}
function edit() {
- $label_id = $this->dbh->escape_string($_REQUEST['id']);
+ $label_id = $_REQUEST['id'];
- $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
- id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
+ id = ? AND owner_uid = ?");
+ $sth->execute([$label_id, $_SESSION['uid']]);
- $line = $this->dbh->fetch_assoc($result);
+ if ($line = $sth->fetch()) {
- print_hidden("id", "$label_id");
- print_hidden("op", "pref-labels");
- print_hidden("method", "save");
+ print_hidden("id", "$label_id");
+ print_hidden("op", "pref-labels");
+ print_hidden("method", "save");
- print "<div class=\"dlgSec\">".__("Caption")."</div>";
+ print "<div class=\"dlgSec\">".__("Caption")."</div>";
- print "<div class=\"dlgSecCont\">";
+ print "<div class=\"dlgSecCont\">";
- $fg_color = $line['fg_color'];
- $bg_color = $line['bg_color'];
+ $fg_color = $line['fg_color'];
+ $bg_color = $line['bg_color'];
- print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>";
+ print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>";
- print "<input style=\"font-size : 16px\" name=\"caption\"
+ print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">";
- print "</div>";
- print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
- print "<div class=\"dlgSecCont\">";
+ print "</div>";
+ print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
+ print "<div class=\"dlgSecCont\">";
- print "<table cellspacing=\"0\">";
+ print "<table cellspacing=\"0\">";
- print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
- "</td></tr>";
+ print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
+ "</td></tr>";
- print "<tr><td style='padding-right : 10px'>";
+ print "<tr><td style='padding-right : 10px'>";
- print "<input dojoType=\"dijit.form.TextBox\"
+ print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">";
- print "<input dojoType=\"dijit.form.TextBox\"
+ print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">";
- print "<div dojoType=\"dijit.ColorPalette\">
+ print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color});
</script>
- </div>";
- print "</div>";
+ </div>";
+ print "</div>";
- print "</td><td>";
+ print "</td><td>";
- print "<div dojoType=\"dijit.ColorPalette\">
+ print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script>
- </div>";
- print "</div>";
+ </div>";
+ print "</div>";
- print "</td></tr></table>";
- print "</div>";
+ print "</td></tr></table>";
+ print "</div>";
# print "</form>";
- print "<div class=\"dlgButtons\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
- __('Save')."</button>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
- __('Cancel')."</button>";
- print "</div>";
-
- return;
+ print "<div class=\"dlgButtons\">";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
+ __('Save')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
+ __('Cancel')."</button>";
+ print "</div>";
+ }
}
function getlabeltree() {
$root['name'] = __('Labels');
$root['items'] = array();
- $result = $this->dbh->query("SELECT *
+ $sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2
- WHERE owner_uid = ".$_SESSION["uid"]."
+ WHERE owner_uid = ?
ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
}
function colorset() {
- $kind = $this->dbh->escape_string($_REQUEST["kind"]);
- $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
- $color = $this->dbh->escape_string($_REQUEST["color"]);
- $fg = $this->dbh->escape_string($_REQUEST["fg"]);
- $bg = $this->dbh->escape_string($_REQUEST["bg"]);
+ $kind = $_REQUEST["kind"];
+ $ids = explode(',', $_REQUEST["ids"]);
+ $color = $_REQUEST["color"];
+ $fg = $_REQUEST["fg"];
+ $bg = $_REQUEST["bg"];
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- ${kind}_color = '$color' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ ${kind}_color = ? WHERE id = ?
+ AND owner_uid = ?");
+
+ $sth->execute([$color, $id, $_SESSION['uid']]);
+
} else {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ fg_color = ?, bg_color = ? WHERE id = ?
+ AND owner_uid = ?");
+
+ $sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
}
- $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
+ $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
- $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
- WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
-
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
+ WHERE label_cache LIKE ? AND owner_uid = ?");
+ $sth->execute(["%$caption%", $_SESSION['uid']]);
}
-
- return;
}
function colorreset() {
- $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- fg_color = '', bg_color = '' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ fg_color = '', bg_color = '' WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
+ $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
- $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
- WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
+ WHERE label_cache LIKE ? AND owner_uid = ?");
+ $sth->execute(["%$caption%", $_SESSION['uid']]);
}
-
}
function save() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
+ $id = $_REQUEST["id"];
+ $caption = trim($_REQUEST["caption"]);
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT caption FROM ttrss_labels2
- WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
- $old_caption = $this->dbh->fetch_result($result, 0, "caption");
+ if ($row = $sth->fetch()) {
+ $old_caption = $row["caption"];
- $result = $this->dbh->query("SELECT id FROM ttrss_labels2
- WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
+ WHERE caption = ? AND owner_uid = ?");
+ $sth->execute([$caption, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 0) {
+ if (!$sth->fetch()) {
if ($caption) {
- $result = $this->dbh->query("UPDATE ttrss_labels2 SET
- caption = '$caption' WHERE id = '$id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ caption = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */
- $old_caption = $this->dbh->escape_string($old_caption);
-
- $this->dbh->query("UPDATE ttrss_filters2_actions SET
- action_param = '$caption' WHERE action_param = '$old_caption'
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
+ action_param = ? WHERE action_param = ?
AND action_id = 7
- AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
+ AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
+
+ $sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"];
} else {
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
- return;
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]);
}
function add() {
- $caption = $this->dbh->escape_string($_REQUEST["caption"]);
- $output = $this->dbh->escape_string($_REQUEST["output"]);
+ $caption = $_REQUEST["caption"];
+ $output = $_REQUEST["output"];
if ($caption) {