From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Fri, 15 Apr 2011 07:42:22 +0000 (+0400)
Subject: filters: cast score expression as integer on save to prevent misscoring
X-Git-Tag: 1.5.3~44
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=b6c1201c33242bdf3341de7ed68792b57152bbc1

filters: cast score expression as integer on save to prevent misscoring
---

diff --git a/modules/pref-filters.php b/modules/pref-filters.php
index 805562d9..dc9015f3 100644
--- a/modules/pref-filters.php
+++ b/modules/pref-filters.php
@@ -9,7 +9,7 @@
 			$root['name'] = __('Filters');
 			$root['items'] = array();
 
-			$result = db_query($link, "SELECT 
+			$result = db_query($link, "SELECT
 					ttrss_filters.id AS id,reg_exp,
 					ttrss_filter_types.name AS filter_type_name,
 					ttrss_filter_types.description AS filter_type_descr,
@@ -23,7 +23,7 @@
 					ttrss_feeds.title AS feed_title,
 					ttrss_filter_actions.name AS action_name,
 					ttrss_filters.action_param AS action_param
-				FROM 
+				FROM
 					ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
 						ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
 				WHERE
@@ -39,41 +39,41 @@
 
 				while ($line = db_fetch_assoc($result)) {
 					if ($cur_action_description != $line['action_description']) {
-	
+
 						if ($cat)
 							array_push($root['items'], $cat);
-	
+
 						$cat = array();
 						$cat['id'] = 'ACTION:' . $line['action_id'];
 						$cat['name'] = $line['action_description'];
 						$cat['items'] = array();
-	
+
 						$cur_action_description = $line['action_description'];
 					}
-	
-					if (array_search($line["action_name"], 
+
+					if (array_search($line["action_name"],
 						array("score", "tag", "label")) === false) {
-	
+
 							$line["action_param"] = '';
 					} else {
 						if ($line['action_name'] == 'label') {
-	
+
 							$tmp_result = db_query($link, "SELECT fg_color, bg_color
 								FROM ttrss_labels2 WHERE caption = '".
 									db_escape_string($line["action_param"])."' AND
 									owner_uid = " . $_SESSION["uid"]);
-	
+
 							if (db_num_rows($tmp_result) != 0) {
 								$fg_color = db_fetch_result($tmp_result, 0, "fg_color");
 								$bg_color = db_fetch_result($tmp_result, 0, "bg_color");
-	
+
 								$tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
-	
+
 								$line['action_param'] = $tmp;
 							}
 						}
 					}
-	
+
 					$filter = array();
 					$filter['id'] = 'FILTER:' . $line['id'];
 					$filter['bare_id'] = $line['id'];
@@ -83,13 +83,13 @@
 					$filter['param'] = $line['action_param'];
 					$filter['inverse'] = sql_bool_to_bool($line['inverse']);
 					$filter['checkbox'] = false;
-	
+
 					if ($line['feed_id'])
-						$filter['feed'] = $line['feed_title']; 
-	
+						$filter['feed'] = $line['feed_title'];
+
 					array_push($cat['items'], $filter);
 				}
-	
+
 				array_push($root['items'], $cat);
 			}
 
@@ -106,7 +106,7 @@
 
 			$filter_id = db_escape_string($_REQUEST["id"]);
 
-			$result = db_query($link, 
+			$result = db_query($link,
 				"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
 
 			$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
@@ -123,13 +123,13 @@
 
 			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
 			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
-			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">"; 
-			
-			$result = db_query($link, "SELECT id,description 
+			print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
+
+			$result = db_query($link, "SELECT id,description
 				FROM ttrss_filter_types ORDER BY description");
-	
+
 			$filter_types = array();
-	
+
 			while ($line = db_fetch_assoc($result)) {
 				//array_push($filter_types, $line["description"]);
 				$filter_types[$line["id"]] = __($line["description"]);
@@ -159,7 +159,7 @@
 					 required=\"1\"
 					 name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
 
-			print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";			
+			print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
 			print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
 				__('Check it')."</button>";
 			print "</span>";
@@ -182,15 +182,15 @@
 
 			print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
 				onchange=\"filterDlgCheckAction(this)\">";
-	
-			$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions 
+
+			$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
 				ORDER BY name");
 
 			while ($line = db_fetch_assoc($result)) {
-				$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";			
+				$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
 				printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
 			}
-	
+
 			print "</select>";
 
 			$param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
@@ -206,8 +206,8 @@
 
 			$param_int_hidden = ($action_id == 7) ? "" : "display : none";
 
-			print_label_select($link, "action_param_label", $action_param, 
-			 "style=\"$param_int_hidden\"" . 
+			print_label_select($link, "action_param_label", $action_param,
+			 "style=\"$param_int_hidden\"" .
 			 'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
 
 			print "</span>";
@@ -271,9 +271,9 @@
 			$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
 			$filter_id = db_escape_string($_REQUEST["id"]);
 			$feed_id = db_escape_string($_REQUEST["feed_id"]);
-			$action_id = db_escape_string($_REQUEST["action_id"]); 
-			$action_param = db_escape_string($_REQUEST["action_param"]); 
-			$action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
+			$action_id = db_escape_string($_REQUEST["action_id"]);
+			$action_param = db_escape_string($_REQUEST["action_param"]);
+			$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
 			$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
 			$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 
@@ -293,8 +293,12 @@
 				$action_param = $action_param_label;
 			}
 
-			$result = db_query($link, "UPDATE ttrss_filters SET 
-					reg_exp = '$reg_exp', 
+			if ($action_id == 6) {
+				$action_param = (int) str_replace("+", "", $action_param);
+			}
+
+			$result = db_query($link, "UPDATE ttrss_filters SET
+					reg_exp = '$reg_exp',
 					feed_id = $feed_id,
 					action_id = '$action_id',
 					filter_type = '$filter_type',
@@ -306,7 +310,7 @@
 		}
 
 		if ($subop == "remove") {
-			
+
 			if ($memcache) $memcache->flush();
 
 			$ids = split(",", db_escape_string($_REQUEST["ids"]));
@@ -324,9 +328,9 @@
 			$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
 			$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
 			$feed_id = db_escape_string($_REQUEST["feed_id"]);
-			$action_id = db_escape_string($_REQUEST["action_id"]); 
-			$action_param = db_escape_string($_REQUEST["action_param"]); 
-			$action_param_label = db_escape_string($_REQUEST["action_param_label"]); 
+			$action_id = db_escape_string($_REQUEST["action_id"]);
+			$action_param = db_escape_string($_REQUEST["action_param"]);
+			$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
 			$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
 
 			# for the time being, no other filters use params anyway...
@@ -347,11 +351,15 @@
 				$action_param = $action_param_label;
 			}
 
+			if ($action_id == 6) {
+				$action_param = (int) str_replace("+", "", $action_param);
+			}
+
 			$result = db_query($link,
 				"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
-					action_id, action_param, inverse, filter_param) 
-				VALUES 
-					('$regexp', '$filter_type','".$_SESSION["uid"]."', 
+					action_id, action_param, inverse, filter_param)
+				VALUES
+					('$regexp', '$filter_type','".$_SESSION["uid"]."',
 						$feed_id, '$action_id', '$action_param', $inverse, '$filter_param')");
 
 			if (db_affected_rows($link, $result) != 0) {
@@ -369,7 +377,7 @@
 			$sort = "reg_exp";
 		}
 
-		$result = db_query($link, "SELECT id,description 
+		$result = db_query($link, "SELECT id,description
 			FROM ttrss_filter_types ORDER BY description");
 
 		$filter_types = array();
@@ -387,7 +395,7 @@
 		} else {
 			$filter_search = $_SESSION["prefs_filter_search"];
 		}
-		
+
 		print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
 		print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
 		print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
@@ -395,14 +403,14 @@
 		print "<div dojoType=\"dijit.form.DropDownButton\">".
 				"<span>" . __('Select')."</span>";
 		print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
-		print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" 
+		print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
 			dojoType=\"dijit.MenuItem\">".__('All')."</div>";
-		print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" 
+		print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
 			dojoType=\"dijit.MenuItem\">".__('None')."</div>";
 		print "</div></div>";
-		
+
 		print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
-			__('Create filter')."</button> "; 
+			__('Create filter')."</button> ";
 
 		print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
 			__('Edit')."</button> ";
@@ -412,7 +420,7 @@
 
 		if (defined('_ENABLE_FEED_DEBUGGING')) {
 			print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
-				__('Rescore articles')."</button> "; 
+				__('Rescore articles')."</button> ";
 		}
 
 		print "</div>"; # toolbar
@@ -423,14 +431,14 @@
 		<img src='images/indicator_tiny.gif'>".
 		 __("Loading, please wait...")."</div>";
 
-		print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\" 
+		print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
 			url=\"backend.php?op=pref-filters&subop=getfiltertree\">
 		</div>
 		<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
 		query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
 			childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
 		</div>
-		<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" 
+		<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
 			model=\"filterModel\" openOnClick=\"true\">
 		<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
 			Element.hide(\"filterlistLoading\");
@@ -441,7 +449,7 @@
 
 			if (id.match('FILTER:')) {
 				editFilter(bare_id);
-			}			
+			}
 		</script>
 
 		</div>";