X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=include%2Ffeedbrowser.php;h=aa55048d3314cf54459e6a487ce3bc7d9eb75c51;hb=e52034b4bcce994312ce2af31be0a46a70172691;hp=b70e47fdfbc7891fb7ad3a81f5c94376676cfaec;hpb=ea79a0e033e40057279a7f464c9464145eedc932;p=tt-rss.git

diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index b70e47fd..aa55048d 100644
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -3,34 +3,32 @@
 
 		if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
 
-		$owner_uid = $_SESSION["uid"];
 		$rv = '';
 
+        $pdo = Db::pdo();
+
 		if ($search) {
-			$search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
+            $search = $pdo->quote($search);
+
+            $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
 						UPPER(title) LIKE UPPER('%$search%'))";
 		} else {
 			$search_qpart = "";
 		}
 
 		if ($mode == 1) {
-			/* $result = db_query("SELECT feed_url, subscribers FROM
-			 ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
-			WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
-			AND owner_uid = '$owner_uid') $search_qpart
-			ORDER BY subscribers DESC LIMIT $limit"); */
-
-			$result = db_query("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
+			$sth = $pdo->prepare("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
 						(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
 							SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
 						WHERE
-							(SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
+							(SELECT COUNT(id) != 0 FROM ttrss_feeds AS tf
 								WHERE tf.feed_url = qqq.feed_url
-									AND owner_uid = '$owner_uid') $search_qpart
-						GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
+									) $search_qpart
+						GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT " . (int)$limit);
+			$sth->execute([$_SESSION['uid']]);
 
 		} else if ($mode == 2) {
-			$result = db_query("SELECT *,
+			$sth = $pdo->prepare("SELECT *,
 						(SELECT COUNT(*) FROM ttrss_user_entries WHERE
 					 		orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
 						FROM
@@ -38,14 +36,16 @@
 						WHERE
 						(SELECT COUNT(*) FROM ttrss_feeds
 							WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
-								owner_uid = '$owner_uid') = 0	AND
-						owner_uid = '$owner_uid' $search_qpart
-						ORDER BY id DESC LIMIT $limit");
+								owner_uid = :uid) = 0	AND
+						owner_uid = :uid $search_qpart
+						ORDER BY id DESC LIMIT " . (int)$limit);
+
+			$sth->execute([":uid" => $_SESSION['uid']]);
 		}
 
 		$feedctr = 0;
 
-		while ($line = db_fetch_assoc($result)) {
+		while ($line = $sth->fetch()) {
 
 			if ($mode == 1) {