X-Git-Url: https://git.wh0rd.org/?a=blobdiff_plain;f=plugins%2Fmail%2Finit.php;h=5294931c7c8308add9051df17dc16f57cba9aa78;hb=55bf4bc1d3e10b35f54c42b10207484fcb3d10fd;hp=acd89de4745f1240eaef68aab6ba17c148759383;hpb=8de58e1798a172c6b0bca8bb88ad41da80e08dbf;p=tt-rss.git diff --git a/plugins/mail/init.php b/plugins/mail/init.php index acd89de4..5294931c 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -1,6 +1,7 @@ host->set($this, "addresslist", $addresslist); @@ -51,9 +52,9 @@ class Mail extends Plugin { } "; - print ""; - print ""; - print ""; + print_hidden("op", "pluginhandler"); + print_hidden("method", "save"); + print_hidden("plugin", "mail"); $addresslist = $this->host->get($this, "addresslist"); @@ -77,22 +78,26 @@ class Mail extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $ids = explode(",", $_REQUEST['param']); + $ids_qmarks = arr_qmarks($ids); - print ""; - print ""; - print ""; + print_hidden("op", "pluginhandler"); + print_hidden("plugin", "mail"); + print_hidden("method", "sendEmail"); - $result = db_query("SELECT email, full_name FROM ttrss_users WHERE - id = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT email, full_name FROM ttrss_users WHERE + id = ?"); + $sth->execute([$_SESSION['uid']]); - $user_email = htmlspecialchars(db_fetch_result($result, 0, "email")); - $user_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); + if ($row = $sth->fetch()) { + $user_email = htmlspecialchars($row['email']); + $user_name = htmlspecialchars($row['full_name']); + } if (!$user_name) $user_name = $_SESSION['name']; - print ""; - print ""; + print_hidden("from_email", "$user_email"); + print_hidden("from_name", "$user_name"); require_once "lib/MiniTemplator.class.php"; @@ -104,15 +109,16 @@ class Mail extends Plugin { $tpl->setVariable('USER_EMAIL', $user_email, true); $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); - $result = db_query("SELECT DISTINCT link, content, title, note + $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title, note FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND - id IN ($param) AND owner_uid = " . $_SESSION["uid"]); + id IN ($ids_qmarks) AND owner_uid = ?"); + $sth->execute(array_merge($ids, [$_SESSION['uid']])); - if (db_num_rows($result) > 1) { + if (count($ids) > 1) { $subject = __("[Forwarded]") . " " . __("Multiple articles"); } - while ($line = db_fetch_assoc($result)) { + while ($line = $sth->fetch()) { if (!$subject) $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]); @@ -162,7 +168,7 @@ class Mail extends Plugin { print ""; - print "