From 2179332acdca0b96af5d7278a12d41ea753cf775 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 3 Dec 2017 10:38:17 +0300 Subject: [PATCH] plugins/mail: use PDO --- plugins/mail/init.php | 28 +++++++++++++++++----------- 1 file changed, 17 insertions(+), 11 deletions(-) diff --git a/plugins/mail/init.php b/plugins/mail/init.php index 5fa8c8e1c..045fd7986 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -1,6 +1,7 @@ host->set($this, "addresslist", $addresslist); @@ -77,17 +78,21 @@ class Mail extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $ids = explode(",", $_REQUEST['param']); + $ids_qmarks = arr_qmarks($ids); print_hidden("op", "pluginhandler"); print_hidden("plugin", "mail"); print_hidden("method", "sendEmail"); - $result = db_query("SELECT email, full_name FROM ttrss_users WHERE + $sth = $this->pdo->prepare("SELECT email, full_name FROM ttrss_users WHERE id = " . $_SESSION["uid"]); + $sth->execute([$_SESSION['uid']]); - $user_email = htmlspecialchars(db_fetch_result($result, 0, "email")); - $user_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); + if ($row = $sth->fetch()) { + $user_email = htmlspecialchars($row['email']); + $user_name = htmlspecialchars($row['full_name']); + } if (!$user_name) $user_name = $_SESSION['name']; @@ -104,15 +109,16 @@ class Mail extends Plugin { $tpl->setVariable('USER_EMAIL', $user_email, true); $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); - $result = db_query("SELECT DISTINCT link, content, title, note + $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title, note FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND - id IN ($param) AND owner_uid = " . $_SESSION["uid"]); + id IN ($ids_qmarks) AND owner_uid = ?"); + $sth->execute(array_merge($ids, [$_SESSION['uid']])); - if (db_num_rows($result) > 1) { + if (count($ids) > 1) { $subject = __("[Forwarded]") . " " . __("Multiple articles"); } - while ($line = db_fetch_assoc($result)) { + while ($line = $sth->fetch()) { if (!$subject) $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]); @@ -199,7 +205,7 @@ class Mail extends Plugin { if (!$rc) { $reply['error'] = $mail->ErrorInfo; } else { - //save_email_address(db_escape_string($destination)); + //save_email_address($destination); $reply['message'] = "UPDATE_COUNTERS"; } @@ -207,7 +213,7 @@ class Mail extends Plugin { } /* function completeEmails() { - $search = db_escape_string($_REQUEST["search"]); + $search = $_REQUEST["search"]; print "