]> git.wh0rd.org - tt-rss.git/blob - classes/pref/filters.php
git.wh0rd.org / tt-rss.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
force strip_tags() on all user input unless explicitly allowed
[tt-rss.git] / classes / pref / filters.php
1 <?php
2 class Pref_Filters extends Handler_Protected {
3
4 function csrf_ignore($method) {
5 $csrf_ignored = array("index", "getfiltertree", "edit", "newfilter", "newrule",
6 "newaction", "savefilterorder");
7
8 return array_search($method, $csrf_ignored) !== false;
9 }
10
11 function filtersortreset() {
12 $sth = $this->pdo->prepare("UPDATE ttrss_filters2
13 SET order_id = 0 WHERE owner_uid = ?");
14 $sth->execute([$_SESSION['uid']]);
15 return;
16 }
17
18 function savefilterorder() {
19 $data = json_decode(clean($_POST['payload']), true);
20
21 #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
22 #$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
23
24 if (!is_array($data['items']))
25 $data['items'] = json_decode($data['items'], true);
26
27 $index = 0;
28
29 if (is_array($data) && is_array($data['items'])) {
30
31 $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET
32 order_id = ? WHERE id = ? AND
33 owner_uid = ?");
34
35 foreach ($data['items'][0]['items'] as $item) {
36 $filter_id = (int) str_replace("FILTER:", "", $item['_reference']);
37
38 if ($filter_id > 0) {
39 $sth->execute([$index, $filter_id, $_SESSION['uid']]);
40 ++$index;
41 }
42 }
43 }
44
45 return;
46 }
47
48 function testFilterDo() {
49 $offset = (int) clean($_REQUEST["offset"]);
50 $limit = (int) clean($_REQUEST["limit"]);
51
52 $filter = array();
53
54 $filter["enabled"] = true;
55 $filter["match_any_rule"] = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
56 $filter["inverse"] = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
57
58 $filter["rules"] = array();
59 $filter["actions"] = array("dummy-action");
60
61 $res = $this->pdo->query("SELECT id,name FROM ttrss_filter_types");
62
63 $filter_types = array();
64 while ($line = $res->fetch()) {
65 $filter_types[$line["id"]] = $line["name"];
66 }
67
68 $scope_qparts = array();
69
70 $rctr = 0;
71 foreach (clean($_REQUEST["rule"]) AS $r) {
72 $rule = json_decode($r, true);
73
74 if ($rule && $rctr < 5) {
75 $rule["type"] = $filter_types[$rule["filter_type"]];
76 unset($rule["filter_type"]);
77
78 $scope_inner_qparts = [];
79 foreach ($rule["feed_id"] as $feed_id) {
80
81 if (strpos($feed_id, "CAT:") === 0) {
82 $cat_id = (int) substr($feed_id, 4);
83 array_push($scope_inner_qparts, "cat_id = " . $this->pdo->quote($cat_id));
84 } else if ($feed_id > 0) {
85 array_push($scope_inner_qparts, "feed_id = " . $this->pdo->quote($feed_id));
86 }
87 }
88
89 if (count($scope_inner_qparts) > 0) {
90 array_push($scope_qparts, "(" . implode(" OR ", $scope_inner_qparts) . ")");
91 }
92
93 array_push($filter["rules"], $rule);
94
95 ++$rctr;
96 } else {
97 break;
98 }
99 }
100
101 if (count($scope_qparts) == 0) $scope_qparts = ["true"];
102
103 $glue = $filter['match_any_rule'] ? " OR " : " AND ";
104 $scope_qpart = join($glue, $scope_qparts);
105
106 if (!$scope_qpart) $scope_qpart = "true";
107
108 $rv = array();
109
110 //while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) {
111
112 $sth = $this->pdo->prepare("SELECT ttrss_entries.id,
113 ttrss_entries.title,
114 ttrss_feeds.id AS feed_id,
115 ttrss_feeds.title AS feed_title,
116 ttrss_feed_categories.id AS cat_id,
117 content,
118 date_entered,
119 link,
120 author,
121 tag_cache
122 FROM
123 ttrss_entries, ttrss_user_entries
124 LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)
125 LEFT JOIN ttrss_feed_categories ON (ttrss_feeds.cat_id = ttrss_feed_categories.id)
126 WHERE
127 ref_id = ttrss_entries.id AND
128 ($scope_qpart) AND
129 ttrss_user_entries.owner_uid = ?
130 ORDER BY date_entered DESC LIMIT $limit OFFSET $offset");
131
132 $sth->execute([$_SESSION['uid']]);
133
134 while ($line = $sth->fetch()) {
135
136 $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
137 $line['author'], explode(",", $line['tag_cache']));
138
139 if (count($rc) > 0) {
140
141 $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '&hellip;');
142
143 foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
144 $line = $p->hook_query_headlines($line, 100);
145 }
146
147 $content_preview = $line["content_preview"];
148
149 $tmp = "<tr style='margin-top : 5px'>";
150
151 #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
152 # checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
153
154 $id = $line['id'];
155 $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
156 src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
157
158 /*foreach ($filter['rules'] as $rule) {
159 $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
160
161 $line["title"] = preg_replace("/($reg_exp)/i",
162 "<span class=\"highlight\">$1</span>", $line["title"]);
163
164 $content_preview = preg_replace("/($reg_exp)/i",
165 "<span class=\"highlight\">$1</span>", $content_preview);
166 }*/
167
168 $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
169 $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
170 $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
171 $tmp .= "</td></tr>";
172
173 array_push($rv, $tmp);
174
175 /*array_push($rv, array("title" => $line["title"],
176 "content" => $content_preview,
177 "date" => $line["date_entered"],
178 "feed" => $line["feed_title"])); */
179
180 }
181 }
182
183 //$offset += $limit;
184 //}
185
186 /*if ($found == 0) {
187 print "<tr><td align='center'>" .
188 __("No recent articles matching this filter have been found.");
189 }*/
190
191 print json_encode($rv);
192 }
193
194 function testFilter() {
195
196 if (isset($_REQUEST["offset"])) return $this->testFilterDo();
197
198 //print __("Articles matching this filter:");
199
200 print "<div><img id='prefFilterLoadingIndicator' src='images/indicator_tiny.gif'>&nbsp;<span id='prefFilterProgressMsg'>Looking for articles...</span></div>";
201
202 print "<br/><div class=\"filterTestHolder\">";
203 print "<table width=\"100%\" cellspacing=\"0\" id=\"prefFilterTestResultList\">";
204 print "</table></div>";
205
206 print "<div style='text-align : center'>";
207 print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('filterTestDlg').hide()\">".
208 __('Close this window')."</button>";
209 print "</div>";
210
211 }
212
213 private function getfilterrules_concise($filter_id) {
214 $sth = $this->pdo->prepare("SELECT reg_exp,
215 inverse,
216 match_on,
217 feed_id,
218 cat_id,
219 cat_filter,
220 ttrss_filter_types.description AS field
221 FROM
222 ttrss_filters2_rules, ttrss_filter_types
223 WHERE
224 filter_id = ? AND filter_type = ttrss_filter_types.id
225 ORDER BY reg_exp");
226 $sth->execute([$filter_id]);
227
228 $rv = "";
229
230 while ($line = $sth->fetch()) {
231
232 if ($line["match_on"]) {
233 $feeds = json_decode($line["match_on"], true);
234 $feeds_fmt = [];
235
236 foreach ($feeds as $feed_id) {
237
238 if (strpos($feed_id, "CAT:") === 0) {
239 $feed_id = (int)substr($feed_id, 4);
240 array_push($feeds_fmt, Feeds::getCategoryTitle($feed_id));
241 } else {
242 if ($feed_id)
243 array_push($feeds_fmt, Feeds::getFeedTitle((int)$feed_id));
244 else
245 array_push($feeds_fmt, __("All feeds"));
246 }
247 }
248
249 $where = implode(", ", $feeds_fmt);
250
251 } else {
252
253 $where = $line["cat_filter"] ?
254 Feeds::getCategoryTitle($line["cat_id"]) :
255 ($line["feed_id"] ?
256 Feeds::getFeedTitle($line["feed_id"]) : __("All feeds"));
257 }
258
259 # $where = $line["cat_id"] . "/" . $line["feed_id"];
260
261 $inverse = $line["inverse"] ? "inverse" : "";
262
263 $rv .= "<span class='$inverse'>" . T_sprintf("%s on %s in %s %s",
264 htmlspecialchars($line["reg_exp"]),
265 $line["field"],
266 $where,
267 $line["inverse"] ? __("(inverse)") : "") . "</span>";
268 }
269
270 return $rv;
271 }
272
273 function getfiltertree() {
274 $root = array();
275 $root['id'] = 'root';
276 $root['name'] = __('Filters');
277 $root['items'] = array();
278
279 $filter_search = $_SESSION["prefs_filter_search"];
280
281 $sth = $this->pdo->prepare("SELECT *,
282 (SELECT action_param FROM ttrss_filters2_actions
283 WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
284 (SELECT action_id FROM ttrss_filters2_actions
285 WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_id,
286 (SELECT description FROM ttrss_filter_actions
287 WHERE id = (SELECT action_id FROM ttrss_filters2_actions
288 WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1)) AS action_name,
289 (SELECT reg_exp FROM ttrss_filters2_rules
290 WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp
291 FROM ttrss_filters2 WHERE
292 owner_uid = ? ORDER BY order_id, title");
293 $sth->execute([$_SESSION['uid']]);
294
295 $folder = array();
296 $folder['items'] = array();
297
298 while ($line = $sth->fetch()) {
299
300 $name = $this->getFilterName($line["id"]);
301
302 $match_ok = false;
303 if ($filter_search) {
304 $rules_sth = $this->pdo->prepare("SELECT reg_exp
305 FROM ttrss_filters2_rules WHERE filter_id = ?");
306 $rules_sth->execute([$line['id']]);
307
308 while ($rule_line = $rules_sth->fetch()) {
309 if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
310 $match_ok = true;
311 break;
312 }
313 }
314 }
315
316 if ($line['action_id'] == 7) {
317 $label_sth = $this->pdo->prepare("SELECT fg_color, bg_color
318 FROM ttrss_labels2 WHERE caption = ? AND
319 owner_uid = ?");
320 $label_sth->execute([$line['action_param'], $_SESSION['uid']]);
321
322 if ($label_row = $label_sth->fetch()) {
323 $fg_color = $label_row["fg_color"];
324 $bg_color = $label_row["bg_color"];
325
326 $name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1];
327 }
328 }
329
330 $filter = array();
331 $filter['id'] = 'FILTER:' . $line['id'];
332 $filter['bare_id'] = $line['id'];
333 $filter['name'] = $name[0];
334 $filter['param'] = $name[1];
335 $filter['checkbox'] = false;
336 $filter['enabled'] = $line["enabled"];
337 $filter['rules'] = $this->getfilterrules_concise($line['id']);
338
339 if (!$filter_search || $match_ok) {
340 array_push($folder['items'], $filter);
341 }
342 }
343
344 $root['items'] = $folder['items'];
345
346 $fl = array();
347 $fl['identifier'] = 'id';
348 $fl['label'] = 'name';
349 $fl['items'] = array($root);
350
351 print json_encode($fl);
352 return;
353 }
354
355 function edit() {
356
357 $filter_id = clean($_REQUEST["id"]);
358
359 $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
360 WHERE id = ? AND owner_uid = ?");
361 $sth->execute([$filter_id, $_SESSION['uid']]);
362
363 if ($row = $sth->fetch()) {
364
365 $enabled = $row["enabled"];
366 $match_any_rule = $row["match_any_rule"];
367 $inverse = $row["inverse"];
368 $title = htmlspecialchars($row["title"]);
369
370 print "<form id=\"filter_edit_form\" onsubmit='return false'>";
371
372 print_hidden("op", "pref-filters");
373 print_hidden("id", "$filter_id");
374 print_hidden("method", "editSave");
375 print_hidden("csrf_token", $_SESSION['csrf_token']);
376
377 print "<div class=\"dlgSec\">".__("Caption")."</div>";
378
379 print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
380
381 print "</div>";
382
383 print "<div class=\"dlgSec\">".__("Match")."</div>";
384
385 print "<div dojoType=\"dijit.Toolbar\">";
386
387 print "<div dojoType=\"dijit.form.DropDownButton\">".
388 "<span>" . __('Select')."</span>";
389 print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
390 print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
391 dojoType=\"dijit.MenuItem\">".__('All')."</div>";
392 print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
393 dojoType=\"dijit.MenuItem\">".__('None')."</div>";
394 print "</div></div>";
395
396 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
397 __('Add')."</button> ";
398
399 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
400 __('Delete')."</button> ";
401
402 print "</div>";
403
404 print "<ul id='filterDlg_Matches'>";
405
406 $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
407 WHERE filter_id = ? ORDER BY reg_exp, id");
408 $rules_sth->execute([$filter_id]);
409
410 while ($line = $rules_sth->fetch()) {
411 if ($line["match_on"]) {
412 $line["feed_id"] = json_decode($line["match_on"], true);
413 } else {
414 if ($line["cat_filter"]) {
415 $feed_id = "CAT:" . (int)$line["cat_id"];
416 } else {
417 $feed_id = (int)$line["feed_id"];
418 }
419
420 $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
421 }
422
423 unset($line["cat_filter"]);
424 unset($line["cat_id"]);
425 unset($line["filter_id"]);
426 unset($line["id"]);
427 if (!$line["inverse"]) unset($line["inverse"]);
428 unset($line["match_on"]);
429
430 $data = htmlspecialchars(json_encode($line));
431
432 print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
433 "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
434 "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
435 }
436
437 print "</ul>";
438
439 print "</div>";
440
441 print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
442
443 print "<div dojoType=\"dijit.Toolbar\">";
444
445 print "<div dojoType=\"dijit.form.DropDownButton\">".
446 "<span>" . __('Select')."</span>";
447 print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
448 print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
449 dojoType=\"dijit.MenuItem\">".__('All')."</div>";
450 print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
451 dojoType=\"dijit.MenuItem\">".__('None')."</div>";
452 print "</div></div>";
453
454 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
455 __('Add')."</button> ";
456
457 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
458 __('Delete')."</button> ";
459
460 print "</div>";
461
462 print "<ul id='filterDlg_Actions'>";
463
464 $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
465 WHERE filter_id = ? ORDER BY id");
466 $actions_sth->execute([$filter_id]);
467
468 while ($line = $actions_sth->fetch()) {
469 $line["action_param_label"] = $line["action_param"];
470
471 unset($line["filter_id"]);
472 unset($line["id"]);
473
474 $data = htmlspecialchars(json_encode($line));
475
476 print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
477 "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
478 "<input type='hidden' name='action[]' value=\"$data\"/></li>";
479 }
480
481 print "</ul>";
482
483 print "</div>";
484
485 if ($enabled) {
486 $checked = "checked=\"1\"";
487 } else {
488 $checked = "";
489 }
490
491 print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
492 <label for=\"enabled\">".__('Enabled')."</label>";
493
494 if ($match_any_rule) {
495 $checked = "checked=\"1\"";
496 } else {
497 $checked = "";
498 }
499
500 print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
501 <label for=\"match_any_rule\">".__('Match any rule')."</label>";
502
503 if ($inverse) {
504 $checked = "checked=\"1\"";
505 } else {
506 $checked = "";
507 }
508
509 print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
510 <label for=\"inverse\">".__('Inverse matching')."</label>";
511
512 print "<p/>";
513
514 print "<div class=\"dlgButtons\">";
515
516 print "<div style=\"float : left\">";
517 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
518 __('Remove')."</button>";
519 print "</div>";
520
521 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
522 __('Test')."</button> ";
523
524 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
525 __('Save')."</button> ";
526
527 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
528 __('Cancel')."</button>";
529
530 print "</div>";
531
532 }
533 }
534
535 private function getRuleName($rule) {
536 if (!$rule) $rule = json_decode(clean($_REQUEST["rule"]), true);
537
538 $feeds = $rule["feed_id"];
539 $feeds_fmt = [];
540
541 if (!is_array($feeds)) $feeds = [$feeds];
542
543 foreach ($feeds as $feed_id) {
544
545 if (strpos($feed_id, "CAT:") === 0) {
546 $feed_id = (int)substr($feed_id, 4);
547 array_push($feeds_fmt, Feeds::getCategoryTitle($feed_id));
548 } else {
549 if ($feed_id)
550 array_push($feeds_fmt, Feeds::getFeedTitle((int)$feed_id));
551 else
552 array_push($feeds_fmt, __("All feeds"));
553 }
554 }
555
556 $feed = implode(", ", $feeds_fmt);
557
558 $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_types
559 WHERE id = ?");
560 $sth->execute([(int)$rule["filter_type"]]);
561
562 if ($row = $sth->fetch()) {
563 $filter_type = $row["description"];
564 } else {
565 $filter_type = "?UNKNOWN?";
566 }
567
568 $inverse = isset($rule["inverse"]) ? "inverse" : "";
569
570 return "<span class='filterRule $inverse'>" .
571 T_sprintf("%s on %s in %s %s", htmlspecialchars($rule["reg_exp"]),
572 $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "") . "</span>";
573 }
574
575 function printRuleName() {
576 print $this->getRuleName(json_decode(clean($_REQUEST["rule"]), true));
577 }
578
579 private function getActionName($action) {
580 $sth = $this->pdo->prepare("SELECT description FROM
581 ttrss_filter_actions WHERE id = ?");
582 $sth->execute([(int)$action["action_id"]]);
583
584 $title = "";
585
586 if ($row = $sth->fetch()) {
587
588 $title = __($row["description"]);
589
590 if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
591 $action["action_id"] == 7)
592 $title .= ": " . $action["action_param"];
593
594 if ($action["action_id"] == 9) {
595 list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
596
597 $filter_actions = PluginHost::getInstance()->get_filter_actions();
598
599 foreach ($filter_actions as $fclass => $factions) {
600 foreach ($factions as $faction) {
601 if ($pfaction == $faction["action"] && $pfclass == $fclass) {
602 $title .= ": " . $fclass . ": " . $faction["description"];
603 break;
604 }
605 }
606 }
607 }
608 }
609
610 return $title;
611 }
612
613 function printActionName() {
614 print $this->getActionName(json_decode(clean($_REQUEST["action"]), true));
615 }
616
617 function editSave() {
618 if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
619 return $this->testFilter();
620 }
621
622 $filter_id = clean($_REQUEST["id"]);
623 $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
624 $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
625 $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
626 $title = clean($_REQUEST["title"]);
627
628 $this->pdo->beginTransaction();
629
630 $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET enabled = ?,
631 match_any_rule = ?,
632 inverse = ?,
633 title = ?
634 WHERE id = ? AND owner_uid = ?");
635
636 $sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]);
637
638 $this->saveRulesAndActions($filter_id);
639
640 $this->pdo->commit();
641 }
642
643 function remove() {
644
645 $ids = explode(",", clean($_REQUEST["ids"]));
646 $ids_qmarks = arr_qmarks($ids);
647
648 $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
649 AND owner_uid = ?");
650 $sth->execute(array_merge($ids, [$_SESSION['uid']]));
651 }
652
653 private function saveRulesAndActions($filter_id)
654 {
655
656 $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?");
657 $sth->execute([$filter_id]);
658
659 $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
660 $sth->execute([$filter_id]);
661
662 if (!is_array(clean($_REQUEST["rule"]))) $_REQUEST["rule"] = [];
663 if (!is_array(clean($_REQUEST["action"]))) $_REQUEST["action"] = [];
664
665 if ($filter_id) {
666 /* create rules */
667
668 $rules = array();
669 $actions = array();
670
671 foreach (clean($_REQUEST["rule"]) as $rule) {
672 $rule = json_decode($rule, true);
673 unset($rule["id"]);
674
675 if (array_search($rule, $rules) === false) {
676 array_push($rules, $rule);
677 }
678 }
679
680 foreach (clean($_REQUEST["action"]) as $action) {
681 $action = json_decode($action, true);
682 unset($action["id"]);
683
684 if (array_search($action, $actions) === false) {
685 array_push($actions, $action);
686 }
687 }
688
689 $rsth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
690 (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
691 (?, ?, ?, NULL, NULL, ?, ?)");
692
693 foreach ($rules as $rule) {
694 if ($rule) {
695
696 $reg_exp = trim($rule["reg_exp"]);
697 $inverse = isset($rule["inverse"]) ? 1 : 0;
698
699 $filter_type = (int)trim($rule["filter_type"]);
700 $match_on = json_encode($rule["feed_id"]);
701
702 $rsth->execute([$filter_id, $reg_exp, $filter_type, $match_on, $inverse]);
703 }
704 }
705
706 $asth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions
707 (filter_id, action_id, action_param) VALUES
708 (?, ?, ?)");
709
710 foreach ($actions as $action) {
711 if ($action) {
712
713 $action_id = (int)$action["action_id"];
714 $action_param = $action["action_param"];
715 $action_param_label = $action["action_param_label"];
716
717 if ($action_id == 7) {
718 $action_param = $action_param_label;
719 }
720
721 if ($action_id == 6) {
722 $action_param = (int)str_replace("+", "", $action_param);
723 }
724
725 $asth->execute([$filter_id, $action_id, $action_param]);
726 }
727 }
728 }
729 }
730
731 function add() {
732 if (clean($_REQUEST["savemode"] && $_REQUEST["savemode"]) == "test") {
733 return $this->testFilter();
734 }
735
736 $enabled = checkbox_to_sql_bool(clean($_REQUEST["enabled"]));
737 $match_any_rule = checkbox_to_sql_bool(clean($_REQUEST["match_any_rule"]));
738 $title = clean($_REQUEST["title"]);
739 $inverse = checkbox_to_sql_bool(clean($_REQUEST["inverse"]));
740
741 $this->pdo->beginTransaction();
742
743 /* create base filter */
744
745 $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2
746 (owner_uid, match_any_rule, enabled, title, inverse) VALUES
747 (?, ?, ?, ?, ?)");
748
749 $sth->execute([$_SESSION['uid'], $match_any_rule, $enabled, $title, $inverse]);
750
751 $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2
752 WHERE owner_uid = ?");
753 $sth->execute([$_SESSION['uid']]);
754
755 if ($row = $sth->fetch()) {
756 $filter_id = $row['id'];
757 $this->saveRulesAndActions($filter_id);
758 }
759
760 $this->pdo->commit();
761 }
762
763 function index() {
764
765 $filter_search = clean($_REQUEST["search"]);
766
767 if (array_key_exists("search", $_REQUEST)) {
768 $_SESSION["prefs_filter_search"] = $filter_search;
769 } else {
770 $filter_search = $_SESSION["prefs_filter_search"];
771 }
772
773 print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
774 print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
775 print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
776
777 if (array_key_exists("search", $_REQUEST)) {
778 $_SESSION["prefs_filter_search"] = $filter_search;
779 } else {
780 $filter_search = $_SESSION["prefs_filter_search"];
781 }
782
783 print "<div style='float : right; padding-right : 4px;'>
784 <input dojoType=\"dijit.form.TextBox\" id=\"filter_search\" size=\"20\" type=\"search\"
785 value=\"$filter_search\">
786 <button dojoType=\"dijit.form.Button\" onclick=\"updateFilterList()\">".
787 __('Search')."</button>
788 </div>";
789
790 print "<div dojoType=\"dijit.form.DropDownButton\">".
791 "<span>" . __('Select')."</span>";
792 print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
793 print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
794 dojoType=\"dijit.MenuItem\">".__('All')."</div>";
795 print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
796 dojoType=\"dijit.MenuItem\">".__('None')."</div>";
797 print "</div></div>";
798
799 print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
800 __('Create filter')."</button> ";
801
802 print "<button dojoType=\"dijit.form.Button\" onclick=\"return joinSelectedFilters()\">".
803 __('Combine')."</button> ";
804
805 print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
806 __('Edit')."</button> ";
807
808 print "<button dojoType=\"dijit.form.Button\" onclick=\"return resetFilterOrder()\">".
809 __('Reset sort order')."</button> ";
810
811
812 print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
813 __('Remove')."</button> ";
814
815 print "</div>"; # toolbar
816 print "</div>"; # toolbar-frame
817 print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
818
819 print "<div id=\"filterlistLoading\">
820 <img src='images/indicator_tiny.gif'>".
821 __("Loading, please wait...")."</div>";
822
823 print "<div dojoType=\"fox.PrefFilterStore\" jsId=\"filterStore\"
824 url=\"backend.php?op=pref-filters&method=getfiltertree\">
825 </div>
826 <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
827 query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Filters\"
828 childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
829 </div>
830 <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
831 dndController=\"dijit.tree.dndSource\"
832 betweenThreshold=\"5\"
833 model=\"filterModel\" openOnClick=\"true\">
834 <script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
835 Element.hide(\"filterlistLoading\");
836 </script>
837 <script type=\"dojo/method\" event=\"onClick\" args=\"item\">
838 var id = String(item.id);
839 var bare_id = id.substr(id.indexOf(':')+1);
840
841 if (id.match('FILTER:')) {
842 editFilter(bare_id);
843 }
844 </script>
845
846 </div>";
847
848 print "</div>"; #pane
849
850 PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB,
851 "hook_prefs_tab", "prefFilters");
852
853 print "</div>"; #container
854
855 }
856
857 function newfilter() {
858
859 print "<form name='filter_new_form' id='filter_new_form'>";
860
861 print_hidden("op", "pref-filters");
862 print_hidden("method", "add");
863 print_hidden("csrf_token", $_SESSION['csrf_token']);
864
865 print "<div class=\"dlgSec\">".__("Caption")."</div>";
866
867 print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"\">";
868
869 print "<div class=\"dlgSec\">".__("Match")."</div>";
870
871 print "<div dojoType=\"dijit.Toolbar\">";
872
873 print "<div dojoType=\"dijit.form.DropDownButton\">".
874 "<span>" . __('Select')."</span>";
875 print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
876 print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
877 dojoType=\"dijit.MenuItem\">".__('All')."</div>";
878 print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
879 dojoType=\"dijit.MenuItem\">".__('None')."</div>";
880 print "</div></div>";
881
882 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
883 __('Add')."</button> ";
884
885 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
886 __('Delete')."</button> ";
887
888 print "</div>";
889
890 print "<ul id='filterDlg_Matches'>";
891 # print "<li>No rules</li>";
892 print "</ul>";
893
894 print "</div>";
895
896 print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
897
898 print "<div dojoType=\"dijit.Toolbar\">";
899
900 print "<div dojoType=\"dijit.form.DropDownButton\">".
901 "<span>" . __('Select')."</span>";
902 print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
903 print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
904 dojoType=\"dijit.MenuItem\">".__('All')."</div>";
905 print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
906 dojoType=\"dijit.MenuItem\">".__('None')."</div>";
907 print "</div></div>";
908
909 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
910 __('Add')."</button> ";
911
912 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
913 __('Delete')."</button> ";
914
915 print "</div>";
916
917 print "<ul id='filterDlg_Actions'>";
918 # print "<li>No actions</li>";
919 print "</ul>";
920
921 /* print "<div class=\"dlgSec\">".__("Options")."</div>";
922 print "<div class=\"dlgSecCont\">"; */
923
924 print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" checked=\"1\">
925 <label for=\"enabled\">".__('Enabled')."</label>";
926
927 print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\">
928 <label for=\"match_any_rule\">".__('Match any rule')."</label>";
929
930 print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\">
931 <label for=\"inverse\">".__('Inverse matching')."</label>";
932
933 // print "</div>";
934
935 print "<div class=\"dlgButtons\">";
936
937 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
938 __('Test')."</button> ";
939
940 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
941 __('Create')."</button> ";
942
943 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
944 __('Cancel')."</button>";
945
946 print "</div>";
947
948 }
949
950 function newrule() {
951 $rule = json_decode(clean($_REQUEST["rule"]), true);
952
953 if ($rule) {
954 $reg_exp = htmlspecialchars($rule["reg_exp"]);
955 $filter_type = $rule["filter_type"];
956 $feed_id = $rule["feed_id"];
957 $inverse_checked = isset($rule["inverse"]) ? "checked" : "";
958 } else {
959 $reg_exp = "";
960 $filter_type = 1;
961 $feed_id = ["0"];
962 $inverse_checked = "";
963 }
964
965 print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
966
967 $res = $this->pdo->query("SELECT id,description
968 FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
969
970 $filter_types = array();
971
972 while ($line = $res->fetch()) {
973 $filter_types[$line["id"]] = __($line["description"]);
974 }
975
976 print "<div class=\"dlgSec\">".__("Match")."</div>";
977
978 print "<div class=\"dlgSecCont\">";
979
980 print "<input dojoType=\"dijit.form.ValidationTextBox\"
981 required=\"true\" id=\"filterDlg_regExp\"
982 style=\"font-size : 16px; width : 20em;\"
983 name=\"reg_exp\" value=\"$reg_exp\"/>";
984
985 print "<hr/>";
986 print "<input id=\"filterDlg_inverse\" dojoType=\"dijit.form.CheckBox\"
987 name=\"inverse\" $inverse_checked/>";
988 print "<label for=\"filterDlg_inverse\">".__("Inverse regular expression matching")."</label>";
989
990 print "<hr/>" . __("on field") . " ";
991 print_select_hash("filter_type", $filter_type, $filter_types,
992 'dojoType="dijit.form.Select"');
993
994 print "<hr/>";
995
996 print __("in") . " ";
997
998 print "<span id='filterDlg_feeds'>";
999 print_feed_multi_select("feed_id",
1000 $feed_id,
1001 'dojoType="dijit.form.MultiSelect"');
1002 print "</span>";
1003
1004 print "</div>";
1005
1006 print "<div class=\"dlgButtons\">";
1007
1008 print "<div style=\"float : left\">
1009 <a class=\"visibleLink\" target=\"_blank\" href=\"http://tt-rss.org/wiki/ContentFilters\">".__("Wiki: Filters")."</a>
1010 </div>";
1011
1012
1013 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewRuleDlg').execute()\">".
1014 ($rule ? __("Save rule") : __('Add rule'))."</button> ";
1015
1016 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewRuleDlg').hide()\">".
1017 __('Cancel')."</button>";
1018
1019 print "</div>";
1020
1021 print "</form>";
1022 }
1023
1024 function newaction() {
1025 $action = json_decode(clean($_REQUEST["action"]), true);
1026
1027 if ($action) {
1028 $action_param = $action["action_param"];
1029 $action_id = (int)$action["action_id"];
1030 } else {
1031 $action_param = "";
1032 $action_id = 0;
1033 }
1034
1035 print "<form name='filter_new_action_form' id='filter_new_action_form'>";
1036
1037 print "<div class=\"dlgSec\">".__("Perform Action")."</div>";
1038
1039 print "<div class=\"dlgSecCont\">";
1040
1041 print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
1042 onchange=\"filterDlgCheckAction(this)\">";
1043
1044 $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions
1045 ORDER BY name");
1046
1047 while ($line = $res->fetch()) {
1048 $is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
1049 printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
1050 }
1051
1052 print "</select>";
1053
1054 $param_box_hidden = ($action_id == 7 || $action_id == 4 || $action_id == 6 || $action_id == 9) ?
1055 "" : "display : none";
1056
1057 $param_hidden = ($action_id == 4 || $action_id == 6) ?
1058 "" : "display : none";
1059
1060 $label_param_hidden = ($action_id == 7) ? "" : "display : none";
1061 $plugin_param_hidden = ($action_id == 9) ? "" : "display : none";
1062
1063 print "<span id=\"filterDlg_paramBox\" style=\"$param_box_hidden\">";
1064 print " ";
1065 //print " " . __("with parameters:") . " ";
1066 print "<input dojoType=\"dijit.form.TextBox\"
1067 id=\"filterDlg_actionParam\" style=\"$param_hidden\"
1068 name=\"action_param\" value=\"$action_param\">";
1069
1070 print_label_select("action_param_label", $action_param,
1071 "id=\"filterDlg_actionParamLabel\" style=\"$label_param_hidden\"
1072 dojoType=\"dijit.form.Select\"");
1073
1074 $filter_actions = PluginHost::getInstance()->get_filter_actions();
1075 $filter_action_hash = array();
1076
1077 foreach ($filter_actions as $fclass => $factions) {
1078 foreach ($factions as $faction) {
1079
1080 $filter_action_hash[$fclass . ":" . $faction["action"]] =
1081 $fclass . ": " . $faction["description"];
1082 }
1083 }
1084
1085 if (count($filter_action_hash) == 0) {
1086 $filter_plugin_disabled = "disabled";
1087
1088 $filter_action_hash["no-data"] = __("No actions available");
1089
1090 } else {
1091 $filter_plugin_disabled = "";
1092 }
1093
1094 print_select_hash("filterDlg_actionParamPlugin", $action_param, $filter_action_hash,
1095 "style=\"$plugin_param_hidden\" dojoType=\"dijit.form.Select\" $filter_plugin_disabled",
1096 "action_param_plugin");
1097
1098 print "</span>";
1099
1100 print "&nbsp;"; // tiny layout hack
1101
1102 print "</div>";
1103
1104 print "<div class=\"dlgButtons\">";
1105
1106 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewActionDlg').execute()\">".
1107 ($action ? __("Save action") : __('Add action'))."</button> ";
1108
1109 print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterNewActionDlg').hide()\">".
1110 __('Cancel')."</button>";
1111
1112 print "</div>";
1113
1114 print "</form>";
1115 }
1116
1117 private function getFilterName($id) {
1118
1119 $sth = $this->pdo->prepare(
1120 "SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
1121 FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
1122 ON (r.filter_id = f.id)
1123 LEFT JOIN ttrss_filters2_actions AS a
1124 ON (a.filter_id = f.id) WHERE f.id = ? GROUP BY f.title, f.match_any_rule");
1125 $sth->execute([$id]);
1126
1127 if ($row = $sth->fetch()) {
1128
1129 $title = $row["title"];
1130 $num_rules = $row["num_rules"];
1131 $num_actions = $row["num_actions"];
1132 $match_any_rule = $row["match_any_rule"];
1133
1134 if (!$title) $title = __("[No caption]");
1135
1136 $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
1137
1138 $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
1139 WHERE filter_id = ? ORDER BY id LIMIT 1");
1140 $sth->execute([$id]);
1141
1142 $actions = "";
1143
1144 if ($line = $sth->fetch()) {
1145 $actions = $this->getActionName($line);
1146
1147 $num_actions -= 1;
1148 }
1149
1150 if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
1151
1152 if ($num_actions > 0)
1153 $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
1154
1155 return [$title, $actions];
1156 }
1157
1158 return [];
1159 }
1160
1161 function join() {
1162 $ids = explode(",", clean($_REQUEST["ids"]));
1163
1164 if (count($ids) > 1) {
1165 $base_id = array_shift($ids);
1166 $ids_qmarks = arr_qmarks($ids);
1167
1168 $this->pdo->beginTransaction();
1169
1170 $sth = $this->pdo->prepare("UPDATE ttrss_filters2_rules
1171 SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
1172 $sth->execute(array_merge([$base_id], $ids));
1173
1174 $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions
1175 SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
1176 $sth->execute(array_merge([$base_id], $ids));
1177
1178 $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)");
1179 $sth->execute($ids);
1180
1181 $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = ?");
1182 $sth->execute([$base_id]);
1183
1184 $this->pdo->commit();
1185
1186 $this->optimizeFilter($base_id);
1187
1188 }
1189 }
1190
1191 private function optimizeFilter($id) {
1192
1193 $this->pdo->beginTransaction();
1194
1195 $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
1196 WHERE filter_id = ?");
1197 $sth->execute([$id]);
1198
1199 $tmp = array();
1200 $dupe_ids = array();
1201
1202 while ($line = $sth->fetch()) {
1203 $id = $line["id"];
1204 unset($line["id"]);
1205
1206 if (array_search($line, $tmp) === false) {
1207 array_push($tmp, $line);
1208 } else {
1209 array_push($dupe_ids, $id);
1210 }
1211 }
1212
1213 if (count($dupe_ids) > 0) {
1214 $ids_str = join(",", $dupe_ids);
1215
1216 $this->pdo->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)");
1217 }
1218
1219 $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
1220 WHERE filter_id = ?");
1221 $sth->execute([$id]);
1222
1223 $tmp = array();
1224 $dupe_ids = array();
1225
1226 while ($line = $sth->fetch()) {
1227 $id = $line["id"];
1228 unset($line["id"]);
1229
1230 if (array_search($line, $tmp) === false) {
1231 array_push($tmp, $line);
1232 } else {
1233 array_push($dupe_ids, $id);
1234 }
1235 }
1236
1237 if (count($dupe_ids) > 0) {
1238 $ids_str = join(",", $dupe_ids);
1239
1240 $this->pdo->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)");
1241 }
1242
1243 $this->pdo->commit();
1244 }
1245 }
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/