From bf6db17b8f5c55ee2614abbde007f41025152ec7 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 2 Dec 2017 16:07:03 +0300 Subject: [PATCH] feeds: use PDO --- classes/pref/feeds.php | 315 ++++++++++++++++++++--------------------- 1 file changed, 152 insertions(+), 163 deletions(-) diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 1cc82b40..fcd2aeda 100755 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -499,239 +499,237 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - print '
-
'; $feed_id = $_REQUEST["id"]; - $result = db_query( - "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND - owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT * FROM ttrss_feeds WHERE id = ? AND + owner_uid = ?"); + $sth->execute([$feed_id, $_SESSION['uid']]); - $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0, - "auth_pass_encrypted")); + if ($row = $sth->fetch()) { + print '
+
'; - $title = htmlspecialchars(db_fetch_result($result, - 0, "title")); + $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]); - print_hidden("id", "$feed_id"); - print_hidden("op", "pref-feeds"); - print_hidden("method", "editSave"); + $title = htmlspecialchars($row["title"]); - print "
".__("Feed")."
"; - print "
"; + print_hidden("id", "$feed_id"); + print_hidden("op", "pref-feeds"); + print_hidden("method", "editSave"); + + print "
".__("Feed")."
"; + print "
"; - /* Title */ + /* Title */ - print ""; - /* Feed URL */ + /* Feed URL */ - $feed_url = db_fetch_result($result, 0, "feed_url"); - $feed_url = htmlspecialchars(db_fetch_result($result, - 0, "feed_url")); + $feed_url = htmlspecialchars($row["feed_url"]); - print "
"; + print "
"; - print __('URL:') . " "; - print ""; - $last_error = db_fetch_result($result, 0, "last_error"); + $last_error = $row["last_error"]; - if ($last_error) { - print " \"(error)\""; - } + } - /* Category */ + /* Category */ - if (get_pref('ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { - $cat_id = db_fetch_result($result, 0, "cat_id"); + $cat_id = $row["cat_id"]; - print "
"; + print "
"; - print __('Place in category:') . " "; + print __('Place in category:') . " "; - print_feed_cat_select("cat_id", $cat_id, - 'dojoType="dijit.form.Select"'); - } + print_feed_cat_select("cat_id", $cat_id, + 'dojoType="dijit.form.Select"'); + } - /* FTS Stemming Language */ + /* FTS Stemming Language */ - if (DB_TYPE == "pgsql") { - $feed_language = db_fetch_result($result, 0, "feed_language"); + if (DB_TYPE == "pgsql") { + $feed_language = $row["feed_language"]; - print "
"; + print "
"; - print __('Language:') . " "; - print_select("feed_language", $feed_language, $this::$feed_languages, - 'dojoType="dijit.form.Select"'); - } + print __('Language:') . " "; + print_select("feed_language", $feed_language, $this::$feed_languages, + 'dojoType="dijit.form.Select"'); + } - print "
"; + print "
"; - print "
".__("Update")."
"; - print "
"; + print "
".__("Update")."
"; + print "
"; - /* Update Interval */ + /* Update Interval */ - $update_interval = db_fetch_result($result, 0, "update_interval"); + $update_interval = $row["update_interval"]; - print_select_hash("update_interval", $update_interval, $update_intervals, - 'dojoType="dijit.form.Select"'); + print_select_hash("update_interval", $update_interval, $update_intervals, + 'dojoType="dijit.form.Select"'); - /* Purge intl */ + /* Purge intl */ - $purge_interval = db_fetch_result($result, 0, "purge_interval"); + $purge_interval = $row["purge_interval"]; - print "
"; - print __('Article purging:') . " "; + print "
"; + print __('Article purging:') . " "; - print_select_hash("purge_interval", $purge_interval, $purge_intervals, - 'dojoType="dijit.form.Select" ' . + print_select_hash("purge_interval", $purge_interval, $purge_intervals, + 'dojoType="dijit.form.Select" ' . ((FORCE_ARTICLE_PURGE == 0) ? "" : 'disabled="1"')); - print "
"; + print "
"; - $auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login")); - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_login = htmlspecialchars($row["auth_login"]); + $auth_pass = $row["auth_pass"]; - if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { - require_once "crypt.php"; - $auth_pass = decrypt_string($auth_pass); - } + if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); + } - $auth_pass = htmlspecialchars($auth_pass); - $auth_enabled = $auth_login !== '' || $auth_pass !== ''; + $auth_pass = htmlspecialchars($auth_pass); + $auth_enabled = $auth_login !== '' || $auth_pass !== ''; - $auth_style = $auth_enabled ? '' : 'display: none'; - print "
"; - print "
".__("Authentication")."
"; - print "
"; + $auth_style = $auth_enabled ? '' : 'display: none'; + print "
"; + print "
".__("Authentication")."
"; + print "
"; - print "
"; - print ""; - print "
+ print "
".__('Hint: you need to fill in your login information if your feed requires authentication, except for Twitter feeds.')."
"; - print "
"; + print "
"; - $auth_checked = $auth_enabled ? 'checked' : ''; - print "
+ $auth_checked = $auth_enabled ? 'checked' : ''; + print "
"; + __('This feed requires authentication.')."
"; - print '
'; + print '
'; - //print "
".__("Options")."
"; - print "
"; + //print "
".__("Options")."
"; + print "
"; - $private = sql_bool_to_bool(db_fetch_result($result, 0, "private")); + $private = sql_bool_to_bool($row["private"]); - if ($private) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($private) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print " "; - $include_in_digest = sql_bool_to_bool(db_fetch_result($result, 0, "include_in_digest")); + $include_in_digest = sql_bool_to_bool($row["include_in_digest"]); - if ($include_in_digest) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($include_in_digest) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "
 "; - $always_display_enclosures = sql_bool_to_bool(db_fetch_result($result, 0, "always_display_enclosures")); + $always_display_enclosures = sql_bool_to_bool($row["always_display_enclosures"]); - if ($always_display_enclosures) { - $checked = "checked"; - } else { - $checked = ""; - } + if ($always_display_enclosures) { + $checked = "checked"; + } else { + $checked = ""; + } - print "
 "; - $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images")); + $hide_images = sql_bool_to_bool($row["hide_images"]); - if ($hide_images) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($hide_images) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "
 "; + __('Do not embed images').""; - $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); + $cache_images = sql_bool_to_bool($row["cache_images"]); - if ($cache_images) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($cache_images) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "
 "; + __('Cache media').""; - $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update")); + $mark_unread_on_update = sql_bool_to_bool($row["mark_unread_on_update"]); - if ($mark_unread_on_update) { - $checked = "checked"; - } else { - $checked = ""; - } + if ($mark_unread_on_update) { + $checked = "checked"; + } else { + $checked = ""; + } - print "
 "; - print "
"; + print "
"; - print '
'; + print '
'; - /* Icon */ + /* Icon */ - print "
"; + print "
"; - print ""; - print "
@@ -744,31 +742,29 @@ class Pref_Feeds extends Handler_Protected { type=\"submit\">".__('Remove')."
"; - print "
"; + print "
"; - print '
'; + print '
'; - PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED, - "hook_prefs_edit_feed", $feed_id); + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED, + "hook_prefs_edit_feed", $feed_id); - print "
"; + print "
"; - $title = htmlspecialchars($title, ENT_QUOTES); + $title = htmlspecialchars($title, ENT_QUOTES); - print "
+ print "
"; - print "
"; + print "
"; - print " - -
"; - - - return; + print " + +
"; + } } function editfeeds() { @@ -1129,10 +1125,15 @@ class Pref_Feeds extends Handler_Protected { print "
"; print "
"; - $result = db_query("SELECT COUNT(id) AS num_errors - FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT COUNT(id) AS num_errors + FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); - $num_errors = db_fetch_result($result, 0, "num_errors"); + if ($row = $sth->fetch()) { + $num_errors = $row["num_errors"]; + } else { + $num_errors = 0; + } if ($num_errors > 0) { @@ -1737,24 +1738,12 @@ class Pref_Feeds extends Handler_Protected { private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; - $sql_is_cat = bool_to_sql_bool($is_cat); - - $result = db_query("SELECT access_key FROM ttrss_access_keys - WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat - AND owner_uid = " . $owner_uid); + // clear old value and generate new one + $sth = $this->pdo->prepare("DELETE FROM ttrss_access_keys + WHERE feed_id = ? AND is_cat = ? AND owner_uid = ?"); + $sth->execute([$feed_id, $is_cat, $owner_uid]); - if (db_num_rows($result) == 1) { - $key = uniqid_short(); - - db_query("UPDATE ttrss_access_keys SET access_key = '$key' - WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat - AND owner_uid = " . $owner_uid); - - return $key; - - } else { - return get_feed_access_key($feed_id, $is_cat, $owner_uid); - } + return get_feed_access_key($feed_id, $is_cat, $owner_uid); } // Silent -- 2.39.2