From 6f81395d73b8c1a03c9093303a0abc7d41ae616f Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Wed, 15 May 2013 22:29:31 +0400 Subject: [PATCH] api, getArticle: check for article_id being present --- classes/api.php | 80 ++++++++++++++++++++++++++----------------------- 1 file changed, 42 insertions(+), 38 deletions(-) diff --git a/classes/api.php b/classes/api.php index 98721e45..23866072 100644 --- a/classes/api.php +++ b/classes/api.php @@ -307,54 +307,58 @@ class API extends Handler { $article_id = join(",", array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_id"])), is_numeric)); - $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id, - marked,unread,published,score, - ".SUBSTRING_FOR_DATE."(updated,1,16) as updated, - author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title - FROM ttrss_entries,ttrss_user_entries - WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " . - $_SESSION["uid"] ; + if ($article_id) { - $result = $this->dbh->query($query); + $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id, + marked,unread,published,score, + ".SUBSTRING_FOR_DATE."(updated,1,16) as updated, + author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title + FROM ttrss_entries,ttrss_user_entries + WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " . + $_SESSION["uid"] ; - $articles = array(); + $result = $this->dbh->query($query); - if ($this->dbh->num_rows($result) != 0) { + $articles = array(); - while ($line = $this->dbh->fetch_assoc($result)) { - - $attachments = get_article_enclosures($line['id']); - - $article = array( - "id" => $line["id"], - "title" => $line["title"], - "link" => $line["link"], - "labels" => get_article_labels($line['id']), - "unread" => sql_bool_to_bool($line["unread"]), - "marked" => sql_bool_to_bool($line["marked"]), - "published" => sql_bool_to_bool($line["published"]), - "comments" => $line["comments"], - "author" => $line["author"], - "updated" => (int) strtotime($line["updated"]), - "content" => $line["cached_content"] != "" ? $line["cached_content"] : $line["content"], - "feed_id" => $line["feed_id"], - "attachments" => $attachments, - "score" => (int)$line["score"], - "feed_title" => $line["feed_title"] - ); + if ($this->dbh->num_rows($result) != 0) { - foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) { - $article = $p->hook_render_article_api(array("article" => $article)); - } + while ($line = $this->dbh->fetch_assoc($result)) { + + $attachments = get_article_enclosures($line['id']); + + $article = array( + "id" => $line["id"], + "title" => $line["title"], + "link" => $line["link"], + "labels" => get_article_labels($line['id']), + "unread" => sql_bool_to_bool($line["unread"]), + "marked" => sql_bool_to_bool($line["marked"]), + "published" => sql_bool_to_bool($line["published"]), + "comments" => $line["comments"], + "author" => $line["author"], + "updated" => (int) strtotime($line["updated"]), + "content" => $line["cached_content"] != "" ? $line["cached_content"] : $line["content"], + "feed_id" => $line["feed_id"], + "attachments" => $attachments, + "score" => (int)$line["score"], + "feed_title" => $line["feed_title"] + ); + foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) { + $article = $p->hook_render_article_api(array("article" => $article)); + } - array_push($articles, $article); - } - } + array_push($articles, $article); - $this->wrap(self::STATUS_OK, $articles); + } + } + $this->wrap(self::STATUS_OK, $articles); + } else { + $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + } } function getConfig() { -- 2.39.5