From: Andrew Dolgov <noreply@fakecake.org>
Date: Sun, 3 Dec 2017 06:43:18 +0000 (+0300)
Subject: plugin base class: init pdo object
X-Git-Tag: 17.12~26
X-Git-Url: https://git.wh0rd.org/?p=tt-rss.git;a=commitdiff_plain;h=b6f3562d1e2c30a696e6cfbea3703f4aa3138e8d

plugin base class: init pdo object
plugins/share: use PDO
---

diff --git a/classes/plugin.php b/classes/plugin.php
index fb4e08fb..69060b28 100644
--- a/classes/plugin.php
+++ b/classes/plugin.php
@@ -10,6 +10,10 @@ abstract class Plugin {
 	abstract function about();
 	// return array(1.0, "plugin", "No description", "No author", false);
 
+	function __construct() {
+		$this->pdo = Db::pdo();
+	}
+
 	function flags() {
 		/* associative array, possible keys:
 			needs_curl = boolean
diff --git a/plugins/share/init.php b/plugins/share/init.php
index 133f0944..84bc78eb 100644
--- a/plugins/share/init.php
+++ b/plugins/share/init.php
@@ -8,6 +8,7 @@ class Share extends Plugin {
 			"fox");
 	}
 
+	/* @var PluginHost $host */
 	function init($host) {
 		$this->host = $host;
 
@@ -25,10 +26,11 @@ class Share extends Plugin {
 
 
 	function unshare() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = $_REQUEST['id'];
 
-		db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id'
-			AND owner_uid = " . $_SESSION['uid']);
+		$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ?
+			AND owner_uid = ?");
+		$sth->execute([$id, $_SESSION['uid']]);
 
 		print "OK";
 	}
@@ -48,20 +50,21 @@ class Share extends Plugin {
 
 	// Silent
 	function clearArticleKeys() {
-		db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE
-			owner_uid = " . $_SESSION["uid"]);
+		$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE
+			owner_uid = ?");
+		$sth->execute([$_SESSION['uid']]);
 
 		return;
 	}
 
 
 	function newkey() {
-		$id = db_escape_string($_REQUEST['id']);
+		$id = $_REQUEST['id'];
+		$uuid = uniqid_short();
 
-		$uuid = db_escape_string(uniqid_short());
-
-		db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id'
-			AND owner_uid = " . $_SESSION['uid']);
+		$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+			AND owner_uid = ?");
+		$sth->execute([$uuid, $id, $_SESSION['uid']]);
 
 		print json_encode(array("link" => $uuid));
 	}
@@ -76,21 +79,22 @@ class Share extends Plugin {
 	}
 
 	function shareArticle() {
-		$param = db_escape_string($_REQUEST['param']);
+		$param = $_REQUEST['param'];
 
-		$result = db_query("SELECT uuid FROM ttrss_user_entries WHERE int_id = '$param'
-			AND owner_uid = " . $_SESSION['uid']);
+		$sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ?
+			AND owner_uid = ?");
+		$sth->execute([$param, $_SESSION['uid']]);
 
-		if (db_num_rows($result) == 0) {
-			print "Article not found.";
-		} else {
+		if ($row = $sth->fetch()) {
 
-			$uuid = db_fetch_result($result, 0, "uuid");
+			$uuid = $row['uuid'];
 
 			if (!$uuid) {
-				$uuid = db_escape_string(uniqid_short());
-				db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
-					AND owner_uid = " . $_SESSION['uid']);
+				$uuid = uniqid_short();
+
+				$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ?
+					AND owner_uid = ?");
+				$sth->execute([$uuid, $param, $_SESSION['uid']]);
 			}
 
 			print __("You can share this article by the following unique URL:") . "<br/>";
@@ -106,6 +110,10 @@ class Share extends Plugin {
 				label_create(__('Shared'), $_SESSION["uid"]);
 
 			label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */
+
+
+		} else {
+			print "Article not found.";
 		}
 
 		print "<div align='center'>";