result = db_query("SELECT id, title, last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]. "$search_qpart ORDER BY order_id, title"); - while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { + while ($feed_line = db_fetch_assoc($feed_result)) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -304,13 +308,13 @@ class Pref_Feeds extends Handler_Protected { } function catsortreset() { - $this->dbh->query("UPDATE ttrss_feed_categories + db_query("UPDATE ttrss_feed_categories SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); return; } function feedsortreset() { - $this->dbh->query("UPDATE ttrss_feeds + db_query("UPDATE ttrss_feeds SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); return; } @@ -324,17 +328,17 @@ class Pref_Feeds extends Handler_Protected { if ($debug) _debug("$prefix C: $item_id P: $parent_id"); - $bare_item_id = $this->dbh->escape_string(substr($item_id, strpos($item_id, ':')+1)); + $bare_item_id = substr($item_id, strpos($item_id, ':')+1); if ($item_id != 'root') { if ($parent_id && $parent_id != 'root') { $parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1); - $parent_qpart = $this->dbh->escape_string($parent_bare_id); + $parent_qpart = $parent_bare_id; } else { $parent_qpart = 'NULL'; } - $this->dbh->query("UPDATE ttrss_feed_categories + db_query("UPDATE ttrss_feed_categories SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -346,7 +350,7 @@ class Pref_Feeds extends Handler_Protected { if ($cat && is_array($cat)) { foreach ($cat as $item) { $id = $item['_reference']; - $bare_id = $this->dbh->escape_string(substr($id, strpos($id, ':')+1)); + $bare_id = substr($id, strpos($id, ':')+1); if ($debug) _debug("$prefix [$order_id] $id/$bare_id"); @@ -355,12 +359,12 @@ class Pref_Feeds extends Handler_Protected { if (strpos($id, "FEED") === 0) { $cat_id = ($item_id != "root") ? - $this->dbh->escape_string($bare_item_id) : "NULL"; + $bare_item_id : "NULL"; $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" : "cat_id = NULL"; - $this->dbh->query("UPDATE ttrss_feeds + db_query("UPDATE ttrss_feeds SET order_id = $order_id, $cat_qpart WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); @@ -370,12 +374,12 @@ class Pref_Feeds extends Handler_Protected { $nest_level+1); if ($item_id != 'root') { - $parent_qpart = $this->dbh->escape_string($bare_id); + $parent_qpart = $bare_id; } else { $parent_qpart = 'NULL'; } - $this->dbh->query("UPDATE ttrss_feed_categories + db_query("UPDATE ttrss_feed_categories SET order_id = '$order_id' WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -427,7 +431,7 @@ class Pref_Feeds extends Handler_Protected { ++$cat_order_id; if ($bare_id > 0) { - $this->dbh->query("UPDATE ttrss_feed_categories + db_query("UPDATE ttrss_feed_categories SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -444,7 +448,7 @@ class Pref_Feeds extends Handler_Protected { else $cat_query = "cat_id = NULL"; - $this->dbh->query("UPDATE ttrss_feeds + db_query("UPDATE ttrss_feeds SET order_id = '$feed_order_id', $cat_query WHERE id = '$feed_id' AND @@ -460,15 +464,15 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]); + $feed_id = $_REQUEST["feed_id"]; - $result = $this->dbh->query("SELECT id FROM ttrss_feeds + $result = db_query("SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); - if ($this->dbh->num_rows($result) != 0) { + if (db_num_rows($result) != 0) { @unlink(ICONS_DIR . "/$feed_id.ico"); - $this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL + db_query("UPDATE ttrss_feeds SET favicon_avg_color = NULL where id = '$feed_id'"); } @@ -494,18 +498,18 @@ class Pref_Feeds extends Handler_Protected { } $icon_file = $tmp_file; - $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]); + $feed_id = $_REQUEST["feed_id"]; if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 65535) { - $result = $this->dbh->query("SELECT id FROM ttrss_feeds + $result = db_query("SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); - if ($this->dbh->num_rows($result) != 0) { + if (db_num_rows($result) != 0) { @unlink(ICONS_DIR . "/$feed_id.ico"); if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) { - $this->dbh->query("UPDATE ttrss_feeds SET + db_query("UPDATE ttrss_feeds SET favicon_avg_color = '' WHERE id = '$feed_id'"); @@ -536,16 +540,16 @@ class Pref_Feeds extends Handler_Protected { print '