diff --git a/backend.php b/backend.php index cee1b6f07..9519fea43 100644 --- a/backend.php +++ b/backend.php @@ -263,6 +263,8 @@ @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); $order_by = db_escape_string($_REQUEST["order_by"]); + if (is_numeric($feed)) $feed = (int) $feed; + /* Feed -5 is a special case: it is used to display auxiliary information * when there's nothing to load - e.g. no stuff in fresh feed */ @@ -277,10 +279,10 @@ $label_feed = -11-$feed; $result = db_query($link, "SELECT id FROM ttrss_labels2 WHERE id = '$label_feed' AND owner_uid = " . $_SESSION['uid']); - } else if (!$cat_view && $feed > 0) { + } else if (!$cat_view && is_numeric($feed) && $feed > 0) { $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE id = '$feed' AND owner_uid = " . $_SESSION['uid']); - } else if ($cat_view && $feed > 0) { + } else if ($cat_view && is_numeric($feed) && $feed > 0) { $result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE id = '$feed' AND owner_uid = " . $_SESSION['uid']); } diff --git a/db.php b/db.php index 9b1ce5d84..81da431b9 100644 --- a/db.php +++ b/db.php @@ -3,14 +3,14 @@ require_once "config.php"; function db_connect($host, $user, $pass, $db) { - if (DB_TYPE == "pgsql") { - + if (DB_TYPE == "pgsql") { + $string = "dbname=$db user=$user"; - + if ($pass) { - $string .= " password=$pass"; + $string .= " password=$pass"; } - + if ($host) { $string .= " host=$host"; } @@ -30,10 +30,10 @@ function db_connect($host, $user, $pass, $db) { } else if (DB_TYPE == "mysql") { $link = mysql_connect($host, $user, $pass); if ($link) { - $result = mysql_select_db($db, $link); + $result = mysql_select_db($db, $link); if (!$result) { die("Can't select DB: " . mysql_error($link)); - } + } return $link; } else { die("Connection failed: " . mysql_error($link)); @@ -44,7 +44,7 @@ function db_connect($host, $user, $pass, $db) { function db_escape_string($s, $strip_tags = true) { if ($strip_tags) $s = strip_tags($s); - if (DB_TYPE == "pgsql") { + if (DB_TYPE == "pgsql") { return pg_escape_string($s); } else { return mysql_real_escape_string($s); @@ -57,7 +57,7 @@ function db_query($link, $query, $die_on_error = true) { if (!$result) { $query = htmlspecialchars($query); // just in case if ($die_on_error) { - die("Query $query failed [$result]: " . pg_last_error($link)); + die("Query $query failed [$result]: " . pg_last_error($link)); } } return $result; @@ -131,4 +131,8 @@ function db_last_error($link) { } } +function db_quote($str){ + return("'$str'"); +} + ?> diff --git a/functions.js b/functions.js index e8bd6af33..1a06a9bf3 100644 --- a/functions.js +++ b/functions.js @@ -1619,4 +1619,54 @@ function showFeedsWithErrors() { } +/* new support functions for SelectByTag */ +function get_all_tags(selObj){ + try { + if( !selObj ) return ""; + + var result = ""; + var len = selObj.options.length; + + for (var i=0; i < len; i++){ + if (selObj.options[i].selected) { + result += selObj[i].value + "%2C"; // is really a comma + } + } + + if (result.length > 0){ + result = result.substr(0, result.length-3); // remove trailing %2C + } + + return(result); + + } catch (e) { + exception_error("get_all_tags", e); + } +} + +function get_radio_checked(radioObj) { + try { + if (!radioObj) return ""; + + var len = radioObj.length; + + if (len == undefined){ + if(radioObj.checked){ + return(radioObj.value); + } else { + return(""); + } + } + + for( var i=0; i < len; i++ ){ + if( radioObj[i].checked ){ + return( radioObj[i].value); + } + } + + } catch (e) { + exception_error("get_radio_checked", e); + } + return(""); +} diff --git a/functions.php b/functions.php index 694f5bef9..d6f116a8d 100644 --- a/functions.php +++ b/functions.php @@ -2153,7 +2153,7 @@ } // try to remove possible duplicates from feed counter cache - ccache_cleanup($link, $_SESSION["uid"]); +// ccache_cleanup($link, $_SESSION["uid"]); } } else { @@ -3250,7 +3250,7 @@ return "Unknown label ($label_id)"; } - } else if ($id > 0) { + } else if (is_numeric($id) && $id > 0) { $result = db_query($link, "SELECT title FROM ttrss_feeds WHERE id = '$id'"); if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "title"); @@ -3427,6 +3427,7 @@ return $search_query_part; } + function queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $match_on, $override_order = false, $offset = 0, $owner_uid = 0, $filter = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -3626,7 +3627,7 @@ if ($cat_view) { $feed_title = getCategoryTitle($link, $feed); } else { - if ((int)$feed == $feed && $feed > 0) { + if (is_numeric($feed) && $feed > 0) { $result = db_query($link, "SELECT title,site_url,last_error FROM ttrss_feeds WHERE id = '$feed' AND owner_uid = $owner_uid"); @@ -3699,31 +3700,66 @@ } else { // browsing by tag - $feed_kind = "Tags"; + $select_qpart = "SELECT DISTINCT " . + "date_entered," . + "guid," . + "note," . + "ttrss_entries.id as id," . + "title," . + "updated," . + "unread," . + "feed_id," . + "orig_feed_id," . + "marked," . + "link," . + "last_read," . + SUBSTRING_FOR_DATE . "(last_read,1,19) as last_read_noms," . + $vfeed_query_part . + $content_query_part . + SUBSTRING_FOR_DATE . "(updated,1,19) as updated_noms," . + "score "; - $result = db_query($link, "SELECT DISTINCT - date_entered, - guid, - note, - ttrss_entries.id as id,title, - updated, - unread,feed_id,orig_feed_id, - marked,link,last_read, - ".SUBSTRING_FOR_DATE."(last_read,1,19) as last_read_noms, - $vfeed_query_part - $content_query_part - ".SUBSTRING_FOR_DATE."(updated,1,19) as updated_noms, - score - FROM - ttrss_entries,ttrss_user_entries,ttrss_tags - WHERE - ref_id = ttrss_entries.id AND - ttrss_user_entries.owner_uid = '$owner_uid' AND - post_int_id = int_id AND tag_name = '$feed' AND - $view_query_part - $search_query_part - $query_strategy_part ORDER BY $order_by - $limit_query_part"); + $feed_kind = "Tags"; + $all_tags = explode(",", $feed); + if ($search_mode == 'any') { + $tag_sql = "tag_name in (" . implode(", ", array_map("db_quote", $all_tags)) . ")"; + $from_qpart = " FROM ttrss_entries,ttrss_user_entries,ttrss_tags "; + $where_qpart = " WHERE " . + "ref_id = ttrss_entries.id AND " . + "ttrss_user_entries.owner_uid = $owner_uid AND " . + "post_int_id = int_id AND $tag_sql AND " . + $view_query_part . + $search_query_part . + $query_strategy_part . " ORDER BY $order_by " . + $limit_query_part; + + } else { + $i = 1; + $sub_selects = array(); + $sub_ands = array(); + foreach ($all_tags as $term) { + array_push($sub_selects, "(SELECT post_int_id from ttrss_tags WHERE tag_name = " . db_quote($term) . " AND owner_uid = $owner_uid) as A$i"); + $i++; + } + if ($i > 2) { + $x = 1; + $y = 2; + do { + array_push($sub_ands, "A$x.post_int_id = A$y.post_int_id"); + $x++; + $y++; + } while ($y < $i); + } + array_push($sub_ands, "A1.post_int_id = ttrss_user_entries.int_id and ttrss_user_entries.owner_uid = $owner_uid"); + array_push($sub_ands, "ttrss_user_entries.ref_id = ttrss_entries.id"); + $from_qpart = " FROM " . implode(", ", $sub_selects) . ", ttrss_user_entries, ttrss_entries"; + $where_qpart = " WHERE " . implode(" AND ", $sub_ands); + } + // error_log("TAG SQL: " . $tag_sql); + // $tag_sql = "tag_name = '$feed'"; DEFAULT way + + // error_log("[". $select_qpart . "][" . $from_qpart . "][" .$where_qpart . "]"); + $result = db_query($link, $select_qpart . $from_qpart . $where_qpart); } return array($result, $feed_title, $feed_site_url, $last_error); @@ -4976,7 +5012,7 @@ catchupArticlesById($link, $ids, $cmode); } */ - if ($subop == "ForceUpdate" && sprintf("%d", $feed) > 0) { + if ($subop == "ForceUpdate" && $feed && is_numeric($feed) > 0) { update_rss_feed($link, $feed, true); } @@ -4996,7 +5032,7 @@ // FIXME: might break tag display? - if ($feed > 0 && !$cat_view) { + if (is_numeric($feed) && $feed > 0 && !$cat_view) { $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1"); @@ -5041,6 +5077,11 @@ if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info); +// error_log("format_headlines_list: [" . $feed . "] subop [" . $subop . "]"); + if( $search_mode == '' && $subop != '' ){ + $search_mode = $subop; + } +// error_log("search_mode: " . $search_mode); $qfh_ret = queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $match_on, $override_order, $offset); diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php index 6cb60eef4..4d2408d15 100644 --- a/modules/popup-dialog.php +++ b/modules/popup-dialog.php @@ -737,8 +737,38 @@ print ""; print "]]>"; + } - //return; + if ($id == 'printTagSelect') { + print "