]> git.wh0rd.org Git - tt-rss.git/commitdiff
filters: cast score expression as integer on save to prevent misscoring
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 15 Apr 2011 07:42:22 +0000 (11:42 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 15 Apr 2011 07:42:22 +0000 (11:42 +0400)
modules/pref-filters.php

index 805562d9bc842718e073228fd5e46b1f5f6b23eb..dc9015f3a0296cc3773c9cf2547057e4dde923e4 100644 (file)
@@ -9,7 +9,7 @@
                        $root['name'] = __('Filters');
                        $root['items'] = array();
 
-                       $result = db_query($link, "SELECT 
+                       $result = db_query($link, "SELECT
                                        ttrss_filters.id AS id,reg_exp,
                                        ttrss_filter_types.name AS filter_type_name,
                                        ttrss_filter_types.description AS filter_type_descr,
@@ -23,7 +23,7 @@
                                        ttrss_feeds.title AS feed_title,
                                        ttrss_filter_actions.name AS action_name,
                                        ttrss_filters.action_param AS action_param
-                               FROM 
+                               FROM
                                        ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
                                                ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
                                WHERE
 
                                while ($line = db_fetch_assoc($result)) {
                                        if ($cur_action_description != $line['action_description']) {
-       
+
                                                if ($cat)
                                                        array_push($root['items'], $cat);
-       
+
                                                $cat = array();
                                                $cat['id'] = 'ACTION:' . $line['action_id'];
                                                $cat['name'] = $line['action_description'];
                                                $cat['items'] = array();
-       
+
                                                $cur_action_description = $line['action_description'];
                                        }
-       
-                                       if (array_search($line["action_name"], 
+
+                                       if (array_search($line["action_name"],
                                                array("score", "tag", "label")) === false) {
-       
+
                                                        $line["action_param"] = '';
                                        } else {
                                                if ($line['action_name'] == 'label') {
-       
+
                                                        $tmp_result = db_query($link, "SELECT fg_color, bg_color
                                                                FROM ttrss_labels2 WHERE caption = '".
                                                                        db_escape_string($line["action_param"])."' AND
                                                                        owner_uid = " . $_SESSION["uid"]);
-       
+
                                                        if (db_num_rows($tmp_result) != 0) {
                                                                $fg_color = db_fetch_result($tmp_result, 0, "fg_color");
                                                                $bg_color = db_fetch_result($tmp_result, 0, "bg_color");
-       
+
                                                                $tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
-       
+
                                                                $line['action_param'] = $tmp;
                                                        }
                                                }
                                        }
-       
+
                                        $filter = array();
                                        $filter['id'] = 'FILTER:' . $line['id'];
                                        $filter['bare_id'] = $line['id'];
                                        $filter['param'] = $line['action_param'];
                                        $filter['inverse'] = sql_bool_to_bool($line['inverse']);
                                        $filter['checkbox'] = false;
-       
+
                                        if ($line['feed_id'])
-                                               $filter['feed'] = $line['feed_title']; 
-       
+                                               $filter['feed'] = $line['feed_title'];
+
                                        array_push($cat['items'], $filter);
                                }
-       
+
                                array_push($root['items'], $cat);
                        }
 
 
                        $filter_id = db_escape_string($_REQUEST["id"]);
 
-                       $result = db_query($link, 
+                       $result = db_query($link,
                                "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
 
                        $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
 
                        print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
                        print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
-                       print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">"; 
-                       
-                       $result = db_query($link, "SELECT id,description 
+                       print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
+
+                       $result = db_query($link, "SELECT id,description
                                FROM ttrss_filter_types ORDER BY description");
-       
+
                        $filter_types = array();
-       
+
                        while ($line = db_fetch_assoc($result)) {
                                //array_push($filter_types, $line["description"]);
                                $filter_types[$line["id"]] = __($line["description"]);
                                         required=\"1\"
                                         name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
 
-                       print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";                 
+                       print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
                        print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
                                __('Check it')."</button>";
                        print "</span>";
 
                        print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
                                onchange=\"filterDlgCheckAction(this)\">";
-       
-                       $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions 
+
+                       $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
                                ORDER BY name");
 
                        while ($line = db_fetch_assoc($result)) {
-                               $is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";                  
+                               $is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
                                printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
                        }
-       
+
                        print "</select>";
 
                        $param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
 
                        $param_int_hidden = ($action_id == 7) ? "" : "display : none";
 
-                       print_label_select($link, "action_param_label", $action_param, 
-                        "style=\"$param_int_hidden\"" . 
+                       print_label_select($link, "action_param_label", $action_param,
+                        "style=\"$param_int_hidden\"" .
                         'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
 
                        print "</span>";
                        $filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
                        $filter_id = db_escape_string($_REQUEST["id"]);
                        $feed_id = db_escape_string($_REQUEST["feed_id"]);
-                       $action_id = db_escape_string($_REQUEST["action_id"]); 
-                       $action_param = db_escape_string($_REQUEST["action_param"]); 
-                       $action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
+                       $action_id = db_escape_string($_REQUEST["action_id"]);
+                       $action_param = db_escape_string($_REQUEST["action_param"]);
+                       $action_param_label = db_escape_string($_REQUEST["action_param_label"]);
                        $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
                        $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 
                                $action_param = $action_param_label;
                        }
 
-                       $result = db_query($link, "UPDATE ttrss_filters SET 
-                                       reg_exp = '$reg_exp', 
+                       if ($action_id == 6) {
+                               $action_param = (int) str_replace("+", "", $action_param);
+                       }
+
+                       $result = db_query($link, "UPDATE ttrss_filters SET
+                                       reg_exp = '$reg_exp',
                                        feed_id = $feed_id,
                                        action_id = '$action_id',
                                        filter_type = '$filter_type',
                }
 
                if ($subop == "remove") {
-                       
+
                        if ($memcache) $memcache->flush();
 
                        $ids = split(",", db_escape_string($_REQUEST["ids"]));
                        $regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
                        $filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
                        $feed_id = db_escape_string($_REQUEST["feed_id"]);
-                       $action_id = db_escape_string($_REQUEST["action_id"]); 
-                       $action_param = db_escape_string($_REQUEST["action_param"]); 
-                       $action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
+                       $action_id = db_escape_string($_REQUEST["action_id"]);
+                       $action_param = db_escape_string($_REQUEST["action_param"]);
+                       $action_param_label = db_escape_string($_REQUEST["action_param_label"]);
                        $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 
                        # for the time being, no other filters use params anyway...
                                $action_param = $action_param_label;
                        }
 
+                       if ($action_id == 6) {
+                               $action_param = (int) str_replace("+", "", $action_param);
+                       }
+
                        $result = db_query($link,
                                "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
-                                       action_id, action_param, inverse, filter_param) 
-                               VALUES 
-                                       ('$regexp', '$filter_type','".$_SESSION["uid"]."', 
+                                       action_id, action_param, inverse, filter_param)
+                               VALUES
+                                       ('$regexp', '$filter_type','".$_SESSION["uid"]."',
                                                $feed_id, '$action_id', '$action_param', $inverse, '$filter_param')");
 
                        if (db_affected_rows($link, $result) != 0) {
                        $sort = "reg_exp";
                }
 
-               $result = db_query($link, "SELECT id,description 
+               $result = db_query($link, "SELECT id,description
                        FROM ttrss_filter_types ORDER BY description");
 
                $filter_types = array();
                } else {
                        $filter_search = $_SESSION["prefs_filter_search"];
                }
-               
+
                print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
                print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
                print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
                print "<div dojoType=\"dijit.form.DropDownButton\">".
                                "<span>" . __('Select')."</span>";
                print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
-               print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" 
+               print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
                        dojoType=\"dijit.MenuItem\">".__('All')."</div>";
-               print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" 
+               print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
                        dojoType=\"dijit.MenuItem\">".__('None')."</div>";
                print "</div></div>";
-               
+
                print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
-                       __('Create filter')."</button> "; 
+                       __('Create filter')."</button> ";
 
                print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
                        __('Edit')."</button> ";
 
                if (defined('_ENABLE_FEED_DEBUGGING')) {
                        print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
-                               __('Rescore articles')."</button> "; 
+                               __('Rescore articles')."</button> ";
                }
 
                print "</div>"; # toolbar
                <img src='images/indicator_tiny.gif'>".
                 __("Loading, please wait...")."</div>";
 
-               print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\" 
+               print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
                        url=\"backend.php?op=pref-filters&subop=getfiltertree\">
                </div>
                <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
                query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
                        childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
                </div>
-               <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" 
+               <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
                        model=\"filterModel\" openOnClick=\"true\">
                <script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
                        Element.hide(\"filterlistLoading\");
 
                        if (id.match('FILTER:')) {
                                editFilter(bare_id);
-                       }                       
+                       }
                </script>
 
                </div>";