X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=classes%2Fpref%2Ffeeds.php;h=d6abe2328809482ee20edb182043431a367c0acc;hb=fbff72e081e812926f89e608cf7af1b7d8c841cb;hp=d43740310700cde1ec7ba46ebbf2b19d0af9729b;hpb=33945d7517d32a1a515e8123152dffed5651020c;p=tt-rss.git
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
old mode 100644
new mode 100755
index d4374031..d6abe232
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -1,5 +1,7 @@
dbh->escape_string($_REQUEST['title']);
- $id = $this->dbh->escape_string($_REQUEST['id']);
+ $title = clean($_REQUEST['title']);
+ $id = clean($_REQUEST['id']);
if ($title) {
- $this->dbh->query("UPDATE ttrss_feed_categories SET
- title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
+ title = ? WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$title, $id, $_SESSION['uid']]);
}
- return;
}
private function get_category_items($cat_id) {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
- if ($search) $search_qpart = " AND LOWER(title) LIKE LOWER('%$search%')";
-
// first one is set by API
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$items = array();
- $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
- WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title");
+ $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
+ WHERE owner_uid = ? AND parent_cat = ? ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid'], $cat_id]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
@@ -55,23 +56,29 @@ class Pref_Feeds extends Handler_Protected {
$cat['unread'] = 0;
$cat['child_unread'] = 0;
$cat['auxcounter'] = 0;
+ $cat['parent_id'] = $cat_id;
$cat['items'] = $this->get_category_items($line['id']);
- $cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
+ $num_children = $this->calculate_children_count($cat);
+ $cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
- if (count($cat['items']) > 0 || $show_empty_cats)
+ if ($num_children > 0 || $show_empty_cats)
array_push($items, $cat);
}
- $feed_result = $this->dbh->query("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ $fsth = $this->pdo->prepare("SELECT id, title, last_error,
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE cat_id = :cat AND
+ owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
+
+ $fsth->execute([":cat" => $cat_id, ":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -80,9 +87,10 @@ class Pref_Feeds extends Handler_Protected {
$feed['checkbox'] = false;
$feed['unread'] = 0;
$feed['error'] = $feed_line['last_error'];
- $feed['icon'] = getFeedIcon($feed_line['id']);
+ $feed['icon'] = Feeds::getFeedIcon($feed_line['id']);
$feed['param'] = make_local_datetime(
$feed_line['last_updated'], true);
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($items, $feed);
}
@@ -96,13 +104,11 @@ class Pref_Feeds extends Handler_Protected {
function makefeedtree() {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
- if ($search) $search_qpart = " AND LOWER(title) LIKE LOWER('%$search%')";
-
$root = array();
$root['id'] = 'root';
$root['name'] = __('Feeds');
@@ -111,7 +117,7 @@ class Pref_Feeds extends Handler_Protected {
$enable_cats = get_pref('ENABLE_FEED_CATS');
- if ($_REQUEST['mode'] == 2) {
+ if (clean($_REQUEST['mode']) == 2) {
if ($enable_cats) {
$cat = $this->feedlist_init_cat(-1);
@@ -154,29 +160,31 @@ class Pref_Feeds extends Handler_Protected {
$root['items'] = array_merge($root['items'], $cat['items']);
}
- $result = $this->dbh->query("SELECT * FROM
- ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption");
-
- if ($this->dbh->num_rows($result) > 0) {
+ $sth = $this->pdo->prepare("SELECT * FROM
+ ttrss_labels2 WHERE owner_uid = ? ORDER by caption");
+ $sth->execute([$_SESSION['uid']]);
- if (get_pref('ENABLE_FEED_CATS')) {
- $cat = $this->feedlist_init_cat(-2);
- } else {
- $cat['items'] = array();
- }
+ if (get_pref('ENABLE_FEED_CATS')) {
+ $cat = $this->feedlist_init_cat(-2);
+ } else {
+ $cat['items'] = array();
+ }
- while ($line = $this->dbh->fetch_assoc($result)) {
+ $num_labels = 0;
+ while ($line = $sth->fetch()) {
+ ++$num_labels;
- $label_id = label_to_feed_id($line['id']);
+ $label_id = Labels::label_to_feed_id($line['id']);
- $feed = $this->feedlist_init_feed($label_id, false, 0);
+ $feed = $this->feedlist_init_feed($label_id, false, 0);
- $feed['fg_color'] = $line['fg_color'];
- $feed['bg_color'] = $line['bg_color'];
+ $feed['fg_color'] = $line['fg_color'];
+ $feed['bg_color'] = $line['bg_color'];
- array_push($cat['items'], $feed);
- }
+ array_push($cat['items'], $feed);
+ }
+ if ($num_labels) {
if ($enable_cats) {
array_push($root['items'], $cat);
} else {
@@ -186,13 +194,14 @@ class Pref_Feeds extends Handler_Protected {
}
if ($enable_cats) {
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
- $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
- WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title");
+ $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
+ WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
$cat['bare_id'] = (int)$line['id'];
@@ -206,9 +215,10 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = $this->get_category_items($line['id']);
- $cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
+ $num_children = $this->calculate_children_count($cat);
+ $cat['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
- if (count($cat['items']) > 0 || $show_empty_cats)
+ if ($num_children > 0 || $show_empty_cats)
array_push($root['items'], $cat);
$root['param'] += count($cat['items']);
@@ -227,13 +237,16 @@ class Pref_Feeds extends Handler_Protected {
$cat['unread'] = 0;
$cat['child_unread'] = 0;
- $feed_result = $this->dbh->query("SELECT id, title,last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ $fsth = $this->pdo->prepare("SELECT id, title,last_error,
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE cat_id IS NULL AND
+ owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
+ $fsth->execute([":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -241,11 +254,12 @@ class Pref_Feeds extends Handler_Protected {
$feed['name'] = $feed_line['title'];
$feed['checkbox'] = false;
$feed['error'] = $feed_line['last_error'];
- $feed['icon'] = getFeedIcon($feed_line['id']);
+ $feed['icon'] = Feeds::getFeedIcon($feed_line['id']);
$feed['param'] = make_local_datetime(
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($cat['items'], $feed);
}
@@ -255,17 +269,19 @@ class Pref_Feeds extends Handler_Protected {
if (count($cat['items']) > 0 || $show_empty_cats)
array_push($root['items'], $cat);
- $root['param'] += count($cat['items']);
- $root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
+ $num_children = $this->calculate_children_count($root);
+ $root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
} else {
- $feed_result = $this->dbh->query("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ $fsth = $this->pdo->prepare("SELECT id, title, last_error,
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
+ $fsth->execute([":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -273,11 +289,12 @@ class Pref_Feeds extends Handler_Protected {
$feed['name'] = $feed_line['title'];
$feed['checkbox'] = false;
$feed['error'] = $feed_line['last_error'];
- $feed['icon'] = getFeedIcon($feed_line['id']);
+ $feed['icon'] = Feeds::getFeedIcon($feed_line['id']);
$feed['param'] = make_local_datetime(
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($root['items'], $feed);
}
@@ -289,52 +306,52 @@ class Pref_Feeds extends Handler_Protected {
$fl['identifier'] = 'id';
$fl['label'] = 'name';
- if ($_REQUEST['mode'] != 2) {
+ if (clean($_REQUEST['mode']) != 2) {
$fl['items'] = array($root);
} else {
- $fl['items'] =& $root['items'];
+ $fl['items'] = $root['items'];
}
return $fl;
}
function catsortreset() {
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
- return;
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
function feedsortreset() {
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
- return;
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) {
- $debug = isset($_REQUEST["debug"]);
$prefix = "";
for ($i = 0; $i < $nest_level; $i++)
$prefix .= " ";
- if ($debug) _debug("$prefix C: $item_id P: $parent_id");
+ Debug::log("$prefix C: $item_id P: $parent_id");
$bare_item_id = substr($item_id, strpos($item_id, ':')+1);
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
- $parent_qpart = $this->dbh->escape_string($parent_bare_id);
+ $parent_qpart = $parent_bare_id;
} else {
- $parent_qpart = 'NULL';
+ $parent_qpart = null;
}
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET parent_cat = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$parent_qpart, $bare_item_id, $_SESSION['uid']]);
}
- $order_id = 0;
+ $order_id = 1;
$cat = $data_map[$item_id];
@@ -343,36 +360,28 @@ class Pref_Feeds extends Handler_Protected {
$id = $item['_reference'];
$bare_id = substr($id, strpos($id, ':')+1);
- if ($debug) _debug("$prefix [$order_id] $id/$bare_id");
+ Debug::log("$prefix [$order_id] $id/$bare_id");
if ($item['_reference']) {
if (strpos($id, "FEED") === 0) {
- $cat_id = ($item_id != "root") ?
- $this->dbh->escape_string($bare_item_id) : "NULL";
+ $cat_id = ($item_id != "root") ? $bare_item_id : null;
- $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
- "cat_id = NULL";
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET order_id = ?, cat_id = ?
+ WHERE id = ? AND owner_uid = ?");
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = $order_id, $cat_qpart
- WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth->execute([$order_id, $cat_id ? $cat_id : null, $bare_id, $_SESSION['uid']]);
} else if (strpos($id, "CAT:") === 0) {
$this->process_category_order($data_map, $item['_reference'], $item_id,
$nest_level+1);
- if ($item_id != 'root') {
- $parent_qpart = $this->dbh->escape_string($bare_id);
- } else {
- $parent_qpart = 'NULL';
- }
-
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = '$order_id' WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET order_id = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$order_id, $bare_id, $_SESSION['uid']]);
}
}
@@ -384,7 +393,7 @@ class Pref_Feeds extends Handler_Protected {
function savefeedorder() {
$data = json_decode($_POST['payload'], true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
@@ -393,7 +402,7 @@ class Pref_Feeds extends Handler_Protected {
# print_r($data['items']);
if (is_array($data) && is_array($data['items'])) {
- $cat_order_id = 0;
+# $cat_order_id = 0;
$data_map = array();
$root_item = false;
@@ -405,7 +414,7 @@ class Pref_Feeds extends Handler_Protected {
if (isset($item['items']['_reference'])) {
$data_map[$item['id']] = array($item['items']);
} else {
- $data_map[$item['id']] =& $item['items'];
+ $data_map[$item['id']] = $item['items'];
}
}
if ($item['id'] == 'root') {
@@ -414,67 +423,28 @@ class Pref_Feeds extends Handler_Protected {
}
$this->process_category_order($data_map, $root_item);
-
- /* foreach ($data['items'][0]['items'] as $item) {
- $id = $item['_reference'];
- $bare_id = substr($id, strpos($id, ':')+1);
-
- ++$cat_order_id;
-
- if ($bare_id > 0) {
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
- }
-
- $feed_order_id = 0;
-
- if (is_array($data_map[$id])) {
- foreach ($data_map[$id] as $feed) {
- $id = $feed['_reference'];
- $feed_id = substr($id, strpos($id, ':')+1);
-
- if ($bare_id != 0)
- $cat_query = "cat_id = '$bare_id'";
- else
- $cat_query = "cat_id = NULL";
-
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = '$feed_order_id',
- $cat_query
- WHERE id = '$feed_id' AND
- owner_uid = " . $_SESSION["uid"]);
-
- ++$feed_order_id;
- }
- }
- } */
}
-
- return;
}
function removeicon() {
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = clean($_REQUEST["feed_id"]);
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
@unlink(ICONS_DIR . "/$feed_id.ico");
- $this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
- where id = '$feed_id'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = NULL
+ where id = ?");
+ $sth->execute([$feed_id]);
}
-
- return;
}
function uploadicon() {
header("Content-type: text/html");
- $tmp_file = false;
-
if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) {
$tmp_file = tempnam(CACHE_DIR . '/upload', 'icon');
@@ -489,20 +459,23 @@ class Pref_Feeds extends Handler_Protected {
}
$icon_file = $tmp_file;
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = clean($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
- if (filesize($icon_file) < 20000) {
+ if (filesize($icon_file) < 65535) {
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
@unlink(ICONS_DIR . "/$feed_id.ico");
if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) {
- $this->dbh->query("UPDATE ttrss_feeds SET
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
favicon_avg_color = ''
- WHERE id = '$feed_id'");
+ WHERE id = ?");
+ $sth->execute([$feed_id]);
$rc = 0;
}
@@ -528,293 +501,306 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
- $feed_id = $this->dbh->escape_string($_REQUEST["id"]);
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $feed_id = clean($_REQUEST["id"]);
- $auth_pass_encrypted = sql_bool_to_bool($this->dbh->fetch_result($result, 0,
- "auth_pass_encrypted"));
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- $title = htmlspecialchars($this->dbh->fetch_result($result,
- 0, "title"));
+ if ($row = $sth->fetch()) {
+ print '
+
';
- print "
";
- print "
";
- print "
";
+ $title = htmlspecialchars($row["title"]);
- print "
".__("Feed")."
";
- print "
";
+ print_hidden("id", "$feed_id");
+ print_hidden("op", "pref-feeds");
+ print_hidden("method", "editSave");
+
+ print "
".__("Feed")."
";
+ print "
";
- /* Title */
+ /* Title */
- print "
";
- /* Feed URL */
+ /* Feed URL */
- $feed_url = $this->dbh->fetch_result($result, 0, "feed_url");
- $feed_url = htmlspecialchars($this->dbh->fetch_result($result,
- 0, "feed_url"));
+ $feed_url = htmlspecialchars($row["feed_url"]);
- print "
";
+ print "
";
- print __('URL:') . " ";
- print "
";
- $last_error = $this->dbh->fetch_result($result, 0, "last_error");
+ $last_error = $row["last_error"];
- if ($last_error) {
- print "
(error) ";
+ if ($last_error) {
+ print "
";
- }
+ }
- /* Category */
+ /* Category */
- if (get_pref('ENABLE_FEED_CATS')) {
+ if (get_pref('ENABLE_FEED_CATS')) {
- $cat_id = $this->dbh->fetch_result($result, 0, "cat_id");
+ $cat_id = $row["cat_id"];
- print "
";
+ print "
";
- print __('Place in category:') . " ";
+ print __('Place in category:') . " ";
- print_feed_cat_select("cat_id", $cat_id,
- 'dojoType="dijit.form.Select"');
- }
+ print_feed_cat_select("cat_id", $cat_id,
+ 'dojoType="dijit.form.Select"');
+ }
- print "
";
+ /* Site URL */
- print "
".__("Update")."
";
- print "
";
+ $site_url = htmlspecialchars($row["site_url"]);
- /* Update Interval */
+ print "
";
- $update_interval = $this->dbh->fetch_result($result, 0, "update_interval");
+ print __('Site URL:') . " ";
+ print " ";
- print_select_hash("update_interval", $update_interval, $update_intervals,
- 'dojoType="dijit.form.Select"');
+ /* FTS Stemming Language */
- /* Purge intl */
+ if (DB_TYPE == "pgsql") {
+ $feed_language = $row["feed_language"];
- $purge_interval = $this->dbh->fetch_result($result, 0, "purge_interval");
+ print " ";
- print " ";
- print __('Article purging:') . " ";
+ print __('Language:') . " ";
+ print_select("feed_language", $feed_language, $this::$feed_languages,
+ 'dojoType="dijit.form.Select"');
+ }
- print_select_hash("purge_interval", $purge_interval, $purge_intervals,
- 'dojoType="dijit.form.Select" ' .
- ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"'));
+ print "";
- print "
";
- print "
".__("Authentication")."
";
- print "
";
+ print "
".__("Update")."
";
+ print "
";
- $auth_login = htmlspecialchars($this->dbh->fetch_result($result, 0, "auth_login"));
+ /* Update Interval */
- print "
";
+ $update_interval = $row["update_interval"];
+
+ print_select_hash("update_interval", $update_interval, $update_intervals,
+ 'dojoType="dijit.form.Select"');
- $auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
+ /* Purge intl */
- if ($auth_pass_encrypted) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
+ if (FORCE_ARTICLE_PURGE == 0) {
+ $purge_interval = $row["purge_interval"];
+
+ print " ";
+ print __('Article purging:') . " ";
+
+ print_select_hash("purge_interval", $purge_interval, $purge_intervals,
+ 'dojoType="dijit.form.Select" ' .
+ ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"'));
}
- $auth_pass = htmlspecialchars($auth_pass);
+ print "";
+
+ $auth_login = htmlspecialchars($row["auth_login"]);
+ $auth_pass = htmlspecialchars($row["auth_pass"]);
+
+ $auth_enabled = $auth_login !== '' || $auth_pass !== '';
+
+ $auth_style = $auth_enabled ? '' : 'display: none';
+ print "
";
+ print "
".__("Authentication")."
";
+ print "
";
- print "
";
+
+ print "
";
- print "
+ print "
".__('Hint: you need to fill in your login information if your feed requires authentication, except for Twitter feeds.')."
";
- print "
";
- print "
".__("Options")."
";
- print "
";
+ print "
";
- $private = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "private"));
+ $auth_checked = $auth_enabled ? 'checked' : '';
+ print "
+
+ ".
+ __('This feed requires authentication.')."
";
- if ($private) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ print '
';
+
+ //print "
".__("Options")."
";
+ print "
";
- print " ".__('Hide from Popular feeds')." ";
- $include_in_digest = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "include_in_digest"));
+ if (DIGEST_SUBJECT !== false) {
+ $include_in_digest = $row["include_in_digest"];
- if ($include_in_digest) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($include_in_digest) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "
".__('Include in e-mail digest')." ";
+ }
- $always_display_enclosures = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "always_display_enclosures"));
+ $always_display_enclosures = $row["always_display_enclosures"];
- if ($always_display_enclosures) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($always_display_enclosures) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print " ".__('Always display image attachments')." ";
- $hide_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "hide_images"));
+ $hide_images = $row["hide_images"];
- if ($hide_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($hide_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print " ".
- __('Do not embed images')." ";
+ __('Do not embed media')."";
- $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
+ $cache_images = $row["cache_images"];
- if ($cache_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($cache_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print " ".
- __('Cache images locally')." ";
+ __('Cache media')."";
- $mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update"));
+ $mark_unread_on_update = $row["mark_unread_on_update"];
- if ($mark_unread_on_update) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($mark_unread_on_update) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print " ".__('Mark updated articles as unread')." ";
- print "";
+ print "
";
- /* Icon */
+ print '
';
- print "
".__("Icon")."
";
- print "
";
+ /* Icon */
- print "
";
+ print "
";
+
+ print "
";
- print "
";
- print "
";
-
- PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED,
- "hook_prefs_edit_feed", $feed_id);
+ print "
";
- $title = htmlspecialchars($title, ENT_QUOTES);
+ print '
";
+ $title = htmlspecialchars($title, ENT_QUOTES);
- print "
".
- __('Resets PubSubHubbub subscription status for push-enabled feeds.')."
";
+ print "
";
- return;
+ print "
".__('Save')."
+
".__('Cancel')."
+
";
+ }
}
function editfeeds() {
global $purge_intervals;
global $update_intervals;
- $feed_ids = $this->dbh->escape_string($_REQUEST["ids"]);
+ $feed_ids = clean($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
print "
";
- print " ";
- print " ";
- print " ";
+ print_hidden("ids", "$feed_ids");
+ print_hidden("op", "pref-feeds");
+ print_hidden("method", "batchEditSave");
print "
".__("Feed")."
";
print "
";
- /* Title */
-
- print " ";
-
- $this->batch_edit_cbox("title");
-
- /* Feed URL */
-
- print " ";
-
- print __('URL:') . " ";
- print " ";
-
- $this->batch_edit_cbox("feed_url");
-
/* Category */
if (get_pref('ENABLE_FEED_CATS')) {
- print " ";
-
print __('Place in category:') . " ";
print_feed_cat_select("cat_id", false,
@@ -824,6 +810,18 @@ class Pref_Feeds extends Handler_Protected {
}
+ /* FTS Stemming Language */
+
+ if (DB_TYPE == "pgsql") {
+ print "
";
+
+ print __('Language:') . " ";
+ print_select("feed_language", "", $this::$feed_languages,
+ 'disabled="1" dojoType="dijit.form.Select"');
+
+ $this->batch_edit_cbox("feed_language");
+ }
+
print "";
print "
".__("Update")."
";
@@ -856,11 +854,13 @@ class Pref_Feeds extends Handler_Protected {
print "
";
$this->batch_edit_cbox("auth_login");
- print "
";
@@ -891,7 +891,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"hide_images\"
dojoType=\"dijit.form.CheckBox\">
".
- __('Do not embed images')." ";
+ __('Do not embed media')."";
print " "; $this->batch_edit_cbox("hide_images", "hide_images_l");
@@ -899,7 +899,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"cache_images\"
dojoType=\"dijit.form.CheckBox\">
".
- __('Cache images locally')." ";
+ __('Cache media')."";
print " "; $this->batch_edit_cbox("cache_images", "cache_images_l");
@@ -933,68 +933,83 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
- $feed_title = $this->dbh->escape_string(trim($_POST["title"]));
- $feed_link = $this->dbh->escape_string(trim($_POST["feed_url"]));
- $upd_intl = (int) $this->dbh->escape_string($_POST["update_interval"]);
- $purge_intl = (int) $this->dbh->escape_string($_POST["purge_interval"]);
- $feed_id = (int) $this->dbh->escape_string($_POST["id"]); /* editSave */
- $feed_ids = $this->dbh->escape_string($_POST["ids"]); /* batchEditSave */
- $cat_id = (int) $this->dbh->escape_string($_POST["cat_id"]);
- $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"]));
- $auth_pass = trim($_POST["auth_pass"]);
- $private = checkbox_to_sql_bool($this->dbh->escape_string($_POST["private"]));
+ $feed_title = trim(clean($_POST["title"]));
+ $feed_url = trim(clean($_POST["feed_url"]));
+ $site_url = trim(clean($_POST["site_url"]));
+ $upd_intl = (int) clean($_POST["update_interval"]);
+ $purge_intl = (int) clean($_POST["purge_interval"]);
+ $feed_id = (int) clean($_POST["id"]); /* editSave */
+ $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */
+ $cat_id = (int) clean($_POST["cat_id"]);
+ $auth_login = trim(clean($_POST["auth_login"]));
+ $auth_pass = trim(clean($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(clean($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["include_in_digest"]));
+ clean($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["cache_images"]));
+ clean($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["hide_images"]));
+ clean($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["always_display_enclosures"]));
+ clean($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["mark_unread_on_update"]));
-
- if (strlen(FEED_CRYPT_KEY) > 0) {
- require_once "crypt.php";
- $auth_pass = substr(encrypt_string($auth_pass), 0, 250);
- $auth_pass_encrypted = 'true';
- } else {
- $auth_pass_encrypted = 'false';
- }
-
- $auth_pass = $this->dbh->escape_string($auth_pass);
+ clean($_POST["mark_unread_on_update"]));
- if (get_pref('ENABLE_FEED_CATS')) {
- if ($cat_id && $cat_id != 0) {
- $category_qpart = "cat_id = '$cat_id',";
- $category_qpart_nocomma = "cat_id = '$cat_id'";
- } else {
- $category_qpart = 'cat_id = NULL,';
- $category_qpart_nocomma = 'cat_id = NULL';
- }
- } else {
- $category_qpart = "";
- $category_qpart_nocomma = "";
- }
+ $feed_language = trim(clean($_POST["feed_language"]));
if (!$batch) {
+ if (clean($_POST["need_auth"]) !== 'on') {
+ $auth_login = '';
+ $auth_pass = '';
+ }
- $result = $this->dbh->query("UPDATE ttrss_feeds SET
- $category_qpart
- title = '$feed_title', feed_url = '$feed_link',
- update_interval = '$upd_intl',
- purge_interval = '$purge_intl',
- auth_login = '$auth_login',
- auth_pass = '$auth_pass',
- auth_pass_encrypted = $auth_pass_encrypted,
- private = $private,
- cache_images = $cache_images,
- hide_images = $hide_images,
- include_in_digest = $include_in_digest,
- always_display_enclosures = $always_display_enclosures,
- mark_unread_on_update = $mark_unread_on_update
- WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
+ /* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed_id]);
+ $row = $sth->fetch();$orig_feed_url = $row["feed_url"];
+
+ $reset_basic_info = $orig_feed_url != $feed_url; */
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
+ cat_id = :cat_id,
+ title = :title,
+ feed_url = :feed_url,
+ site_url = :site_url,
+ update_interval = :upd_intl,
+ purge_interval = :purge_intl,
+ auth_login = :auth_login,
+ auth_pass = :auth_pass,
+ auth_pass_encrypted = false,
+ private = :private,
+ cache_images = :cache_images,
+ hide_images = :hide_images,
+ include_in_digest = :include_in_digest,
+ always_display_enclosures = :always_display_enclosures,
+ mark_unread_on_update = :mark_unread_on_update,
+ feed_language = :feed_language
+ WHERE id = :id AND owner_uid = :uid");
+
+ $sth->execute([":title" => $feed_title,
+ ":cat_id" => $cat_id ? $cat_id : null,
+ ":feed_url" => $feed_url,
+ ":site_url" => $site_url,
+ ":upd_intl" => $upd_intl,
+ ":purge_intl" => $purge_intl,
+ ":auth_login" => $auth_login,
+ ":auth_pass" => $auth_pass,
+ ":private" => (int)$private,
+ ":cache_images" => (int)$cache_images,
+ ":hide_images" => (int)$hide_images,
+ ":include_in_digest" => (int)$include_in_digest,
+ ":always_display_enclosures" => (int)$always_display_enclosures,
+ ":mark_unread_on_update" => (int)$mark_unread_on_update,
+ ":feed_language" => $feed_language,
+ ":id" => $feed_id,
+ ":uid" => $_SESSION['uid']]);
+
+/* if ($reset_basic_info) {
+ RSSUtils::set_basic_feed_info($feed_id);
+ } */
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_SAVE_FEED,
"hook_prefs_save_feed", $feed_id);
@@ -1004,11 +1019,13 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($_POST) as $k) {
if ($k != "op" && $k != "method" && $k != "ids") {
- $feed_data[$k] = $_POST[$k];
+ $feed_data[$k] = clean($_POST[$k]);
}
}
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
+
+ $feed_ids_qmarks = arr_qmarks($feed_ids);
foreach (array_keys($feed_data) as $k) {
@@ -1016,86 +1033,87 @@ class Pref_Feeds extends Handler_Protected {
switch ($k) {
case "title":
- $qpart = "title = '$feed_title'";
+ $qpart = "title = " . $this->pdo->quote($feed_title);
break;
case "feed_url":
- $qpart = "feed_url = '$feed_link'";
+ $qpart = "feed_url = " . $this->pdo->quote($feed_url);
break;
case "update_interval":
- $qpart = "update_interval = '$upd_intl'";
+ $qpart = "update_interval = " . $this->pdo->quote($upd_intl);
break;
case "purge_interval":
- $qpart = "purge_interval = '$purge_intl'";
+ $qpart = "purge_interval =" . $this->pdo->quote($purge_intl);
break;
case "auth_login":
- $qpart = "auth_login = '$auth_login'";
+ $qpart = "auth_login = " . $this->pdo->quote($auth_login);
break;
case "auth_pass":
- $qpart = "auth_pass = '$auth_pass' AND
- auth_pass_encrypted = $auth_pass_encrypted";
+ $qpart = "auth_pass =" . $this->pdo->quote($auth_pass). ", auth_pass_encrypted = false";
break;
case "private":
- $qpart = "private = $private";
+ $qpart = "private = " . $this->pdo->quote($private);
break;
case "include_in_digest":
- $qpart = "include_in_digest = $include_in_digest";
+ $qpart = "include_in_digest = " . $this->pdo->quote($include_in_digest);
break;
case "always_display_enclosures":
- $qpart = "always_display_enclosures = $always_display_enclosures";
+ $qpart = "always_display_enclosures = " . $this->pdo->quote($always_display_enclosures);
break;
case "mark_unread_on_update":
- $qpart = "mark_unread_on_update = $mark_unread_on_update";
+ $qpart = "mark_unread_on_update = " . $this->pdo->quote($mark_unread_on_update);
break;
case "cache_images":
- $qpart = "cache_images = $cache_images";
+ $qpart = "cache_images = " . $this->pdo->quote($cache_images);
break;
case "hide_images":
- $qpart = "hide_images = $hide_images";
+ $qpart = "hide_images = " . $this->pdo->quote($hide_images);
break;
case "cat_id":
- $qpart = $category_qpart_nocomma;
+ if (get_pref('ENABLE_FEED_CATS')) {
+ if ($cat_id) {
+ $qpart = "cat_id = " . $this->pdo->quote($cat_id);
+ } else {
+ $qpart = 'cat_id = NULL';
+ }
+ } else {
+ $qpart = "";
+ }
+
+ break;
+
+ case "feed_language":
+ $qpart = "feed_language = " . $this->pdo->quote($feed_language);
break;
}
if ($qpart) {
- $this->dbh->query(
- "UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids)
- AND owner_uid = " . $_SESSION["uid"]);
- print "
";
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids_qmarks)
+ AND owner_uid = ?");
+ $sth->execute(array_merge($feed_ids, [$_SESSION['uid']]));
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
return;
}
- function resetPubSub() {
-
- $ids = $this->dbh->escape_string($_REQUEST["ids"]);
-
- $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
- AND owner_uid = " . $_SESSION["uid"]);
-
- return;
- }
-
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
@@ -1104,152 +1122,15 @@ class Pref_Feeds extends Handler_Protected {
return;
}
- function clear() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $this->clear_feed_articles($id);
- }
-
- function rescore() {
- require_once "rssfuncs.php";
-
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
-
- foreach ($ids as $id) {
-
- $filters = load_filters($id, $_SESSION["uid"], 6);
-
- $result = $this->dbh->query("SELECT
- title, content, link, ref_id, author,".
- SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
- FROM
- ttrss_user_entries, ttrss_entries
- WHERE ref_id = id AND feed_id = '$id' AND
- owner_uid = " .$_SESSION['uid']."
- ");
-
- $scores = array();
-
- while ($line = $this->dbh->fetch_assoc($result)) {
-
- $tags = get_article_tags($line["ref_id"]);
-
- $article_filters = get_article_filters($filters, $line['title'],
- $line['content'], $line['link'], strtotime($line['updated']),
- $line['author'], $tags);
-
- $new_score = calculate_article_score($article_filters);
-
- if (!$scores[$new_score]) $scores[$new_score] = array();
-
- array_push($scores[$new_score], $line['ref_id']);
- }
-
- foreach (array_keys($scores) as $s) {
- if ($s > 1000) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- marked = true WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else if ($s < -500) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- unread = false WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- }
- }
- }
-
- print __("All done.");
-
- }
-
- function rescoreAll() {
-
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']);
-
- while ($feed_line = $this->dbh->fetch_assoc($result)) {
-
- $id = $feed_line["id"];
-
- $filters = load_filters($id, $_SESSION["uid"], 6);
-
- $tmp_result = $this->dbh->query("SELECT
- title, content, link, ref_id, author,".
- SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
- FROM
- ttrss_user_entries, ttrss_entries
- WHERE ref_id = id AND feed_id = '$id' AND
- owner_uid = " .$_SESSION['uid']."
- ");
-
- $scores = array();
-
- while ($line = $this->dbh->fetch_assoc($tmp_result)) {
-
- $tags = get_article_tags($line["ref_id"]);
-
- $article_filters = get_article_filters($filters, $line['title'],
- $line['content'], $line['link'], strtotime($line['updated']),
- $line['author'], $tags);
-
- $new_score = calculate_article_score($article_filters);
-
- if (!$scores[$new_score]) $scores[$new_score] = array();
-
- array_push($scores[$new_score], $line['ref_id']);
- }
-
- foreach (array_keys($scores) as $s) {
- if ($s > 1000) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- marked = true WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- }
- }
- }
-
- print __("All done.");
-
- }
-
- function categorize() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
-
- $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
-
- if ($cat_id == 0) {
- $cat_id_qpart = 'NULL';
- } else {
- $cat_id_qpart = "'$cat_id'";
- }
-
- $this->dbh->query("BEGIN");
-
- foreach ($ids as $id) {
-
- $this->dbh->query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
- WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
-
- }
-
- $this->dbh->query("COMMIT");
- }
-
function removeCat() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = $this->dbh->escape_string(trim($_REQUEST["cat"]));
+ $feed_cat = trim(clean($_REQUEST["cat"]));
add_feed_category($feed_cat);
}
@@ -1259,10 +1140,15 @@ class Pref_Feeds extends Handler_Protected {
print "
";
print "
";
- $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
+ if ($row = $sth->fetch()) {
+ $num_errors = $row["num_errors"];
+ } else {
+ $num_errors = 0;
+ }
if ($num_errors > 0) {
@@ -1271,27 +1157,13 @@ class Pref_Feeds extends Handler_Protected {
__("Feeds with errors") . "";
}
- if (DB_TYPE == "pgsql") {
- $interval_qpart = "NOW() - INTERVAL '3 months'";
- } else {
- $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
- }
-
- $result = $this->dbh->query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
- (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
- ttrss_entries.id = ref_id AND
- ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
- ttrss_feeds.owner_uid = ".$_SESSION["uid"]);
-
- $num_inactive = $this->dbh->fetch_result($result, 0, "num_inactive");
+ $inactive_button = "" .
+ __("Inactive feeds") . " ";
- if ($num_inactive > 0) {
- $inactive_button = "" .
- __("Inactive feeds") . " ";
- }
-
- $feed_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $feed_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
@@ -1351,24 +1223,6 @@ class Pref_Feeds extends Handler_Protected {
print $error_button;
print $inactive_button;
- if (defined('_ENABLE_FEED_DEBUGGING')) {
-
- print "
- ".__('More actions...')." ";
-
- if (FORCE_ARTICLE_PURGE == 0) {
- print
- "".__('Manual purge')." ";
- }
-
- print "
- ".__('Clear feed data')."
- ".__('Rescore articles')." ";
-
- print " ";
-
- }
-
print "
"; # toolbar
//print '
';
@@ -1378,6 +1232,8 @@ class Pref_Feeds extends Handler_Protected {
".
__("Loading, please wait...")."
";
+ $auto_expand = $feed_search != "" ? "true" : "false";
+
print "
@@ -1388,6 +1244,7 @@ class Pref_Feeds extends Handler_Protected {
";
@@ -1415,7 +1274,8 @@ class Pref_Feeds extends Handler_Protected {
print "";
- print_notice(__("Using OPML you can export and import your feeds, filters, labels and Tiny Tiny RSS settings.") . __("Only main settings profile can be migrated using OPML."));
+ print "
" . __("Using OPML you can export and import your feeds, filters, labels and Tiny Tiny RSS settings.") .
+ __("Only main settings profile can be migrated using OPML.") . "
";
print "
"; # pane
- if (strpos($_SERVER['HTTP_USER_AGENT'], "Firefox") !== false) {
-
- print "";
-
- print_notice(__('This Tiny Tiny RSS site can be used as a Firefox Feed Reader by clicking the link below.'));
-
- print "
";
-
- print "" .
- __('Click here to register this site as a feed reader.') .
- " ";
-
- print "
";
-
- print "
"; # pane
- }
-
print "";
- print_notice(__('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.'));
+ print "
" . __('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.') . "
";
$rss_url = '-2::' . htmlspecialchars(get_self_url_prefix() .
"/public.php?op=rss&id=-2&view-mode=all_articles");;
@@ -1485,20 +1330,11 @@ class Pref_Feeds extends Handler_Protected {
print "
".
__('Display URL')." ";
- print "
".
+ print "".
__('Clear all generated URLs')." ";
print "";
- print_warning(__("You can disable all articles shared by unique URLs here."));
-
- print "";
-
- print "".
- __('Unshare all articles')." ";
-
- print "
";
-
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION,
"hook_prefs_tab_section", "prefFeedsPublishedGenerated");
@@ -1515,14 +1351,14 @@ class Pref_Feeds extends Handler_Protected {
$cat_id = (int) $cat_id;
if ($cat_id > 0) {
- $cat_unread = ccache_find($cat_id, $_SESSION["uid"], true);
+ $cat_unread = CCache::find($cat_id, $_SESSION["uid"], true);
} else if ($cat_id == 0 || $cat_id == -2) {
- $cat_unread = getCategoryUnread($cat_id);
+ $cat_unread = Feeds::getCategoryUnread($cat_id);
}
$obj['id'] = 'CAT:' . $cat_id;
$obj['items'] = array();
- $obj['name'] = getCategoryTitle($cat_id);
+ $obj['name'] = Feeds::getCategoryTitle($cat_id);
$obj['type'] = 'category';
$obj['unread'] = (int) $cat_unread;
$obj['bare_id'] = $cat_id;
@@ -1535,7 +1371,7 @@ class Pref_Feeds extends Handler_Protected {
$feed_id = (int) $feed_id;
if (!$title)
- $title = getFeedTitle($feed_id, false);
+ $title = Feeds::getFeedTitle($feed_id, false);
if ($unread === false)
$unread = getFeedUnread($feed_id, false);
@@ -1546,7 +1382,7 @@ class Pref_Feeds extends Handler_Protected {
$obj['type'] = 'feed';
$obj['error'] = $error;
$obj['updated'] = $updated;
- $obj['icon'] = getFeedIcon($feed_id);
+ $obj['icon'] = Feeds::getFeedIcon($feed_id);
$obj['bare_id'] = $feed_id;
$obj['auxcounter'] = 0;
@@ -1561,17 +1397,18 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- $result = $this->dbh->query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
+ $sth = $this->pdo->prepare("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart
- AND ttrss_feeds.owner_uid = ".$_SESSION["uid"]." AND
+ AND ttrss_feeds.owner_uid = ? AND
ttrss_user_entries.feed_id = ttrss_feeds.id AND
ttrss_entries.id = ref_id
GROUP BY ttrss_feeds.title, ttrss_feeds.id, ttrss_feeds.site_url, ttrss_feeds.feed_url
ORDER BY last_article");
+ $sth->execute([$_SESSION['uid']]);
print "";
@@ -1592,7 +1429,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FUPDD-$feed_id\"";
@@ -1600,8 +1437,6 @@ class Pref_Feeds extends Handler_Protected {
# class needed for selectTableRows()
print "
";
- $edit_title = htmlspecialchars($line["title"]);
-
# id needed for selectTableRows()
print " ";
print "";
- print ""
+ print ""
.__('Unsubscribe from selected feeds')." ";
print "
";
@@ -1638,8 +1473,9 @@ class Pref_Feeds extends Handler_Protected {
}
function feedsWithErrors() {
- $result = $this->dbh->query("SELECT id,title,feed_url,last_error,site_url
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id,title,feed_url,last_error,site_url
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
print "";
print "
".
@@ -1658,7 +1494,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FERDD-$feed_id\"";
@@ -1666,8 +1502,6 @@ class Pref_Feeds extends Handler_Protected {
# class needed for selectTableRows()
print "
";
- $edit_title = htmlspecialchars($line["title"]);
-
# id needed for selectTableRows()
print " ";
print "";
- print ""
+ print ""
.__('Unsubscribe from selected feeds')." ";
print "
";
@@ -1704,100 +1538,96 @@ class Pref_Feeds extends Handler_Protected {
print "";
}
- /**
- * Purge a feed contents, marked articles excepted.
- *
- * @param mixed $link The database connection.
- * @param integer $id The id of the feed to purge.
- * @return void
- */
- private function clear_feed_articles($id) {
-
- if ($id != 0) {
- $result = $this->dbh->query("DELETE FROM ttrss_user_entries
- WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]);
- } else {
- $result = $this->dbh->query("DELETE FROM ttrss_user_entries
- WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]);
- }
-
- $result = $this->dbh->query("DELETE FROM ttrss_entries WHERE
- (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0");
-
- ccache_update($id, $_SESSION['uid']);
- } // function clear_feed_articles
-
private function remove_feed_category($id, $owner_uid) {
- $this->dbh->query("DELETE FROM ttrss_feed_categories
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_feed_categories
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- ccache_remove($id, $owner_uid, true);
+ CCache::remove($id, $owner_uid, true);
}
static function remove_feed($id, $owner_uid) {
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_UNSUBSCRIBE_FEED) as $p) {
+ if (! $p->hook_unsubscribe_feed($id, $owner_uid)) {
+ user_error("Feed $id (owner: $owner_uid) not removed due to plugin error (HOOK_UNSUBSCRIBE_FEED).", E_USER_WARNING);
+ return;
+ }
+ }
+
+ $pdo = Db::pdo();
if ($id > 0) {
+ $pdo->beginTransaction();
/* save starred articles in Archived feed */
- db_query("BEGIN");
-
/* prepare feed if necessary */
- $result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = $id
- AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
+
+ if ($row = $sth->fetch()) {
+ $feed_url = $row["feed_url"];
- $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
+ $sth = $pdo->prepare("SELECT id FROM ttrss_archived_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $owner_uid]);
- $result = db_query("SELECT id FROM ttrss_archived_feeds
- WHERE feed_url = '$feed_url' AND owner_uid = $owner_uid");
+ if ($row = $sth->fetch()) {
+ $archive_id = $row["id"];
+ } else {
+ $res = $pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
+ $row = $res->fetch();
- if (db_num_rows($result) == 0) {
- $result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
- $new_feed_id = (int)db_fetch_result($result, 0, "id") + 1;
+ $new_feed_id = (int)$row['id'] + 1;
- db_query("INSERT INTO ttrss_archived_feeds
- (id, owner_uid, title, feed_url, site_url)
- SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds
- WHERE id = '$id'");
+ $sth = $pdo->prepare("INSERT INTO ttrss_archived_feeds
+ (id, owner_uid, title, feed_url, site_url)
+ SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$new_feed_id, $id]);
- $archive_id = $new_feed_id;
- } else {
- $archive_id = db_fetch_result($result, 0, "id");
- }
+ $archive_id = $new_feed_id;
+ }
+
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET feed_id = NULL,
+ orig_feed_id = ? WHERE feed_id = ? AND
+ marked = true AND owner_uid = ?");
- db_query("UPDATE ttrss_user_entries SET feed_id = NULL,
- orig_feed_id = '$archive_id' WHERE feed_id = '$id' AND
- marked = true AND owner_uid = $owner_uid");
+ $sth->execute([$archive_id, $id, $owner_uid]);
- /* Remove access key for the feed */
+ /* Remove access key for the feed */
- db_query("DELETE FROM ttrss_access_keys WHERE
- feed_id = '$id' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ feed_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- /* remove the feed */
+ /* remove the feed */
- db_query("DELETE FROM ttrss_feeds
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("DELETE FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
+ }
- db_query("COMMIT");
+ $pdo->commit();
if (file_exists(ICONS_DIR . "/$id.ico")) {
unlink(ICONS_DIR . "/$id.ico");
}
- ccache_remove($id, $owner_uid);
+ CCache::remove($id, $owner_uid);
} else {
- label_remove(feed_to_label_id($id), $owner_uid);
- //ccache_remove($id, $owner_uid); don't think labels are cached
+ Labels::remove(Labels::feed_to_label_id($id), $owner_uid);
+ //CCache::remove($id, $owner_uid); don't think labels are cached
}
}
function batchSubscribe() {
- print " ";
- print " ";
+ print_hidden("op", "pref-feeds");
+ print_hidden("method", "batchaddfeeds");
print "
".__("Add one valid RSS feed per line (no feed detection is done)")."
@@ -1808,7 +1638,7 @@ class Pref_Feeds extends Handler_Protected {
}
print " ";
print "";
@@ -1822,6 +1652,7 @@ class Pref_Feeds extends Handler_Protected {
" ".
"";
@@ -1844,47 +1675,31 @@ class Pref_Feeds extends Handler_Protected {
}
function batchAddFeeds() {
- $cat_id = $this->dbh->escape_string($_REQUEST['cat']);
- $feeds = explode("\n", $_REQUEST['feeds']);
- $login = $this->dbh->escape_string($_REQUEST['login']);
- $pass = trim($_REQUEST['pass']);
+ $cat_id = clean($_REQUEST['cat']);
+ $feeds = explode("\n", clean($_REQUEST['feeds']));
+ $login = clean($_REQUEST['login']);
+ $pass = trim(clean($_REQUEST['pass']));
foreach ($feeds as $feed) {
- $feed = $this->dbh->escape_string(trim($feed));
+ $feed = trim($feed);
if (validate_feed_url($feed)) {
- $this->dbh->query("BEGIN");
-
- if ($cat_id == "0" || !$cat_id) {
- $cat_qpart = "NULL";
- } else {
- $cat_qpart = "'$cat_id'";
- }
-
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds
- WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
+ $this->pdo->beginTransaction();
- if (strlen(FEED_CRYPT_KEY) > 0) {
- require_once "crypt.php";
- $pass = substr(encrypt_string($pass), 0, 250);
- $auth_pass_encrypted = 'true';
- } else {
- $auth_pass_encrypted = 'false';
- }
-
- $pass = $this->dbh->escape_string($pass);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 0) {
- $result = $this->dbh->query(
- "INSERT INTO ttrss_feeds
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
- VALUES ('".$_SESSION["uid"]."', '$feed',
- '[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
+ VALUES (?, ?, '[Unknown]', ?, ?, ?, 0, false)");
+
+ $sth->execute([$_SESSION['uid'], $feed, $cat_id ? $cat_id : null, $login, $pass]);
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
}
@@ -1899,44 +1714,70 @@ class Pref_Feeds extends Handler_Protected {
}
function regenFeedKey() {
- $feed_id = $this->dbh->escape_string($_REQUEST['id']);
- $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
+ $feed_id = clean($_REQUEST['id']);
+ $is_cat = clean($_REQUEST['is_cat']);
$new_key = $this->update_feed_access_key($feed_id, $is_cat);
- print json_encode(array("link" => $new_key));
+ print json_encode(["link" => $new_key]);
}
private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $sql_is_cat = bool_to_sql_bool($is_cat);
+ // clear old value and generate new one
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, bool_to_sql_bool($is_cat), $owner_uid]);
- $result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ return get_feed_access_key($feed_id, $is_cat, $owner_uid);
+ }
- if ($this->dbh->num_rows($result) == 1) {
- $key = $this->dbh->escape_string(sha1(uniqid(rand(), true)));
+ // Silent
+ function clearKeys() {
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ }
- $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ private function calculate_children_count($cat) {
+ $c = 0;
+
+ foreach ($cat['items'] as $child) {
+ if ($child['type'] == 'category') {
+ $c += $this->calculate_children_count($child);
+ } else {
+ $c += 1;
+ }
+ }
- return $key;
+ return $c;
+ }
+ function getinactivefeeds() {
+ if (DB_TYPE == "pgsql") {
+ $interval_qpart = "NOW() - INTERVAL '3 months'";
} else {
- return get_feed_access_key($feed_id, $is_cat, $owner_uid);
+ $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- }
- // Silent
- function clearKeys() {
- $this->dbh->query("DELETE FROM ttrss_access_keys WHERE
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_inactive FROM ttrss_feeds WHERE
+ (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
+ ttrss_entries.id = ref_id AND
+ ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
+ ttrss_feeds.owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+
+ if ($row = $sth->fetch()) {
+ print (int)$row["num_inactive"];
+ }
}
+ static function subscribe_to_feed_url() {
+ $url_path = get_self_url_prefix() .
+ "/public.php?op=subscribe&feed_url=%s";
+ return $url_path;
+ }
}
-?>