From b6c1201c33242bdf3341de7ed68792b57152bbc1 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 15 Apr 2011 11:42:22 +0400 Subject: [PATCH] filters: cast score expression as integer on save to prevent misscoring --- modules/pref-filters.php | 112 +++++++++++++++++++++------------------ 1 file changed, 60 insertions(+), 52 deletions(-) diff --git a/modules/pref-filters.php b/modules/pref-filters.php index 805562d9..dc9015f3 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -9,7 +9,7 @@ $root['name'] = __('Filters'); $root['items'] = array(); - $result = db_query($link, "SELECT + $result = db_query($link, "SELECT ttrss_filters.id AS id,reg_exp, ttrss_filter_types.name AS filter_type_name, ttrss_filter_types.description AS filter_type_descr, @@ -23,7 +23,7 @@ ttrss_feeds.title AS feed_title, ttrss_filter_actions.name AS action_name, ttrss_filters.action_param AS action_param - FROM + FROM ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id) WHERE @@ -39,41 +39,41 @@ while ($line = db_fetch_assoc($result)) { if ($cur_action_description != $line['action_description']) { - + if ($cat) array_push($root['items'], $cat); - + $cat = array(); $cat['id'] = 'ACTION:' . $line['action_id']; $cat['name'] = $line['action_description']; $cat['items'] = array(); - + $cur_action_description = $line['action_description']; } - - if (array_search($line["action_name"], + + if (array_search($line["action_name"], array("score", "tag", "label")) === false) { - + $line["action_param"] = ''; } else { if ($line['action_name'] == 'label') { - + $tmp_result = db_query($link, "SELECT fg_color, bg_color FROM ttrss_labels2 WHERE caption = '". db_escape_string($line["action_param"])."' AND owner_uid = " . $_SESSION["uid"]); - + if (db_num_rows($tmp_result) != 0) { $fg_color = db_fetch_result($tmp_result, 0, "fg_color"); $bg_color = db_fetch_result($tmp_result, 0, "bg_color"); - + $tmp = "α " . $line['action_param']; - + $line['action_param'] = $tmp; } } } - + $filter = array(); $filter['id'] = 'FILTER:' . $line['id']; $filter['bare_id'] = $line['id']; @@ -83,13 +83,13 @@ $filter['param'] = $line['action_param']; $filter['inverse'] = sql_bool_to_bool($line['inverse']); $filter['checkbox'] = false; - + if ($line['feed_id']) - $filter['feed'] = $line['feed_title']; - + $filter['feed'] = $line['feed_title']; + array_push($cat['items'], $filter); } - + array_push($root['items'], $cat); } @@ -106,7 +106,7 @@ $filter_id = db_escape_string($_REQUEST["id"]); - $result = db_query($link, + $result = db_query($link, "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp")); @@ -123,13 +123,13 @@ print ""; print ""; - print ""; - - $result = db_query($link, "SELECT id,description + print ""; + + $result = db_query($link, "SELECT id,description FROM ttrss_filter_types ORDER BY description"); - + $filter_types = array(); - + while ($line = db_fetch_assoc($result)) { //array_push($filter_types, $line["description"]); $filter_types[$line["id"]] = __($line["description"]); @@ -159,7 +159,7 @@ required=\"1\" name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">"; - print ""; + print ""; print " "; print ""; @@ -182,15 +182,15 @@ print ""; $param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none"; @@ -206,8 +206,8 @@ $param_int_hidden = ($action_id == 7) ? "" : "display : none"; - print_label_select($link, "action_param_label", $action_param, - "style=\"$param_int_hidden\"" . + print_label_select($link, "action_param_label", $action_param, + "style=\"$param_int_hidden\"" . 'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"'); print ""; @@ -271,9 +271,9 @@ $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $filter_id = db_escape_string($_REQUEST["id"]); $feed_id = db_escape_string($_REQUEST["feed_id"]); - $action_id = db_escape_string($_REQUEST["action_id"]); - $action_param = db_escape_string($_REQUEST["action_param"]); - $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); @@ -293,8 +293,12 @@ $action_param = $action_param_label; } - $result = db_query($link, "UPDATE ttrss_filters SET - reg_exp = '$reg_exp', + if ($action_id == 6) { + $action_param = (int) str_replace("+", "", $action_param); + } + + $result = db_query($link, "UPDATE ttrss_filters SET + reg_exp = '$reg_exp', feed_id = $feed_id, action_id = '$action_id', filter_type = '$filter_type', @@ -306,7 +310,7 @@ } if ($subop == "remove") { - + if ($memcache) $memcache->flush(); $ids = split(",", db_escape_string($_REQUEST["ids"])); @@ -324,9 +328,9 @@ $regexp = db_escape_string(trim($_REQUEST["reg_exp"])); $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $feed_id = db_escape_string($_REQUEST["feed_id"]); - $action_id = db_escape_string($_REQUEST["action_id"]); - $action_param = db_escape_string($_REQUEST["action_param"]); - $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); # for the time being, no other filters use params anyway... @@ -347,11 +351,15 @@ $action_param = $action_param_label; } + if ($action_id == 6) { + $action_param = (int) str_replace("+", "", $action_param); + } + $result = db_query($link, "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id, - action_id, action_param, inverse, filter_param) - VALUES - ('$regexp', '$filter_type','".$_SESSION["uid"]."', + action_id, action_param, inverse, filter_param) + VALUES + ('$regexp', '$filter_type','".$_SESSION["uid"]."', $feed_id, '$action_id', '$action_param', $inverse, '$filter_param')"); if (db_affected_rows($link, $result) != 0) { @@ -369,7 +377,7 @@ $sort = "reg_exp"; } - $result = db_query($link, "SELECT id,description + $result = db_query($link, "SELECT id,description FROM ttrss_filter_types ORDER BY description"); $filter_types = array(); @@ -387,7 +395,7 @@ } else { $filter_search = $_SESSION["prefs_filter_search"]; } - + print "
"; print "
"; print "
"; @@ -395,14 +403,14 @@ print "
". "" . __('Select').""; print "
"; - print "
".__('All')."
"; - print "
".__('None')."
"; print "
"; - + print " "; + __('Create filter')." "; print " "; @@ -412,7 +420,7 @@ if (defined('_ENABLE_FEED_DEBUGGING')) { print " "; + __('Rescore articles')." "; } print "
"; # toolbar @@ -423,14 +431,14 @@ ". __("Loading, please wait...")."
"; - print "
-
"; -- 2.39.5