]> git.wh0rd.org Git - tt-rss.git/commitdiff
support for changing category of selected feeds, misc RPC security fixes and prefs...
authorAndrew Dolgov <fox@madoka.spb.ru>
Tue, 29 Nov 2005 09:11:43 +0000 (10:11 +0100)
committerAndrew Dolgov <fox@madoka.spb.ru>
Tue, 29 Nov 2005 09:11:43 +0000 (10:11 +0100)
backend.php
prefs.js
tt-rss.css

index 219a3760f5e6b71e3c8f7fab072359576cbab012..aa2a1b3bc9dfd39c721b90e53e8d3c6a49900f6b 100644 (file)
                /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
                if ($subop == "catchupSelected") {
 
-                       $ids = split(",", $_GET["ids"]);
+                       $ids = split(",", db_escape_string($_GET["ids"]));
 
                        $cmode = sprintf("%d", $_GET["cmode"]);
 
 
                if ($subop == "markSelected") {
 
-                       $ids = split(",", $_GET["ids"]);
+                       $ids = split(",", db_escape_string($_GET["ids"]));
 
                        $cmode = sprintf("%d", $_GET["cmode"]);
 
 
                }
 
-               $search = $_GET["search"];
-
-               $search_mode = $_GET["smode"];
+               $search = db_escape_string($_GET["search"]);
+               $search_mode = db_escape_string($_GET["smode"]);
 
                if ($search) {
                        $search_query_part = "(upper(title) LIKE upper('%$search%') 
                $subop = $_GET["subop"];
 
                if ($subop == "unread") {
-                       $ids = split(",", $_GET["ids"]);
+                       $ids = split(",", db_escape_string($_GET["ids"]));
                        foreach ($ids as $id) {
                                db_query($link, "UPDATE ttrss_user_entries SET unread = true 
                                        WHERE feed_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
                }
 
                if ($subop == "read") {
-                       $ids = split(",", $_GET["ids"]);
+                       $ids = split(",", db_escape_string($_GET["ids"]));
                        foreach ($ids as $id) {
                                db_query($link, "UPDATE ttrss_user_entries 
                                        SET unread = false,last_read = NOW() WHERE 
 
                        if (!WEB_DEMO_MODE) {
 
-                               $ids = split(",", $_GET["ids"]);
+                               $ids = split(",", db_escape_string($_GET["ids"]));
 
                                foreach ($ids as $id) {
                                        db_query($link, "DELETE FROM ttrss_feeds 
 
                        if (!WEB_DEMO_MODE) {
 
-                               $ids = split(",", $_GET["ids"]);
+                               $ids = split(",", db_escape_string($_GET["ids"]));
 
                                foreach ($ids as $id) {
 
                        }
                }
 
+               if ($subop == "categorize") {
+
+                       if (!WEB_DEMO_MODE) {
+
+                               $ids = split(",", db_escape_string($_GET["ids"]));
+
+                               $cat_id = db_escape_string($_GET["cat_id"]);
+
+                               if ($cat_id == 0) {
+                                       $cat_id_qpart = 'NULL';
+                               } else {
+                                       $cat_id_qpart = "'$cat_id'";
+                               }
+
+                               db_query($link, "BEGIN");
+
+                               foreach ($ids as $id) {
+                               
+                                       db_query($link, "UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
+                                               WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+                               }
+
+                               db_query($link, "COMMIT");
+                       }
+
+               }
+
 //             print "<h3>Edit Feeds</h3>";
 
                $result = db_query($link, "SELECT id,title,feed_url,last_error 
 
                }
 
-               print "<p><div class=\"prefGenericAddBox\">
-                       <input id=\"fadd_link\" size=\"40\">&nbsp;<input 
-                               type=\"submit\" class=\"button\" 
-                               onclick=\"javascript:addFeed()\" value=\"Add feed\"></div>";
+               $feed_search = db_escape_string($_GET["search"]);
+
+               if (array_key_exists("search", $_GET)) {
+                       $_SESSION["prefs_feed_search"] = $feed_search;
+               } else {
+                       $feed_search = $_SESSION["prefs_feed_search"];
+               }
+
+               print "<table width='100%' class=\"prefGenericAddBox\" 
+                       cellspacing='0' cellpadding='0'><tr>
+                       <td>
+                               <input id=\"fadd_link\" 
+                               onchange=\"javascript:addFeed()\"
+                               size=\"40\">
+                               <input type=\"submit\" class=\"button\"
+                               onclick=\"javascript:addFeed()\" value=\"Add feed\">
+                       </td><td align='right'>
+                               <input id=\"feed_search\" size=\"20\"  
+                               onchange=\"javascript:updateFeedList()\"
+                               value=\"$feed_search\">
+                               <input type=\"submit\" class=\"button\" 
+                               onclick=\"javascript:updateFeedList()\" value=\"Search\">
+                       </td>                   
+                       </tr></table>";
 
                $feeds_sort = db_escape_string($_GET["sort"]);
 
 
                $_SESSION["pref_sort_feeds"] = $feeds_sort;
 
+               if ($feed_search) {
+                       $search_qpart = "UPPER(title) LIKE UPPER('%$feed_search%') AND";
+               } else {
+                       $search_qpart = "";
+               }
+
                $result = db_query($link, "SELECT 
                                id,title,feed_url,substring(last_updated,1,16) as last_updated,
                                update_interval,purge_interval,
                                (SELECT title FROM ttrss_feed_categories 
                                        WHERE id = cat_id) AS category
                        FROM 
-                               ttrss_feeds WHERE owner_uid = '".$_SESSION["uid"]."' 
+                               ttrss_feeds 
+                       WHERE 
+                               $search_qpart owner_uid = '".$_SESSION["uid"]."'                        
                        ORDER by $feeds_sort,title");
 
                if (db_num_rows($result) != 0) {
                                        onclick=\"javascript:editSelectedFeed()\" value=\"Edit\">
                                <input type=\"submit\" class=\"button\" 
                                        onclick=\"javascript:removeSelectedFeeds()\" value=\"Remove\">";
-                                       
+
+                               if (get_pref($link, 'ENABLE_FEED_CATS')) {
+
+                                       print "&nbsp;&nbsp;";                           
+
+                                       $result = db_query($link, "SELECT title,id FROM ttrss_feed_categories
+                                               WHERE owner_uid = ".$_SESSION["uid"]."
+                                               ORDER BY title");
+
+                                       print "<select id=\"sfeed_set_fcat\">";
+                                       print "<option id=\"0\">Uncategorized</option>";
+
+                                       if (db_num_rows($result) != 0) {
+               
+                                               print "<option disabled>--------</option>";
+
+                                               while ($line = db_fetch_assoc($result)) {
+                                                       printf("<option id='%d'>%s</option>", 
+                                                               $line["id"], $line["title"]);
+                                               }               
+                                       }
+
+                                       print "</select>";
+
+                                       print " <input type=\"submit\" class=\"button\" 
+                                       onclick=\"javascript:categorizeSelectedFeeds()\" value=\"Set category\">";
+
+                               }
+
                                if (get_pref($link, 'ENABLE_PREFS_CATCHUP_UNCATCHUP')) {
                                        print "
                                        <input type=\"submit\" class=\"button\" 
                                }
                                
                                print "
-                                       All feeds: <input type=\"submit\" 
+                                       &nbsp;All feeds: <input type=\"submit\" 
                                                        class=\"button\" onclick=\"gotoExportOpml()\" 
                                                        value=\"Export OPML\">";                        
                                }
        //              print "<h3>Categories</h3>";
 
                        print "<div class=\"prefGenericAddBox\">
-                               <input id=\"fadd_cat\" size=\"40\">&nbsp;<input 
+                               <input id=\"fadd_cat\" 
+                                       onchange=\"javascript:addFeedCat()\"
+                                       size=\"40\">&nbsp;
+                               <input 
                                        type=\"submit\" class=\"button\" 
                                        onclick=\"javascript:addFeedCat()\" value=\"Add category\"></div>";
        
 
                        if (!WEB_DEMO_MODE) {
 
-                               $ids = split(",", $_GET["ids"]);
+                               $ids = split(",", db_escape_string($_GET["ids"]));
 
                                foreach ($ids as $id) {
                                        db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id'");
                }
 
                print "<div class=\"prefGenericAddBox\">
-               <input id=\"fadd_regexp\" size=\"40\">&nbsp;";
+               <input id=\"fadd_regexp\" onchange=\"javascript:addFilter()\" size=\"40\">&nbsp;";
                
                print_select("fadd_match", "Title", $filter_types);     
 
 
                        if (!WEB_DEMO_MODE) {
 
-                               $ids = split(",", $_GET["ids"]);
+                               $ids = split(",", db_escape_string($_GET["ids"]));
 
                                foreach ($ids as $id) {
                                        db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
 
                        if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
 
-                               $ids = split(",", $_GET["ids"]);
+                               $ids = split(",", db_escape_string($_GET["ids"]));
 
                                foreach ($ids as $id) {
                                        db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]);
                }
 
                print "<div class=\"prefGenericAddBox\">
-                       <input id=\"uadd_box\" size=\"40\">&nbsp;";
+                       <input id=\"uadd_box\" onchange=\"javascript:addUser()\" size=\"40\">&nbsp;";
                        
                print"<input type=\"submit\" class=\"button\" 
                        onclick=\"javascript:addUser()\" value=\"Add user\"></div>";
index 59af58fd1315c17d1f369a7f34d9ad509015fee3..421b06a63dc55941bf2b1033c197403007ae1614 100644 (file)
--- a/prefs.js
+++ b/prefs.js
@@ -171,8 +171,13 @@ function updateFeedList(sort_key) {
 
        p_notify("Loading, please wait...");
 
+       var feed_search = document.getElementById("feed_search");
+       var search = "";
+       if (feed_search) { search = feed_search.value; }
+
        xmlhttp.open("GET", "backend.php?op=pref-feeds" +
-               "&sort=" + param_escape(sort_key), true);
+               "&sort=" + param_escape(sort_key) + 
+               "&search=" + param_escape(search), true);
        xmlhttp.onreadystatechange=feedlist_callback;
        xmlhttp.send(null);
 
@@ -1171,3 +1176,32 @@ function closeInfoBox() {
                box.style.display = "none";
        }
 }
+
+function categorizeSelectedFeeds() {
+
+       if (!xmlhttp_ready(xmlhttp)) {
+               printLockingError();
+               return
+       }
+
+       var sel_rows = getSelectedFeeds();
+
+       var cat_sel = document.getElementById("sfeed_set_fcat");
+       var cat_id = cat_sel[cat_sel.selectedIndex].id;
+
+       if (sel_rows.length > 0) {
+
+               notify("Changing category of selected feeds...");
+
+               xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=categorize&ids="+
+                       param_escape(sel_rows.toString()) + "&cat_id=" + param_escape(cat_id), true);
+               xmlhttp.onreadystatechange=feedlist_callback;
+               xmlhttp.send(null);
+
+       } else {
+
+               notify("Please select some feeds first.");
+
+       }
+
+}
index 67970aff5fcbed006658b2044c04be2f85a21b44..6629f1caa97115827813018d698ea7ae01837306 100644 (file)
@@ -342,7 +342,7 @@ iframe {
 
 iframe.feedsFrame {
        width : 100%;
-       height : 90%;
+       height : 100%;
        margin : 0px;
        padding : 0px;
 }
@@ -649,7 +649,7 @@ span.insensitive {
        color : gray;
 }
 
-div.prefGenericAddBox {
+.prefGenericAddBox {
        margin : 5px;
 }