From: Andrew Dolgov Date: Sun, 3 Dec 2017 06:43:18 +0000 (+0300) Subject: plugin base class: init pdo object X-Git-Tag: 17.12~26 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=b6f3562d1e2c30a696e6cfbea3703f4aa3138e8d;p=tt-rss.git plugin base class: init pdo object plugins/share: use PDO --- diff --git a/classes/plugin.php b/classes/plugin.php index fb4e08fb..69060b28 100644 --- a/classes/plugin.php +++ b/classes/plugin.php @@ -10,6 +10,10 @@ abstract class Plugin { abstract function about(); // return array(1.0, "plugin", "No description", "No author", false); + function __construct() { + $this->pdo = Db::pdo(); + } + function flags() { /* associative array, possible keys: needs_curl = boolean diff --git a/plugins/share/init.php b/plugins/share/init.php index 133f0944..84bc78eb 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -8,6 +8,7 @@ class Share extends Plugin { "fox"); } + /* @var PluginHost $host */ function init($host) { $this->host = $host; @@ -25,10 +26,11 @@ class Share extends Plugin { function unshare() { - $id = db_escape_string($_REQUEST['id']); + $id = $_REQUEST['id']; - db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); print "OK"; } @@ -48,20 +50,21 @@ class Share extends Plugin { // Silent function clearArticleKeys() { - db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE - owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE + owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); return; } function newkey() { - $id = db_escape_string($_REQUEST['id']); + $id = $_REQUEST['id']; + $uuid = uniqid_short(); - $uuid = db_escape_string(uniqid_short()); - - db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$uuid, $id, $_SESSION['uid']]); print json_encode(array("link" => $uuid)); } @@ -76,21 +79,22 @@ class Share extends Plugin { } function shareArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = $_REQUEST['param']; - $result = db_query("SELECT uuid FROM ttrss_user_entries WHERE int_id = '$param' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$param, $_SESSION['uid']]); - if (db_num_rows($result) == 0) { - print "Article not found."; - } else { + if ($row = $sth->fetch()) { - $uuid = db_fetch_result($result, 0, "uuid"); + $uuid = $row['uuid']; if (!$uuid) { - $uuid = db_escape_string(uniqid_short()); - db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' - AND owner_uid = " . $_SESSION['uid']); + $uuid = uniqid_short(); + + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$uuid, $param, $_SESSION['uid']]); } print __("You can share this article by the following unique URL:") . "
"; @@ -106,6 +110,10 @@ class Share extends Plugin { label_create(__('Shared'), $_SESSION["uid"]); label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */ + + + } else { + print "Article not found."; } print "
";