diff --git a/classes/ccache.php b/classes/ccache.php index 9a6f14f3d..88e28e9e8 100644 --- a/classes/ccache.php +++ b/classes/ccache.php @@ -142,7 +142,13 @@ class CCache { $unread = (int) Feeds::getFeedArticles($feed_id, $is_cat, true, $owner_uid); } - $pdo->beginTransaction(); + $tr_in_progress = false; + + try { + $pdo->beginTransaction(); + } catch (Exception $e) { + $tr_in_progress = true; + } $sth = $pdo->prepare("SELECT feed_id FROM $table WHERE owner_uid = ? AND feed_id = ? LIMIT 1"); @@ -164,7 +170,7 @@ class CCache { $sth->execute([$feed_id, $unread, $owner_uid]); } - $pdo->commit(); + if (!$tr_in_progress) $pdo->commit(); if ($feed_id > 0 && $prev_unread != $unread) { diff --git a/classes/rssutils.php b/classes/rssutils.php index b8732c666..349f85996 100644 --- a/classes/rssutils.php +++ b/classes/rssutils.php @@ -33,10 +33,10 @@ class RSSUtils { while ($line = $sth->fetch()) { - $subscribers = db_escape_string($line["subscribers"]); - $feed_url = db_escape_string($line["feed_url"]); - $title = db_escape_string($line["title"]); - $site_url = db_escape_string($line["site_url"]); + $subscribers = $line["subscribers"]; + $feed_url = $line["feed_url"]; + $title = $line["title"]; + $site_url = $line["site_url"]; $tmph = $pdo->prepare("SELECT subscribers FROM ttrss_feedbrowser_cache WHERE feed_url = ?"); @@ -211,79 +211,90 @@ class RSSUtils { // this is used when subscribing static function set_basic_feed_info($feed) { - $feed = db_escape_string($feed); + $pdo = Db::pdo(); - $result = db_query("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted - FROM ttrss_feeds WHERE id = '$feed'"); + $sth = $pdo->prepare("SELECT owner_uid,feed_url,auth_pass,auth_login,auth_pass_encrypted + FROM ttrss_feeds WHERE id = ?"); + $sth->execute([$feed]); - $owner_uid = db_fetch_result($result, 0, "owner_uid"); + if ($row = $sth->fetch()) { - $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, - 0, "auth_pass_encrypted")); + $owner_uid = $row["owner_uid"]; - $auth_login = db_fetch_result($result, 0, "auth_login"); - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]); - if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { - require_once "crypt.php"; - $auth_pass = decrypt_string($auth_pass); - } + $auth_login = $row["auth_login"]; + $auth_pass = $row["auth_pass"]; - $fetch_url = db_fetch_result($result, 0, "feed_url"); - - $pluginhost = new PluginHost(); - $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); - - $pluginhost->load(PLUGINS, PluginHost::KIND_ALL); - $pluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid); - $pluginhost->load_data(); - - $basic_info = array(); - foreach ($pluginhost->get_hooks(PluginHost::HOOK_FEED_BASIC_INFO) as $plugin) { - $basic_info = $plugin->hook_feed_basic_info($basic_info, $fetch_url, $owner_uid, $feed, $auth_login, $auth_pass); - } - - if (!$basic_info) { - $feed_data = fetch_file_contents($fetch_url, false, - $auth_login, $auth_pass, false, - FEED_FETCH_TIMEOUT, - 0); - - global $fetch_curl_used; - - if (!$fetch_curl_used) { - $tmp = @gzdecode($feed_data); - - if ($tmp) $feed_data = $tmp; + if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); } - $feed_data = trim($feed_data); + $fetch_url = $row["feed_url"]; - $rss = new FeedParser($feed_data); - $rss->init(); + $pluginhost = new PluginHost(); + $user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid); - if (!$rss->error()) { - $basic_info = array( - 'title' => db_escape_string(mb_substr($rss->get_title(), 0, 199)), - 'site_url' => db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245)) - ); - } - } + $pluginhost->load(PLUGINS, PluginHost::KIND_ALL); + $pluginhost->load($user_plugins, PluginHost::KIND_USER, $owner_uid); + $pluginhost->load_data(); - if ($basic_info && is_array($basic_info)) { - $result = db_query("SELECT title, site_url FROM ttrss_feeds WHERE id = '$feed'"); - - $registered_title = db_fetch_result($result, 0, "title"); - $orig_site_url = db_fetch_result($result, 0, "site_url"); - - if ($basic_info['title'] && (!$registered_title || $registered_title == "[Unknown]")) { - db_query("UPDATE ttrss_feeds SET - title = '${basic_info['title']}' WHERE id = '$feed'"); + $basic_info = array(); + foreach ($pluginhost->get_hooks(PluginHost::HOOK_FEED_BASIC_INFO) as $plugin) { + $basic_info = $plugin->hook_feed_basic_info($basic_info, $fetch_url, $owner_uid, $feed, $auth_login, $auth_pass); } - if ($basic_info['site_url'] && $orig_site_url != $basic_info['site_url']) { - db_query("UPDATE ttrss_feeds SET - site_url = '${basic_info['site_url']}' WHERE id = '$feed'"); + if (!$basic_info) { + $feed_data = fetch_file_contents($fetch_url, false, + $auth_login, $auth_pass, false, + FEED_FETCH_TIMEOUT, + 0); + + global $fetch_curl_used; + + if (!$fetch_curl_used) { + $tmp = @gzdecode($feed_data); + + if ($tmp) $feed_data = $tmp; + } + + $feed_data = trim($feed_data); + + $rss = new FeedParser($feed_data); + $rss->init(); + + if (!$rss->error()) { + $basic_info = array( + 'title' => mb_substr($rss->get_title(), 0, 199), + 'site_url' => mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245) + ); + } + } + + if ($basic_info && is_array($basic_info)) { + $sth = $pdo->prepare("SELECT title, site_url FROM ttrss_feeds WHERE id = ?"); + $sth->execute([$feed]); + + if ($row = $sth->fetch()) { + + $registered_title = $row["title"]; + $orig_site_url = $row["site_url"]; + + if ($basic_info['title'] && (!$registered_title || $registered_title == "[Unknown]")) { + + $sth = $pdo->prepare("UPDATE ttrss_feeds SET + title = ? WHERE id = ?"); + $sth->execute([$basic_info['title'], $feed]); + } + + if ($basic_info['site_url'] && $orig_site_url != $basic_info['site_url']) { + $sth = $pdo->prepare("UPDATE ttrss_feeds SET + site_url = ? WHERE id = ?"); + $sth->execute([$basic_info['site_url'], $feed]); + } + + } } } } @@ -298,16 +309,18 @@ class RSSUtils { _debug_suppress(!$debug_enabled); _debug("start", $debug_enabled); - $result = db_query("SELECT title FROM ttrss_feeds - WHERE id = '$feed'"); + $pdo = Db::pdo(); - if (db_num_rows($result) == 0) { + $sth = $pdo->prepare("SELECT title FROM ttrss_feeds WHERE id = ?"); + $sth->execute([$feed]); + + if (!$row = $sth->fetch()) { _debug("feed $feed NOT FOUND/SKIPPED", $debug_enabled); user_error("Attempt to update unknown/invalid feed $feed", E_USER_WARNING); return false; } - $title = db_fetch_result($result, 0, "title"); + $title = $row["title"]; // feed was batch-subscribed or something, we need to get basic info // this is not optimal currently as it fetches stuff separately TODO: optimize @@ -316,40 +329,44 @@ class RSSUtils { RSSUtils::set_basic_feed_info($feed); } - $result = db_query("SELECT id,update_interval,auth_login, + $sth = $pdo->prepare("SELECT id,update_interval,auth_login, feed_url,auth_pass,cache_images, mark_unread_on_update, owner_uid, auth_pass_encrypted, feed_language, last_modified, ".SUBSTRING_FOR_DATE."(last_unconditional, 1, 19) AS last_unconditional - FROM ttrss_feeds WHERE id = '$feed'"); + FROM ttrss_feeds WHERE id = ?"); + $sth->execute([$feed]); + + if ($row = $sth->fetch()) { - $owner_uid = db_fetch_result($result, 0, "owner_uid"); - $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, - 0, "mark_unread_on_update")); - $auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, - 0, "auth_pass_encrypted")); + $owner_uid = $row["owner_uid"]; + $mark_unread_on_update = sql_bool_to_bool($row["mark_unread_on_update"]); + $auth_pass_encrypted = sql_bool_to_bool($row["auth_pass_encrypted"]); - db_query("UPDATE ttrss_feeds SET last_update_started = NOW() - WHERE id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_update_started = NOW() + WHERE id = ?"); + $sth->execute([$feed]); - $auth_login = db_fetch_result($result, 0, "auth_login"); - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_login = $row["auth_login"]; + $auth_pass = $row["auth_pass"]; - if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { - require_once "crypt.php"; - $auth_pass = decrypt_string($auth_pass); + if ($auth_pass_encrypted && function_exists("mcrypt_decrypt")) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); + } + + $stored_last_modified = $row["last_modified"]; + $last_unconditional = $row["last_unconditional"]; + $cache_images = sql_bool_to_bool($row["cache_images"]); + $fetch_url = $row["feed_url"]; + $feed_language = mb_strtolower($row["feed_language"]); + if (!$feed_language) $feed_language = 'english'; + + } else { + return false; } - $stored_last_modified = db_fetch_result($result, 0, "last_modified"); - $last_unconditional = db_fetch_result($result, 0, "last_unconditional"); - $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); - $fetch_url = db_fetch_result($result, 0, "feed_url"); - $feed_language = db_escape_string(mb_strtolower(db_fetch_result($result, 0, "feed_language"))); - if (!$feed_language) $feed_language = 'english'; - - $feed = db_escape_string($feed); - $date_feed_processed = date('Y-m-d H:i'); $cache_filename = CACHE_DIR . "/simplepie/" . sha1($fetch_url) . ".xml"; @@ -432,10 +449,8 @@ class RSSUtils { _debug("source last modified: " . $fetch_last_modified, $debug_enabled); if ($feed_data && $fetch_last_modified != $stored_last_modified) { - $last_modified_escaped = db_escape_string(substr($fetch_last_modified, 0, 245)); - - db_query("UPDATE ttrss_feeds SET last_modified = '$last_modified_escaped' WHERE id = '$feed'"); - + $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_modified = ? WHERE id = ?"); + $sth->execute([substr($fetch_last_modified, 0, 245), $feed]); } // cache vanilla feed data for re-use @@ -455,18 +470,17 @@ class RSSUtils { _debug("unable to fetch: $fetch_last_error [$fetch_last_error_code]", $debug_enabled); - $error_escaped = ''; - // If-Modified-Since if ($fetch_last_error_code != 304) { - $error_escaped = db_escape_string($fetch_last_error); + $error_message = $fetch_last_error; } else { _debug("source claims data not modified, nothing to do.", $debug_enabled); + $error_message = ""; } - db_query( - "UPDATE ttrss_feeds SET last_error = '$error_escaped', - last_updated = NOW() WHERE id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_error = ?, + last_updated = NOW() WHERE id = ?"); + $sth->execute([$error_message, $feed]); return; } @@ -478,7 +492,7 @@ class RSSUtils { $rss = new FeedParser($feed_data); $rss->init(); - $feed = db_escape_string($feed); + $feed = $feed; if (!$rss->error()) { @@ -488,26 +502,27 @@ class RSSUtils { _debug("language: $feed_language", $debug_enabled); _debug("processing feed data...", $debug_enabled); -// db_query("BEGIN"); - if (DB_TYPE == "pgsql") { $favicon_interval_qpart = "favicon_last_checked < NOW() - INTERVAL '12 hour'"; } else { $favicon_interval_qpart = "favicon_last_checked < DATE_SUB(NOW(), INTERVAL 12 HOUR)"; } - $result = db_query("SELECT owner_uid,favicon_avg_color, + $sth = $pdo->prepare("SELECT owner_uid,favicon_avg_color, (favicon_last_checked IS NULL OR $favicon_interval_qpart) AS favicon_needs_check - FROM ttrss_feeds WHERE id = '$feed'"); + FROM ttrss_feeds WHERE id = ?"); + $sth->execute([$feed]); - $favicon_needs_check = sql_bool_to_bool(db_fetch_result($result, 0, - "favicon_needs_check")); - $favicon_avg_color = db_fetch_result($result, 0, "favicon_avg_color"); + if ($row = $sth->fetch()) { + $favicon_needs_check = sql_bool_to_bool($row["favicon_needs_check"]); + $favicon_avg_color = $row["favicon_avg_color"]; + $owner_uid = $row["owner_uid"]; + } else { + return false; + } - $owner_uid = db_fetch_result($result, 0, "owner_uid"); - - $site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245)); + $site_url = mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245); _debug("site_url: $site_url", $debug_enabled); _debug("feed_title: " . $rss->get_title(), $debug_enabled); @@ -528,23 +543,25 @@ class RSSUtils { if ($favicon_modified_new > $favicon_modified) $favicon_avg_color = ''; + $favicon_colorstring = ""; if (file_exists($favicon_file) && function_exists("imagecreatefromstring") && $favicon_avg_color == '') { require_once "colors.php"; - db_query("UPDATE ttrss_feeds SET favicon_avg_color = 'fail' WHERE - id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds SET favicon_avg_color = 'fail' WHERE + id = ?"); + $sth->execute([$feed]); - $favicon_color = db_escape_string( - calculate_avg_color($favicon_file)); + $favicon_color = calculate_avg_color($favicon_file); + + $favicon_colorstring = ",favicon_avg_color = " . $pdo->quote($favicon_color); - $favicon_colorstring = ",favicon_avg_color = '".$favicon_color."'"; } else if ($favicon_avg_color == 'fail') { _debug("floicon failed on this file, not trying to recalculate avg color", $debug_enabled); } - db_query("UPDATE ttrss_feeds SET favicon_last_checked = NOW() - $favicon_colorstring - WHERE id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds SET favicon_last_checked = NOW() + $favicon_colorstring WHERE id = ?"); + $sth->execute([$feed]); } _debug("loading filters & labels...", $debug_enabled); @@ -562,10 +579,11 @@ class RSSUtils { if (!is_array($items)) { _debug("no articles found.", $debug_enabled); - db_query("UPDATE ttrss_feeds - SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds + SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = ?"); + $sth->execute([$feed]); - return; // no articles + return true; // no articles } _debug("processing articles...", $debug_enabled); @@ -582,20 +600,18 @@ class RSSUtils { break; } - $entry_guid = $item->get_id(); - if (!$entry_guid) $entry_guid = $item->get_link(); + $entry_guid = strip_tags($item->get_id()); + if (!$entry_guid) $entry_guid = strip_tags($item->get_link()); if (!$entry_guid) $entry_guid = RSSUtils::make_guid_from_title($item->get_title()); if (!$entry_guid) continue; $entry_guid = "$owner_uid,$entry_guid"; - $entry_guid_hashed = db_escape_string('SHA1:' . sha1($entry_guid)); + $entry_guid_hashed = 'SHA1:' . sha1($entry_guid); _debug("guid $entry_guid / $entry_guid_hashed", $debug_enabled); - $entry_timestamp = ""; - - $entry_timestamp = $item->get_date(); + $entry_timestamp = strip_tags($item->get_date()); _debug("orig date: " . $item->get_date(), $debug_enabled); @@ -607,9 +623,7 @@ class RSSUtils { _debug("date $entry_timestamp [$entry_timestamp_fmt]", $debug_enabled); -// $entry_title = html_entity_decode($item->get_title(), ENT_COMPAT, 'UTF-8'); -// $entry_title = decode_numeric_entities($entry_title); - $entry_title = $item->get_title(); + $entry_title = strip_tags($item->get_title()); $entry_link = rewrite_relative_url($site_url, $item->get_link()); @@ -627,11 +641,11 @@ class RSSUtils { print "\n"; } - $entry_comments = db_escape_string(mb_substr($item->get_comments_url(), 0, 245)); + $entry_comments = mb_substr(strip_tags($item->get_comments_url()), 0, 245); $num_comments = (int) $item->get_comments_count(); - $entry_author = $item->get_author(); // escaped later - $entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245)); + $entry_author = strip_tags($item->get_author()); + $entry_guid = mb_substr($entry_guid, 0, 245); _debug("author $entry_author", $debug_enabled); _debug("num_comments: $num_comments", $debug_enabled); @@ -658,18 +672,18 @@ class RSSUtils { _debug("done collecting data.", $debug_enabled); - $result = db_query("SELECT id, content_hash, lang FROM ttrss_entries - WHERE guid = '".db_escape_string($entry_guid)."' OR guid = '$entry_guid_hashed'"); + $sth = $pdo->prepare("SELECT id, content_hash, lang FROM ttrss_entries + WHERE guid = ? OR guid = ?"); + $sth->execute([$entry_guid, $entry_guid_hashed]); - if (db_num_rows($result) != 0) { - $base_entry_id = db_fetch_result($result, 0, "id"); - $entry_stored_hash = db_fetch_result($result, 0, "content_hash"); + if ($row = $sth->fetch()) { + $base_entry_id = $row["id"]; + $entry_stored_hash = $row["content_hash"]; $article_labels = Article::get_article_labels($base_entry_id, $owner_uid); - $entry_language = db_fetch_result($result, 0, "lang"); + $entry_language = $row["lang"]; $existing_tags = Article::get_article_tags($base_entry_id, $owner_uid); $entry_tags = array_unique(array_merge($entry_tags, $existing_tags)); - } else { $base_entry_id = false; $entry_stored_hash = ""; @@ -709,10 +723,9 @@ class RSSUtils { // dupes when the entry gets purged and reinserted again e.g. // in the case of SLOW SLOW OMG SLOW updating feeds - $base_entry_id = db_fetch_result($result, 0, "id"); - - db_query("UPDATE ttrss_entries SET date_updated = NOW() - WHERE id = '$base_entry_id'"); + $sth = $pdo->prepare("UPDATE ttrss_entries SET date_updated = NOW() + WHERE id = ?"); + $sth->execute([$base_entry_id]); continue; } @@ -736,8 +749,6 @@ class RSSUtils { print "\n"; } - $entry_plugin_data = db_escape_string($entry_plugin_data); - _debug("plugin data: $entry_plugin_data", $debug_enabled); // Workaround: 4-byte unicode requires utf8mb4 in MySQL. See https://tt-rss.org/forum/viewtopic.php?f=1&t=3377&p=20077#p20077 @@ -802,15 +813,14 @@ class RSSUtils { } $entry_tags = $article["tags"]; - $entry_guid = db_escape_string($entry_guid); - $entry_title = db_escape_string($article["title"]); - $entry_author = db_escape_string(mb_substr($article["author"], 0, 245)); - $entry_link = db_escape_string($article["link"]); + $entry_title = strip_tags($article["title"]); + $entry_author = mb_substr(strip_tags($article["author"]), 0, 245); + $entry_link = strip_tags($article["link"]); $entry_content = $article["content"]; // escaped below $entry_force_catchup = $article["force_catchup"]; $article_labels = $article["labels"]; $entry_score_modifier = (int) $article["score_modifier"]; - $entry_language = db_escape_string($article["language"]); + $entry_language = $article["language"]; if ($debug_enabled) { _debug("article labels:", $debug_enabled); @@ -825,22 +835,19 @@ class RSSUtils { if ($cache_images && is_writable(CACHE_DIR . '/images')) RSSUtils::cache_media($entry_content, $site_url, $debug_enabled); - $entry_content = db_escape_string($entry_content, false); + $csth = $pdo->prepare("SELECT id FROM ttrss_entries + WHERE guid = ? OR guid = ?"); + $csth->execute([$entry_guid, $entry_guid_hashed]); - //db_query("BEGIN"); - - $result = db_query("SELECT id FROM ttrss_entries - WHERE (guid = '$entry_guid' OR guid = '$entry_guid_hashed')"); - - if (db_num_rows($result) == 0) { + if (!$row = $csth->fetch()) { _debug("base guid [$entry_guid or $entry_guid_hashed] not found, creating...", $debug_enabled); // base post entry does not exist, create it - db_query( + $usth = $pdo->prepare( "INSERT INTO ttrss_entries - (title, + (title, guid, link, updated, @@ -855,48 +862,39 @@ class RSSUtils { lang, author) VALUES - ('$entry_title', - '$entry_guid_hashed', - '$entry_link', - '$entry_timestamp_fmt', - '$entry_content', - '$entry_current_hash', + (?, ?, ?, ?, ?, ?, false, NOW(), - '$date_feed_processed', - '$entry_comments', - '$num_comments', - '$entry_plugin_data', - '$entry_language', - '$entry_author')"); + ?, ?, ?, ?, ?, ?)"); + + $usth->execute([$entry_title, + $entry_guid_hashed, + $entry_link, + $entry_timestamp_fmt, + $entry_content, + $entry_current_hash, + $date_feed_processed, + $entry_comments, + $num_comments, + $entry_plugin_data, + $entry_language, + $entry_author]); } - // now it should exist, if not - bad luck then - - $result = db_query("SELECT id FROM ttrss_entries - WHERE guid = '$entry_guid' OR guid = '$entry_guid_hashed'"); + $csth->execute([$entry_guid, $entry_guid_hashed]); $entry_ref_id = 0; $entry_int_id = 0; - if (db_num_rows($result) == 1) { + if ($row = $csth->fetch()) { _debug("base guid found, checking for user record", $debug_enabled); - $ref_id = db_fetch_result($result, 0, "id"); + $ref_id = $row['id']; $entry_ref_id = $ref_id; - /* $stored_guid = db_fetch_result($result, 0, "guid"); - if ($stored_guid != $entry_guid_hashed) { - if ($debug_enabled) _debug("upgrading compat guid to hashed one", $debug_enabled); - - db_query("UPDATE ttrss_entries SET guid = '$entry_guid_hashed' WHERE - id = '$ref_id'"); - } */ - if (RSSUtils::find_article_filter($article_filters, "filter")) { - //db_query("COMMIT"); // close transaction in progress continue; } @@ -906,103 +904,104 @@ class RSSUtils { // check for user post link to main table - $query = "SELECT ref_id, int_id FROM ttrss_user_entries WHERE - ref_id = '$ref_id' AND owner_uid = '$owner_uid'"; - -// if ($_REQUEST["xdebug"]) print "$query\n"; - - $result = db_query($query); + $sth = $pdo->prepare("SELECT ref_id, int_id FROM ttrss_user_entries WHERE + ref_id = ? AND owner_uid = ?"); + $sth->execute([$ref_id, $owner_uid]); // okay it doesn't exist - create user entry - if (db_num_rows($result) == 0) { + if ($row = $sth->fetch()) { + $entry_ref_id = $row["ref_id"]; + $entry_int_id = $row["int_id"]; + _debug("user record FOUND: RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled); + } else { + _debug("user record not found, creating...", $debug_enabled); if ($score >= -500 && !RSSUtils::find_article_filter($article_filters, 'catchup') && !$entry_force_catchup) { - $unread = 'true'; - $last_read_qpart = 'NULL'; + $unread = 1; + $last_read_qpart = null; } else { - $unread = 'false'; + $unread = 0; $last_read_qpart = 'NOW()'; } if (RSSUtils::find_article_filter($article_filters, 'mark') || $score > 1000) { - $marked = 'true'; + $marked = 1; } else { - $marked = 'false'; + $marked = 0; } if (RSSUtils::find_article_filter($article_filters, 'publish')) { - $published = 'true'; + $published = 1; } else { - $published = 'false'; + $published = 0; } - $last_marked = ($marked == 'true') ? 'NOW()' : 'NULL'; - $last_published = ($published == 'true') ? 'NOW()' : 'NULL'; + $last_marked = ($marked == 'true') ? 'NOW()' : null; + $last_published = ($published == 'true') ? 'NOW()' : null; - $result = db_query( + $sth = $pdo->prepare( "INSERT INTO ttrss_user_entries (ref_id, owner_uid, feed_id, unread, last_read, marked, published, score, tag_cache, label_cache, uuid, last_marked, last_published) - VALUES ('$ref_id', '$owner_uid', '$feed', $unread, - $last_read_qpart, $marked, $published, '$score', '', '', - '', $last_marked, $last_published)"); + VALUES (?, ?, ?, ?, ?, ?, ?, ?, '', '', '', ?, ?)"); - $result = db_query( - "SELECT int_id FROM ttrss_user_entries WHERE - ref_id = '$ref_id' AND owner_uid = '$owner_uid' AND - feed_id = '$feed' LIMIT 1"); + $sth->execute([$ref_id, $owner_uid, $feed, $unread, $last_read_qpart, $marked, + $published, $score, $last_marked, $last_published]); - if (db_num_rows($result) == 1) { - $entry_int_id = db_fetch_result($result, 0, "int_id"); - } - } else { - _debug("user record FOUND", $debug_enabled); + $sth = $pdo->prepare("SELECT int_id FROM ttrss_user_entries WHERE + ref_id = ? AND owner_uid = ? AND + feed_id = ? LIMIT 1"); - $entry_ref_id = db_fetch_result($result, 0, "ref_id"); - $entry_int_id = db_fetch_result($result, 0, "int_id"); + $sth->execute([$ref_id, $owner_uid, $feed]); + + if ($row = $sth->fetch()) + $entry_int_id = $row['int_id']; } - _debug("RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled); + _debug("resulting RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled); if (DB_TYPE == "pgsql") { - $tsvector_combined = db_escape_string(mb_substr($entry_title . ' ' . strip_tags(str_replace('<', ' <', $entry_content)), - 0, 1000000)); + $tsvector_combined = mb_substr($entry_title . ' ' . strip_tags(str_replace('<', ' <', $entry_content)), + 0, 1000000); - $tsvector_qpart = "tsvector_combined = to_tsvector('$feed_language', '$tsvector_combined'),"; + $tsvector_qpart = "tsvector_combined = to_tsvector('$feed_language', ".$pdo->quote($tsvector_combined)."),"; } else { $tsvector_qpart = ""; } - db_query("UPDATE ttrss_entries - SET title = '$entry_title', - content = '$entry_content', - content_hash = '$entry_current_hash', - updated = '$entry_timestamp_fmt', + $sth = $pdo->prepare("UPDATE ttrss_entries + SET title = ?, + content = ?, + content_hash = ?, + updated = ?, $tsvector_qpart - num_comments = '$num_comments', - plugin_data = '$entry_plugin_data', - author = '$entry_author', - lang = '$entry_language' - WHERE id = '$ref_id'"); + num_comments = ?, + plugin_data = ?, + author = ?, + lang = ? + WHERE id = ?"); + + $sth->execute([$entry_title, $entry_content, $entry_current_hash, $entry_timestamp_fmt, + $num_comments, $entry_plugin_data, $entry_author, $entry_language, $ref_id]); // update aux data - db_query("UPDATE ttrss_user_entries - SET score = '$score' WHERE ref_id = '$ref_id'"); + $sth = $pdo->prepare("UPDATE ttrss_user_entries + SET score = ? WHERE ref_id = ?"); + $sth->execute([$score, $ref_id]); if ($mark_unread_on_update) { _debug("article updated, marking unread as requested.", $debug_enabled); - db_query("UPDATE ttrss_user_entries - SET last_read = null, unread = true WHERE ref_id = '$ref_id'"); + $sth = $pdo->prepare("UPDATE ttrss_user_entries + SET last_read = null, unread = true WHERE ref_id = ?"); + $sth->execute([$ref_id]); } } - //db_query("COMMIT"); - _debug("assigning labels [other]...", $debug_enabled); foreach ($article_labels as $label) { @@ -1039,31 +1038,28 @@ class RSSUtils { print_r($enclosures); } - //db_query("BEGIN"); + $esth = $pdo->prepare("SELECT id FROM ttrss_enclosures + WHERE content_url = ? AND post_id = ?"); -// debugging -// db_query("DELETE FROM ttrss_enclosures WHERE post_id = '$entry_ref_id'"); + $usth = $pdo->prepare("INSERT INTO ttrss_enclosures + (content_url, content_type, title, duration, post_id, width, height) VALUES + (?, ?, ?, ?, ?, ?, ?)"); foreach ($enclosures as $enc) { - $enc_url = db_escape_string($enc[0]); - $enc_type = db_escape_string($enc[1]); - $enc_dur = db_escape_string($enc[2]); - $enc_title = db_escape_string($enc[3]); + $enc_url = $enc[0]; + $enc_type = $enc[1]; + $enc_dur = $enc[2]; + $enc_title = $enc[3]; $enc_width = intval($enc[4]); $enc_height = intval($enc[5]); - $result = db_query("SELECT id FROM ttrss_enclosures - WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'"); + $esth->execute([$enc_url, $entry_ref_id]); - if (db_num_rows($result) == 0) { - db_query("INSERT INTO ttrss_enclosures - (content_url, content_type, title, duration, post_id, width, height) VALUES - ('$enc_url', '$enc_type', '$enc_title', '$enc_dur', '$entry_ref_id', $enc_width, $enc_height)"); + if (!$esth->fetch()) { + $usth->execute([$enc_url, $enc_type, (string)$enc_title, $enc_dur, $entry_ref_id, $enc_width, $enc_height]); } } - //db_query("COMMIT"); - // check for manual tags (we have to do it here since they're loaded from filters) foreach ($article_filters as $f) { @@ -1106,24 +1102,24 @@ class RSSUtils { if (count($filtered_tags) > 0) { - //db_query("BEGIN"); + $tsth = $pdo->prepare("SELECT id FROM ttrss_tags + WHERE tag_name = ? AND post_int_id = ? AND + owner_uid = ? LIMIT 1"); + + $usth = $pdo->prepare("INSERT INTO ttrss_tags + (owner_uid,tag_name,post_int_id) + VALUES (?, ?, ?)"); foreach ($filtered_tags as $tag) { $tag = sanitize_tag($tag); - $tag = db_escape_string($tag); if (!tag_is_valid($tag)) continue; - $result = db_query("SELECT id FROM ttrss_tags - WHERE tag_name = '$tag' AND post_int_id = '$entry_int_id' AND - owner_uid = '$owner_uid' LIMIT 1"); + $tsth->execute([$tag, $entry_int_id, $owner_uid]); - if ($result && db_num_rows($result) == 0) { - - db_query("INSERT INTO ttrss_tags - (owner_uid,tag_name,post_int_id) - VALUES ('$owner_uid','$tag', '$entry_int_id')"); + if (!$tsth->fetch()) { + $usth->execute([$owner_uid, $tag, $entry_int_id]); } array_push($tags_to_cache, $tag); @@ -1133,13 +1129,12 @@ class RSSUtils { $tags_to_cache = array_unique($tags_to_cache); - $tags_str = db_escape_string(join(",", $tags_to_cache)); + $tags_str = join(",", $tags_to_cache); - db_query("UPDATE ttrss_user_entries - SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id' - AND owner_uid = $owner_uid"); - - //db_query("COMMIT"); + $tsth = $pdo->prepare("UPDATE ttrss_user_entries + SET tag_cache = ? WHERE ref_id = ? + AND owner_uid = ?"); + $tsth->execute([$tags_str, $entry_ref_id, $owner_uid]); } _debug("article processed", $debug_enabled); @@ -1149,14 +1144,13 @@ class RSSUtils { purge_feed($feed, 0, $debug_enabled); - db_query("UPDATE ttrss_feeds - SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = '$feed'"); - -// db_query("COMMIT"); + $sth = $pdo->prepare("UPDATE ttrss_feeds + SET last_updated = NOW(), last_unconditional = NOW(), last_error = '' WHERE id = ?"); + $sth->execute([$feed]); } else { - $error_msg = db_escape_string(mb_substr($rss->error(), 0, 245)); + $error_msg = mb_substr($rss->error(), 0, 245); _debug("fetch error: $error_msg", $debug_enabled); @@ -1166,12 +1160,12 @@ class RSSUtils { } } - db_query( - "UPDATE ttrss_feeds SET last_error = '$error_msg', - last_updated = NOW(), last_unconditional = NOW() WHERE id = '$feed'"); + $sth = $pdo->prepare("UPDATE ttrss_feeds SET last_error = ?, + last_updated = NOW(), last_unconditional = NOW() WHERE id = ?"); + $sth->execute([$error_msg, $feed]); unset($rss); - return; + return false; } _debug("done", $debug_enabled); @@ -1240,14 +1234,15 @@ class RSSUtils { static function expire_error_log($debug) { if ($debug) _debug("Removing old error log entries..."); + $pdo = Db::pdo(); + if (DB_TYPE == "pgsql") { - db_query("DELETE FROM ttrss_error_log + $pdo->query("DELETE FROM ttrss_error_log WHERE created_at < NOW() - INTERVAL '7 days'"); } else { - db_query("DELETE FROM ttrss_error_log + $pdo->query("DELETE FROM ttrss_error_log WHERE created_at < DATE_SUB(NOW(), INTERVAL 7 DAY)"); } - } static function expire_lock_files($debug) { @@ -1454,19 +1449,23 @@ class RSSUtils { } static function cleanup_counters_cache($debug) { - $result = db_query("DELETE FROM ttrss_counters_cache + $pdo = Db::pdo(); + + $res = $pdo->query("DELETE FROM ttrss_counters_cache WHERE feed_id > 0 AND (SELECT COUNT(id) FROM ttrss_feeds WHERE id = feed_id AND ttrss_counters_cache.owner_uid = ttrss_feeds.owner_uid) = 0"); - $frows = db_affected_rows($result); - $result = db_query("DELETE FROM ttrss_cat_counters_cache + $frows = $res->rowCount(); + + $res = $pdo->query("DELETE FROM ttrss_cat_counters_cache WHERE feed_id > 0 AND (SELECT COUNT(id) FROM ttrss_feed_categories WHERE id = feed_id AND ttrss_cat_counters_cache.owner_uid = ttrss_feed_categories.owner_uid) = 0"); - $crows = db_affected_rows($result); + + $crows = $res->rowCount(); if ($debug) _debug("Removed $frows (feeds) $crows (cats) orphaned counter cache entries."); }