@session_destroy();
@session_start();
- $login = $this->dbh->escape_string($_REQUEST["user"]);
+ $login = $_REQUEST["user"];
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) $login = "admin";
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) != 0) {
- $uid = $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $uid = $row["id"];
} else {
$uid = 0;
}
}
function getUnread() {
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
- $is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
+ $feed_id = $_REQUEST["feed_id"];
+ $is_cat = $_REQUEST["is_cat"];
if ($feed_id) {
$this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
}
function getFeeds() {
- $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
+ $cat_id = $_REQUEST["cat_id"];
$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
- $limit = (int) $this->dbh->escape_string($_REQUEST["limit"]);
- $offset = (int) $this->dbh->escape_string($_REQUEST["offset"]);
+ $limit = (int) $_REQUEST["limit"];
+ $offset = (int) $_REQUEST["offset"];
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
else
$nested_qpart = "true";
- $result = $this->dbh->query("SELECT
+ $sth = $this->pdo->prepare("SELECT
id, title, order_id, (SELECT COUNT(id) FROM
ttrss_feeds WHERE
ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds,
ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_cats
FROM ttrss_feed_categories
- WHERE $nested_qpart AND owner_uid = " .
- $_SESSION["uid"]);
+ WHERE $nested_qpart AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
$cats = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if ($include_empty || $line["num_feeds"] > 0 || $line["num_cats"] > 0) {
$unread = getFeedUnread($line["id"], true);
}
function getHeadlines() {
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = $_REQUEST["feed_id"];
if ($feed_id != "") {
if (is_numeric($feed_id)) $feed_id = (int) $feed_id;
- $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]);
+ $limit = (int)$_REQUEST["limit"];
if (!$limit || $limit >= 200) $limit = 200;
- $offset = (int)$this->dbh->escape_string($_REQUEST["skip"]);
- $filter = $this->dbh->escape_string($_REQUEST["filter"]);
+ $offset = (int)$_REQUEST["skip"];
+ $filter = $_REQUEST["filter"];
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
/* all_articles, unread, adaptive, marked, updated */
- $view_mode = $this->dbh->escape_string($_REQUEST["view_mode"]);
+ $view_mode = $_REQUEST["view_mode"];
$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
- $since_id = (int)$this->dbh->escape_string($_REQUEST["since_id"]);
+ $since_id = (int)$_REQUEST["since_id"];
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
sql_bool_to_bool($_REQUEST["sanitize"]);
$force_update = sql_bool_to_bool($_REQUEST["force_update"]);
$has_sandbox = sql_bool_to_bool($_REQUEST["has_sandbox"]);
- $excerpt_length = (int)$this->dbh->escape_string($_REQUEST["excerpt_length"]);
- $check_first_id = (int)$this->dbh->escape_string($_REQUEST["check_first_id"]);
+ $excerpt_length = (int)$_REQUEST["excerpt_length"];
+ $check_first_id = (int)$_REQUEST["check_first_id"];
$include_header = sql_bool_to_bool($_REQUEST["include_header"]);
$_SESSION['hasSandbox'] = $has_sandbox;
/* do not rely on params below */
- $search = $this->dbh->escape_string($_REQUEST["search"]);
+ $search = $_REQUEST["search"];
list($headlines, $headlines_header) = $this->api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
}
function updateArticle() {
- $article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
- $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);
- $data = $this->dbh->escape_string($_REQUEST["data"]);
- $field_raw = (int)$this->dbh->escape_string($_REQUEST["field"]);
+ $article_ids = explode(",", $_REQUEST["article_ids"]);
+ $mode = (int) $_REQUEST["mode"];
+ $data = $_REQUEST["data"];
+ $field_raw = (int)$_REQUEST["field"];
$field = "";
$set_to = "";
break;
}
- if ($field == "note") $set_to = "'$data'";
+ if ($field == "note") $set_to = $this->pdo->quote($data);
if ($field && $set_to && count($article_ids) > 0) {
- $article_ids = join(", ", $article_ids);
+ $article_qmarks = arr_qmarks($article_ids);
- $result = $this->dbh->query("UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ $field = $set_to $additional_fields
+ WHERE ref_id IN ($article_qmarks) AND owner_uid = ?");
+ $sth->execute(array_merge($article_ids, [$_SESSION['uid']]));
- $num_updated = $this->dbh->affected_rows($result);
+ $num_updated = $sth->rowCount();
if ($num_updated > 0 && $field == "unread") {
- $result = $this->dbh->query("SELECT DISTINCT feed_id FROM ttrss_user_entries
- WHERE ref_id IN ($article_ids)");
+ $sth = $this->pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries
+ WHERE ref_id IN ($article_qmarks)");
+ $sth->execute($article_ids);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
CCache::update($line["feed_id"], $_SESSION["uid"]);
}
}
function getArticle() {
- $article_id = join(",", array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_id"])), is_numeric));
+ $article_ids = explode(",", $_REQUEST["article_id"]);
$sanitize_content = !isset($_REQUEST["sanitize"]) ||
sql_bool_to_bool($_REQUEST["sanitize"]);
- if ($article_id) {
+ if ($article_ids) {
- $query = "SELECT id,guid,title,link,content,feed_id,comments,int_id,
+ $article_qmarks = arr_qmarks($article_ids);
+
+ $sth = $this->pdo->prepare("SELECT id,guid,title,link,content,feed_id,comments,int_id,
marked,unread,published,score,note,lang,
".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title,
(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) AS site_url,
(SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) AS hide_images
FROM ttrss_entries,ttrss_user_entries
- WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " .
- $_SESSION["uid"] ;
+ WHERE id IN ($article_qmarks) AND ref_id = id AND owner_uid = ?");
- $result = $this->dbh->query($query);
+ $sth->execute(array_merge($article_ids, [$_SESSION['uid']]));
$articles = array();
- if ($this->dbh->num_rows($result) != 0) {
-
- while ($line = $this->dbh->fetch_assoc($result)) {
-
- $attachments = Article::get_article_enclosures($line['id']);
-
- $article = array(
- "id" => $line["id"],
- "guid" => $line["guid"],
- "title" => $line["title"],
- "link" => $line["link"],
- "labels" => Article::get_article_labels($line['id']),
- "unread" => sql_bool_to_bool($line["unread"]),
- "marked" => sql_bool_to_bool($line["marked"]),
- "published" => sql_bool_to_bool($line["published"]),
- "comments" => $line["comments"],
- "author" => $line["author"],
- "updated" => (int) strtotime($line["updated"]),
- "feed_id" => $line["feed_id"],
- "attachments" => $attachments,
- "score" => (int)$line["score"],
- "feed_title" => $line["feed_title"],
- "note" => $line["note"],
- "lang" => $line["lang"]
- );
-
- if ($sanitize_content) {
- $article["content"] = sanitize(
- $line["content"],
- sql_bool_to_bool($line['hide_images']),
- false, $line["site_url"], false, $line["id"]);
- } else {
- $article["content"] = $line["content"];
- }
-
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) {
- $article = $p->hook_render_article_api(array("article" => $article));
- }
+ while ($line = $sth->fetch()) {
+
+ $attachments = Article::get_article_enclosures($line['id']);
+
+ $article = array(
+ "id" => $line["id"],
+ "guid" => $line["guid"],
+ "title" => $line["title"],
+ "link" => $line["link"],
+ "labels" => Article::get_article_labels($line['id']),
+ "unread" => sql_bool_to_bool($line["unread"]),
+ "marked" => sql_bool_to_bool($line["marked"]),
+ "published" => sql_bool_to_bool($line["published"]),
+ "comments" => $line["comments"],
+ "author" => $line["author"],
+ "updated" => (int) strtotime($line["updated"]),
+ "feed_id" => $line["feed_id"],
+ "attachments" => $attachments,
+ "score" => (int)$line["score"],
+ "feed_title" => $line["feed_title"],
+ "note" => $line["note"],
+ "lang" => $line["lang"]
+ );
+
+ if ($sanitize_content) {
+ $article["content"] = sanitize(
+ $line["content"],
+ sql_bool_to_bool($line['hide_images']),
+ false, $line["site_url"], false, $line["id"]);
+ } else {
+ $article["content"] = $line["content"];
+ }
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) {
+ $article = $p->hook_render_article_api(array("article" => $article));
+ }
- array_push($articles, $article);
+ array_push($articles, $article);
- }
}
$this->wrap(self::STATUS_OK, $articles);
$config["daemon_is_running"] = file_is_locked("update_daemon.lock");
- $result = $this->dbh->query("SELECT COUNT(*) AS cf FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
-
- $num_feeds = $this->dbh->fetch_result($result, 0, "cf");
+ $sth = $this->pdo->prepare("SELECT COUNT(*) AS cf FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $config["num_feeds"] = (int)$num_feeds;
+ $config["num_feeds"] = $row["cf"];
$this->wrap(self::STATUS_OK, $config);
}
function updateFeed() {
- $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = (int) $_REQUEST["feed_id"];
if (!ini_get("open_basedir")) {
RSSUtils::update_rss_feed($feed_id);
}
function catchupFeed() {
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
- $is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
+ $feed_id = $_REQUEST["feed_id"];
+ $is_cat = $_REQUEST["is_cat"];
Feeds::catchup_feed($feed_id, $is_cat);
}
function getPref() {
- $pref_name = $this->dbh->escape_string($_REQUEST["pref_name"]);
+ $pref_name = $_REQUEST["pref_name"];
$this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
}
function getLabels() {
- //$article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
-
$article_id = (int)$_REQUEST['article_id'];
$rv = array();
- $result = $this->dbh->query("SELECT id, caption, fg_color, bg_color
+ $sth = $this->pdo->prepare("SELECT id, caption, fg_color, bg_color
FROM ttrss_labels2
- WHERE owner_uid = '".$_SESSION['uid']."' ORDER BY caption");
+ WHERE owner_uid = ? ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
if ($article_id)
$article_labels = Article::get_article_labels($article_id);
else
$article_labels = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$checked = false;
foreach ($article_labels as $al) {
function setArticleLabel() {
- $article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
- $label_id = (int) $this->dbh->escape_string($_REQUEST['label_id']);
+ $article_ids = explode(",", $_REQUEST["article_ids"]);
+ $label_id = (int) $_REQUEST['label_id'];
$assign = sql_bool_to_bool($_REQUEST['assign']);
- $label = $this->dbh->escape_string(Labels::find_caption(
- Labels::feed_to_label_id($label_id), $_SESSION["uid"]));
+ $label = Labels::find_caption(Labels::feed_to_label_id($label_id), $_SESSION["uid"]);
$num_updated = 0;
}
function shareToPublished() {
- $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"]));
- $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"]));
- $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
+ $title = strip_tags($_REQUEST["title"]);
+ $url = strip_tags($_REQUEST["url"]);
+ $content = strip_tags($_REQUEST["content"]);
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
$this->wrap(self::STATUS_OK, array("status" => 'OK'));
$feeds = array();
+ $pdo = Db::pdo();
+
+ $limit = (int) $limit;
+ $offset = (int) $offset;
+ $cat_id = (int) $cat_id;
+
/* Labels */
if ($cat_id == -4 || $cat_id == -2) {
/* Child cats */
if ($include_nested && $cat_id) {
- $result = db_query("SELECT
+ $sth = $pdo->prepare("SELECT
id, title, order_id FROM ttrss_feed_categories
- WHERE parent_cat = '$cat_id' AND owner_uid = " . $_SESSION["uid"] .
- " ORDER BY id, title");
+ WHERE parent_cat = ? AND owner_uid = ? ORDER BY id, title");
+
+ $sth->execute([$cat_id, $_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$unread = getFeedUnread($line["id"], true) +
Feeds::getCategoryChildrenUnread($line["id"]);
}
if ($cat_id == -4 || $cat_id == -3) {
- $result = db_query("SELECT
+ $sth = $pdo->prepare("SELECT
id, feed_url, cat_id, title, order_id, ".
SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
- FROM ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"] .
- " ORDER BY cat_id, title " . $limit_qpart);
- } else {
+ FROM ttrss_feeds WHERE owner_uid = ?
+ ORDER BY cat_id, title " . $limit_qpart);
+ $sth->execute([$_SESSION['uid']]);
- if ($cat_id)
- $cat_qpart = "cat_id = '$cat_id'";
- else
- $cat_qpart = "cat_id IS NULL";
+ } else {
- $result = db_query("SELECT
+ $sth = $pdo->prepare("SELECT
id, feed_url, cat_id, title, order_id, ".
SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds WHERE
- $cat_qpart AND owner_uid = " . $_SESSION["uid"] .
- " ORDER BY cat_id, title " . $limit_qpart);
+ (cat_id = :cat OR (:cat = 0 AND cat_id IS NULL))
+ AND owner_uid = :uid
+ ORDER BY cat_id, title " . $limit_qpart);
+ $sth->execute([":uid" => $_SESSION['uid'], ":cat" => $cat_id]);
}
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$unread = getFeedUnread($line["id"]);
$search = "", $include_nested = false, $sanitize_content = true,
$force_update = false, $excerpt_length = 100, $check_first_id = false, $skip_first_id_check = false) {
+ $pdo = Db::pdo();
+
if ($force_update && $feed_id > 0 && is_numeric($feed_id)) {
// Update the feed if required with some basic flood control
- $result = db_query(
+ $sth = $pdo->prepare(
"SELECT cache_images,".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
- FROM ttrss_feeds WHERE id = '$feed_id'");
+ FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed_id]);
- if (db_num_rows($result) != 0) {
- $last_updated = strtotime(db_fetch_result($result, 0, "last_updated"));
- $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
+ if ($row = $sth->fetch()) {
+ $last_updated = strtotime($row["last_updated"]);
+ $cache_images = sql_bool_to_bool($row["cache_images"]);
if (!$cache_images && time() - $last_updated > 120) {
RSSUtils::update_rss_feed($feed_id, true);
} else {
- db_query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
- WHERE id = '$feed_id'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
+ WHERE id = ?");
+ $sth->execute([$feed_id]);
}
}
}
'is_cat' => $is_cat);
if (!is_numeric($result)) {
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $result->fetch()) {
$line["content_preview"] = truncate_string(strip_tags($line["content"]), $excerpt_length);
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
$line = $p->hook_query_headlines($line, $excerpt_length, true);
}
function unsubscribeFeed() {
- $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = (int) $_REQUEST["feed_id"];
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]);
$this->wrap(self::STATUS_OK, array("status" => "OK"));
} else {
}
function subscribeToFeed() {
- $feed_url = $this->dbh->escape_string($_REQUEST["feed_url"]);
- $category_id = (int) $this->dbh->escape_string($_REQUEST["category_id"]);
- $login = $this->dbh->escape_string($_REQUEST["login"]);
- $password = $this->dbh->escape_string($_REQUEST["password"]);
+ $feed_url = $_REQUEST["feed_url"];
+ $category_id = (int) $_REQUEST["category_id"];
+ $login = $_REQUEST["login"];
+ $password = $_REQUEST["password"];
if ($feed_url) {
$rc = Feeds::subscribe_to_feed($feed_url, $category_id, $login, $password);
private function isCategoryEmpty($id) {
if ($id == -2) {
- $result = $this->dbh->query("SELECT COUNT(*) AS count FROM ttrss_labels2
- WHERE owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS count FROM ttrss_labels2
+ WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- return $this->dbh->fetch_result($result, 0, "count") == 0;
+ return $row["count"] == 0;
} else if ($id == 0) {
- $result = $this->dbh->query("SELECT COUNT(*) AS count FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS count FROM ttrss_feeds
+ WHERE cat_id IS NULL AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- return $this->dbh->fetch_result($result, 0, "count") == 0;
+ return $row["count"] == 0;
}
}
function redirect() {
- $id = $this->dbh->escape_string($_REQUEST['id']);
-
- $result = $this->dbh->query("SELECT link FROM ttrss_entries, ttrss_user_entries
- WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
+ $sth = $this->pdo->prepare("SELECT link FROM ttrss_entries, ttrss_user_entries
+ WHERE id = ? AND id = ref_id AND owner_uid = ?
LIMIT 1");
+ $sth->execute([$id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 1) {
- $article_url = $this->dbh->fetch_result($result, 0, 'link');
+ if ($row = $sth->fetch()) {
+ $article_url = $row['link'];
$article_url = str_replace("\n", "", $article_url);
header("Location: $article_url");
}
function view() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $cids = explode(",", $this->dbh->escape_string($_REQUEST["cids"]));
- $mode = $this->dbh->escape_string($_REQUEST["mode"]);
+ $id = $_REQUEST["id"];
+ $cids = explode(",", $_REQUEST["cids"]);
+ $mode = $_REQUEST["mode"];
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
private function catchupArticleById($id, $cmode) {
if ($cmode == 0) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
unread = false,last_read = NOW()
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ WHERE ref_id = ? AND owner_uid = ?");
} else if ($cmode == 1) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
unread = true
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ WHERE ref_id = ? AND owner_uid = ?");
} else {
- $this->dbh->query("UPDATE ttrss_user_entries SET
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
unread = NOT unread,last_read = NOW()
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ WHERE ref_id = ? AND owner_uid = ?");
}
+ $sth->execute([$id, $_SESSION['uid']]);
+
$feed_id = $this->getArticleFeed($id);
CCache::update($feed_id, $_SESSION["uid"]);
}
if ($enable_share_anything) {
$extracted_content = $af_readability->extract_content($url);
- if ($extracted_content) $content = db_escape_string($extracted_content);
+ if ($extracted_content) $content = $extracted_content;
}
}
}
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) return false;
- db_query("BEGIN");
+ $pdo = Db::pdo();
+
+ $pdo->beginTransaction();
// only check for our user data here, others might have shared this with different content etc
- $result = db_query("SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
- guid = '$guid' AND ref_id = id AND owner_uid = '$owner_uid' LIMIT 1");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
+ guid = ? AND ref_id = id AND owner_uid = ? LIMIT 1");
+ $sth->execute([$guid, $owner_uid]);
- if (db_num_rows($result) != 0) {
- $ref_id = db_fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $ref_id = $row['id'];
- $result = db_query("SELECT int_id FROM ttrss_user_entries WHERE
- ref_id = '$ref_id' AND owner_uid = '$owner_uid' LIMIT 1");
+ $sth = $pdo->prepare("SELECT int_id FROM ttrss_user_entries WHERE
+ ref_id = ? AND owner_uid = ? LIMIT 1");
+ $sth->execute([$ref_id, $owner_uid]);
- if (db_num_rows($result) != 0) {
- $int_id = db_fetch_result($result, 0, "int_id");
+ if ($row = $sth->fetch()) {
+ $int_id = $row['int_id'];
- db_query("UPDATE ttrss_entries SET
- content = '$content', content_hash = '$content_hash' WHERE id = '$ref_id'");
+ $sth = $pdo->prepare("UPDATE ttrss_entries SET
+ content = ?, content_hash = ? WHERE id = ?");
+ $sth->execute([$content, $content_hash, $ref_id]);
- db_query("UPDATE ttrss_user_entries SET published = true,
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET published = true,
last_published = NOW() WHERE
- int_id = '$int_id' AND owner_uid = '$owner_uid'");
+ int_id = ? AND owner_uid = ?");
+ $sth->execute([$int_id, $owner_uid]);
+
} else {
- db_query("INSERT INTO ttrss_user_entries
+ $sth = $pdo->prepare("INSERT INTO ttrss_user_entries
(ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
last_read, note, unread, last_published)
VALUES
- ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())");
+ (?, '', NULL, NULL, ?, true, '', '', NOW(), '', false, NOW())");
+ $sth->execute([$ref_id, $owner_uid]);
}
if (count($labels) != 0) {
$rc = true;
} else {
- $result = db_query("INSERT INTO ttrss_entries
+ $sth = $pdo->prepare("INSERT INTO ttrss_entries
(title, guid, link, updated, content, content_hash, date_entered, date_updated)
VALUES
- ('$title', '$guid', '$url', NOW(), '$content', '$content_hash', NOW(), NOW())");
+ (?, ?, ?, NOW(), ?, ?, NOW(), NOW())");
+ $sth->execute([$title, $guid, $url, $content, $content_hash]);
- $result = db_query("SELECT id FROM ttrss_entries WHERE guid = '$guid'");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_entries WHERE guid = ?");
+ $sth->execute([$guid]);
- if (db_num_rows($result) != 0) {
- $ref_id = db_fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $ref_id = $row["id"];
- db_query("INSERT INTO ttrss_user_entries
+ $sth = $pdo->prepare("INSERT INTO ttrss_user_entries
(ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
last_read, note, unread, last_published)
VALUES
- ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())");
+ (?, '', NULL, NULL, ?, true, '', '', NOW(), '', false, NOW())");
+ $sth->execute([$ref_id, $owner_uid]);
if (count($labels) != 0) {
foreach ($labels as $label) {
}
}
- db_query("COMMIT");
+ $pdo->commit();
return $rc;
}
print __("Tags for this article (separated by commas):")."<br>";
- $param = $this->dbh->escape_string($_REQUEST['param']);
+ $param = $_REQUEST['param'];
- $tags = Article::get_article_tags($this->dbh->escape_string($param));
+ $tags = Article::get_article_tags($param);
$tags_str = join(", ", $tags);
}
function setScore() {
- $ids = $this->dbh->escape_string($_REQUEST['id']);
- $score = (int)$this->dbh->escape_string($_REQUEST['score']);
+ $ids = explode(",", $_REQUEST['id']);
+ $score = (int)$_REQUEST['score'];
- $this->dbh->query("UPDATE ttrss_user_entries SET
- score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
+ $ids_qmarks = arr_qmarks($ids);
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ score = ? WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
+
+ $sth->execute(array_merge([$score], $ids, [$_SESSION['uid']]));
print json_encode(array("id" => $ids,
"score" => (int)$score,
}
function getScore() {
- $id = $this->dbh->escape_string($_REQUEST['id']);
+ $id = $_REQUEST['id'];
+
+ $sth = $this->pdo->prepare("SELECT score FROM ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
+ $row = $sth->fetch();
- $result = $this->dbh->query("SELECT score FROM ttrss_user_entries WHERE ref_id = $id AND owner_uid = " . $_SESSION["uid"]);
- $score = $this->dbh->fetch_result($result, 0, "score");
+ $score = $row['score'];
print json_encode(array("id" => $id,
"score" => (int)$score,
function setArticleTags() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
+ $id = $_REQUEST["id"];
- $tags_str = $this->dbh->escape_string($_REQUEST["tags_str"]);
+ $tags_str = $_REQUEST["tags_str"];
$tags = array_unique(trim_array(explode(",", $tags_str)));
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT int_id FROM ttrss_user_entries WHERE
- ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
+ $sth = $this->pdo->prepare("SELECT int_id FROM ttrss_user_entries WHERE
+ ref_id = ? AND owner_uid = ? LIMIT 1");
+ $sth->execute([$id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 1) {
+ if ($row = $sth->fetch()) {
$tags_to_cache = array();
- $int_id = $this->dbh->fetch_result($result, 0, "int_id");
+ $int_id = $row['int_id'];
- $this->dbh->query("DELETE FROM ttrss_tags WHERE
- post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_tags WHERE
+ post_int_id = ? AND owner_uid = ?");
+ $sth->execute([$int_id, $_SESSION['uid']]);
foreach ($tags as $tag) {
$tag = sanitize_tag($tag);
// print "<!-- $id : $int_id : $tag -->";
if ($tag != '') {
- $this->dbh->query("INSERT INTO ttrss_tags
- (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_tags
+ (post_int_id, owner_uid, tag_name)
+ VALUES (?, ?, ?)");
+
+ $sth->execute([$int_id, $_SESSION['uid'], $tag]);
}
array_push($tags_to_cache, $tag);
sort($tags_to_cache);
$tags_str = join(",", $tags_to_cache);
- $this->dbh->query("UPDATE ttrss_user_entries
- SET tag_cache = '$tags_str' WHERE ref_id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
+ SET tag_cache = ? WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$tags_str, $id, $_SESSION['uid']]);
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
$tags = Article::get_article_tags($id);
$tags_str = $this->format_tags_string($tags, $id);
function completeTags() {
- $search = $this->dbh->escape_string($_REQUEST["search"]);
+ $search = $_REQUEST["search"];
- $result = $this->dbh->query("SELECT DISTINCT tag_name FROM ttrss_tags
- WHERE owner_uid = '".$_SESSION["uid"]."' AND
- tag_name LIKE '$search%' ORDER BY tag_name
+ $sth = $this->pdo->prepare("SELECT DISTINCT tag_name FROM ttrss_tags
+ WHERE owner_uid = ? AND
+ tag_name LIKE ? ORDER BY tag_name
LIMIT 10");
+ $sth->execute([$_SESSION['uid'], "$search%"]);
+
print "<ul>";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
print "<li>" . $line["tag_name"] . "</li>";
}
print "</ul>";
private function labelops($assign) {
$reply = array();
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
- $label_id = $this->dbh->escape_string($_REQUEST["lid"]);
+ $ids = explode(",", $_REQUEST["ids"]);
+ $label_id = $_REQUEST["lid"];
- $label = $this->dbh->escape_string(Labels::find_caption($label_id,
+ $label = db_escape_string(Labels::find_caption($label_id,
$_SESSION["uid"]));
$reply["info-for-headlines"] = array();
}
function getArticleFeed($id) {
- $result = db_query("SELECT feed_id FROM ttrss_user_entries
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT feed_id FROM ttrss_user_entries
+ WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- if (db_num_rows($result) != 0) {
- return db_fetch_result($result, 0, "feed_id");
+ if ($row = $sth->fetch()) {
+ return $row["feed_id"];
} else {
return 0;
}
/* we can figure out feed_id from article id anyway, why do we
* pass feed_id here? let's ignore the argument :(*/
- $result = db_query("SELECT feed_id FROM ttrss_user_entries
- WHERE ref_id = '$id'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT feed_id FROM ttrss_user_entries
+ WHERE ref_id = ?");
+ $sth->execute([$id]);
+ $row = $sth->fetch();
- $feed_id = (int) db_fetch_result($result, 0, "feed_id");
+ $feed_id = (int) $row["feed_id"];
$rv['feed_id'] = $feed_id;
//if (!$zoom_mode) { print "<article id='$id'><![CDATA["; };
if ($mark_as_read) {
- $result = db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false,last_read = NOW()
- WHERE ref_id = '$id' AND owner_uid = $owner_uid");
+ WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
CCache::update($feed_id, $owner_uid);
}
- $result = db_query("SELECT id,title,link,content,feed_id,comments,int_id,lang,
+ $sth = $pdo->prepare("SELECT id,title,link,content,feed_id,comments,int_id,lang,
".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) as site_url,
(SELECT title FROM ttrss_feeds WHERE id = feed_id) as feed_title,
orig_feed_id,
note
FROM ttrss_entries,ttrss_user_entries
- WHERE id = '$id' AND ref_id = id AND owner_uid = $owner_uid");
+ WHERE id = ? AND ref_id = id AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- if ($result) {
-
- $line = db_fetch_assoc($result);
+ if ($line = $sth->fetch()) {
$line["tags"] = Article::get_article_tags($id, $owner_uid, $line["tag_cache"]);
unset($line["tag_cache"]);
if ($line["orig_feed_id"]) {
- $tmp_result = db_query("SELECT * FROM ttrss_archived_feeds
- WHERE id = ".$line["orig_feed_id"] . " AND owner_uid = " . $_SESSION["uid"]);
+ $of_sth = $pdo->prepare("SELECT * FROM ttrss_archived_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $of_sth->execute([$line["orig_feed_id"], $owner_uid]);
- if (db_num_rows($tmp_result) != 0) {
+ if ($tmp_line = $of_sth->fetch()) {
$rv['content'] .= "<div clear='both'>";
$rv['content'] .= __("Originally from:");
$rv['content'] .= " ";
- $tmp_line = db_fetch_assoc($tmp_result);
-
$rv['content'] .= "<a target='_blank' rel='noopener noreferrer'
href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" .
$tmp_line['title'] . "</a>";
static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) {
- $a_id = db_escape_string($id);
+ $a_id = $id;
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $query = "SELECT DISTINCT tag_name,
- owner_uid as owner FROM
- ttrss_tags WHERE post_int_id = (SELECT int_id FROM ttrss_user_entries WHERE
- ref_id = '$a_id' AND owner_uid = '$owner_uid' LIMIT 1) ORDER BY tag_name";
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT DISTINCT tag_name,
+ owner_uid as owner FROM ttrss_tags
+ WHERE post_int_id = (SELECT int_id FROM ttrss_user_entries WHERE
+ ref_id = ? AND owner_uid = ? LIMIT 1) ORDER BY tag_name");
$tags = array();
/* check cache first */
if ($tag_cache === false) {
- $result = db_query("SELECT tag_cache FROM ttrss_user_entries
- WHERE ref_id = '$id' AND owner_uid = $owner_uid");
+ $csth = $pdo->prepare("SELECT tag_cache FROM ttrss_user_entries
+ WHERE ref_id = ? AND owner_uid = ?");
+ $csth->execute([$id, $owner_uid]);
- if (db_num_rows($result) != 0)
- $tag_cache = db_fetch_result($result, 0, "tag_cache");
+ if ($row = $csth->fetch()) $tag_cache = $row["tag_cache"];
}
if ($tag_cache) {
/* do it the hard way */
- $tmp_result = db_query($query);
+ $sth->execute([$a_id, $owner_uid]);
- while ($tmp_line = db_fetch_assoc($tmp_result)) {
+ while ($tmp_line = $sth->fetch()) {
array_push($tags, $tmp_line["tag_name"]);
}
/* update the cache */
- $tags_str = db_escape_string(join(",", $tags));
+ $tags_str = join(",", $tags);
- db_query("UPDATE ttrss_user_entries
- SET tag_cache = '$tags_str' WHERE ref_id = '$id'
- AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
+ SET tag_cache = ? WHERE ref_id = ?
+ AND owner_uid = ?");
+ $sth->execute([$tags_str, $id, $owner_uid]);
}
return $tags;
static function get_article_enclosures($id) {
- $query = "SELECT * FROM ttrss_enclosures
- WHERE post_id = '$id' AND content_url != ''";
+ $pdo = Db::pdo();
- $rv = array();
-
- $result = db_query($query);
+ $sth = $pdo->prepare("SELECT * FROM ttrss_enclosures
+ WHERE post_id = ? AND content_url != ''");
+ $sth->execute([$id]);
- if (db_num_rows($result) > 0) {
- while ($line = db_fetch_assoc($result)) {
+ $rv = array();
- if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) {
- $line["content_url"] = get_self_url_prefix() . '/public.php?op=cached_url&hash=' . sha1($line["content_url"]);
- }
+ while ($line = $sth->fetch()) {
- array_push($rv, $line);
+ if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) {
+ $line["content_url"] = get_self_url_prefix() . '/public.php?op=cached_url&hash=' . sha1($line["content_url"]);
}
+
+ array_push($rv, $line);
}
return $rv;
static function purge_orphans($do_output = false) {
// purge orphaned posts in main content table
- $result = db_query("DELETE FROM ttrss_entries WHERE
+
+ $pdo = Db::pdo();
+ $res = $pdo->query("DELETE FROM ttrss_entries WHERE
NOT EXISTS (SELECT ref_id FROM ttrss_user_entries WHERE ref_id = id)");
if ($do_output) {
- $rows = db_affected_rows($result);
+ $rows = $res->rowCount();
_debug("Purged $rows orphaned posts.");
}
}
static function catchupArticlesById($ids, $cmode, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- if (count($ids) == 0) return;
- $tmp_ids = array();
+ $pdo = Db::pdo();
- foreach ($ids as $id) {
- array_push($tmp_ids, "ref_id = '$id'");
- }
-
- $ids_qpart = join(" OR ", $tmp_ids);
+ $ids_qmarks = arr_qmarks($ids);
if ($cmode == 0) {
- db_query("UPDATE ttrss_user_entries SET
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
unread = false,last_read = NOW()
- WHERE ($ids_qpart) AND owner_uid = $owner_uid");
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else if ($cmode == 1) {
- db_query("UPDATE ttrss_user_entries SET
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
unread = true
- WHERE ($ids_qpart) AND owner_uid = $owner_uid");
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else {
- db_query("UPDATE ttrss_user_entries SET
- unread = NOT unread,last_read = NOW()
- WHERE ($ids_qpart) AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
+ unread = NOT unread,last_read = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
}
+ $sth->execute(array_merge($ids, [$owner_uid]));
+
/* update ccache */
- $result = db_query("SELECT DISTINCT feed_id FROM ttrss_user_entries
- WHERE ($ids_qpart) AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT DISTINCT feed_id FROM ttrss_user_entries
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
+ $sth->execute(array_merge($ids, [$owner_uid]));
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
CCache::update($line["feed_id"], $owner_uid);
}
}
static function getLastArticleId() {
- $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries
- WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1");
+ $pdo = DB::pdo();
+
+ $sth = $pdo->prepare("SELECT ref_id AS id FROM ttrss_user_entries
+ WHERE owner_uid = ? ORDER BY ref_id DESC LIMIT 1");
+ $sth->execute([$_SESSION['uid']]);
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ return $row['id'];
} else {
return -1;
}
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $result = db_query("SELECT label_cache FROM
- ttrss_user_entries WHERE ref_id = '$id' AND owner_uid = " .
- $owner_uid);
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT label_cache FROM
+ ttrss_user_entries WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- if (db_num_rows($result) > 0) {
- $label_cache = db_fetch_result($result, 0, "label_cache");
+ if ($row = $sth->fetch()) {
+ $label_cache = $row["label_cache"];
if ($label_cache) {
- $label_cache = json_decode($label_cache, true);
+ $tmp = json_decode($label_cache, true);
- if ($label_cache["no-labels"] == 1)
+ if (!$tmp || $tmp["no-labels"] == 1)
return $rv;
else
- return $label_cache;
+ return $tmp;
}
}
- $result = db_query(
- "SELECT DISTINCT label_id,caption,fg_color,bg_color
+ $sth = $pdo->prepare("SELECT DISTINCT label_id,caption,fg_color,bg_color
FROM ttrss_labels2, ttrss_user_labels2
WHERE id = label_id
- AND article_id = '$id'
- AND owner_uid = ". $owner_uid . "
+ AND article_id = ?
+ AND owner_uid = ?
ORDER BY caption");
+ $sth->execute([$id, $owner_uid]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$rk = array(Labels::label_to_feed_id($line["label_id"]),
$line["caption"], $line["fg_color"],
$line["bg_color"]);
<?php
class Auth_Base {
private $dbh;
+ private $pdo;
function __construct() {
$this->dbh = Db::get();
+ $this->pdo = Db::pdo();
}
/**
if (!$password) $password = make_password();
if (!$user_id) {
- $login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
- $query = "INSERT INTO ttrss_users
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,access_level,last_login,created,pwd_hash,salt)
- VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
-
- $this->dbh->query($query);
+ VALUES (?, 0, null, NOW(), ?,?)");
+ $sth->execute([$login, $pwd_hash, $salt]);
return $this->find_user_by_login($login);
}
function find_user_by_login($login) {
- $login = $this->dbh->escape_string($login);
-
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
- login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+ login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) > 0) {
- return $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ return $row["id"];
} else {
return false;
}
<?php
class CCache {
- /* function ccache_zero($feed_id, $owner_uid) {
- db_query("UPDATE ttrss_counters_cache SET
- value = 0, updated = NOW() WHERE
- feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
- } */
-
static function zero_all($owner_uid) {
- db_query("UPDATE ttrss_counters_cache SET
- value = 0 WHERE owner_uid = '$owner_uid'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("UPDATE ttrss_counters_cache SET
+ value = 0 WHERE owner_uid = ?");
+ $sth->execute([$owner_uid]);
- db_query("UPDATE ttrss_cat_counters_cache SET
- value = 0 WHERE owner_uid = '$owner_uid'");
+ $sth = $pdo->prepare("UPDATE ttrss_cat_counters_cache SET
+ value = 0 WHERE owner_uid = ?");
+ $sth->execute([$owner_uid]);
}
static function remove($feed_id, $owner_uid, $is_cat = false) {
$table = "ttrss_cat_counters_cache";
}
- db_query("DELETE FROM $table WHERE
- feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("DELETE FROM $table WHERE
+ feed_id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $owner_uid]);
}
static function update_all($owner_uid) {
+ $pdo = Db::pdo();
+
if (get_pref('ENABLE_FEED_CATS', $owner_uid)) {
- $result = db_query("SELECT feed_id FROM ttrss_cat_counters_cache
- WHERE feed_id > 0 AND owner_uid = '$owner_uid'");
+ $sth = $pdo->prepare("SELECT feed_id FROM ttrss_cat_counters_cache
+ WHERE feed_id > 0 AND owner_uid = ?");
+ $sth->execute([$owner_uid]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
CCache::update($line["feed_id"], $owner_uid, true);
}
CCache::update(0, $owner_uid, true);
} else {
- $result = db_query("SELECT feed_id FROM ttrss_counters_cache
- WHERE feed_id > 0 AND owner_uid = '$owner_uid'");
+ $sth = $pdo->prepare("SELECT feed_id FROM ttrss_counters_cache
+ WHERE feed_id > 0 AND owner_uid = ?");
+ $sth->execute([$owner_uid]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
print CCache::update($line["feed_id"], $owner_uid);
}
if (!$is_cat) {
$table = "ttrss_counters_cache";
- /* if ($feed_id > 0) {
- $tmp_result = db_query("SELECT owner_uid FROM ttrss_feeds
- WHERE id = '$feed_id'");
- $owner_uid = db_fetch_result($tmp_result, 0, "owner_uid");
- } */
} else {
$table = "ttrss_cat_counters_cache";
}
- if (DB_TYPE == "pgsql") {
- $date_qpart = "updated > NOW() - INTERVAL '15 minutes'";
- } else if (DB_TYPE == "mysql") {
- $date_qpart = "updated > DATE_SUB(NOW(), INTERVAL 15 MINUTE)";
- }
+ $pdo = Db::pdo();
- $result = db_query("SELECT value FROM $table
- WHERE owner_uid = '$owner_uid' AND feed_id = '$feed_id'
+ $sth = $pdo->prepare("SELECT value FROM $table
+ WHERE owner_uid = ? AND feed_id = ?
LIMIT 1");
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "value");
+ $sth->execute([$owner_uid, $feed_id]);
+
+ if ($row = $sth->fetch()) {
+ return $row["value"];
} else {
if ($no_update) {
return -1;
if (!is_numeric($feed_id)) return;
- /* if (!$is_cat && $feed_id > 0) {
- $tmp_result = db_query("SELECT owner_uid FROM ttrss_feeds
- WHERE id = '$feed_id'");
- $owner_uid = db_fetch_result($tmp_result, 0, "owner_uid");
- } */
-
$prev_unread = CCache::find($feed_id, $owner_uid, $is_cat, true);
/* When updating a label, all we need to do is recalculate feed counters
$table = "ttrss_cat_counters_cache";
}
- if ($is_cat && $feed_id >= 0) {
- if ($feed_id != 0) {
- $cat_qpart = "cat_id = '$feed_id'";
- } else {
- $cat_qpart = "cat_id IS NULL";
- }
+ $pdo = Db::pdo();
+ if ($is_cat && $feed_id >= 0) {
/* Recalculate counters for child feeds */
if (!$pcat_fast) {
- $result = db_query("SELECT id FROM ttrss_feeds
- WHERE owner_uid = '$owner_uid' AND $cat_qpart");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE owner_uid = :uid AND
+ (cat_id = :cat OR (:cat = 0 AND cat_id IS NULL))");
+ $sth->execute([":uid" => $owner_uid, ":cat" => $feed_id]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
CCache::update($line["id"], $owner_uid, false, false);
}
}
- $result = db_query("SELECT SUM(value) AS sv
+ $sth = $pdo->prepare("SELECT SUM(value) AS sv
FROM ttrss_counters_cache, ttrss_feeds
- WHERE id = feed_id AND $cat_qpart AND
- ttrss_counters_cache.owner_uid = $owner_uid AND
- ttrss_feeds.owner_uid = '$owner_uid'");
+ WHERE id = feed_id AND
+ (cat_id = :cat OR (:cat = 0 AND cat_id IS NULL)) AND
+ ttrss_counters_cache.owner_uid = :uid AND
+ ttrss_feeds.owner_uid = :uid");
+ $sth->execute([":uid" => $owner_uid, ":cat" => $feed_id]);
+ $row = $sth->fetch();
- $unread = (int) db_fetch_result($result, 0, "sv");
+ $unread = (int) $row["sv"];
} else {
$unread = (int) Feeds::getFeedArticles($feed_id, $is_cat, true, $owner_uid);
}
- db_query("BEGIN");
+ $tr_in_progress = false;
+
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
+
+ $sth = $pdo->prepare("SELECT feed_id FROM $table
+ WHERE owner_uid = ? AND feed_id = ? LIMIT 1");
+ $sth->execute([$owner_uid, $feed_id]);
+
+ if ($sth->fetch()) {
- $result = db_query("SELECT feed_id FROM $table
- WHERE owner_uid = '$owner_uid' AND feed_id = '$feed_id' LIMIT 1");
+ $sth = $pdo->prepare("UPDATE $table SET
+ value = ?, updated = NOW() WHERE
+ feed_id = ? AND owner_uid = ?");
- if (db_num_rows($result) == 1) {
- db_query("UPDATE $table SET
- value = '$unread', updated = NOW() WHERE
- feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
+ $sth->execute([$unread, $feed_id, $owner_uid]);
} else {
- db_query("INSERT INTO $table
+ $sth = $pdo->prepare("INSERT INTO $table
(feed_id, value, owner_uid, updated)
VALUES
- ($feed_id, $unread, $owner_uid, NOW())");
+ (?, ?, ?, NOW())");
+ $sth->execute([$feed_id, $unread, $owner_uid]);
}
- db_query("COMMIT");
+ if (!$tr_in_progress) $pdo->commit();
if ($feed_id > 0 && $prev_unread != $unread) {
if ($update_pcat) {
- $result = db_query("SELECT cat_id FROM ttrss_feeds
- WHERE owner_uid = '$owner_uid' AND id = '$feed_id'");
-
- $cat_id = (int) db_fetch_result($result, 0, "cat_id");
-
- CCache::update($cat_id, $owner_uid, true, true, true);
+ $sth = $pdo->prepare("SELECT cat_id FROM ttrss_feeds
+ WHERE owner_uid = ? AND id = ?");
+ $sth->execute([$owner_uid, $feed_id]);
+ if ($row = $sth->fetch()) {
+ CCache::update($row["cat_id"], $owner_uid, true, true, true);
+ }
}
}
} else if ($feed_id < 0) {
return $unread;
}
- /* function ccache_cleanup($owner_uid) {
-
- if (DB_TYPE == "pgsql") {
- db_query("DELETE FROM ttrss_counters_cache AS c1 WHERE
- (SELECT count(*) FROM ttrss_counters_cache AS c2
- WHERE c1.feed_id = c2.feed_id AND c2.owner_uid = c1.owner_uid) > 1
- AND owner_uid = '$owner_uid'");
-
- db_query("DELETE FROM ttrss_cat_counters_cache AS c1 WHERE
- (SELECT count(*) FROM ttrss_cat_counters_cache AS c2
- WHERE c1.feed_id = c2.feed_id AND c2.owner_uid = c1.owner_uid) > 1
- AND owner_uid = '$owner_uid'");
- } else {
- db_query("DELETE c1 FROM
- ttrss_counters_cache AS c1,
- ttrss_counters_cache AS c2
- WHERE
- c1.owner_uid = '$owner_uid' AND
- c1.owner_uid = c2.owner_uid AND
- c1.feed_id = c2.feed_id");
-
- db_query("DELETE c1 FROM
- ttrss_cat_counters_cache AS c1,
- ttrss_cat_counters_cache AS c2
- WHERE
- c1.owner_uid = '$owner_uid' AND
- c1.owner_uid = c2.owner_uid AND
- c1.feed_id = c2.feed_id");
-
- }
- } */
-
-
}
\ No newline at end of file
array_push($ret_arr, $cv);
- $result = db_query("SELECT id AS cat_id, value AS unread,
+ $pdo = DB::pdo();
+
+ $sth = $pdo->prepare("SELECT id AS cat_id, value AS unread,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2
WHERE c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories, ttrss_cat_counters_cache
WHERE ttrss_cat_counters_cache.feed_id = id AND
ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid AND
- ttrss_feed_categories.owner_uid = " . $_SESSION["uid"]);
+ ttrss_feed_categories.owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$line["cat_id"] = (int) $line["cat_id"];
if ($line["num_children"] > 0) {
array_push($ret_arr, $cv);
- $result = db_query("SELECT COUNT(id) AS fn FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT COUNT(id) AS fn FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $subscribed_feeds = db_fetch_result($result, 0, "fn");
+ $subscribed_feeds = $row["fn"];
$cv = array("id" => "subscribed-feeds",
"counter" => (int) $subscribed_feeds);
$ret_arr = array();
- $owner_uid = $_SESSION["uid"];
+ $pdo = Db::pdo();
- $result = db_query("SELECT id,caption,SUM(CASE WHEN u1.unread = true THEN 1 ELSE 0 END) AS unread, COUNT(u1.unread) AS total
+ $sth = $pdo->prepare("SELECT id,caption,SUM(CASE WHEN u1.unread = true THEN 1 ELSE 0 END) AS unread, COUNT(u1.unread) AS total
FROM ttrss_labels2 LEFT JOIN ttrss_user_labels2 ON
(ttrss_labels2.id = label_id)
LEFT JOIN ttrss_user_entries AS u1 ON u1.ref_id = article_id
- WHERE ttrss_labels2.owner_uid = $owner_uid AND u1.owner_uid = $owner_uid
+ WHERE ttrss_labels2.owner_uid = :uid AND u1.owner_uid = :uid
GROUP BY ttrss_labels2.id,
ttrss_labels2.caption");
+ $sth->execute([":uid" => $_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = Labels::label_to_feed_id($line["id"]);
$ret_arr = array();
- $query = "SELECT ttrss_feeds.id,
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT ttrss_feeds.id,
ttrss_feeds.title,
".SUBSTRING_FOR_DATE."(ttrss_feeds.last_updated,1,19) AS last_updated,
last_error, value AS count
FROM ttrss_feeds, ttrss_counters_cache
- WHERE ttrss_feeds.owner_uid = ".$_SESSION["uid"]."
+ WHERE ttrss_feeds.owner_uid = ?
AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid
- AND ttrss_counters_cache.feed_id = id";
-
- $result = db_query($query);
+ AND ttrss_counters_cache.feed_id = id");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
$count = $line["count"];
private static $instance;
private $adapter;
private $link;
+ private $pdo;
private function __construct() {
$er = error_reporting(E_ALL);
- if (defined('_ENABLE_PDO') && _ENABLE_PDO && class_exists("PDO")) {
- $this->adapter = new Db_PDO();
- } else {
- switch (DB_TYPE) {
+ switch (DB_TYPE) {
case "mysql":
$this->adapter = new Db_Mysqli();
break;
break;
default:
die("Unknown DB_TYPE: " . DB_TYPE);
- }
}
if (!$this->adapter) {
exit(100);
}
+ $db_port = defined(DB_PORT) ? ';port='.DB_PORT : '';
+
+ $this->pdo = new PDO(DB_TYPE . ':dbname='.DB_NAME.';host='.DB_HOST.$db_port,
+ DB_USER,
+ DB_PASS);
+
+ $this->pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );
+
+ if (!$this->pdo) {
+ print("Error connecting via PDO.");
+ exit(101);
+ }
+
+ if (DB_TYPE == "pgsql") {
+
+ $this->pdo->query("set client_encoding = 'UTF-8'");
+ $this->pdo->query("set datestyle = 'ISO, european'");
+ $this->pdo->query("set TIME ZONE 0");
+ $this->pdo->query("set cpu_tuple_cost = 0.5");
+
+ } else if (DB_TYPE == "mysql") {
+ $this->pdo->query("SET time_zone = '+0:0'");
+
+ if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
+ $this->pdo->query("SET NAMES " . MYSQL_CHARSET);
+ }
+ }
+
$this->link = $this->adapter->connect(DB_HOST, DB_USER, DB_PASS, DB_NAME, defined('DB_PORT') ? DB_PORT : "");
if (!$this->link) {
return self::$instance;
}
+ public static function pdo() {
+ if (self::$instance == null)
+ self::$instance = new self();
+
+ return self::$instance->pdo;
+ }
+
static function quote($str){
return("'$str'");
}
+++ /dev/null
-<?php
-class Db_PDO implements IDb {
- private $pdo;
-
- function connect($host, $user, $pass, $db, $port) {
- $connstr = DB_TYPE . ":host=$host;dbname=$db";
-
- if (DB_TYPE == "mysql") $connstr .= ";charset=utf8";
-
- try {
- $this->pdo = new PDO($connstr, $user, $pass);
- $this->pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
- $this->init();
- } catch (PDOException $e) {
- die($e->getMessage());
- }
-
- return $this->pdo;
- }
-
- function escape_string($s, $strip_tags = true) {
- if ($strip_tags) $s = strip_tags($s);
-
- $qs = $this->pdo->quote($s);
-
- return mb_substr($qs, 1, mb_strlen($qs)-2);
- }
-
- function query($query, $die_on_error = true) {
- try {
- return new Db_Stmt($this->pdo->query($query));
- } catch (PDOException $e) {
- user_error($e->getMessage(), $die_on_error ? E_USER_ERROR : E_USER_WARNING);
- }
- }
-
- function fetch_assoc($result) {
- try {
- if ($result) {
- return $result->fetch();
- } else {
- return null;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function num_rows($result) {
- try {
- if ($result) {
- return $result->rowCount();
- } else {
- return false;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function fetch_result($result, $row, $param) {
- return $result->fetch_result($row, $param);
- }
-
- function close() {
- $this->pdo = null;
- }
-
- function affected_rows($result) {
- try {
- if ($result) {
- return $result->rowCount();
- } else {
- return null;
- }
- } catch (PDOException $e) {
- user_error($e->getMessage(), E_USER_WARNING);
- }
- }
-
- function last_error() {
- return join(" ", $this->pdo->errorInfo());
- }
-
- function init() {
- switch (DB_TYPE) {
- case "pgsql":
- $this->query("set client_encoding = 'UTF-8'");
- $this->query("set datestyle = 'ISO, european'");
- $this->query("set TIME ZONE 0");
- return;
- case "mysql":
- $this->query("SET time_zone = '+0:0'");
- return;
- }
-
- return true;
- }
-
-}
\ No newline at end of file
<?php
class Db_Prefs {
- private $dbh;
+ private $pdo;
private static $instance;
private $cache;
function __construct() {
- $this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->cache = array();
if ($_SESSION["uid"]) $this->cache();
$user_id = $_SESSION["uid"];
@$profile = $_SESSION["profile"];
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
+ if (!$profile || get_schema_version() < 63) $profile = null;
- if (get_schema_version() < 63) $profile_qpart = "";
-
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
ttrss_prefs.pref_name NOT LIKE '_MOBILE%' AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
- while ($line = db_fetch_assoc($result)) {
+ $sth->execute([":profile" => $profile, ":uid" => $user_id]);
+
+ while ($line = $sth->fetch()) {
if ($user_id == $_SESSION["uid"]) {
$pref_name = $line["pref_name"];
function read($pref_name, $user_id = false, $die_on_error = false) {
- $pref_name = db_escape_string($pref_name);
$profile = false;
if (!$user_id) {
return $this->convert($tuple["value"], $tuple["type"]);
}
- if ($profile) {
- $profile_qpart = "profile = '$profile' AND";
- } else {
- $profile_qpart = "profile IS NULL AND";
- }
-
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
- $result = db_query("SELECT
+ $sth = $this->pdo->prepare("SELECT
value,ttrss_prefs_types.type_name as type_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
WHERE
- $profile_qpart
- ttrss_user_prefs.pref_name = '$pref_name' AND
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
+ ttrss_user_prefs.pref_name = :pref_name AND
ttrss_prefs_types.id = type_id AND
- owner_uid = '$user_id' AND
+ owner_uid = :uid AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name");
+ $sth->execute([":uid" => $user_id, ":profile" => $profile, ":pref_name" => $pref_name]);
- if (db_num_rows($result) > 0) {
- $value = db_fetch_result($result, 0, "value");
- $type_name = db_fetch_result($result, 0, "type_name");
+ if ($row = $sth->fetch()) {
+ $value = $row["value"];
+ $type_name = $row["type_name"];
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
}
function write($pref_name, $value, $user_id = false, $strip_tags = true) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($value, $strip_tags);
+ if ($strip_tags) $value = strip_tags($value);
if (!$user_id) {
$user_id = $_SESSION["uid"];
$profile_qpart = "AND profile IS NULL";
}
- if (get_schema_version() < 63) $profile_qpart = "";
+ if (!$profile || get_schema_version() < 63) $profile = null;
$type_name = "";
$current_value = "";
}
if (!$type_name) {
- $result = db_query("SELECT type_name
+ $sth = $this->pdo->prepare("SELECT type_name
FROM ttrss_prefs,ttrss_prefs_types
- WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
+ WHERE pref_name = ? AND type_id = ttrss_prefs_types.id");
+ $sth->execute([$pref_name]);
+
+ if ($row = $sth->fetch())
+ $type_name = $row["type_name"];
- if (db_num_rows($result) > 0)
- $type_name = db_fetch_result($result, 0, "type_name");
} else if ($current_value == $value) {
return;
}
$value = 'UTC';
}
- db_query("UPDATE ttrss_user_prefs SET
- value = '$value' WHERE pref_name = '$pref_name'
- $profile_qpart
- AND owner_uid = " . $user_id);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_prefs SET
+ value = :value WHERE pref_name = :pref_name
+ AND (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ AND owner_uid = :uid");
+
+ $sth->execute([":pref_name" => $pref_name, ":value" => $value, ":uid" => $user_id, ":profile" => $profile]);
if ($user_id == $_SESSION["uid"]) {
$this->cache[$pref_name]["type"] = $type_name;
+++ /dev/null
-<?php
-class Db_Stmt {
- private $stmt;
- private $cache;
-
- function __construct($stmt) {
- $this->stmt = $stmt;
- $this->cache = false;
- }
-
- function fetch_result($row, $param) {
- if (!$this->cache) {
- $this->cache = $this->stmt->fetchAll();
- }
-
- if (isset($this->cache[$row])) {
- return $this->cache[$row][$param];
- } else {
- user_error("Unable to jump to row $row", E_USER_WARNING);
- return false;
- }
- }
-
- function rowCount() {
- return $this->stmt->rowCount();
- }
-
- function fetch() {
- return $this->stmt->fetch();
- }
-}
\ No newline at end of file
<?php
class DbUpdater {
- private $dbh;
+ private $pdo;
private $db_type;
private $need_version;
- function __construct($dbh, $db_type, $need_version) {
- $this->dbh = $dbh;
+ function __construct($pdo, $db_type, $need_version) {
+ $this->pdo = Db::pdo(); //$pdo;
$this->db_type = $db_type;
$this->need_version = (int) $need_version;
}
function getSchemaVersion() {
- $result = db_query("SELECT schema_version FROM ttrss_version");
- return (int) db_fetch_result($result, 0, "schema_version");
+ $row = $this->pdo->query("SELECT schema_version FROM ttrss_version")->fetch();
+ return (int) $row['schema_version'];
}
function isUpdateRequired() {
if (file_exists($filename)) {
return explode(";", preg_replace("/[\r\n]/", "", file_get_contents($filename)));
} else {
+ user_error("DB Updater: schema file for version $version is not found.");
return false;
}
}
if (is_array($lines)) {
- db_query("BEGIN");
+ $this->pdo->beginTransaction();
foreach ($lines as $line) {
if (strpos($line, "--") !== 0 && $line) {
- if (!db_query($line, false)) {
+ if (!$this->pdo->query($line)) {
if ($html_output) {
print_notice("Query: $line");
- print_error("Error: " . db_last_query_error());
+ print_error("Error: " . implode(", ", $this->pdo->errorInfo()));
} else {
_debug("Query: $line");
- _debug("Error: " . db_last_query_error());
+ _debug("Error: " . implode(", ", $this->pdo->errorInfo()));
}
return false;
$db_version = $this->getSchemaVersion();
if ($db_version == $version) {
- db_query("COMMIT");
+ $this->pdo->commit();
return true;
} else {
- db_query("ROLLBACK");
+ $this->pdo->rollBack();
return false;
}
} else {
if ($debug) _debug("Sending digests, batch of max $user_limit users, headline limit = $limit");
if (DB_TYPE == "pgsql") {
- $interval_query = "last_digest_sent < NOW() - INTERVAL '1 days'";
+ $interval_qpart = "last_digest_sent < NOW() - INTERVAL '1 days'";
} else if (DB_TYPE == "mysql") {
- $interval_query = "last_digest_sent < DATE_SUB(NOW(), INTERVAL 1 DAY)";
+ $interval_qpart = "last_digest_sent < DATE_SUB(NOW(), INTERVAL 1 DAY)";
}
- $result = db_query("SELECT id,email FROM ttrss_users
- WHERE email != '' AND (last_digest_sent IS NULL OR $interval_query)");
+ $pdo = Db::pdo();
- while ($line = db_fetch_assoc($result)) {
+ $res = $pdo->query("SELECT id,email FROM ttrss_users
+ WHERE email != '' AND (last_digest_sent IS NULL OR $interval_qpart)");
+
+ while ($line = $res->fetch()) {
if (@get_pref('DIGEST_ENABLE', $line['id'], false)) {
$preferred_ts = strtotime(get_pref('DIGEST_PREFERRED_TIME', $line['id'], '00:00'));
if ($debug) _debug("No headlines");
}
- db_query("UPDATE ttrss_users SET last_digest_sent = NOW()
- WHERE id = " . $line["id"]);
+ $sth = $pdo->prepare("UPDATE ttrss_users SET last_digest_sent = NOW()
+ WHERE id = ?");
+ $sth->execute([$line["id"]]);
}
}
$affected_ids = array();
+ $days = (int) $days;
+
if (DB_TYPE == "pgsql") {
- $interval_query = "ttrss_entries.date_updated > NOW() - INTERVAL '$days days'";
+ $interval_qpart = "ttrss_entries.date_updated > NOW() - INTERVAL '$days days'";
} else if (DB_TYPE == "mysql") {
- $interval_query = "ttrss_entries.date_updated > DATE_SUB(NOW(), INTERVAL $days DAY)";
+ $interval_qpart = "ttrss_entries.date_updated > DATE_SUB(NOW(), INTERVAL $days DAY)";
}
- $result = db_query("SELECT ttrss_entries.title,
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT ttrss_entries.title,
ttrss_feeds.title AS feed_title,
COALESCE(ttrss_feed_categories.title, '" . __('Uncategorized') . "') AS cat_title,
date_updated,
WHERE
ref_id = ttrss_entries.id AND feed_id = ttrss_feeds.id
AND include_in_digest = true
- AND $interval_query
- AND ttrss_user_entries.owner_uid = $user_id
+ AND $interval_qpart
+ AND ttrss_user_entries.owner_uid = ?
AND unread = true
AND score >= 0
ORDER BY ttrss_feed_categories.title, ttrss_feeds.title, score DESC, date_updated DESC
- LIMIT $limit");
-
- $headlines_count = db_num_rows($result);
+ LIMIT ?");
+ $sth->execute([$user_id, $limit]);
+ $headlines_count = 0;
$headlines = array();
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($headlines, $line);
+ $headlines_count++;
}
for ($i = 0; $i < sizeof($headlines); $i++) {
$updated = make_local_datetime($line['last_updated'], false,
$user_id);
- /* if ($line["score"] != 0) {
- if ($line["score"] > 0) $line["score"] = '+' . $line["score"];
-
- $line["title"] .= " (".$line['score'].")";
- } */
-
if (get_pref('ENABLE_FEED_CATS', $user_id)) {
$line['feed_title'] = $line['cat_title'] . " / " . $line['feed_title'];
}
if (parent::before($method)) {
header("Content-Type: text/html"); # required for iframe
- $this->param = $this->dbh->escape_string($_REQUEST["param"]);
+ $this->param = $_REQUEST["param"];
return true;
}
return false;
print "<div class=\"prefFeedOPMLHolder\">";
- $this->dbh->query("BEGIN");
-
print "<ul class='nomarks'>";
$opml = new Opml($_REQUEST);
$opml->opml_import($_SESSION["uid"]);
- $this->dbh->query("COMMIT");
-
print "</ul>";
print "</div>";
// from here: http://www.roscripts.com/Create_tag_cloud-71.html
- $query = "SELECT tag_name, COUNT(post_int_id) AS count
- FROM ttrss_tags WHERE owner_uid = ".$_SESSION["uid"]."
- GROUP BY tag_name ORDER BY count DESC LIMIT 50";
-
- $result = $this->dbh->query($query);
+ $sth = $this->pdo->prepare("SELECT tag_name, COUNT(post_int_id) AS count
+ FROM ttrss_tags WHERE owner_uid = ?
+ GROUP BY tag_name ORDER BY count DESC LIMIT 50");
+ $sth->execute([$_SESSION['uid']]);
$tags = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$tags[$line["tag_name"]] = $line["count"];
}
function generatedFeed() {
$this->params = explode(":", $this->param, 3);
- $feed_id = $this->dbh->escape_string($this->params[0]);
+ $feed_id = $this->params[0];
$is_cat = (bool) $this->params[1];
$key = get_feed_access_key($feed_id, $is_cat);
$search_q = "";
}
- $reply .= "<span class=\"holder\">";
+ $reply = "<span class=\"holder\">";
$rss_link = htmlspecialchars(get_self_url_prefix() .
"/public.php?op=rss&id=$feed_id$cat_q$search_q");
if (!$any_needs_curl) {
- $result = $this->dbh->query(
- "SELECT cache_images," . SUBSTRING_FOR_DATE . "(last_updated,1,19) AS last_updated
- FROM ttrss_feeds WHERE id = '$feed'");
+ $sth = $this->pdo->prepare("SELECT cache_images," . SUBSTRING_FOR_DATE . "(last_updated,1,19) AS last_updated
+ FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
- if ($this->dbh->num_rows($result) != 0) {
- $last_updated = strtotime($this->dbh->fetch_result($result, 0, "last_updated"));
- $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
+ if ($row = $sth->fetch()) {
+ $last_updated = strtotime($row["last_updated"]);
+ $cache_images = sql_bool_to_bool($row["cache_images"]);
if (!$cache_images && time() - $last_updated > 120) {
RSSUtils::update_rss_feed($feed, true);
} else {
- $this->dbh->query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
- WHERE id = '$feed'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
+ WHERE id = ?");
+ $sth->execute([$feed]);
}
}
} else {
- $this->dbh->query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
- WHERE id = '$feed'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
+ WHERE id = ?");
+ $sth->execute([$feed]);
}
}
// FIXME: might break tag display?
if (is_numeric($feed) && $feed > 0 && !$cat_view) {
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE id = ? LIMIT 1");
+ $sth->execute([$feed]);
- if ($this->dbh->num_rows($result) == 0) {
+ if (!$sth->fetch()) {
$reply['content'] = "<div align='center'>".__('Feed not found.')."</div>";
}
}
- @$search = $this->dbh->escape_string($_REQUEST["query"]);
- @$search_language = $this->dbh->escape_string($_REQUEST["search_language"]); // PGSQL only
+ @$search = $_REQUEST["query"];
+ @$search_language = $_REQUEST["search_language"]; // PGSQL only
if ($search) {
$disable_cache = true;
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
-
if (!$cat_view && is_numeric($feed) && $feed < PLUGIN_FEED_BASE_INDEX && $feed > LABEL_BASE_INDEX) {
$handler = PluginHost::getInstance()->get_feed_handler(
PluginHost::feed_to_pfeed_id($feed));
$feed, $cat_view, $search,
$last_error, $last_updated);
- $headlines_count = is_numeric($result) ? 0 : $this->dbh->num_rows($result);
-
if ($offset == 0) {
foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_HEADLINES_BEFORE) as $p) {
$reply['content'] .= $p->hook_headlines_before($feed, $cat_view, $qfh_ret);
$reply['content'] = '';
- if ($headlines_count > 0) {
+ $headlines_count = 0;
+
+ $lnum = $offset;
+ $num_unread = 0;
+ if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info);
+ $expand_cdm = get_pref('CDM_EXPANDED');
+
+ while ($line = $result->fetch()) {
+
+ ++$headlines_count;
+
+ $line["content_preview"] = "— " . truncate_string(strip_tags($line["content"]), 250);
- $lnum = $offset;
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
+ $line = $p->hook_query_headlines($line, 250, false);
+ }
- $num_unread = 0;
- $cur_feed_title = '';
+ if (get_pref('SHOW_CONTENT_PREVIEW')) {
+ $content_preview = $line["content_preview"];
+ }
- if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info);
+ $id = $line["id"];
+ $feed_id = $line["feed_id"];
+ $label_cache = $line["label_cache"];
+ $labels = false;
- $expand_cdm = get_pref('CDM_EXPANDED');
+ if ($label_cache) {
+ $label_cache = json_decode($label_cache, true);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ if ($label_cache) {
+ if ($label_cache["no-labels"] == 1)
+ $labels = array();
+ else
+ $labels = $label_cache;
+ }
+ }
- $line["content_preview"] = "— " . truncate_string(strip_tags($line["content"]), 250);
+ if (!is_array($labels)) $labels = Article::get_article_labels($id);
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
- $line = $p->hook_query_headlines($line, 250, false);
- }
+ $labels_str = "<span class=\"HLLCTR-$id\">";
+ $labels_str .= Article::format_article_labels($labels);
+ $labels_str .= "</span>";
- if (get_pref('SHOW_CONTENT_PREVIEW')) {
- $content_preview = $line["content_preview"];
- }
+ if (count($topmost_article_ids) < 3) {
+ array_push($topmost_article_ids, $id);
+ }
- $id = $line["id"];
- $feed_id = $line["feed_id"];
- $label_cache = $line["label_cache"];
- $labels = false;
+ $class = "";
- if ($label_cache) {
- $label_cache = json_decode($label_cache, true);
+ if (sql_bool_to_bool($line["unread"])) {
+ $class .= " Unread";
+ ++$num_unread;
+ }
- if ($label_cache) {
- if ($label_cache["no-labels"] == 1)
- $labels = array();
- else
- $labels = $label_cache;
- }
- }
+ if (sql_bool_to_bool($line["marked"])) {
+ $marked_pic = "<img
+ src=\"images/mark_set.png\"
+ class=\"markedPic\" alt=\"Unstar article\"
+ onclick='toggleMark($id)'>";
+ $class .= " marked";
+ } else {
+ $marked_pic = "<img
+ src=\"images/mark_unset.png\"
+ class=\"markedPic\" alt=\"Star article\"
+ onclick='toggleMark($id)'>";
+ }
- if (!is_array($labels)) $labels = Article::get_article_labels($id);
+ if (sql_bool_to_bool($line["published"])) {
+ $published_pic = "<img src=\"images/pub_set.png\"
+ class=\"pubPic\"
+ alt=\"Unpublish article\" onclick='togglePub($id)'>";
+ $class .= " published";
+ } else {
+ $published_pic = "<img src=\"images/pub_unset.png\"
+ class=\"pubPic\"
+ alt=\"Publish article\" onclick='togglePub($id)'>";
+ }
- $labels_str = "<span class=\"HLLCTR-$id\">";
- $labels_str .= Article::format_article_labels($labels);
- $labels_str .= "</span>";
+ $updated_fmt = make_local_datetime($line["updated"], false, false, false, true);
+ $date_entered_fmt = T_sprintf("Imported at %s",
+ make_local_datetime($line["date_entered"], false));
- if (count($topmost_article_ids) < 3) {
- array_push($topmost_article_ids, $id);
- }
+ $score = $line["score"];
- $class = "";
+ $score_pic = "images/" . get_score_pic($score);
- if (sql_bool_to_bool($line["unread"])) {
- $class .= " Unread";
- ++$num_unread;
- }
+ $score_pic = "<img class='hlScorePic' score='$score' onclick='changeScore($id, this)' src=\"$score_pic\"
+ title=\"$score\">";
- if (sql_bool_to_bool($line["marked"])) {
- $marked_pic = "<img
- src=\"images/mark_set.png\"
- class=\"markedPic\" alt=\"Unstar article\"
- onclick='toggleMark($id)'>";
- $class .= " marked";
- } else {
- $marked_pic = "<img
- src=\"images/mark_unset.png\"
- class=\"markedPic\" alt=\"Star article\"
- onclick='toggleMark($id)'>";
- }
+ if ($score > 500) {
+ $hlc_suffix = "high";
+ } else if ($score < -100) {
+ $hlc_suffix = "low";
+ } else {
+ $hlc_suffix = "";
+ }
- if (sql_bool_to_bool($line["published"])) {
- $published_pic = "<img src=\"images/pub_set.png\"
- class=\"pubPic\"
- alt=\"Unpublish article\" onclick='togglePub($id)'>";
- $class .= " published";
- } else {
- $published_pic = "<img src=\"images/pub_unset.png\"
- class=\"pubPic\"
- alt=\"Publish article\" onclick='togglePub($id)'>";
- }
+ $entry_author = $line["author"];
-# $content_link = "<a target=\"_blank\" rel=\"noopener noreferrer\" href=\"".$line["link"]."\">" .
-# $line["title"] . "</a>";
+ if ($entry_author) {
+ $entry_author = " — $entry_author";
+ }
-# $content_link = "<a
-# href=\"" . htmlspecialchars($line["link"]) . "\"
-# onclick=\"view($id,$feed_id);\">" .
-# $line["title"] . "</a>";
+ $has_feed_icon = feed_has_icon($feed_id);
-# $content_link = "<a href=\"javascript:viewContentUrl('".$line["link"]."');\">" .
-# $line["title"] . "</a>";
+ if ($has_feed_icon) {
+ $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"".ICONS_URL."/$feed_id.ico\" alt=\"\">";
+ } else {
+ $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"images/pub_set.png\" alt=\"\">";
+ }
- $updated_fmt = make_local_datetime($line["updated"], false, false, false, true);
- $date_entered_fmt = T_sprintf("Imported at %s",
- make_local_datetime($line["date_entered"], false));
+ $entry_site_url = $line["site_url"];
- $score = $line["score"];
+ //setting feed headline background color, needs to change text color based on dark/light
+ $fav_color = $line['favicon_avg_color'];
- $score_pic = "images/" . get_score_pic($score);
+ require_once "colors.php";
-/* $score_title = __("(Click to change)");
- $score_pic = "<img class='hlScorePic' src=\"images/$score_pic\"
- onclick=\"adjustArticleScore($id, $score)\" title=\"$score $score_title\">"; */
+ if ($fav_color && $fav_color != 'fail') {
+ if (!isset($rgba_cache[$feed_id])) {
+ $rgba_cache[$feed_id] = join(",", _color_unpack($fav_color));
+ }
+ }
- $score_pic = "<img class='hlScorePic' score='$score' onclick='changeScore($id, this)' src=\"$score_pic\"
- title=\"$score\">";
+ if (!get_pref('COMBINED_DISPLAY_MODE')) {
- if ($score > 500) {
- $hlc_suffix = "high";
- } else if ($score < -100) {
- $hlc_suffix = "low";
- } else {
- $hlc_suffix = "";
- }
+ if ($vfeed_group_enabled) {
+ if ($feed_id != $vgroup_last_feed && $line["feed_title"]) {
- $entry_author = $line["author"];
+ $cur_feed_title = $line["feed_title"];
+ $vgroup_last_feed = $feed_id;
- if ($entry_author) {
- $entry_author = " — $entry_author";
- }
+ $cur_feed_title = htmlspecialchars($cur_feed_title);
- $has_feed_icon = feed_has_icon($feed_id);
+ $vf_catchup_link = "<a class='catchup' onclick='catchupFeedInGroup($feed_id);' href='#'>".__('mark feed as read')."</a>";
- if ($has_feed_icon) {
- $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"".ICONS_URL."/$feed_id.ico\" alt=\"\">";
- } else {
- $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"images/pub_set.png\" alt=\"\">";
- }
+ $reply['content'] .= "<div data-feed-id='$feed_id' id='FTITLE-$feed_id' class='cdmFeedTitle'>".
+ "<div style='float : right'>$feed_icon_img</div>".
+ "<a class='title' href=\"#\" onclick=\"viewfeed({feed:$feed_id})\">".
+ $line["feed_title"]."</a>
+ $vf_catchup_link</div>";
- $entry_site_url = $line["site_url"];
- //setting feed headline background color, needs to change text color based on dark/light
- $fav_color = $line['favicon_avg_color'];
+ }
+ }
- require_once "colors.php";
+ $mouseover_attrs = "onmouseover='postMouseIn(event, $id)'
+ onmouseout='postMouseOut($id)'";
- if ($fav_color && $fav_color != 'fail') {
- if (!isset($rgba_cache[$feed_id])) {
- $rgba_cache[$feed_id] = join(",", _color_unpack($fav_color));
- }
- }
+ $reply['content'] .= "<div class='hl hlMenuAttach $class' data-orig-feed-id='$feed_id' data-article-id='$id' id='RROW-$id' $mouseover_attrs>";
- if (!get_pref('COMBINED_DISPLAY_MODE')) {
+ $reply['content'] .= "<div class='hlLeft'>";
- if ($vfeed_group_enabled) {
- if ($feed_id != $vgroup_last_feed && $line["feed_title"]) {
+ $reply['content'] .= "<input dojoType=\"dijit.form.CheckBox\"
+ type=\"checkbox\" onclick=\"toggleSelectRow2(this)\"
+ class='rchk'>";
- $cur_feed_title = $line["feed_title"];
- $vgroup_last_feed = $feed_id;
+ $reply['content'] .= "$marked_pic";
+ $reply['content'] .= "$published_pic";
- $cur_feed_title = htmlspecialchars($cur_feed_title);
+ $reply['content'] .= "</div>";
- $vf_catchup_link = "<a class='catchup' onclick='catchupFeedInGroup($feed_id);' href='#'>".__('mark feed as read')."</a>";
+ $reply['content'] .= "<div onclick='return hlClicked(event, $id)'
+ class=\"hlTitle\"><span class='hlContent $hlc_suffix'>";
+ $reply['content'] .= "<a id=\"RTITLE-$id\" class=\"title $hlc_suffix\"
+ href=\"" . htmlspecialchars($line["link"]) . "\"
+ onclick=\"\">" .
+ truncate_string($line["title"], 200);
- $reply['content'] .= "<div data-feed-id='$feed_id' id='FTITLE-$feed_id' class='cdmFeedTitle'>".
- "<div style='float : right'>$feed_icon_img</div>".
- "<a class='title' href=\"#\" onclick=\"viewfeed({feed:$feed_id})\">".
- $line["feed_title"]."</a>
- $vf_catchup_link</div>";
+ if (get_pref('SHOW_CONTENT_PREVIEW')) {
+ $reply['content'] .= "<span class=\"contentPreview\">" . $line["content_preview"] . "</span>";
+ }
+ $reply['content'] .= "</a></span>";
- }
- }
+ $reply['content'] .= $labels_str;
- $mouseover_attrs = "onmouseover='postMouseIn(event, $id)'
- onmouseout='postMouseOut($id)'";
+ $reply['content'] .= "</div>";
- $reply['content'] .= "<div class='hl hlMenuAttach $class' data-orig-feed-id='$feed_id' data-article-id='$id' id='RROW-$id' $mouseover_attrs>";
+ if (!$vfeed_group_enabled) {
+ if (@$line["feed_title"]) {
+ $rgba = @$rgba_cache[$feed_id];
- $reply['content'] .= "<div class='hlLeft'>";
+ $reply['content'] .= "<span class=\"hlFeed\"><a style=\"background : rgba($rgba, 0.3)\" href=\"#\" onclick=\"viewfeed({feed:$feed_id})\">".
+ truncate_string($line["feed_title"],30)."</a></span>";
+ }
+ }
- $reply['content'] .= "<input dojoType=\"dijit.form.CheckBox\"
- type=\"checkbox\" onclick=\"toggleSelectRow2(this)\"
- class='rchk'>";
- $reply['content'] .= "$marked_pic";
- $reply['content'] .= "$published_pic";
+ $reply['content'] .= "<span class=\"hlUpdated\">";
- $reply['content'] .= "</div>";
+ $reply['content'] .= "<div title='$date_entered_fmt'>$updated_fmt</div>
+ </span>";
- $reply['content'] .= "<div onclick='return hlClicked(event, $id)'
- class=\"hlTitle\"><span class='hlContent $hlc_suffix'>";
- $reply['content'] .= "<a id=\"RTITLE-$id\" class=\"title $hlc_suffix\"
- href=\"" . htmlspecialchars($line["link"]) . "\"
- onclick=\"\">" .
- truncate_string($line["title"], 200);
+ $reply['content'] .= "<div class=\"hlRight\">";
- if (get_pref('SHOW_CONTENT_PREVIEW')) {
- $reply['content'] .= "<span class=\"contentPreview\">" . $line["content_preview"] . "</span>";
- }
+ $reply['content'] .= $score_pic;
- $reply['content'] .= "</a></span>";
+ if ($line["feed_title"] && !$vfeed_group_enabled) {
- $reply['content'] .= $labels_str;
+ $reply['content'] .= "<span onclick=\"viewfeed({feed:$feed_id})\"
+ style=\"cursor : pointer\"
+ title=\"".htmlspecialchars($line['feed_title'])."\">
+ $feed_icon_img</span>";
+ }
- $reply['content'] .= "</div>";
+ $reply['content'] .= "</div>";
+ $reply['content'] .= "</div>";
- if (!$vfeed_group_enabled) {
- if (@$line["feed_title"]) {
- $rgba = @$rgba_cache[$feed_id];
+ } else {
- $reply['content'] .= "<span class=\"hlFeed\"><a style=\"background : rgba($rgba, 0.3)\" href=\"#\" onclick=\"viewfeed({feed:$feed_id})\">".
- truncate_string($line["feed_title"],30)."</a></span>";
- }
- }
+ if ($line["tag_cache"])
+ $tags = explode(",", $line["tag_cache"]);
+ else
+ $tags = false;
+ $line["content"] = sanitize($line["content"],
+ sql_bool_to_bool($line['hide_images']), false, $entry_site_url, $highlight_words, $line["id"]);
- $reply['content'] .= "<span class=\"hlUpdated\">";
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_CDM) as $p) {
+ $line = $p->hook_render_article_cdm($line);
+ }
- $reply['content'] .= "<div title='$date_entered_fmt'>$updated_fmt</div>
- </span>";
+ if ($vfeed_group_enabled && $line["feed_title"]) {
+ if ($feed_id != $vgroup_last_feed) {
- $reply['content'] .= "<div class=\"hlRight\">";
+ $cur_feed_title = $line["feed_title"];
+ $vgroup_last_feed = $feed_id;
- $reply['content'] .= $score_pic;
+ $cur_feed_title = htmlspecialchars($cur_feed_title);
- if ($line["feed_title"] && !$vfeed_group_enabled) {
+ $vf_catchup_link = "<a class='catchup' onclick='catchupFeedInGroup($feed_id);' href='#'>".__('mark feed as read')."</a>";
- $reply['content'] .= "<span onclick=\"viewfeed({feed:$feed_id})\"
- style=\"cursor : pointer\"
- title=\"".htmlspecialchars($line['feed_title'])."\">
- $feed_icon_img</span>";
- }
+ $has_feed_icon = feed_has_icon($feed_id);
- $reply['content'] .= "</div>";
- $reply['content'] .= "</div>";
+ if ($has_feed_icon) {
+ $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"".ICONS_URL."/$feed_id.ico\" alt=\"\">";
+ } else {
+ //$feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\" alt=\"\">";
+ }
- } else {
+ $reply['content'] .= "<div data-feed-id='$feed_id' id='FTITLE-$feed_id' class='cdmFeedTitle'>".
+ "<div style=\"float : right\">$feed_icon_img</div>".
+ "<a href=\"#\" class='title' onclick=\"viewfeed({feed:$feed_id})\">".
+ $line["feed_title"]."</a> $vf_catchup_link</div>";
- if ($line["tag_cache"])
- $tags = explode(",", $line["tag_cache"]);
- else
- $tags = false;
+ }
+ }
- $line["content"] = sanitize($line["content"],
- sql_bool_to_bool($line['hide_images']), false, $entry_site_url, $highlight_words, $line["id"]);
+ $mouseover_attrs = "onmouseover='postMouseIn(event, $id)'
+ onmouseout='postMouseOut($id)'";
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_CDM) as $p) {
- $line = $p->hook_render_article_cdm($line);
- }
+ $expanded_class = $expand_cdm ? "expanded" : "expandable";
- if ($vfeed_group_enabled && $line["feed_title"]) {
- if ($feed_id != $vgroup_last_feed) {
+ $tmp_content = "<div class=\"cdm $hlc_suffix $expanded_class $class\"
+ id=\"RROW-$id\" data-article-id='$id' data-orig-feed-id='$feed_id' $mouseover_attrs>";
- $cur_feed_title = $line["feed_title"];
- $vgroup_last_feed = $feed_id;
+ $tmp_content .= "<div class=\"cdmHeader\">";
+ $tmp_content .= "<div style=\"vertical-align : middle\">";
- $cur_feed_title = htmlspecialchars($cur_feed_title);
+ $tmp_content .= "<input dojoType=\"dijit.form.CheckBox\"
+ type=\"checkbox\" onclick=\"toggleSelectRow2(this, false, true)\"
+ class='rchk'>";
- $vf_catchup_link = "<a class='catchup' onclick='catchupFeedInGroup($feed_id);' href='#'>".__('mark feed as read')."</a>";
+ $tmp_content .= "$marked_pic";
+ $tmp_content .= "$published_pic";
- $has_feed_icon = feed_has_icon($feed_id);
+ $tmp_content .= "</div>";
- if ($has_feed_icon) {
- $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"".ICONS_URL."/$feed_id.ico\" alt=\"\">";
- } else {
- //$feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\" alt=\"\">";
- }
+ if ($highlight_words && count($highlight_words > 0)) {
+ foreach ($highlight_words as $word) {
+ $line["title"] = preg_replace("/(\Q$word\E)/i",
+ "<span class=\"highlight\">$1</span>", $line["title"]);
+ }
+ }
- $reply['content'] .= "<div data-feed-id='$feed_id' id='FTITLE-$feed_id' class='cdmFeedTitle'>".
- "<div style=\"float : right\">$feed_icon_img</div>".
- "<a href=\"#\" class='title' onclick=\"viewfeed({feed:$feed_id})\">".
- $line["feed_title"]."</a> $vf_catchup_link</div>";
+ // data-article-id included for context menu
+ $tmp_content .= "<span id=\"RTITLE-$id\"
+ onclick=\"return cdmClicked(event, $id);\"
+ data-article-id=\"$id\"
+ class=\"titleWrap hlMenuAttach $hlc_suffix\">
+ <a class=\"title $hlc_suffix\"
+ title=\"".htmlspecialchars($line["title"])."\"
+ target=\"_blank\" rel=\"noopener noreferrer\" href=\"".
+ htmlspecialchars($line["link"])."\">".
+ $line["title"] .
+ "</a> <span class=\"author\">$entry_author</span>";
- }
- }
+ $tmp_content .= $labels_str;
- $mouseover_attrs = "onmouseover='postMouseIn(event, $id)'
- onmouseout='postMouseOut($id)'";
+ $tmp_content .= "<span class='collapseBtn' style='display : none'>
+ <img src=\"images/collapse.png\" onclick=\"cdmCollapseArticle(event, $id)\"
+ title=\"".__("Collapse article")."\"/></span>";
- $expanded_class = $expand_cdm ? "expanded" : "expandable";
-
- $tmp_content = "<div class=\"cdm $hlc_suffix $expanded_class $class\"
- id=\"RROW-$id\" data-article-id='$id' data-orig-feed-id='$feed_id' $mouseover_attrs>";
+ if (!$expand_cdm)
+ $content_hidden = "style=\"display : none\"";
+ else
+ $excerpt_hidden = "style=\"display : none\"";
- $tmp_content .= "<div class=\"cdmHeader\">";
- $tmp_content .= "<div style=\"vertical-align : middle\">";
+ $tmp_content .= "<span $excerpt_hidden id=\"CEXC-$id\" class=\"cdmExcerpt\">" . $content_preview . "</span>";
- $tmp_content .= "<input dojoType=\"dijit.form.CheckBox\"
- type=\"checkbox\" onclick=\"toggleSelectRow2(this, false, true)\"
- class='rchk'>";
+ $tmp_content .= "</span>";
- $tmp_content .= "$marked_pic";
- $tmp_content .= "$published_pic";
+ if (!$vfeed_group_enabled) {
+ if (@$line["feed_title"]) {
+ $rgba = @$rgba_cache[$feed_id];
- $tmp_content .= "</div>";
+ $tmp_content .= "<div class=\"hlFeed\">
+ <a href=\"#\" style=\"background-color: rgba($rgba,0.3)\"
+ onclick=\"viewfeed({feed:$feed_id})\">".
+ truncate_string($line["feed_title"],30)."</a>
+ </div>";
+ }
+ }
- if ($highlight_words && count($highlight_words > 0)) {
- foreach ($highlight_words as $word) {
- $line["title"] = preg_replace("/(\Q$word\E)/i",
- "<span class=\"highlight\">$1</span>", $line["title"]);
- }
- }
+ $tmp_content .= "<span class='updated' title='$date_entered_fmt'>$updated_fmt</span>";
- // data-article-id included for context menu
- $tmp_content .= "<span id=\"RTITLE-$id\"
- onclick=\"return cdmClicked(event, $id);\"
- data-article-id=\"$id\"
- class=\"titleWrap hlMenuAttach $hlc_suffix\">
- <a class=\"title $hlc_suffix\"
- title=\"".htmlspecialchars($line["title"])."\"
- target=\"_blank\" rel=\"noopener noreferrer\" href=\"".
- htmlspecialchars($line["link"])."\">".
- $line["title"] .
- "</a> <span class=\"author\">$entry_author</span>";
-
- $tmp_content .= $labels_str;
-
- $tmp_content .= "<span class='collapseBtn' style='display : none'>
- <img src=\"images/collapse.png\" onclick=\"cdmCollapseArticle(event, $id)\"
- title=\"".__("Collapse article")."\"/></span>";
-
- if (!$expand_cdm)
- $content_hidden = "style=\"display : none\"";
- else
- $excerpt_hidden = "style=\"display : none\"";
-
- $tmp_content .= "<span $excerpt_hidden id=\"CEXC-$id\" class=\"cdmExcerpt\">" . $content_preview . "</span>";
-
- $tmp_content .= "</span>";
-
- if (!$vfeed_group_enabled) {
- if (@$line["feed_title"]) {
- $rgba = @$rgba_cache[$feed_id];
-
- $tmp_content .= "<div class=\"hlFeed\">
- <a href=\"#\" style=\"background-color: rgba($rgba,0.3)\"
- onclick=\"viewfeed({feed:$feed_id})\">".
- truncate_string($line["feed_title"],30)."</a>
- </div>";
- }
- }
+ $tmp_content .= "<div class='scoreWrap' style=\"vertical-align : middle\">";
+ $tmp_content .= "$score_pic";
- $tmp_content .= "<span class='updated' title='$date_entered_fmt'>$updated_fmt</span>";
+ if (!get_pref("VFEED_GROUP_BY_FEED") && $line["feed_title"]) {
+ $tmp_content .= "<span style=\"cursor : pointer\"
+ title=\"".htmlspecialchars($line["feed_title"])."\"
+ onclick=\"viewfeed({feed:$feed_id})\">$feed_icon_img</span>";
+ }
+ $tmp_content .= "</div>"; //scoreWrap
- $tmp_content .= "<div class='scoreWrap' style=\"vertical-align : middle\">";
- $tmp_content .= "$score_pic";
+ $tmp_content .= "</div>"; //cdmHeader
- if (!get_pref("VFEED_GROUP_BY_FEED") && $line["feed_title"]) {
- $tmp_content .= "<span style=\"cursor : pointer\"
- title=\"".htmlspecialchars($line["feed_title"])."\"
- onclick=\"viewfeed({feed:$feed_id})\">$feed_icon_img</span>";
- }
- $tmp_content .= "</div>"; //scoreWrap
+ $tmp_content .= "<div class=\"cdmContent\" $content_hidden
+ onclick=\"return cdmClicked(event, $id, true);\"
+ id=\"CICD-$id\">";
- $tmp_content .= "</div>"; //cdmHeader
+ $tmp_content .= "<div id=\"POSTNOTE-$id\">";
+ if ($line['note']) {
+ $tmp_content .= Article::format_article_note($id, $line['note']);
+ }
+ $tmp_content .= "</div>"; //POSTNOTE
- $tmp_content .= "<div class=\"cdmContent\" $content_hidden
- onclick=\"return cdmClicked(event, $id, true);\"
- id=\"CICD-$id\">";
+ if (!$line['lang']) $line['lang'] = 'en';
- $tmp_content .= "<div id=\"POSTNOTE-$id\">";
- if ($line['note']) {
- $tmp_content .= Article::format_article_note($id, $line['note']);
- }
- $tmp_content .= "</div>"; //POSTNOTE
+ $tmp_content .= "<div class=\"cdmContentInner\" lang=\"".$line['lang']."\">";
- if (!$line['lang']) $line['lang'] = 'en';
+ if ($line["orig_feed_id"]) {
- $tmp_content .= "<div class=\"cdmContentInner\" lang=\"".$line['lang']."\">";
+ $ofgh = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $ofgh->execute([$line["orig_feed_id"], $_SESSION['uid']]);
- if ($line["orig_feed_id"]) {
+ if ($tmp_line = $ofgh->fetch()) {
- $tmp_result = $this->dbh->query("SELECT * FROM ttrss_archived_feeds
- WHERE id = ".$line["orig_feed_id"] . " AND owner_uid = " . $_SESSION["uid"]);
+ $tmp_content .= "<div clear='both'>";
+ $tmp_content .= __("Originally from:");
- if ($this->dbh->num_rows($tmp_result) != 0) {
+ $tmp_content .= " ";
- $tmp_content .= "<div clear='both'>";
- $tmp_content .= __("Originally from:");
+ $tmp_content .= "<a target='_blank' rel='noopener noreferrer'
+ href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" .
+ $tmp_line['title'] . "</a>";
- $tmp_content .= " ";
+ $tmp_content .= " ";
- $tmp_line = $this->dbh->fetch_assoc($tmp_result);
+ $tmp_content .= "<a target='_blank' rel='noopener noreferrer' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
+ $tmp_content .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_unset.png'></a>";
- $tmp_content .= "<a target='_blank' rel='noopener noreferrer'
- href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" .
- $tmp_line['title'] . "</a>";
+ $tmp_content .= "</div>";
+ }
+ }
- $tmp_content .= " ";
+ $tmp_content .= "<span id=\"CWRAP-$id\">";
+ $tmp_content .= "<span id=\"CENCW-$id\" class=\"cencw\" style=\"display : none\">";
+ $tmp_content .= htmlspecialchars($line["content"]);
+ $tmp_content .= "</span>";
+ $tmp_content .= "</span>";
- $tmp_content .= "<a target='_blank' rel='noopener noreferrer' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
- $tmp_content .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_unset.png'></a>";
+ $tmp_content .= "</div>"; //cdmContentInner
- $tmp_content .= "</div>";
- }
- }
+ $tmp_content .= "<div class=\"cdmIntermediate\">";
- $tmp_content .= "<span id=\"CWRAP-$id\">";
- $tmp_content .= "<span id=\"CENCW-$id\" class=\"cencw\" style=\"display : none\">";
- $tmp_content .= htmlspecialchars($line["content"]);
- $tmp_content .= "</span>";
- $tmp_content .= "</span>";
+ $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]);
+ $tmp_content .= Article::format_article_enclosures($id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"]));
- $tmp_content .= "</div>"; //cdmContentInner
+ $tmp_content .= "</div>"; // cdmIntermediate
- $tmp_content .= "<div class=\"cdmIntermediate\">";
+ $tmp_content .= "<div class=\"cdmFooter\" onclick=\"cdmFooterClick(event)\">";
- $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]);
- $tmp_content .= Article::format_article_enclosures($id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"]));
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_LEFT_BUTTON) as $p) {
+ $tmp_content .= $p->hook_article_left_button($line);
+ }
- $tmp_content .= "</div>"; // cdmIntermediate
+ $tags_str = Article::format_tags_string($tags, $id);
- $tmp_content .= "<div class=\"cdmFooter\" onclick=\"cdmFooterClick(event)\">";
+ $tmp_content .= "<span class='left'>";
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_LEFT_BUTTON) as $p) {
- $tmp_content .= $p->hook_article_left_button($line);
- }
+ $tmp_content .= "<img src='images/tag.png' alt='Tags' title='Tags'>
+ <span id=\"ATSTR-$id\">$tags_str</span>
+ <a title=\"".__('Edit tags for this article')."\"
+ href=\"#\" onclick=\"editArticleTags($id)\">(+)</a>";
- $tags_str = Article::format_tags_string($tags, $id);
+ $num_comments = (int) $line["num_comments"];
+ $entry_comments = "";
- $tmp_content .= "<span class='left'>";
+ if ($num_comments > 0) {
+ if ($line["comments"]) {
+ $comments_url = htmlspecialchars($line["comments"]);
+ } else {
+ $comments_url = htmlspecialchars($line["link"]);
+ }
+ $entry_comments = "<a class=\"postComments\"
+ target='_blank' rel='noopener noreferrer' href=\"$comments_url\">$num_comments ".
+ _ngettext("comment", "comments", $num_comments)."</a>";
- $tmp_content .= "<img src='images/tag.png' alt='Tags' title='Tags'>
- <span id=\"ATSTR-$id\">$tags_str</span>
- <a title=\"".__('Edit tags for this article')."\"
- href=\"#\" onclick=\"editArticleTags($id)\">(+)</a>";
+ } else {
+ if ($line["comments"] && $line["link"] != $line["comments"]) {
+ $entry_comments = "<a class=\"postComments\" target='_blank' rel='noopener noreferrer' href=\"".htmlspecialchars($line["comments"])."\">".__("comments")."</a>";
+ }
+ }
- $num_comments = (int) $line["num_comments"];
- $entry_comments = "";
+ if ($entry_comments) $tmp_content .= " ($entry_comments)";
- if ($num_comments > 0) {
- if ($line["comments"]) {
- $comments_url = htmlspecialchars($line["comments"]);
- } else {
- $comments_url = htmlspecialchars($line["link"]);
- }
- $entry_comments = "<a class=\"postComments\"
- target='_blank' rel='noopener noreferrer' href=\"$comments_url\">$num_comments ".
- _ngettext("comment", "comments", $num_comments)."</a>";
+ $tmp_content .= "</span>";
+ $tmp_content .= "<div>";
- } else {
- if ($line["comments"] && $line["link"] != $line["comments"]) {
- $entry_comments = "<a class=\"postComments\" target='_blank' rel='noopener noreferrer' href=\"".htmlspecialchars($line["comments"])."\">".__("comments")."</a>";
- }
- }
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_BUTTON) as $p) {
+ $tmp_content .= $p->hook_article_button($line);
+ }
- if ($entry_comments) $tmp_content .= " ($entry_comments)";
+ $tmp_content .= "</div>"; // buttons
- $tmp_content .= "</span>";
- $tmp_content .= "<div>";
+ $tmp_content .= "</div>"; // cdmFooter
+ $tmp_content .= "</div>"; // cdmContent
+ $tmp_content .= "</div>"; // RROW.cdm
-// $tmp_content .= "$marked_pic";
-// $tmp_content .= "$published_pic";
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FORMAT_ARTICLE_CDM) as $p) {
+ $tmp_content = $p->hook_format_article_cdm($tmp_content, $line);
+ }
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ARTICLE_BUTTON) as $p) {
- $tmp_content .= $p->hook_article_button($line);
- }
+ $reply['content'] .= $tmp_content;
+ }
- $tmp_content .= "</div>"; // buttons
+ ++$lnum;
+ }
- $tmp_content .= "</div>"; // cdmFooter
- $tmp_content .= "</div>"; // cdmContent
- $tmp_content .= "</div>"; // RROW.cdm
+ if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PE", $timing_info);
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_FORMAT_ARTICLE_CDM) as $p) {
- $tmp_content = $p->hook_format_article_cdm($tmp_content, $line);
- }
+ if (!$headlines_count) {
- $reply['content'] .= $tmp_content;
- }
+ if (!is_numeric($result)) {
- ++$lnum;
- }
+ switch ($view_mode) {
+ case "unread":
+ $message = __("No unread articles found to display.");
+ break;
+ case "updated":
+ $message = __("No updated articles found to display.");
+ break;
+ case "marked":
+ $message = __("No starred articles found to display.");
+ break;
+ default:
+ if ($feed < LABEL_BASE_INDEX) {
+ $message = __("No articles found to display. You can assign articles to labels manually from article header context menu (applies to all selected articles) or use a filter.");
+ } else {
+ $message = __("No articles found to display.");
+ }
+ }
- if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PE", $timing_info);
-
- } else if (!is_numeric($result)) {
- $message = "";
-
- switch ($view_mode) {
- case "unread":
- $message = __("No unread articles found to display.");
- break;
- case "updated":
- $message = __("No updated articles found to display.");
- break;
- case "marked":
- $message = __("No starred articles found to display.");
- break;
- default:
- if ($feed < LABEL_BASE_INDEX) {
- $message = __("No articles found to display. You can assign articles to labels manually from article header context menu (applies to all selected articles) or use a filter.");
- } else {
- $message = __("No articles found to display.");
- }
- }
+ if (!$offset && $message) {
+ $reply['content'] = "<div class='whiteBox'>$message";
- if (!$offset && $message) {
- $reply['content'] = "<div class='whiteBox'>$message";
+ $reply['content'] .= "<p><span class=\"insensitive\">";
- $reply['content'] .= "<p><span class=\"insensitive\">";
+ $sth = $this->pdo->prepare("SELECT " . SUBSTRING_FOR_DATE . "(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
+ WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $result = $this->dbh->query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
- WHERE owner_uid = " . $_SESSION['uid']);
+ $last_updated = make_local_datetime($row["last_updated"], false);
- $last_updated = $this->dbh->fetch_result($result, 0, "last_updated");
- $last_updated = make_local_datetime($last_updated, false);
+ $reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
- $reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $num_errors = $row["num_errors"];
- $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
+ if ($num_errors > 0) {
+ $reply['content'] .= "<br/>";
+ $reply['content'] .= "<a class=\"insensitive\" href=\"#\" onclick=\"showFeedsWithErrors()\">" .
+ __('Some feeds have update errors (click for details)') . "</a>";
+ }
+ $reply['content'] .= "</span></p></div>";
- if ($num_errors > 0) {
- $reply['content'] .= "<br/>";
- $reply['content'] .= "<a class=\"insensitive\" href=\"#\" onclick=\"showFeedsWithErrors()\">".
- __('Some feeds have update errors (click for details)')."</a>";
}
- $reply['content'] .= "</span></p></div>";
-
+ } else if (is_numeric($result) && $result == -1) {
+ $reply['first_id_changed'] = true;
}
- } else if (is_numeric($result) && $result == -1) {
- $reply['first_id_changed'] = true;
}
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H2", $timing_info);
}
function catchupAll() {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- last_read = NOW(), unread = false WHERE unread = true AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ last_read = NOW(), unread = false WHERE unread = true AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+
CCache::zero_all($_SESSION["uid"]);
}
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
- $feed = $this->dbh->escape_string($_REQUEST["feed"]);
- $method = $this->dbh->escape_string($_REQUEST["m"]);
- $view_mode = $this->dbh->escape_string($_REQUEST["view_mode"]);
+ $feed = $_REQUEST["feed"];
+ $method = $_REQUEST["m"];
+ $view_mode = $_REQUEST["view_mode"];
$limit = 30;
@$cat_view = $_REQUEST["cat"] == "true";
- @$next_unread_feed = $this->dbh->escape_string($_REQUEST["nuf"]);
- @$offset = $this->dbh->escape_string($_REQUEST["skip"]);
- @$vgroup_last_feed = $this->dbh->escape_string($_REQUEST["vgrlf"]);
- $order_by = $this->dbh->escape_string($_REQUEST["order_by"]);
- $check_first_id = $this->dbh->escape_string($_REQUEST["fid"]);
+ @$next_unread_feed = $_REQUEST["nuf"];
+ @$offset = $_REQUEST["skip"];
+ @$vgroup_last_feed = $_REQUEST["vgrlf"];
+ $order_by = $_REQUEST["order_by"];
+ $check_first_id = $_REQUEST["fid"];
if (is_numeric($feed)) $feed = (int) $feed;
return;
}
- $result = false;
-
+ $sth = false;
if ($feed < LABEL_BASE_INDEX) {
+
$label_feed = Labels::feed_to_label_id($feed);
- $result = $this->dbh->query("SELECT id FROM ttrss_labels2 WHERE
- id = '$label_feed' AND owner_uid = " . $_SESSION['uid']);
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2 WHERE
+ id = ? AND owner_uid = ?");
+ $sth->execute([$label_feed, $_SESSION['uid']]);
+
} else if (!$cat_view && is_numeric($feed) && $feed > 0) {
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- id = '$feed' AND owner_uid = " . $_SESSION['uid']);
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ id = ? AND owner_uid = ?");
+ $sth->execute([$feed, $_SESSION['uid']]);
+
} else if ($cat_view && is_numeric($feed) && $feed > 0) {
- $result = $this->dbh->query("SELECT id FROM ttrss_feed_categories WHERE
- id = '$feed' AND owner_uid = " . $_SESSION['uid']);
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feed_categories WHERE
+ id = ? AND owner_uid = ?");
+
+ $sth->execute([$feed, $_SESSION['uid']]);
}
- if ($result && $this->dbh->num_rows($result) == 0) {
+ if ($sth && !$sth->fetch()) {
print json_encode($this->generate_error_feed(__("Feed not found.")));
return;
}
/* bump login timestamp if needed */
if (time() - $_SESSION["last_login_update"] > 3600) {
- $this->dbh->query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
- $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
+
$_SESSION["last_login_update"] = time();
}
if (!$cat_view && is_numeric($feed) && $feed > 0) {
- $this->dbh->query("UPDATE ttrss_feeds SET last_viewed = NOW()
- WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET last_viewed = NOW()
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed, $_SESSION['uid']]);
}
$reply['headlines'] = array();
$reply['headlines']['content'] .= "<p><span class=\"insensitive\">";
- $result = $this->dbh->query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
- WHERE owner_uid = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
+ WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $last_updated = $this->dbh->fetch_result($result, 0, "last_updated");
- $last_updated = make_local_datetime($last_updated, false);
+ $last_updated = make_local_datetime($row["last_updated"], false);
$reply['headlines']['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
- $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
+ $num_errors = $row["num_errors"];
if ($num_errors > 0) {
$reply['headlines']['content'] .= "<br/>";
function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $browser_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $browser_search = $_REQUEST["search"];
print_hidden("op", "rpc");
print_hidden("method", "updateFeedBrowser");
}
function search() {
- $this->params = explode(":", $this->dbh->escape_string($_REQUEST["param"]), 2);
+ $this->params = explode(":", $_REQUEST["param"], 2);
$active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false";
if (!$owner_uid) $owner_uid = $_SESSION['uid'];
+ $pdo = Db::pdo();
+
// Todo: all this interval stuff needs some generic generator function
- $date_qpart = "false";
$search_qpart = is_array($search) && $search[0] ? search_to_sql($search[0], $search[1])[0] : 'true';
switch ($mode) {
$cat_qpart = "cat_id IS NULL";
}
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND unread = true AND feed_id IN
+ AND owner_uid = ? AND unread = true AND feed_id IN
(SELECT id FROM ttrss_feeds WHERE $cat_qpart) AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid]);
} else if ($feed == -2) {
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false,last_read = NOW() WHERE (SELECT COUNT(*)
FROM ttrss_user_labels2, ttrss_entries WHERE article_id = ref_id AND id = ref_id AND $date_qpart AND $search_qpart) > 0
- AND unread = true AND owner_uid = $owner_uid");
+ AND unread = true AND owner_uid = ?");
+ $sth->execute([$owner_uid]);
}
} else if ($feed > 0) {
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND unread = true AND feed_id = $feed AND $date_qpart AND $search_qpart) as tmp)");
+ AND owner_uid = ? AND unread = true AND feed_id = ? AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid, $feed]);
} else if ($feed < 0 && $feed > LABEL_BASE_INDEX) { // special, like starred
if ($feed == -1) {
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND unread = true AND marked = true AND $date_qpart AND $search_qpart) as tmp)");
+ AND owner_uid = ? AND unread = true AND marked = true AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid]);
}
if ($feed == -2) {
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND unread = true AND published = true AND $date_qpart AND $search_qpart) as tmp)");
+ AND owner_uid = ? AND unread = true AND published = true AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid]);
}
if ($feed == -3) {
- $intl = get_pref("FRESH_ARTICLE_MAX_AGE");
+ $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE");
if (DB_TYPE == "pgsql") {
$match_part = "date_entered > NOW() - INTERVAL '$intl hour' ";
INTERVAL $intl HOUR) ";
}
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND score >= 0 AND unread = true AND $date_qpart AND $match_part AND $search_qpart) as tmp)");
+ AND owner_uid = ? AND score >= 0 AND unread = true AND $date_qpart AND $match_part AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid]);
}
if ($feed == -4) {
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT id FROM ttrss_entries, ttrss_user_entries WHERE ref_id = id
- AND owner_uid = $owner_uid AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ AND owner_uid = ? AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$owner_uid]);
}
} else if ($feed < LABEL_BASE_INDEX) { // label
$label_id = Labels::feed_to_label_id($feed);
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT ttrss_entries.id FROM ttrss_entries, ttrss_user_entries, ttrss_user_labels2 WHERE ref_id = id
- AND label_id = '$label_id' AND ref_id = article_id
- AND owner_uid = $owner_uid AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ AND label_id = ? AND ref_id = article_id
+ AND owner_uid = ? AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$label_id, $owner_uid]);
}
CCache::update($feed, $owner_uid, $cat_view);
} else { // tag
- db_query("UPDATE ttrss_user_entries
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
SET unread = false, last_read = NOW() WHERE ref_id IN
(SELECT id FROM
(SELECT DISTINCT ttrss_entries.id FROM ttrss_entries, ttrss_user_entries, ttrss_tags WHERE ref_id = ttrss_entries.id
- AND post_int_id = int_id AND tag_name = '$feed'
- AND ttrss_user_entries.owner_uid = $owner_uid AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ AND post_int_id = int_id AND tag_name = ?
+ AND ttrss_user_entries.owner_uid = ? AND unread = true AND $date_qpart AND $search_qpart) as tmp)");
+ $sth->execute([$feed, $owner_uid]);
}
}
$n_feed = (int) $feed;
$need_entries = false;
+ $pdo = Db::pdo();
+
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
if ($unread_only) {
$unread_qpart = "true";
}
+ $match_part = "";
+
if ($is_cat) {
return Feeds::getCategoryUnread($n_feed, $owner_uid);
} else if ($n_feed == -6) {
return 0;
} else if ($feed != "0" && $n_feed == 0) {
- $feed = db_escape_string($feed);
-
- $result = db_query("SELECT SUM((SELECT COUNT(int_id)
+ $sth = $pdo->prepare("SELECT SUM((SELECT COUNT(int_id)
FROM ttrss_user_entries,ttrss_entries WHERE int_id = post_int_id
AND ref_id = id AND $unread_qpart)) AS count FROM ttrss_tags
- WHERE owner_uid = $owner_uid AND tag_name = '$feed'");
- return db_fetch_result($result, 0, "count");
+ WHERE owner_uid = ? AND tag_name = ?");
+
+ $sth->execute([$owner_uid, $feed]);
+ $row = $sth->fetch();
+
+ return $row["count"];
} else if ($n_feed == -1) {
$match_part = "marked = true";
} else if ($n_feed == -3) {
$match_part = "unread = true AND score >= 0";
- $intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
+ $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
if (DB_TYPE == "pgsql") {
$match_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
$label_id = Labels::feed_to_label_id($feed);
return Feeds::getLabelUnread($label_id, $owner_uid);
-
}
if ($match_part) {
$from_where = "";
}
- $query = "SELECT count(int_id) AS unread
+ $sth = $pdo->prepare("SELECT count(int_id) AS unread
FROM $from_qpart WHERE
- $unread_qpart AND $from_where ($match_part) AND ttrss_user_entries.owner_uid = $owner_uid";
-
- //echo "[$feed/$query]\n";
+ $unread_qpart AND $from_where ($match_part) AND ttrss_user_entries.owner_uid = ?");
+ $sth->execute([$owner_uid]);
+ $row = $sth->fetch();
- $result = db_query($query);
+ return $row["unread"];
} else {
- $result = db_query("SELECT COUNT(post_int_id) AS unread
+ $sth = $pdo->prepare("SELECT COUNT(post_int_id) AS unread
FROM ttrss_tags,ttrss_user_entries,ttrss_entries
- WHERE tag_name = '$feed' AND post_int_id = int_id AND ref_id = ttrss_entries.id
- AND $unread_qpart AND ttrss_tags.owner_uid = " . $owner_uid);
- }
+ WHERE tag_name = ? AND post_int_id = int_id AND ref_id = ttrss_entries.id
+ AND $unread_qpart AND ttrss_tags.owner_uid = ,");
- $unread = db_fetch_result($result, 0, "unread");
+ $sth->execute([$feed, $owner_uid]);
+ $row = $sth->fetch();
- return $unread;
+ return $row["unread"];
+ }
}
/**
global $fetch_last_error;
global $fetch_last_error_content;
+ $pdo = Db::pdo();
+
$url = fix_url($url);
if (!$url || !validate_feed_url($url)) return array("code" => 2);
$cat_qpart = "'$cat_id'";
}
- $result = db_query(
- "SELECT id FROM ttrss_feeds
- WHERE feed_url = '$url' AND owner_uid = ".$_SESSION["uid"]);
+ if (!(int)$cat_id) $cat_id = null;
- $auth_pass = db_escape_string($auth_pass);
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$url, $_SESSION['uid']]);
- if (db_num_rows($result) == 0) {
- $result = db_query(
+ if ($row = $sth->fetch()) {
+ return array("code" => 0, "feed_id" => (int) $row["id"]);
+ } else {
+ $sth = $pdo->prepare(
"INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id, auth_login,auth_pass,update_method,auth_pass_encrypted)
- VALUES ('".$_SESSION["uid"]."', '$url',
- '[Unknown]', $cat_qpart, '$auth_login', '$auth_pass', 0, false)");
+ VALUES (?, ?, ?, ?, ?, ?, 0, false)");
- $result = db_query(
- "SELECT id FROM ttrss_feeds WHERE feed_url = '$url'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth->execute([$_SESSION['uid'], $url, "[Unknown]", $cat_id, $auth_login, $auth_pass]);
- $feed_id = db_fetch_result($result, 0, "id");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
+ AND owner_uid = ?");
+ $sth->execute([$url, $_SESSION['uid']]);
+ $row = $sth->fetch();
+
+ $feed_id = $row["id"];
if ($feed_id) {
RSSUtils::set_basic_feed_info($feed_id);
}
return array("code" => 1, "feed_id" => (int) $feed_id);
- } else {
- return array("code" => 0, "feed_id" => (int) db_fetch_result($result, 0, "id"));
+
}
}
}
static function getFeedTitle($id, $cat = false) {
+ $pdo = Db::pdo();
+
if ($cat) {
return Feeds::getCategoryTitle($id);
} else if ($id == -1) {
} else if ($id == -6) {
return __("Recently read");
} else if ($id < LABEL_BASE_INDEX) {
+
$label_id = Labels::feed_to_label_id($id);
- $result = db_query("SELECT caption FROM ttrss_labels2 WHERE id = '$label_id'");
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "caption");
+
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2 WHERE id = ?");
+ $sth->execute([$label_id]);
+
+ if ($row = $sth->fetch()) {
+ return $row["caption"];
} else {
return "Unknown label ($label_id)";
}
} else if (is_numeric($id) && $id > 0) {
- $result = db_query("SELECT title FROM ttrss_feeds WHERE id = '$id'");
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "title");
+
+ $sth = $pdo->prepare("SELECT title FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$id]);
+
+ if ($row = $sth->fetch()) {
+ return $row["title"];
} else {
return "Unknown feed ($id)";
}
+
} else {
return $id;
}
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
+ $pdo = Db::pdo();
+
if ($cat >= 0) {
- if ($cat != 0) {
- $cat_query = "cat_id = '$cat'";
- } else {
- $cat_query = "cat_id IS NULL";
- }
+ if (!$cat) $cat = null;
+
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE (cat_id = :cat OR (:cat IS NULL AND cat_id IS NULL))
+ AND owner_uid = :uid");
- $result = db_query("SELECT id FROM ttrss_feeds WHERE $cat_query
- AND owner_uid = " . $owner_uid);
+ $sth->execute([":cat" => $cat, ":uid" => $owner_uid]);
$cat_feeds = array();
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($cat_feeds, "feed_id = " . $line["id"]);
}
$match_part = implode(" OR ", $cat_feeds);
- $result = db_query("SELECT COUNT(int_id) AS unread
+ $sth = $pdo->prepare("SELECT COUNT(int_id) AS unread
FROM ttrss_user_entries
WHERE unread = true AND ($match_part)
- AND owner_uid = " . $owner_uid);
+ AND owner_uid = ?");
+ $sth->execute([$owner_uid]);
$unread = 0;
# this needs to be rewritten
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$unread += $line["unread"];
}
return getFeedUnread(-1) + getFeedUnread(-2) + getFeedUnread(-3) + getFeedUnread(0);
} else if ($cat == -2) {
- $result = db_query("
- SELECT COUNT(unread) AS unread FROM
+ $sth = $pdo->prepare("SELECT COUNT(unread) AS unread FROM
ttrss_user_entries, ttrss_user_labels2
WHERE article_id = ref_id AND unread = true
- AND ttrss_user_entries.owner_uid = '$owner_uid'");
-
- $unread = db_fetch_result($result, 0, "unread");
-
- return $unread;
+ AND ttrss_user_entries.owner_uid = ?");
+ $sth->execute([$owner_uid]);
+ $row = $sth->fetch();
+ return $row["unread"];
}
}
static function getCategoryChildrenUnread($cat, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $result = db_query("SELECT id FROM ttrss_feed_categories WHERE parent_cat = '$cat'
- AND owner_uid = $owner_uid");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories WHERE parent_cat = ?
+ AND owner_uid = ?");
+ $sth->execute([$cat, $owner_uid]);
$unread = 0;
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$unread += Feeds::getCategoryUnread($line["id"], $owner_uid);
$unread += Feeds::getCategoryChildrenUnread($line["id"], $owner_uid);
}
static function getGlobalUnread($user_id = false) {
- if (!$user_id) {
- $user_id = $_SESSION["uid"];
- }
+ if (!$user_id) $user_id = $_SESSION["uid"];
- $result = db_query("SELECT SUM(value) AS c_id FROM ttrss_counters_cache
- WHERE owner_uid = '$user_id' AND feed_id > 0");
+ $pdo = Db::pdo();
- $c_id = db_fetch_result($result, 0, "c_id");
+ $sth = $pdo->prepare("SELECT SUM(value) AS c_id FROM ttrss_counters_cache
+ WHERE owner_uid = ? AND feed_id > 0");
+ $sth->execute([$user_id]);
+ $row = $sth->fetch();
- return $c_id;
+ return $row["c_id"];
}
static function getCategoryTitle($cat_id) {
return __("Labels");
} else {
- $result = db_query("SELECT title FROM ttrss_feed_categories WHERE
- id = '$cat_id'");
+ $pdo = Db::pdo();
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "title");
+ $sth = $pdo->prepare("SELECT title FROM ttrss_feed_categories WHERE
+ id = ?");
+ $sth->execute([$cat_id]);
+
+ if ($row = $sth->fetch()) {
+ return $row["title"];
} else {
return __("Uncategorized");
}
static function getLabelUnread($label_id, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $result = db_query("SELECT COUNT(ref_id) AS unread FROM ttrss_user_entries, ttrss_user_labels2
- WHERE owner_uid = '$owner_uid' AND unread = true AND label_id = '$label_id' AND article_id = ref_id");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT COUNT(ref_id) AS unread FROM ttrss_user_entries, ttrss_user_labels2
+ WHERE owner_uid = ? AND unread = true AND label_id = ? AND article_id = ref_id");
- if (db_num_rows($result) != 0) {
- return db_fetch_result($result, 0, "unread");
+ $sth->execute([$owner_uid, $label_id]);
+
+ if ($row = $sth->fetch()) {
+ return $row["unread"];
} else {
return 0;
}
static function queryFeedHeadlines($params) {
+ $pdo = Db::pdo();
+
+ // WARNING: due to highly dynamic nature of this query its going to quote parameters
+ // right before adding them to SQL part
+
$feed = $params["feed"];
$limit = isset($params["limit"]) ? $params["limit"] : 30;
$view_mode = $params["view_mode"];
$skip_first_id_check = isset($params["skip_first_id_check"]) ? $params["skip_first_id_check"] : false;
$ext_tables_part = "";
- $query_strategy_part = "";
+ $limit_query_part = "";
$search_words = array();
}
if ($since_id) {
- $since_id_part = "ttrss_entries.id > $since_id AND ";
+ $since_id_part = "ttrss_entries.id > ".$pdo->quote($since_id)." AND ";
} else {
$since_id_part = "";
}
}
if ($limit > 0) {
- $limit_query_part = "LIMIT " . $limit;
+ $limit_query_part = "LIMIT " . (int)$limit;
}
$allow_archived = false;
implode(",", $subcats).")";
} else {
- $query_strategy_part = "cat_id = '$feed'";
+ $query_strategy_part = "cat_id = " . $pdo->quote($feed);
}
} else {
$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
} else {
- $query_strategy_part = "feed_id = '$feed'";
+ $query_strategy_part = "feed_id = " . $pdo->quote($feed);
}
} else if ($feed == 0 && !$cat_view) { // archive virtual feed
$query_strategy_part = "feed_id IS NULL";
} else if ($feed == -3) { // fresh virtual feed
$query_strategy_part = "unread = true AND score >= 0";
- $intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
+ $intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
if (DB_TYPE == "pgsql") {
$query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
} else if ($feed <= LABEL_BASE_INDEX) { // labels
$label_id = Labels::feed_to_label_id($feed);
- $query_strategy_part = "label_id = '$label_id' AND
+ $query_strategy_part = "label_id = ".$pdo->quote($label_id)." AND
ttrss_labels2.id = ttrss_user_labels2.label_id AND
ttrss_user_labels2.article_id = ref_id";
$vfeed_query_part = $override_vfeed;
}
- $feed_title = "";
-
if ($search) {
$feed_title = T_sprintf("Search results: %s", $search);
} else {
$feed_title = Feeds::getCategoryTitle($feed);
} else {
if (is_numeric($feed) && $feed > 0) {
- $result = db_query("SELECT title,site_url,last_error,last_updated
- FROM ttrss_feeds WHERE id = '$feed' AND owner_uid = $owner_uid");
-
- $feed_title = db_fetch_result($result, 0, "title");
- $feed_site_url = db_fetch_result($result, 0, "site_url");
- $last_error = db_fetch_result($result, 0, "last_error");
- $last_updated = db_fetch_result($result, 0, "last_updated");
+ $ssth = $pdo->prepare("SELECT title,site_url,last_error,last_updated
+ FROM ttrss_feeds WHERE id = ? AND owner_uid = ?");
+ $ssth->execute([$feed, $owner_uid]);
+ $row = $ssth->fetch();
+
+ $feed_title = $row["title"];
+ $feed_site_url = $row["site_url"];
+ $last_error = $row["last_error"];
+ $last_updated = $row["last_updated"];
} else {
$feed_title = Feeds::getFeedTitle($feed);
}
}
}
-
$content_query_part = "content, ";
if ($limit_query_part) {
- $offset_query_part = "OFFSET $offset";
+ $offset_query_part = "OFFSET " . (int)$offset;
} else {
$offset_query_part = "";
}
// proper override_order applied above
if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) {
if (!$override_order) {
- $order_by = "ttrss_feeds.title, $order_by";
+ $order_by = "ttrss_feeds.title, ".$pdo->quote($order_by);
} else {
- $order_by = "ttrss_feeds.title, $override_order";
+ $order_by = "ttrss_feeds.title, ".$pdo->quote($override_order);
}
}
$from_qpart
WHERE
$feed_check_qpart
- ttrss_user_entries.owner_uid = '$owner_uid' AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$since_id_part
print $query;
}
- $result = db_query($query);
- if ($result && db_num_rows($result) > 0) {
- $first_id = (int)db_fetch_result($result, 0, "id");
+ $res = $pdo->query($query);
+
+ if ($row = $res->fetch()) {
+ $first_id = (int)$row["id"];
if ($offset > 0 && $first_id && $check_first_id && $first_id != $check_first_id) {
return array(-1, $feed_title, $feed_site_url, $last_error, $last_updated, $search_words, $first_id);
$from_qpart
WHERE
$feed_check_qpart
- ttrss_user_entries.owner_uid = '$owner_uid' AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$view_query_part
if ($_REQUEST["debug"]) print $query;
- $result = db_query($query);
+ $res = $pdo->query($query);
} else {
// browsing by tag
FROM ttrss_entries, ttrss_user_entries, ttrss_tags
WHERE
ref_id = ttrss_entries.id AND
- ttrss_user_entries.owner_uid = $owner_uid AND
+ ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
post_int_id = int_id AND
- tag_name = '$feed' AND
+ tag_name = ".$pdo->quote($feed)." AND
$view_query_part
$search_query_part
$query_strategy_part ORDER BY $order_by
if ($_REQUEST["debug"]) print $query;
- $result = db_query($query);
+ $res = $pdo->query($query);
}
- return array($result, $feed_title, $feed_site_url, $last_error, $last_updated, $search_words, $first_id);
+ return array($res, $feed_title, $feed_site_url, $last_error, $last_updated, $search_words, $first_id);
}
static function getParentCategories($cat, $owner_uid) {
$rv = array();
- $result = db_query("SELECT parent_cat FROM ttrss_feed_categories
- WHERE id = '$cat' AND parent_cat IS NOT NULL AND owner_uid = $owner_uid");
+ $pdo = Db::pdo();
- while ($line = db_fetch_assoc($result)) {
+ $sth = $pdo->prepare("SELECT parent_cat FROM ttrss_feed_categories
+ WHERE id = ? AND parent_cat IS NOT NULL AND owner_uid = ?");
+ $sth->execute([$cat, $owner_uid]);
+
+ while ($line = $sth->fetch()) {
array_push($rv, $line["parent_cat"]);
$rv = array_merge($rv, Feeds::getParentCategories($line["parent_cat"], $owner_uid));
}
static function getChildCategories($cat, $owner_uid) {
$rv = array();
- $result = db_query("SELECT id FROM ttrss_feed_categories
- WHERE parent_cat = '$cat' AND owner_uid = $owner_uid");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE parent_cat = ? AND owner_uid = ?");
+ $sth->execute([$cat, $owner_uid]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($rv, $line["id"]);
$rv = array_merge($rv, Feeds::getChildCategories($line["id"], $owner_uid));
}
}
static function getFeedCategory($feed) {
- $result = db_query("SELECT cat_id FROM ttrss_feeds
- WHERE id = '$feed'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT cat_id FROM ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$feed]);
- if (db_num_rows($result) > 0) {
- return db_fetch_result($result, 0, "cat_id");
+ if ($row = $sth->fetch()) {
+ return $row["cat_id"];
} else {
return false;
}
<?php
class Handler implements IHandler {
protected $dbh;
+ protected $pdo;
protected $args;
function __construct($args) {
$this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->args = $args;
}
$date_sort_field = "updated DESC";
break;
}
-
- $params = array(
- "owner_uid" => $owner_uid,
- "feed" => $feed,
- "limit" => 1,
- "view_mode" => $view_mode,
- "cat_view" => $is_cat,
- "search" => $search,
- "override_order" => $date_sort_field,
- "include_children" => true,
- "ignore_vfeed_group" => true,
- "offset" => $offset,
- "start_ts" => $start_ts
- );
-
- $qfh_ret = Feeds::queryFeedHeadlines($params);
-
- $result = $qfh_ret[0];
-
- if ($this->dbh->num_rows($result) != 0) {
-
- $ts = strtotime($this->dbh->fetch_result($result, 0, $date_check_field));
-
- if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
- strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) {
- header('HTTP/1.0 304 Not Modified');
- return;
- }
-
- $last_modified = gmdate("D, d M Y H:i:s", $ts) . " GMT";
- header("Last-Modified: $last_modified", true);
- }
-
$params = array(
"owner_uid" => $owner_uid,
"feed" => $feed,
$tpl->setVariable('FEED_URL', htmlspecialchars($feed_self_url), true);
$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $result->fetch()) {
$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content"]), 100, '...'));
$feed['articles'] = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $result->fetch()) {
$line["content_preview"] = sanitize(truncate_string(strip_tags($line["content_preview"]), 100, '...'));
}
function getUnread() {
- $login = $this->dbh->escape_string($_REQUEST["login"]);
+ $login = $_REQUEST["login"];
$fresh = $_REQUEST["fresh"] == "1";
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) == 1) {
- $uid = $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $uid = $row["id"];
print Feeds::getGlobalUnread($uid);
} else {
print "-1;User not found";
}
-
}
function getProfiles() {
- $login = $this->dbh->escape_string($_REQUEST["login"]);
+ $login = $_REQUEST["login"];
- $result = $this->dbh->query("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
- WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
+ $sth = $this->pdo->prepare("SELECT ttrss_settings_profiles.* FROM ttrss_settings_profiles,ttrss_users
+ WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = ? ORDER BY title");
+ $sth->execute([$login]);
print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
$title = $line["title"];
}
function share() {
- $uuid = $this->dbh->escape_string($_REQUEST["key"]);
+ $uuid = $_REQUEST["key"];
- $result = $this->dbh->query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
- uuid = '$uuid'");
+ $sth = $this->pdo->prepare("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
+ uuid = ?");
+ $sth->execute([$uuid]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
header("Content-Type: text/html");
- $id = $this->dbh->fetch_result($result, 0, "ref_id");
- $owner_uid = $this->dbh->fetch_result($result, 0, "owner_uid");
+ $id = $row["ref_id"];
+ $owner_uid = $row["owner_uid"];
$article = Article::format_article($id, false, true, $owner_uid);
}
function rss() {
- $feed = $this->dbh->escape_string($_REQUEST["id"]);
- $key = $this->dbh->escape_string($_REQUEST["key"]);
+ $feed = $_REQUEST["id"];
+ $key = $_REQUEST["key"];
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
- $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]);
- $offset = (int)$this->dbh->escape_string($_REQUEST["offset"]);
+ $limit = (int)$_REQUEST["limit"];
+ $offset = (int)$_REQUEST["offset"];
- $search = $this->dbh->escape_string($_REQUEST["q"]);
- $view_mode = $this->dbh->escape_string($_REQUEST["view-mode"]);
- $order = $this->dbh->escape_string($_REQUEST["order"]);
- $start_ts = $this->dbh->escape_string($_REQUEST["ts"]);
+ $search = $_REQUEST["q"];
+ $view_mode = $_REQUEST["view-mode"];
+ $order = $_REQUEST["order"];
+ $start_ts = $_REQUEST["ts"];
- $format = $this->dbh->escape_string($_REQUEST['format']);
+ $format = $_REQUEST['format'];
$orig_guid = sql_bool_to_bool($_REQUEST["orig_guid"]);
if (!$format) $format = 'atom';
$owner_id = false;
if ($key) {
- $result = $this->dbh->query("SELECT owner_uid FROM
- ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
+ $sth = $this->pdo->prepare("SELECT owner_uid FROM
+ ttrss_access_keys WHERE access_key = ? AND feed_id = ?");
+ $sth->execute([$key, $feed]);
- if ($this->dbh->num_rows($result) == 1)
- $owner_id = $this->dbh->fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch())
+ $owner_id = $row["owner_uid"];
}
if ($owner_id) {
if ($action == 'share') {
- $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"]));
- $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"]));
- $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
- $labels = $this->dbh->escape_string(strip_tags($_REQUEST["labels"]));
+ $title = strip_tags($_REQUEST["title"]);
+ $url = strip_tags($_REQUEST["url"]);
+ $content = strip_tags($_REQUEST["content"]);
+ $labels = strip_tags($_REQUEST["labels"]);
Article::create_published_article($title, $url, $content, $labels,
$_SESSION["uid"]);
function login() {
if (!SINGLE_USER_MODE) {
- $login = $this->dbh->escape_string($_POST["login"]);
+ $login = $_POST["login"];
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
if ($_POST["profile"]) {
- $profile = $this->dbh->escape_string($_POST["profile"]);
+ $profile = $_POST["profile"];
- $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
- WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$profile, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($sth->fetch()) {
$_SESSION["profile"] = $profile;
}
}
if ($_SESSION["uid"]) {
- $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
+ $feed_url = trim($_REQUEST["feed_url"]);
header('Content-Type: text/html; charset=utf-8');
print "<html>
$tt_uri = get_self_url_prefix();
if ($rc['code'] <= 2){
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
+ $row = $sth->fetch();
- $feed_id = $this->dbh->fetch_result($result, 0, "id");
+ $feed_id = $row["id"];
} else {
$feed_id = 0;
}
@$method = $_POST['method'];
if ($hash) {
- $login = $this->dbh->escape_string($_REQUEST["login"]);
+ $login = $_REQUEST["login"];
if ($login) {
- $result = $this->dbh->query("SELECT id, resetpass_token FROM ttrss_users
- WHERE login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id, resetpass_token FROM ttrss_users
+ WHERE login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) != 0) {
- $id = $this->dbh->fetch_result($result, 0, "id");
- $resetpass_token_full = $this->dbh->fetch_result($result, 0, "resetpass_token");
+ if ($row = $sth->fetch()) {
+ $id = $row["id"];
+ $resetpass_token_full = $row["resetpass_token"];
list($timestamp, $resetpass_token) = explode(":", $resetpass_token_full);
if ($timestamp && $resetpass_token &&
$timestamp >= time() - 15*60*60 &&
$resetpass_token == $hash) {
- $result = $this->dbh->query("UPDATE ttrss_users SET resetpass_token = NULL
- WHERE id = $id");
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET resetpass_token = NULL
+ WHERE id = ?");
+ $sth->execute([$id]);
Pref_Users::resetUserPassword($id, true);
print "</form>";
} else if ($method == 'do') {
- $login = $this->dbh->escape_string($_POST["login"]);
- $email = $this->dbh->escape_string($_POST["email"]);
- $test = $this->dbh->escape_string($_POST["test"]);
+ $login = $_POST["login"];
+ $email = $_POST["email"];
+ $test = $_POST["test"];
if (($test != 4 && $test != 'four') || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.'));
print_notice("Password reset instructions are being sent to your email address.");
- $result = $this->dbh->query("SELECT id FROM ttrss_users
- WHERE login = '$login' AND email = '$email'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users
+ WHERE login = ? AND email = ?");
+ $sth->execute([$login, $email]);
- if ($this->dbh->num_rows($result) != 0) {
- $id = $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $id = $row["id"];
if ($id) {
$resetpass_token = sha1(get_random_bytes(128));
if (!$rc) print_error($mail->ErrorInfo);
- $resetpass_token_full = $this->dbh->escape_string(time() . ":" . $resetpass_token);
+ $resetpass_token_full = time() . ":" . $resetpass_token;
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_users
+ SET resetpass_token = ?
+ WHERE login = ? AND email = ?");
- $result = $this->dbh->query("UPDATE ttrss_users
- SET resetpass_token = '$resetpass_token_full'
- WHERE login = '$login' AND email = '$email'");
+ $sth->execute([$resetpass_token_full, $login, $email]);
//Pref_Users::resetUserPassword($id, false);
<?php
@$op = $_REQUEST["subop"];
- $updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION);
+ $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION);
if ($op == "performupdate") {
if ($updater->isUpdateRequired()) {
}
static function find_id($label, $owner_uid) {
- $result = db_query(
- "SELECT id FROM ttrss_labels2 WHERE caption = '$label'
- AND owner_uid = '$owner_uid' LIMIT 1");
+ $pdo = Db::pdo();
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "id");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_labels2 WHERE caption = ?
+ AND owner_uid = ? LIMIT 1");
+ $sth->execute([$label, $owner_uid]);
+
+ if ($row = $sth->fetch()) {
+ return $row['id'];
} else {
return 0;
}
}
static function find_caption($label, $owner_uid) {
- $result = db_query(
- "SELECT caption FROM ttrss_labels2 WHERE id = '$label'
- AND owner_uid = '$owner_uid' LIMIT 1");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2 WHERE id = ?
+ AND owner_uid = ? LIMIT 1");
+ $sth->execute([$label, $owner_uid]);
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "caption");
+ if ($row = $sth->fetch()) {
+ return $row['caption'];
} else {
return "";
}
static function get_all_labels($owner_uid) {
$rv = array();
- $result = db_query("SELECT id, fg_color, bg_color, caption FROM ttrss_labels2 WHERE owner_uid = '$owner_uid' ORDER BY caption");
+ $pdo = Db::pdo();
- while ($line = db_fetch_assoc($result)) {
+ $sth = $pdo->prepare("SELECT id, fg_color, bg_color, caption FROM ttrss_labels2
+ WHERE owner_uid = ? ORDER BY caption");
+ $sth->execute([$owner_uid]);
+
+ while ($line = $sth->fetch()) {
array_push($rv, $line);
}
}
static function update_cache($owner_uid, $id, $labels = false, $force = false) {
+ $pdo = Db::pdo();
if ($force)
Labels::clear_cache($id);
if (!$labels)
$labels = Article::get_article_labels($id);
- $labels = db_escape_string(json_encode($labels));
+ $labels = json_encode($labels);
- db_query("UPDATE ttrss_user_entries SET
- label_cache = '$labels' WHERE ref_id = '$id' AND owner_uid = '$owner_uid'");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
+ label_cache = ? WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$labels, $id, $owner_uid]);
}
static function clear_cache($id) {
- db_query("UPDATE ttrss_user_entries SET
- label_cache = '' WHERE ref_id = '$id'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
+ label_cache = '' WHERE ref_id = ?");
+ $sth->execute([$id]);
}
if (!$label_id) return;
- db_query(
- "DELETE FROM ttrss_user_labels2
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("DELETE FROM ttrss_user_labels2
WHERE
- label_id = '$label_id' AND
- article_id = '$id'");
+ label_id = ? AND
+ article_id = ?");
+
+ $sth->execute([$label_id, $id]);
Labels::clear_cache($id);
}
if (!$label_id) return;
- $result = db_query(
- "SELECT
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT
article_id FROM ttrss_labels2, ttrss_user_labels2
WHERE
label_id = id AND
- label_id = '$label_id' AND
- article_id = '$id' AND owner_uid = '$owner_uid'
+ label_id = ? AND
+ article_id = ? AND owner_uid = ?
LIMIT 1");
- if (db_num_rows($result) == 0) {
- db_query("INSERT INTO ttrss_user_labels2
- (label_id, article_id) VALUES ('$label_id', '$id')");
+ $sth->execute([$label_id, $id, $owner_uid]);
+
+ if (!$sth->fetch()) {
+ $sth = $pdo->prepare("INSERT INTO ttrss_user_labels2
+ (label_id, article_id) VALUES (?, ?)");
+
+ $sth->execute([$label_id, $id]);
}
Labels::clear_cache($id);
static function remove($id, $owner_uid) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- db_query("BEGIN");
+ $pdo = Db::pdo();
+ $tr_in_progress = false;
+
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
- $result = db_query("SELECT caption FROM ttrss_labels2
- WHERE id = '$id'");
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE id = ?");
+ $sth->execute([$id]);
- $caption = db_fetch_result($result, 0, "caption");
+ $row = $sth->fetch();
+ $caption = $row['caption'];
- $result = db_query("DELETE FROM ttrss_labels2 WHERE id = '$id'
- AND owner_uid = " . $owner_uid);
+ $sth = $pdo->prepare("DELETE FROM ttrss_labels2 WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- if (db_affected_rows($result) != 0 && $caption) {
+ if ($sth->rowCount() != 0 && $caption) {
/* Remove access key for the label */
$ext_id = LABEL_BASE_INDEX - 1 - $id;
- db_query("DELETE FROM ttrss_access_keys WHERE
- feed_id = '$ext_id' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ feed_id = ? AND owner_uid = ?");
+ $sth->execute([$ext_id, $owner_uid]);
/* Remove cached data */
- db_query("UPDATE ttrss_user_entries SET label_cache = ''
- WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $owner_uid);
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
+ WHERE label_cache LIKE ? AND owner_uid = ?");
+ $sth->execute(["%$caption%", $owner_uid]);
}
- db_query("COMMIT");
+ if (!$tr_in_progress) $pdo->commit();
}
static function create($caption, $fg_color = '', $bg_color = '', $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION['uid'];
- db_query("BEGIN");
+ $pdo = Db::pdo();
+
+ $tr_in_progress = false;
+
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
+
+ $sth = $pdo->prepare("SELECT id FROM ttrss_labels2
+ WHERE caption = ? AND owner_uid = ?");
+ $sth->execute([$caption, $owner_uid]);
- $result = db_query("SELECT id FROM ttrss_labels2
- WHERE caption = '$caption' AND owner_uid = $owner_uid");
+ if (!$sth->fetch()) {
+ $sth = $pdo->prepare("INSERT INTO ttrss_labels2
+ (caption,owner_uid,fg_color,bg_color) VALUES (?, ?, ?, ?)");
- if (db_num_rows($result) == 0) {
- $result = db_query(
- "INSERT INTO ttrss_labels2 (caption,owner_uid,fg_color,bg_color)
- VALUES ('$caption', '$owner_uid', '$fg_color', '$bg_color')");
+ $sth->execute([$caption, $owner_uid, $fg_color, $bg_color]);
- $result = db_affected_rows($result) != 0;
+ $result = $sth->rowCount();
}
- db_query("COMMIT");
+ if (!$tr_in_progress) $pdo->commit();
return $result;
}
class Logger_SQL {
function log_error($errno, $errstr, $file, $line, $context) {
- if (Db::get() && get_schema_version() > 117) {
+
+ $pdo = Db::pdo();
+
+ if ($pdo && get_schema_version() > 117) {
- $errno = Db::get()->escape_string($errno);
- $errstr = Db::get()->escape_string($errstr);
- $file = Db::get()->escape_string($file);
- $line = Db::get()->escape_string($line);
- $context = DB::get()->escape_string($context);
+ try {
+ $pdo->rollBack();
+ } catch (Exception $e) {
+ //
+ }
- $owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";
+ $owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : null;
- $result = Db::get()->query(
- "INSERT INTO ttrss_error_log
+ $sth = $pdo->prepare("INSERT INTO ttrss_error_log
(errno, errstr, filename, lineno, context, owner_uid, created_at) VALUES
- ($errno, '$errstr', '$file', '$line', '$context', $owner_uid, NOW())");
+ (?, ?, ?, ?, ?, ?, NOW())");
+ $sth->execute([$errno, $errstr, $file, $line, $context, $owner_uid]);
- return Db::get()->affected_rows($result) != 0;
+ return $sth->rowCount();
}
return false;
$show_settings = $_REQUEST["settings"];
$owner_uid = $_SESSION["uid"];
- return $this->opml_export($output_name, $owner_uid, false, ($show_settings == 1));
+
+ $rc = $this->opml_export($output_name, $owner_uid, false, ($show_settings == 1));
+
+ return $rc;
}
function import() {
add_feed_category("Imported feeds");
$this->opml_notice(__("Importing OPML..."));
+
$this->opml_import($owner_uid);
print "<br><form method=\"GET\" action=\"prefs.php\">
private function opml_export_category($owner_uid, $cat_id, $hide_private_feeds=false) {
- if ($cat_id) {
- $cat_qpart = "parent_cat = '$cat_id'";
- $feed_cat_qpart = "cat_id = '$cat_id'";
- } else {
- $cat_qpart = "parent_cat IS NULL";
- $feed_cat_qpart = "cat_id IS NULL";
- }
+ $cat_id = (int) $cat_id;
if ($hide_private_feeds)
$hide_qpart = "(private IS false AND auth_login = '' AND auth_pass = '')";
$out = "";
if ($cat_id) {
- $result = $this->dbh->query("SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id'
- AND owner_uid = '$owner_uid'");
- $cat_title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
+ $sth = $this->pdo->prepare("SELECT title FROM ttrss_feed_categories WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$cat_id, $owner_uid]);
+ $row = $sth->fetch();
+ $cat_title = htmlspecialchars($row['title']);
}
if ($cat_title) $out .= "<outline text=\"$cat_title\">\n";
- $result = $this->dbh->query("SELECT id,title
+ $sth = $this->pdo->prepare("SELECT id,title
FROM ttrss_feed_categories WHERE
- $cat_qpart AND owner_uid = '$owner_uid' ORDER BY order_id, title");
+ (parent_cat = :cat OR (:cat = 0 AND parent_cat IS NULL)) AND
+ owner_uid = :uid ORDER BY order_id, title");
+
+ $sth->execute([':cat' => $cat_id, ':uid' => $owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
- $title = htmlspecialchars($line["title"]);
+ while ($line = $sth->fetch()) {
$out .= $this->opml_export_category($owner_uid, $line["id"], $hide_private_feeds);
}
- $feeds_result = $this->dbh->query("select title, feed_url, site_url
- from ttrss_feeds where $feed_cat_qpart AND owner_uid = '$owner_uid' AND $hide_qpart
- order by order_id, title");
+ $fsth = $this->pdo->prepare("select title, feed_url, site_url
+ FROM ttrss_feeds WHERE
+ (cat_id = :cat OR (:cat = 0 AND cat_id IS NULL)) AND owner_uid = :uid AND $hide_qpart
+ ORDER BY order_id, title");
- while ($fline = $this->dbh->fetch_assoc($feeds_result)) {
+ $fsth->execute([':cat' => $cat_id, ':uid' => $owner_uid]);
+
+ while ($fline = $fsth->fetch()) {
$title = htmlspecialchars($fline["title"]);
$url = htmlspecialchars($fline["feed_url"]);
$site_url = htmlspecialchars($fline["site_url"]);
</head>";
$out .= "<body>";
- $out .= $this->opml_export_category($owner_uid, false, $hide_private_feeds);
+ $out .= $this->opml_export_category($owner_uid, 0, $hide_private_feeds);
# export tt-rss settings
if ($include_settings) {
$out .= "<outline text=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">";
- $result = $this->dbh->query("SELECT pref_name, value FROM ttrss_user_prefs WHERE
- profile IS NULL AND owner_uid = " . $_SESSION["uid"] . " ORDER BY pref_name");
+ $sth = $this->pdo->prepare("SELECT pref_name, value FROM ttrss_user_prefs WHERE
+ profile IS NULL AND owner_uid = ? ORDER BY pref_name");
+ $sth->execute([$owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$name = $line["pref_name"];
$value = htmlspecialchars($line["value"]);
$out .= "<outline text=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">";
- $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
- owner_uid = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
+ owner_uid = ?");
+ $sth->execute([$owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$name = htmlspecialchars($line['caption']);
$fg_color = htmlspecialchars($line['fg_color']);
$bg_color = htmlspecialchars($line['bg_color']);
$out .= "<outline text=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">";
- $result = $this->dbh->query("SELECT * FROM ttrss_filters2
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY id");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
+ WHERE owner_uid = ? ORDER BY id");
+ $sth->execute([$owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
foreach (array('enabled', 'match_any_rule', 'inverse') as $b) {
$line[$b] = sql_bool_to_bool($line[$b]);
}
$line["rules"] = array();
$line["actions"] = array();
- $tmp_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
- WHERE filter_id = ".$line["id"]);
+ $tmph = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
+ WHERE filter_id = ?");
+ $tmph->execute([$line['id']]);
- while ($tmp_line = $this->dbh->fetch_assoc($tmp_result)) {
+ while ($tmp_line = $tmph->fetch()) {
unset($tmp_line["id"]);
unset($tmp_line["filter_id"]);
array_push($line["rules"], $tmp_line);
}
- $tmp_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
- WHERE filter_id = ".$line["id"]);
+ $tmph = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ?");
+ $tmph->execute([$line['id']]);
- while ($tmp_line = $this->dbh->fetch_assoc($tmp_result)) {
+ while ($tmp_line = $tmph->fetch()) {
unset($tmp_line["id"]);
unset($tmp_line["filter_id"]);
private function opml_import_feed($node, $cat_id, $owner_uid) {
$attrs = $node->attributes;
- $feed_title = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
- if (!$feed_title) $feed_title = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
+ $feed_title = mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250);
+ if (!$feed_title) $feed_title = mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250);
- $feed_url = $this->dbh->escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
- if (!$feed_url) $feed_url = $this->dbh->escape_string($attrs->getNamedItem('xmlURL')->nodeValue);
+ $feed_url = $attrs->getNamedItem('xmlUrl')->nodeValue;
+ if (!$feed_url) $feed_url = $attrs->getNamedItem('xmlURL')->nodeValue;
- $site_url = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
+ $site_url = mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250);
if ($feed_url && $feed_title) {
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = '$owner_uid'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $owner_uid]);
- if ($this->dbh->num_rows($result) == 0) {
+ if (!$sth->fetch()) {
#$this->opml_notice("[FEED] [$feed_title/$feed_url] dst_CAT=$cat_id");
$this->opml_notice(T_sprintf("Adding feed: %s", $feed_title));
- if (!$cat_id) $cat_id = 'NULL';
+ if (!$cat_id) $cat_id = null;
- $query = "INSERT INTO ttrss_feeds
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(title, feed_url, owner_uid, cat_id, site_url, order_id) VALUES
- ('$feed_title', '$feed_url', '$owner_uid',
- $cat_id, '$site_url', 0)";
- $this->dbh->query($query);
+ (?, ?, ?, ?, ?, 0)");
+
+ $sth->execute([$feed_title, $feed_url, $owner_uid, $cat_id, $site_url]);
} else {
$this->opml_notice(T_sprintf("Duplicate feed: %s", $feed_title));
private function opml_import_label($node, $owner_uid) {
$attrs = $node->attributes;
- $label_name = $this->dbh->escape_string($attrs->getNamedItem('label-name')->nodeValue);
+ $label_name = $attrs->getNamedItem('label-name')->nodeValue;
if ($label_name) {
- $fg_color = $this->dbh->escape_string($attrs->getNamedItem('label-fg-color')->nodeValue);
- $bg_color = $this->dbh->escape_string($attrs->getNamedItem('label-bg-color')->nodeValue);
+ $fg_color = $attrs->getNamedItem('label-fg-color')->nodeValue;
+ $bg_color = $attrs->getNamedItem('label-bg-color')->nodeValue;
if (!Labels::find_id($label_name, $_SESSION['uid'])) {
$this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name)));
private function opml_import_preference($node) {
$attrs = $node->attributes;
- $pref_name = $this->dbh->escape_string($attrs->getNamedItem('pref-name')->nodeValue);
+ $pref_name = $attrs->getNamedItem('pref-name')->nodeValue;
if ($pref_name) {
- $pref_value = $this->dbh->escape_string($attrs->getNamedItem('value')->nodeValue);
+ $pref_value = $attrs->getNamedItem('value')->nodeValue;
$this->opml_notice(T_sprintf("Setting preference key %s to %s",
$pref_name, $pref_value));
private function opml_import_filter($node) {
$attrs = $node->attributes;
- $filter_type = $this->dbh->escape_string($attrs->getNamedItem('filter-type')->nodeValue);
+ $filter_type = $attrs->getNamedItem('filter-type')->nodeValue;
if ($filter_type == '2') {
$filter = json_decode($node->nodeValue, true);
$match_any_rule = bool_to_sql_bool($filter["match_any_rule"]);
$enabled = bool_to_sql_bool($filter["enabled"]);
$inverse = bool_to_sql_bool($filter["inverse"]);
- $title = db_escape_string($filter["title"]);
+ $title = $filter["title"];
+
+ print "F: $title, $inverse, $enabled, $match_any_rule";
+
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2 (match_any_rule,enabled,inverse,title,owner_uid)
+ VALUES (?, ?, ?, ?, ?)");
- $this->dbh->query("BEGIN");
+ $sth->execute([$match_any_rule, $enabled, $inverse, $title, $_SESSION['uid']]);
- $this->dbh->query("INSERT INTO ttrss_filters2 (match_any_rule,enabled,inverse,title,owner_uid)
- VALUES ($match_any_rule, $enabled, $inverse, '$title',
- ".$_SESSION["uid"].")");
+ $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE
+ owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE
- owner_uid = ".$_SESSION["uid"]);
- $filter_id = $this->dbh->fetch_result($result, 0, "id");
+ $row = $sth->fetch();
+ $filter_id = $row['id'];
if ($filter_id) {
$this->opml_notice(T_sprintf("Adding filter..."));
foreach ($filter["rules"] as $rule) {
- $feed_id = "NULL";
- $cat_id = "NULL";
+ $feed_id = null;
+ $cat_id = null;
if ($rule["match"]) {
$match_id = false;
if (!$is_cat) {
- $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE title = '" . $this->dbh->escape_string($name) . "' AND owner_uid = " . $_SESSION["uid"]);
- if ($this->dbh->num_rows($tmp_result) > 0) {
- $match_id = $this->dbh->fetch_result($tmp_result, 0, "id");
+ $tsth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE title = ? AND owner_uid = ?");
+
+ $tsth->execute([$name, $_SESSION['uid']]);
+
+ if ($row = $tsth->fetch()) {
+ $match_id = $row['id'];
}
} else {
- $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feed_categories
- WHERE title = '" . $this->dbh->escape_string($name) . "' AND owner_uid = " . $_SESSION["uid"]);
+ $tsth = $this->pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE title = ? AND owner_uid = ?");
+ $tsth->execute([$name, $_SESSION['uid']]);
- if ($this->dbh->num_rows($tmp_result) > 0) {
- $match_id = 'CAT:' . $this->dbh->fetch_result($tmp_result, 0, "id");
- }
+ if ($row = $tsth->fetch()) {
+ $match_id = $row['id'];
+ }
}
if ($match_id) array_push($match_on, $match_id);
}
}
- $reg_exp = $this->dbh->escape_string($rule["reg_exp"]);
+ $reg_exp = $rule["reg_exp"];
$filter_type = (int)$rule["filter_type"];
$inverse = bool_to_sql_bool($rule["inverse"]);
- $match_on = $this->dbh->escape_string(json_encode($match_on));
+ $match_on = json_encode($match_on);
- $this->dbh->query("INSERT INTO ttrss_filters2_rules (feed_id,cat_id,match_on,filter_id,filter_type,reg_exp,cat_filter,inverse)
- VALUES (NULL, NULL, '$match_on',$filter_id, $filter_type, '$reg_exp', false, $inverse)");
+ $usth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
+ (feed_id,cat_id,match_on,filter_id,filter_type,reg_exp,cat_filter,inverse)
+ VALUES
+ (NULL, NULL, ?, ?, ?, ?, false, ?)");
+ $usth->execute([$match_on, $filter_id, $filter_type, $reg_exp, $inverse]);
} else {
if (!$rule["cat_filter"]) {
- $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE title = '" . $this->dbh->escape_string($rule["feed"]) . "' AND owner_uid = " . $_SESSION["uid"]);
- if ($this->dbh->num_rows($tmp_result) > 0) {
- $feed_id = $this->dbh->fetch_result($tmp_result, 0, "id");
+ $tsth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE title = ? AND owner_uid = ?");
+
+ $tsth->execute([$rule['feed'], $_SESSION['uid']]);
+
+ if ($row = $tsth->fetch()) {
+ $feed_id = $row['id'];
}
} else {
- $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feed_categories
- WHERE title = '" . $this->dbh->escape_string($rule["feed"]) . "' AND owner_uid = " . $_SESSION["uid"]);
+ $tsth = $this->pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE title = ? AND owner_uid = ?");
- if ($this->dbh->num_rows($tmp_result) > 0) {
- $cat_id = $this->dbh->fetch_result($tmp_result, 0, "id");
- }
+ $tsth->execute([$rule['feed'], $_SESSION['uid']]);
+
+ if ($row = $tsth->fetch()) {
+ $feed_id = $row['id'];
+ }
}
$cat_filter = bool_to_sql_bool($rule["cat_filter"]);
- $reg_exp = $this->dbh->escape_string($rule["reg_exp"]);
+ $reg_exp = $rule["reg_exp"];
$filter_type = (int)$rule["filter_type"];
$inverse = bool_to_sql_bool($rule["inverse"]);
- $this->dbh->query("INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter,inverse)
- VALUES ($feed_id, $cat_id, $filter_id, $filter_type, '$reg_exp', $cat_filter,$inverse)");
+ $usth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
+ (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter,inverse)
+ VALUES
+ (?, ?, ?, ?, ?, ?, ?)");
+ $usth->execute([$feed_id, $cat_id, $filter_id, $filter_type, $reg_exp, $cat_filter, $inverse]);
}
}
foreach ($filter["actions"] as $action) {
$action_id = (int)$action["action_id"];
- $action_param = $this->dbh->escape_string($action["action_param"]);
+ $action_param = $action["action_param"];
- $this->dbh->query("INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param)
- VALUES ($filter_id, $action_id, '$action_param')");
+ $usth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions
+ (filter_id,action_id,action_param)
+ VALUES
+ (?, ?, ?)");
+ $usth->execute([$filter_id, $action_id, $action_param]);
}
}
-
- $this->dbh->query("COMMIT");
}
}
}
$default_cat_id = (int) $this->get_feed_category('Imported feeds', false);
if ($root_node) {
- $cat_title = $this->dbh->escape_string(mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
+ $cat_title = mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250);
if (!$cat_title)
- $cat_title = $this->dbh->escape_string(mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
+ $cat_title = mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250);
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = $this->get_feed_category($cat_title, $parent_id);
- $this->dbh->query("BEGIN");
+
if ($cat_id === false) {
add_feed_category($cat_title, $parent_id);
$cat_id = $this->get_feed_category($cat_title, $parent_id);
}
- $this->dbh->query("COMMIT");
+
} else {
$cat_id = 0;
}
foreach ($outlines as $node) {
if ($node->hasAttributes() && strtolower($node->tagName) == "outline") {
$attrs = $node->attributes;
- $node_cat_title = $this->dbh->escape_string($attrs->getNamedItem('text')->nodeValue);
+ $node_cat_title = $attrs->getNamedItem('text')->nodeValue;
if (!$node_cat_title)
- $node_cat_title = $this->dbh->escape_string($attrs->getNamedItem('title')->nodeValue);
+ $node_cat_title = $attrs->getNamedItem('title')->nodeValue;
- $node_feed_url = $this->dbh->escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
+ $node_feed_url = $attrs->getNamedItem('xmlUrl')->nodeValue;
if ($node_cat_title && !$node_feed_url) {
$this->opml_import_category($doc, $node, $owner_uid, $cat_id);
}
if ($doc) {
+ $this->pdo->beginTransaction();
$this->opml_import_category($doc, false, $owner_uid, false);
+ $this->pdo->commit();
} else {
print_error(__('Error while parsing document.'));
}
}
function get_feed_category($feed_cat, $parent_cat_id = false) {
- if ($parent_cat_id) {
- $parent_qpart = "parent_cat = '$parent_cat_id'";
- $parent_insert = "'$parent_cat_id'";
- } else {
- $parent_qpart = "parent_cat IS NULL";
- $parent_insert = "NULL";
- }
- $result = db_query(
- "SELECT id FROM ttrss_feed_categories
- WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
+ $parent_cat_id = (int) $parent_cat_id;
- if (db_num_rows($result) == 0) {
- return false;
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE title = :title
+ AND (parent_cat = :parent OR (:parent = 0 AND parent_cat IS NULL))
+ AND owner_uid = :uid");
+
+ $sth->execute([':title' => $feed_cat, ':parent' => $parent_cat_id, ':uid' => $_SESSION['uid']]);
+
+ if ($row = $sth->fetch()) {
+ return $row['id'];
} else {
- return db_fetch_result($result, 0, "id");
+ return false;
}
}
<?php
class PluginHost {
private $dbh;
+ private $pdo;
private $hooks = array();
private $plugins = array();
private $handlers = array();
function __construct() {
$this->dbh = Db::get();
+ $this->pdo = Db::pdo();
$this->storage = array();
}
return $this->dbh;
}
+ function get_pdo() {
+ return $this->pdo;
+ }
+
function get_plugin_names() {
$names = array();
function load_data() {
if ($this->owner_uid) {
- $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
- WHERE owner_uid = '".$this->owner_uid."'");
+ $sth = $this->pdo->prepare("SELECT name, content FROM ttrss_plugin_storage
+ WHERE owner_uid = ?");
+ $sth->execute([$this->owner_uid]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$this->storage[$line["name"]] = unserialize($line["content"]);
}
}
private function save_data($plugin) {
if ($this->owner_uid) {
- $plugin = $this->dbh->escape_string($plugin);
-
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT id FROM ttrss_plugin_storage WHERE
- owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_plugin_storage WHERE
+ owner_uid= ? AND name = ?");
+ $sth->execute([$this->owner_uid, $plugin]);
if (!isset($this->storage[$plugin]))
$this->storage[$plugin] = array();
- $content = $this->dbh->escape_string(serialize($this->storage[$plugin]),
- false);
+ $content = serialize($this->storage[$plugin]);
- if ($this->dbh->num_rows($result) != 0) {
- $this->dbh->query("UPDATE ttrss_plugin_storage SET content = '$content'
- WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
+ if ($sth->fetch()) {
+ $sth = $this->pdo->prepare("UPDATE ttrss_plugin_storage SET content = ?
+ WHERE owner_uid= ? AND name = ?");
+ $sth->execute([(string)$content, $this->owner_uid, $plugin]);
} else {
- $this->dbh->query("INSERT INTO ttrss_plugin_storage
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_plugin_storage
(name,owner_uid,content) VALUES
- ('$plugin','".$this->owner_uid."','$content')");
+ (?, ?, ?)");
+ $sth->execute([$plugin, $this->owner_uid, (string)$content]);
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
unset($this->storage[$idx]);
- $this->dbh->query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
- AND owner_uid = " . $this->owner_uid);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_plugin_storage WHERE name = ?
+ AND owner_uid = ?");
+ $sth->execute([$idx, $this->owner_uid]);
}
}
}
function renamecat() {
- $title = $this->dbh->escape_string($_REQUEST['title']);
- $id = $this->dbh->escape_string($_REQUEST['id']);
+ $title = $_REQUEST['title'];
+ $id = $_REQUEST['id'];
if ($title) {
- $this->dbh->query("UPDATE ttrss_feed_categories SET
- title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories SET
+ title = ? WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$title, $id, $_SESSION['uid']]);
}
- return;
}
private function get_category_items($cat_id) {
else
$search = "";
- if ($search) $search_qpart = " AND (LOWER(title) LIKE LOWER('%$search%') OR LOWER(feed_url) LIKE LOWER('%$search%'))";
-
// first one is set by API
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search);
$items = array();
- $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
- WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title");
+ $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
+ WHERE owner_uid = ? AND parent_cat = ? ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid'], $cat_id]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
}
- $feed_result = $this->dbh->query("SELECT id, title, last_error,
+ $fsth = $this->pdo->prepare("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
- WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE cat_id = :cat AND
+ owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ $fsth->execute([":cat" => $cat_id, ":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
+
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
else
$search = "";
- if ($search) $search_qpart = " AND LOWER(title) LIKE LOWER('%$search%')";
-
$root = array();
$root['id'] = 'root';
$root['name'] = __('Feeds');
$root['items'] = array_merge($root['items'], $cat['items']);
}
- $result = $this->dbh->query("SELECT * FROM
- ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption");
+ $sth = $this->pdo->prepare("SELECT * FROM
+ ttrss_labels2 WHERE owner_uid = ? ORDER by caption");
+ $sth->execute([$_SESSION['uid']]);
- if ($this->dbh->num_rows($result) > 0) {
-
- if (get_pref('ENABLE_FEED_CATS')) {
- $cat = $this->feedlist_init_cat(-2);
- } else {
- $cat['items'] = array();
- }
+ if (get_pref('ENABLE_FEED_CATS')) {
+ $cat = $this->feedlist_init_cat(-2);
+ } else {
+ $cat['items'] = array();
+ }
- while ($line = $this->dbh->fetch_assoc($result)) {
+ $num_labels = 0;
+ while ($line = $sth->fetch()) {
+ ++$num_labels;
- $label_id = Labels::label_to_feed_id($line['id']);
+ $label_id = Labels::label_to_feed_id($line['id']);
- $feed = $this->feedlist_init_feed($label_id, false, 0);
+ $feed = $this->feedlist_init_feed($label_id, false, 0);
- $feed['fg_color'] = $line['fg_color'];
- $feed['bg_color'] = $line['bg_color'];
+ $feed['fg_color'] = $line['fg_color'];
+ $feed['bg_color'] = $line['bg_color'];
- array_push($cat['items'], $feed);
- }
+ array_push($cat['items'], $feed);
+ }
+ if ($num_labels) {
if ($enable_cats) {
array_push($root['items'], $cat);
} else {
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search);
- $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
- WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title");
+ $sth = $this->pdo->prepare("SELECT id, title FROM ttrss_feed_categories
+ WHERE owner_uid = ? AND parent_cat IS NULL ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
$cat['bare_id'] = (int)$line['id'];
$cat['unread'] = 0;
$cat['child_unread'] = 0;
- $feed_result = $this->dbh->query("SELECT id, title,last_error,
+ $fsth = $this->pdo->prepare("SELECT id, title,last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE cat_id IS NULL AND
+ owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
+ $fsth->execute([":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', (int) $num_children), $num_children);
} else {
- $feed_result = $this->dbh->query("SELECT id, title, last_error,
+ $fsth = $this->pdo->prepare("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"].
- "$search_qpart ORDER BY order_id, title");
+ WHERE owner_uid = :uid AND
+ (:search = '' OR (LOWER(title) LIKE :search OR LOWER(feed_url) LIKE :search))
+ ORDER BY order_id, title");
+ $fsth->execute([":uid" => $_SESSION['uid'], ":search" => $search ? "%$search%" : ""]);
- while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
+ while ($feed_line = $fsth->fetch()) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
}
function catsortreset() {
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
- return;
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
function feedsortreset() {
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
- return;
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) {
if ($debug) _debug("$prefix C: $item_id P: $parent_id");
- $bare_item_id = $this->dbh->escape_string(substr($item_id, strpos($item_id, ':')+1));
+ $bare_item_id = substr($item_id, strpos($item_id, ':')+1);
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
- $parent_qpart = $this->dbh->escape_string($parent_bare_id);
+ $parent_qpart = $parent_bare_id;
} else {
- $parent_qpart = 'NULL';
+ $parent_qpart = null;
}
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET parent_cat = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$parent_qpart, $bare_item_id, $_SESSION['uid']]);
}
$order_id = 1;
if ($cat && is_array($cat)) {
foreach ($cat as $item) {
$id = $item['_reference'];
- $bare_id = $this->dbh->escape_string(substr($id, strpos($id, ':')+1));
+ $bare_id = substr($id, strpos($id, ':')+1);
if ($debug) _debug("$prefix [$order_id] $id/$bare_id");
if (strpos($id, "FEED") === 0) {
- $cat_id = ($item_id != "root") ?
- $this->dbh->escape_string($bare_item_id) : "NULL";
+ $cat_id = ($item_id != "root") ? $bare_item_id : null;
- $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
- "cat_id = NULL";
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds
+ SET order_id = ?, cat_id = ?
+ WHERE id = ? AND owner_uid = ?");
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = $order_id, $cat_qpart
- WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth->execute([$order_id, $cat_id ? $cat_id : null, $bare_id, $_SESSION['uid']]);
} else if (strpos($id, "CAT:") === 0) {
$this->process_category_order($data_map, $item['_reference'], $item_id,
$nest_level+1);
- if ($item_id != 'root') {
- $parent_qpart = $this->dbh->escape_string($bare_id);
- } else {
- $parent_qpart = 'NULL';
- }
-
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = '$order_id' WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_feed_categories
+ SET order_id = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$order_id, $bare_id, $_SESSION['uid']]);
}
}
}
$this->process_category_order($data_map, $root_item);
-
- /* foreach ($data['items'][0]['items'] as $item) {
- $id = $item['_reference'];
- $bare_id = substr($id, strpos($id, ':')+1);
-
- ++$cat_order_id;
-
- if ($bare_id > 0) {
- $this->dbh->query("UPDATE ttrss_feed_categories
- SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND
- owner_uid = " . $_SESSION["uid"]);
- }
-
- $feed_order_id = 0;
-
- if (is_array($data_map[$id])) {
- foreach ($data_map[$id] as $feed) {
- $id = $feed['_reference'];
- $feed_id = substr($id, strpos($id, ':')+1);
-
- if ($bare_id != 0)
- $cat_query = "cat_id = '$bare_id'";
- else
- $cat_query = "cat_id = NULL";
-
- $this->dbh->query("UPDATE ttrss_feeds
- SET order_id = '$feed_order_id',
- $cat_query
- WHERE id = '$feed_id' AND
- owner_uid = " . $_SESSION["uid"]);
-
- ++$feed_order_id;
- }
- }
- } */
}
-
- return;
}
function removeicon() {
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = $_REQUEST["feed_id"];
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
@unlink(ICONS_DIR . "/$feed_id.ico");
- $this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
- where id = '$feed_id'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = NULL
+ where id = ?");
+ $sth->execute([$feed_id]);
}
-
- return;
}
function uploadicon() {
header("Content-type: text/html");
- $tmp_file = false;
-
if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) {
$tmp_file = tempnam(CACHE_DIR . '/upload', 'icon');
}
$icon_file = $tmp_file;
- $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
+ $feed_id = $_REQUEST["feed_id"];
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 65535) {
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds
- WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
@unlink(ICONS_DIR . "/$feed_id.ico");
if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) {
- $this->dbh->query("UPDATE ttrss_feeds SET
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
favicon_avg_color = ''
- WHERE id = '$feed_id'");
+ WHERE id = ?");
+ $sth->execute([$feed_id]);
$rc = 0;
}
global $purge_intervals;
global $update_intervals;
- print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
- <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
- $feed_id = $this->dbh->escape_string($_REQUEST["id"]);
+ $feed_id = $_REQUEST["id"];
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$feed_id, $_SESSION['uid']]);
- $auth_pass_encrypted = sql_bool_to_bool($this->dbh->fetch_result($result, 0,
- "auth_pass_encrypted"));
+ if ($row = $sth->fetch()) {
+ print '<div dojoType="dijit.layout.TabContainer" style="height : 450px">
+ <div dojoType="dijit.layout.ContentPane" title="'.__('General').'">';
- $title = htmlspecialchars($this->dbh->fetch_result($result,
- 0, "title"));
+ $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]);
- print_hidden("id", "$feed_id");
- print_hidden("op", "pref-feeds");
- print_hidden("method", "editSave");
+ $title = htmlspecialchars($row["title"]);
- print "<div class=\"dlgSec\">".__("Feed")."</div>";
- print "<div class=\"dlgSecCont\">";
+ print_hidden("id", "$feed_id");
+ print_hidden("op", "pref-feeds");
+ print_hidden("method", "editSave");
- /* Title */
+ print "<div class=\"dlgSec\">".__("Feed")."</div>";
+ print "<div class=\"dlgSecCont\">";
- print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ /* Title */
+
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Feed Title")."\"
style=\"font-size : 16px; width: 20em\" name=\"title\" value=\"$title\">";
- /* Feed URL */
+ /* Feed URL */
- $feed_url = $this->dbh->fetch_result($result, 0, "feed_url");
- $feed_url = htmlspecialchars($this->dbh->fetch_result($result,
- 0, "feed_url"));
+ $feed_url = htmlspecialchars($row["feed_url"]);
- print "<hr/>";
+ print "<hr/>";
- print __('URL:') . " ";
- print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ print __('URL:') . " ";
+ print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Feed URL")."\"
regExp='^(http|https)://.*' style=\"width : 20em\"
name=\"feed_url\" value=\"$feed_url\">";
- $last_error = $this->dbh->fetch_result($result, 0, "last_error");
+ $last_error = $row["last_error"];
- if ($last_error) {
- print " <img src=\"images/error.png\" alt=\"(error)\"
+ if ($last_error) {
+
print " <img src=\"images/error.png\" alt=\"(error)\"
style=\"vertical-align : middle\"
title=\"".htmlspecialchars($last_error)."\">";
- }
+ }
- /* Category */
+ /* Category */
- if (get_pref('ENABLE_FEED_CATS')) {
+ if (get_pref('ENABLE_FEED_CATS')) {
- $cat_id = $this->dbh->fetch_result($result, 0, "cat_id");
+ $cat_id = $row["cat_id"];
- print "<hr/>";
+ print "<hr/>";
- print __('Place in category:') . " ";
+ print __('Place in category:') . " ";
- print_feed_cat_select("cat_id", $cat_id,
- 'dojoType="dijit.form.Select"');
- }
+ print_feed_cat_select("cat_id", $cat_id,
+ 'dojoType="dijit.form.Select"');
+ }
- /* FTS Stemming Language */
+ /* FTS Stemming Language */
- if (DB_TYPE == "pgsql") {
- $feed_language = $this->dbh->fetch_result($result, 0, "feed_language");
+ if (DB_TYPE == "pgsql") {
+ $feed_language = $row["feed_language"];
- print "<hr/>";
+ print "<hr/>";
- print __('Language:') . " ";
- print_select("feed_language", $feed_language, $this::$feed_languages,
- 'dojoType="dijit.form.Select"');
- }
+ print __('Language:') . " ";
+ print_select("feed_language", $feed_language, $this::$feed_languages,
+ 'dojoType="dijit.form.Select"');
+ }
- print "</div>";
+ print "</div>";
- print "<div class=\"dlgSec\">".__("Update")."</div>";
- print "<div class=\"dlgSecCont\">";
+
print "<div class=\"dlgSec\">".__("Update")."</div>";
+
print "<div class=\"dlgSecCont\">";
- /* Update Interval */
+ /* Update Interval */
- $update_interval = $this->dbh->fetch_result($result, 0, "update_interval");
+ $update_interval = $row["update_interval"];
- print_select_hash("update_interval", $update_interval, $update_intervals,
- 'dojoType="dijit.form.Select"');
+ print_select_hash("update_interval", $update_interval, $update_intervals,
+ 'dojoType="dijit.form.Select"');
- /* Purge intl */
+ /* Purge intl */
- $purge_interval = $this->dbh->fetch_result($result, 0, "purge_interval");
+ $purge_interval = $row["purge_interval"];
- print "<hr/>";
- print __('Article purging:') . " ";
+ print "<hr/>";
+ print __('Article purging:') . " ";
- print_select_hash("purge_interval", $purge_interval, $purge_intervals,
- 'dojoType="dijit.form.Select" ' .
+ print_select_hash("purge_interval", $purge_interval, $purge_intervals,
+ 'dojoType="dijit.form.Select" ' .
((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"'));
- print "</div>";
+ print "</div>";
- $auth_login = htmlspecialchars($this->dbh->fetch_result($result, 0, "auth_login"));
- $auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
+ $auth_login = htmlspecialchars($row["auth_login"]);
+ $auth_pass = $row["auth_pass"];
- if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
- }
+ if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
+ require_once "crypt.php";
+ $auth_pass = decrypt_string($auth_pass);
+ }
- $auth_pass = htmlspecialchars($auth_pass);
- $auth_enabled = $auth_login !== '' || $auth_pass !== '';
+ $auth_pass = htmlspecialchars($auth_pass);
+ $auth_enabled = $auth_login !== '' || $auth_pass !== '';
- $auth_style = $auth_enabled ? '' : 'display: none';
- print "<div id='feedEditDlg_loginContainer' style='$auth_style'>";
- print "<div class=\"dlgSec\">".__("Authentication")."</div>";
- print "<div class=\"dlgSecCont\">";
+ $auth_style = $auth_enabled ? '' : 'display: none';
+
print "<div id='feedEditDlg_loginContainer' style='$auth_style'>";
+
print "<div class=\"dlgSec\">".__("Authentication")."</div>";
+
print "<div class=\"dlgSecCont\">";
- print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
+ print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
placeHolder=\"".__("Login")."\"
autocomplete=\"new-password\"
name=\"auth_login\" value=\"$auth_login\"><hr/>";
- print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
+ print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\"
autocomplete=\"new-password\"
placeHolder=\"".__("Password")."\"
value=\"$auth_pass\">";
- print "<div dojoType=\"dijit.Tooltip\" connectId=\"feedEditDlg_login\" position=\"below\">
+
print "<div dojoType=\"dijit.Tooltip\" connectId=\"feedEditDlg_login\" position=\"below\">
".__('<b>Hint:</b> you need to fill in your login information if your feed requires authentication, except for Twitter feeds.')."
</div>";
- print "</div></div>";
+ print "</div></div>";
- $auth_checked = $auth_enabled ? 'checked' : '';
- print "<div style=\"clear : both\">
+ $auth_checked = $auth_enabled ? 'checked' : '';
+
print "<div style=\"clear : both\">
<input type=\"checkbox\" $auth_checked name=\"need_auth\" dojoType=\"dijit.form.CheckBox\" id=\"feedEditDlg_loginCheck\"
onclick='checkboxToggleElement(this, \"feedEditDlg_loginContainer\")'>
<label for=\"feedEditDlg_loginCheck\">".
- __('This feed requires authentication.')."</div>";
+ __('This feed requires authentication.')."</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Options').'">';
+
print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Options').'">';
- //print "<div class=\"dlgSec\">".__("Options")."</div>";
- print "<div class=\"dlgSecSimple\">";
+
//print "<div class=\"dlgSec\">".__("Options")."</div>";
+
print "<div class=\"dlgSecSimple\">";
- $private = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "private"));
+ $private = sql_bool_to_bool($row["private"]);
- if ($private) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($private) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
+ print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
$checked> <label for=\"private\">".__('Hide from Popular feeds')."</label>";
- $include_in_digest = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "include_in_digest"));
+ $include_in_digest = sql_bool_to_bool($row["include_in_digest"]);
- if ($include_in_digest) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($include_in_digest) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"include_in_digest\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"include_in_digest\"
name=\"include_in_digest\"
$checked> <label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>";
- $always_display_enclosures = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "always_display_enclosures"));
+ $always_display_enclosures = sql_bool_to_bool($row["always_display_enclosures"]);
- if ($always_display_enclosures) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($always_display_enclosures) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"always_display_enclosures\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"always_display_enclosures\"
name=\"always_display_enclosures\"
$checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
- $hide_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "hide_images"));
+ $hide_images = sql_bool_to_bool($row["hide_images"]);
- if ($hide_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($hide_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
name=\"hide_images\"
$checked> <label for=\"hide_images\">".
- __('Do not embed images')."</label>";
+ __('Do not embed images')."</label>";
- $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
+ $cache_images = sql_bool_to_bool($row["cache_images"]);
- if ($cache_images) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($cache_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
$checked> <label for=\"cache_images\">".
- __('Cache media')."</label>";
+ __('Cache media')."</label>";
- $mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update"));
+ $mark_unread_on_update = sql_bool_to_bool($row["mark_unread_on_update"]);
- if ($mark_unread_on_update) {
- $checked = "checked";
- } else {
- $checked = "";
- }
+ if ($mark_unread_on_update) {
+ $checked = "checked";
+ } else {
+ $checked = "";
+ }
- print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"mark_unread_on_update\"
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"mark_unread_on_update\"
name=\"mark_unread_on_update\"
$checked> <label for=\"mark_unread_on_update\">".__('Mark updated articles as unread')."</label>";
- print "</div>";
+ print "</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Icon').'">';
+
print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Icon').'">';
- /* Icon */
+ /* Icon */
- print "<div class=\"dlgSecSimple\">";
+
print "<div class=\"dlgSecSimple\">";
- print "<iframe name=\"icon_upload_iframe\"
+ print "<iframe name=\"icon_upload_iframe\"
style=\"width: 400px; height: 100px; display: none;\"></iframe>";
- print "<form style='display : block' target=\"icon_upload_iframe\"
+ print "<form style='display : block' target=\"icon_upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
<input id=\"icon_file\" size=\"10\" name=\"icon_file\" type=\"file\">
type=\"submit\">".__('Remove')."</button>
</form>";
- print "</div>";
+ print "</div>";
- print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Plugins').'">';
+
print '</div><div dojoType="dijit.layout.ContentPane" title="'.__('Plugins').'">';
- PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED,
- "hook_prefs_edit_feed", $feed_id);
+ PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED,
+ "hook_prefs_edit_feed", $feed_id);
- print "</div></div>";
+ print "</div></div>";
- $title = htmlspecialchars($title, ENT_QUOTES);
+ $title = htmlspecialchars($title, ENT_QUOTES);
- print "<div class='dlgButtons'>
+
print "<div class='dlgButtons'>
<div style=\"float : left\">
<button class=\"danger\" dojoType=\"dijit.form.Button\" onclick='return unsubscribeFeed($feed_id, \"$title\")'>".
__('Unsubscribe')."</button>";
- print "</div>";
-
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').execute()\">".__('Save')."</button>
- <button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').hide()\">".__('Cancel')."</button>
- </div>";
+ print "</div>";
-
- return;
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').execute()\">".__('Save')."</button>
+ <button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('feedEditDlg').hide()\">".__('Cancel')."</button>
+ </div>";
+ }
}
function editfeeds() {
global $purge_intervals;
global $update_intervals;
- $feed_ids = $this->dbh->escape_string($_REQUEST["ids"]);
+ $feed_ids = $_REQUEST["ids"];
print_notice("Enable the options you wish to apply using checkboxes on the right:");
function editsaveops($batch) {
- $feed_title = $this->dbh->escape_string(trim($_POST["title"]));
- $feed_link = $this->dbh->escape_string(trim($_POST["feed_url"]));
- $upd_intl = (int) $this->dbh->escape_string($_POST["update_interval"]);
- $purge_intl = (int) $this->dbh->escape_string($_POST["purge_interval"]);
- $feed_id = (int) $this->dbh->escape_string($_POST["id"]); /* editSave */
- $feed_ids = $this->dbh->escape_string($_POST["ids"]); /* batchEditSave */
- $cat_id = (int) $this->dbh->escape_string($_POST["cat_id"]);
- $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"]));
+ $feed_title = trim($_POST["title"]);
+ $feed_url = trim($_POST["feed_url"]);
+ $upd_intl = (int) $_POST["update_interval"];
+ $purge_intl = (int) $_POST["purge_interval"];
+ $feed_id = (int) $_POST["id"]; /* editSave */
+ $feed_ids = explode(",", $_POST["ids"]); /* batchEditSave */
+ $cat_id = (int) $_POST["cat_id"];
+ $auth_login = trim($_POST["auth_login"]);
$auth_pass = trim($_POST["auth_pass"]);
- $private = checkbox_to_sql_bool($this->dbh->escape_string($_POST["private"]));
+ $private = checkbox_to_sql_bool($_POST["private"]);
$include_in_digest = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["include_in_digest"]));
+ $_POST["include_in_digest"]);
$cache_images = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["cache_images"]));
+ $_POST["cache_images"]);
$hide_images = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["hide_images"]));
+ $_POST["hide_images"]);
$always_display_enclosures = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["always_display_enclosures"]));
+ $_POST["always_display_enclosures"]);
$mark_unread_on_update = checkbox_to_sql_bool(
- $this->dbh->escape_string($_POST["mark_unread_on_update"]));
+ $_POST["mark_unread_on_update"]);
- $feed_language = $this->dbh->escape_string(trim($_POST["feed_language"]));
-
- $auth_pass = $this->dbh->escape_string($auth_pass);
-
- if (get_pref('ENABLE_FEED_CATS')) {
- if ($cat_id && $cat_id != 0) {
- $category_qpart = "cat_id = '$cat_id',";
- $category_qpart_nocomma = "cat_id = '$cat_id'";
- } else {
- $category_qpart = 'cat_id = NULL,';
- $category_qpart_nocomma = 'cat_id = NULL';
- }
- } else {
- $category_qpart = "";
- $category_qpart_nocomma = "";
- }
+ $feed_language = trim($_POST["feed_language"]);
if (!$batch) {
if ($_POST["need_auth"] !== 'on') {
$auth_pass = '';
}
- $result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = " . $feed_id);
- $orig_feed_url = db_fetch_result($result, 0, "feed_url");
-
- $reset_basic_info = $orig_feed_url != $feed_link;
-
- $this->dbh->query("UPDATE ttrss_feeds SET
- $category_qpart
- title = '$feed_title', feed_url = '$feed_link',
- update_interval = '$upd_intl',
- purge_interval = '$purge_intl',
- auth_login = '$auth_login',
- auth_pass = '$auth_pass',
+ $sth = $this->pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed_id]);
+ $row = $sth->fetch();
+ $orig_feed_url = $row["feed_url"];
+
+ $reset_basic_info = $orig_feed_url != $feed_url;
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET
+ cat_id = :cat_id,
+ title = :title,
+ feed_url = :feed_url,
+ update_interval = :upd_intl,
+ purge_interval = :purge_intl,
+ auth_login = :auth_login,
+ auth_pass = :auth_pass,
auth_pass_encrypted = false,
- private = $private,
- cache_images = $cache_images,
- hide_images = $hide_images,
- include_in_digest = $include_in_digest,
- always_display_enclosures = $always_display_enclosures,
- mark_unread_on_update = $mark_unread_on_update,
- feed_language = '$feed_language'
- WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
+ private = :private,
+ cache_images = :cache_images,
+ hide_images = :hide_images,
+ include_in_digest = :include_in_digest,
+ always_display_enclosures = :always_display_enclosures,
+ mark_unread_on_update = :mark_unread_on_update,
+ feed_language = :feed_language
+ WHERE id = :id AND owner_uid = :uid");
+
+ $sth->execute([":title" => $feed_title,
+ ":cat_id" => $cat_id ? $cat_id : null,
+ ":feed_url" => $feed_url,
+ ":upd_intl" => $upd_intl,
+ ":purge_intl" => $purge_intl,
+ ":auth_login" => $auth_login,
+ ":auth_pass" => $auth_pass,
+ ":private" => (int)$private,
+ ":cache_images" => (int)$cache_images,
+ ":hide_images" => (int)$hide_images,
+ ":include_in_digest" => (int)$include_in_digest,
+ ":always_display_enclosures" => (int)$always_display_enclosures,
+ ":mark_unread_on_update" => (int)$mark_unread_on_update,
+ ":feed_language" => $feed_language,
+ ":id" => $feed_id,
+ ":uid" => $_SESSION['uid']]);
if ($reset_basic_info) {
RSSUtils::set_basic_feed_info($feed_id);
}
}
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
+
+ $feed_ids_qmarks = arr_qmarks($feed_ids);
foreach (array_keys($feed_data) as $k) {
switch ($k) {
case "title":
- $qpart = "title = '$feed_title'";
+ $qpart = "title = " . $this->pdo->quote($feed_title);
break;
case "feed_url":
- $qpart = "feed_url = '$feed_link'";
+ $qpart = "feed_url = " . $this->pdo->quote($feed_url);
break;
case "update_interval":
- $qpart = "update_interval = '$upd_intl'";
+ $qpart = "update_interval = " . $this->pdo->quote($upd_intl);
break;
case "purge_interval":
- $qpart = "purge_interval = '$purge_intl'";
+ $qpart = "purge_interval =" . $this->pdo->quote($purge_intl);
break;
case "auth_login":
- $qpart = "auth_login = '$auth_login'";
+ $qpart = "auth_login = " . $this->pdo->quote($auth_login);
break;
case "auth_pass":
- $qpart = "auth_pass = '$auth_pass', auth_pass_encrypted = false";
+ $qpart = "auth_pass =" . $this->pdo->quote($auth_pass). ", auth_pass_encrypted = false";
break;
case "private":
- $qpart = "private = $private";
+ $qpart = "private = " . $this->pdo->quote($private);
break;
case "include_in_digest":
- $qpart = "include_in_digest = $include_in_digest";
+ $qpart = "include_in_digest = " . $this->pdo->quote($include_in_digest);
break;
case "always_display_enclosures":
- $qpart = "always_display_enclosures = $always_display_enclosures";
+ $qpart = "always_display_enclosures = " . $this->pdo->quote($always_display_enclosures);
break;
case "mark_unread_on_update":
- $qpart = "mark_unread_on_update = $mark_unread_on_update";
+ $qpart = "mark_unread_on_update = " . $this->pdo->quote($mark_unread_on_update);
break;
case "cache_images":
- $qpart = "cache_images = $cache_images";
+ $qpart = "cache_images = " . $this->pdo->quote($cache_images);
break;
case "hide_images":
- $qpart = "hide_images = $hide_images";
+ $qpart = "hide_images = " . $this->pdo->quote($hide_images);
break;
case "cat_id":
- $qpart = $category_qpart_nocomma;
+ if (get_pref('ENABLE_FEED_CATS')) {
+ if ($cat_id) {
+ $qpart = "cat_id = " . $this->pdo->quote($cat_id);
+ } else {
+ $qpart = 'cat_id = NULL';
+ }
+ } else {
+ $qpart = "";
+ }
+
break;
case "feed_language":
- $qpart = "feed_language = '$feed_language'";
+ $qpart = "feed_language = " . $this->pdo->quote($feed_language);
break;
}
if ($qpart) {
- $this->dbh->query(
- "UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids)
- AND owner_uid = " . $_SESSION["uid"]);
- print "<br/>";
+ $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids_qmarks)
+ AND owner_uid = ?");
+ $sth->execute(array_merge($feed_ids, [$_SESSION['uid']]));
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
return;
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
return;
}
- function clear() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $this->clear_feed_articles($id);
- }
-
- function rescore() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
-
- foreach ($ids as $id) {
-
- $filters = load_filters($id, $_SESSION["uid"], 6);
-
- $result = $this->dbh->query("SELECT
- title, content, link, ref_id, author,".
- SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
- FROM
- ttrss_user_entries, ttrss_entries
- WHERE ref_id = id AND feed_id = '$id' AND
- owner_uid = " .$_SESSION['uid']."
- ");
-
- $scores = array();
-
- while ($line = $this->dbh->fetch_assoc($result)) {
-
- $tags = Article::get_article_tags($line["ref_id"]);
-
- $article_filters = RSSUtils::get_article_filters($filters, $line['title'],
- $line['content'], $line['link'], strtotime($line['updated']),
- $line['author'], $tags);
-
- $new_score = RSSUtils::calculate_article_score($article_filters);
-
- if (!$scores[$new_score]) $scores[$new_score] = array();
-
- array_push($scores[$new_score], $line['ref_id']);
- }
-
- foreach (array_keys($scores) as $s) {
- if ($s > 1000) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- marked = true WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else if ($s < -500) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- unread = false WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- }
- }
- }
-
- print __("All done.");
-
- }
-
- function rescoreAll() {
-
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']);
-
- while ($feed_line = $this->dbh->fetch_assoc($result)) {
-
- $id = $feed_line["id"];
-
- $filters = load_filters($id, $_SESSION["uid"], 6);
-
- $tmp_result = $this->dbh->query("SELECT
- title, content, link, ref_id, author,".
- SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
- FROM
- ttrss_user_entries, ttrss_entries
- WHERE ref_id = id AND feed_id = '$id' AND
- owner_uid = " .$_SESSION['uid']."
- ");
-
- $scores = array();
-
- while ($line = $this->dbh->fetch_assoc($tmp_result)) {
-
- $tags = Article::get_article_tags($line["ref_id"]);
-
- $article_filters = RSSUtils::get_article_filters($filters, $line['title'],
- $line['content'], $line['link'], strtotime($line['updated']),
- $line['author'], $tags);
-
- $new_score = RSSUtils::calculate_article_score($article_filters);
-
- if (!$scores[$new_score]) $scores[$new_score] = array();
-
- array_push($scores[$new_score], $line['ref_id']);
- }
-
- foreach (array_keys($scores) as $s) {
- if ($s > 1000) {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
- marked = true WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- } else {
- $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
- ref_id IN (" . join(',', $scores[$s]) . ")");
- }
- }
- }
-
- print __("All done.");
-
- }
-
- function categorize() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
-
- $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
-
- if ($cat_id == 0) {
- $cat_id_qpart = 'NULL';
- } else {
- $cat_id_qpart = "'$cat_id'";
- }
-
- $this->dbh->query("BEGIN");
-
- foreach ($ids as $id) {
-
- $this->dbh->query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
- WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
-
- }
-
- $this->dbh->query("COMMIT");
- }
-
function removeCat() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = $this->dbh->escape_string(trim($_REQUEST["cat"]));
+ $feed_cat = trim($_REQUEST["cat"]);
add_feed_category($feed_cat);
}
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">";
- $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
+ if ($row = $sth->fetch()) {
+ $num_errors = $row["num_errors"];
+ } else {
+ $num_errors = 0;
+ }
if ($num_errors > 0) {
onclick=\"showInactiveFeeds()\">" .
__("Inactive feeds") . "</button>";
- $feed_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $feed_search = $_REQUEST["search"];
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- $result = $this->dbh->query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
+ $sth = $this->pdo->prepare("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart
- AND ttrss_feeds.owner_uid = ".$_SESSION["uid"]." AND
+ AND ttrss_feeds.owner_uid = ? AND
ttrss_user_entries.feed_id = ttrss_feeds.id AND
ttrss_entries.id = ref_id
GROUP BY ttrss_feeds.title, ttrss_feeds.id, ttrss_feeds.site_url, ttrss_feeds.feed_url
ORDER BY last_article");
+ $sth->execute([$_SESSION['uid']]);
print "<p" .__("These feeds have not been updated with new content for 3 months (oldest first):") . "</p>";
$lnum = 1;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FUPDD-$feed_id\"";
}
function feedsWithErrors() {
- $result = $this->dbh->query("SELECT id,title,feed_url,last_error,site_url
- FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id,title,feed_url,last_error,site_url
+ FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
print "<div dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
$lnum = 1;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$feed_id = $line["id"];
$this_row_id = "id=\"FERDD-$feed_id\"";
print "</div>";
}
- /**
- * Purge a feed contents, marked articles excepted.
- *
- * @param mixed $link The database connection.
- * @param integer $id The id of the feed to purge.
- * @return void
- */
- private function clear_feed_articles($id) {
-
- if ($id != 0) {
- $result = $this->dbh->query("DELETE FROM ttrss_user_entries
- WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]);
- } else {
- $result = $this->dbh->query("DELETE FROM ttrss_user_entries
- WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]);
- }
-
- $result = $this->dbh->query("DELETE FROM ttrss_entries WHERE
- (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0");
-
- CCache::update($id, $_SESSION['uid']);
- } // function clear_feed_articles
-
private function remove_feed_category($id, $owner_uid) {
- $this->dbh->query("DELETE FROM ttrss_feed_categories
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_feed_categories
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
CCache::remove($id, $owner_uid, true);
}
static function remove_feed($id, $owner_uid) {
+ $pdo = Db::pdo();
+
if ($id > 0) {
+ $pdo->beginTransaction();
/* save starred articles in Archived feed */
- db_query("BEGIN");
-
/* prepare feed if necessary */
- $result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = $id
- AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT feed_url FROM ttrss_feeds WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
+ if ($row = $sth->fetch()) {
+ $feed_url = $row["feed_url"];
- $result = db_query("SELECT id FROM ttrss_archived_feeds
- WHERE feed_url = '$feed_url' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("SELECT id FROM ttrss_archived_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $owner_uid]);
- if (db_num_rows($result) == 0) {
- $result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
- $new_feed_id = (int)db_fetch_result($result, 0, "id") + 1;
+ if ($row = $sth->fetch()) {
+ $archive_id = $row["id"];
+ } else {
+ $res = $pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
+ $row = $res->fetch();
- db_query("INSERT INTO ttrss_archived_feeds
- (id, owner_uid, title, feed_url, site_url)
- SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds
- WHERE id = '$id'");
+ $new_feed_id = (int)$row['id'] + 1;
- $archive_id = $new_feed_id;
- } else {
- $archive_id = db_fetch_result($result, 0, "id");
- }
+ $sth = $pdo->prepare("INSERT INTO ttrss_archived_feeds
+ (id, owner_uid, title, feed_url, site_url)
+ SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$new_feed_id, $id]);
+
+ $archive_id = $new_feed_id;
+ }
+
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries SET feed_id = NULL,
+ orig_feed_id = ? WHERE feed_id = ? AND
+ marked = true AND owner_uid = ?");
- db_query("UPDATE ttrss_user_entries SET feed_id = NULL,
- orig_feed_id = '$archive_id' WHERE feed_id = '$id' AND
- marked = true AND owner_uid = $owner_uid");
+ $sth->execute([$archive_id, $id, $owner_uid]);
- /* Remove access key for the feed */
+ /* Remove access key for the feed */
- db_query("DELETE FROM ttrss_access_keys WHERE
- feed_id = '$id' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ feed_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- /* remove the feed */
+ /* remove the feed */
- db_query("DELETE FROM ttrss_feeds
- WHERE id = '$id' AND owner_uid = $owner_uid");
+ $sth = $pdo->prepare("DELETE FROM ttrss_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
+ }
- db_query("COMMIT");
+ $pdo->commit();
if (file_exists(ICONS_DIR . "/$id.ico")) {
unlink(ICONS_DIR . "/$id.ico");
}
function batchAddFeeds() {
- $cat_id = $this->dbh->escape_string($_REQUEST['cat']);
+ $cat_id = $_REQUEST['cat'];
$feeds = explode("\n", $_REQUEST['feeds']);
- $login = $this->dbh->escape_string($_REQUEST['login']);
+ $login = $_REQUEST['login'];
$pass = trim($_REQUEST['pass']);
foreach ($feeds as $feed) {
- $feed = $this->dbh->escape_string(trim($feed));
+ $feed = trim($feed);
if (validate_feed_url($feed)) {
- $this->dbh->query("BEGIN");
-
- if ($cat_id == "0" || !$cat_id) {
- $cat_qpart = "NULL";
- } else {
- $cat_qpart = "'$cat_id'";
- }
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds
- WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds
+ WHERE feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed, $_SESSION['uid']]);
- $pass = $this->dbh->escape_string($pass);
-
- if ($this->dbh->num_rows($result) == 0) {
- $result = $this->dbh->query(
- "INSERT INTO ttrss_feeds
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
- VALUES ('".$_SESSION["uid"]."', '$feed',
- '[Unknown]', $cat_qpart, '$login', '$pass', 0, false)");
+ VALUES (?, ?, '[Unknown]', ?, ?, ?, 0, false)");
+
+ $sth->execute([$_SESSION['uid'], $feed, $cat_id ? $cat_id : null, $login, $pass]);
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
}
}
function regenFeedKey() {
- $feed_id = $this->dbh->escape_string($_REQUEST['id']);
- $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
+ $feed_id = $_REQUEST['id'];
+ $is_cat = $_REQUEST['is_cat'] == "true";
$new_key = $this->update_feed_access_key($feed_id, $is_cat);
private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $sql_is_cat = bool_to_sql_bool($is_cat);
-
- $result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ // clear old value and generate new one
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $is_cat, $owner_uid]);
- if ($this->dbh->num_rows($result) == 1) {
- $key = $this->dbh->escape_string(uniqid_short());
-
- $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
-
- return $key;
-
- } else {
- return get_feed_access_key($feed_id, $is_cat, $owner_uid);
- }
+ return get_feed_access_key($feed_id, $is_cat, $owner_uid);
}
// Silent
function clearKeys() {
- $this->dbh->query("DELETE FROM ttrss_access_keys WHERE
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys WHERE
+ owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
}
private function calculate_children_count($cat) {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
- $result = $this->dbh->query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
+ $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_inactive FROM ttrss_feeds WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
- ttrss_feeds.owner_uid = ".$_SESSION["uid"]);
+ ttrss_feeds.owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- print (int) $this->dbh->fetch_result($result, 0, "num_inactive");
+ if ($row = $sth->fetch()) {
+ print (int)$row["num_inactive"];
+ }
}
static function subscribe_to_feed_url() {
}
function filtersortreset() {
- $this->dbh->query("UPDATE ttrss_filters2
- SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2
+ SET order_id = 0 WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
return;
}
$index = 0;
if (is_array($data) && is_array($data['items'])) {
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET
+ order_id = ? WHERE id = ? AND
+ owner_uid = ?");
+
foreach ($data['items'][0]['items'] as $item) {
$filter_id = (int) str_replace("FILTER:", "", $item['_reference']);
if ($filter_id > 0) {
-
- $this->dbh->query("UPDATE ttrss_filters2 SET
- order_id = $index WHERE id = '$filter_id' AND
- owner_uid = " .$_SESSION["uid"]);
-
+ $sth->execute([$index, $filter_id, $_SESSION['uid']]);
++$index;
}
}
}
function testFilterDo() {
- $offset = (int) db_escape_string($_REQUEST["offset"]);
- $limit = (int) db_escape_string($_REQUEST["limit"]);
+ $offset = (int) $_REQUEST["offset"];
+ $limit = (int) $_REQUEST["limit"];
$filter = array();
$filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])));
+ checkbox_to_sql_bool($_REQUEST["match_any_rule"]));
$filter["inverse"] = sql_bool_to_bool(
- checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])));
+ checkbox_to_sql_bool($_REQUEST["inverse"]));
$filter["rules"] = array();
$filter["actions"] = array("dummy-action");
- $result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types");
+ $res = $this->pdo->query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$filter_types[$line["id"]] = $line["name"];
}
if (strpos($feed_id, "CAT:") === 0) {
$cat_id = (int) substr($feed_id, 4);
- array_push($scope_inner_qparts, "cat_id = " . $cat_id);
+ array_push($scope_inner_qparts, "cat_id = " . $this->pdo->quote($cat_id));
} else if ($feed_id > 0) {
- array_push($scope_inner_qparts, "feed_id = " . $feed_id);
+ array_push($scope_inner_qparts, "feed_id = " . $this->pdo->quote($feed_id));
}
}
//while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) {
- $result = db_query("SELECT ttrss_entries.id,
- ttrss_entries.title,
- ttrss_feeds.id AS feed_id,
- ttrss_feeds.title AS feed_title,
- ttrss_feed_categories.id AS cat_id,
- content,
- date_entered,
- link,
- author,
- tag_cache
- FROM
- ttrss_entries, ttrss_user_entries
- LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)
- LEFT JOIN ttrss_feed_categories ON (ttrss_feeds.cat_id = ttrss_feed_categories.id)
- WHERE
- ref_id = ttrss_entries.id AND
- ($scope_qpart) AND
- ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
- ORDER BY date_entered DESC LIMIT $limit OFFSET $offset");
-
- while ($line = db_fetch_assoc($result)) {
-
- $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
- $line['author'], explode(",", $line['tag_cache']));
-
- if (count($rc) > 0) {
-
- $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '…');
-
- foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
- $line = $p->hook_query_headlines($line, 100);
- }
+ $sth = $this->pdo->prepare("SELECT ttrss_entries.id,
+ ttrss_entries.title,
+ ttrss_feeds.id AS feed_id,
+ ttrss_feeds.title AS feed_title,
+ ttrss_feed_categories.id AS cat_id,
+ content,
+ date_entered,
+ link,
+ author,
+ tag_cache
+ FROM
+ ttrss_entries, ttrss_user_entries
+ LEFT JOIN ttrss_feeds ON (feed_id = ttrss_feeds.id)
+ LEFT JOIN ttrss_feed_categories ON (ttrss_feeds.cat_id = ttrss_feed_categories.id)
+ WHERE
+ ref_id = ttrss_entries.id AND
+ ($scope_qpart) AND
+ ttrss_user_entries.owner_uid = ?
+ ORDER BY date_entered DESC LIMIT $limit OFFSET $offset");
- $content_preview = $line["content_preview"];
+ $sth->execute([$_SESSION['uid']]);
- $tmp = "<tr style='margin-top : 5px'>";
+ while ($line = $sth->fetch()) {
- #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
- # checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
+ $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
+ $line['author'], explode(",", $line['tag_cache']));
- $id = $line['id'];
- $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
- src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
+ if (count($rc) > 0) {
- /*foreach ($filter['rules'] as $rule) {
- $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
+ $line["content_preview"] = truncate_string(strip_tags($line["content"]), 200, '…');
- $line["title"] = preg_replace("/($reg_exp)/i",
- "<span class=\"highlight\">$1</span>", $line["title"]);
+ foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_QUERY_HEADLINES) as $p) {
+ $line = $p->hook_query_headlines($line, 100);
+ }
- $content_preview = preg_replace("/($reg_exp)/i",
- "<span class=\"highlight\">$1</span>", $content_preview);
- }*/
+ $content_preview = $line["content_preview"];
- $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
- $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
- $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
- $tmp .= "</td></tr>";
+ $tmp = "<tr style='margin-top : 5px'>";
- array_push($rv, $tmp);
+ #$tmp .= "<td width='5%' align='center'><input dojoType=\"dijit.form.CheckBox\"
+ # checked=\"1\" disabled=\"1\" type=\"checkbox\"></td>";
- /*array_push($rv, array("title" => $line["title"],
- "content" => $content_preview,
- "date" => $line["date_entered"],
- "feed" => $line["feed_title"])); */
+ $id = $line['id'];
+ $tmp .= "<td width='5%' align='center'><img style='cursor : pointer' title='".__("Preview article")."'
+ src='images/information.png' onclick='openArticlePopup($id)'></td><td>";
+
+ /*foreach ($filter['rules'] as $rule) {
+ $reg_exp = str_replace('/', '\/', $rule["reg_exp"]);
+
+ $line["title"] = preg_replace("/($reg_exp)/i",
+ "<span class=\"highlight\">$1</span>", $line["title"]);
+
+ $content_preview = preg_replace("/($reg_exp)/i",
+ "<span class=\"highlight\">$1</span>", $content_preview);
+ }*/
+
+ $tmp .= "<strong>" . $line["title"] . "</strong><br/>";
+ $tmp .= $line['feed_title'] . ", " . mb_substr($line["date_entered"], 0, 16);
+ $tmp .= "<div class='insensitive'>" . $content_preview . "</div>";
+ $tmp .= "</td></tr>";
+
+ array_push($rv, $tmp);
+
+ /*array_push($rv, array("title" => $line["title"],
+ "content" => $content_preview,
+ "date" => $line["date_entered"],
+ "feed" => $line["feed_title"])); */
- }
}
+ }
//$offset += $limit;
//}
}
private function getfilterrules_concise($filter_id) {
- $result = $this->dbh->query("SELECT reg_exp,
+ $sth = $this->pdo->prepare("SELECT reg_exp,
inverse,
match_on,
feed_id,
FROM
ttrss_filters2_rules, ttrss_filter_types
WHERE
- filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id
+ filter_id = ? AND filter_type = ttrss_filter_types.id
ORDER BY reg_exp");
+ $sth->execute([$filter_id]);
$rv = "";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if ($line["match_on"]) {
$feeds = json_decode($line["match_on"], true);
$filter_search = $_SESSION["prefs_filter_search"];
- $result = $this->dbh->query("SELECT *,
+ $sth = $this->pdo->prepare("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions
(SELECT reg_exp FROM ttrss_filters2_rules
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp
FROM ttrss_filters2 WHERE
- owner_uid = ".$_SESSION["uid"]." ORDER BY order_id, title");
-
+ owner_uid = ? ORDER BY order_id, title");
+ $sth->execute([$_SESSION['uid']]);
$folder = array();
$folder['items'] = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$name = $this->getFilterName($line["id"]);
$match_ok = false;
if ($filter_search) {
- $rules_result = $this->dbh->query(
- "SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]);
+ $rules_sth = $this->pdo->prepare("SELECT reg_exp
+ FROM ttrss_filters2_rules WHERE filter_id = ?");
+ $rules_sth->execute([$line['id']]);
- while ($rule_line = $this->dbh->fetch_assoc($rules_result)) {
+ while ($rule_line = $rules_sth->fetch()) {
if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
$match_ok = true;
break;
}
if ($line['action_id'] == 7) {
- $label_result = $this->dbh->query("SELECT fg_color, bg_color
- FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND
- owner_uid = " . $_SESSION["uid"]);
+ $label_sth = $this->pdo->prepare("SELECT fg_color, bg_color
+ FROM ttrss_labels2 WHERE caption = ? AND
+ owner_uid = ?");
+ $label_sth->execute([$line['action_param'], $_SESSION['uid']]);
- if ($this->dbh->num_rows($label_result) > 0) {
- $fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color");
- $bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color");
+ if ($label_row = $label_sth->fetch()) {
+ $fg_color = $label_row["fg_color"];
+ $bg_color = $label_row["bg_color"];
$name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>α</span>" . $name[1];
}
}
}
- /* if (count($folder['items']) > 0) {
- array_push($root['items'], $folder);
- } */
-
$root['items'] = $folder['items'];
$fl = array();
function edit() {
- $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
+ $filter_id = $_REQUEST["id"];
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$filter_id, $_SESSION['uid']]);
- $enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled"));
- $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
- $inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse"));
- $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
+ if ($row = $sth->fetch()) {
- print "<form id=\"filter_edit_form\" onsubmit='return false'>";
+ $enabled = sql_bool_to_bool($row["enabled"]);
+ $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
+ $inverse = sql_bool_to_bool($row["inverse"]);
+ $title = htmlspecialchars($row["title"]);
- print_hidden("op", "pref-filters");
- print_hidden("id", "$filter_id");
- print_hidden("method", "editSave");
- print_hidden("csrf_token", $_SESSION['csrf_token']);
+ print "<form id=\"filter_edit_form\" onsubmit='return false'>";
- print "<div class=\"dlgSec\">".__("Caption")."</div>";
+ print_hidden("op", "pref-filters");
+ print_hidden("id", "$filter_id");
+ print_hidden("method", "editSave");
+ print_hidden("csrf_token", $_SESSION['csrf_token']);
- print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
+ print "<div class=\"dlgSec\">".__("Caption")."</div>";
- print "</div>";
+ print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
- print "<div class=\"dlgSec\">".__("Match")."</div>";
+ print "</div>";
- print "<div dojoType=\"dijit.Toolbar\">";
+ print "<div class=\"dlgSec\">".__("Match")."</div>";
- print "<div dojoType=\"dijit.form.DropDownButton\">".
+ print "<div dojoType=\"dijit.Toolbar\">";
+
+ print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
- print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
+
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
- print "</div></div>";
+ print "</div></div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
- __('Add')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
+ __('Add')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
- __('Delete')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
+ __('Delete')."</button> ";
- print "</div>";
+ print "</div>";
- print "<ul id='filterDlg_Matches'>";
+
print "<ul id='filterDlg_Matches'>";
- $rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
- WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
+ $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
+ WHERE filter_id = ? ORDER BY reg_exp, id");
+ $rules_sth->execute([$filter_id]);
- while ($line = $this->dbh->fetch_assoc($rules_result)) {
- if ($line["match_on"]) {
- $line["feed_id"] = json_decode($line["match_on"], true);
- } else {
- if (sql_bool_to_bool($line["cat_filter"])) {
- $feed_id = "CAT:" . (int)$line["cat_id"];
- } else {
- $feed_id = (int)$line["feed_id"];
- }
+ while ($line = $rules_sth->fetch()) {
+ if ($line["match_on"]) {
+ $line["feed_id"] = json_decode($line["match_on"], true);
+ } else {
+ if (sql_bool_to_bool($line["cat_filter"])) {
+ $feed_id = "CAT:" . (int)$line["cat_id"];
+ } else {
+ $feed_id = (int)$line["feed_id"];
+ }
- $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
- }
+ $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
+ }
- unset($line["cat_filter"]);
- unset($line["cat_id"]);
- unset($line["filter_id"]);
- unset($line["id"]);
- if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
- unset($line["match_on"]);
+ unset($line["cat_filter"]);
+ unset($line["cat_id"]);
+ unset($line["filter_id"]);
+ unset($line["id"]);
+ if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
+ unset($line["match_on"]);
- $data = htmlspecialchars(json_encode($line));
+ $data = htmlspecialchars(json_encode($line));
- print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
- "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
- "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
- }
+ print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
+ "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
+ "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
+ }
- print "</ul>";
+ print "</ul>";
- print "</div>";
+ print "</div>";
- print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
+
print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
- print "<div dojoType=\"dijit.Toolbar\">";
+
print "<div dojoType=\"dijit.Toolbar\">";
- print "<div dojoType=\"dijit.form.DropDownButton\">".
+
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
- print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
+
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
- print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
+
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
- print "</div></div>";
+ print "</div></div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
- __('Add')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
+ __('Add')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
- __('Delete')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
+ __('Delete')."</button> ";
- print "</div>";
+ print "</div>";
- print "<ul id='filterDlg_Actions'>";
+
print "<ul id='filterDlg_Actions'>";
- $actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
- WHERE filter_id = '$filter_id' ORDER BY id");
+ $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ? ORDER BY id");
+ $actions_sth->execute([$filter_id]);
- while ($line = $this->dbh->fetch_assoc($actions_result)) {
- $line["action_param_label"] = $line["action_param"];
+ while ($line = $actions_sth->fetch()) {
+ $line["action_param_label"] = $line["action_param"];
- unset($line["filter_id"]);
- unset($line["id"]);
+ unset($line["filter_id"]);
+ unset($line["id"]);
- $data = htmlspecialchars(json_encode($line));
+ $data = htmlspecialchars(json_encode($line));
- print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
- "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
- "<input type='hidden' name='action[]' value=\"$data\"/></li>";
- }
+ print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
+ "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
+ "<input type='hidden' name='action[]' value=\"$data\"/></li>";
+ }
- print "</ul>";
+ print "</ul>";
- print "</div>";
+ print "</div>";
- if ($enabled) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($enabled) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
+ print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
<label for=\"enabled\">".__('Enabled')."</label>";
- if ($match_any_rule) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($match_any_rule) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
<label for=\"match_any_rule\">".__('Match any rule')."</label>";
- if ($inverse) {
- $checked = "checked=\"1\"";
- } else {
- $checked = "";
- }
+ if ($inverse) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
- print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse matching')."</label>";
- print "<p/>";
- print "<div class=\"dlgButtons\">";
+
print "<div class=\"dlgButtons\">";
- print "<div style=\"float : left\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
- __('Remove')."</button>";
- print "</div>";
+
print "<div style=\"float : left\">";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
+ __('Remove')."</button>";
+ print "</div>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
- __('Test')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
+ __('Test')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
- __('Save')."</button> ";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
+ __('Save')."</button> ";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
- __('Cancel')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
+ __('Cancel')."</button>";
- print "</div>";
+ print "</div>";
+
+ }
}
private function getRuleName($rule) {
$feed = implode(", ", $feeds_fmt);
- $result = $this->dbh->query("SELECT description FROM ttrss_filter_types
- WHERE id = ".(int)$rule["filter_type"]);
- $filter_type = $this->dbh->fetch_result($result, 0, "description");
+ $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_types
+ WHERE id = ?");
+ $sth->execute([(int)$rule["filter_type"]]);
+
+ if ($row = $sth->fetch()) {
+ $filter_type = $row["description"];
+ } else {
+ $filter_type = "?UNKNOWN?";
+ }
$inverse = isset($rule["inverse"]) ? "inverse" : "";
}
private function getActionName($action) {
- $result = $this->dbh->query("SELECT description FROM
- ttrss_filter_actions WHERE id = " .(int)$action["action_id"]);
+ $sth = $this->pdo->prepare("SELECT description FROM
+ ttrss_filter_actions WHERE id = ?");
+ $sth->execute([(int)$action["action_id"]]);
+
+ $title = "";
- $title = __($this->dbh->fetch_result($result, 0, "description"));
+ if ($row = $sth->fetch()) {
- if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
- $action["action_id"] == 7)
+ $title = __($row["description"]);
+
+ if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
+ $action["action_id"] == 7)
$title .= ": " . $action["action_param"];
- if ($action["action_id"] == 9) {
- list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
+ if ($action["action_id"] == 9) {
+ list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
- $filter_actions = PluginHost::getInstance()->get_filter_actions();
+ $filter_actions = PluginHost::getInstance()->get_filter_actions();
- foreach ($filter_actions as $fclass => $factions) {
- foreach ($factions as $faction) {
- if ($pfaction == $faction["action"] && $pfclass == $fclass) {
- $title .= ": " . $fclass . ": " . $faction["description"];
- break;
+ foreach ($filter_actions as $fclass => $factions) {
+ foreach ($factions as $faction) {
+ if ($pfaction == $faction["action"] && $pfclass == $fclass) {
+ $title .= ": " . $fclass . ": " . $faction["description"];
+ break;
+ }
}
}
}
return $this->testFilter();
}
-# print_r($_REQUEST);
+ $filter_id = $_REQUEST["id"];
+ $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
+ $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
+ $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
+ $title = $_REQUEST["title"];
+
+ $this->pdo->beginTransaction();
- $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
- $enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"]));
- $match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]));
- $inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]));
- $title = $this->dbh->escape_string($_REQUEST["title"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET enabled = ?,
+ match_any_rule = ?,
+ inverse = ?,
+ title = ?
+ WHERE id = ? AND owner_uid = ?");
- $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled,
- match_any_rule = $match_any_rule,
- inverse = $inverse,
- title = '$title'
- WHERE id = '$filter_id'
- AND owner_uid = ". $_SESSION["uid"]);
+ $sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]);
$this->saveRulesAndActions($filter_id);
+ $this->pdo->commit();
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
+ $ids_qmarks = arr_qmarks($ids);
- foreach ($ids as $id) {
- $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
- }
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
+ AND owner_uid = ?");
+ $sth->execute(array_merge($ids, [$_SESSION['uid']]));
}
- private function saveRulesAndActions($filter_id) {
+ private function saveRulesAndActions($filter_id)
+ {
+
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?");
+ $sth->execute([$filter_id]);
- $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
- $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
+ $sth->execute([$filter_id]);
+ if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = [];
+ if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = [];
+
if ($filter_id) {
/* create rules */
}
}
+ $rsth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
+ (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
+ (?, ?, ?, NULL, NULL, ?, ?)");
+
foreach ($rules as $rule) {
if ($rule) {
- $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false);
- $inverse = isset($rule["inverse"]) ? "true" : "false";
+ $reg_exp = trim($rule["reg_exp"]);
+ $inverse = isset($rule["inverse"]) ? 1 : 0;
- $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));
- $match_on = $this->dbh->escape_string(json_encode($rule["feed_id"]));
+ $filter_type = (int)trim($rule["filter_type"]);
+ $match_on = json_encode($rule["feed_id"]);
- /*if (strpos($feed_id, "CAT:") === 0) {
-
- $cat_filter = bool_to_sql_bool(true);
- $cat_id = (int) substr($feed_id, 4);
- $feed_id = "NULL";
-
- if (!$cat_id) $cat_id = "NULL"; // Uncategorized
- } else {
- $cat_filter = bool_to_sql_bool(false);
- $feed_id = (int) $feed_id;
- $cat_id = "NULL";
-
- if (!$feed_id) $feed_id = "NULL"; // Uncategorized
- }*/
-
- $query = "INSERT INTO ttrss_filters2_rules
- (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
- ('$filter_id', '$reg_exp', '$filter_type', NULL, NULL, '$match_on', $inverse)";
-
- $this->dbh->query($query);
+ $rsth->execute([$filter_id, $reg_exp, $filter_type, $match_on, $inverse]);
}
}
+ $asth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions
+ (filter_id, action_id, action_param) VALUES
+ (?, ?, ?)");
+
foreach ($actions as $action) {
if ($action) {
- $action_id = (int) $this->dbh->escape_string($action["action_id"]);
- $action_param = $this->dbh->escape_string($action["action_param"]);
- $action_param_label = $this->dbh->escape_string($action["action_param_label"]);
+ $action_id = (int)$action["action_id"];
+ $action_param = $action["action_param"];
+ $action_param_label = $action["action_param_label"];
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
- $action_param = (int) str_replace("+", "", $action_param);
+ $action_param = (int)str_replace("+", "", $action_param);
}
- $query = "INSERT INTO ttrss_filters2_actions
- (filter_id, action_id, action_param) VALUES
- ('$filter_id', '$action_id', '$action_param')";
-
- $this->dbh->query($query);
+ $asth->execute([$filter_id, $action_id, $action_param]);
}
}
}
-
-
}
function add() {
return $this->testFilter();
}
-# print_r($_REQUEST);
-
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
- $title = $this->dbh->escape_string($_REQUEST["title"]);
+ $title = $_REQUEST["title"];
$inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
/* create base filter */
- $result = $this->dbh->query("INSERT INTO ttrss_filters2
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title, inverse) VALUES
- (".$_SESSION["uid"].",$match_any_rule,$enabled, '$title', $inverse)");
+ (?, ?, ?, ?, ?)");
- $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2
- WHERE owner_uid = ".$_SESSION["uid"]);
+ $sth->execute([$_SESSION['uid'], $match_any_rule, $enabled, $title, $inverse]);
- $filter_id = $this->dbh->fetch_result($result, 0, "id");
+ $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2
+ WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
- $this->saveRulesAndActions($filter_id);
+ if ($row = $sth->fetch()) {
+ $filter_id = $row['id'];
+ $this->saveRulesAndActions($filter_id);
+ }
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
function index() {
- $sort = $this->dbh->escape_string($_REQUEST["sort"]);
+ $sort = $_REQUEST["sort"];
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
- $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $filter_search = $_REQUEST["search"];
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $filter_search = $_REQUEST["search"];
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
__('Remove')."</button> ";
- if (defined('_ENABLE_FEED_DEBUGGING')) {
- print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
- __('Rescore articles')."</button> ";
- }
-
print "</div>"; # toolbar
print "</div>"; # toolbar-frame
print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
$inverse_checked = "";
}
- /*if (strpos($feed_id, "CAT:") === 0) {
- $feed_id = substr($feed_id, 4);
- $cat_filter = true;
- } else {
- $cat_filter = false;
- }*/
-
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
- $result = $this->dbh->query("SELECT id,description
+ $res = $this->pdo->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$filter_types[$line["id"]] = __($line["description"]);
}
$action = json_decode($_REQUEST["action"], true);
if ($action) {
- $action_param = $this->dbh->escape_string($action["action_param"]);
+ $action_param = $action["action_param"];
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
- $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions
+ $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
}
private function getFilterName($id) {
- $result = $this->dbh->query(
+ $sth = $this->pdo->prepare(
"SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
ON (r.filter_id = f.id)
LEFT JOIN ttrss_filters2_actions AS a
- ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title, f.match_any_rule");
+ ON (a.filter_id = f.id) WHERE f.id = ? GROUP BY f.title, f.match_any_rule");
+ $sth->execute([$id]);
- $title = $this->dbh->fetch_result($result, 0, "title");
- $num_rules = $this->dbh->fetch_result($result, 0, "num_rules");
- $num_actions = $this->dbh->fetch_result($result, 0, "num_actions");
- $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
+ if ($row = $sth->fetch()) {
- if (!$title) $title = __("[No caption]");
+ $title = $row["title"];
+ $num_rules = $row["num_rules"];
+ $num_actions = $row["num_actions"];
+ $match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
- $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
+ if (!$title) $title = __("[No caption]");
+ $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
- $result = $this->dbh->query(
- "SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ? ORDER BY id LIMIT 1");
+ $sth->execute([$id]);
- $actions = "";
+ $actions = "";
- if ($this->dbh->num_rows($result) > 0) {
- $line = $this->dbh->fetch_assoc($result);
- $actions = $this->getActionName($line);
+ if ($line = $sth->fetch()) {
+ $actions = $this->getActionName($line);
- $num_actions -= 1;
- }
+ $num_actions -= 1;
+ }
+
+ if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
- if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
+ if ($num_actions > 0)
+ $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
- if ($num_actions > 0)
- $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
+ return [$title, $actions];
+ }
- return array($title, $actions);
+ return [];
}
function join() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
if (count($ids) > 1) {
$base_id = array_shift($ids);
- $ids_str = join(",", $ids);
+ $ids_qmarks = arr_qmarks($ids);
+
+ $this->pdo->beginTransaction();
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_rules
+ SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
+ $sth->execute(array_merge([$base_id], $ids));
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions
+ SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
+ $sth->execute(array_merge([$base_id], $ids));
- $this->dbh->query("BEGIN");
- $this->dbh->query("UPDATE ttrss_filters2_rules
- SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
- $this->dbh->query("UPDATE ttrss_filters2_actions
- SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)");
+ $sth->execute($ids);
- $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
- $this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = ?");
+ $sth->execute([$base_id]);
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
$this->optimizeFilter($base_id);
}
private function optimizeFilter($id) {
- $this->dbh->query("BEGIN");
- $result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
- WHERE filter_id = '$id'");
+
+ $this->pdo->beginTransaction();
+
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
+ WHERE filter_id = ?");
+ $sth->execute([$id]);
$tmp = array();
$dupe_ids = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
unset($line["id"]);
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
- $this->dbh->query("DELETE FROM ttrss_filters2_actions
- WHERE id IN ($ids_str)");
+
+ $this->pdo->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)");
}
- $result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
- WHERE filter_id = '$id'");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
+ WHERE filter_id = ?");
+ $sth->execute([$id]);
$tmp = array();
$dupe_ids = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$id = $line["id"];
unset($line["id"]);
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
- $this->dbh->query("DELETE FROM ttrss_filters2_rules
- WHERE id IN ($ids_str)");
+
+ $this->pdo->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)");
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
\ No newline at end of file
}
function edit() {
- $label_id = $this->dbh->escape_string($_REQUEST['id']);
+ $label_id = $_REQUEST['id'];
- $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
- id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
+ id = ? AND owner_uid = ?");
+ $sth->execute([$label_id, $_SESSION['uid']]);
- $line = $this->dbh->fetch_assoc($result);
+ if ($line = $sth->fetch()) {
- print_hidden("id", "$label_id");
- print_hidden("op", "pref-labels");
- print_hidden("method", "save");
+ print_hidden("id", "$label_id");
+ print_hidden("op", "pref-labels");
+ print_hidden("method", "save");
- print "<div class=\"dlgSec\">".__("Caption")."</div>";
+
print "<div class=\"dlgSec\">".__("Caption")."</div>";
- print "<div class=\"dlgSecCont\">";
+
print "<div class=\"dlgSecCont\">";
- $fg_color = $line['fg_color'];
- $bg_color = $line['bg_color'];
+ $fg_color = $line['fg_color'];
+ $bg_color = $line['bg_color'];
- print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>";
+ print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>";
- print "<input style=\"font-size : 16px\" name=\"caption\"
+ print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">";
- print "</div>";
- print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
- print "<div class=\"dlgSecCont\">";
+ print "</div>";
+
print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
+
print "<div class=\"dlgSecCont\">";
- print "<table cellspacing=\"0\">";
+
print "<table cellspacing=\"0\">";
- print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
- "</td></tr>";
+ print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
+ "</td></tr>";
- print "<tr><td style='padding-right : 10px'>";
+ print "<tr><td style='padding-right : 10px'>";
- print "<input dojoType=\"dijit.form.TextBox\"
+ print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">";
- print "<input dojoType=\"dijit.form.TextBox\"
+ print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">";
- print "<div dojoType=\"dijit.ColorPalette\">
+
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color});
</script>
- </div>";
- print "</div>";
+ </div>";
+ print "</div>";
- print "</td><td>";
+ print "</td><td>";
- print "<div dojoType=\"dijit.ColorPalette\">
+
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script>
- </div>";
- print "</div>";
+ </div>";
+ print "</div>";
- print "</td></tr></table>";
- print "</div>";
+ print "</td></tr></table>";
+ print "</div>";
# print "</form>";
- print "<div class=\"dlgButtons\">";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
- __('Save')."</button>";
- print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
- __('Cancel')."</button>";
- print "</div>";
-
- return;
+ print "<div class=\"dlgButtons\">";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
+ __('Save')."</button>";
+ print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
+ __('Cancel')."</button>";
+ print "</div>";
+ }
}
function getlabeltree() {
$root['name'] = __('Labels');
$root['items'] = array();
- $result = $this->dbh->query("SELECT *
+ $sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2
- WHERE owner_uid = ".$_SESSION["uid"]."
+ WHERE owner_uid = ?
ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
}
function colorset() {
- $kind = $this->dbh->escape_string($_REQUEST["kind"]);
- $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
- $color = $this->dbh->escape_string($_REQUEST["color"]);
- $fg = $this->dbh->escape_string($_REQUEST["fg"]);
- $bg = $this->dbh->escape_string($_REQUEST["bg"]);
+ $kind = $_REQUEST["kind"];
+ $ids = explode(',', $_REQUEST["ids"]);
+ $color = $_REQUEST["color"];
+ $fg = $_REQUEST["fg"];
+ $bg = $_REQUEST["bg"];
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- ${kind}_color = '$color' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ ${kind}_color = ? WHERE id = ?
+ AND owner_uid = ?");
+
+ $sth->execute([$color, $id, $_SESSION['uid']]);
+
} else {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ fg_color = ?, bg_color = ? WHERE id = ?
+ AND owner_uid = ?");
+
+ $sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
}
- $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
+ $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
- $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
- WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
-
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
+ WHERE label_cache LIKE ? AND owner_uid = ?");
+ $sth->execute(["%$caption%", $_SESSION['uid']]);
}
-
- return;
}
function colorreset() {
- $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) {
- $this->dbh->query("UPDATE ttrss_labels2 SET
- fg_color = '', bg_color = '' WHERE id = '$id'
- AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ fg_color = '', bg_color = '' WHERE id = ?
+ AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
+ $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
- $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
- WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
+ WHERE label_cache LIKE ? AND owner_uid = ?");
+ $sth->execute(["%$caption%", $_SESSION['uid']]);
}
-
}
function save() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
+ $id = $_REQUEST["id"];
+ $caption = trim($_REQUEST["caption"]);
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT caption FROM ttrss_labels2
- WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
- $old_caption = $this->dbh->fetch_result($result, 0, "caption");
+ if ($row = $sth->fetch()) {
+ $old_caption = $row["caption"];
- $result = $this->dbh->query("SELECT id FROM ttrss_labels2
- WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
+ WHERE caption = ? AND owner_uid = ?");
+ $sth->execute([$caption, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 0) {
+ if (!$sth->fetch()) {
if ($caption) {
- $result = $this->dbh->query("UPDATE ttrss_labels2 SET
- caption = '$caption' WHERE id = '$id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
+ caption = ? WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */
- $old_caption = $this->dbh->escape_string($old_caption);
-
- $this->dbh->query("UPDATE ttrss_filters2_actions SET
- action_param = '$caption' WHERE action_param = '$old_caption'
+ $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
+ action_param = ? WHERE action_param = ?
AND action_id = 7
- AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
+ AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
+
+ $sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"];
} else {
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
- return;
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]);
}
function add() {
- $caption = $this->dbh->escape_string($_REQUEST["caption"]);
- $output = $this->dbh->escape_string($_REQUEST["output"]);
+ $caption = $_REQUEST["caption"];
+ $output = $_REQUEST["output"];
if ($caption) {
foreach (array_keys($_POST) as $pref_name) {
- $pref_name = $this->dbh->escape_string($pref_name);
- $value = $this->dbh->escape_string($_POST[$pref_name]);
+ $pref_name = $pref_name;
+ $value = $_POST[$pref_name];
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref('DIGEST_PREFERRED_TIME') != $value) {
- $this->dbh->query("UPDATE ttrss_users SET
- last_digest_sent = NULL WHERE id = " . $_SESSION['uid']);
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET
+ last_digest_sent = NULL WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
}
}
function changeemail() {
- $email = $this->dbh->escape_string($_POST["email"]);
- $full_name = $this->dbh->escape_string($_POST["full_name"]);
-
+ $email = $_POST["email"];
+ $full_name = $_POST["full_name"];
$active_uid = $_SESSION["uid"];
- $this->dbh->query("UPDATE ttrss_users SET email = '$email',
- full_name = '$full_name' WHERE id = '$active_uid'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET email = ?,
+ full_name = ? WHERE id = ?");
+ $sth->execute([$email, $full_name, $active_uid]);
print __("Your personal data has been saved.");
$_SESSION["prefs_op_result"] = "reset-to-defaults";
- if ($_SESSION["profile"]) {
- $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
- } else {
- $profile_qpart = "profile IS NULL";
- }
-
- $this->dbh->query("DELETE FROM ttrss_user_prefs
- WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->query("DELETE FROM ttrss_user_prefs
+ WHERE (profile = :profile OR (:profile IS NULL AND profile IS NULL))
+ AND owner_uid = :uid");
+ $sth->execute([":profile" => $_SESSION['profile'], ":uid" => $_SESSION['uid']]);
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
print "<h2>" . __("Personal data") . "</h2>";
- $result = $this->dbh->query("SELECT email,full_name,otp_enabled,
+ $sth = $this->pdo->prepare("SELECT email,full_name,otp_enabled,
access_level FROM ttrss_users
- WHERE id = ".$_SESSION["uid"]);
+ WHERE id = ?");
+ $sth->execute([$_SESSION["uid"]]);
+ $row = $sth->fetch();
- $email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email"));
- $full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name"));
- $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
+ $email = htmlspecialchars($row["email"]);
+ $full_name = htmlspecialchars($row["full_name"]);
+ $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
- $access_level = $this->dbh->fetch_result($result, 0, "access_level");
+ $access_level = $row["access_level"];
print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "<div style='display : none' id='pwd_change_infobox'></div>";
- $result = $this->dbh->query("SELECT id FROM ttrss_users
- WHERE id = ".$_SESSION["uid"]." AND pwd_hash
- = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
-
- if ($this->dbh->num_rows($result) != 0) {
- print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
- }
-
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
if ($_SESSION["profile"]) {
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
- $profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($_SESSION["uid"]);
- $profile_qpart = "profile IS NULL";
}
- /* if ($_SESSION["prefs_show_advanced"])
- $access_query = "true";
- else
- $access_query = "(access_level = 0 AND section_id != 3)"; */
-
- $access_query = 'true';
-
- $result = $this->dbh->query("SELECT DISTINCT
+ $sth = $this->pdo->prepare("SELECT DISTINCT
ttrss_user_prefs.pref_name,value,type_name,
ttrss_prefs_sections.order_id,
def_value,section_id
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
WHERE type_id = ttrss_prefs_types.id AND
- $profile_qpart AND
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL)) AND
section_id = ttrss_prefs_sections.id AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
- $access_query AND
- owner_uid = ".$_SESSION["uid"]."
+ owner_uid = :uid
ORDER BY ttrss_prefs_sections.order_id,pref_name");
+ $sth->execute([":uid" => $_SESSION['uid'], ":profile" => $_SESSION['profile']]);
$lnum = 0;
$listed_boolean_prefs = array();
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
- $result = $this->dbh->query("SELECT login,salt,otp_enabled
+ $sth = $this->pdo->prepare("SELECT login,salt,otp_enabled
FROM ttrss_users
- WHERE id = ".$_SESSION["uid"]);
+ WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
- $base32 = new Base32();
+ if ($row = $sth->fetch()) {
- $login = $this->dbh->fetch_result($result, 0, "login");
- $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
+ $base32 = new Base32();
- if (!$otp_enabled) {
- $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
- print QRcode::png("otpauth://totp/".urlencode($login).
- "?secret=$secret&issuer=".urlencode("Tiny Tiny RSS"));
+ $login = $row["login"];
+ $otp_enabled = sql_bool_to_bool($row["otp_enabled"]);
+ if (!$otp_enabled) {
+ $secret = $base32->encode(sha1($row["salt"]));
+
+ QRcode::png("otpauth://totp/".urlencode($login).
+ "?secret=$secret&issuer=".urlencode("Tiny Tiny RSS"));
+
+ }
}
}
if ($authenticator->check_password($_SESSION["uid"], $password)) {
- $result = $this->dbh->query("SELECT salt
+ $sth = $this->pdo->query("SELECT salt
FROM ttrss_users
- WHERE id = ".$_SESSION["uid"]);
+ WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
- $base32 = new Base32();
+ if ($row = $sth->fetch()) {
- $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
- $topt = new \OTPHP\TOTP($secret);
+ $base32 = new Base32();
- $otp_check = $topt->now();
+ $secret = $base32->encode(sha1($row["salt"]));
+ $topt = new \OTPHP\TOTP($secret);
- if ($otp == $otp_check) {
- $this->dbh->query("UPDATE ttrss_users SET otp_enabled = true WHERE
- id = " . $_SESSION["uid"]);
+ $otp_check = $topt->now();
- print "OK";
- } else {
- print "ERROR:".__("Incorrect one time password");
+ if ($otp == $otp_check) {
+ $sth = $this->pdo->prepare("UPDATE ttrss_users
+ SET otp_enabled = true WHERE id = ?");
+
+ $sth->execute([$_SESSION['uid']]);
+
+ print "OK";
+ } else {
+ print "ERROR:".__("Incorrect one time password");
+ }
}
+
} else {
print "ERROR:".__("Incorrect password");
}
}
function otpdisable() {
- $password = $this->dbh->escape_string($_REQUEST["password"]);
+ $password = $_REQUEST["password"];
$authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
- $this->dbh->query("UPDATE ttrss_users SET otp_enabled = false WHERE
- id = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET otp_enabled = false WHERE
+ id = ?");
+ $sth->execute([$_SESSION['uid']]);
print "OK";
} else {
}
function clearplugindata() {
- $name = $this->dbh->escape_string($_REQUEST["name"]);
+ $name = $_REQUEST["name"];
PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name));
}
print "</div>";
- $result = $this->dbh->query("SELECT title,id FROM ttrss_settings_profiles
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
+ $sth = $this->pdo->prepare("SELECT title,id FROM ttrss_settings_profiles
+ WHERE owner_uid = ? ORDER BY title");
+ $sth->execute([$_SESSION['uid']]);
print "<div class=\"prefProfileHolder\">";
$lnum = 1;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$profile_id = $line["id"];
$this_row_id = "id=\"FCATR-$profile_id\"";
}
function clearLog() {
- $this->dbh->query("DELETE FROM ttrss_error_log");
+ $this->pdo->query("DELETE FROM ttrss_error_log");
}
function index() {
if (LOG_DESTINATION == "sql") {
- $result = $this->dbh->query("SELECT errno, errstr, filename, lineno,
+ $res = $this->pdo->query("SELECT errno, errstr, filename, lineno,
created_at, login, context FROM ttrss_error_log
LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id)
ORDER BY ttrss_error_log.id DESC
<td width='5%'>".__("Date")."</td>
</tr>";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
print "<tr class=\"errrow\">";
foreach ($line as $k => $v) {
print "<form id=\"user_edit_form\" onsubmit='return false' dojoType=\"dijit.form.Form\">";
- $id = (int) $this->dbh->escape_string($_REQUEST["id"]);
+ $id = (int) $_REQUEST["id"];
print_hidden("id", "$id");
print_hidden("op", "pref-users");
print_hidden("method", "editSave");
- $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_users WHERE id = ?");
+ $sth->execute([$id]);
- $login = $this->dbh->fetch_result($result, 0, "login");
- $access_level = $this->dbh->fetch_result($result, 0, "access_level");
- $email = $this->dbh->fetch_result($result, 0, "email");
+ if ($row = $sth->fetch()) {
- $sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : "";
+ $login = $row["login"];
+ $access_level = $row["access_level"];
+ $email = $row["email"];
- print "<div class=\"dlgSec\">".__("User")."</div>";
- print "<div class=\"dlgSecCont\">";
+ $sel_disabled = ($id == $_SESSION["uid"] || $login == "admin") ? "disabled" : "";
- if ($sel_disabled) {
- print_hidden("login", "$login");
- }
+ print "<div class=\"dlgSec\">".__("User")."</div>";
+ print "<div class=\"dlgSecCont\">";
- print "<input size=\"30\" style=\"font-size : 16px\"
- dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
- $sel_disabled
- name=\"login\" value=\"$login\">";
+ if ($sel_disabled) {
+ print_hidden("login", "$login");
+ }
- print "</div>";
+ print "<input size=\"30\" style=\"font-size : 16px\"
+ dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
+ $sel_disabled
+ name=\"login\" value=\"$login\">";
- print "<div class=\"dlgSec\">".__("Authentication")."</div>";
- print "<div class=\"dlgSecCont\">";
+ print "</div>";
- print __('Access level: ') . " ";
+ print "<div class=\"dlgSec\">".__("Authentication")."</div>";
+ print "<div class=\"dlgSecCont\">";
- if (!$sel_disabled) {
- print_select_hash("access_level", $access_level, $access_level_names,
- "dojoType=\"dijit.form.Select\" $sel_disabled");
- } else {
- print_select_hash("", $access_level, $access_level_names,
- "dojoType=\"dijit.form.Select\" $sel_disabled");
- print_hidden("access_level", "$access_level");
- }
+ print __('Access level: ') . " ";
+
+ if (!$sel_disabled) {
+ print_select_hash("access_level", $access_level, $access_level_names,
+ "dojoType=\"dijit.form.Select\" $sel_disabled");
+ } else {
+ print_select_hash("", $access_level, $access_level_names,
+ "dojoType=\"dijit.form.Select\" $sel_disabled");
+ print_hidden("access_level", "$access_level");
+ }
- print "<hr/>";
+ print "<hr/>";
- print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" placeholder=\"Change password\"
+ print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" size=\"20\" placeholder=\"Change password\"
name=\"password\">";
- print "</div>";
+ print "</div>";
- print "<div class=\"dlgSec\">".__("Options")."</div>";
- print "<div class=\"dlgSecCont\">";
+
print "<div class=\"dlgSec\">".__("Options")."</div>";
+
print "<div class=\"dlgSecCont\">";
- print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" placeholder=\"E-mail\"
+ print "<input dojoType=\"dijit.form.TextBox\" size=\"30\" name=\"email\" placeholder=\"E-mail\"
value=\"$email\">";
- print "</div>";
+ print "</div>";
- print "</table>";
+ print "</table>";
- print "</form>";
+ print "</form>";
+
+ }
print '</div>'; #tab
print "<div href=\"backend.php?op=pref-users&method=userdetails&id=$id\"
}
function userdetails() {
- $id = (int) $this->dbh->escape_string($_REQUEST["id"]);
+ $id = (int) $_REQUEST["id"];
- $result = $this->dbh->query("SELECT login,
+ $sth = $this->pdo->prepare("SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries
WHERE owner_uid = id) AS stored_articles,
".SUBSTRING_FOR_DATE."(created,1,16) AS created
FROM ttrss_users
- WHERE id = '$id'");
+ WHERE id = ?");
+ $sth->execute([$id]);
- if ($this->dbh->num_rows($result) == 0) {
- print "<h1>".__('User not found')."</h1>";
- return;
- }
+ if ($row = $sth->fetch()) {
+ print "<table width='100%'>";
- print "<table width='100%'>";
+ $last_login = make_local_datetime(
+ $row["last_login"], true);
- $last_login = make_local_datetime(
- $this->dbh->fetch_result($result, 0, "last_login"), true);
+ $created = make_local_datetime(
+ $row["created"], true);
- $created = make_local_datetime(
- $this->dbh->fetch_result($result, 0, "created"), true);
+ $stored_articles = $row["stored_articles"];
- $stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
+ print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
+ print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
- print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
- print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
+ $sth = $this->pdo->prepare("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
+ WHERE owner_uid = ?");
+ $sth->execute([$id]);
+ $row = $sth->fetch();
+ $num_feeds = $row["num_feeds"];
- $result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
- WHERE owner_uid = '$id'");
+ print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
+ print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
- $num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
+ print "</table>";
- print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
- print "<tr><td>".__('Stored articles')."</td><td>$stored_articles</td></tr>";
+ print "<h1>".__('Subscribed feeds')."</h1>";
- print "</table>";
+ $sth = $this->pdo->prepare("SELECT id,title,site_url FROM ttrss_feeds
+ WHERE owner_uid = ? ORDER BY title");
+ $sth->execute([$id]);
- print "<h1>".__('Subscribed feeds')."</h1>";
+ print "<ul class=\"userFeedList\">";
- $result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
- WHERE owner_uid = '$id' ORDER BY title");
+ while ($line = $sth->fetch()) {
- print "<ul class=\"userFeedList\">";
+ $icon_file = ICONS_URL."/".$line["id"].".ico";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ if (file_exists($icon_file) && filesize($icon_file) > 0) {
+ $feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
+ } else {
+ $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
+ }
- $icon_file = ICONS_URL."/".$line["id"].".ico";
+ print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
- if (file_exists($icon_file) && filesize($icon_file) > 0) {
- $feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
- } else {
- $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
}
- print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
-
- }
-
- if ($this->dbh->num_rows($result) < $num_feeds) {
- // FIXME - add link to show ALL subscribed feeds here somewhere
- print "<li><img
- class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\"> ...</li>";
+ print "</ul>";
+
+
+ } else {
+ print "<h1>".__('User not found')."</h1>";
}
-
- print "</ul>";
+
}
function editSave() {
- $login = $this->dbh->escape_string(trim($_REQUEST["login"]));
- $uid = $this->dbh->escape_string($_REQUEST["id"]);
+ $login = trim($_REQUEST["login"]);
+ $uid = $_REQUEST["id"];
$access_level = (int) $_REQUEST["access_level"];
- $email = $this->dbh->escape_string(trim($_REQUEST["email"]));
+ $email = trim($_REQUEST["email"]);
$password = $_REQUEST["password"];
if ($password) {
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
- $pass_query_part = "pwd_hash = '$pwd_hash', salt = '$salt',";
+ $pass_query_part = "pwd_hash = ".$this->pdo->quote($pwd_hash).",
+ salt = ".$this->pdo->quote($salt).",";
} else {
$pass_query_part = "";
}
- $this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
- access_level = '$access_level', email = '$email', otp_enabled = false
- WHERE id = '$uid'");
+ $sth = $this->pdo->prepare("UPDATE ttrss_users SET $pass_query_part login = ?,
+ access_level = ?, email = ?, otp_enabled = false WHERE id = ?");
+ $sth->execute([$login, $access_level, $email, $uid]);
}
function remove() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
- $this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
- $this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
- $this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_tags WHERE owner_uid = ?");
+ $sth->execute([$id]);
+
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$id]);
+
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_users WHERE id = ?");
+ $sth->execute([$id]);
}
}
}
function add() {
- $login = $this->dbh->escape_string(trim($_REQUEST["login"]));
+ $login = trim($_REQUEST["login"]);
$tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
- login = '$login'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+ login = ?");
+ $sth->execute([$login]);
- if ($this->dbh->num_rows($result) == 0) {
+ if (!$sth->fetch()) {
- $this->dbh->query("INSERT INTO ttrss_users
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt)
- VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
-
+ VALUES (?, ?, 0, null, NOW(), ?)");
+ $sth->execute([$login, $pwd_hash, $salt]);
- $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
- login = '$login' AND pwd_hash = '$pwd_hash'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_users WHERE
+ login = ? AND pwd_hash = ?");
+ $sth->execute([$login, $pwd_hash]);
- if ($this->dbh->num_rows($result) == 1) {
+ if ($row = $sth->fetch()) {
- $new_uid = $this->dbh->fetch_result($result, 0, "id");
+ $new_uid = $row['id'];
print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd));
static function resetUserPassword($uid, $show_password) {
- $result = db_query("SELECT login,email
- FROM ttrss_users WHERE id = '$uid'");
+ $pdo = Db::pdo();
- $login = db_fetch_result($result, 0, "login");
- $email = db_fetch_result($result, 0, "email");
+ $sth = $pdo->prepare("SELECT login, email
+ FROM ttrss_users WHERE id = ?");
+ $sth->execute([$uid]);
+
+ if ($row = $sth->fetch()) {
- $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
- $tmp_user_pwd = make_password(8);
+ $login = $row["login"];
+ $email = $row["email"];
- $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
+ $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+ $tmp_user_pwd = make_password(8);
- db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt', otp_enabled = false
- WHERE id = '$uid'");
+ $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
- if ($show_password) {
- print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
- } else {
- print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
- }
+ $sth = $pdo->prepare("UPDATE ttrss_users
+ SET pwd_hash = ?, salt = ?, otp_enabled = false
+ WHERE id = ?");
+ $sth->execute([$pwd_hash, $new_salt, $uid]);
- require_once 'classes/ttrssmailer.php';
+ if ($show_password) {
+ print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
+ } else {
+ print_notice(T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email));
+ }
+
+ require_once 'classes/ttrssmailer.php';
- if ($email) {
- require_once "lib/MiniTemplator.class.php";
+ if ($email) {
+ require_once "lib/MiniTemplator.class.php";
- $tpl = new MiniTemplator;
+ $tpl = new MiniTemplator;
- $tpl->readTemplateFromFile("templates/resetpass_template.txt");
+ $tpl->readTemplateFromFile("templates/resetpass_template.txt");
- $tpl->setVariable('LOGIN', $login);
- $tpl->setVariable('NEWPASS', $tmp_user_pwd);
+ $tpl->setVariable('LOGIN', $login);
+ $tpl->setVariable('NEWPASS', $tmp_user_pwd);
- $tpl->addBlock('message');
+ $tpl->addBlock('message');
- $message = "";
+ $message = "";
- $tpl->generateOutputToString($message);
+ $tpl->generateOutputToString($message);
- $mail = new ttrssMailer();
+ $mail = new ttrssMailer();
- $rc = $mail->quickMail($email, $login,
- __("[tt-rss] Password change notification"),
- $message, false);
+ $rc = $mail->quickMail($email, $login,
+ __("[tt-rss] Password change notification"),
+ $message, false);
- if (!$rc) print_error($mail->ErrorInfo);
+ if (!$rc) print_error($mail->ErrorInfo);
+ }
+
}
}
function resetPass() {
- $uid = $this->dbh->escape_string($_REQUEST["id"]);
+ $uid = $_REQUEST["id"];
Pref_Users::resetUserPassword($uid, true);
}
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
- $user_search = $this->dbh->escape_string($_REQUEST["search"]);
+ $user_search = trim($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
__('Search')."</button>
</div>";
- $sort = $this->dbh->escape_string($_REQUEST["sort"]);
+ $sort = $_REQUEST["sort"];
if (!$sort || $sort == "undefined") {
$sort = "login";
print "<div id=\"sticky-status-msg\"></div>";
- if ($user_search) {
-
- $user_search = explode(" ", $user_search);
- $tokens = array();
-
- foreach ($user_search as $token) {
- $token = trim($token);
- array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
- }
-
- $user_search_query = "(" . join($tokens, " AND ") . ") AND ";
-
- } else {
- $user_search_query = "";
- }
-
- $result = $this->dbh->query("SELECT
+ $sth = $this->pdo->prepare("SELECT
tu.id,
login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
FROM
ttrss_users tu
WHERE
- $user_search_query
- tu.id > 0
- ORDER BY $sort");
-
- if ($this->dbh->num_rows($result) > 0) {
+ (:search = '' OR login LIKE :search) AND tu.id > 0
+ ORDER BY :sort");
+ $sth->execute([":search" => $user_search ? "%$user_search%" : "", ":sort" => $sort]);
print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">";
$lnum = 0;
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$uid = $line["id"];
print "</table>";
- } else {
- print "<p>";
+ if ($lnum == 0) {
if (!$user_search) {
print_warning(__('No users defined.'));
} else {
print_warning(__('No matching users found.'));
}
- print "</p>";
-
}
print "</div>"; #pane
class RPC extends Handler_Protected {
function csrf_ignore($method) {
- $csrf_ignored = array("sanitycheck", "completelabels");
+ $csrf_ignored = array("sanitycheck", "completelabels", "saveprofile");
return array_search($method, $csrf_ignored) !== false;
}
function setprofile() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
+ $_SESSION["profile"] = $_REQUEST["id"];
- $_SESSION["profile"] = $id;
+ // default value
+ if (!$_SESSION["profile"]) $_SESSION["profile"] = null;
}
function remprofiles() {
- $ids = explode(",", $this->dbh->escape_string(trim($_REQUEST["ids"])));
+ $ids = explode(",", trim($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) {
- $this->dbh->query("DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
- owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_settings_profiles WHERE id = ? AND
+ owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
}
}
}
// Silent
function addprofile() {
- $title = $this->dbh->escape_string(trim($_REQUEST["title"]));
+ $title = trim($_REQUEST["title"]);
+
if ($title) {
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles
+ WHERE title = ? AND owner_uid = ?");
+ $sth->execute([$title, $_SESSION['uid']]);
- $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
- WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
+ if (!$sth->fetch()) {
- if ($this->dbh->num_rows($result) == 0) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_settings_profiles (title, owner_uid)
+ VALUES (?, ?)");
- $this->dbh->query("INSERT INTO ttrss_settings_profiles (title, owner_uid)
- VALUES ('$title', ".$_SESSION["uid"] .")");
+ $sth->execute([$title, $_SESSION['uid']]);
- $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles WHERE
- title = '$title'");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_settings_profiles WHERE
+ title = ? AND owner_uid = ?");
+ $sth->execute([$title, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
- $profile_id = $this->dbh->fetch_result($result, 0, "id");
+ if ($row = $sth->fetch()) {
+ $profile_id = $row['id'];
if ($profile_id) {
initialize_user_prefs($_SESSION["uid"], $profile_id);
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
}
- // Silent
function saveprofile() {
- $id = $this->dbh->escape_string($_REQUEST["id"]);
- $title = $this->dbh->escape_string(trim($_REQUEST["value"]));
+ $id = $_REQUEST["id"];
+ $title = trim($_REQUEST["value"]);
if ($id == 0) {
print __("Default profile");
}
if ($title) {
- $this->dbh->query("BEGIN");
+ $sth = $this->pdo->prepare("UPDATE ttrss_settings_profiles
+ SET title = ? WHERE id = ? AND
+ owner_uid = ?");
- $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
- WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 0) {
- $this->dbh->query("UPDATE ttrss_settings_profiles
- SET title = '$title' WHERE id = '$id' AND
- owner_uid = " . $_SESSION["uid"]);
- print $title;
- } else {
- $result = $this->dbh->query("SELECT title FROM ttrss_settings_profiles
- WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
- print $this->dbh->fetch_result($result, 0, "title");
- }
-
- $this->dbh->query("COMMIT");
+ $sth->execute([$title, $id, $_SESSION['uid']]);
+ print $title;
}
}
// Silent
function remarchive() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
- foreach ($ids as $id) {
- $result = $this->dbh->query("DELETE FROM ttrss_archived_feeds WHERE
- (SELECT COUNT(*) FROM ttrss_user_entries
- WHERE orig_feed_id = '$id') = 0 AND
- id = '$id' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_archived_feeds WHERE
+ (SELECT COUNT(*) FROM ttrss_user_entries
+ WHERE orig_feed_id = :id) = 0 AND
+ id = :id AND owner_uid = :uid");
- $this->dbh->affected_rows($result);
+ foreach ($ids as $id) {
+ $sth->execute([":id" => $id, ":uid" => $_SESSION['uid']]);
}
}
function addfeed() {
- $feed = $this->dbh->escape_string($_REQUEST['feed']);
- $cat = $this->dbh->escape_string($_REQUEST['cat']);
- $login = $this->dbh->escape_string($_REQUEST['login']);
- $pass = trim($_REQUEST['pass']); // escaped later
+ $feed = $_REQUEST['feed'];
+ $cat = $_REQUEST['cat'];
+ $login = $_REQUEST['login'];
+ $pass = trim($_REQUEST['pass']);
$rc = Feeds::subscribe_to_feed($feed, $cat, $login, $pass);
}
function togglepref() {
- $key = $this->dbh->escape_string($_REQUEST["key"]);
+ $key = $_REQUEST["key"];
set_pref($key, !get_pref($key));
$value = get_pref($key);
function mark() {
$mark = $_REQUEST["mark"];
- $id = $this->dbh->escape_string($_REQUEST["id"]);
-
- if ($mark == "1") {
- $mark = "true";
- } else {
- $mark = "false";
- }
+ $id = $_REQUEST["id"];
- $this->dbh->query("UPDATE ttrss_user_entries SET marked = $mark,
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET marked = ?,
last_marked = NOW()
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ WHERE ref_id = ? AND owner_uid = ?");
+
+ $sth->execute([$mark, $id, $_SESSION['uid']]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function delete() {
- $ids = $this->dbh->escape_string($_REQUEST["ids"]);
+ $ids = explode(",", $_REQUEST["ids"]);
+ $ids_qmarks = arr_qmarks($ids);
- $this->dbh->query("DELETE FROM ttrss_user_entries
- WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("DELETE FROM ttrss_user_entries
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
+ $sth->execute(array_merge($ids, [$_SESSION['uid']]));
Article::purge_orphans();
$ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
- $id = $this->dbh->escape_string(trim($id));
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
- $result = $this->dbh->query("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
- WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = $id
- AND owner_uid = ".$_SESSION["uid"].") AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
+ WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = :id
+ AND owner_uid = :uid) AND owner_uid = :uid");
+ $sth->execute([":uid" => $_SESSION['uid'], ":id" => $id]);
- if ($this->dbh->num_rows($result) != 0) {
- $feed_url = $this->dbh->escape_string(db_fetch_result($result, 0, "feed_url"));
- $site_url = $this->dbh->escape_string(db_fetch_result($result, 0, "site_url"));
- $title = $this->dbh->escape_string(db_fetch_result($result, 0, "title"));
+ if ($row = $sth->fetch()) {
+ $feed_url = $row['feed_url'];
+ $site_url = $row['site_url'];
+ $title = $row['title'];
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
- AND owner_uid = " .$_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 0) {
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
+ AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
+ if ($row = $sth->fetch()) {
+ $feed_id = $row["id"];
+ } else {
if (!$title) $title = '[Unknown]';
- $result = $this->dbh->query(
- "INSERT INTO ttrss_feeds
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(owner_uid,feed_url,site_url,title,cat_id,auth_login,auth_pass,update_method)
- VALUES (".$_SESSION["uid"].",
- '$feed_url',
- '$site_url',
- '$title',
- NULL, '', '', 0)");
-
- $result = $this->dbh->query(
- "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
- AND owner_uid = ".$_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) != 0) {
- $feed_id = $this->dbh->fetch_result($result, 0, "id");
- }
+ VALUES (?, ?, ?, ?, NULL, '', '', 0)");
+ $sth->execute([$_SESSION['uid'], $feed_url, $site_url, $title]);
- } else {
- $feed_id = $this->dbh->fetch_result($result, 0, "id");
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE feed_url = ?
+ AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
+
+ if ($row = $sth->fetch()) {
+ $feed_id = $row['id'];
+ }
}
if ($feed_id) {
- $result = $this->dbh->query("UPDATE ttrss_user_entries
- SET feed_id = '$feed_id', orig_feed_id = NULL
- WHERE ref_id = $id AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
+ SET feed_id = ?, orig_feed_id = NULL
+ WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $id, $_SESSION['uid']]);
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function archive() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
$this->archive_article($id, $_SESSION["uid"]);
}
private function archive_article($id, $owner_uid) {
- $this->dbh->query("BEGIN");
+ $this->pdo->beginTransaction();
+
+ if (!$owner_uid) $owner_uid = $_SESSION['uid'];
- $result = $this->dbh->query("SELECT feed_id FROM ttrss_user_entries
- WHERE ref_id = '$id' AND owner_uid = $owner_uid");
+ $sth = $this->pdo->prepare("SELECT feed_id FROM ttrss_user_entries
+ WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$id, $owner_uid]);
- if ($this->dbh->num_rows($result) != 0) {
+ if ($row = $sth->fetch()) {
/* prepare the archived table */
- $feed_id = (int) $this->dbh->fetch_result($result, 0, "feed_id");
+ $feed_id = (int) $row['feed_id'];
if ($feed_id) {
- $result = $this->dbh->query("SELECT id FROM ttrss_archived_feeds
- WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_archived_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$feed_id, $owner_uid]);
- if ($this->dbh->num_rows($result) == 0) {
- $result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
- $new_feed_id = (int)db_fetch_result($result, 0, "id") + 1;
+ if ($row = $sth->fetch()) {
+ $new_feed_id = $row['id'];
+ } else {
+ $row = $this->pdo->query("SELECT MAX(id) AS id FROM ttrss_archived_feeds")->fetch();
+ $new_feed_id = (int)$row['id'] + 1;
- $this->dbh->query("INSERT INTO ttrss_archived_feeds
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_archived_feeds
(id, owner_uid, title, feed_url, site_url)
- SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds
- WHERE id = '$feed_id'");
- } else {
- $new_feed_id = $this->dbh->fetch_result($result, 0, "id");
+ SELECT ?, owner_uid, title, feed_url, site_url from ttrss_feeds
+ WHERE id = ?");
+
+ $sth->execute([$new_feed_id, $feed_id]);
}
- $this->dbh->query("UPDATE ttrss_user_entries
- SET orig_feed_id = $new_feed_id, feed_id = NULL
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries
+ SET orig_feed_id = ?, feed_id = NULL
+ WHERE ref_id = ? AND owner_uid = ?");
+ $sth->execute([$new_feed_id, $id, $owner_uid]);
}
}
- $this->dbh->query("COMMIT");
+ $this->pdo->commit();
}
function publ() {
$pub = $_REQUEST["pub"];
- $id = $this->dbh->escape_string($_REQUEST["id"]);
+ $id = $_REQUEST["id"];
- if ($pub == "1") {
- $pub = "true";
- } else {
- $pub = "false";
- }
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ published = ?, last_published = NOW()
+ WHERE ref_id = ? AND owner_uid = ?");
- $this->dbh->query("UPDATE ttrss_user_entries SET
- published = $pub, last_published = NOW()
- WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
+ $sth->execute([$pub, $id, $_SESSION['uid']]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
function catchupSelected() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
+ $ids = explode(",", $_REQUEST["ids"]);
$cmode = sprintf("%d", $_REQUEST["cmode"]);
Article::catchupArticlesById($ids, $cmode);
}
function markSelected() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
- $cmode = sprintf("%d", $_REQUEST["cmode"]);
+ $ids = explode(",", $_REQUEST["ids"]);
+ $cmode = (int)$_REQUEST["cmode"];
$this->markArticlesById($ids, $cmode);
}
function publishSelected() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
- $cmode = sprintf("%d", $_REQUEST["cmode"]);
+ $ids = explode(",", $_REQUEST["ids"]);
+ $cmode = (int)$_REQUEST["cmode"];
$this->publishArticlesById($ids, $cmode);
}
function completeLabels() {
- $search = $this->dbh->escape_string($_REQUEST["search"]);
+ $search = $_REQUEST["search"];
- $result = $this->dbh->query("SELECT DISTINCT caption FROM
+ $sth = $this->pdo->query("SELECT DISTINCT caption FROM
ttrss_labels2
- WHERE owner_uid = '".$_SESSION["uid"]."' AND
- LOWER(caption) LIKE LOWER('$search%') ORDER BY caption
+ WHERE owner_uid = ? AND
+ LOWER(caption) LIKE LOWER(?) ORDER BY caption
LIMIT 5");
+ $sth->execute([$_SESSION['uid'], "%$search%"]);
print "<ul>";
- while ($line = $this->dbh->fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
print "<li>" . $line["caption"] . "</li>";
}
print "</ul>";
}
- function purge() {
- $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
- $days = sprintf("%d", $_REQUEST["days"]);
-
- foreach ($ids as $id) {
-
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- id = '$id' AND owner_uid = ".$_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 1) {
- purge_feed($id, $days);
- }
- }
- }
-
function updateFeedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $search = $this->dbh->escape_string($_REQUEST["search"]);
- $limit = $this->dbh->escape_string($_REQUEST["limit"]);
- $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);
+ $search = $_REQUEST["search"];
+ $limit = $_REQUEST["limit"];
+ $mode = (int) $_REQUEST["mode"];
require_once "feedbrowser.php";
if ($mode == 1) {
foreach ($payload as $feed) {
- $title = $this->dbh->escape_string($feed[0]);
- $feed_url = $this->dbh->escape_string($feed[1]);
+ $title = $feed[0];
+ $feed_url = $feed[1];
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) == 0) {
- $result = $this->dbh->query("INSERT INTO ttrss_feeds
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
- VALUES ('".$_SESSION["uid"]."',
- '$feed_url', '$title', NULL, '')");
+ VALUES (?, ?, ?, NULL, '')");
+
+ $sth->execute([$_SESSION['uid'], $feed_url, $title]);
}
}
} else if ($mode == 2) {
// feed archive
foreach ($payload as $id) {
- $result = $this->dbh->query("SELECT * FROM ttrss_archived_feeds
- WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) != 0) {
- $site_url = $this->dbh->escape_string(db_fetch_result($result, 0, "site_url"));
- $feed_url = $this->dbh->escape_string(db_fetch_result($result, 0, "feed_url"));
- $title = $this->dbh->escape_string(db_fetch_result($result, 0, "title"));
-
- $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
- feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 0) {
- $result = $this->dbh->query("INSERT INTO ttrss_feeds
- (owner_uid,feed_url,title,cat_id,site_url)
- VALUES ('".$_SESSION["uid"]."',
- '$feed_url', '$title', NULL, '$site_url')");
+ $sth = $this->pdo->prepare("SELECT * FROM ttrss_archived_feeds
+ WHERE id = ? AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
+
+ if ($row = $sth->fetch()) {
+ $site_url = $row['site_url'];
+ $feed_url = $row['feed_url'];
+ $title = $row['title'];
+
+ $sth = $this->pdo->prepare("SELECT id FROM ttrss_feeds WHERE
+ feed_url = ? AND owner_uid = ?");
+ $sth->execute([$feed_url, $_SESSION['uid']]);
+
+ if (!$sth->fetch()) {
+ $sth = $this->pdo->prepare("INSERT INTO ttrss_feeds
+ (owner_uid,feed_url,title,cat_id,site_url)
+ VALUES (?, ?, ?, NULL, ?)");
+
+ $sth->execute([$_SESSION['uid'], $feed_url, $title, $site_url]);
}
}
}
}
function catchupFeed() {
- $feed_id = $this->dbh->escape_string($_REQUEST['feed_id']);
- $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
- $mode = $this->dbh->escape_string($_REQUEST['mode']);
- $search_query = $this->dbh->escape_string($_REQUEST['search_query']);
- $search_lang = $this->dbh->escape_string($_REQUEST['search_lang']);
+ $feed_id = $_REQUEST['feed_id'];
+ $is_cat = $_REQUEST['is_cat'] == "true";
+ $mode = $_REQUEST['mode'];
+ $search_query = $_REQUEST['search_query'];
+ $search_lang = $_REQUEST['search_lang'];
Feeds::catchup_feed($feed_id, $is_cat, false, $mode, [$search_query, $search_lang]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
- function quickAddCat() {
- $cat = $this->dbh->escape_string($_REQUEST["cat"]);
-
- add_feed_category($cat);
-
- $result = $this->dbh->query("SELECT id FROM ttrss_feed_categories WHERE
- title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
-
- if ($this->dbh->num_rows($result) == 1) {
- $id = $this->dbh->fetch_result($result, 0, "id");
- } else {
- $id = 0;
- }
-
- print_feed_cat_select("cat_id", $id, '');
- }
-
function setpanelmode() {
$wide = (int) $_REQUEST["wide"];
print json_encode(array("wide" => $wide));
}
- static function updaterandomfeed_real($dbh) {
+ static function updaterandomfeed_real() {
// Test if the feed need a update (update interval exceded).
if (DB_TYPE == "pgsql") {
$random_qpart = sql_random_function();
+ $pdo = Db::pdo();
+
// we could be invoked from public.php with no active session
if ($_SESSION["uid"]) {
- $owner_check_qpart = "AND ttrss_feeds.owner_uid = '".$_SESSION["uid"]."'";
+ $owner_check_qpart = "AND ttrss_feeds.owner_uid = ".$pdo->quote($_SESSION["uid"]);
} else {
$owner_check_qpart = "";
}
// We search for feed needing update.
- $result = $dbh->query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
+ $res = $pdo->query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
FROM
ttrss_feeds, ttrss_users, ttrss_user_prefs
WHERE
$updstart_thresh_qpart
ORDER BY $random_qpart LIMIT 30");
- $feed_id = -1;
-
$num_updated = 0;
$tstart = time();
- while ($line = $dbh->fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$feed_id = $line["id"];
if (time() - $tstart < ini_get("max_execution_time") * 0.7) {
}
function updaterandomfeed() {
- RPC::updaterandomfeed_real($this->dbh);
+ RPC::updaterandomfeed_real();
}
private function markArticlesById($ids, $cmode) {
- $tmp_ids = array();
-
- foreach ($ids as $id) {
- array_push($tmp_ids, "ref_id = '$id'");
- }
-
- $ids_qpart = join(" OR ", $tmp_ids);
+ $ids_qmarks = arr_qmarks($ids);
if ($cmode == 0) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- marked = false, last_marked = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ marked = false, last_marked = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else if ($cmode == 1) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- marked = true, last_marked = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ marked = true, last_marked = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- marked = NOT marked,last_marked = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ marked = NOT marked,last_marked = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
}
+
+ $sth->execute(array_merge($ids, [$_SESSION['uid']]));
}
private function publishArticlesById($ids, $cmode) {
- $tmp_ids = array();
-
- foreach ($ids as $id) {
- array_push($tmp_ids, "ref_id = '$id'");
- }
-
- $ids_qpart = join(" OR ", $tmp_ids);
+ $ids_qmarks = arr_qmarks($ids);
if ($cmode == 0) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- published = false,last_published = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ published = false, last_published = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else if ($cmode == 1) {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- published = true,last_published = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ published = true, last_published = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
} else {
- $this->dbh->query("UPDATE ttrss_user_entries SET
- published = NOT published,last_published = NOW()
- WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET
+ published = NOT published,last_published = NOW()
+ WHERE ref_id IN ($ids_qmarks) AND owner_uid = ?");
}
+
+ $sth->execute(array_merge($ids, [$_SESSION['uid']]));
}
function getlinktitlebyid() {
- $id = $this->dbh->escape_string($_REQUEST['id']);
+ $id = $_REQUEST['id'];
- $result = $this->dbh->query("SELECT link, title FROM ttrss_entries, ttrss_user_entries
- WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]);
+ $sth = $this->pdo->prepare("SELECT link, title FROM ttrss_entries, ttrss_user_entries
+ WHERE ref_id = ? AND ref_id = id AND owner_uid = ?");
+ $sth->execute([$id, $_SESSION['uid']]);
- if ($this->dbh->num_rows($result) != 0) {
- $link = $this->dbh->fetch_result($result, 0, "link");
- $title = $this->dbh->fetch_result($result, 0, "title");
+ if ($row = $sth->fetch()) {
+ $link = $row['link'];
+ $title = $row['title'];
echo json_encode(array("link" => $link, "title" => $title));
} else {
}
function log() {
- $msg = $this->dbh->escape_string($_REQUEST['msg']);
- $file = $this->dbh->escape_string(basename($_REQUEST['file']));
+ $msg = $_REQUEST['msg'];
+ $file = basename($_REQUEST['file']);
$line = (int) $_REQUEST['line'];
- $context = $this->dbh->escape_string($_REQUEST['context']);
+ $context = $_REQUEST['context'];
if ($msg) {
Logger::get()->log_error(E_USER_WARNING,
static function update_feedbrowser_cache() {
- $result = db_query("SELECT feed_url, site_url, title, COUNT(id) AS subscribers
+ $pdo = Db::pdo();
+
+ $sth = $pdo->query("SELECT feed_url, site_url, title, COUNT(id) AS subscribers
FROM ttrss_feeds WHERE feed_url NOT IN (SELECT feed_url FROM ttrss_feeds
WHERE private IS true OR auth_login != '' OR auth_pass != '' OR feed_url LIKE '%:%@%/%')
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT 1000");
- db_query("BEGIN");
+ $pdo->beginTransaction();
- db_query("DELETE FROM ttrss_feedbrowser_cache");
+ $pdo->query("DELETE FROM ttrss_feedbrowser_cache");
$count = 0;
- while ($line = db_fetch_assoc($result)) {
- $subscribers = db_escape_string($line["subscribers"]);
- $feed_url = db_escape_string($line["feed_url"]);
- $title = db_escape_string($line["title"]);
- $site_url = db_escape_string($line["site_url"]);
+ while ($line = $sth->fetch()) {
+
+ $subscribers = $line["subscribers"];
+ $feed_url = $line["feed_url"];
+ $title = $line["title"];
+ $site_url = $line["site_url"];
- $tmp_result = db_query("SELECT subscribers FROM
- ttrss_feedbrowser_cache WHERE feed_url = '$feed_url'");
+ $tmph = $pdo->prepare("SELECT subscribers FROM
+ ttrss_feedbrowser_cache WHERE feed_url = ?");
+ $tmph->execute([$feed_url]);
- if (db_num_rows($tmp_result) == 0) {
+ if (!$tmph->fetch()) {
- db_query("INSERT INTO ttrss_feedbrowser_cache
- (feed_url, site_url, title, subscribers) VALUES ('$feed_url',
- '$site_url', '$title', '$subscribers')");
+ $tmph = $pdo->prepare("INSERT INTO ttrss_feedbrowser_cache
+ (feed_url, site_url, title, subscribers)
+ VALUES
+ (?, ?, ?, ?)");
+
+ $tmph->execute([$feed_url, $site_url, $title, $subscribers]);
++$count;
}
- db_query("COMMIT");
+ $pdo->commit();
return $count;
die("Schema version is wrong, please upgrade the database.\n");
}
+ $pdo = Db::pdo();
+
if (!SINGLE_USER_MODE && DAEMON_UPDATE_LOGIN_LIMIT > 0) {
if (DB_TYPE == "pgsql") {
$login_thresh_qpart = "AND ttrss_users.last_login >= NOW() - INTERVAL '".DAEMON_UPDATE_LOGIN_LIMIT." days'";
$updstart_thresh_qpart
$query_order $query_limit";
- $result = db_query($query);
-
- if ($debug) _debug(sprintf("Scheduled %d feeds to update...", db_num_rows($result)));
+ $res = $pdo->query($query);
$feeds_to_update = array();
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
array_push($feeds_to_update, $line['feed_url']);
}
+ if ($debug) _debug(sprintf("Scheduled %d feeds to update...", count($feeds_to_update)));
+
// Update last_update_started before actually starting the batch
// in order to minimize collision risk for parallel daemon tasks
if (count($feeds_to_update) > 0) {
- $feeds_quoted = array_map(function ($s) { return "'" . db_escape_string($s) . "'"; }, $feeds_to_update);
+ $feeds_qmarks = arr_qmarks($feeds_to_update);
- db_query(sprintf("UPDATE ttrss_feeds SET last_update_started = NOW()
- WHERE feed_url IN (%s)", implode(',', $feeds_quoted)));
+ $tmph = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
+ WHERE feed_url IN ($feeds_qmarks)");
+ $tmph->execute($feeds_to_update);
}
$nf = 0;
$batch_owners = array();
- foreach ($feeds_to_update as $feed) {
- if($debug) _debug("Base feed: $feed");
-
- //update_rss_feed($line["id"], true);
-
- // since we have the data cached, we can deal with other feeds with the same url
- $tmp_result = db_query("SELECT DISTINCT ttrss_feeds.id,last_updated,ttrss_feeds.owner_uid
+ // since we have the data cached, we can deal with other feeds with the same url
+ $usth = $pdo->prepare("SELECT DISTINCT ttrss_feeds.id,last_updated,ttrss_feeds.owner_uid
FROM ttrss_feeds, ttrss_users, ttrss_user_prefs WHERE
ttrss_user_prefs.owner_uid = ttrss_feeds.owner_uid AND
ttrss_users.id = ttrss_user_prefs.owner_uid AND
ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL' AND
ttrss_user_prefs.profile IS NULL AND
- feed_url = '".db_escape_string($feed)."'
+ feed_url = ?
$update_limit_qpart
$login_thresh_qpart
ORDER BY ttrss_feeds.id $query_limit");
- if (db_num_rows($tmp_result) > 0) {
- while ($tline = db_fetch_assoc($tmp_result)) {
- if ($debug) _debug(" => " . $tline["last_updated"] . ", " . $tline["id"] . " " . $tline["owner_uid"]);
+ foreach ($feeds_to_update as $feed) {
+ if($debug) _debug("Base feed: $feed");
- if (array_search($tline["owner_uid"], $batch_owners) === FALSE)
- array_push($batch_owners, $tline["owner_uid"]);
+ $usth->execute([$feed]);
+ //update_rss_feed($line["id"], true);
- $fstarted = microtime(true);
- RSSUtils::update_rss_feed($tline["id"], true, false);
- _debug_suppress(false);
+ if ($tline = $usth->fetch()) {
+ if ($debug) _debug(" => " . $tline["last_updated"] . ", " . $tline["id"] . " " . $tline["owner_uid"]);
- _debug(sprintf(" %.4f (sec)", microtime(true) - $fstarted));
+ if (array_search($tline["owner_uid"], $batch_owners) === FALSE)
+ array_push($batch_owners, $tline["owner_uid"]);
- ++$nf;
- }
+ $fstarted = microtime(true);
+ RSSUtils::update_rss_feed($tline["id"], true, false);
+ _debug_suppress(false);
+
+ _debug(sprintf(" %.4f (sec)", microtime(true) - $fstarted));
+
+ ++$nf;
}
}
Digest::send_headlines_digests($debug);
return $nf;
-
}
// this is used when subscribing
static function set_basic_feed_info($feed) {
- $feed = db_escape_string($feed);
+ $pdo = Db::pdo();
- $result = db_query("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted
- FROM ttrss_feeds WHERE id = '$feed'");
+ $sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted
+ FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
- $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result,
- 0, "auth_pass_encrypted"));
+ $owner_uid = $row["owner_uid"];
- $auth_login = db_fetch_result($result, 0, "auth_login");
- $auth_pass = db_fetch_result($result, 0, "auth_pass");
+ $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]);
- if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
- }
+ $auth_login = $row["auth_login"];
+ $auth_pass = $row["auth_pass"];
- $fetch_url = db_fetch_result($result, 0, "feed_url");
+ if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
+ require_once "crypt.php";
+ $auth_pass = decrypt_string($auth_pass);
+ }
- $pluginhost = new PluginHost();
- $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
+ $fetch_url = $row["feed_url"];
- $pluginhost->load(PLUGINS, PluginHost::KIND_ALL);
- $pluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid);
- $pluginhost->load_data();
+ $pluginhost = new PluginHost();
+ $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
- $basic_info = array();
- foreach ($pluginhost->get_hooks(PluginHost::HOOK_FEED_BASIC_INFO) as $plugin) {
- $basic_info = $plugin->hook_feed_basic_info($basic_info, $fetch_url, $owner_uid, $feed, $auth_login, $auth_pass);
- }
+ $pluginhost->load(PLUGINS, PluginHost::KIND_ALL);
+ $pluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid);
+ $pluginhost->load_data();
- if (!$basic_info) {
- $feed_data = fetch_file_contents($fetch_url, false,
- $auth_login, $auth_pass, false,
- FEED_FETCH_TIMEOUT,
- 0);
+ $basic_info = array();
+ foreach ($pluginhost->get_hooks(PluginHost::HOOK_FEED_BASIC_INFO) as $plugin) {
+ $basic_info = $plugin->hook_feed_basic_info($basic_info, $fetch_url, $owner_uid, $feed, $auth_login, $auth_pass);
+ }
- global $fetch_curl_used;
+ if (!$basic_info) {
+ $feed_data = fetch_file_contents($fetch_url, false,
+ $auth_login, $auth_pass, false,
+ FEED_FETCH_TIMEOUT,
+ 0);
- if (!$fetch_curl_used) {
- $tmp = @gzdecode($feed_data);
+ global $fetch_curl_used;
- if ($tmp) $feed_data = $tmp;
- }
+ if (!$fetch_curl_used) {
+ $tmp = @gzdecode($feed_data);
- $feed_data = trim($feed_data);
+ if ($tmp) $feed_data = $tmp;
+ }
- $rss = new FeedParser($feed_data);
- $rss->init();
+ $feed_data = trim($feed_data);
- if (!$rss->error()) {
- $basic_info = array(
- 'title' => db_escape_string(mb_substr($rss->get_title(), 0, 199)),
- 'site_url' => db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245))
- );
+ $rss = new FeedParser($feed_data);
+ $rss->init();
+
+ if (!$rss->error()) {
+ $basic_info = array(
+ 'title' => mb_substr($rss->get_title(), 0, 199),
+ 'site_url' => mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245)
+ );
+ }
}
- }
- if ($basic_info && is_array($basic_info)) {
- $result = db_query("SELECT title, site_url FROM ttrss_feeds WHERE id = '$feed'");
+ if ($basic_info && is_array($basic_info)) {
+ $sth = $pdo->prepare("SELECT title, site_url FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
- $registered_title = db_fetch_result($result, 0, "title");
- $orig_site_url = db_fetch_result($result, 0, "site_url");
+ if ($row = $sth->fetch()) {
- if ($basic_info['title'] && (!$registered_title || $registered_title == "[Unknown]")) {
- db_query("UPDATE ttrss_feeds SET
- title = '${basic_info['title']}' WHERE id = '$feed'");
- }
+ $registered_title = $row["title"];
+ $orig_site_url = $row["site_url"];
+
+ if ($basic_info['title'] && (!$registered_title || $registered_title == "[Unknown]")) {
+
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET
+ title = ? WHERE id = ?");
+ $sth->execute([$basic_info['title'], $feed]);
+ }
+
+ if ($basic_info['site_url'] && $orig_site_url != $basic_info['site_url']) {
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET
+ site_url = ? WHERE id = ?");
+ $sth->execute([$basic_info['site_url'], $feed]);
+ }
- if ($basic_info['site_url'] && $orig_site_url != $basic_info['site_url']) {
- db_query("UPDATE ttrss_feeds SET
- site_url = '${basic_info['site_url']}' WHERE id = '$feed'");
+ }
}
}
}
_debug_suppress(!$debug_enabled);
_debug("start", $debug_enabled);
- $result = db_query("SELECT title FROM ttrss_feeds
- WHERE id = '$feed'");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT title FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
- if (db_num_rows($result) == 0) {
+ if (!$row = $sth->fetch()) {
_debug("feed $feed NOT FOUND/SKIPPED", $debug_enabled);
user_error("Attempt to update unknown/invalid feed $feed", E_USER_WARNING);
return false;
}
- $title = db_fetch_result($result, 0, "title");
+ $title = $row["title"];
// feed was batch-subscribed or something, we need to get basic info
// this is not optimal currently as it fetches stuff separately TODO: optimize
RSSUtils::set_basic_feed_info($feed);
}
- $result = db_query("SELECT id,update_interval,auth_login,
+ $sth = $pdo->prepare("SELECT id,update_interval,auth_login,
feed_url,auth_pass,cache_images,
mark_unread_on_update, owner_uid,
auth_pass_encrypted, feed_language,
last_modified,
".SUBSTRING_FOR_DATE."(last_unconditional, 1, 19) AS last_unconditional
- FROM ttrss_feeds WHERE id = '$feed'");
+ FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
+
+ if ($row = $sth->fetch()) {
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
- $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result,
- 0, "mark_unread_on_update"));
- $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result,
- 0, "auth_pass_encrypted"));
+ $owner_uid = $row["owner_uid"];
+ $mark_unread_on_update = sql_bool_to_bool($row["mark_unread_on_update"]);
+ $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]);
- db_query("UPDATE ttrss_feeds SET last_update_started = NOW()
- WHERE id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW()
+ WHERE id = ?");
+ $sth->execute([$feed]);
- $auth_login = db_fetch_result($result, 0, "auth_login");
- $auth_pass = db_fetch_result($result, 0, "auth_pass");
+ $auth_login = $row["auth_login"];
+ $auth_pass = $row["auth_pass"];
- if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
- require_once "crypt.php";
- $auth_pass = decrypt_string($auth_pass);
- }
+ if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) {
+ require_once "crypt.php";
+ $auth_pass = decrypt_string($auth_pass);
+ }
- $stored_last_modified = db_fetch_result($result, 0, "last_modified");
- $last_unconditional = db_fetch_result($result, 0, "last_unconditional");
- $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
- $fetch_url = db_fetch_result($result, 0, "feed_url");
- $feed_language = db_escape_string(mb_strtolower(db_fetch_result($result, 0, "feed_language")));
- if (!$feed_language) $feed_language = 'english';
+ $stored_last_modified = $row["last_modified"];
+ $last_unconditional = $row["last_unconditional"];
+ $cache_images = sql_bool_to_bool($row["cache_images"]);
+ $fetch_url = $row["feed_url"];
+ $feed_language = mb_strtolower($row["feed_language"]);
+ if (!$feed_language) $feed_language = 'english';
- $feed = db_escape_string($feed);
+ } else {
+ return false;
+ }
$date_feed_processed = date('Y-m-d H:i');
_debug("source last modified: " . $fetch_last_modified, $debug_enabled);
if ($feed_data && $fetch_last_modified != $stored_last_modified) {
- $last_modified_escaped = db_escape_string(substr($fetch_last_modified, 0, 245));
-
- db_query("UPDATE ttrss_feeds SET last_modified = '$last_modified_escaped' WHERE id = '$feed'");
-
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_modified = ? WHERE id = ?");
+ $sth->execute([substr($fetch_last_modified, 0, 245), $feed]);
}
// cache vanilla feed data for re-use
_debug("unable to fetch: $fetch_last_error [$fetch_last_error_code]", $debug_enabled);
- $error_escaped = '';
-
// If-Modified-Since
if ($fetch_last_error_code != 304) {
- $error_escaped = db_escape_string($fetch_last_error);
+ $error_message = $fetch_last_error;
} else {
_debug("source claims data not modified, nothing to do.", $debug_enabled);
+ $error_message = "";
}
- db_query(
- "UPDATE ttrss_feeds SET last_error = '$error_escaped',
- last_updated = NOW() WHERE id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_error = ?,
+ last_updated = NOW() WHERE id = ?");
+ $sth->execute([$error_message, $feed]);
return;
}
$rss = new FeedParser($feed_data);
$rss->init();
- $feed = db_escape_string($feed);
+ $feed = $feed;
if (!$rss->error()) {
_debug("language: $feed_language", $debug_enabled);
_debug("processing feed data...", $debug_enabled);
-// db_query("BEGIN");
-
if (DB_TYPE == "pgsql") {
$favicon_interval_qpart = "favicon_last_checked < NOW() - INTERVAL '12 hour'";
} else {
$favicon_interval_qpart = "favicon_last_checked < DATE_SUB(NOW(), INTERVAL 12 HOUR)";
}
- $result = db_query("SELECT owner_uid,favicon_avg_color,
+ $sth = $pdo->prepare("SELECT owner_uid,favicon_avg_color,
(favicon_last_checked IS NULL OR $favicon_interval_qpart) AS
favicon_needs_check
- FROM ttrss_feeds WHERE id = '$feed'");
+ FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed]);
- $favicon_needs_check = sql_bool_to_bool(db_fetch_result($result, 0,
- "favicon_needs_check"));
- $favicon_avg_color = db_fetch_result($result, 0, "favicon_avg_color");
-
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
+ $favicon_needs_check = sql_bool_to_bool($row["favicon_needs_check"]);
+ $favicon_avg_color = $row["favicon_avg_color"];
+ $owner_uid = $row["owner_uid"];
+ } else {
+ return false;
+ }
- $site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
+ $site_url = mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245);
_debug("site_url: $site_url", $debug_enabled);
_debug("feed_title: " . $rss->get_title(), $debug_enabled);
if ($favicon_modified_new > $favicon_modified)
$favicon_avg_color = '';
+ $favicon_colorstring = "";
if (file_exists($favicon_file) && function_exists("imagecreatefromstring") && $favicon_avg_color == '') {
require_once "colors.php";
- db_query("UPDATE ttrss_feeds SET favicon_avg_color = 'fail' WHERE
- id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = 'fail' WHERE
+ id = ?");
+ $sth->execute([$feed]);
- $favicon_color = db_escape_string(
- calculate_avg_color($favicon_file));
+ $favicon_color = calculate_avg_color($favicon_file);
+
+ $favicon_colorstring = ",favicon_avg_color = " . $pdo->quote($favicon_color);
- $favicon_colorstring = ",favicon_avg_color = '".$favicon_color."'";
} else if ($favicon_avg_color == 'fail') {
_debug("floicon failed on this file, not trying to recalculate avg color", $debug_enabled);
}
- db_query("UPDATE ttrss_feeds SET favicon_last_checked = NOW()
- $favicon_colorstring
- WHERE id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET favicon_last_checked = NOW()
+ $favicon_colorstring WHERE id = ?");
+ $sth->execute([$feed]);
}
_debug("loading filters & labels...", $debug_enabled);
if (!is_array($items)) {
_debug("no articles found.", $debug_enabled);
- db_query("UPDATE ttrss_feeds
- SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds
+ SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = ?");
+ $sth->execute([$feed]);
- return; // no articles
+ return true; // no articles
}
_debug("processing articles...", $debug_enabled);
$tstart = time();
foreach ($items as $item) {
+ $pdo->beginTransaction();
+
if ($_REQUEST['xdebug'] == 3) {
print_r($item);
}
if (ini_get("max_execution_time") > 0 && time() - $tstart >= ini_get("max_execution_time") * 0.7) {
_debug("looks like there's too many articles to process at once, breaking out", $debug_enabled);
+ $pdo->commit();
break;
}
- $entry_guid = $item->get_id();
- if (!$entry_guid) $entry_guid = $item->get_link();
+ $entry_guid = strip_tags($item->get_id());
+ if (!$entry_guid) $entry_guid = strip_tags($item->get_link());
if (!$entry_guid) $entry_guid = RSSUtils::make_guid_from_title($item->get_title());
- if (!$entry_guid) continue;
+
+ if (!$entry_guid) {
+ $pdo->commit();
+ continue;
+ }
$entry_guid = "$owner_uid,$entry_guid";
- $entry_guid_hashed = db_escape_string('SHA1:' . sha1($entry_guid));
+ $entry_guid_hashed = 'SHA1:' . sha1($entry_guid);
_debug("guid $entry_guid / $entry_guid_hashed", $debug_enabled);
- $entry_timestamp = "";
-
- $entry_timestamp = $item->get_date();
+ $entry_timestamp = strip_tags($item->get_date());
_debug("orig date: " . $item->get_date(), $debug_enabled);
_debug("date $entry_timestamp [$entry_timestamp_fmt]", $debug_enabled);
-// $entry_title = html_entity_decode($item->get_title(), ENT_COMPAT, 'UTF-8');
-// $entry_title = decode_numeric_entities($entry_title);
- $entry_title = $item->get_title();
+ $entry_title = strip_tags($item->get_title());
$entry_link = rewrite_relative_url($site_url, $item->get_link());
print "\n";
}
- $entry_comments = db_escape_string(mb_substr($item->get_comments_url(), 0, 245));
+ $entry_comments = mb_substr(strip_tags($item->get_comments_url()), 0, 245);
$num_comments = (int) $item->get_comments_count();
- $entry_author = $item->get_author(); // escaped later
- $entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245));
+ $entry_author = strip_tags($item->get_author());
+ $entry_guid = mb_substr($entry_guid, 0, 245);
_debug("author $entry_author", $debug_enabled);
_debug("num_comments: $num_comments", $debug_enabled);
_debug("done collecting data.", $debug_enabled);
- $result = db_query("SELECT id, content_hash, lang FROM ttrss_entries
- WHERE guid = '".db_escape_string($entry_guid)."' OR guid = '$entry_guid_hashed'");
+ $sth = $pdo->prepare("SELECT id, content_hash, lang FROM ttrss_entries
+ WHERE guid = ? OR guid = ?");
+ $sth->execute([$entry_guid, $entry_guid_hashed]);
- if (db_num_rows($result) != 0) {
- $base_entry_id = db_fetch_result($result, 0, "id");
- $entry_stored_hash = db_fetch_result($result, 0, "content_hash");
+ if ($row = $sth->fetch()) {
+ $base_entry_id = $row["id"];
+ $entry_stored_hash = $row["content_hash"];
$article_labels = Article::get_article_labels($base_entry_id, $owner_uid);
- $entry_language = db_fetch_result($result, 0, "lang");
+ $entry_language = $row["lang"];
$existing_tags = Article::get_article_tags($base_entry_id, $owner_uid);
$entry_tags = array_unique(array_merge($entry_tags, $existing_tags));
-
} else {
$base_entry_id = false;
$entry_stored_hash = "";
// dupes when the entry gets purged and reinserted again e.g.
// in the case of SLOW SLOW OMG SLOW updating feeds
- $base_entry_id = db_fetch_result($result, 0, "id");
-
- db_query("UPDATE ttrss_entries SET date_updated = NOW()
- WHERE id = '$base_entry_id'");
+ $sth = $pdo->prepare("UPDATE ttrss_entries SET date_updated = NOW()
+ WHERE id = ?");
+ $sth->execute([$base_entry_id]);
+ $pdo->commit();
continue;
}
print "\n";
}
- $entry_plugin_data = db_escape_string($entry_plugin_data);
-
_debug("plugin data: $entry_plugin_data", $debug_enabled);
// Workaround: 4-byte unicode requires utf8mb4 in MySQL. See https://tt-rss.org/forum/viewtopic.php?f=1&t=3377&p=20077#p20077
}
$entry_tags = $article["tags"];
- $entry_guid = db_escape_string($entry_guid);
- $entry_title = db_escape_string($article["title"]);
- $entry_author = db_escape_string(mb_substr($article["author"], 0, 245));
- $entry_link = db_escape_string($article["link"]);
+ $entry_title = strip_tags($article["title"]);
+ $entry_author = mb_substr(strip_tags($article["author"]), 0, 245);
+ $entry_link = strip_tags($article["link"]);
$entry_content = $article["content"]; // escaped below
$entry_force_catchup = $article["force_catchup"];
$article_labels = $article["labels"];
$entry_score_modifier = (int) $article["score_modifier"];
- $entry_language = db_escape_string($article["language"]);
+ $entry_language = $article["language"];
if ($debug_enabled) {
_debug("article labels:", $debug_enabled);
if ($cache_images && is_writable(CACHE_DIR . '/images'))
RSSUtils::cache_media($entry_content, $site_url, $debug_enabled);
- $entry_content = db_escape_string($entry_content, false);
+ $csth = $pdo->prepare("SELECT id FROM ttrss_entries
+ WHERE guid = ? OR guid = ?");
+ $csth->execute([$entry_guid, $entry_guid_hashed]);
- //db_query("BEGIN");
-
- $result = db_query("SELECT id FROM ttrss_entries
- WHERE (guid = '$entry_guid' OR guid = '$entry_guid_hashed')");
-
- if (db_num_rows($result) == 0) {
+ if (!$row = $csth->fetch()) {
_debug("base guid [$entry_guid or $entry_guid_hashed] not found, creating...", $debug_enabled);
// base post entry does not exist, create it
- db_query(
+ $usth = $pdo->prepare(
"INSERT INTO ttrss_entries
- (title,
+ (title,
guid,
link,
updated,
lang,
author)
VALUES
- ('$entry_title',
- '$entry_guid_hashed',
- '$entry_link',
- '$entry_timestamp_fmt',
- '$entry_content',
- '$entry_current_hash',
+ (?, ?, ?, ?, ?, ?,
false,
NOW(),
- '$date_feed_processed',
- '$entry_comments',
- '$num_comments',
- '$entry_plugin_data',
- '$entry_language',
- '$entry_author')");
+ ?, ?, ?, ?, ?, ?)");
+
+ $usth->execute([$entry_title,
+ $entry_guid_hashed,
+ $entry_link,
+ $entry_timestamp_fmt,
+ $entry_content,
+ $entry_current_hash,
+ $date_feed_processed,
+ $entry_comments,
+ $num_comments,
+ $entry_plugin_data,
+ $entry_language,
+ $entry_author]);
}
- // now it should exist, if not - bad luck then
-
- $result = db_query("SELECT id FROM ttrss_entries
- WHERE guid = '$entry_guid' OR guid = '$entry_guid_hashed'");
+ $csth->execute([$entry_guid, $entry_guid_hashed]);
$entry_ref_id = 0;
$entry_int_id = 0;
- if (db_num_rows($result) == 1) {
+ if ($row = $csth->fetch()) {
_debug("base guid found, checking for user record", $debug_enabled);
- $ref_id = db_fetch_result($result, 0, "id");
+ $ref_id = $row['id'];
$entry_ref_id = $ref_id;
- /* $stored_guid = db_fetch_result($result, 0, "guid");
- if ($stored_guid != $entry_guid_hashed) {
- if ($debug_enabled) _debug("upgrading compat guid to hashed one", $debug_enabled);
-
- db_query("UPDATE ttrss_entries SET guid = '$entry_guid_hashed' WHERE
- id = '$ref_id'");
- } */
-
if (RSSUtils::find_article_filter($article_filters, "filter")) {
- //db_query("COMMIT"); // close transaction in progress
+ $pdo->commit();
continue;
}
// check for user post link to main table
- $query = "SELECT ref_id, int_id FROM ttrss_user_entries WHERE
- ref_id = '$ref_id' AND owner_uid = '$owner_uid'";
-
-// if ($_REQUEST["xdebug"]) print "$query\n";
-
- $result = db_query($query);
+ $sth = $pdo->prepare("SELECT ref_id, int_id FROM ttrss_user_entries WHERE
+ ref_id = ? AND owner_uid = ?");
+ $sth->execute([$ref_id, $owner_uid]);
// okay it doesn't exist - create user entry
- if (db_num_rows($result) == 0) {
+ if ($row = $sth->fetch()) {
+ $entry_ref_id = $row["ref_id"];
+ $entry_int_id = $row["int_id"];
+ _debug("user record FOUND: RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled);
+ } else {
+
_debug("user record not found, creating...", $debug_enabled);
if ($score >= -500 && !RSSUtils::find_article_filter($article_filters, 'catchup') && !$entry_force_catchup) {
- $unread = 'true';
- $last_read_qpart = 'NULL';
+ $unread = 1;
+ $last_read_qpart = null;
} else {
- $unread = 'false';
+ $unread = 0;
$last_read_qpart = 'NOW()';
}
if (RSSUtils::find_article_filter($article_filters, 'mark') || $score > 1000) {
- $marked = 'true';
+ $marked = 1;
} else {
- $marked = 'false';
+ $marked = 0;
}
if (RSSUtils::find_article_filter($article_filters, 'publish')) {
- $published = 'true';
+ $published = 1;
} else {
- $published = 'false';
+ $published = 0;
}
- $last_marked = ($marked == 'true') ? 'NOW()' : 'NULL';
- $last_published = ($published == 'true') ? 'NOW()' : 'NULL';
+ $last_marked = ($marked == 'true') ? 'NOW()' : null;
+ $last_published = ($published == 'true') ? 'NOW()' : null;
- $result = db_query(
+ $sth = $pdo->prepare(
"INSERT INTO ttrss_user_entries
(ref_id, owner_uid, feed_id, unread, last_read, marked,
published, score, tag_cache, label_cache, uuid,
last_marked, last_published)
- VALUES ('$ref_id', '$owner_uid', '$feed', $unread,
- $last_read_qpart, $marked, $published, '$score', '', '',
- '', $last_marked, $last_published)");
+ VALUES (?, ?, ?, ?, ?, ?, ?, ?, '', '', '', ?, ?)");
- $result = db_query(
- "SELECT int_id FROM ttrss_user_entries WHERE
- ref_id = '$ref_id' AND owner_uid = '$owner_uid' AND
- feed_id = '$feed' LIMIT 1");
+ $sth->execute([$ref_id, $owner_uid, $feed, $unread, $last_read_qpart, $marked,
+ $published, $score, $last_marked, $last_published]);
- if (db_num_rows($result) == 1) {
- $entry_int_id = db_fetch_result($result, 0, "int_id");
- }
- } else {
- _debug("user record FOUND", $debug_enabled);
+ $sth = $pdo->prepare("SELECT int_id FROM ttrss_user_entries WHERE
+ ref_id = ? AND owner_uid = ? AND
+ feed_id = ? LIMIT 1");
+
+ $sth->execute([$ref_id, $owner_uid, $feed]);
- $entry_ref_id = db_fetch_result($result, 0, "ref_id");
- $entry_int_id = db_fetch_result($result, 0, "int_id");
+ if ($row = $sth->fetch())
+ $entry_int_id = $row['int_id'];
}
- _debug("RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled);
+ _debug("resulting RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled);
if (DB_TYPE == "pgsql") {
- $tsvector_combined = db_escape_string(mb_substr($entry_title . ' ' . strip_tags(str_replace('<', ' <', $entry_content)),
- 0, 1000000));
+ $tsvector_combined = mb_substr($entry_title . ' ' . strip_tags(str_replace('<', ' <', $entry_content)),
+ 0, 1000000);
- $tsvector_qpart = "tsvector_combined = to_tsvector('$feed_language', '$tsvector_combined'),";
+ $tsvector_qpart = "tsvector_combined = to_tsvector('$feed_language', ".$pdo->quote($tsvector_combined)."),";
} else {
$tsvector_qpart = "";
}
- db_query("UPDATE ttrss_entries
- SET title = '$entry_title',
- content = '$entry_content',
- content_hash = '$entry_current_hash',
- updated = '$entry_timestamp_fmt',
+ $sth = $pdo->prepare("UPDATE ttrss_entries
+ SET title = ?,
+ content = ?,
+ content_hash = ?,
+ updated = ?,
$tsvector_qpart
- num_comments = '$num_comments',
- plugin_data = '$entry_plugin_data',
- author = '$entry_author',
- lang = '$entry_language'
- WHERE id = '$ref_id'");
+ num_comments = ?,
+ plugin_data = ?,
+ author = ?,
+ lang = ?
+ WHERE id = ?");
+
+ $sth->execute([$entry_title, $entry_content, $entry_current_hash, $entry_timestamp_fmt,
+ $num_comments, $entry_plugin_data, $entry_author, $entry_language, $ref_id]);
// update aux data
- db_query("UPDATE ttrss_user_entries
- SET score = '$score' WHERE ref_id = '$ref_id'");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
+ SET score = ? WHERE ref_id = ?");
+ $sth->execute([$score, $ref_id]);
if ($mark_unread_on_update) {
_debug("article updated, marking unread as requested.", $debug_enabled);
- db_query("UPDATE ttrss_user_entries
- SET last_read = null, unread = true WHERE ref_id = '$ref_id'");
+ $sth = $pdo->prepare("UPDATE ttrss_user_entries
+ SET last_read = null, unread = true WHERE ref_id = ?");
+ $sth->execute([$ref_id]);
}
}
- //db_query("COMMIT");
-
_debug("assigning labels [other]...", $debug_enabled);
foreach ($article_labels as $label) {
print_r($enclosures);
}
- //db_query("BEGIN");
+ $esth = $pdo->prepare("SELECT id FROM ttrss_enclosures
+ WHERE content_url = ? AND post_id = ?");
-// debugging
-// db_query("DELETE FROM ttrss_enclosures WHERE post_id = '$entry_ref_id'");
+ $usth = $pdo->prepare("INSERT INTO ttrss_enclosures
+ (content_url, content_type, title, duration, post_id, width, height) VALUES
+ (?, ?, ?, ?, ?, ?, ?)");
foreach ($enclosures as $enc) {
- $enc_url = db_escape_string($enc[0]);
- $enc_type = db_escape_string($enc[1]);
- $enc_dur = db_escape_string($enc[2]);
- $enc_title = db_escape_string($enc[3]);
+ $enc_url = $enc[0];
+ $enc_type = $enc[1];
+ $enc_dur = (int)$enc[2];
+ $enc_title = $enc[3];
$enc_width = intval($enc[4]);
$enc_height = intval($enc[5]);
- $result = db_query("SELECT id FROM ttrss_enclosures
- WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'");
+ $esth->execute([$enc_url, $entry_ref_id]);
- if (db_num_rows($result) == 0) {
- db_query("INSERT INTO ttrss_enclosures
- (content_url, content_type, title, duration, post_id, width, height) VALUES
- ('$enc_url', '$enc_type', '$enc_title', '$enc_dur', '$entry_ref_id', $enc_width, $enc_height)");
+ if (!$esth->fetch()) {
+ $usth->execute([$enc_url, $enc_type, (string)$enc_title, $enc_dur, $entry_ref_id, $enc_width, $enc_height]);
}
}
- //db_query("COMMIT");
-
// check for manual tags (we have to do it here since they're loaded from filters)
foreach ($article_filters as $f) {
if (count($filtered_tags) > 0) {
- //db_query("BEGIN");
+ $tsth = $pdo->prepare("SELECT id FROM ttrss_tags
+ WHERE tag_name = ? AND post_int_id = ? AND
+ owner_uid = ? LIMIT 1");
+
+ $usth = $pdo->prepare("INSERT INTO ttrss_tags
+ (owner_uid,tag_name,post_int_id)
+ VALUES (?, ?, ?)");
foreach ($filtered_tags as $tag) {
$tag = sanitize_tag($tag);
- $tag = db_escape_string($tag);
if (!tag_is_valid($tag)) continue;
- $result = db_query("SELECT id FROM ttrss_tags
- WHERE tag_name = '$tag' AND post_int_id = '$entry_int_id' AND
- owner_uid = '$owner_uid' LIMIT 1");
+ $tsth->execute([$tag, $entry_int_id, $owner_uid]);
- if ($result && db_num_rows($result) == 0) {
-
- db_query("INSERT INTO ttrss_tags
- (owner_uid,tag_name,post_int_id)
- VALUES ('$owner_uid','$tag', '$entry_int_id')");
+ if (!$tsth->fetch()) {
+ $usth->execute([$owner_uid, $tag, $entry_int_id]);
}
array_push($tags_to_cache, $tag);
$tags_to_cache = array_unique($tags_to_cache);
- $tags_str = db_escape_string(join(",", $tags_to_cache));
-
- db_query("UPDATE ttrss_user_entries
- SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id'
- AND owner_uid = $owner_uid");
+ $tags_str = join(",", $tags_to_cache);
- //db_query("COMMIT");
+ $tsth = $pdo->prepare("UPDATE ttrss_user_entries
+ SET tag_cache = ? WHERE ref_id = ?
+ AND owner_uid = ?");
+ $tsth->execute([$tags_str, $entry_ref_id, $owner_uid]);
}
_debug("article processed", $debug_enabled);
+
+ $pdo->commit();
}
_debug("purging feed...", $debug_enabled);
purge_feed($feed, 0, $debug_enabled);
- db_query("UPDATE ttrss_feeds
- SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = '$feed'");
-
-// db_query("COMMIT");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds
+ SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = ?");
+ $sth->execute([$feed]);
} else {
- $error_msg = db_escape_string(mb_substr($rss->error(), 0, 245));
+ $error_msg = mb_substr($rss->error(), 0, 245);
_debug("fetch error: $error_msg", $debug_enabled);
}
}
- db_query(
- "UPDATE ttrss_feeds SET last_error = '$error_msg',
- last_updated = NOW(), last_unconditional = NOW() WHERE id = '$feed'");
+ $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_error = ?,
+ last_updated = NOW(), last_unconditional = NOW() WHERE id = ?");
+ $sth->execute([$error_msg, $feed]);
unset($rss);
- return;
+ return false;
}
_debug("done", $debug_enabled);
static function expire_error_log($debug) {
if ($debug) _debug("Removing old error log entries...");
+ $pdo = Db::pdo();
+
if (DB_TYPE == "pgsql") {
- db_query("DELETE FROM ttrss_error_log
+ $pdo->query("DELETE FROM ttrss_error_log
WHERE created_at < NOW() - INTERVAL '7 days'");
} else {
- db_query("DELETE FROM ttrss_error_log
+ $pdo->query("DELETE FROM ttrss_error_log
WHERE created_at < DATE_SUB(NOW(), INTERVAL 7 DAY)");
}
-
}
static function expire_lock_files($debug) {
}
static function cleanup_counters_cache($debug) {
- $result = db_query("DELETE FROM ttrss_counters_cache
+ $pdo = Db::pdo();
+
+ $res = $pdo->query("DELETE FROM ttrss_counters_cache
WHERE feed_id > 0 AND
(SELECT COUNT(id) FROM ttrss_feeds WHERE
id = feed_id AND
ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid) = 0");
- $frows = db_affected_rows($result);
- $result = db_query("DELETE FROM ttrss_cat_counters_cache
+ $frows = $res->rowCount();
+
+ $res = $pdo->query("DELETE FROM ttrss_cat_counters_cache
WHERE feed_id > 0 AND
(SELECT COUNT(id) FROM ttrss_feed_categories WHERE
id = feed_id AND
ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid) = 0");
- $crows = db_affected_rows($result);
+
+ $crows = $res->rowCount();
if ($debug) _debug("Removed $frows (feeds) $crows (cats) orphaned counter cache entries.");
}
function print_feed_multi_select($id, $default_ids = [],
$attributes = "", $include_all_feeds = true,
- $root_id = false, $nest_level = 0) {
+ $root_id = null, $nest_level = 0) {
+
+ $pdo = DB::pdo();
print_r(in_array("CAT:6",$default_ids));
if (get_pref('ENABLE_FEED_CATS')) {
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
+ if (!$root_id) $root_id = null;
- $result = db_query("SELECT id,title,
+ $sth = $pdo->prepare("SELECT id,title,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
+ WHERE owner_uid = :uid AND
+ (parent_cat = :root_id OR (:root_id IS NULL AND parent_cat IS NULL)) ORDER BY title");
+
+ $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
for ($i = 0; $i < $nest_level; $i++)
$line["title"] = " - " . $line["title"];
print_feed_multi_select($id, $default_ids, $attributes,
$include_all_feeds, $line["id"], $nest_level+1);
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id = '".$line["id"]."' AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id = ? AND owner_uid = ? ORDER BY title");
- while ($fline = db_fetch_assoc($feed_result)) {
+ $f_sth->execute([$line['id'], $_SESSION['uid']]);
+
+ while ($fline = $f_sth->fetch()) {
$is_selected = (in_array($fline["id"], $default_ids)) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
printf("<option $is_selected value='CAT:0'>%s</option>",
__("Uncategorized"));
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id IS NULL AND owner_uid = ? ORDER BY title");
+ $f_sth->execute([$_SESSION['uid']]);
- while ($fline = db_fetch_assoc($feed_result)) {
+ while ($fline = $f_sth->fetch()) {
$is_selected = in_array($fline["id"], $default_ids) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
}
} else {
- $result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
+ $sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE owner_uid = ? ORDER BY title");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$is_selected = (in_array($line["id"], $default_ids)) ? "selected=\"1\"" : "";
}
}
-
-/*function print_feed_select($id, $default_id = "",
- $attributes = "", $include_all_feeds = true,
- $root_id = false, $nest_level = 0) {
+function print_feed_cat_select($id, $default_id,
+ $attributes, $include_all_cats = true, $root_id = null, $nest_level = 0) {
if (!$root_id) {
- print "<select id=\"$id\" name=\"$id\" $attributes>";
- if ($include_all_feeds) {
- $is_selected = ("0" == $default_id) ? "selected=\"1\"" : "";
- print "<option $is_selected value=\"0\">".__('All feeds')."</option>";
- }
+ print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" $attributes>";
}
- if (get_pref('ENABLE_FEED_CATS')) {
+ $pdo = DB::pdo();
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
+ if (!$root_id) $root_id = null;
- $result = db_query("SELECT id,title,
+ $sth = $pdo->prepare("SELECT id,title,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
-
- for ($i = 0; $i < $nest_level; $i++)
- $line["title"] = " - " . $line["title"];
-
- $is_selected = ("CAT:".$line["id"] == $default_id) ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='CAT:%d'>%s</option>",
- $line["id"], htmlspecialchars($line["title"]));
-
- if ($line["num_children"] > 0)
- print_feed_select($id, $default_id, $attributes,
- $include_all_feeds, $line["id"], $nest_level+1);
-
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id = '".$line["id"]."' AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
-
- while ($fline = db_fetch_assoc($feed_result)) {
- $is_selected = ($fline["id"] == $default_id) ? "selected=\"1\"" : "";
-
- $fline["title"] = " + " . $fline["title"];
-
- for ($i = 0; $i < $nest_level; $i++)
- $fline["title"] = " - " . $fline["title"];
-
- printf("<option $is_selected value='%d'>%s</option>",
- $fline["id"], htmlspecialchars($fline["title"]));
- }
- }
-
- if (!$root_id) {
- $default_is_cat = ($default_id == "CAT:0");
- $is_selected = $default_is_cat ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='CAT:0'>%s</option>",
- __("Uncategorized"));
-
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
-
- while ($fline = db_fetch_assoc($feed_result)) {
- $is_selected = ($fline["id"] == $default_id && !$default_is_cat) ? "selected=\"1\"" : "";
-
- $fline["title"] = " + " . $fline["title"];
-
- for ($i = 0; $i < $nest_level; $i++)
- $fline["title"] = " - " . $fline["title"];
+ WHERE owner_uid = :uid AND
+ (parent_cat = :root_id OR (:root_id IS NULL AND parent_cat IS NULL)) ORDER BY title");
+ $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]);
- printf("<option $is_selected value='%d'>%s</option>",
- $fline["id"], htmlspecialchars($fline["title"]));
- }
- }
-
- } else {
- $result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
-
- $is_selected = ($line["id"] == $default_id) ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='%d'>%s</option>",
- $line["id"], htmlspecialchars($line["title"]));
- }
- }
+ $found = 0;
- if (!$root_id) {
- print "</select>";
- }
-}*/
+ while ($line = $sth->fetch()) {
+ ++$found;
-function print_feed_cat_select($id, $default_id,
- $attributes, $include_all_cats = true, $root_id = false, $nest_level = 0) {
-
- if (!$root_id) {
- print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" $attributes>";
- }
-
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
-
- $result = db_query("SELECT id,title,
- (SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
- c2.parent_cat = ttrss_feed_categories.id) AS num_children
- FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
if ($line["id"] == $default_id) {
$is_selected = "selected=\"1\"";
} else {
if (!$root_id) {
if ($include_all_cats) {
- if (db_num_rows($result) > 0) {
+ if ($found > 0) {
print "<option disabled=\"1\">--------</option>";
}
function print_label_select($name, $value, $attributes = "") {
- $result = db_query("SELECT caption FROM ttrss_labels2
- WHERE owner_uid = '".$_SESSION["uid"]."' ORDER BY caption");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE owner_uid = ? ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
print "<select default=\"$value\" name=\"" . htmlspecialchars($name) .
"\" $attributes>";
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$issel = ($line["caption"] == $value) ? "selected=\"1\"" : "";
print "</select>";
-}
-
+}
\ No newline at end of file
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $owner_uid = $_SESSION["uid"];
$rv = '';
+ $pdo = Db::pdo();
+
if ($search) {
- $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
+ $search = $pdo->quote($search);
+
+ $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
UPPER(title) LIKE UPPER('%$search%'))";
} else {
$search_qpart = "";
}
if ($mode == 1) {
- /* $result = db_query("SELECT feed_url, subscribers FROM
- ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
- WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
- AND owner_uid = '$owner_uid') $search_qpart
- ORDER BY subscribers DESC LIMIT $limit"); */
-
- $result = db_query("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
+ $sth = $pdo->prepare("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
WHERE
(SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = qqq.feed_url
- AND owner_uid = '$owner_uid') $search_qpart
- GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
+ AND owner_uid = ?) $search_qpart
+ GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT ?");
+ $sth->execute([$_SESSION['uid'], $limit]);
} else if ($mode == 2) {
- $result = db_query("SELECT *,
+ $sth = $pdo->prepare("SELECT *,
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
FROM
WHERE
(SELECT COUNT(*) FROM ttrss_feeds
WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
- owner_uid = '$owner_uid') = 0 AND
- owner_uid = '$owner_uid' $search_qpart
- ORDER BY id DESC LIMIT $limit");
+ owner_uid = :uid) = 0 AND
+ owner_uid = :uid $search_qpart
+ ORDER BY id DESC LIMIT :limit");
+
+ $sth->execute([":uid" => $_SESSION['uid'], ":limit" => $limit]);
}
$feedctr = 0;
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if ($mode == 1) {
if (!$purge_interval) $purge_interval = feed_purge_interval($feed_id);
- $rows = -1;
+ $pdo = Db::pdo();
- $result = db_query(
- "SELECT owner_uid FROM ttrss_feeds WHERE id = '$feed_id'");
+ $sth = $pdo->prepare("SELECT owner_uid FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed_id]);
$owner_uid = false;
- if (db_num_rows($result) == 1) {
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
+ $owner_uid = $row["owner_uid"];
}
if ($purge_interval == -1 || !$purge_interval) {
$purge_interval = FORCE_ARTICLE_PURGE;
}
- if (!$purge_unread) $query_limit = " unread = false AND ";
+ if (!$purge_unread)
+ $query_limit = " unread = false AND ";
+ else
+ $query_limit = "";
+
+ $purge_interval = (int) $purge_interval;
if (DB_TYPE == "pgsql") {
- $result = db_query("DELETE FROM ttrss_user_entries
+ $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_entries
WHERE ttrss_entries.id = ref_id AND
marked = false AND
- feed_id = '$feed_id' AND
+ feed_id = ? AND
$query_limit
ttrss_entries.date_updated < NOW() - INTERVAL '$purge_interval days'");
+ $sth->execute([$feed_id]);
} else {
-
-/* $result = db_query("DELETE FROM ttrss_user_entries WHERE
- marked = false AND feed_id = '$feed_id' AND
- (SELECT date_updated FROM ttrss_entries WHERE
- id = ref_id) < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)"); */
-
- $result = db_query("DELETE FROM ttrss_user_entries
+ $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_user_entries, ttrss_entries
WHERE ttrss_entries.id = ref_id AND
marked = false AND
- feed_id = '$feed_id' AND
+ feed_id = ? AND
$query_limit
ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)");
+ $sth->execute([$feed_id]);
+
}
- $rows = db_affected_rows($result);
+ $rows = $sth->rowCount();
CCache::update($feed_id, $owner_uid);
function feed_purge_interval($feed_id) {
- $result = db_query("SELECT purge_interval, owner_uid FROM ttrss_feeds
- WHERE id = '$feed_id'");
+ $pdo = DB::pdo();
- if (db_num_rows($result) == 1) {
- $purge_interval = db_fetch_result($result, 0, "purge_interval");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ $sth = $pdo->prepare("SELECT purge_interval, owner_uid FROM ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$feed_id]);
+
+ if ($row = $sth->fetch()) {
+ $purge_interval = $row["purge_interval"];
+ $owner_uid = $row["owner_uid"];
if ($purge_interval == 0) $purge_interval = get_pref(
'PURGE_OLD_DAYS', $owner_uid);
}
}
- /*function get_feed_update_interval($feed_id) {
- $result = db_query("SELECT owner_uid, update_interval FROM
- ttrss_feeds WHERE id = '$feed_id'");
-
- if (db_num_rows($result) == 1) {
- $update_interval = db_fetch_result($result, 0, "update_interval");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
-
- if ($update_interval != 0) {
- return $update_interval;
- } else {
- return get_pref('DEFAULT_UPDATE_INTERVAL', $owner_uid, false);
- }
-
- } else {
- return -1;
- }
- }*/
-
// TODO: multiple-argument way is deprecated, first parameter is a hash now
function fetch_file_contents($options /* previously: 0: $url , 1: $type = false, 2: $login = false, 3: $pass = false,
4: $post_query = false, 5: $timeout = false, 6: $timestamp = 0, 7: $useragent = false*/) {
function initialize_user_prefs($uid, $profile = false) {
- $uid = db_escape_string($uid);
+ if (get_schema_version() < 63) $profile_qpart = "";
- if (!$profile) {
- $profile = "NULL";
- $profile_qpart = "AND profile IS NULL";
- } else {
- $profile_qpart = "AND profile = '$profile'";
- }
+ $pdo = DB::pdo();
+ $in_nested_tr = false;
- if (get_schema_version() < 63) $profile_qpart = "";
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $in_nested_tr = true;
+ }
- db_query("BEGIN");
+ $sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
- $result = db_query("SELECT pref_name,def_value FROM ttrss_prefs");
+ $profile = $profile ? $profile : null;
- $u_result = db_query("SELECT pref_name
- FROM ttrss_user_prefs WHERE owner_uid = '$uid' $profile_qpart");
+ $u_sth = $pdo->prepare("SELECT pref_name
+ FROM ttrss_user_prefs WHERE owner_uid = :uid AND
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL))");
+ $u_sth->execute([':uid' => $uid, ':profile' => $profile]);
$active_prefs = array();
- while ($line = db_fetch_assoc($u_result)) {
+ while ($line = $u_sth->fetch()) {
array_push($active_prefs, $line["pref_name"]);
}
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>";
- $line["def_value"] = db_escape_string($line["def_value"]);
- $line["pref_name"] = db_escape_string($line["pref_name"]);
-
if (get_schema_version() < 63) {
- db_query("INSERT INTO ttrss_user_prefs
+ $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value) VALUES
- ('$uid', '".$line["pref_name"]."','".$line["def_value"]."')");
+ (?, ?, ?)");
+ $i_sth->execute([$uid, $line["pref_name"], $line["def_value"]]);
} else {
- db_query("INSERT INTO ttrss_user_prefs
+ $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value, profile) VALUES
- ('$uid', '".$line["pref_name"]."','".$line["def_value"]."', $profile)");
+ (?, ?, ?, ?)");
+ $i_sth->execute([$uid, $line["pref_name"], $line["def_value"], $profile]);
}
}
}
- db_query("COMMIT");
+ if (!$in_nested_tr) $pdo->commit();
}
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION_STATIC;
- $result = db_query("SELECT login,access_level,pwd_hash FROM ttrss_users
- WHERE id = '$user_id'");
+ $pdo = DB::pdo();
+ $sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users
+ WHERE id = ?");
+ $sth->execute([$user_id]);
+ $row = $sth->fetch();
- $_SESSION["name"] = db_fetch_result($result, 0, "login");
- $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
+ $_SESSION["name"] = $row["login"];
+ $_SESSION["access_level"] = $row["access_level"];
$_SESSION["csrf_token"] = uniqid_short();
- db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
- $_SESSION["uid"]);
+ $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $usth->execute([$user_id]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
- $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
+ $_SESSION["pwd_hash"] = $row["pwd_hash"];
$_SESSION["last_version_check"] = time();
function initialize_user($uid) {
- db_query("insert into ttrss_feeds (owner_uid,title,feed_url)
- values ('$uid', 'Tiny Tiny RSS: Forum',
+ $pdo = DB::pdo();
+
+ $sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url)
+ values (?, 'Tiny Tiny RSS: Forum',
'http://tt-rss.org/forum/rss.php')");
+ $sth->execute([$uid]);
}
function logout_user() {
}
function login_sequence() {
+ $pdo = Db::pdo();
+
if (SINGLE_USER_MODE) {
@session_start();
authenticate_user("admin", null);
} else {
/* bump login timestamp */
- db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
- $_SESSION["uid"]);
+ $sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
+
$_SESSION["last_login_update"] = time();
}
/* cleanup ccache */
- db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = ".
- $_SESSION["uid"] . " AND
+ $sth = $pdo->prepare("DELETE FROM ttrss_counters_cache WHERE owner_uid = ?
+ AND
(SELECT COUNT(id) FROM ttrss_feeds WHERE
ttrss_feeds.id = feed_id) = 0");
- db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ".
- $_SESSION["uid"] . " AND
+ $sth->execute([$_SESSION['uid']]);
+
+ $sth = $pdo->prepare("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ?
+ AND
(SELECT COUNT(id) FROM ttrss_feed_categories WHERE
ttrss_feed_categories.id = feed_id) = 0");
+ $sth->execute([$_SESSION['uid']]);
}
}
}
function sql_bool_to_bool($s) {
- if ($s == "t" || $s == "1" || strtolower($s) == "true") {
- return true;
- } else {
- return false;
- }
+ return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer
}
function bool_to_sql_bool($s) {
- if ($s) {
- return "true";
- } else {
- return "false";
- }
+ return (bool)$s; //no-op for PDO
}
// Session caching removed due to causing wrong redirects to upgrade
function get_schema_version($nocache = false) {
global $schema_version;
+ $pdo = DB::pdo();
+
if (!$schema_version && !$nocache) {
- $result = db_query("SELECT schema_version FROM ttrss_version");
- $version = db_fetch_result($result, 0, "schema_version");
+ $row = $pdo->query("SELECT schema_version FROM ttrss_version")->fetch();
+ $version = $row["schema_version"];
$schema_version = $version;
return $version;
} else {
$error_code = 5;
}
- if (DB_TYPE == "mysql") {
- $result = db_query("SELECT true", false);
- if (db_num_rows($result) != 1) {
- $error_code = 10;
- }
- }
-
- if (db_escape_string("testTEST") != "testTEST") {
- $error_code = 12;
- }
-
return array("code" => $error_code, "message" => $ERRORS[$error_code]);
}
return Feeds::getFeedArticles($feed, $is_cat, true, $_SESSION["uid"]);
}
-
- /*function get_pgsql_version() {
- $result = db_query("SELECT version() AS version");
- $version = explode(" ", db_fetch_result($result, 0, "version"));
- return $version[1];
- }*/
-
function checkbox_to_sql_bool($val) {
- return ($val == "on") ? "true" : "false";
- }
-
- /*function getFeedCatTitle($id) {
- if ($id == -1) {
- return __("Special");
- } else if ($id < LABEL_BASE_INDEX) {
- return __("Labels");
- } else if ($id > 0) {
- $result = db_query("SELECT ttrss_feed_categories.title
- FROM ttrss_feeds, ttrss_feed_categories WHERE ttrss_feeds.id = '$id' AND
- cat_id = ttrss_feed_categories.id");
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "title");
- } else {
- return __("Uncategorized");
- }
- } else {
- return "getFeedCatTitle($id) failed";
- }
-
- }*/
+ return ($val == "on") ? true : false;
+ }
function uniqid_short() {
return uniqid(base_convert(rand(), 10, 36));
$params["sanity_checksum"] = sha1(file_get_contents("include/sanity_check.php"));
- $result = db_query("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
+ $pdo = Db::pdo();
- $max_feed_id = db_fetch_result($result, 0, "mid");
- $num_feeds = db_fetch_result($result, 0, "nf");
+ $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
+
+ $max_feed_id = $row["mid"];
+ $num_feeds = $row["nf"];
$params["max_feed_id"] = (int) $max_feed_id;
$params["num_feeds"] = (int) $num_feeds;
function make_runtime_info($disable_update_check = false) {
$data = array();
- $result = db_query("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $max_feed_id = db_fetch_result($result, 0, "mid");
- $num_feeds = db_fetch_result($result, 0, "nf");
+ $max_feed_id = $row['mid'];
+ $num_feeds = $row['nf'];
$data["max_feed_id"] = (int) $max_feed_id;
$data["num_feeds"] = (int) $num_feeds;
$search_words = array();
$search_query_leftover = array();
+ $pdo = Db::pdo();
+
if ($search_language)
- $search_language = db_escape_string(mb_strtolower($search_language));
+ $search_language = $pdo->quote(mb_strtolower($search_language));
else
$search_language = "english";
switch ($commandpair[0]) {
case "title":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%') ."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
case "author":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(author) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(author) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
else if ($commandpair[1] == "false")
array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else
- array_push($query_keywords, "($not (LOWER(note) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(note) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
else
array_push($query_keywords, "($not (marked = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
array_push($query_keywords, "($not (unread = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
$k = mb_strtolower($k);
array_push($search_query_leftover, $not ? "!$k" : $k);
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
}
if (!$not) array_push($search_words, $k);
}
if (count($search_query_leftover) > 0) {
- $search_query_leftover = db_escape_string(implode(" & ", $search_query_leftover));
+ $search_query_leftover = $pdo->quote(implode(" & ", $search_query_leftover));
if (DB_TYPE == "pgsql") {
array_push($query_keywords,
- "(tsvector_combined @@ to_tsquery('$search_language', '$search_query_leftover'))");
+ "(tsvector_combined @@ to_tsquery($search_language, $search_query_leftover))");
}
}
function load_filters($feed_id, $owner_uid) {
$filters = array();
+ $feed_id = (int) $feed_id;
$cat_id = (int)Feeds::getFeedCategory($feed_id);
if ($cat_id == 0)
else
$null_cat_qpart = "";
- $result = db_query("SELECT * FROM ttrss_filters2 WHERE
- owner_uid = $owner_uid AND enabled = true ORDER BY order_id, title");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT * FROM ttrss_filters2 WHERE
+ owner_uid = ? AND enabled = true ORDER BY order_id, title");
+ $sth->execute([$owner_uid]);
$check_cats = array_merge(
Feeds::getParentCategories($cat_id, $owner_uid),
$check_cats_str = join(",", $check_cats);
$check_cats_fullids = array_map(function($a) { return "CAT:$a"; }, $check_cats);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$filter_id = $line["id"];
$match_any_rule = sql_bool_to_bool($line["match_any_rule"]);
- $result2 = db_query("SELECT
+ $sth2 = $pdo->prepare("SELECT
r.reg_exp, r.inverse, r.feed_id, r.cat_id, r.cat_filter, r.match_on, t.name AS type_name
FROM ttrss_filters2_rules AS r,
ttrss_filter_types AS t
WHERE
(match_on IS NOT NULL OR
(($null_cat_qpart (cat_id IS NULL AND cat_filter = false) OR cat_id IN ($check_cats_str)) AND
- (feed_id IS NULL OR feed_id = '$feed_id'))) AND
- filter_type = t.id AND filter_id = '$filter_id'");
+ (feed_id IS NULL OR feed_id = ?))) AND
+ filter_type = t.id AND filter_id = ?");
+ $sth2->execute([$feed_id, $filter_id]);
$rules = array();
$actions = array();
- while ($rule_line = db_fetch_assoc($result2)) {
+ while ($rule_line = $sth2->fetch()) {
# print_r($rule_line);
if ($rule_line["match_on"]) {
}
if (count($rules) > 0) {
- $result2 = db_query("SELECT a.action_param,t.name AS type_name
+ $sth2 = $pdo->prepare("SELECT a.action_param,t.name AS type_name
FROM ttrss_filters2_actions AS a,
ttrss_filter_actions AS t
WHERE
- action_id = t.id AND filter_id = '$filter_id'");
+ action_id = t.id AND filter_id = ?");
+ $sth2->execute([$filter_id]);
- while ($action_line = db_fetch_assoc($result2)) {
+ while ($action_line = $sth2->fetch()) {
# print_r($action_line);
$action = array();
if (!$feed_cat) return false;
- db_query("BEGIN");
+ $feed_cat = mb_substr($feed_cat, 0, 250);
+ if (!$parent_cat_id) $parent_cat_id = null;
- if ($parent_cat_id) {
- $parent_qpart = "parent_cat = '$parent_cat_id'";
- $parent_insert = "'$parent_cat_id'";
- } else {
- $parent_qpart = "parent_cat IS NULL";
- $parent_insert = "NULL";
- }
+ $pdo = Db::pdo();
+ $tr_in_progress = false;
- $feed_cat = mb_substr($feed_cat, 0, 250);
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
- $result = db_query(
- "SELECT id FROM ttrss_feed_categories
- WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL))
+ AND title = :title AND owner_uid = :uid");
+ $sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]);
- if (db_num_rows($result) == 0) {
+ if (!$sth->fetch()) {
- $result = db_query(
- "INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
- VALUES ('".$_SESSION["uid"]."', '$feed_cat', $parent_insert)");
+ $sth = $pdo->prepare("INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
+ VALUES (?, ?, ?)");
+ $sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id]);
- db_query("COMMIT");
+ if (!$tr_in_progress) $pdo->commit();
return true;
}
+ $pdo->commit();
+
return false;
}
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $sql_is_cat = bool_to_sql_bool($is_cat);
+ $is_cat = bool_to_sql_bool($is_cat);
+
+ $pdo = Db::pdo();
- $result = db_query("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ?
+ AND owner_uid = ?");
+ $sth->execute([$feed_id, $is_cat, $owner_uid]);
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "access_key");
+ if ($row = $sth->fetch()) {
+ return $row["access_key"];
} else {
- $key = db_escape_string(uniqid_short());
+ $key = uniqid_short();
- $result = db_query("INSERT INTO ttrss_access_keys
+ $sth = $pdo->prepare("INSERT INTO ttrss_access_keys
(access_key, feed_id, is_cat, owner_uid)
- VALUES ('$key', '$feed_id', $sql_is_cat, '$owner_uid')");
+ VALUES (?, ?, ?, ?)");
+
+ $sth->execute([$key, $feed_id, $is_cat, $owner_uid]);
return $key;
}
- return false;
}
function get_feeds_from_html($url, $content)
function cleanup_tags($days = 14, $limit = 1000) {
+ $days = (int) $days;
+
if (DB_TYPE == "pgsql") {
$interval_query = "date_updated < NOW() - INTERVAL '$days days'";
} else if (DB_TYPE == "mysql") {
$tags_deleted = 0;
- while ($limit > 0) {
+ $pdo = Db::pdo();
+
+ while ($limit > 0) {
$limit_part = 500;
- $query = "SELECT ttrss_tags.id AS id
+ $sth = $pdo->prepare("SELECT ttrss_tags.id AS id
FROM ttrss_tags, ttrss_user_entries, ttrss_entries
WHERE post_int_id = int_id AND $interval_query AND
- ref_id = ttrss_entries.id AND tag_cache != '' LIMIT $limit_part";
-
- $result = db_query($query);
+ ref_id = ttrss_entries.id AND tag_cache != '' LIMIT ?");
+ $sth->execute([$limit]);
$ids = array();
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($ids, $line['id']);
}
if (count($ids) > 0) {
$ids = join(",", $ids);
- $tmp_result = db_query("DELETE FROM ttrss_tags WHERE id IN ($ids)");
- $tags_deleted += db_affected_rows($tmp_result);
+ $usth = $pdo->query("DELETE FROM ttrss_tags WHERE id IN ($ids)");
+ $tags_deleted = $usth->rowCount();
} else {
break;
}
function filter_to_sql($filter, $owner_uid) {
$query = array();
+ $pdo = Db::pdo();
+
if (DB_TYPE == "pgsql")
$reg_qpart = "~";
else
if ($regexp_valid) {
- $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+ $rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
switch ($rule["type"]) {
case "title":
if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
- $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+ $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
}
if (isset($rule["cat_id"])) {
}
function check_mysql_tables() {
- $schema = db_escape_string(DB_NAME);
+ $pdo = Db::pdo();
- $result = db_query("SELECT engine, table_name FROM information_schema.tables WHERE
- table_schema = '$schema' AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
+ $sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
+ table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
+ $sth->execute([DB_NAME]);
$bad_tables = [];
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($bad_tables, $line);
}
return $bad_tables;
}
+ function arr_qmarks($arr) {
+ return str_repeat('?,', count($arr) - 1) . '?';
+ }
}
if (SINGLE_USER_MODE) {
- $result = db_query("SELECT id FROM ttrss_users WHERE id = 1");
+ $pdo = DB::pdo();
- if (db_num_rows($result) != 1) {
+ $res = $pdo->query("SELECT id FROM ttrss_users WHERE id = 1");
+
+ if (!$res->fetch()) {
array_push($errors, "SINGLE_USER_MODE is enabled in config.php but default admin account is not found.");
}
}
global $schema_version;
if (!$schema_version) {
- $result = Db::get()->query("SELECT schema_version FROM ttrss_version");
- $version = Db::get()->fetch_result($result, 0, "schema_version");
+ $row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
+
+ $version = $row["schema_version"];
+
$schema_version = $version;
return $version;
} else {
__("Session failed to validate (schema version changed)");
return false;
}
+ $pdo = Db::pdo();
if ($_SESSION["uid"]) {
- $result = Db::get()->query(
- "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
+ $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
// user not found
- if (Db::get()->num_rows($result) == 0) {
+ if ($row = $sth->fetch()) {
+ $pwd_hash = $row["pwd_hash"];
+
+ if ($pwd_hash != $_SESSION["pwd_hash"]) {
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (user not found)");
+ $_SESSION["login_error_msg"] =
+ __("Session failed to validate (password changed)");
- return false;
+ return false;
+ }
} else {
- $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
- if ($pwd_hash != $_SESSION["pwd_hash"]) {
+ $_SESSION["login_error_msg"] =
+ __("Session failed to validate (user not found)");
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (password changed)");
+ return false;
- return false;
- }
}
}
function ttrss_read ($id){
global $session_expire;
- $res = Db::get()->query("SELECT data FROM ttrss_sessions WHERE id='$id'");
+ $sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
+ $sth->execute([$id]);
- if (Db::get()->num_rows($res) != 1) {
+ if ($row = $sth->fetch()) {
+ return base64_decode($row["data"]);
- $expire = time() + $session_expire;
+ } else {
+ $expire = time() + $session_expire;
- Db::get()->query("INSERT INTO ttrss_sessions (id, data, expire)
- VALUES ('$id', '', '$expire')");
+ $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
+ VALUES (?, '', ?)");
+ $sth->execute([$id, $expire]);
+
+ return "";
- return "";
- } else {
- return base64_decode(Db::get()->fetch_result($res, 0, "data"));
}
}
$data = base64_encode($data);
$expire = time() + $session_expire;
- Db::get()->query("UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id'");
+ $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
+ $sth->execute([$data, $expire, $id]);
return true;
}
}
function ttrss_destroy($id) {
- Db::get()->query("DELETE FROM ttrss_sessions WHERE id = '$id'");
+ $sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
+ $sth->execute([$id]);
return true;
}
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
function ttrss_gc ($expire) {
- Db::get()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
+ Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
return true;
}
}
-function quickAddCat(elem) {
- var cat = prompt(__("Please enter category title:"));
-
- if (cat) {
-
- var query = "?op=rpc&method=quickAddCat&cat=" + param_escape(cat);
-
- notify_progress("Loading, please wait...", true);
-
- new Ajax.Request("backend.php", {
- parameters: query,
- onComplete: function (transport) {
- var response = transport.responseXML;
- var select = response.getElementsByTagName("select")[0];
- var options = select.getElementsByTagName("option");
-
- dropbox_replace_options(elem, options);
-
- notify('');
-
- } });
-
- }
-}
-
function genUrlChangeKey(feed, is_cat) {
var ok = confirm(__("Generate new syndication address for this feed?"));
return false;
}
-function dropbox_replace_options(elem, options) {
- while (elem.hasChildNodes())
- elem.removeChild(elem.firstChild);
-
- var sel_idx = -1;
-
- for (var i = 0; i < options.length; i++) {
- var text = options[i].firstChild.nodeValue;
- var value = options[i].getAttribute("value");
-
- if (value == undefined) value = text;
-
- var issel = options[i].getAttribute("selected") == "1";
-
- var option = new Option(text, value, issel);
-
- if (options[i].getAttribute("disabled"))
- option.setAttribute("disabled", true);
-
- elem.insert(option);
-
- if (issel) sel_idx = i;
- }
-
- // Chrome doesn't seem to just select stuff when you pass new Option(x, y, true)
- if (sel_idx >= 0) elem.selectedIndex = sel_idx;
-}
-
// mode = all, none, invert
function selectTableRows(id, mode) {
var rows = $(id).rows;
return false;
}
-function clearSelectedFeeds() {
-
- var sel_rows = getSelectedFeeds();
-
- if (sel_rows.length > 1) {
- alert(__("Please select only one feed."));
- return;
- }
-
- if (sel_rows.length > 0) {
-
- var ok = confirm(__("Erase all non-starred articles in selected feed?"));
-
- if (ok) {
- notify_progress("Clearing selected feed...");
- clearFeedArticles(sel_rows[0]);
- }
-
- } else {
-
- alert(__("No feeds are selected."));
-
- }
-
- return false;
-}
-
-function purgeSelectedFeeds() {
-
- var sel_rows = getSelectedFeeds();
-
- if (sel_rows.length > 0) {
-
- var pr = prompt(__("How many days of articles to keep (0 - use default)?"), "0");
-
- if (pr != undefined) {
- notify_progress("Purging selected feed...");
-
- var query = "?op=rpc&method=purge&ids="+
- param_escape(sel_rows.toString()) + "&days=" + pr;
-
- console.log(query);
-
- new Ajax.Request("prefs.php", {
- parameters: query,
- onComplete: function(transport) {
- notify('');
- } });
- }
-
- } else {
-
- alert(__("No feeds are selected."));
-
- }
-
- return false;
-}
-
function editSelectedUser() {
var rows = getSelectedUsers();
return false;
}
-function feedActionChange() {
- var chooser = $("feedActionChooser");
- var opid = chooser[chooser.selectedIndex].value;
-
- chooser.selectedIndex = 0;
- feedActionGo(opid);
-}
-
-function feedActionGo(op) {
- if (op == "facEdit") {
-
- var rows = getSelectedFeeds();
-
- if (rows.length > 1) {
- editSelectedFeeds();
- } else {
- editSelectedFeed();
- }
- }
-
- if (op == "facClear") {
- clearSelectedFeeds();
- }
-
- if (op == "facPurge") {
- purgeSelectedFeeds();
- }
-
- if (op == "facEditCats") {
- editFeedCats();
- }
-
- if (op == "facRescore") {
- rescoreSelectedFeeds();
- }
-
- if (op == "facUnsubscribe") {
- removeSelectedFeeds();
- }
-}
-
-function clearFeedArticles(feed_id) {
-
- notify_progress("Clearing feed...");
-
- var query = "?op=pref-feeds&quiet=1&method=clear&id=" + feed_id;
-
- new Ajax.Request("backend.php", {
- parameters: query,
- onComplete: function(transport) {
- notify('');
- } });
-
- return false;
-}
-
-function rescoreSelectedFeeds() {
-
- var sel_rows = getSelectedFeeds();
-
- if (sel_rows.length > 0) {
-
- //var ok = confirm(__("Rescore last 100 articles in selected feeds?"));
- var ok = confirm(__("Rescore articles in selected feeds?"));
-
- if (ok) {
- notify_progress("Rescoring selected feeds...", true);
-
- var query = "?op=pref-feeds&method=rescore&quiet=1&ids="+
- param_escape(sel_rows.toString());
-
- new Ajax.Request("backend.php", {
- parameters: query,
- onComplete: function(transport) {
- notify_callback2(transport);
- } });
-
- }
- } else {
- alert(__("No feeds are selected."));
- }
-
- return false;
-}
-
-function rescore_all_feeds() {
- var ok = confirm(__("Rescore all articles? This operation may take a lot of time."));
-
- if (ok) {
- notify_progress("Rescoring feeds...", true);
-
- var query = "?op=pref-feeds&method=rescoreAll&quiet=1";
-
- new Ajax.Request("backend.php", {
- parameters: query,
- onComplete: function(transport) {
- notify_callback2(transport);
- } });
- }
-}
-
function labelColorReset() {
var labels = getSelectedLabels();
$op = $_REQUEST['op'];
if ($op == "publish"){
- $key = db_escape_string( $_REQUEST["key"]);
+ $key = $_REQUEST["key"];
+ $pdo = Db::pdo();
- $result = db_query( "SELECT owner_uid
+ $sth = $pdo->prepare( "SELECT owner_uid
FROM ttrss_access_keys WHERE
- access_key = '$key' AND feed_id = 'OPML:Publish'");
+ access_key = ? AND feed_id = 'OPML:Publish'");
+ $sth->execute([$key]);
- if (db_num_rows($result) == 1) {
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
+ $owner_uid = $row['owner_uid'];
$opml = new Opml($_REQUEST);
$opml->opml_export("", $owner_uid, true, false);
function save() {
$similarity = (float) db_escape_string($_POST["similarity"]);
$min_title_length = (int) db_escape_string($_POST["min_title_length"]);
- $enable_globally = checkbox_to_sql_bool($_POST["enable_globally"]) == "true";
+ $enable_globally = checkbox_to_sql_bool($_POST["enable_globally"]);
if ($similarity < 0) $similarity = 0;
if ($similarity > 1) $similarity = 1;
$enabled_feeds = $this->host->get($this, "enabled_feeds");
if (!is_array($enabled_feeds)) $enabled_feeds = array();
- $enable = checkbox_to_sql_bool($_POST["trgm_similarity_enabled"]) == 'true';
+ $enable = checkbox_to_sql_bool($_POST["trgm_similarity_enabled"]);
$key = array_search($feed_id, $enabled_feeds);
if ($enable) {
}
function save() {
- $enable_share_anything = checkbox_to_sql_bool($_POST["enable_share_anything"]) == "true";
+ $enable_share_anything = checkbox_to_sql_bool($_POST["enable_share_anything"]);
$this->host->set($this, "enable_share_anything", $enable_share_anything);
$enabled_feeds = $this->host->get($this, "enabled_feeds");
if (!is_array($enabled_feeds)) $enabled_feeds = array();
- $enable = checkbox_to_sql_bool($_POST["af_readability_enabled"]) == 'true';
+ $enable = checkbox_to_sql_bool($_POST["af_readability_enabled"]);
$key = array_search($feed_id, $enabled_feeds);
if ($enable) {
}
function save() {
- $enable_readability = checkbox_to_sql_bool($_POST["enable_readability"]) == "true";
- $enable_content_dupcheck = checkbox_to_sql_bool($_POST["enable_content_dupcheck"]) == "true";
+ $enable_readability = checkbox_to_sql_bool($_POST["enable_readability"]);
+ $enable_content_dupcheck = checkbox_to_sql_bool($_POST["enable_content_dupcheck"]);
$this->host->set($this, "enable_readability", $enable_readability, false);
$this->host->set($this, "enable_content_dupcheck", $enable_content_dupcheck);
}
function save() {
- $proxy_all = checkbox_to_sql_bool($_POST["proxy_all"]) == "true";
- $disable_cache = checkbox_to_sql_bool($_POST["disable_cache"]) == "true";
+ $proxy_all = checkbox_to_sql_bool($_POST["proxy_all"]);
+ $disable_cache = checkbox_to_sql_bool($_POST["disable_cache"]);
$this->host->set($this, "proxy_all", $proxy_all, false);
$this->host->set($this, "disable_cache", $disable_cache);
if (!defined('PHP_EXECUTABLE'))
define('PHP_EXECUTABLE', '/usr/bin/php');
+ $pdo = Db::pdo();
+
init_plugins();
$longopts = array("feeds",
if (isset($options["force-update"])) {
_debug("marking all feeds as needing update...");
- db_query( "UPDATE ttrss_feeds SET last_update_started = '1970-01-01',
- last_updated = '1970-01-01'");
+ $pdo->query( "UPDATE ttrss_feeds SET
+ last_update_started = '1970-01-01', last_updated = '1970-01-01'");
}
if (isset($options["feeds"])) {
_debug("clearing existing indexes...");
if (DB_TYPE == "pgsql") {
- $result = db_query( "SELECT relname FROM
+ $sth = $pdo->query( "SELECT relname FROM
pg_catalog.pg_class WHERE relname LIKE 'ttrss_%'
AND relname NOT LIKE '%_pkey'
AND relkind = 'i'");
} else {
- $result = db_query( "SELECT index_name,table_name FROM
+ $sth = $pdo->query( "SELECT index_name,table_name FROM
information_schema.statistics WHERE index_name LIKE 'ttrss_%'");
}
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if (DB_TYPE == "pgsql") {
$statement = "DROP INDEX " . $line["relname"];
_debug($statement);
$line['table_name']." DROP INDEX ".$line['index_name'];
_debug($statement);
}
- db_query( $statement, false);
+ $pdo->query($statement);
}
_debug("reading indexes from schema for: " . DB_TYPE);
$statement = "CREATE INDEX $index ON $table";
_debug($statement);
- db_query( $statement);
+ $pdo->query($statement);
}
}
fclose($fp);
_debug("converting filters...");
- db_query( "DELETE FROM ttrss_filters2");
+ $pdo->query("DELETE FROM ttrss_filters2");
- $result = db_query( "SELECT * FROM ttrss_filters ORDER BY id");
+ $res = $pdo->query("SELECT * FROM ttrss_filters ORDER BY id");
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
$owner_uid = $line["owner_uid"];
// date filters are removed
if (isset($options["update-schema"])) {
_debug("checking for updates (" . DB_TYPE . ")...");
- $updater = new DbUpdater(Db::get(), DB_TYPE, SCHEMA_VERSION);
+ $updater = new DbUpdater(Db::pdo(), DB_TYPE, SCHEMA_VERSION);
if ($updater->isUpdateRequired()) {
_debug("schema update required, version " . $updater->getSchemaVersion() . " to " . SCHEMA_VERSION);
if (isset($options["gen-search-idx"])) {
echo "Generating search index (stemming set to English)...\n";
- $result = db_query("SELECT COUNT(id) AS count FROM ttrss_entries WHERE tsvector_combined IS NULL");
- $count = db_fetch_result($result, 0, "count");
+ $res = $pdo->query("SELECT COUNT(id) AS count FROM ttrss_entries WHERE tsvector_combined IS NULL");
+ $row = $res->fetch();
+ $count = $row['count'];
print "Articles to process: $count.\n";
$limit = 500;
$processed = 0;
+ $sth = $pdo->prepare("SELECT id, title, content FROM ttrss_entries WHERE
+ tsvector_combined IS NULL ORDER BY id LIMIT ?");
+ $sth->execute([$limit]);
+
+ $usth = $pdo->prepare("UPDATE ttrss_entries
+ SET tsvector_combined = to_tsvector('english', ?) WHERE id = ?");
+
while (true) {
- $result = db_query("SELECT id, title, content FROM ttrss_entries WHERE tsvector_combined IS NULL ORDER BY id LIMIT $limit");
- while ($line = db_fetch_assoc($result)) {
- $tsvector_combined = db_escape_string(mb_substr($line['title'] . ' ' . strip_tags(str_replace('<', ' <', $line['content'])),
- 0, 1000000));
+ while ($line = $sth->fetch()) {
+ $tsvector_combined = mb_substr($line['title'] . ' ' . strip_tags(str_replace('<', ' <', $line['content'])),
+ 0, 1000000);
- db_query("UPDATE ttrss_entries SET tsvector_combined = to_tsvector('english', '$tsvector_combined') WHERE id = " . $line["id"]);
+ $usth->execute([$tsvector_combined, $line['id']]);
+
+ $processed++;
}
- $processed += db_num_rows($result);
print "Processed $processed articles...\n";
- if (db_num_rows($result) != $limit) {
+ if ($processed < $limit) {
echo "All done.\n";
break;
}
}
if (isset($options["decrypt-feeds"])) {
- $result = db_query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
if (!function_exists("mcrypt_decrypt")) {
_debug("mcrypt functions not available.");
return;
}
+ $res = $pdo->query("SELECT id, auth_pass FROM ttrss_feeds WHERE auth_pass_encrypted = true");
+
require_once "crypt.php";
$total = 0;
- db_query("BEGIN");
+ $pdo->beginTransaction();
+
+ $usth = $pdo->prepare("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = ?
+ WHERE id = ?");
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $res->fetch()) {
_debug("processing feed id " . $line["id"]);
- $auth_pass = db_escape_string(decrypt_string($line["auth_pass"]));
+ $auth_pass = decrypt_string($line["auth_pass"]);
- db_query("UPDATE ttrss_feeds SET auth_pass_encrypted = false, auth_pass = '$auth_pass'
- WHERE id = " . $line["id"]);
+ $usth->execute([$auth_pass, $line['id']]);
++$total;
}
- db_query("COMMIT");
+ $pdo->commit();
_debug("$total feeds processed.");
}
git.wh0rd.org / tt-rss.git / commitdiff
