]> git.wh0rd.org Git - tt-rss.git/commitdiff
api, getArticle: check for article_id being present
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 15 May 2013 18:29:31 +0000 (22:29 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Wed, 15 May 2013 18:29:31 +0000 (22:29 +0400)
classes/api.php

index 98721e45d2b56c0e1008f90a710a6f9055287ffd..23866072fef5973371c2ba395690c25060ecda81 100644 (file)
@@ -307,54 +307,58 @@ class API extends Handler {
 
                $article_id = join(",", array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_id"])), is_numeric));
 
-               $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
-                       marked,unread,published,score,
-                       ".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
-                       author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
-                       FROM ttrss_entries,ttrss_user_entries
-                       WHERE   id IN ($article_id) AND ref_id = id AND owner_uid = " .
-                               $_SESSION["uid"] ;
+               if ($article_id) {
 
-               $result = $this->dbh->query($query);
+                       $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
+                               marked,unread,published,score,
+                               ".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
+                               author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
+                               FROM ttrss_entries,ttrss_user_entries
+                               WHERE   id IN ($article_id) AND ref_id = id AND owner_uid = " .
+                                       $_SESSION["uid"] ;
 
-               $articles = array();
+                       $result = $this->dbh->query($query);
 
-               if ($this->dbh->num_rows($result) != 0) {
+                       $articles = array();
 
-                       while ($line = $this->dbh->fetch_assoc($result)) {
-
-                               $attachments = get_article_enclosures($line['id']);
-
-                               $article = array(
-                                       "id" => $line["id"],
-                                       "title" => $line["title"],
-                                       "link" => $line["link"],
-                                       "labels" => get_article_labels($line['id']),
-                                       "unread" => sql_bool_to_bool($line["unread"]),
-                                       "marked" => sql_bool_to_bool($line["marked"]),
-                                       "published" => sql_bool_to_bool($line["published"]),
-                                       "comments" => $line["comments"],
-                                       "author" => $line["author"],
-                                       "updated" => (int) strtotime($line["updated"]),
-                                       "content" => $line["cached_content"] != "" ? $line["cached_content"] : $line["content"],
-                                       "feed_id" => $line["feed_id"],
-                                       "attachments" => $attachments,
-                                       "score" => (int)$line["score"],
-                                       "feed_title" => $line["feed_title"]
-                               );
+                       if ($this->dbh->num_rows($result) != 0) {
 
-                               foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) {
-                                       $article = $p->hook_render_article_api(array("article" => $article));
-                               }
+                               while ($line = $this->dbh->fetch_assoc($result)) {
+
+                                       $attachments = get_article_enclosures($line['id']);
+
+                                       $article = array(
+                                               "id" => $line["id"],
+                                               "title" => $line["title"],
+                                               "link" => $line["link"],
+                                               "labels" => get_article_labels($line['id']),
+                                               "unread" => sql_bool_to_bool($line["unread"]),
+                                               "marked" => sql_bool_to_bool($line["marked"]),
+                                               "published" => sql_bool_to_bool($line["published"]),
+                                               "comments" => $line["comments"],
+                                               "author" => $line["author"],
+                                               "updated" => (int) strtotime($line["updated"]),
+                                               "content" => $line["cached_content"] != "" ? $line["cached_content"] : $line["content"],
+                                               "feed_id" => $line["feed_id"],
+                                               "attachments" => $attachments,
+                                               "score" => (int)$line["score"],
+                                               "feed_title" => $line["feed_title"]
+                                       );
 
+                                       foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) {
+                                               $article = $p->hook_render_article_api(array("article" => $article));
+                                       }
 
-                               array_push($articles, $article);
 
-                       }
-               }
+                                       array_push($articles, $article);
 
-               $this->wrap(self::STATUS_OK, $articles);
+                               }
+                       }
 
+                       $this->wrap(self::STATUS_OK, $articles);
+               } else {
+                       $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE'));
+               }
        }
 
        function getConfig() {