}
function login() {
- $login = db_escape_string($_REQUEST["user"]);
+ $login = db_escape_string($this->link, $_REQUEST["user"]);
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
}
function getUnread() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
- $is_cat = db_escape_string($_REQUEST["is_cat"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
+ $is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
if ($feed_id) {
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($this->link, $feed_id, $is_cat)));
}
function getFeeds() {
- $cat_id = db_escape_string($_REQUEST["cat_id"]);
+ $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
- $limit = (int) db_escape_string($_REQUEST["limit"]);
- $offset = (int) db_escape_string($_REQUEST["offset"]);
+ $limit = (int) db_escape_string($this->link, $_REQUEST["limit"]);
+ $offset = (int) db_escape_string($this->link, $_REQUEST["offset"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
}
function getHeadlines() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
if ($feed_id != "") {
- $limit = (int)db_escape_string($_REQUEST["limit"]);
+ $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]);
if (!$limit || $limit >= 60) $limit = 60;
- $offset = (int)db_escape_string($_REQUEST["skip"]);
- $filter = db_escape_string($_REQUEST["filter"]);
+ $offset = (int)db_escape_string($this->link, $_REQUEST["skip"]);
+ $filter = db_escape_string($this->link, $_REQUEST["filter"]);
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
/* all_articles, unread, adaptive, marked, updated */
- $view_mode = db_escape_string($_REQUEST["view_mode"]);
+ $view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]);
$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
- $since_id = (int)db_escape_string($_REQUEST["since_id"]);
+ $since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$sanitize_content = true;
/* do not rely on params below */
- $search = db_escape_string($_REQUEST["search"]);
- $search_mode = db_escape_string($_REQUEST["search_mode"]);
+ $search = db_escape_string($this->link, $_REQUEST["search"]);
+ $search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]);
$headlines = $this->api_get_headlines($this->link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
}
function updateArticle() {
- $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
- $mode = (int) db_escape_string($_REQUEST["mode"]);
- $data = db_escape_string($_REQUEST["data"]);
- $field_raw = (int)db_escape_string($_REQUEST["field"]);
+ $article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
+ $mode = (int) db_escape_string($this->link, $_REQUEST["mode"]);
+ $data = db_escape_string($this->link, $_REQUEST["data"]);
+ $field_raw = (int)db_escape_string($this->link, $_REQUEST["field"]);
$field = "";
$set_to = "";
function getArticle() {
- $article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
+ $article_id = join(",", array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_id"])), is_numeric));
$query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
marked,unread,published,
}
function updateFeed() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
update_rss_feed($this->link, $feed_id, true);
}
function catchupFeed() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
- $is_cat = db_escape_string($_REQUEST["is_cat"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
+ $is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
catchup_feed($this->link, $feed_id, $is_cat);
}
function getPref() {
- $pref_name = db_escape_string($_REQUEST["pref_name"]);
+ $pref_name = db_escape_string($this->link, $_REQUEST["pref_name"]);
print $this->wrap(self::STATUS_OK, array("value" => get_pref($this->link, $pref_name)));
}
function getLabels() {
- //$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
+ //$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
$article_id = (int)$_REQUEST['article_id'];
function setArticleLabel() {
- $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
- $label_id = (int) db_escape_string($_REQUEST['label_id']);
- $assign = (bool) db_escape_string($_REQUEST['assign']) == "true";
+ $article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
+ $label_id = (int) db_escape_string($this->link, $_REQUEST['label_id']);
+ $assign = (bool) db_escape_string($this->link, $_REQUEST['assign']) == "true";
- $label = db_escape_string(label_find_caption($this->link,
+ $label = db_escape_string($this->link, label_find_caption($this->link,
$label_id, $_SESSION["uid"]));
$num_updated = 0;
}
function shareToPublished() {
- $title = db_escape_string(strip_tags($_REQUEST["title"]));
- $url = db_escape_string(strip_tags($_REQUEST["url"]));
- $content = db_escape_string(strip_tags($_REQUEST["content"]));
+ $title = db_escape_string($this->link, strip_tags($_REQUEST["title"]));
+ $url = db_escape_string($this->link, strip_tags($_REQUEST["url"]));
+ $content = db_escape_string($this->link, strip_tags($_REQUEST["content"]));
if (Article::create_published_article($this->link, $title, $url, $content, "", $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
}
function redirect() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
}
function view() {
- $id = db_escape_string($_REQUEST["id"]);
- $cids = explode(",", db_escape_string($_REQUEST["cids"]));
- $mode = db_escape_string($_REQUEST["mode"]);
- $omode = db_escape_string($_REQUEST["omode"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $cids = explode(",", db_escape_string($this->link, $_REQUEST["cids"]));
+ $mode = db_escape_string($this->link, $_REQUEST["mode"]);
+ $omode = db_escape_string($this->link, $_REQUEST["omode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
$user_id = $this->find_user_by_login($login);
if (!$user_id) {
- $login = db_escape_string($login);
+ $login = db_escape_string($this->link, $login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
}
function find_user_by_login($login) {
- $login = db_escape_string($login);
+ $login = db_escape_string($this->link, $login);
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
login = '$login'");
function before($method) {
if (parent::before($method)) {
header("Content-Type: text/xml; charset=utf-8");
- $this->param = db_escape_string($_REQUEST["param"]);
+ $this->param = db_escape_string($this->link, $_REQUEST["param"]);
print "<dlg>";
return true;
}
function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $browser_search = db_escape_string($_REQUEST["search"]);
+ $browser_search = db_escape_string($this->link, $_REQUEST["search"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
}
function search() {
- $this->params = explode(":", db_escape_string($_REQUEST["param"]), 2);
+ $this->params = explode(":", db_escape_string($this->link, $_REQUEST["param"]), 2);
$active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false";
print "<content><![CDATA[";
$this->params = explode(":", $this->param, 3);
- $feed_id = db_escape_string($this->params[0]);
+ $feed_id = db_escape_string($this->link, $this->params[0]);
$is_cat = (bool) $this->params[1];
$key = get_feed_access_key($this->link, $feed_id, $is_cat);
}
}
- @$search = db_escape_string($_REQUEST["query"]);
+ @$search = db_escape_string($this->link, $_REQUEST["query"]);
if ($search) {
$disable_cache = true;
}
- @$search_mode = db_escape_string($_REQUEST["search_mode"]);
+ @$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
- $omode = db_escape_string($_REQUEST["omode"]);
+ $omode = db_escape_string($this->link, $_REQUEST["omode"]);
- $feed = db_escape_string($_REQUEST["feed"]);
- $method = db_escape_string($_REQUEST["m"]);
- $view_mode = db_escape_string($_REQUEST["view_mode"]);
+ $feed = db_escape_string($this->link, $_REQUEST["feed"]);
+ $method = db_escape_string($this->link, $_REQUEST["m"]);
+ $view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]);
$limit = (int) get_pref($this->link, "DEFAULT_ARTICLE_LIMIT");
@$cat_view = $_REQUEST["cat"] == "true";
- @$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
- @$offset = db_escape_string($_REQUEST["skip"]);
- @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
- $order_by = db_escape_string($_REQUEST["order_by"]);
+ @$next_unread_feed = db_escape_string($this->link, $_REQUEST["nuf"]);
+ @$offset = db_escape_string($this->link, $_REQUEST["skip"]);
+ @$vgroup_last_feed = db_escape_string($this->link, $_REQUEST["vgrlf"]);
+ $order_by = db_escape_string($this->link, $_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed;
}
function getUnread() {
- $login = db_escape_string($_REQUEST["login"]);
+ $login = db_escape_string($this->link, $_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
}
function getProfiles() {
- $login = db_escape_string($_REQUEST["login"]);
+ $login = db_escape_string($this->link, $_REQUEST["login"]);
$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
}
function pubsub() {
- $mode = db_escape_string($_REQUEST['hub_mode']);
- $feed_id = (int) db_escape_string($_REQUEST['id']);
- $feed_url = db_escape_string($_REQUEST['hub_topic']);
+ $mode = db_escape_string($this->link, $_REQUEST['hub_mode']);
+ $feed_id = (int) db_escape_string($this->link, $_REQUEST['id']);
+ $feed_url = db_escape_string($this->link, $_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
}
function share() {
- $uuid = db_escape_string($_REQUEST["key"]);
+ $uuid = db_escape_string($this->link, $_REQUEST["key"]);
$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
}
function rss() {
- $feed = db_escape_string($_REQUEST["id"]);
- $key = db_escape_string($_REQUEST["key"]);
+ $feed = db_escape_string($this->link, $_REQUEST["id"]);
+ $key = db_escape_string($this->link, $_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
- $limit = (int)db_escape_string($_REQUEST["limit"]);
- $offset = (int)db_escape_string($_REQUEST["offset"]);
+ $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]);
+ $offset = (int)db_escape_string($this->link, $_REQUEST["offset"]);
- $search = db_escape_string($_REQUEST["q"]);
- $search_mode = db_escape_string($_REQUEST["smode"]);
- $view_mode = db_escape_string($_REQUEST["view-mode"]);
+ $search = db_escape_string($this->link, $_REQUEST["q"]);
+ $search_mode = db_escape_string($this->link, $_REQUEST["smode"]);
+ $view_mode = db_escape_string($this->link, $_REQUEST["view-mode"]);
- $format = db_escape_string($_REQUEST['format']);
+ $format = db_escape_string($this->link, $_REQUEST['format']);
if (!$format) $format = 'atom';
if ($action == 'share') {
- $title = db_escape_string(strip_tags($_REQUEST["title"]));
- $url = db_escape_string(strip_tags($_REQUEST["url"]));
- $content = db_escape_string(strip_tags($_REQUEST["content"]));
- $labels = db_escape_string(strip_tags($_REQUEST["labels"]));
+ $title = db_escape_string($this->link, strip_tags($_REQUEST["title"]));
+ $url = db_escape_string($this->link, strip_tags($_REQUEST["url"]));
+ $content = db_escape_string($this->link, strip_tags($_REQUEST["content"]));
+ $labels = db_escape_string($this->link, strip_tags($_REQUEST["labels"]));
Article::create_published_article($this->link, $title, $url, $content, $labels,
$_SESSION["uid"]);
if (!SINGLE_USER_MODE) {
- $login = db_escape_string($_POST["login"]);
+ $login = db_escape_string($this->link, $_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if ($_POST["profile"]) {
- $profile = db_escape_string($_POST["profile"]);
+ $profile = db_escape_string($this->link, $_POST["profile"]);
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
if ($_SESSION["uid"]) {
- $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
+ $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"]));
header('Content-Type: text/html; charset=utf-8');
print "<html>
}
function subscribe2() {
- $feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
- $cat_id = db_escape_string($_REQUEST["cat_id"]);
- $from = db_escape_string($_REQUEST["from"]);
+ $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"]));
+ $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
+ $from = db_escape_string($this->link, $_REQUEST["from"]);
/* only read authentication information from POST */
- $auth_login = db_escape_string(trim($_POST["auth_login"]));
- $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
+ $auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
+ $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
$rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass);
private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
$attrs = $node->attributes;
- $feed_title = db_escape_string($attrs->getNamedItem('text')->nodeValue);
- if (!$feed_title) $feed_title = db_escape_string($attrs->getNamedItem('title')->nodeValue);
+ $feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
+ if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
- $feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
- if (!$feed_url) $feed_url = db_escape_string($attrs->getNamedItem('xmlURL')->nodeValue);
+ $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
+ if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue);
- $site_url = db_escape_string($attrs->getNamedItem('htmlUrl')->nodeValue);
+ $site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue);
if ($feed_url && $feed_title) {
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
private function opml_import_label($doc, $node, $owner_uid) {
$attrs = $node->attributes;
- $label_name = db_escape_string($attrs->getNamedItem('label-name')->nodeValue);
+ $label_name = db_escape_string($this->link, $attrs->getNamedItem('label-name')->nodeValue);
if ($label_name) {
- $fg_color = db_escape_string($attrs->getNamedItem('label-fg-color')->nodeValue);
- $bg_color = db_escape_string($attrs->getNamedItem('label-bg-color')->nodeValue);
+ $fg_color = db_escape_string($this->link, $attrs->getNamedItem('label-fg-color')->nodeValue);
+ $bg_color = db_escape_string($this->link, $attrs->getNamedItem('label-bg-color')->nodeValue);
if (!label_find_id($this->link, $label_name, $_SESSION['uid'])) {
$this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name)));
private function opml_import_preference($doc, $node, $owner_uid) {
$attrs = $node->attributes;
- $pref_name = db_escape_string($attrs->getNamedItem('pref-name')->nodeValue);
+ $pref_name = db_escape_string($this->link, $attrs->getNamedItem('pref-name')->nodeValue);
if ($pref_name) {
- $pref_value = db_escape_string($attrs->getNamedItem('value')->nodeValue);
+ $pref_value = db_escape_string($this->link, $attrs->getNamedItem('value')->nodeValue);
$this->opml_notice(T_sprintf("Setting preference key %s to %s",
$pref_name, $pref_value));
private function opml_import_filter($doc, $node, $owner_uid) {
$attrs = $node->attributes;
- $filter_type = db_escape_string($attrs->getNamedItem('filter-type')->nodeValue);
+ $filter_type = db_escape_string($this->link, $attrs->getNamedItem('filter-type')->nodeValue);
if ($filter_type == '2') {
$filter = json_decode($node->nodeValue, true);
if (!$rule["cat_filter"]) {
$tmp_result = db_query($this->link, "SELECT id FROM ttrss_feeds
- WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
+ WHERE title = '".db_escape_string($this->link, $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) {
$feed_id = db_fetch_result($tmp_result, 0, "id");
}
} else {
$tmp_result = db_query($this->link, "SELECT id FROM ttrss_feed_categories
- WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
+ WHERE title = '".db_escape_string($this->link, $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) {
$cat_id = db_fetch_result($tmp_result, 0, "id");
}
$cat_filter = bool_to_sql_bool($rule["cat_filter"]);
- $reg_exp = db_escape_string($rule["reg_exp"]);
+ $reg_exp = db_escape_string($this->link, $rule["reg_exp"]);
$filter_type = (int)$rule["filter_type"];
db_query($this->link, "INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter)
foreach ($filter["actions"] as $action) {
$action_id = (int)$action["action_id"];
- $action_param = db_escape_string($action["action_param"]);
+ $action_param = db_escape_string($this->link, $action["action_param"]);
db_query($this->link, "INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param)
VALUES ($filter_id, $action_id, '$action_param')");
$default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
if ($root_node) {
- $cat_title = db_escape_string($root_node->attributes->getNamedItem('text')->nodeValue);
+ $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue);
if (!$cat_title)
- $cat_title = db_escape_string($root_node->attributes->getNamedItem('title')->nodeValue);
+ $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue);
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = get_feed_category($this->link, $cat_title, $parent_id);
foreach ($outlines as $node) {
if ($node->hasAttributes() && strtolower($node->tagName) == "outline") {
$attrs = $node->attributes;
- $node_cat_title = db_escape_string($attrs->getNamedItem('text')->nodeValue);
+ $node_cat_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
if (!$node_cat_title)
- $node_cat_title = db_escape_string($attrs->getNamedItem('title')->nodeValue);
+ $node_cat_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
- $node_feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
+ $node_feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
if ($node_cat_title && !$node_feed_url) {
$this->opml_import_category($doc, $node, $owner_uid, $cat_id);
function load_data($force = false) {
if ($this->owner_uid && (!$_SESSION["plugin_storage"] || $force)) {
- $plugin = db_escape_string($plugin);
+ $plugin = db_escape_string($this->link, $plugin);
$result = db_query($this->link, "SELECT name, content FROM ttrss_plugin_storage
WHERE owner_uid = '".$this->owner_uid."'");
private function save_data($plugin) {
if ($this->owner_uid) {
- $plugin = db_escape_string($plugin);
+ $plugin = db_escape_string($this->link, $plugin);
db_query($this->link, "BEGIN");
if (!isset($this->storage[$plugin]))
$this->storage[$plugin] = array();
- $content = db_escape_string(serialize($this->storage[$plugin]));
+ $content = db_escape_string($this->link, serialize($this->storage[$plugin]));
if (db_num_rows($result) != 0) {
db_query($this->link, "UPDATE ttrss_plugin_storage SET content = '$content'
}
function renamecat() {
- $title = db_escape_string($_REQUEST['title']);
- $id = db_escape_string($_REQUEST['id']);
+ $title = db_escape_string($this->link, $_REQUEST['title']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
if ($title) {
db_query($this->link, "UPDATE ttrss_feed_categories SET
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
- $parent_qpart = db_escape_string($parent_bare_id);
+ $parent_qpart = db_escape_string($this->link, $parent_bare_id);
} else {
$parent_qpart = 'NULL';
}
if (strpos($id, "FEED") === 0) {
$cat_id = ($item_id != "root") ?
- db_escape_string($bare_item_id) : "NULL";
+ db_escape_string($this->link, $bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL";
$nest_level+1);
if ($item_id != 'root') {
- $parent_qpart = db_escape_string($bare_id);
+ $parent_qpart = db_escape_string($this->link, $bare_id);
} else {
$parent_qpart = 'NULL';
}
}
function removeicon() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
$result = db_query($this->link, "SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
header("Content-type: text/html");
$icon_file = $_FILES['icon_file']['tmp_name'];
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 20000) {
global $purge_intervals;
global $update_intervals;
- $feed_id = db_escape_string($_REQUEST["id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link,
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
global $purge_intervals;
global $update_intervals;
- $feed_ids = db_escape_string($_REQUEST["ids"]);
+ $feed_ids = db_escape_string($this->link, $_REQUEST["ids"]);
print "<div class=\"dialogNotice\">" . __("Enable the options you wish to apply using checkboxes on the right:") . "</div>";
function editsaveops($batch) {
- $feed_title = db_escape_string(trim($_POST["title"]));
- $feed_link = db_escape_string(trim($_POST["feed_url"]));
- $upd_intl = (int) db_escape_string($_POST["update_interval"]);
- $purge_intl = (int) db_escape_string($_POST["purge_interval"]);
- $feed_id = (int) db_escape_string($_POST["id"]); /* editSave */
- $feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */
- $cat_id = (int) db_escape_string($_POST["cat_id"]);
- $auth_login = db_escape_string(trim($_POST["auth_login"]));
- $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
- $private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
+ $feed_title = db_escape_string($this->link, trim($_POST["title"]));
+ $feed_link = db_escape_string($this->link, trim($_POST["feed_url"]));
+ $upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]);
+ $purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]);
+ $feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */
+ $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */
+ $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]);
+ $auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
+ $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- db_escape_string($_POST["include_in_digest"]));
+ db_escape_string($this->link, $_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- db_escape_string($_POST["cache_images"]));
+ db_escape_string($this->link, $_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
- db_escape_string($_POST["hide_images"]));
+ db_escape_string($this->link, $_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- db_escape_string($_POST["always_display_enclosures"]));
+ db_escape_string($this->link, $_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- db_escape_string($_POST["mark_unread_on_update"]));
+ db_escape_string($this->link, $_POST["mark_unread_on_update"]));
if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) {
function resetPubSub() {
- $ids = db_escape_string($_REQUEST["ids"]);
+ $ids = db_escape_string($this->link, $_REQUEST["ids"]);
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
AND owner_uid = " . $_SESSION["uid"]);
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed($this->link, $id, $_SESSION["uid"]);
}
function clear() {
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
$this->clear_feed_articles($this->link, $id);
}
function rescore() {
require_once "rssfuncs.php";
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
}
function categorize() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
- $cat_id = db_escape_string($_REQUEST["cat_id"]);
+ $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
if ($cat_id == 0) {
$cat_id_qpart = 'NULL';
}
function removeCat() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($this->link, $id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = db_escape_string(trim($_REQUEST["cat"]));
+ $feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"]));
add_feed_category($this->link, $feed_cat);
}
__("Inactive feeds") . "</button>";
}
- $feed_search = db_escape_string($_REQUEST["search"]);
+ $feed_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
$filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])));
+ checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"])));
$filter["rules"] = array();
$result = db_query($this->link, "SELECT id,name FROM ttrss_filter_types");
if ($line['action_id'] == 7) {
$label_result = db_query($this->link, "SELECT fg_color, bg_color
- FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND
+ FROM ttrss_labels2 WHERE caption = '".db_escape_string($this->link, $line['action_param'])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($label_result) > 0) {
function edit() {
- $filter_id = db_escape_string($_REQUEST["id"]);
+ $filter_id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link,
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
# print_r($_REQUEST);
- $filter_id = db_escape_string($_REQUEST["id"]);
- $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
- $match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]));
+ $filter_id = db_escape_string($this->link, $_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"]));
$result = db_query($this->link, "UPDATE ttrss_filters2 SET enabled = $enabled,
match_any_rule = $match_any_rule
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
foreach ($rules as $rule) {
if ($rule) {
- $reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"])));
- $filter_type = (int) db_escape_string(trim($rule["filter_type"]));
- $feed_id = db_escape_string(trim($rule["feed_id"]));
+ $reg_exp = strip_tags(db_escape_string($this->link, trim($rule["reg_exp"])));
+ $filter_type = (int) db_escape_string($this->link, trim($rule["filter_type"]));
+ $feed_id = db_escape_string($this->link, trim($rule["feed_id"]));
if (strpos($feed_id, "CAT:") === 0) {
foreach ($actions as $action) {
if ($action) {
- $action_id = (int) db_escape_string($action["action_id"]);
- $action_param = db_escape_string($action["action_param"]);
- $action_param_label = db_escape_string($action["action_param_label"]);
+ $action_id = (int) db_escape_string($this->link, $action["action_id"]);
+ $action_param = db_escape_string($this->link, $action["action_param"]);
+ $action_param_label = db_escape_string($this->link, $action["action_param_label"]);
if ($action_id == 7) {
$action_param = $action_param_label;
function index() {
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
- $filter_search = db_escape_string($_REQUEST["search"]);
+ $filter_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = db_escape_string($_REQUEST["search"]);
+ $filter_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
$action = json_decode($_REQUEST["action"], true);
if ($action) {
- $action_param = db_escape_string($action["action_param"]);
+ $action_param = db_escape_string($this->link, $action["action_param"]);
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
}
function join() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
}
function edit() {
- $label_id = db_escape_string($_REQUEST['id']);
+ $label_id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
}
function colorset() {
- $kind = db_escape_string($_REQUEST["kind"]);
- $ids = split(',', db_escape_string($_REQUEST["ids"]));
- $color = db_escape_string($_REQUEST["color"]);
- $fg = db_escape_string($_REQUEST["fg"]);
- $bg = db_escape_string($_REQUEST["bg"]);
+ $kind = db_escape_string($this->link, $_REQUEST["kind"]);
+ $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"]));
+ $color = db_escape_string($this->link, $_REQUEST["color"]);
+ $fg = db_escape_string($this->link, $_REQUEST["fg"]);
+ $bg = db_escape_string($this->link, $_REQUEST["bg"]);
foreach ($ids as $id) {
AND owner_uid = " . $_SESSION["uid"]);
}
- $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
+ $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
}
function colorreset() {
- $ids = split(',', db_escape_string($_REQUEST["ids"]));
+ $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
- $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
+ $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
function save() {
- $id = db_escape_string($_REQUEST["id"]);
- $caption = db_escape_string(trim($_REQUEST["caption"]));
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $caption = db_escape_string($this->link, trim($_REQUEST["caption"]));
db_query($this->link, "BEGIN");
/* Update filters that reference label being renamed */
- $old_caption = db_escape_string($old_caption);
+ $old_caption = db_escape_string($this->link, $old_caption);
db_query($this->link, "UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove($this->link, $id, $_SESSION["uid"]);
}
function add() {
- $caption = db_escape_string($_REQUEST["caption"]);
- $output = db_escape_string($_REQUEST["output"]);
+ $caption = db_escape_string($this->link, $_REQUEST["caption"]);
+ $output = db_escape_string($this->link, $_REQUEST["output"]);
if ($caption) {
function index() {
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
- $label_search = db_escape_string($_REQUEST["search"]);
+ $label_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;
foreach (array_keys($_POST) as $pref_name) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($_POST[$pref_name]);
+ $pref_name = db_escape_string($this->link, $pref_name);
+ $value = db_escape_string($this->link, $_POST[$pref_name]);
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) {
function getHelp() {
- $pref_name = db_escape_string($_REQUEST["pn"]);
+ $pref_name = db_escape_string($this->link, $_REQUEST["pn"]);
$result = db_query($this->link, "SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
function changeemail() {
- $email = db_escape_string($_POST["email"]);
- $full_name = db_escape_string($_POST["full_name"]);
+ $email = db_escape_string($this->link, $_POST["email"]);
+ $full_name = db_escape_string($this->link, $_POST["full_name"]);
$active_uid = $_SESSION["uid"];
}
function otpenable() {
- $password = db_escape_string($_REQUEST["password"]);
+ $password = db_escape_string($this->link, $_REQUEST["password"]);
$enable_otp = $_REQUEST["enable_otp"] == "on";
global $pluginhost;
}
function otpdisable() {
- $password = db_escape_string($_REQUEST["password"]);
+ $password = db_escape_string($this->link, $_REQUEST["password"]);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
}
function clearplugindata() {
- $name = db_escape_string($_REQUEST["name"]);
+ $name = db_escape_string($this->link, $_REQUEST["name"]);
global $pluginhost;
$pluginhost->clear_data($pluginhost->get_plugin($name));
header("Content-Type: text/xml");
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
print "<dlg id=\"$method\">";
print "<title>".__('User Editor')."</title>";
}
function editSave() {
- $login = db_escape_string(trim($_REQUEST["login"]));
- $uid = db_escape_string($_REQUEST["id"]);
+ $login = db_escape_string($this->link, trim($_REQUEST["login"]));
+ $uid = db_escape_string($this->link, $_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
- $email = db_escape_string(trim($_REQUEST["email"]));
- $password = db_escape_string(trim($_REQUEST["password"]));
+ $email = db_escape_string($this->link, trim($_REQUEST["email"]));
+ $password = db_escape_string($this->link, trim($_REQUEST["password"]));
if ($password) {
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
}
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
function add() {
- $login = db_escape_string(trim($_REQUEST["login"]));
+ $login = db_escape_string($this->link, trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
function resetPass() {
- $uid = db_escape_string($_REQUEST["id"]);
+ $uid = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link, "SELECT login,email
FROM ttrss_users WHERE id = '$uid'");
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
- $user_search = db_escape_string($_REQUEST["search"]);
+ $user_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
__('Search')."</button>
</div>";
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
}
function setprofile() {
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
$_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array();
}
function remprofiles() {
- $ids = explode(",", db_escape_string(trim($_REQUEST["ids"])));
+ $ids = explode(",", db_escape_string($this->link, trim($_REQUEST["ids"])));
foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) {
// Silent
function addprofile() {
- $title = db_escape_string(trim($_REQUEST["title"]));
+ $title = db_escape_string($this->link, trim($_REQUEST["title"]));
if ($title) {
db_query($this->link, "BEGIN");
// Silent
function saveprofile() {
- $id = db_escape_string($_REQUEST["id"]);
- $title = db_escape_string(trim($_REQUEST["value"]));
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $title = db_escape_string($this->link, trim($_REQUEST["value"]));
if ($id == 0) {
print __("Default profile");
// Silent
function remarchive() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
$result = db_query($this->link, "DELETE FROM ttrss_archived_feeds WHERE
}
function addfeed() {
- $feed = db_escape_string($_REQUEST['feed']);
- $cat = db_escape_string($_REQUEST['cat']);
- $login = db_escape_string($_REQUEST['login']);
- $pass = db_escape_string($_REQUEST['pass']);
- $need_auth = db_escape_string($_REQUEST['need_auth']) != "";
+ $feed = db_escape_string($this->link, $_REQUEST['feed']);
+ $cat = db_escape_string($this->link, $_REQUEST['cat']);
+ $login = db_escape_string($this->link, $_REQUEST['login']);
+ $pass = db_escape_string($this->link, $_REQUEST['pass']);
+ $need_auth = db_escape_string($this->link, $_REQUEST['need_auth']) != "";
$rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass, $need_auth);
}
function togglepref() {
- $key = db_escape_string($_REQUEST["key"]);
+ $key = db_escape_string($this->link, $_REQUEST["key"]);
set_pref($this->link, $key, !get_pref($this->link, $key));
$value = get_pref($this->link, $key);
function mark() {
$mark = $_REQUEST["mark"];
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
if ($mark == "1") {
$mark = "true";
}
function delete() {
- $ids = db_escape_string($_REQUEST["ids"]);
+ $ids = db_escape_string($this->link, $_REQUEST["ids"]);
$result = db_query($this->link, "DELETE FROM ttrss_user_entries
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
}
function unarchive() {
- $ids = db_escape_string($_REQUEST["ids"]);
+ $ids = db_escape_string($this->link, $_REQUEST["ids"]);
$result = db_query($this->link, "UPDATE ttrss_user_entries
SET feed_id = orig_feed_id, orig_feed_id = NULL
}
function archive() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
$this->archive_article($this->link, $id, $_SESSION["uid"]);
function publ() {
$pub = $_REQUEST["pub"];
- $id = db_escape_string($_REQUEST["id"]);
- $note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"])));
if ($pub == "1") {
$pub = "true";
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
function catchupSelected() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById($this->link, $ids, $cmode);
}
function markSelected() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->markArticlesById($this->link, $ids, $cmode);
}
function publishSelected() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->publishArticlesById($this->link, $ids, $cmode);
function setArticleTags() {
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
- $tags_str = db_escape_string($_REQUEST["tags_str"]);
+ $tags_str = db_escape_string($this->link, $_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
db_query($this->link, "BEGIN");
}
function completeLabels() {
- $search = db_escape_string($_REQUEST["search"]);
+ $search = db_escape_string($this->link, $_REQUEST["search"]);
$result = db_query($this->link, "SELECT DISTINCT caption FROM
ttrss_labels2
function completeTags() {
- $search = db_escape_string($_REQUEST["search"]);
+ $search = db_escape_string($this->link, $_REQUEST["search"]);
$result = db_query($this->link, "SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = '".$_SESSION["uid"]."' AND
}
function purge() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
$days = sprintf("%d", $_REQUEST["days"]);
foreach ($ids as $id) {
}
function getArticles() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
$articles = array();
foreach ($ids as $id) {
}
function checkDate() {
- $date = db_escape_string($_REQUEST["date"]);
+ $date = db_escape_string($this->link, $_REQUEST["date"]);
$date_parsed = strtotime($date);
print json_encode(array("result" => (bool)$date_parsed,
function labelops($assign) {
$reply = array();
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
- $label_id = db_escape_string($_REQUEST["lid"]);
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
+ $label_id = db_escape_string($this->link, $_REQUEST["lid"]);
- $label = db_escape_string(label_find_caption($this->link, $label_id,
+ $label = db_escape_string($this->link, label_find_caption($this->link, $label_id,
$_SESSION["uid"]));
$reply["info-for-headlines"] = array();
}
function updateFeedBrowser() {
- $search = db_escape_string($_REQUEST["search"]);
- $limit = db_escape_string($_REQUEST["limit"]);
- $mode = (int) db_escape_string($_REQUEST["mode"]);
+ $search = db_escape_string($this->link, $_REQUEST["search"]);
+ $limit = db_escape_string($this->link, $_REQUEST["limit"]);
+ $mode = (int) db_escape_string($this->link, $_REQUEST["mode"]);
require_once "feedbrowser.php";
if ($mode == 1) {
foreach ($payload as $feed) {
- $title = db_escape_string($feed[0]);
- $feed_url = db_escape_string($feed[1]);
+ $title = db_escape_string($this->link, $feed[0]);
+ $feed_url = db_escape_string($this->link, $feed[1]);
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
- $site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
- $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
- $title = db_escape_string(db_fetch_result($result, 0, "title"));
+ $site_url = db_escape_string($this->link, db_fetch_result($result, 0, "site_url"));
+ $feed_url = db_escape_string($this->link, db_fetch_result($result, 0, "feed_url"));
+ $title = db_escape_string($this->link, db_fetch_result($result, 0, "title"));
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
}
function catchupFeed() {
- $feed_id = db_escape_string($_REQUEST['feed_id']);
- $is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
- $max_id = (int) db_escape_string($_REQUEST['max_id']);
+ $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']);
+ $is_cat = db_escape_string($this->link, $_REQUEST['is_cat']) == "true";
+ $max_id = (int) db_escape_string($this->link, $_REQUEST['max_id']);
catchup_feed($this->link, $feed_id, $is_cat, false, $max_id);
}
function quickAddCat() {
- $cat = db_escape_string($_REQUEST["cat"]);
+ $cat = db_escape_string($this->link, $_REQUEST["cat"]);
add_feed_category($this->link, $cat);
}
function regenFeedKey() {
- $feed_id = db_escape_string($_REQUEST['id']);
- $is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
+ $feed_id = db_escape_string($this->link, $_REQUEST['id']);
+ $is_cat = db_escape_string($this->link, $_REQUEST['is_cat']) == "true";
$new_key = $this->update_feed_access_key($this->link, $feed_id, $is_cat);
}
function batchAddFeeds() {
- $cat_id = db_escape_string($_REQUEST['cat']);
- $feeds = explode("\n", db_escape_string($_REQUEST['feeds']));
- $login = db_escape_string($_REQUEST['login']);
- $pass = db_escape_string($_REQUEST['pass']);
- $need_auth = db_escape_string($_REQUEST['need_auth']) != "";
+ $cat_id = db_escape_string($this->link, $_REQUEST['cat']);
+ $feeds = explode("\n", db_escape_string($this->link, $_REQUEST['feeds']));
+ $login = db_escape_string($this->link, $_REQUEST['login']);
+ $pass = db_escape_string($this->link, $_REQUEST['pass']);
+ $need_auth = db_escape_string($this->link, $_REQUEST['need_auth']) != "";
foreach ($feeds as $feed) {
$feed = trim($feed);
}
function setScore() {
- $ids = db_escape_string($_REQUEST['id']);
- $score = (int)db_escape_string($_REQUEST['score']);
+ $ids = db_escape_string($this->link, $_REQUEST['id']);
+ $score = (int)db_escape_string($this->link, $_REQUEST['score']);
db_query($this->link, "UPDATE ttrss_user_entries SET
score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
AND owner_uid = " . $owner_uid);
if (db_num_rows($result) == 1) {
- $key = db_escape_string(sha1(uniqid(rand(), true)));
+ $key = db_escape_string($this->link, sha1(uniqid(rand(), true)));
db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key'
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
}
function getlinkbyid() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]);
function get_pref($link, $pref_name, $user_id = false, $die_on_error = false) {
- $pref_name = db_escape_string($pref_name);
+ $pref_name = db_escape_string($link, $pref_name);
$prefs_cache = true;
$profile = false;
}
function set_pref($link, $pref_name, $value, $user_id = false, $strip_tags = true) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($value, $strip_tags);
+ $pref_name = db_escape_string($link, $pref_name);
+ $value = db_escape_string($link, $value, $strip_tags);
if (!$user_id) {
$user_id = $_SESSION["uid"];
}
}
-function db_escape_string($s, $strip_tags = true, $link = NULL) {
+function db_escape_string($link, $s, $strip_tags = true) {
if ($strip_tags) $s = strip_tags($s);
if (DB_TYPE == "pgsql") {
- if ($link) {
- return pg_escape_string($link, $s);
- } else {
- return pg_escape_string($s);
- }
+ return pg_escape_string($link, $s);
} else {
- if ($link) {
- return mysql_real_escape_string($s, $link);
- } else {
- return mysql_real_escape_string($s);
- }
+ return mysql_real_escape_string($s, $link);
}
}
function initialize_user_prefs($link, $uid, $profile = false) {
- $uid = db_escape_string($uid);
+ $uid = db_escape_string($link, $uid);
if (!$profile) {
$profile = "NULL";
}
}
- if (db_escape_string("testTEST") != "testTEST") {
+ if (db_escape_string($link, "testTEST") != "testTEST") {
$error_code = 12;
}
} else { // tag
db_query($link, "BEGIN");
- $tag_name = db_escape_string($feed);
+ $tag_name = db_escape_string($link, $feed);
$result = db_query($link, "SELECT post_int_id FROM ttrss_tags
WHERE tag_name = '$tag_name' AND owner_uid = $owner_uid");
return 0;
} else if ($feed != "0" && $n_feed == 0) {
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
$result = db_query($link, "SELECT SUM((SELECT COUNT(int_id)
FROM ttrss_user_entries,ttrss_entries WHERE int_id = post_int_id
function get_article_tags($link, $id, $owner_uid = 0, $tag_cache = false) {
- $a_id = db_escape_string($id);
+ $a_id = db_escape_string($link, $id);
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
/* update the cache */
- $tags_str = db_escape_string(join(",", $tags));
+ $tags_str = db_escape_string($link, join(",", $tags));
db_query($link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id'
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "access_key");
} else {
- $key = db_escape_string(sha1(uniqid(rand(), true)));
+ $key = db_escape_string($link, sha1(uniqid(rand(), true)));
$result = db_query($link, "INSERT INTO ttrss_access_keys
(access_key, feed_id, is_cat, owner_uid)
if ($regexp_valid) {
- $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+ $rule['reg_exp'] = db_escape_string($link, $rule['reg_exp']);
switch ($rule["type"]) {
case "title":
}
if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
- $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+ $qpart .= " AND feed_id = " . db_escape_string($link, $rule["feed_id"]);
}
if (isset($rule["cat_id"])) {
if (!$labels)
$labels = get_article_labels($link, $id);
- $labels = db_escape_string(json_encode($labels));
+ $labels = db_escape_string($link, json_encode($labels));
db_query($link, "UPDATE ttrss_user_entries SET
label_cache = '$labels' WHERE ref_id = '$id' AND owner_uid = '$owner_uid'");
$count = 0;
while ($line = db_fetch_assoc($result)) {
- $subscribers = db_escape_string($line["subscribers"]);
- $feed_url = db_escape_string($line["feed_url"]);
- $title = db_escape_string($line["title"]);
- $site_url = db_escape_string($line["site_url"]);
+ $subscribers = db_escape_string($link, $line["subscribers"]);
+ $feed_url = db_escape_string($link, $line["feed_url"]);
+ $title = db_escape_string($link, $line["title"]);
+ $site_url = db_escape_string($link, $line["site_url"]);
$tmp_result = db_query($link, "SELECT subscribers FROM
ttrss_feedbrowser_cache WHERE feed_url = '$feed_url'");
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
$fetch_url = db_fetch_result($result, 0, "feed_url");
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
/* if ($auth_login && $auth_pass ){
$url_parts = array();
_debug("update_rss_feed: unable to fetch: $fetch_last_error");
}
- $error_escaped = db_escape_string($fetch_last_error);
+ $error_escaped = db_escape_string($link, $fetch_last_error);
db_query($link,
"UPDATE ttrss_feeds SET last_error = '$error_escaped',
// print_r($rss);
- $feed = db_escape_string($feed);
+ $feed = db_escape_string($link, $feed);
if (!$rss->error()) {
$owner_uid = db_fetch_result($result, 0, "owner_uid");
- $site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
+ $site_url = db_escape_string($link, mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
if ($debug_enabled) {
_debug("update_rss_feed: checking favicon...");
if (!$registered_title || $registered_title == "[Unknown]") {
- $feed_title = db_escape_string($rss->get_title());
+ $feed_title = db_escape_string($link, $rss->get_title());
if ($debug_enabled) {
_debug("update_rss_feed: registering title: $feed_title");
$entry_author = $entry_author_item->get_name();
if (!$entry_author) $entry_author = $entry_author_item->get_email();
- $entry_author = db_escape_string($entry_author);
+ $entry_author = db_escape_string($link, $entry_author);
}
- $entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245));
+ $entry_guid = db_escape_string($link, mb_substr($entry_guid, 0, 245));
- $entry_comments = db_escape_string(mb_substr($entry_comments, 0, 245));
- $entry_author = db_escape_string(mb_substr($entry_author, 0, 245));
+ $entry_comments = db_escape_string($link, mb_substr($entry_comments, 0, 245));
+ $entry_author = db_escape_string($link, mb_substr($entry_author, 0, 245));
$num_comments = $item->get_item_tags('http://purl.org/rss/1.0/modules/slash/', 'comments');
// FIXME not sure if owner_uid is a good idea here, we may have a base entry without user entry (?)
$result = db_query($link, "SELECT plugin_data,title,content,link,tag_cache,author FROM ttrss_entries, ttrss_user_entries
- WHERE ref_id = id AND guid = '".db_escape_string($entry_guid)."' AND owner_uid = $owner_uid");
+ WHERE ref_id = id AND guid = '".db_escape_string($link, $entry_guid)."' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
$entry_plugin_data = db_fetch_result($result, 0, "plugin_data");
}
$entry_tags = $article["tags"];
- $entry_guid = db_escape_string($entry_guid);
- $entry_title = db_escape_string($article["title"]);
- $entry_author = db_escape_string($article["author"]);
- $entry_link = db_escape_string($article["link"]);
- $entry_plugin_data = db_escape_string($article["plugin_data"]);
+ $entry_guid = db_escape_string($link, $entry_guid);
+ $entry_title = db_escape_string($link, $article["title"]);
+ $entry_author = db_escape_string($link, $article["author"]);
+ $entry_link = db_escape_string($link, $article["link"]);
+ $entry_plugin_data = db_escape_string($link, $article["plugin_data"]);
$entry_content = $article["content"]; // escaped below
if ($cache_images && is_writable(CACHE_DIR . '/images'))
cache_images($entry_content, $site_url, $debug_enabled);
- $entry_content = db_escape_string($entry_content, false);
+ $entry_content = db_escape_string($link, $entry_content, false);
$content_hash = "SHA1:" . sha1($entry_content);
$update_insignificant = false;
}
- if (db_escape_string($orig_title) != $entry_title) {
+ if (db_escape_string($link, $orig_title) != $entry_title) {
$post_needs_update = true;
$update_insignificant = false;
}
db_query($link, "BEGIN");
foreach ($enclosures as $enc) {
- $enc_url = db_escape_string($enc[0]);
- $enc_type = db_escape_string($enc[1]);
- $enc_dur = db_escape_string($enc[2]);
+ $enc_url = db_escape_string($link, $enc[0]);
+ $enc_type = db_escape_string($link, $enc[1]);
+ $enc_dur = db_escape_string($link, $enc[2]);
$result = db_query($link, "SELECT id FROM ttrss_enclosures
WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'");
foreach ($filtered_tags as $tag) {
$tag = sanitize_tag($tag);
- $tag = db_escape_string($tag);
+ $tag = db_escape_string($link, $tag);
if (!tag_is_valid($tag)) continue;
$tags_to_cache = array_unique($tags_to_cache);
- $tags_str = db_escape_string(join(",", $tags_to_cache));
+ $tags_str = db_escape_string($link, join(",", $tags_to_cache));
db_query($link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id'
} else {
- $error_msg = db_escape_string(mb_substr($rss->error(), 0, 245));
+ $error_msg = db_escape_string($link, mb_substr($rss->error(), 0, 245));
if ($debug_enabled) {
_debug("update_rss_feed: error fetching feed: $error_msg");
$expire = time() + $session_expire;
- $data = db_escape_string(base64_encode($data), false, $session_connection);
+ $data = db_escape_string($session_connection, base64_encode($data), false);
if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data',
global $session_connection;
- db_close($session_connection);
+ //db_close($session_connection);
return true;
}
$op = $_REQUEST['op'];
if ($op == "publish"){
- $key = db_escape_string($_REQUEST["key"]);
+ $key = db_escape_string($link, $_REQUEST["key"]);
$result = db_query($link, "SELECT owner_uid
FROM ttrss_access_keys WHERE
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
- $login = db_escape_string($login);
- $otp = db_escape_string($_REQUEST["otp"]);
+ $login = db_escape_string($this->link, $login);
+ $otp = db_escape_string($this->link, $_REQUEST["otp"]);
if (get_schema_version($this->link) > 96) {
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
}
function check_password($owner_uid, $password) {
- $owner_uid = db_escape_string($owner_uid);
+ $owner_uid = db_escape_string($this->link, $owner_uid);
$result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE
id = '$owner_uid'");
}
function change_password($owner_uid, $old_password, $new_password) {
- $owner_uid = db_escape_string($owner_uid);
+ $owner_uid = db_escape_string($this->link, $owner_uid);
if ($this->check_password($owner_uid, $old_password)) {
}
function get_login_by_ssl_certificate() {
- $cert_serial = db_escape_string(get_ssl_certificate_id());
+ $cert_serial = db_escape_string($this->link, get_ssl_certificate_id());
if ($cert_serial) {
$result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users
owner_uid = ttrss_users.id");
if (db_num_rows($result) != 0) {
- return db_escape_string(db_fetch_result($result, 0, "login"));
+ return db_escape_string($this->link, db_fetch_result($result, 0, "login"));
}
}
function authenticate($login, $password) {
- $try_login = db_escape_string($_SERVER["REMOTE_USER"]);
+ $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]);
// php-cgi
- if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]);
+ if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]);
if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
# if (!$try_login) $try_login = "test_qqq";
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
if ($fullname){
- $fullname = db_escape_string($fullname);
+ $fullname = db_escape_string($this->link, $fullname);
db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
$user_id);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
if ($email){
- $email = db_escape_string($email);
+ $email = db_escape_string($this->link, $email);
db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " .
$user_id);
}
}
function digestgetcontents() {
- $article_id = db_escape_string($_REQUEST['article_id']);
+ $article_id = db_escape_string($this->link, $_REQUEST['article_id']);
$result = db_query($this->link, "SELECT content,title,link,marked,published
FROM ttrss_entries, ttrss_user_entries
}
function digestupdate() {
- $feed_id = db_escape_string($_REQUEST['feed_id']);
- $offset = db_escape_string($_REQUEST['offset']);
- $seq = db_escape_string($_REQUEST['seq']);
+ $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']);
+ $offset = db_escape_string($this->link, $_REQUEST['offset']);
+ $seq = db_escape_string($this->link, $_REQUEST['seq']);
if (!$feed_id) $feed_id = -4;
if (!$offset) $offset = 0;
}
function getUrl() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT link
FROM ttrss_entries, ttrss_user_entries
}
function save() {
- $example_value = db_escape_string($_POST["example_value"]);
+ $example_value = db_escape_string($this->link, $_POST["example_value"]);
$this->host->set($this, "example", $example_value);
}
function getInfo() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
}
function getInfo() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
}
function save() {
- $example_value = db_escape_string($_POST["example_value"]);
+ $example_value = db_escape_string($this->link, $_POST["example_value"]);
echo "Value set to $example_value (not really)";
}
}
function exportrun() {
- $offset = (int) db_escape_string($_REQUEST['offset']);
+ $offset = (int) db_escape_string($this->link, $_REQUEST['offset']);
$exported = 0;
$limit = 250;
foreach ($article_node->childNodes as $child) {
if ($child->nodeName != 'label_cache')
- $article[$child->nodeName] = db_escape_string($child->nodeValue);
+ $article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue);
else
$article[$child->nodeName] = $child->nodeValue;
}
$score = (int) $article['score'];
$tag_cache = $article['tag_cache'];
- $label_cache = db_escape_string($article['label_cache']);
+ $label_cache = db_escape_string($this->link, $article['label_cache']);
$note = $article['note'];
//print "Importing " . $article['title'] . "<br/>";
WHERE instance_id = '$id'");
foreach ($feeds['feeds'] as $feed) {
- $feed_url = db_escape_string($feed['feed_url']);
- $title = db_escape_string($feed['title']);
- $subscribers = db_escape_string($feed['subscribers']);
- $site_url = db_escape_string($feed['site_url']);
+ $feed_url = db_escape_string($this->link, $feed['feed_url']);
+ $title = db_escape_string($this->link, $feed['title']);
+ $subscribers = db_escape_string($this->link, $feed['subscribers']);
+ $site_url = db_escape_string($this->link, $feed['site_url']);
db_query($link, "INSERT INTO ttrss_linked_feeds
(feed_url, site_url, title, subscribers, instance_id, created, updated)
}
function remove() {
- $ids = db_escape_string($_REQUEST['ids']);
+ $ids = db_escape_string($this->link, $_REQUEST['ids']);
db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
id IN ($ids)");
}
function add() {
- $id = db_escape_string($_REQUEST["id"]);
- $access_url = db_escape_string($_REQUEST["access_url"]);
- $access_key = db_escape_string($_REQUEST["access_key"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
+ $access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
db_query($this->link, "BEGIN");
}
function edit() {
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
id = '$id'");
}
function editSave() {
- $id = db_escape_string($_REQUEST["id"]);
- $access_url = db_escape_string($_REQUEST["access_url"]);
- $access_key = db_escape_string($_REQUEST["access_key"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $access_url = db_escape_string($this->link, $_REQUEST["access_url"]);
+ $access_key = db_escape_string($this->link, $_REQUEST["access_key"]);
db_query($this->link, "UPDATE ttrss_linked_instances SET
access_key = '$access_key', access_url = '$access_url',
print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "access_url";
function fbexport() {
- $access_key = db_escape_string($_POST["key"]);
+ $access_key = db_escape_string($this->link, $_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
function emailArticle() {
- $param = db_escape_string($_REQUEST['param']);
+ $param = db_escape_string($this->link, $_REQUEST['param']);
$secretkey = sha1(uniqid(rand(), true));
if (!$rc) {
$reply['error'] = $mail->ErrorInfo;
} else {
- save_email_address($this->link, db_escape_string($destination));
+ save_email_address($this->link, db_escape_string($this->link, $destination));
$reply['message'] = "UPDATE_COUNTERS";
}
}
function completeEmails() {
- $search = db_escape_string($_REQUEST["search"]);
+ $search = db_escape_string($this->link, $_REQUEST["search"]);
print "<ul>";
function emailArticle() {
- $param = db_escape_string($_REQUEST['param']);
+ $param = db_escape_string($this->link, $_REQUEST['param']);
require_once "lib/MiniTemplator.class.php";
}
function edit() {
- $param = db_escape_string($_REQUEST['param']);
+ $param = db_escape_string($this->link, $_REQUEST['param']);
$result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE
ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
}
function setNote() {
- $id = db_escape_string($_REQUEST["id"]);
- $note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"])));
db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note'
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
}
function save() {
- $tags = explode(",", db_escape_string($_POST["tags"]));
+ $tags = explode(",", db_escape_string($this->link, $_POST["tags"]));
$tags = array_map("trim", $tags);
$tags = array_map("mb_strtolower", $tags);
$tags = join(", ", $tags);
}
function save() {
- $owncloud_url = db_escape_string($_POST["owncloud_url"]);
+ $owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]);
$this->host->set($this, "owncloud", $owncloud_url);
echo "Value set to $owncloud_url";
}
}
function getOwnCloud() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
}
function getInfo() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
}
function getInfo() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
}
function shareArticle() {
- $param = db_escape_string($_REQUEST['param']);
+ $param = db_escape_string($this->link, $_REQUEST['param']);
$result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
$ref_id = db_fetch_result($result, 0, "ref_id");
if (!$uuid) {
- $uuid = db_escape_string(sha1(uniqid(rand(), true)));
+ $uuid = db_escape_string($this->link, sha1(uniqid(rand(), true)));
db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
}
}
function getInfo() {
- $id = db_escape_string($_REQUEST['id']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
if ($action == "check") {
header("Content-Type: application/xml");
- $login = trim(db_escape_string($_REQUEST['login']));
+ $login = trim(db_escape_string($link, $_REQUEST['login']));
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
LOWER(login) = LOWER('$login')");
<?php } else if ($action == "do_register") { ?>
<?php
- $login = mb_strtolower(trim(db_escape_string($_REQUEST["login"])));
- $email = trim(db_escape_string($_REQUEST["email"]));
- $test = trim(db_escape_string($_REQUEST["turing_test"]));
+ $login = mb_strtolower(trim(db_escape_string($link, $_REQUEST["login"])));
+ $email = trim(db_escape_string($link, $_REQUEST["email"]));
+ $test = trim(db_escape_string($link, $_REQUEST["turing_test"]));
if (!$login || !$email || !$test) {
print_error(__("Your registration information is incomplete."));
projects / tt-rss.git / commitdiff