}
function renamecat() {
- $title = $_REQUEST['title'];
- $id = $_REQUEST['id'];
+ $title = clean($_REQUEST['title']);
+ $id = clean($_REQUEST['id']);
if ($title) {
$sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
private function get_category_items($cat_id) {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
// first one is set by API
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$items = array();
}
$fsth = $this->pdo->prepare("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id = :cat AND
+ WHERE cat_id = :cat AND
owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
ORDER BY order_id, title");
$feed['icon'] = Feeds::getFeedIcon($feed_line['id']);
$feed['param'] = make_local_datetime(
$feed_line['last_updated'], true);
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($items, $feed);
}
function makefeedtree() {
- if ($_REQUEST['mode'] != 2)
+ if (clean($_REQUEST['mode']) != 2)
$search = $_SESSION["prefs_feed_search"];
else
$search = "";
$enable_cats = get_pref('ENABLE_FEED_CATS');
- if ($_REQUEST['mode'] == 2) {
+ if (clean($_REQUEST['mode']) == 2) {
if ($enable_cats) {
$cat = $this->feedlist_init_cat(-1);
}
if ($enable_cats) {
- $show_empty_cats = $_REQUEST['force_show_empty'] ||
- ($_REQUEST['mode'] != 2 && !$search);
+ $show_empty_cats = clean($_REQUEST['force_show_empty']) ||
+ (clean($_REQUEST['mode']) != 2 && !$search);
$sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
$cat['child_unread'] = 0;
$fsth = $this->pdo->prepare("SELECT id, title,last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
- WHERE cat_id IS NULL AND
+ WHERE cat_id IS NULL AND
owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
ORDER BY order_id, title");
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($cat['items'], $feed);
}
} else {
$fsth = $this->pdo->prepare("SELECT id, title, last_error,
- ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
+ ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated, update_interval
FROM ttrss_feeds
WHERE owner_uid = :uid AND
(:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
$feed_line['last_updated'], true);
$feed['unread'] = 0;
$feed['type'] = 'feed';
+ $feed['updates_disabled'] = (int)($feed_line['update_interval'] < 0);
array_push($root['items'], $feed);
}
$fl['identifier'] = 'id';
$fl['label'] = 'name';
- if ($_REQUEST['mode'] != 2) {
+ if (clean($_REQUEST['mode']) != 2) {
$fl['items'] = array($root);
} else {
$fl['items'] = $root['items'];
}
private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) {
- $debug = isset($_REQUEST["debug"]);
$prefix = "";
for ($i = 0; $i < $nest_level; $i++)
$prefix .= " ";
- if ($debug) _debug("$prefix C: $item_id P: $parent_id");
+ Debug::log("$prefix C: $item_id P: $parent_id");
$bare_item_id = substr($item_id, strpos($item_id, ':')+1);
$id = $item['_reference'];
$bare_id = substr($id, strpos($id, ':')+1);
- if ($debug) _debug("$prefix [$order_id] $id/$bare_id");
+ Debug::log("$prefix [$order_id] $id/$bare_id");
if ($item['_reference']) {
function savefeedorder() {
$data = json_decode($_POST['payload'], true);
- #file_put_contents("/tmp/saveorder.json", $_POST['payload']);
+ #file_put_contents("/tmp/saveorder.json", clean($_POST['payload']));
#$data = json_decode(file_get_contents("/tmp/saveorder.json"), true);
if (!is_array($data['items']))
}
function removeicon() {
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
WHERE id = ? AND owner_uid = ?");
}
$icon_file = $tmp_file;
- $feed_id = $_REQUEST["feed_id"];
+ $feed_id = clean($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 65535) {
global $purge_intervals;
global $update_intervals;
- print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
- <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
- $feed_id = $_REQUEST["id"];
+ $feed_id = clean($_REQUEST["id"]);
- $result = db_query(
- "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0,
- "auth_pass_encrypted"));
+ if ($row = $sth->fetch()) {
+ print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
+ <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
- $title = htmlspecialchars(db_fetch_result($result,
- 0, "title"));
+ $title = htmlspecialchars($row["title"]);
- print_hidden("id", "$feed_id");
- print_hidden("op", "pref-feeds");
- print_hidden("method", "editSave");
+ print_hidden("id", "$feed_id");
+ print_hidden("op", "pref-feeds");
+ print_hidden("method", "editSave");
- print "<div class=\"dlgSec\">".__("Feed")."</div>";
- print "<div class=\"dlgSecCont\">";
+ print "<div class=\"dlgSec\">".__("Feed")."</div>";
+ print "<div class=\"dlgSecCont\">";
- /* Title */
+ /* Title */
- print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Feed Title")."\"
style=\"font-size : 16px; width: 20em\" name=\"title\" value=\"$title\">";
- /* Feed URL */
+ /* Feed URL */
- $feed_url = db_fetch_result($result, 0, "feed_url");
- $feed_url = htmlspecialchars(db_fetch_result($result,
- 0, "feed_url"));
+ $feed_url = htmlspecialchars($row["feed_url"]);
- print "<hr/>";
+ print "<hr/>";
- print __('URL:') . " ";
- print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ print __('URL:') . " ";
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Feed URL")."\"
regExp='^(http|https)://.*' style=\"width : 20em\"
name=\"feed_url\" value=\"$feed_url\">";
- $last_error = db_fetch_result($result, 0, "last_error");
+ $last_error = $row["last_error"];
- if ($last_error) {
- print " <img src=\"images/error.png\" alt=\"(error)\"
+ if ($last_error) {
+ print " <img src=\"images/error.png\" alt=\"(error)\"
style=\"vertical-align : middle\"
title=\"".htmlspecialchars($last_error)."\">";
- }
+ }
- /* Category */
+ /* Category */
- if (get_pref('ENABLE_FEED_CATS')) {
+ if (get_pref('ENABLE_FEED_CATS')) {
- $cat_id = db_fetch_result($result, 0, "cat_id");
+ $cat_id = $row["cat_id"];
- print "<hr/>";
+ print "<hr/>";
- print __('Place in category:') . " ";
+ print __('Place in category:') . " ";
- print_feed_cat_select("cat_id", $cat_id,
- 'dojoType="dijit.form.Select"');
- }
+ print_feed_cat_select("cat_id", $cat_id,
+ 'dojoType="dijit.form.Select"');
+ }
- /* FTS Stemming Language */
+ /* Site URL */
- if (DB_TYPE == "pgsql") {
- $feed_language = db_fetch_result($result, 0, "feed_language");
+ $site_url = htmlspecialchars($row["site_url"]);
print "<hr/>";
- print __('Language:') . " ";
- print_select("feed_language", $feed_language, $this::$feed_languages,
- 'dojoType="dijit.form.Select"');
- }
+ print __('Site URL:') . " ";
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ placeHolder=\"".__("Site URL")."\"
+ regExp='^(http|https)://.*' style=\"width : 15em\"
+ name=\"site_url\" value=\"$site_url\">";
- print "</div>";
+ /* FTS Stemming Language */
- print "<div class=\"dlgSec\">".__("Update")."</div>";
- print "<div class=\"dlgSecCont\">";
+ if (DB_TYPE == "pgsql") {
+ $feed_language = $row["feed_language"];
- /* Update Interval */
+ print "<hr/>";
- $update_interval = db_fetch_result($result, 0, "update_interval");
+ print __('Language:') . " ";
+ print_select("feed_language", $feed_language, $this::$feed_languages,
+ 'dojoType="dijit.form.Select"');
+ }
- print_select_hash("update_interval", $update_interval, $update_intervals,
- 'dojoType="dijit.form.Select"');
+ print "</div>";
- /* Purge intl */
+ print "<div class=\"dlgSec\">".__("Update")."</div>";
+ print "<div class=\"dlgSecCont\">";
- $purge_interval = db_fetch_result($result, 0, "purge_interval");
+ /* Update Interval */
- print "<hr/>";
- print __('Article purging:') . " ";
+ $update_interval = $row["update_interval"];
- print_select_hash("purge_interval", $purge_interval, $purge_intervals,
- 'dojoType="dijit.form.Select" ' .
- ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"'));
+ print_select_hash("update_interval", $update_interval, $update_intervals,
+ 'dojoType="dijit.form.Select"');
- print "</div>";
+ /* Purge intl */
- $auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login"));
- $auth_pass = db_fetch_result($result, 0, "auth_pass");
+ if (FORCE_ARTICLE_PURGE == 0) {
+ $purge_interval = $row["purge_interval"];
- if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
+ print "<hr/>";
+ print __('Article purging:') . " ";
+
+ print_select_hash("purge_interval", $purge_interval, $purge_intervals,
+ 'dojoType="dijit.form.Select" ' .
+ ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"'));
}
- $auth_pass = htmlspecialchars($auth_pass);
- $auth_enabled = $auth_login !== '' || $auth_pass !== '';
+ print "</div>";
- $auth_style = $auth_enabled ? '' : 'display: none';
- print "<div id='feedEditDlg_loginContainer' style='$auth_style'>";
- print "<div class=\"dlgSec\">".__("Authentication")."</div>";
- print "<div class=\"dlgSecCont\">";
+ $auth_login = htmlspecialchars($row["auth_login"]);
+ $auth_pass = htmlspecialchars($row["auth_pass"]);
+
+ $auth_enabled = $auth_login !== '' || $auth_pass !== '';
+
+ $auth_style = $auth_enabled ? '' : 'display: none';
+ print "<div id='feedEditDlg_loginContainer' style='$auth_style'>";
+ print "<div class=\"dlgSec\">".__("Authentication")."</div>";
+ print "<div class=\"dlgSecCont\">";
- print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
+ print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
placeHolder=\"".__("Login")."\"
autocomplete=\"new-password\"
name=\"auth_login\" value=\"$auth_login\"><hr/>";
-
- print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
+ print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
autocomplete=\"new-password\"
placeHolder=\"".__("Password")."\"
value=\"$auth_pass\">";
- print "<div dojoType=\"dijit.Tooltip\" connectId=\"feedEditDlg_login\" position=\"below\">
+ print "<div dojoType=\"dijit.Tooltip\" connectId=\"feedEditDlg_login\" position=\"below\">
".__('<b>Hint:</b> you need to fill in your login information if your feed requires authentication, except for Twitter feeds.')."
</div>";
- print "</div></div>";
+ print "</div></div>";
- $auth_checked = $auth_enabled ? 'checked' : '';
- print "<div style=\"clear : both\">
+ $auth_checked = $auth_enabled ? 'checked' : '';
+ print "<div style=\"clear : both\">
<input type=\"checkbox\" $auth_checked name=\"need_auth\" dojoType=\"dijit.form.CheckBox\" id=\"feedEditDlg_loginCheck\"
onclick='checkboxToggleElement(this, \"feedEditDlg_loginContainer\")'>
<label for=\"feedEditDlg_loginCheck\">".
- __('This feed requires authentication.')."</div>";
+ __('This feed requires authentication.')."</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Options').'">';
+ print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Options').'">';
- //print "<div class=\"dlgSec\">".__("Options")."</div>";
- print "<div class=\"dlgSecSimple\">";
+ //print "<div class=\"dlgSec\">".__("Options")."</div>";
+ print "<div class=\"dlgSecSimple\">";
- $private = sql_bool_to_bool(db_fetch_result($result, 0, "private"));
+ $private = $row["private"];
- if ($private) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($private) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
+ print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
$checked> <label for=\"private\">".__('Hide from Popular feeds')."</label>";
- $include_in_digest = sql_bool_to_bool(db_fetch_result($result, 0, "include_in_digest"));
+ if (DIGEST_SUBJECT !== false) {
+ $include_in_digest = $row["include_in_digest"];
- if ($include_in_digest) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($include_in_digest) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"include_in_digest\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"include_in_digest\"
name=\"include_in_digest\"
$checked> <label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>";
+ }
- $always_display_enclosures = sql_bool_to_bool(db_fetch_result($result, 0, "always_display_enclosures"));
+ $always_display_enclosures = $row["always_display_enclosures"];
- if ($always_display_enclosures) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($always_display_enclosures) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"always_display_enclosures\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"always_display_enclosures\"
name=\"always_display_enclosures\"
$checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
- $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images"));
+ $hide_images = $row["hide_images"];
- if ($hide_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($hide_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
name=\"hide_images\"
$checked> <label for=\"hide_images\">".
- __('Do not embed images')."</label>";
+ __('Do not embed media')."</label>";
- $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
+ $cache_images = $row["cache_images"];
- if ($cache_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($cache_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
$checked> <label for=\"cache_images\">".
- __('Cache media')."</label>";
+ __('Cache media')."</label>";
- $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update"));
+ $mark_unread_on_update = $row["mark_unread_on_update"];
- if ($mark_unread_on_update) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($mark_unread_on_update) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"mark_unread_on_update\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"mark_unread_on_update\"
name=\"mark_unread_on_update\"
$checked> <label for=\"mark_unread_on_update\">".__('Mark updated articles as unread')."</label>";
- print "</div>";
+ print "</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Icon').'">';
+ print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Icon').'">';
- /* Icon */
+ /* Icon */
- print "<div class=\"dlgSecSimple\">";
+ print "<div class=\"dlgSecSimple\">";
- print "<iframe name=\"icon_upload_iframe\"
- style=\"width: 400px; height: 100px; display: none;\"></iframe>";
+ print "<img class=\"feedIcon\" src=\"".Feeds::getFeedIcon($feed_id)."\">";
- print "<form style='display : block' target=\"icon_upload_iframe\"
+ print "<iframe name=\"icon_upload_iframe\"
+ style=\"width: 400px; height: 100px; display: none;\"></iframe>";
+
+ print "<form style='display : block' target=\"icon_upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
- <input id=\"icon_file\" size=\"10\" name=\"icon_file\" type=\"file\">
+ <label class=\"dijitButton\">".__("Choose file...")."
+ <input style=\"display: none\" id=\"icon_file\" size=\"10\" name=\"icon_file\" type=\"file\">
+ </label>
<input type=\"hidden\" name=\"op\" value=\"pref-feeds\">
<input type=\"hidden\" name=\"feed_id\" value=\"$feed_id\">
- <input type=\"hidden\" name=\"method\" value=\"uploadicon\"><p>
+ <input type=\"hidden\" name=\"method\" value=\"uploadicon\">
<button class=\"\" dojoType=\"dijit.form.Button\" onclick=\"return uploadFeedIcon();\"
type=\"submit\">".__('Replace')."</button>
- <button class=\"\" dojoType=\"dijit.form.Button\" onclick=\"return removeFeedIcon($feed_id);\"
+ <button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick=\"return removeFeedIcon($feed_id);\"
type=\"submit\">".__('Remove')."</button>
</form>";
- print "</div>";
+ print "</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Plugins').'">';
+ print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Plugins').'">';
- PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED,
- "hook_prefs_edit_feed", $feed_id);
+ PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED,
+ "hook_prefs_edit_feed", $feed_id);
- print "</div></div>";
+ print "</div></div>";
- $title = htmlspecialchars($title, ENT_QUOTES);
+ $title = htmlspecialchars($title, ENT_QUOTES);
- print "<div class='dlgButtons'>
+ print "<div class='dlgButtons'>
<div style=\"float : left\">
- <button class=\"danger\" dojoType=\"dijit.form.Button\" onclick='return unsubscribeFeed($feed_id, \"$title\")'>".
+ <button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick='return unsubscribeFeed($feed_id, \"$title\")'>".
__('Unsubscribe')."</button>";
- print "</div>";
-
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').execute()\">".__('Save')."</button>
- <button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').hide()\">".__('Cancel')."</button>
- </div>";
-
+ print "</div>";
- return;
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').execute()\">".__('Save')."</button>
+ <button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').hide()\">".__('Cancel')."</button>
+ </div>";
+ }
}
function editfeeds() {
global $purge_intervals;
global $update_intervals;
- $feed_ids = $_REQUEST["ids"];
+ $feed_ids = clean($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
name=\"hide_images\"
dojoType=\"dijit.form.CheckBox\"> <label class='insensitive' id=\"hide_images_l\"
for=\"hide_images\">".
- __('Do not embed images')."</label>";
+ __('Do not embed media')."</label>";
print " "; $this->batch_edit_cbox("hide_images", "hide_images_l");
function editsaveops($batch) {
- $feed_title = trim($_POST["title"]);
- $feed_url = trim($_POST["feed_url"]);
- $upd_intl = (int) $_POST["update_interval"];
- $purge_intl = (int) $_POST["purge_interval"];
- $feed_id = (int) $_POST["id"]; /* editSave */
- $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */
- $cat_id = (int) $_POST["cat_id"];
- $auth_login = trim($_POST["auth_login"]);
- $auth_pass = trim($_POST["auth_pass"]);
- $private = checkbox_to_sql_bool($_POST["private"]);
+ $feed_title = trim(clean($_POST["title"]));
+ $feed_url = trim(clean($_POST["feed_url"]));
+ $site_url = trim(clean($_POST["site_url"]));
+ $upd_intl = (int) clean($_POST["update_interval"]);
+ $purge_intl = (int) clean($_POST["purge_interval"]);
+ $feed_id = (int) clean($_POST["id"]); /* editSave */
+ $feed_ids = explode(",", clean($_POST["ids"])); /* batchEditSave */
+ $cat_id = (int) clean($_POST["cat_id"]);
+ $auth_login = trim(clean($_POST["auth_login"]));
+ $auth_pass = trim(clean($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(clean($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- $_POST["include_in_digest"]);
+ clean($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- $_POST["cache_images"]);
+ clean($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
- $_POST["hide_images"]);
+ clean($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- $_POST["always_display_enclosures"]);
+ clean($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- $_POST["mark_unread_on_update"]);
+ clean($_POST["mark_unread_on_update"]));
- $feed_language = trim($_POST["feed_language"]);
+ $feed_language = trim(clean($_POST["feed_language"]));
if (!$batch) {
- if ($_POST["need_auth"] !== 'on') {
+ if (clean($_POST["need_auth"]) !== 'on') {
$auth_login = '';
$auth_pass = '';
}
- $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
+ /* $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
$sth->execute([$feed_id]);
- $row = $sth->fetch();
- $orig_feed_url = $row["feed_url"];
+ $row = $sth->fetch();$orig_feed_url = $row["feed_url"];
- $reset_basic_info = $orig_feed_url != $feed_url;
+ $reset_basic_info = $orig_feed_url != $feed_url; */
$sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
cat_id = :cat_id,
- title = :title,
+ title = :title,
feed_url = :feed_url,
+ site_url = :site_url,
update_interval = :upd_intl,
purge_interval = :purge_intl,
auth_login = :auth_login,
$sth->execute([":title" => $feed_title,
":cat_id" => $cat_id ? $cat_id : null,
":feed_url" => $feed_url,
+ ":site_url" => $site_url,
":upd_intl" => $upd_intl,
":purge_intl" => $purge_intl,
":auth_login" => $auth_login,
":id" => $feed_id,
":uid" => $_SESSION['uid']]);
- if ($reset_basic_info) {
+/* if ($reset_basic_info) {
RSSUtils::set_basic_feed_info($feed_id);
- }
+ } */
PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_SAVE_FEED,
"hook_prefs_save_feed", $feed_id);
foreach (array_keys($_POST) as $k) {
if ($k != "op" && $k != "method" && $k != "ids") {
- $feed_data[$k] = $_POST[$k];
+ $feed_data[$k] = clean($_POST[$k]);
}
}
function remove() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
return;
}
- function categorize() {
- $ids = explode(",", $_REQUEST["ids"]);
-
- $cat_id = $_REQUEST["cat_id"];
-
- if ($cat_id == 0) {
- $cat_id_qpart = 'NULL';
- } else {
- $cat_id_qpart = "'$cat_id'";
- }
-
- db_query("BEGIN");
-
- foreach ($ids as $id) {
-
- db_query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
- WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
-
- }
-
- db_query("COMMIT");
- }
-
function removeCat() {
- $ids = explode(",", $_REQUEST["ids"]);
+ $ids = explode(",", clean($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = trim($_REQUEST["cat"]);
+ $feed_cat = trim(clean($_REQUEST["cat"]));
add_feed_category($feed_cat);
}
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">";
- $result = db_query("SELECT COUNT(id) AS num_errors
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $num_errors = db_fetch_result($result, 0, "num_errors");
+ if ($row = $sth->fetch()) {
+ $num_errors = $row["num_errors"];
+ } else {
+ $num_errors = 0;
+ }
if ($num_errors > 0) {
onclick=\"showInactiveFeeds()\">" .
__("Inactive feeds") . "</button>";
- $feed_search = $_REQUEST["search"];
+ $feed_search = clean($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
print $error_button;
print $inactive_button;
- if (defined('_ENABLE_FEED_DEBUGGING')) {
-
- print "<select id=\"feedActionChooser\" onchange=\"feedActionChange()\">
- <option value=\"facDefault\" selected>".__('More actions...')."</option>";
-
- if (FORCE_ARTICLE_PURGE == 0) {
- print
- "<option value=\"facPurge\">".__('Manual purge')."</option>";
- }
-
- print "
- <option value=\"facClear\">".__('Clear feed data')."</option>
- <option value=\"facRescore\">".__('Rescore articles')."</option>";
-
- print "</select>";
-
- }
-
print "</div>"; # toolbar
//print '</div>';
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
+ $auto_expand = $feed_search != "" ? "true" : "false";
+
print "<div dojoType=\"fox.PrefFeedStore\" jsId=\"feedStore\"
url=\"backend.php?op=pref-feeds&method=getfeedtree\">
</div>
<div dojoType=\"fox.PrefFeedTree\" id=\"feedTree\"
dndController=\"dijit.tree.dndSource\"
betweenThreshold=\"5\"
- autoExpand='true'
+ autoExpand='$auto_expand'
model=\"feedModel\" openOnClick=\"false\">
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
print "<form name=\"opml_form\" style='display : block' target=\"upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
- <input id=\"opml_file\" name=\"opml_file\" type=\"file\">
+ <label class=\"dijitButton\">".__("Choose file...")."
+ <input style=\"display : none\" id=\"opml_file\" name=\"opml_file\" type=\"file\">
+ </label>
<input type=\"hidden\" name=\"op\" value=\"dlg\">
<input type=\"hidden\" name=\"method\" value=\"importOpml\">
<button dojoType=\"dijit.form.Button\" onclick=\"return opmlImport();\" type=\"submit\">" .
$opml_export_filename = "TinyTinyRSS_".date("Y-m-d").".opml";
print "<p>" . __('Filename:') .
- " <input type=\"text\" id=\"filename\" value=\"$opml_export_filename\" /> " .
+ " <input class=\"input input-text\" type=\"text\" id=\"filename\" value=\"$opml_export_filename\" /> " .
__('Include settings') . "<input type=\"checkbox\" id=\"settings\" checked=\"1\"/>";
print "</p><button dojoType=\"dijit.form.Button\"
print "</div>"; # pane
- if (strpos($_SERVER['HTTP_USER_AGENT'], "Firefox") !== false) {
-
- print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Firefox integration')."\">";
-
- print_notice(__('This Tiny Tiny RSS site can be used as a Firefox Feed Reader by clicking the link below.'));
-
- print "<p>";
-
- print "<button onclick='window.navigator.registerContentHandler(" .
- "\"application/vnd.mozilla.maybe.feed\", " .
- "\"" . $this->subscribe_to_feed_url() . "\", " . " \"Tiny Tiny RSS\")'>" .
- __('Click here to register this site as a feed reader.') .
- "</button>";
-
- print "</p>";
-
- print "</div>"; # pane
- }
-
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Published & shared articles / Generated feeds')."\">";
print "<p>" . __('Published articles are exported as a public RSS feed and can be subscribed by anyone who knows the URL specified below.') . "</p>";
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- $result = db_query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
+ $sth = $this->pdo->prepare("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart
- AND ttrss_feeds.owner_uid = ".$_SESSION["uid"]." AND
+ AND ttrss_feeds.owner_uid = ? AND
ttrss_user_entries.feed_id = ttrss_feeds.id AND
ttrss_entries.id = ref_id
GROUP BY ttrss_feeds.title, ttrss_feeds.id, ttrss_feeds.site_url, ttrss_feeds.feed_url
ORDER BY last_article");
+ $sth->execute([$_SESSION['uid']]);
print "<p" .__("These feeds have not been updated with new content for 3 months (oldest first):") . "</p>";
$lnum = 1;
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FUPDD-$feed_id\"";
print "<div class='dlgButtons'>";
print "<div style='float : left'>";
- print "<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('inactiveFeedsDlg').removeSelected()\">"
+ print "<button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('inactiveFeedsDlg').removeSelected()\">"
.__('Unsubscribe from selected feeds')."</button> ";
print "</div>";
}
function feedsWithErrors() {
- $result = db_query("SELECT id,title,feed_url,last_error,site_url
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id,title,feed_url,last_error,site_url
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
print "<div dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
$lnum = 1;
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FERDD-$feed_id\"";
print "<div class='dlgButtons'>";
print "<div style='float : left'>";
- print "<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('errorFeedsDlg').removeSelected()\">"
+ print "<button class=\"btn-danger\" dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('errorFeedsDlg').removeSelected()\">"
.__('Unsubscribe from selected feeds')."</button> ";
print "</div>";
private function remove_feed_category($id, $owner_uid) {
- db_query("DELETE FROM ttrss_feed_categories
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_feed_categories
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
CCache::remove($id, $owner_uid, true);
}
static function remove_feed($id, $owner_uid) {
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_UNSUBSCRIBE_FEED) as $p) {
+ if (! $p->hook_unsubscribe_feed($id, $owner_uid)) {
+ user_error("Feed $id (owner: $owner_uid) not removed due to plugin error (HOOK_UNSUBSCRIBE_FEED).", E_USER_WARNING);
+ return;
+ }
+ }
+
+ $pdo = Db::pdo();
if ($id > 0) {
+ $pdo->beginTransaction();
/* save starred articles in Archived feed */
- db_query("BEGIN");
-
/* prepare feed if necessary */
- $result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = $id
- AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- $feed_url = db_fetch_result($result, 0, "feed_url");
+ if ($row = $sth->fetch()) {
+ $feed_url = $row["feed_url"];
- $result = db_query("SELECT id FROM ttrss_archived_feeds
- WHERE feed_url = '$feed_url' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_archived_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $owner_uid]);
- if (db_num_rows($result) == 0) {
- $result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
- $new_feed_id = (int)db_fetch_result($result, 0, "id") + 1;
+ if ($row = $sth->fetch()) {
+ $archive_id = $row["id"];
+ } else {
+ $res = $pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
+ $row = $res->fetch();
- db_query("INSERT INTO ttrss_archived_feeds
- (id, owner_uid, title, feed_url, site_url)
- SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds
- WHERE id = '$id'");
+ $new_feed_id = (int)$row['id'] + 1;
- $archive_id = $new_feed_id;
- } else {
- $archive_id = db_fetch_result($result, 0, "id");
- }
+ $sth = $pdo->prepare("INSERT INTO ttrss_archived_feeds
+ (id, owner_uid, title, feed_url, site_url)
+ SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$new_feed_id, $id]);
+
+ $archive_id = $new_feed_id;
+ }
- db_query("UPDATE ttrss_user_entries SET feed_id = NULL,
- orig_feed_id = '$archive_id' WHERE feed_id = '$id' AND
- marked = true AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET feed_id = NULL,
+ orig_feed_id = ? WHERE feed_id = ? AND
+ marked = true AND owner_uid = ?");
- /* Remove access key for the feed */
+ $sth->execute([$archive_id, $id, $owner_uid]);
- db_query("DELETE FROM ttrss_access_keys WHERE
- feed_id = '$id' AND owner_uid = $owner_uid");
+ /* Remove access key for the feed */
- /* remove the feed */
+ $sth = $pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ feed_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- db_query("DELETE FROM ttrss_feeds
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ /* remove the feed */
- db_query("COMMIT");
+ $sth = $pdo->prepare("DELETE FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
+ }
+
+ $pdo->commit();
if (file_exists(ICONS_DIR . "/$id.ico")) {
unlink(ICONS_DIR . "/$id.ico");
}
function batchAddFeeds() {
- $cat_id = $_REQUEST['cat'];
- $feeds = explode("\n", $_REQUEST['feeds']);
- $login = $_REQUEST['login'];
- $pass = trim($_REQUEST['pass']);
+ $cat_id = clean($_REQUEST['cat']);
+ $feeds = explode("\n", clean($_REQUEST['feeds']));
+ $login = clean($_REQUEST['login']);
+ $pass = trim(clean($_REQUEST['pass']));
foreach ($feeds as $feed) {
$feed = trim($feed);
if (validate_feed_url($feed)) {
- db_query("BEGIN");
-
- if ($cat_id == "0" || !$cat_id) {
- $cat_qpart = "NULL";
- } else {
- $cat_qpart = "'$cat_id'";
- }
-
- $result = db_query(
- "SELECT id FROM ttrss_feeds
- WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
+ $this->pdo->beginTransaction();
- $pass = $pass;
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed, $_SESSION['uid']]);
- if (db_num_rows($result) == 0) {
- $result = db_query(
- "INSERT INTO ttrss_feeds
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
- VALUES ('".$_SESSION["uid"]."', '$feed',
- '[Unknown]', $cat_qpart, '$login', '$pass', 0, false)");
+ VALUES (?, ?, '[Unknown]', ?, ?, ?, 0, false)");
+
+ $sth->execute([$_SESSION['uid'], $feed, $cat_id ? $cat_id : null, $login, $pass]);
}
- db_query("COMMIT");
+ $this->pdo->commit();
}
}
}
}
function regenFeedKey() {
- $feed_id = $_REQUEST['id'];
- $is_cat = $_REQUEST['is_cat'] == "true";
+ $feed_id = clean($_REQUEST['id']);
+ $is_cat = clean($_REQUEST['is_cat']);
$new_key = $this->update_feed_access_key($feed_id, $is_cat);
- print json_encode(array("link" => $new_key));
+ print json_encode(["link" => $new_key]);
}
private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $sql_is_cat = bool_to_sql_bool($is_cat);
-
- $result = db_query("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ // clear old value and generate new one
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, bool_to_sql_bool($is_cat), $owner_uid]);
- if (db_num_rows($result) == 1) {
- $key = uniqid_short();
-
- db_query("UPDATE ttrss_access_keys SET access_key = '$key'
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
-
- return $key;
-
- } else {
- return get_feed_access_key($feed_id, $is_cat, $owner_uid);
- }
+ return get_feed_access_key($feed_id, $is_cat, $owner_uid);
}
// Silent
function clearKeys() {
- db_query("DELETE FROM ttrss_access_keys WHERE
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
private function calculate_children_count($cat) {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- $result = db_query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_inactive FROM ttrss_feeds WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
- ttrss_feeds.owner_uid = ".$_SESSION["uid"]);
+ ttrss_feeds.owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- print (int) db_fetch_result($result, 0, "num_inactive");
+ if ($row = $sth->fetch()) {
+ print (int)$row["num_inactive"];
+ }
}
static function subscribe_to_feed_url() {
return $url_path;
}
-}
\ No newline at end of file
+}