valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

plugins/mail: use PDO

This commit is contained in:
Andrew Dolgov 2017-12-03 10:38:17 +03:00
parent 10bf7aa1e7
commit 2179332acd
1 changed files with 17 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
plugins/mail/init.php
View File

@ -1,6 +1,7 @@
<?php <?php
class Mail extends Plugin { class Mail extends Plugin {
/* @var PluginHost $host */
private $host; private $host;
function about() { function about() {
@ -21,7 +22,7 @@ class Mail extends Plugin {
} }
function save() { function save() {
$addresslist = db_escape_string($_POST["addresslist"]); $addresslist = $_POST["addresslist"];
$this->host->set($this, "addresslist", $addresslist); $this->host->set($this, "addresslist", $addresslist);
@ -77,17 +78,21 @@ class Mail extends Plugin {
function emailArticle() { function emailArticle() {
$param = db_escape_string($_REQUEST['param']); $ids = explode(",", $_REQUEST['param']);
$ids_qmarks = arr_qmarks($ids);
print_hidden("op", "pluginhandler"); print_hidden("op", "pluginhandler");
print_hidden("plugin", "mail"); print_hidden("plugin", "mail");
print_hidden("method", "sendEmail"); print_hidden("method", "sendEmail");
$result = db_query("SELECT email, full_name FROM ttrss_users WHERE $sth = $this->pdo->prepare("SELECT email, full_name FROM ttrss_users WHERE
id = " . $_SESSION["uid"]); id = " . $_SESSION["uid"]);
$sth->execute([$_SESSION['uid']]);
$user_email = htmlspecialchars(db_fetch_result($result, 0, "email")); if ($row = $sth->fetch()) {
$user_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); $user_email = htmlspecialchars($row['email']);
$user_name = htmlspecialchars($row['full_name']);
}
if (!$user_name) $user_name = $_SESSION['name']; if (!$user_name) $user_name = $_SESSION['name'];
@ -104,15 +109,16 @@ class Mail extends Plugin {
$tpl->setVariable('USER_EMAIL', $user_email, true); $tpl->setVariable('USER_EMAIL', $user_email, true);
$tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true);
$result = db_query("SELECT DISTINCT link, content, title, note $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title, note
FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND
id IN ($param) AND owner_uid = " . $_SESSION["uid"]); id IN ($ids_qmarks) AND owner_uid = ?");
$sth->execute(array_merge($ids, [$_SESSION['uid']]));
if (db_num_rows($result) > 1) { if (count($ids) > 1) {
$subject = __("[Forwarded]") . " " . __("Multiple articles"); $subject = __("[Forwarded]") . " " . __("Multiple articles");
} }
while ($line = db_fetch_assoc($result)) { while ($line = $sth->fetch()) {
if (!$subject) if (!$subject)
$subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]); $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]);
@ -199,7 +205,7 @@ class Mail extends Plugin {
if (!$rc) { if (!$rc) {
$reply['error'] = $mail->ErrorInfo; $reply['error'] = $mail->ErrorInfo;
} else { } else {
//save_email_address(db_escape_string($destination)); //save_email_address($destination);
$reply['message'] = "UPDATE_COUNTERS"; $reply['message'] = "UPDATE_COUNTERS";
} }
@ -207,7 +213,7 @@ class Mail extends Plugin {
} }
/* function completeEmails() { /* function completeEmails() {
$search = db_escape_string($_REQUEST["search"]); $search = $_REQUEST["search"];
print "<ul>"; print "<ul>";