valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix blank character after opening bracket in function calls

This commit is contained in:
Andrew Dolgov 2013-04-17 18:34:18 +04:00
parent 72ff013729
commit a42c55f02b
56 changed files with 1399 additions and 1399 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

172
classes/api.php
View File

@ -18,7 +18,7 @@ class API extends Handler {
return false;
}
if ($_SESSION["uid"] && $method != "logout" && !get_pref( 'ENABLE_API_ACCESS')) {
if ($_SESSION["uid"] && $method != "logout" && !get_pref('ENABLE_API_ACCESS')) {
print $this->wrap(self::STATUS_ERR, array("error" => 'API_DISABLED'));
return false;
}
@ -50,13 +50,13 @@ class API extends Handler {
@session_destroy();
@session_start();
$login = db_escape_string( $_REQUEST["user"]);
$login = db_escape_string($_REQUEST["user"]);
$password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) $login = "admin";
$result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login'");
$result = db_query("SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) != 0) {
$uid = db_fetch_result($result, 0, "id");
@ -69,11 +69,11 @@ class API extends Handler {
return;
}
if (get_pref( "ENABLE_API_ACCESS", $uid)) {
if (authenticate_user( $login, $password)) { // try login with normal password
if (get_pref("ENABLE_API_ACCESS", $uid)) {
if (authenticate_user($login, $password)) { // try login with normal password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else if (authenticate_user( $login, $password_base64)) { // else try with base64_decoded password
} else if (authenticate_user($login, $password_base64)) { // else try with base64_decoded password
print $this->wrap(self::STATUS_OK, array("session_id" => session_id(),
"api_level" => self::API_LEVEL));
} else { // else we are not logged in
@ -95,11 +95,11 @@ class API extends Handler {
}
function getUnread() {
$feed_id = db_escape_string( $_REQUEST["feed_id"]);
$is_cat = db_escape_string( $_REQUEST["is_cat"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$is_cat = db_escape_string($_REQUEST["is_cat"]);
if ($feed_id) {
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread( $feed_id, $is_cat)));
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
} else {
print $this->wrap(self::STATUS_OK, array("unread" => getGlobalUnread()));
}
@ -111,13 +111,13 @@ class API extends Handler {
}
function getFeeds() {
$cat_id = db_escape_string( $_REQUEST["cat_id"]);
$cat_id = db_escape_string($_REQUEST["cat_id"]);
$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
$limit = (int) db_escape_string( $_REQUEST["limit"]);
$offset = (int) db_escape_string( $_REQUEST["offset"]);
$limit = (int) db_escape_string($_REQUEST["limit"]);
$offset = (int) db_escape_string($_REQUEST["offset"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$feeds = $this->api_get_feeds( $cat_id, $unread_only, $limit, $offset, $include_nested);
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
print $this->wrap(self::STATUS_OK, $feeds);
}
@ -134,7 +134,7 @@ class API extends Handler {
else
$nested_qpart = "true";
$result = db_query( "SELECT
$result = db_query("SELECT
id, title, order_id, (SELECT COUNT(id) FROM
ttrss_feeds WHERE
ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds,
@ -149,10 +149,10 @@ class API extends Handler {
while ($line = db_fetch_assoc($result)) {
if ($include_empty || $line["num_feeds"] > 0 || $line["num_cats"] > 0) {
$unread = getFeedUnread( $line["id"], true);
$unread = getFeedUnread($line["id"], true);
if ($enable_nested)
$unread += getCategoryChildrenUnread( $line["id"]);
$unread += getCategoryChildrenUnread($line["id"]);
if ($unread || !$unread_only) {
array_push($cats, array("id" => $line["id"],
@ -166,11 +166,11 @@ class API extends Handler {
foreach (array(-2,-1,0) as $cat_id) {
if ($include_empty || !$this->isCategoryEmpty($cat_id)) {
$unread = getFeedUnread( $cat_id, true);
$unread = getFeedUnread($cat_id, true);
if ($unread || !$unread_only) {
array_push($cats, array("id" => $cat_id,
"title" => getCategoryTitle( $cat_id),
"title" => getCategoryTitle($cat_id),
"unread" => $unread));
}
}
@ -180,22 +180,22 @@ class API extends Handler {
}
function getHeadlines() {
$feed_id = db_escape_string( $_REQUEST["feed_id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
if ($feed_id != "") {
$limit = (int)db_escape_string( $_REQUEST["limit"]);
$limit = (int)db_escape_string($_REQUEST["limit"]);
if (!$limit || $limit >= 60) $limit = 60;
$offset = (int)db_escape_string( $_REQUEST["skip"]);
$filter = db_escape_string( $_REQUEST["filter"]);
$offset = (int)db_escape_string($_REQUEST["skip"]);
$filter = db_escape_string($_REQUEST["filter"]);
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
/* all_articles, unread, adaptive, marked, updated */
$view_mode = db_escape_string( $_REQUEST["view_mode"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string( $_REQUEST["since_id"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$sanitize_content = true;
@ -211,10 +211,10 @@ class API extends Handler {
/* do not rely on params below */
$search = db_escape_string( $_REQUEST["search"]);
$search_mode = db_escape_string( $_REQUEST["search_mode"]);
$search = db_escape_string($_REQUEST["search"]);
$search_mode = db_escape_string($_REQUEST["search_mode"]);
$headlines = $this->api_get_headlines( $feed_id, $limit, $offset,
$headlines = $this->api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
$include_attachments, $since_id, $search, $search_mode,
$include_nested, $sanitize_content);
@ -226,10 +226,10 @@ class API extends Handler {
}
function updateArticle() {
$article_ids = array_filter(explode(",", db_escape_string( $_REQUEST["article_ids"])), is_numeric);
$mode = (int) db_escape_string( $_REQUEST["mode"]);
$data = db_escape_string( $_REQUEST["data"]);
$field_raw = (int)db_escape_string( $_REQUEST["field"]);
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
$mode = (int) db_escape_string($_REQUEST["mode"]);
$data = db_escape_string($_REQUEST["data"]);
$field_raw = (int)db_escape_string($_REQUEST["field"]);
$field = "";
$set_to = "";
@ -269,16 +269,16 @@ class API extends Handler {
$article_ids = join(", ", $article_ids);
$result = db_query( "UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
$result = db_query("UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
$num_updated = db_affected_rows( $result);
$num_updated = db_affected_rows($result);
if ($num_updated > 0 && $field == "unread") {
$result = db_query( "SELECT DISTINCT feed_id FROM ttrss_user_entries
$result = db_query("SELECT DISTINCT feed_id FROM ttrss_user_entries
WHERE ref_id IN ($article_ids)");
while ($line = db_fetch_assoc($result)) {
ccache_update( $line["feed_id"], $_SESSION["uid"]);
ccache_update($line["feed_id"], $_SESSION["uid"]);
}
}
@ -286,7 +286,7 @@ class API extends Handler {
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key( -2, false);
get_feed_access_key(-2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
$pubsub_result = $p->publish_update($rss_link);
@ -304,7 +304,7 @@ class API extends Handler {
function getArticle() {
$article_id = join(",", array_filter(explode(",", db_escape_string( $_REQUEST["article_id"])), is_numeric));
$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
$query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
marked,unread,published,score,
@ -314,7 +314,7 @@ class API extends Handler {
WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " .
$_SESSION["uid"] ;
$result = db_query( $query);
$result = db_query($query);
$articles = array();
@ -322,13 +322,13 @@ class API extends Handler {
while ($line = db_fetch_assoc($result)) {
$attachments = get_article_enclosures( $line['id']);
$attachments = get_article_enclosures($line['id']);
$article = array(
"id" => $line["id"],
"title" => $line["title"],
"link" => $line["link"],
"labels" => get_article_labels( $line['id']),
"labels" => get_article_labels($line['id']),
"unread" => sql_bool_to_bool($line["unread"]),
"marked" => sql_bool_to_bool($line["marked"]),
"published" => sql_bool_to_bool($line["published"]),
@ -363,7 +363,7 @@ class API extends Handler {
$config["daemon_is_running"] = file_is_locked("update_daemon.lock");
$result = db_query( "SELECT COUNT(*) AS cf FROM
$result = db_query("SELECT COUNT(*) AS cf FROM
ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
$num_feeds = db_fetch_result($result, 0, "cf");
@ -376,41 +376,41 @@ class API extends Handler {
function updateFeed() {
require_once "include/rssfuncs.php";
$feed_id = (int) db_escape_string( $_REQUEST["feed_id"]);
$feed_id = (int) db_escape_string($_REQUEST["feed_id"]);
update_rss_feed( $feed_id, true);
update_rss_feed($feed_id, true);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
}
function catchupFeed() {
$feed_id = db_escape_string( $_REQUEST["feed_id"]);
$is_cat = db_escape_string( $_REQUEST["is_cat"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$is_cat = db_escape_string($_REQUEST["is_cat"]);
catchup_feed( $feed_id, $is_cat);
catchup_feed($feed_id, $is_cat);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
}
function getPref() {
$pref_name = db_escape_string( $_REQUEST["pref_name"]);
$pref_name = db_escape_string($_REQUEST["pref_name"]);
print $this->wrap(self::STATUS_OK, array("value" => get_pref( $pref_name)));
print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
}
function getLabels() {
//$article_ids = array_filter(explode(",", db_escape_string( $_REQUEST["article_ids"])), is_numeric);
//$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
$article_id = (int)$_REQUEST['article_id'];
$rv = array();
$result = db_query( "SELECT id, caption, fg_color, bg_color
$result = db_query("SELECT id, caption, fg_color, bg_color
FROM ttrss_labels2
WHERE owner_uid = '".$_SESSION['uid']."' ORDER BY caption");
if ($article_id)
$article_labels = get_article_labels( $article_id);
$article_labels = get_article_labels($article_id);
else
$article_labels = array();
@ -437,11 +437,11 @@ class API extends Handler {
function setArticleLabel() {
$article_ids = array_filter(explode(",", db_escape_string( $_REQUEST["article_ids"])), is_numeric);
$label_id = (int) db_escape_string( $_REQUEST['label_id']);
$assign = (bool) db_escape_string( $_REQUEST['assign']) == "true";
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
$label_id = (int) db_escape_string($_REQUEST['label_id']);
$assign = (bool) db_escape_string($_REQUEST['assign']) == "true";
$label = db_escape_string( label_find_caption(
$label = db_escape_string(label_find_caption(
$label_id, $_SESSION["uid"]));
$num_updated = 0;
@ -451,9 +451,9 @@ class API extends Handler {
foreach ($article_ids as $id) {
if ($assign)
label_add_article( $id, $label, $_SESSION["uid"]);
label_add_article($id, $label, $_SESSION["uid"]);
else
label_remove_article( $id, $label, $_SESSION["uid"]);
label_remove_article($id, $label, $_SESSION["uid"]);
++$num_updated;
@ -481,25 +481,25 @@ class API extends Handler {
}
function shareToPublished() {
$title = db_escape_string( strip_tags($_REQUEST["title"]));
$url = db_escape_string( strip_tags($_REQUEST["url"]));
$content = db_escape_string( strip_tags($_REQUEST["content"]));
$title = db_escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"]));
if (Article::create_published_article( $title, $url, $content, "", $_SESSION["uid"])) {
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => 'Publishing failed'));
}
}
static function api_get_feeds( $cat_id, $unread_only, $limit, $offset, $include_nested = false) {
static function api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested = false) {
$feeds = array();
/* Labels */
if ($cat_id == -4 || $cat_id == -2) {
$counters = getLabelCounters( true);
$counters = getLabelCounters(true);
foreach (array_values($counters) as $cv) {
@ -523,10 +523,10 @@ class API extends Handler {
if ($cat_id == -4 || $cat_id == -1) {
foreach (array(-1, -2, -3, -4, -6, 0) as $i) {
$unread = getFeedUnread( $i);
$unread = getFeedUnread($i);
if ($unread || !$unread_only) {
$title = getFeedTitle( $i);
$title = getFeedTitle($i);
$row = array(
"id" => $i,
@ -543,14 +543,14 @@ class API extends Handler {
/* Child cats */
if ($include_nested && $cat_id) {
$result = db_query( "SELECT
$result = db_query("SELECT
id, title FROM ttrss_feed_categories
WHERE parent_cat = '$cat_id' AND owner_uid = " . $_SESSION["uid"] .
" ORDER BY id, title");
while ($line = db_fetch_assoc($result)) {
$unread = getFeedUnread( $line["id"], true) +
getCategoryChildrenUnread( $line["id"]);
$unread = getFeedUnread($line["id"], true) +
getCategoryChildrenUnread($line["id"]);
if ($unread || !$unread_only) {
$row = array(
@ -573,7 +573,7 @@ class API extends Handler {
}
if ($cat_id == -4 || $cat_id == -3) {
$result = db_query( "SELECT
$result = db_query("SELECT
id, feed_url, cat_id, title, order_id, ".
SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"] .
@ -585,7 +585,7 @@ class API extends Handler {
else
$cat_qpart = "cat_id IS NULL";
$result = db_query( "SELECT
$result = db_query("SELECT
id, feed_url, cat_id, title, order_id, ".
SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds WHERE
@ -595,7 +595,7 @@ class API extends Handler {
while ($line = db_fetch_assoc($result)) {
$unread = getFeedUnread( $line["id"]);
$unread = getFeedUnread($line["id"]);
$has_icon = feed_has_icon($line['id']);
@ -619,13 +619,13 @@ class API extends Handler {
return $feeds;
}
static function api_get_headlines( $feed_id, $limit, $offset,
static function api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order,
$include_attachments, $since_id,
$search = "", $search_mode = "",
$include_nested = false, $sanitize_content = true) {
$qfh_ret = queryFeedHeadlines( $feed_id, $limit,
$qfh_ret = queryFeedHeadlines($feed_id, $limit,
$view_mode, $is_cat, $search, $search_mode,
$order, $offset, 0, false, $since_id, $include_nested);
@ -641,8 +641,8 @@ class API extends Handler {
$tags = explode(",", $line["tag_cache"]);
$labels = json_decode($line["label_cache"], true);
//if (!$tags) $tags = get_article_tags( $line["id"]);
//if (!$labels) $labels = get_article_labels( $line["id"]);
//if (!$tags) $tags = get_article_tags($line["id"]);
//if (!$labels) $labels = get_article_labels($line["id"]);
$headline_row = array(
"id" => (int)$line["id"],
@ -709,13 +709,13 @@ class API extends Handler {
}
function unsubscribeFeed() {
$feed_id = (int) db_escape_string( $_REQUEST["feed_id"]);
$feed_id = (int) db_escape_string($_REQUEST["feed_id"]);
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) != 0) {
Pref_Feeds::remove_feed( $feed_id, $_SESSION["uid"]);
Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]);
print $this->wrap(self::STATUS_OK, array("status" => "OK"));
} else {
print $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND"));
@ -723,13 +723,13 @@ class API extends Handler {
}
function subscribeToFeed() {
$feed_url = db_escape_string( $_REQUEST["feed_url"]);
$category_id = (int) db_escape_string( $_REQUEST["category_id"]);
$login = db_escape_string( $_REQUEST["login"]);
$password = db_escape_string( $_REQUEST["password"]);
$feed_url = db_escape_string($_REQUEST["feed_url"]);
$category_id = (int) db_escape_string($_REQUEST["category_id"]);
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if ($feed_url) {
$rc = subscribe_to_feed( $feed_url, $category_id,
$rc = subscribe_to_feed($feed_url, $category_id,
$login, $password, false);
print $this->wrap(self::STATUS_OK, array("status" => $rc));
@ -741,7 +741,7 @@ class API extends Handler {
function getFeedTree() {
$include_empty = sql_bool_to_bool($_REQUEST['include_empty']);
$pf = new Pref_Feeds( $_REQUEST);
$pf = new Pref_Feeds($_REQUEST);
$_REQUEST['mode'] = 2;
$_REQUEST['force_show_empty'] = $include_empty;
@ -760,13 +760,13 @@ class API extends Handler {
private function isCategoryEmpty($id) {
if ($id == -2) {
$result = db_query( "SELECT COUNT(*) AS count FROM ttrss_labels2
$result = db_query("SELECT COUNT(*) AS count FROM ttrss_labels2
WHERE owner_uid = " . $_SESSION["uid"]);
return db_fetch_result($result, 0, "count") == 0;
} else if ($id == 0) {
$result = db_query( "SELECT COUNT(*) AS count FROM ttrss_feeds
$result = db_query("SELECT COUNT(*) AS count FROM ttrss_feeds
WHERE cat_id IS NULL AND owner_uid = " . $_SESSION["uid"]);
return db_fetch_result($result, 0, "count") == 0;

104
classes/article.php
View File

@ -8,9 +8,9 @@ class Article extends Handler_Protected {
}
function redirect() {
$id = db_escape_string( $_REQUEST['id']);
$id = db_escape_string($_REQUEST['id']);
$result = db_query( "SELECT link FROM ttrss_entries, ttrss_user_entries
$result = db_query("SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
LIMIT 1");
@ -27,10 +27,10 @@ class Article extends Handler_Protected {
}
function view() {
$id = db_escape_string( $_REQUEST["id"]);
$cids = explode(",", db_escape_string( $_REQUEST["cids"]));
$mode = db_escape_string( $_REQUEST["mode"]);
$omode = db_escape_string( $_REQUEST["omode"]);
$id = db_escape_string($_REQUEST["id"]);
$cids = explode(",", db_escape_string($_REQUEST["cids"]));
$mode = db_escape_string($_REQUEST["mode"]);
$omode = db_escape_string($_REQUEST["omode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
@ -38,26 +38,26 @@ class Article extends Handler_Protected {
$articles = array();
if ($mode == "") {
array_push($articles, format_article( $id, false));
array_push($articles, format_article($id, false));
} else if ($mode == "zoom") {
array_push($articles, format_article( $id, true, true));
array_push($articles, format_article($id, true, true));
} else if ($mode == "raw") {
if ($_REQUEST['html']) {
header("Content-Type: text/html");
print '<link rel="stylesheet" type="text/css" href="tt-rss.css"/>';
}
$article = format_article( $id, false);
$article = format_article($id, false);
print $article['content'];
return;
}
$this->catchupArticleById( $id, 0);
$this->catchupArticleById($id, 0);
if (!$_SESSION["bw_limit"]) {
foreach ($cids as $cid) {
if ($cid) {
array_push($articles, format_article( $cid, false, false));
array_push($articles, format_article($cid, false, false));
}
}
}
@ -65,27 +65,27 @@ class Article extends Handler_Protected {
print json_encode($articles);
}
private function catchupArticleById( $id, $cmode) {
private function catchupArticleById($id, $cmode) {
if ($cmode == 0) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
unread = false,last_read = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
unread = true
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
unread = NOT unread,last_read = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
}
$feed_id = getArticleFeed( $id);
ccache_update( $feed_id, $_SESSION["uid"]);
$feed_id = getArticleFeed($id);
ccache_update($feed_id, $_SESSION["uid"]);
}
static function create_published_article( $title, $url, $content, $labels_str,
static function create_published_article($title, $url, $content, $labels_str,
$owner_uid) {
$guid = 'SHA1:' . sha1("ttshared:" . $url . $owner_uid); // include owner_uid to prevent global GUID clash
@ -104,30 +104,30 @@ class Article extends Handler_Protected {
if (filter_var($url, FILTER_VALIDATE_URL) === FALSE) return false;
db_query( "BEGIN");
db_query("BEGIN");
// only check for our user data here, others might have shared this with different content etc
$result = db_query( "SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
$result = db_query("SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
link = '$url' AND ref_id = id AND owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) != 0) {
$ref_id = db_fetch_result($result, 0, "id");
$result = db_query( "SELECT int_id FROM ttrss_user_entries WHERE
$result = db_query("SELECT int_id FROM ttrss_user_entries WHERE
ref_id = '$ref_id' AND owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) != 0) {
$int_id = db_fetch_result($result, 0, "int_id");
db_query( "UPDATE ttrss_entries SET
db_query("UPDATE ttrss_entries SET
content = '$content', content_hash = '$content_hash' WHERE id = '$ref_id'");
db_query( "UPDATE ttrss_user_entries SET published = true,
db_query("UPDATE ttrss_user_entries SET published = true,
last_published = NOW() WHERE
int_id = '$int_id' AND owner_uid = '$owner_uid'");
} else {
db_query( "INSERT INTO ttrss_user_entries
db_query("INSERT INTO ttrss_user_entries
(ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
last_read, note, unread, last_published)
VALUES
@ -136,24 +136,24 @@ class Article extends Handler_Protected {
if (count($labels) != 0) {
foreach ($labels as $label) {
label_add_article( $ref_id, trim($label), $owner_uid);
label_add_article($ref_id, trim($label), $owner_uid);
}
}
$rc = true;
} else {
$result = db_query( "INSERT INTO ttrss_entries
$result = db_query("INSERT INTO ttrss_entries
(title, guid, link, updated, content, content_hash, date_entered, date_updated)
VALUES
('$title', '$guid', '$url', NOW(), '$content', '$content_hash', NOW(), NOW())");
$result = db_query( "SELECT id FROM ttrss_entries WHERE guid = '$guid'");
$result = db_query("SELECT id FROM ttrss_entries WHERE guid = '$guid'");
if (db_num_rows($result) != 0) {
$ref_id = db_fetch_result($result, 0, "id");
db_query( "INSERT INTO ttrss_user_entries
db_query("INSERT INTO ttrss_user_entries
(ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache,
last_read, note, unread, last_published)
VALUES
@ -161,7 +161,7 @@ class Article extends Handler_Protected {
if (count($labels) != 0) {
foreach ($labels as $label) {
label_add_article( $ref_id, trim($label), $owner_uid);
label_add_article($ref_id, trim($label), $owner_uid);
}
}
@ -169,7 +169,7 @@ class Article extends Handler_Protected {
}
}
db_query( "COMMIT");
db_query("COMMIT");
return $rc;
}
@ -178,9 +178,9 @@ class Article extends Handler_Protected {
print __("Tags for this article (separated by commas):")."<br>";
$param = db_escape_string( $_REQUEST['param']);
$param = db_escape_string($_REQUEST['param']);
$tags = get_article_tags( db_escape_string( $param));
$tags = get_article_tags(db_escape_string($param));
$tags_str = join(", ", $tags);
@ -209,10 +209,10 @@ class Article extends Handler_Protected {
}
function setScore() {
$ids = db_escape_string( $_REQUEST['id']);
$score = (int)db_escape_string( $_REQUEST['score']);
$ids = db_escape_string($_REQUEST['id']);
$score = (int)db_escape_string($_REQUEST['score']);
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("id" => $id,
@ -222,14 +222,14 @@ class Article extends Handler_Protected {
function setArticleTags() {
$id = db_escape_string( $_REQUEST["id"]);
$id = db_escape_string($_REQUEST["id"]);
$tags_str = db_escape_string( $_REQUEST["tags_str"]);
$tags_str = db_escape_string($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT int_id FROM ttrss_user_entries WHERE
$result = db_query("SELECT int_id FROM ttrss_user_entries WHERE
ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
if (db_num_rows($result) == 1) {
@ -238,7 +238,7 @@ class Article extends Handler_Protected {
$int_id = db_fetch_result($result, 0, "int_id");
db_query( "DELETE FROM ttrss_tags WHERE
db_query("DELETE FROM ttrss_tags WHERE
post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
foreach ($tags as $tag) {
@ -255,7 +255,7 @@ class Article extends Handler_Protected {
// print "<!-- $id : $int_id : $tag -->";
if ($tag != '') {
db_query( "INSERT INTO ttrss_tags
db_query("INSERT INTO ttrss_tags
(post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
}
@ -267,14 +267,14 @@ class Article extends Handler_Protected {
sort($tags_to_cache);
$tags_str = join(",", $tags_to_cache);
db_query( "UPDATE ttrss_user_entries
db_query("UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
db_query( "COMMIT");
db_query("COMMIT");
$tags = get_article_tags( $id);
$tags = get_article_tags($id);
$tags_str = format_tags_string($tags, $id);
$tags_str_full = join(", ", $tags);
@ -286,9 +286,9 @@ class Article extends Handler_Protected {
function completeTags() {
$search = db_escape_string( $_REQUEST["search"]);
$search = db_escape_string($_REQUEST["search"]);
$result = db_query( "SELECT DISTINCT tag_name FROM ttrss_tags
$result = db_query("SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = '".$_SESSION["uid"]."' AND
tag_name LIKE '$search%' ORDER BY tag_name
LIMIT 10");
@ -311,10 +311,10 @@ class Article extends Handler_Protected {
private function labelops($assign) {
$reply = array();
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$label_id = db_escape_string( $_REQUEST["lid"]);
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = db_escape_string( label_find_caption( $label_id,
$label = db_escape_string(label_find_caption($label_id,
$_SESSION["uid"]));
$reply["info-for-headlines"] = array();
@ -324,11 +324,11 @@ class Article extends Handler_Protected {
foreach ($ids as $id) {
if ($assign)
label_add_article( $id, $label, $_SESSION["uid"]);
label_add_article($id, $label, $_SESSION["uid"]);
else
label_remove_article( $id, $label, $_SESSION["uid"]);
label_remove_article($id, $label, $_SESSION["uid"]);
$labels = get_article_labels( $id, $_SESSION["uid"]);
$labels = get_article_labels($id, $_SESSION["uid"]);
array_push($reply["info-for-headlines"],
array("id" => $id, "labels" => format_article_labels($labels, $id)));

8
classes/auth/base.php
View File

@ -15,7 +15,7 @@ class Auth_Base {
$user_id = $this->find_user_by_login($login);
if (!$user_id) {
$login = db_escape_string( $login);
$login = db_escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
@ -23,7 +23,7 @@ class Auth_Base {
(login,access_level,last_login,created,pwd_hash,salt)
VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
db_query( $query);
db_query($query);
return $this->find_user_by_login($login);
@ -36,9 +36,9 @@ class Auth_Base {
}
function find_user_by_login($login) {
$login = db_escape_string( $login);
$login = db_escape_string($login);
$result = db_query( "SELECT id FROM ttrss_users WHERE
$result = db_query("SELECT id FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) > 0) {

2
classes/backend.php
View File

@ -11,7 +11,7 @@ class Backend extends Handler {
require_once "digest.php";
$rv = prepare_headlines_digest( $_SESSION['uid'], 1, 1000);
$rv = prepare_headlines_digest($_SESSION['uid'], 1, 1000);
$rv[3] = "<pre>" . $rv[3] . "</pre>";

4
classes/db/pgsql.php
View File

@ -31,11 +31,11 @@ class Db_Pgsql implements IDb {
function escape_string($s, $strip_tags = true) {
if ($strip_tags) $s = strip_tags($s);
return pg_escape_string( $s);
return pg_escape_string($s);
}
function query($query, $die_on_error = true) {
$result = pg_query( $query);
$result = pg_query($query);
if (!$result) {
$query = htmlspecialchars($query); // just in case

10
classes/dbupdater.php
View File

@ -12,7 +12,7 @@ class DbUpdater {
}
function getSchemaVersion() {
$result = db_query( "SELECT schema_version FROM ttrss_version");
$result = db_query("SELECT schema_version FROM ttrss_version");
return (int) db_fetch_result($result, 0, "schema_version");
}
@ -37,21 +37,21 @@ class DbUpdater {
if (is_array($lines)) {
db_query( "BEGIN");
db_query("BEGIN");
foreach ($lines as $line) {
if (strpos($line, "--") !== 0 && $line) {
db_query( $line);
db_query($line);
}
}
$db_version = $this->getSchemaVersion();
if ($db_version == $version) {
db_query( "COMMIT");
db_query("COMMIT");
return true;
} else {
db_query( "ROLLBACK");
db_query("ROLLBACK");
return false;
}
} else {

18
classes/dlg.php
View File

@ -6,7 +6,7 @@ class Dlg extends Handler_Protected {
if (parent::before($method)) {
header("Content-Type: text/html"); # required for iframe
$this->param = db_escape_string( $_REQUEST["param"]);
$this->param = db_escape_string($_REQUEST["param"]);
return true;
}
return false;
@ -18,15 +18,15 @@ class Dlg extends Handler_Protected {
print "<div class=\"prefFeedOPMLHolder\">";
$owner_uid = $_SESSION["uid"];
db_query( "BEGIN");
db_query("BEGIN");
print "<ul class='nomarks'>";
$opml = new Opml( $_REQUEST);
$opml = new Opml($_REQUEST);
$opml->opml_import($_SESSION["uid"]);
db_query( "COMMIT");
db_query("COMMIT");
print "</ul>";
print "</div>";
@ -106,7 +106,7 @@ class Dlg extends Handler_Protected {
FROM ttrss_tags WHERE owner_uid = ".$_SESSION["uid"]."
GROUP BY tag_name ORDER BY count DESC LIMIT 50";
$result = db_query( $query);
$result = db_query($query);
$tags = array();
@ -114,7 +114,7 @@ class Dlg extends Handler_Protected {
$tags[$line["tag_name"]] = $line["count"];
}
if( count($tags) == 0 ){ return; }
if(count($tags) == 0 ){ return; }
ksort($tags);
@ -171,7 +171,7 @@ class Dlg extends Handler_Protected {
print "<label for=\"tag_mode_all\">".__("All tags.")."</input>";
print "<select id=\"all_tags\" name=\"all_tags\" title=\"" . __('Which Tags?') . "\" multiple=\"multiple\" size=\"10\" style=\"width : 100%\">";
$result = db_query( "SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']."
$result = db_query("SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']."
AND LENGTH(tag_name) <= 30 ORDER BY tag_name ASC");
while ($row = db_fetch_assoc($result)) {
@ -195,10 +195,10 @@ class Dlg extends Handler_Protected {
function generatedFeed() {
$this->params = explode(":", $this->param, 3);
$feed_id = db_escape_string( $this->params[0]);
$feed_id = db_escape_string($this->params[0]);
$is_cat = (bool) $this->params[1];
$key = get_feed_access_key( $feed_id, $is_cat);
$key = get_feed_access_key($feed_id, $is_cat);
$url_path = htmlspecialchars($this->params[2]) . "&key=" . $key;

124
classes/feeds.php
View File

@ -174,16 +174,16 @@ class Feeds extends Handler_Protected {
if (!$cache_images && time() - $last_updated > 120 || isset($_REQUEST['DevForceUpdate'])) {
include "rssfuncs.php";
update_rss_feed( $feed, true, true);
update_rss_feed($feed, true, true);
} else {
db_query( "UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
db_query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
WHERE id = '$feed'");
}
}
}
if ($method_split[0] == "MarkAllReadGR") {
catchup_feed( $method_split[1], false);
catchup_feed($method_split[1], false);
}
// FIXME: might break tag display?
@ -197,18 +197,18 @@ class Feeds extends Handler_Protected {
}
}
@$search = db_escape_string( $_REQUEST["query"]);
@$search = db_escape_string($_REQUEST["query"]);
if ($search) {
$disable_cache = true;
}
@$search_mode = db_escape_string( $_REQUEST["search_mode"]);
@$search_mode = db_escape_string($_REQUEST["search_mode"]);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
// error_log("format_headlines_list: [" . $feed . "] method [" . $method . "]");
if( $search_mode == '' && $method != '' ){
if($search_mode == '' && $method != '' ){
$search_mode = $method;
}
// error_log("search_mode: " . $search_mode);
@ -240,7 +240,7 @@ class Feeds extends Handler_Protected {
}
} else {
$qfh_ret = queryFeedHeadlines( $feed, $limit, $view_mode, $cat_view,
$qfh_ret = queryFeedHeadlines($feed, $limit, $view_mode, $cat_view,
$search, $search_mode, $override_order, $offset, 0,
false, 0, $include_children);
}
@ -261,7 +261,7 @@ class Feeds extends Handler_Protected {
$headlines_count = db_num_rows($result);
/* if (get_pref( 'COMBINED_DISPLAY_MODE')) {
/* if (get_pref('COMBINED_DISPLAY_MODE')) {
$button_plugins = array();
foreach (explode(",", ARTICLE_BUTTON_PLUGINS) as $p) {
$pclass = "button_" . trim($p);
@ -282,11 +282,11 @@ class Feeds extends Handler_Protected {
$num_unread = 0;
$cur_feed_title = '';
$fresh_intl = get_pref( "FRESH_ARTICLE_MAX_AGE") * 60 * 60;
$fresh_intl = get_pref("FRESH_ARTICLE_MAX_AGE") * 60 * 60;
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info);
$expand_cdm = get_pref( 'CDM_EXPANDED');
$expand_cdm = get_pref('CDM_EXPANDED');
while ($line = db_fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
@ -307,7 +307,7 @@ class Feeds extends Handler_Protected {
}
}
if (!is_array($labels)) $labels = get_article_labels( $id);
if (!is_array($labels)) $labels = get_article_labels($id);
$labels_str = "<span id=\"HLLCTR-$id\">";
$labels_str .= format_article_labels($labels, $id);
@ -357,11 +357,11 @@ class Feeds extends Handler_Protected {
# $content_link = "<a href=\"javascript:viewContentUrl('".$line["link"]."');\">" .
# $line["title"] . "</a>";
$updated_fmt = make_local_datetime( $line["updated"], false);
$updated_fmt = make_local_datetime($line["updated"], false);
$date_entered_fmt = T_sprintf("Imported at %s",
make_local_datetime( $line["date_entered"], false));
make_local_datetime($line["date_entered"], false));
if (get_pref( 'SHOW_CONTENT_PREVIEW')) {
if (get_pref('SHOW_CONTENT_PREVIEW')) {
$content_preview = truncate_string(strip_tags($line["content_preview"]),
100);
}
@ -423,15 +423,15 @@ class Feeds extends Handler_Protected {
/* $row_background = "background-image : -moz-linear-gradient(left, rgba(255, 255, 255, 0) 50%, rgba($rgba, 0.2) 100%);".
"background-image : linear-gradient(to right, rgba(255, 255, 255, 0) 50%, rgba($rgba, 0.2) 100%);";
"background-image : -webkit-gradient(linear, left top, right top, color-stop( 50%, rgba(255,255,255,0)),
"background-image : -webkit-gradient(linear, left top, right top, color-stop(50%, rgba(255,255,255,0)),
color-stop(100%, rgba($rgba, 0.2)));"; */
} else {
$row_background = "";
}
if (!get_pref( 'COMBINED_DISPLAY_MODE')) {
if (!get_pref('COMBINED_DISPLAY_MODE')) {
if (get_pref( 'VFEED_GROUP_BY_FEED')) {
if (get_pref('VFEED_GROUP_BY_FEED')) {
if ($feed_id != $vgroup_last_feed && $line["feed_title"]) {
$cur_feed_title = $line["feed_title"];
@ -472,7 +472,7 @@ class Feeds extends Handler_Protected {
onclick=\"\">" .
truncate_string($line["title"], 200);
if (get_pref( 'SHOW_CONTENT_PREVIEW')) {
if (get_pref('SHOW_CONTENT_PREVIEW')) {
if ($content_preview) {
$reply['content'] .= "<span class=\"contentPreview\"> - $content_preview</span>";
}
@ -486,7 +486,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<span class=\"hlUpdated\">";
if (!get_pref( 'VFEED_GROUP_BY_FEED')) {
if (!get_pref('VFEED_GROUP_BY_FEED')) {
if (@$line["feed_title"]) {
$reply['content'] .= "<div class=\"hlFeed\">
<a href=\"#\" onclick=\"viewfeed($feed_id)\">".
@ -502,7 +502,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= $score_pic;
if ($line["feed_title"] && !get_pref( 'VFEED_GROUP_BY_FEED')) {
if ($line["feed_title"] && !get_pref('VFEED_GROUP_BY_FEED')) {
$reply['content'] .= "<span onclick=\"viewfeed($feed_id)\"
style=\"cursor : pointer\"
@ -515,17 +515,17 @@ class Feeds extends Handler_Protected {
} else {
$line["tags"] = get_article_tags( $id, $_SESSION["uid"], $line["tag_cache"]);
$line["tags"] = get_article_tags($id, $_SESSION["uid"], $line["tag_cache"]);
unset($line["tag_cache"]);
$line["content"] = sanitize( $line["content_preview"],
$line["content"] = sanitize($line["content_preview"],
sql_bool_to_bool($line['hide_images']), false, $entry_site_url);
foreach ($pluginhost->get_hooks($pluginhost::HOOK_RENDER_ARTICLE_CDM) as $p) {
$line = $p->hook_render_article_cdm($line);
}
if (get_pref( 'VFEED_GROUP_BY_FEED') && $line["feed_title"]) {
if (get_pref('VFEED_GROUP_BY_FEED') && $line["feed_title"]) {
if ($feed_id != $vgroup_last_feed) {
$cur_feed_title = $line["feed_title"];
@ -594,7 +594,7 @@ class Feeds extends Handler_Protected {
id=\"CEXC-$id\" class=\"cdmExcerpt\"> - $content_preview</span>";
$reply['content'] .= "</span>";
if (!get_pref( 'VFEED_GROUP_BY_FEED')) {
if (!get_pref('VFEED_GROUP_BY_FEED')) {
if (@$line["feed_title"]) {
$reply['content'] .= "<div class=\"hlFeed\">
<a href=\"#\" onclick=\"viewfeed($feed_id)\">".
@ -609,7 +609,7 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<div style=\"vertical-align : middle\">";
$reply['content'] .= "$score_pic";
if (!get_pref( "VFEED_GROUP_BY_FEED") && $line["feed_title"]) {
if (!get_pref("VFEED_GROUP_BY_FEED") && $line["feed_title"]) {
$reply['content'] .= "<span style=\"cursor : pointer\"
title=\"".htmlspecialchars($line["feed_title"])."\"
onclick=\"viewfeed($feed_id)\">$feed_icon_img</span>";
@ -633,7 +633,7 @@ class Feeds extends Handler_Protected {
if ($line["orig_feed_id"]) {
$tmp_result = db_query( "SELECT * FROM ttrss_archived_feeds
$tmp_result = db_query("SELECT * FROM ttrss_archived_feeds
WHERE id = ".$line["orig_feed_id"]);
if (db_num_rows($tmp_result) != 0) {
@ -673,7 +673,7 @@ class Feeds extends Handler_Protected {
$always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]);
$reply['content'] .= format_article_enclosures( $id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"]));
$reply['content'] .= format_article_enclosures($id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"]));
$reply['content'] .= "</div>";
@ -757,15 +757,15 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<p><span class=\"insensitive\">";
$result = db_query( "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
$result = db_query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
WHERE owner_uid = " . $_SESSION['uid']);
$last_updated = db_fetch_result($result, 0, "last_updated");
$last_updated = make_local_datetime( $last_updated, false);
$last_updated = make_local_datetime($last_updated, false);
$reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
$result = db_query( "SELECT COUNT(id) AS num_errors
$result = db_query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors");
@ -786,9 +786,9 @@ class Feeds extends Handler_Protected {
}
function catchupAll() {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
last_read = NOW(), unread = false WHERE unread = true AND owner_uid = " . $_SESSION["uid"]);
ccache_zero_all( $_SESSION["uid"]);
ccache_zero_all($_SESSION["uid"]);
}
function view() {
@ -798,17 +798,17 @@ class Feeds extends Handler_Protected {
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$omode = db_escape_string( $_REQUEST["omode"]);
$omode = db_escape_string($_REQUEST["omode"]);
$feed = db_escape_string( $_REQUEST["feed"]);
$method = db_escape_string( $_REQUEST["m"]);
$view_mode = db_escape_string( $_REQUEST["view_mode"]);
$feed = db_escape_string($_REQUEST["feed"]);
$method = db_escape_string($_REQUEST["m"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$limit = 30;
@$cat_view = $_REQUEST["cat"] == "true";
@$next_unread_feed = db_escape_string( $_REQUEST["nuf"]);
@$offset = db_escape_string( $_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string( $_REQUEST["vgrlf"]);
$order_by = db_escape_string( $_REQUEST["order_by"]);
@$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
@$offset = db_escape_string($_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
$order_by = db_escape_string($_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed;
@ -824,18 +824,18 @@ class Feeds extends Handler_Protected {
if ($feed < LABEL_BASE_INDEX) {
$label_feed = feed_to_label_id($feed);
$result = db_query( "SELECT id FROM ttrss_labels2 WHERE
$result = db_query("SELECT id FROM ttrss_labels2 WHERE
id = '$label_feed' AND owner_uid = " . $_SESSION['uid']);
} else if (!$cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} else if ($cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query( "SELECT id FROM ttrss_feed_categories WHERE
$result = db_query("SELECT id FROM ttrss_feed_categories WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
}
if ($result && db_num_rows($result) == 0) {
print json_encode($this->generate_error_feed( __("Feed not found.")));
print json_encode($this->generate_error_feed(__("Feed not found.")));
return;
}
@ -843,21 +843,21 @@ class Feeds extends Handler_Protected {
* so for performance reasons we don't do that here */
if ($feed >= 0) {
ccache_update( $feed, $_SESSION["uid"], $cat_view);
ccache_update($feed, $_SESSION["uid"], $cat_view);
}
set_pref( "_DEFAULT_VIEW_MODE", $view_mode);
set_pref( "_DEFAULT_VIEW_ORDER_BY", $order_by);
set_pref("_DEFAULT_VIEW_MODE", $view_mode);
set_pref("_DEFAULT_VIEW_ORDER_BY", $order_by);
/* bump login timestamp if needed */
if (time() - $_SESSION["last_login_update"] > 3600) {
db_query( "UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]);
$_SESSION["last_login_update"] = time();
}
if (!$cat_view && is_numeric($feed) && $feed > 0) {
db_query( "UPDATE ttrss_feeds SET last_viewed = NOW()
db_query("UPDATE ttrss_feeds SET last_viewed = NOW()
WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
}
@ -924,15 +924,15 @@ class Feeds extends Handler_Protected {
$reply['headlines']['content'] .= "<p><span class=\"insensitive\">";
$result = db_query( "SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
$result = db_query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
WHERE owner_uid = " . $_SESSION['uid']);
$last_updated = db_fetch_result($result, 0, "last_updated");
$last_updated = make_local_datetime( $last_updated, false);
$last_updated = make_local_datetime($last_updated, false);
$reply['headlines']['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
$result = db_query( "SELECT COUNT(id) AS num_errors
$result = db_query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors");
@ -952,7 +952,7 @@ class Feeds extends Handler_Protected {
return $reply;
}
private function generate_error_feed( $error) {
private function generate_error_feed($error) {
$reply = array();
$reply['headlines']['id'] = -6;
@ -986,9 +986,9 @@ class Feeds extends Handler_Protected {
print "<hr/>";
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
print __('Place in category:') . " ";
print_feed_cat_select( "cat", false, 'dojoType="dijit.form.Select"');
print_feed_cat_select("cat", false, 'dojoType="dijit.form.Select"');
}
print "</div>";
@ -1044,7 +1044,7 @@ class Feeds extends Handler_Protected {
function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$browser_search = db_escape_string( $_REQUEST["search"]);
$browser_search = db_escape_string($_REQUEST["search"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
@ -1081,7 +1081,7 @@ class Feeds extends Handler_Protected {
require_once "feedbrowser.php";
print "<ul class='browseFeedList' id='browseFeedList'>";
print make_feed_browser( $search, 25);
print make_feed_browser($search, 25);
print "</ul>";
print "<div align='center'>
@ -1092,7 +1092,7 @@ class Feeds extends Handler_Protected {
}
function search() {
$this->params = explode(":", db_escape_string( $_REQUEST["param"]), 2);
$this->params = explode(":", db_escape_string($_REQUEST["param"]), 2);
$active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false";
@ -1110,12 +1110,12 @@ class Feeds extends Handler_Protected {
print "<select name=\"search_mode\" dojoType=\"dijit.form.Select\">
<option value=\"all_feeds\">".__('All feeds')."</option>";
$feed_title = getFeedTitle( $active_feed_id);
$feed_title = getFeedTitle($active_feed_id);
if (!$is_cat) {
$feed_cat_title = getFeedCatTitle( $active_feed_id);
$feed_cat_title = getFeedCatTitle($active_feed_id);
} else {
$feed_cat_title = getCategoryTitle( $active_feed_id);
$feed_cat_title = getCategoryTitle($active_feed_id);
}
if ($active_feed_id && !$is_cat) {
@ -1128,7 +1128,7 @@ class Feeds extends Handler_Protected {
$cat_preselected = "selected=\"1\"";
}
if (get_pref( 'ENABLE_FEED_CATS') && ($active_feed_id > 0 || $is_cat)) {
if (get_pref('ENABLE_FEED_CATS') && ($active_feed_id > 0 || $is_cat)) {
print "<option $cat_preselected value=\"this_cat\">$feed_cat_title</option>";
} else {
//print "<option disabled>".__('This category')."</option>";

128
classes/handler/public.php
View File

@ -21,7 +21,7 @@ class Handler_Public extends Handler {
else if ($feed == -1)
$date_sort_field = "last_marked DESC";
$qfh_ret = queryFeedHeadlines( $feed,
$qfh_ret = queryFeedHeadlines($feed,
1, $view_mode, $is_cat, $search, $search_mode,
$date_sort_field, $offset, $owner_uid,
false, 0, false, true);
@ -41,7 +41,7 @@ class Handler_Public extends Handler {
header("Last-Modified: $last_modified", true);
}
$qfh_ret = queryFeedHeadlines( $feed,
$qfh_ret = queryFeedHeadlines($feed,
$limit, $view_mode, $is_cat, $search, $search_mode,
$date_sort_field, $offset, $owner_uid,
false, 0, false, true);
@ -54,7 +54,7 @@ class Handler_Public extends Handler {
$feed_self_url = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key( -2, false, $owner_uid);
get_feed_access_key(-2, false, $owner_uid);
if (!$feed_site_url) $feed_site_url = get_self_url_prefix();
@ -82,7 +82,7 @@ class Handler_Public extends Handler {
$tpl->setVariable('ARTICLE_EXCERPT',
truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);
$content = sanitize( $line["content_preview"], false, $owner_uid);
$content = sanitize($line["content_preview"], false, $owner_uid);
if ($line['note']) {
$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
@ -99,14 +99,14 @@ class Handler_Public extends Handler {
$tpl->setVariable('ARTICLE_AUTHOR', htmlspecialchars($line['author']), true);
$tags = get_article_tags( $line["id"], $owner_uid);
$tags = get_article_tags($line["id"], $owner_uid);
foreach ($tags as $tag) {
$tpl->setVariable('ARTICLE_CATEGORY', htmlspecialchars($tag), true);
$tpl->addBlock('category');
}
$enclosures = get_article_enclosures( $line["id"]);
$enclosures = get_article_enclosures($line["id"]);
foreach ($enclosures as $e) {
$type = htmlspecialchars($e['content_type']);
@ -158,13 +158,13 @@ class Handler_Public extends Handler {
$article['link'] = $line['link'];
$article['title'] = $line['title'];
$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
$article['content'] = sanitize( $line["content_preview"], false, $owner_uid);
$article['content'] = sanitize($line["content_preview"], false, $owner_uid);
$article['updated'] = date('c', strtotime($line["updated"]));
if ($line['note']) $article['note'] = $line['note'];
if ($article['author']) $article['author'] = $line['author'];
$tags = get_article_tags( $line["id"], $owner_uid);
$tags = get_article_tags($line["id"], $owner_uid);
if (count($tags) > 0) {
$article['tags'] = array();
@ -174,7 +174,7 @@ class Handler_Public extends Handler {
}
}
$enclosures = get_article_enclosures( $line["id"]);
$enclosures = get_article_enclosures($line["id"]);
if (count($enclosures) > 0) {
$article['enclosures'] = array();
@ -201,19 +201,19 @@ class Handler_Public extends Handler {
}
function getUnread() {
$login = db_escape_string( $_REQUEST["login"]);
$login = db_escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query( "SELECT id FROM ttrss_users WHERE login = '$login'");
$result = db_query("SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id");
print getGlobalUnread( $uid);
print getGlobalUnread($uid);
if ($fresh) {
print ";";
print getFeedArticles( -3, false, true, $uid);
print getFeedArticles(-3, false, true, $uid);
}
} else {
@ -223,9 +223,9 @@ class Handler_Public extends Handler {
}
function getProfiles() {
$login = db_escape_string( $_REQUEST["login"]);
$login = db_escape_string($_REQUEST["login"]);
$result = db_query( "SELECT * FROM ttrss_settings_profiles,ttrss_users
$result = db_query("SELECT * FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>";
@ -243,9 +243,9 @@ class Handler_Public extends Handler {
}
function pubsub() {
$mode = db_escape_string( $_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string( $_REQUEST['id']);
$feed_url = db_escape_string( $_REQUEST['hub_topic']);
$mode = db_escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
@ -255,7 +255,7 @@ class Handler_Public extends Handler {
// TODO: implement hub_verifytoken checking
$result = db_query( "SELECT feed_url FROM ttrss_feeds
$result = db_query("SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'");
if (db_num_rows($result) != 0) {
@ -265,7 +265,7 @@ class Handler_Public extends Handler {
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") {
db_query( "UPDATE ttrss_feeds SET pubsub_state = 2
db_query("UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
@ -273,7 +273,7 @@ class Handler_Public extends Handler {
} else if ($mode == "unsubscribe") {
db_query( "UPDATE ttrss_feeds SET pubsub_state = 0
db_query("UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
@ -282,9 +282,9 @@ class Handler_Public extends Handler {
} else if (!$mode) {
// Received update ping, schedule feed update.
//update_rss_feed( $feed_id, true, true);
//update_rss_feed($feed_id, true, true);
db_query( "UPDATE ttrss_feeds SET
db_query("UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id'");
@ -306,9 +306,9 @@ class Handler_Public extends Handler {
}
function share() {
$uuid = db_escape_string( $_REQUEST["key"]);
$uuid = db_escape_string($_REQUEST["key"]);
$result = db_query( "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
$result = db_query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
if (db_num_rows($result) != 0) {
@ -317,7 +317,7 @@ class Handler_Public extends Handler {
$id = db_fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$article = format_article( $id, false, true, $owner_uid);
$article = format_article($id, false, true, $owner_uid);
print_r($article['content']);
@ -328,28 +328,28 @@ class Handler_Public extends Handler {
}
function rss() {
$feed = db_escape_string( $_REQUEST["id"]);
$key = db_escape_string( $_REQUEST["key"]);
$feed = db_escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string( $_REQUEST["limit"]);
$offset = (int)db_escape_string( $_REQUEST["offset"]);
$limit = (int)db_escape_string($_REQUEST["limit"]);
$offset = (int)db_escape_string($_REQUEST["offset"]);
$search = db_escape_string( $_REQUEST["q"]);
$search_mode = db_escape_string( $_REQUEST["smode"]);
$view_mode = db_escape_string( $_REQUEST["view-mode"]);
$search = db_escape_string($_REQUEST["q"]);
$search_mode = db_escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]);
$format = db_escape_string( $_REQUEST['format']);
$format = db_escape_string($_REQUEST['format']);
if (!$format) $format = 'atom';
if (SINGLE_USER_MODE) {
authenticate_user( "admin", null);
authenticate_user("admin", null);
}
$owner_id = false;
if ($key) {
$result = db_query( "SELECT owner_uid FROM
$result = db_query("SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1)
@ -367,7 +367,7 @@ class Handler_Public extends Handler {
function globalUpdateFeeds() {
include "rssfuncs.php";
// Update all feeds needing a update.
update_daemon_common( 0, true, false);
update_daemon_common(0, true, false);
// Update feedbrowser
update_feedbrowser_cache();
@ -375,7 +375,7 @@ class Handler_Public extends Handler {
// Purge orphans and cleanup tags
purge_orphans();
cleanup_tags( 14, 50000);
cleanup_tags(14, 50000);
global $pluginhost;
$pluginhost->run_hooks($pluginhost::HOOK_UPDATE_TASK, "hook_update_task", $op);
@ -402,12 +402,12 @@ class Handler_Public extends Handler {
if ($action == 'share') {
$title = db_escape_string( strip_tags($_REQUEST["title"]));
$url = db_escape_string( strip_tags($_REQUEST["url"]));
$content = db_escape_string( strip_tags($_REQUEST["content"]));
$labels = db_escape_string( strip_tags($_REQUEST["labels"]));
$title = db_escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"]));
$labels = db_escape_string(strip_tags($_REQUEST["labels"]));
Article::create_published_article( $title, $url, $content, $labels,
Article::create_published_article($title, $url, $content, $labels,
$_SESSION["uid"]);
print "<script type='text/javascript'>";
@ -513,7 +513,7 @@ class Handler_Public extends Handler {
if (!SINGLE_USER_MODE) {
$login = db_escape_string( $_POST["login"]);
$login = db_escape_string($_POST["login"]);
$password = $_POST["password"];
$remember_me = $_POST["remember_me"];
@ -525,18 +525,18 @@ class Handler_Public extends Handler {
@session_start();
if (authenticate_user( $login, $password)) {
if (authenticate_user($login, $password)) {
$_POST["password"] = "";
$_SESSION["language"] = $_POST["language"];
$_SESSION["ref_schema_version"] = get_schema_version( true);
$_SESSION["ref_schema_version"] = get_schema_version(true);
$_SESSION["bw_limit"] = !!$_POST["bw_limit"];
if ($_POST["profile"]) {
$profile = db_escape_string( $_POST["profile"]);
$profile = db_escape_string($_POST["profile"]);
$result = db_query( "SELECT id FROM ttrss_settings_profiles
$result = db_query("SELECT id FROM ttrss_settings_profiles
WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
@ -563,7 +563,7 @@ class Handler_Public extends Handler {
if ($_SESSION["uid"]) {
$feed_url = db_escape_string( trim($_REQUEST["feed_url"]));
$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
header('Content-Type: text/html; charset=utf-8');
print "<html>
@ -577,7 +577,7 @@ class Handler_Public extends Handler {
alt=\"Tiny Tiny RSS\"/>
<h1>".__("Subscribe to feed...")."</h1><div class='content'>";
$rc = subscribe_to_feed( $feed_url);
$rc = subscribe_to_feed($feed_url);
switch ($rc['code']) {
case 0:
@ -625,7 +625,7 @@ class Handler_Public extends Handler {
$tt_uri = get_self_url_prefix();
if ($rc['code'] <= 2){
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
$feed_id = db_fetch_result($result, 0, "id");
@ -656,16 +656,16 @@ class Handler_Public extends Handler {
}
function subscribe2() {
$feed_url = db_escape_string( trim($_REQUEST["feed_url"]));
$cat_id = db_escape_string( $_REQUEST["cat_id"]);
$from = db_escape_string( $_REQUEST["from"]);
$feed_url = db_escape_string(trim($_REQUEST["feed_url"]));
$cat_id = db_escape_string($_REQUEST["cat_id"]);
$from = db_escape_string($_REQUEST["from"]);
/* only read authentication information from POST */
$auth_login = db_escape_string( trim($_POST["auth_login"]));
$auth_pass = db_escape_string( trim($_POST["auth_pass"]));
$auth_login = db_escape_string(trim($_POST["auth_login"]));
$auth_pass = db_escape_string(trim($_POST["auth_pass"]));
$rc = subscribe_to_feed( $feed_url, $cat_id, $auth_login, $auth_pass);
$rc = subscribe_to_feed($feed_url, $cat_id, $auth_login, $auth_pass);
switch ($rc) {
case 1:
@ -712,7 +712,7 @@ class Handler_Public extends Handler {
$tt_uri = get_self_url_prefix();
if ($rc <= 2){
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
$feed_id = db_fetch_result($result, 0, "id");
@ -788,9 +788,9 @@ class Handler_Public extends Handler {
print "</form>";
} else if ($method == 'do') {
$login = db_escape_string( $_POST["login"]);
$email = db_escape_string( $_POST["email"]);
$test = db_escape_string( $_POST["test"]);
$login = db_escape_string($_POST["login"]);
$email = db_escape_string($_POST["email"]);
$test = db_escape_string($_POST["test"]);
if (($test != 4 && $test != 'four') || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.'));
@ -802,13 +802,13 @@ class Handler_Public extends Handler {
} else {
$result = db_query( "SELECT id FROM ttrss_users
$result = db_query("SELECT id FROM ttrss_users
WHERE login = '$login' AND email = '$email'");
if (db_num_rows($result) != 0) {
$id = db_fetch_result($result, 0, "id");
Pref_Users::resetUserPassword( $id, false);
Pref_Users::resetUserPassword($id, false);
print "<p>";
@ -869,7 +869,7 @@ class Handler_Public extends Handler {
<?php
@$op = $_REQUEST["subop"];
$updater = new DbUpdater( DB_TYPE, SCHEMA_VERSION);
$updater = new DbUpdater(DB_TYPE, SCHEMA_VERSION);
if ($op == "performupdate") {
if ($updater->isUpdateRequired()) {

2
classes/logger/sql.php
View File

@ -12,7 +12,7 @@ class Logger_SQL {
$file = Db::get()->escape_string($file);
$line = Db::get()->escape_string($line);
$context = ''; // backtrace is a lot of data which is not really critical to store
//$context = db_escape_string( serialize($context));
//$context = db_escape_string(serialize($context));
$owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";

98
classes/opml.php
View File

@ -32,7 +32,7 @@ class Opml extends Handler_Protected {
<div class=\"floatingLogo\"><img src=\"images/logo_small.png\"></div>
<h1>".__('OPML Utility')."</h1><div class='content'>";
add_feed_category( "Imported feeds");
add_feed_category("Imported feeds");
$this->opml_notice(__("Importing OPML..."));
$this->opml_import($owner_uid);
@ -66,14 +66,14 @@ class Opml extends Handler_Protected {
$out = "";
if ($cat_id) {
$result = db_query( "SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id'
$result = db_query("SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id'
AND owner_uid = '$owner_uid'");
$cat_title = htmlspecialchars(db_fetch_result($result, 0, "title"));
}
if ($cat_title) $out .= "<outline text=\"$cat_title\">\n";
$result = db_query( "SELECT id,title
$result = db_query("SELECT id,title
FROM ttrss_feed_categories WHERE
$cat_qpart AND owner_uid = '$owner_uid' ORDER BY order_id, title");
@ -82,7 +82,7 @@ class Opml extends Handler_Protected {
$out .= $this->opml_export_category($owner_uid, $line["id"], $hide_private_feeds);
}
$feeds_result = db_query( "select title, feed_url, site_url
$feeds_result = db_query("select title, feed_url, site_url
from ttrss_feeds where $feed_cat_qpart AND owner_uid = '$owner_uid' AND $hide_qpart
order by order_id, title");
@ -131,7 +131,7 @@ class Opml extends Handler_Protected {
if ($include_settings) {
$out .= "<outline text=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query( "SELECT pref_name, value FROM ttrss_user_prefs WHERE
$result = db_query("SELECT pref_name, value FROM ttrss_user_prefs WHERE
profile IS NULL AND owner_uid = " . $_SESSION["uid"] . " ORDER BY pref_name");
while ($line = db_fetch_assoc($result)) {
@ -145,7 +145,7 @@ class Opml extends Handler_Protected {
$out .= "<outline text=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query( "SELECT * FROM ttrss_labels2 WHERE
$result = db_query("SELECT * FROM ttrss_labels2 WHERE
owner_uid = " . $_SESSION['uid']);
while ($line = db_fetch_assoc($result)) {
@ -161,7 +161,7 @@ class Opml extends Handler_Protected {
$out .= "<outline text=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query( "SELECT * FROM ttrss_filters2
$result = db_query("SELECT * FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY id");
while ($line = db_fetch_assoc($result)) {
@ -172,7 +172,7 @@ class Opml extends Handler_Protected {
$line["rules"] = array();
$line["actions"] = array();
$tmp_result = db_query( "SELECT * FROM ttrss_filters2_rules
$tmp_result = db_query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = ".$line["id"]);
while ($tmp_line = db_fetch_assoc($tmp_result)) {
@ -197,7 +197,7 @@ class Opml extends Handler_Protected {
array_push($line["rules"], $tmp_line);
}
$tmp_result = db_query( "SELECT * FROM ttrss_filters2_actions
$tmp_result = db_query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = ".$line["id"]);
while ($tmp_line = db_fetch_assoc($tmp_result)) {
@ -253,16 +253,16 @@ class Opml extends Handler_Protected {
private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
$attrs = $node->attributes;
$feed_title = db_escape_string( mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
if (!$feed_title) $feed_title = db_escape_string( mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
$feed_title = db_escape_string(mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
if (!$feed_title) $feed_title = db_escape_string(mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
$feed_url = db_escape_string( mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
if (!$feed_url) $feed_url = db_escape_string( mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
$feed_url = db_escape_string(mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
if (!$feed_url) $feed_url = db_escape_string(mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
$site_url = db_escape_string( mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
$site_url = db_escape_string(mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
if ($feed_url && $feed_title) {
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = '$owner_uid'");
if (db_num_rows($result) == 0) {
@ -275,7 +275,7 @@ class Opml extends Handler_Protected {
(title, feed_url, owner_uid, cat_id, site_url, order_id) VALUES
('$feed_title', '$feed_url', '$owner_uid',
$cat_id, '$site_url', 0)";
db_query( $query);
db_query($query);
} else {
$this->opml_notice(T_sprintf("Duplicate feed: %s", $feed_title));
@ -285,15 +285,15 @@ class Opml extends Handler_Protected {
private function opml_import_label($doc, $node, $owner_uid) {
$attrs = $node->attributes;
$label_name = db_escape_string( $attrs->getNamedItem('label-name')->nodeValue);
$label_name = db_escape_string($attrs->getNamedItem('label-name')->nodeValue);
if ($label_name) {
$fg_color = db_escape_string( $attrs->getNamedItem('label-fg-color')->nodeValue);
$bg_color = db_escape_string( $attrs->getNamedItem('label-bg-color')->nodeValue);
$fg_color = db_escape_string($attrs->getNamedItem('label-fg-color')->nodeValue);
$bg_color = db_escape_string($attrs->getNamedItem('label-bg-color')->nodeValue);
if (!label_find_id( $label_name, $_SESSION['uid'])) {
if (!label_find_id($label_name, $_SESSION['uid'])) {
$this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name)));
label_create( $label_name, $fg_color, $bg_color, $owner_uid);
label_create($label_name, $fg_color, $bg_color, $owner_uid);
} else {
$this->opml_notice(T_sprintf("Duplicate label: %s", htmlspecialchars($label_name)));
}
@ -302,22 +302,22 @@ class Opml extends Handler_Protected {
private function opml_import_preference($doc, $node, $owner_uid) {
$attrs = $node->attributes;
$pref_name = db_escape_string( $attrs->getNamedItem('pref-name')->nodeValue);
$pref_name = db_escape_string($attrs->getNamedItem('pref-name')->nodeValue);
if ($pref_name) {
$pref_value = db_escape_string( $attrs->getNamedItem('value')->nodeValue);
$pref_value = db_escape_string($attrs->getNamedItem('value')->nodeValue);
$this->opml_notice(T_sprintf("Setting preference key %s to %s",
$pref_name, $pref_value));
set_pref( $pref_name, $pref_value);
set_pref($pref_name, $pref_value);
}
}
private function opml_import_filter($doc, $node, $owner_uid) {
$attrs = $node->attributes;
$filter_type = db_escape_string( $attrs->getNamedItem('filter-type')->nodeValue);
$filter_type = db_escape_string($attrs->getNamedItem('filter-type')->nodeValue);
if ($filter_type == '2') {
$filter = json_decode($node->nodeValue, true);
@ -326,12 +326,12 @@ class Opml extends Handler_Protected {
$match_any_rule = bool_to_sql_bool($filter["match_any_rule"]);
$enabled = bool_to_sql_bool($filter["enabled"]);
db_query( "BEGIN");
db_query("BEGIN");
db_query( "INSERT INTO ttrss_filters2 (match_any_rule,enabled,owner_uid)
db_query("INSERT INTO ttrss_filters2 (match_any_rule,enabled,owner_uid)
VALUES ($match_any_rule, $enabled,".$_SESSION["uid"].")");
$result = db_query( "SELECT MAX(id) AS id FROM ttrss_filters2 WHERE
$result = db_query("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE
owner_uid = ".$_SESSION["uid"]);
$filter_id = db_fetch_result($result, 0, "id");
@ -343,14 +343,14 @@ class Opml extends Handler_Protected {
$cat_id = "NULL";
if (!$rule["cat_filter"]) {
$tmp_result = db_query( "SELECT id FROM ttrss_feeds
WHERE title = '".db_escape_string( $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
$tmp_result = db_query("SELECT id FROM ttrss_feeds
WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) {
$feed_id = db_fetch_result($tmp_result, 0, "id");
}
} else {
$tmp_result = db_query( "SELECT id FROM ttrss_feed_categories
WHERE title = '".db_escape_string( $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
$tmp_result = db_query("SELECT id FROM ttrss_feed_categories
WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) {
$cat_id = db_fetch_result($tmp_result, 0, "id");
@ -358,24 +358,24 @@ class Opml extends Handler_Protected {
}
$cat_filter = bool_to_sql_bool($rule["cat_filter"]);
$reg_exp = db_escape_string( $rule["reg_exp"]);
$reg_exp = db_escape_string($rule["reg_exp"]);
$filter_type = (int)$rule["filter_type"];
db_query( "INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter)
db_query("INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter)
VALUES ($feed_id, $cat_id, $filter_id, $filter_type, '$reg_exp', $cat_filter)");
}
foreach ($filter["actions"] as $action) {
$action_id = (int)$action["action_id"];
$action_param = db_escape_string( $action["action_param"]);
$action_param = db_escape_string($action["action_param"]);
db_query( "INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param)
db_query("INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param)
VALUES ($filter_id, $action_id, '$action_param')");
}
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
}
@ -383,22 +383,22 @@ class Opml extends Handler_Protected {
private function opml_import_category($doc, $root_node, $owner_uid, $parent_id) {
$body = $doc->getElementsByTagName('body');
$default_cat_id = (int) get_feed_category( 'Imported feeds', false);
$default_cat_id = (int) get_feed_category('Imported feeds', false);
if ($root_node) {
$cat_title = db_escape_string( mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
$cat_title = db_escape_string(mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
if (!$cat_title)
$cat_title = db_escape_string( mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
$cat_title = db_escape_string(mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = get_feed_category( $cat_title, $parent_id);
db_query( "BEGIN");
$cat_id = get_feed_category($cat_title, $parent_id);
db_query("BEGIN");
if ($cat_id === false) {
add_feed_category( $cat_title, $parent_id);
$cat_id = get_feed_category( $cat_title, $parent_id);
add_feed_category($cat_title, $parent_id);
$cat_id = get_feed_category($cat_title, $parent_id);
}
db_query( "COMMIT");
db_query("COMMIT");
} else {
$cat_id = 0;
}
@ -418,12 +418,12 @@ class Opml extends Handler_Protected {
foreach ($outlines as $node) {
if ($node->hasAttributes() && strtolower($node->tagName) == "outline") {
$attrs = $node->attributes;
$node_cat_title = db_escape_string( $attrs->getNamedItem('text')->nodeValue);
$node_cat_title = db_escape_string($attrs->getNamedItem('text')->nodeValue);
if (!$node_cat_title)
$node_cat_title = db_escape_string( $attrs->getNamedItem('title')->nodeValue);
$node_cat_title = db_escape_string($attrs->getNamedItem('title')->nodeValue);
$node_feed_url = db_escape_string( $attrs->getNamedItem('xmlUrl')->nodeValue);
$node_feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
if ($node_cat_title && !$node_feed_url) {
$this->opml_import_category($doc, $node, $owner_uid, $cat_id);
@ -508,7 +508,7 @@ class Opml extends Handler_Protected {
$url_path = get_self_url_prefix();
$url_path .= "/opml.php?op=publish&key=" .
get_feed_access_key( 'OPML:Publish', false, $_SESSION["uid"]);
get_feed_access_key('OPML:Publish', false, $_SESSION["uid"]);
return $url_path;
}

18
classes/pluginhost.php
View File

@ -222,9 +222,9 @@ class PluginHost {
function load_data($force = false) {
if ($this->owner_uid && (!$_SESSION["plugin_storage"] || $force)) {
$plugin = db_escape_string( $plugin);
$plugin = db_escape_string($plugin);
$result = db_query( "SELECT name, content FROM ttrss_plugin_storage
$result = db_query("SELECT name, content FROM ttrss_plugin_storage
WHERE owner_uid = '".$this->owner_uid."'");
while ($line = db_fetch_assoc($result)) {
@ -237,9 +237,9 @@ class PluginHost {
private function save_data($plugin) {
if ($this->owner_uid) {
$plugin = db_escape_string( $plugin);
$plugin = db_escape_string($plugin);
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query("SELECT id FROM ttrss_plugin_storage WHERE
owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
@ -247,19 +247,19 @@ class PluginHost {
if (!isset($this->storage[$plugin]))
$this->storage[$plugin] = array();
$content = db_escape_string( serialize($this->storage[$plugin]));
$content = db_escape_string(serialize($this->storage[$plugin]));
if (db_num_rows($result) != 0) {
db_query( "UPDATE ttrss_plugin_storage SET content = '$content'
db_query("UPDATE ttrss_plugin_storage SET content = '$content'
WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
} else {
db_query( "INSERT INTO ttrss_plugin_storage
db_query("INSERT INTO ttrss_plugin_storage
(name,owner_uid,content) VALUES
('$plugin','".$this->owner_uid."','$content')");
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
@ -298,7 +298,7 @@ class PluginHost {
unset($this->storage[$idx]);
db_query( "DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
db_query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
AND owner_uid = " . $this->owner_uid);
$_SESSION["plugin_storage"] = $this->storage;

268
classes/pref/feeds.php
View File

@ -15,11 +15,11 @@ class Pref_Feeds extends Handler_Protected {
}
function renamecat() {
$title = db_escape_string( $_REQUEST['title']);
$id = db_escape_string( $_REQUEST['id']);
$title = db_escape_string($_REQUEST['title']);
$id = db_escape_string($_REQUEST['id']);
if ($title) {
db_query( "UPDATE ttrss_feed_categories SET
db_query("UPDATE ttrss_feed_categories SET
title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
}
return;
@ -37,11 +37,11 @@ class Pref_Feeds extends Handler_Protected {
// first one is set by API
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search &&
get_pref( '_PREFS_SHOW_EMPTY_CATS'));
get_pref('_PREFS_SHOW_EMPTY_CATS'));
$items = array();
$result = db_query( "SELECT id, title FROM ttrss_feed_categories
$result = db_query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) {
@ -65,7 +65,7 @@ class Pref_Feeds extends Handler_Protected {
}
$feed_result = db_query( "SELECT id, title, last_error,
$feed_result = db_query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"].
@ -108,7 +108,7 @@ class Pref_Feeds extends Handler_Protected {
$root['items'] = array();
$root['type'] = 'category';
$enable_cats = get_pref( 'ENABLE_FEED_CATS');
$enable_cats = get_pref('ENABLE_FEED_CATS');
if ($_REQUEST['mode'] == 2) {
@ -154,12 +154,12 @@ class Pref_Feeds extends Handler_Protected {
$root['items'] = array_merge($root['items'], $cat['items']);
}
$result = db_query( "SELECT * FROM
$result = db_query("SELECT * FROM
ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption");
if (db_num_rows($result) > 0) {
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
$cat = $this->feedlist_init_cat(-2);
} else {
$cat['items'] = array();
@ -188,9 +188,9 @@ class Pref_Feeds extends Handler_Protected {
if ($enable_cats) {
$show_empty_cats = $_REQUEST['force_show_empty'] ||
($_REQUEST['mode'] != 2 && !$search &&
get_pref( '_PREFS_SHOW_EMPTY_CATS'));
get_pref('_PREFS_SHOW_EMPTY_CATS'));
$result = db_query( "SELECT id, title FROM ttrss_feed_categories
$result = db_query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) {
@ -226,7 +226,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['unread'] = 0;
$cat['child_unread'] = 0;
$feed_result = db_query( "SELECT id, title,last_error,
$feed_result = db_query("SELECT id, title,last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"].
@ -257,7 +257,7 @@ class Pref_Feeds extends Handler_Protected {
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
} else {
$feed_result = db_query( "SELECT id, title, last_error,
$feed_result = db_query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE owner_uid = ".$_SESSION["uid"].
@ -296,20 +296,20 @@ class Pref_Feeds extends Handler_Protected {
}
function catsortreset() {
db_query( "UPDATE ttrss_feed_categories
db_query("UPDATE ttrss_feed_categories
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
function feedsortreset() {
db_query( "UPDATE ttrss_feeds
db_query("UPDATE ttrss_feeds
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
function togglehiddenfeedcats() {
set_pref( '_PREFS_SHOW_EMPTY_CATS',
(get_pref( '_PREFS_SHOW_EMPTY_CATS') ? 'false' : 'true'));
set_pref('_PREFS_SHOW_EMPTY_CATS',
(get_pref('_PREFS_SHOW_EMPTY_CATS') ? 'false' : 'true'));
}
private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) {
@ -326,12 +326,12 @@ class Pref_Feeds extends Handler_Protected {
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
$parent_qpart = db_escape_string( $parent_bare_id);
$parent_qpart = db_escape_string($parent_bare_id);
} else {
$parent_qpart = 'NULL';
}
db_query( "UPDATE ttrss_feed_categories
db_query("UPDATE ttrss_feed_categories
SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@ -352,12 +352,12 @@ class Pref_Feeds extends Handler_Protected {
if (strpos($id, "FEED") === 0) {
$cat_id = ($item_id != "root") ?
db_escape_string( $bare_item_id) : "NULL";
db_escape_string($bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL";
db_query( "UPDATE ttrss_feeds
db_query("UPDATE ttrss_feeds
SET order_id = $order_id, $cat_qpart
WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
@ -367,12 +367,12 @@ class Pref_Feeds extends Handler_Protected {
$nest_level+1);
if ($item_id != 'root') {
$parent_qpart = db_escape_string( $bare_id);
$parent_qpart = db_escape_string($bare_id);
} else {
$parent_qpart = 'NULL';
}
db_query( "UPDATE ttrss_feed_categories
db_query("UPDATE ttrss_feed_categories
SET order_id = '$order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected {
++$cat_order_id;
if ($bare_id > 0) {
db_query( "UPDATE ttrss_feed_categories
db_query("UPDATE ttrss_feed_categories
SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@ -441,7 +441,7 @@ class Pref_Feeds extends Handler_Protected {
else
$cat_query = "cat_id = NULL";
db_query( "UPDATE ttrss_feeds
db_query("UPDATE ttrss_feeds
SET order_id = '$feed_order_id',
$cat_query
WHERE id = '$feed_id' AND
@ -457,15 +457,15 @@ class Pref_Feeds extends Handler_Protected {
}
function removeicon() {
$feed_id = db_escape_string( $_REQUEST["feed_id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$result = db_query( "SELECT id FROM ttrss_feeds
$result = db_query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
@unlink(ICONS_DIR . "/$feed_id.ico");
db_query( "UPDATE ttrss_feeds SET favicon_avg_color = NULL
db_query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
where id = '$feed_id'");
}
@ -491,12 +491,12 @@ class Pref_Feeds extends Handler_Protected {
}
$icon_file = $tmp_file;
$feed_id = db_escape_string( $_REQUEST["feed_id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 20000) {
$result = db_query( "SELECT id FROM ttrss_feeds
$result = db_query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
@ -508,7 +508,7 @@ class Pref_Feeds extends Handler_Protected {
$favicon_color = db_escape_string(
calculate_avg_color(ICONS_DIR . "/$feed_id.ico"));
db_query( "UPDATE ttrss_feeds SET
db_query("UPDATE ttrss_feeds SET
favicon_avg_color = '$favicon_color'
WHERE id = '$feed_id'");
@ -536,7 +536,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
$feed_id = db_escape_string( $_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["id"]);
$result = db_query(
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
@ -585,7 +585,7 @@ class Pref_Feeds extends Handler_Protected {
/* Category */
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
$cat_id = db_fetch_result($result, 0, "cat_id");
@ -593,7 +593,7 @@ class Pref_Feeds extends Handler_Protected {
print __('Place in category:') . " ";
print_feed_cat_select( "cat_id", $cat_id,
print_feed_cat_select("cat_id", $cat_id,
'dojoType="dijit.form.Select"');
}
@ -782,7 +782,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
$feed_ids = db_escape_string( $_REQUEST["ids"]);
$feed_ids = db_escape_string($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
@ -816,13 +816,13 @@ class Pref_Feeds extends Handler_Protected {
/* Category */
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
print "<br/>";
print __('Place in category:') . " ";
print_feed_cat_select( "cat_id", $cat_id,
print_feed_cat_select("cat_id", $cat_id,
'disabled="1" dojoType="dijit.form.Select"');
$this->batch_edit_cbox("cat_id");
@ -938,27 +938,27 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
$feed_title = db_escape_string( trim($_POST["title"]));
$feed_link = db_escape_string( trim($_POST["feed_url"]));
$upd_intl = (int) db_escape_string( $_POST["update_interval"]);
$purge_intl = (int) db_escape_string( $_POST["purge_interval"]);
$feed_id = (int) db_escape_string( $_POST["id"]); /* editSave */
$feed_ids = db_escape_string( $_POST["ids"]); /* batchEditSave */
$cat_id = (int) db_escape_string( $_POST["cat_id"]);
$auth_login = db_escape_string( trim($_POST["auth_login"]));
$feed_title = db_escape_string(trim($_POST["title"]));
$feed_link = db_escape_string(trim($_POST["feed_url"]));
$upd_intl = (int) db_escape_string($_POST["update_interval"]);
$purge_intl = (int) db_escape_string($_POST["purge_interval"]);
$feed_id = (int) db_escape_string($_POST["id"]); /* editSave */
$feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */
$cat_id = (int) db_escape_string($_POST["cat_id"]);
$auth_login = db_escape_string(trim($_POST["auth_login"]));
$auth_pass = trim($_POST["auth_pass"]);
$private = checkbox_to_sql_bool(db_escape_string( $_POST["private"]));
$private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
db_escape_string( $_POST["include_in_digest"]));
db_escape_string($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
db_escape_string( $_POST["cache_images"]));
db_escape_string($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
db_escape_string( $_POST["hide_images"]));
db_escape_string($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
db_escape_string( $_POST["always_display_enclosures"]));
db_escape_string($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
db_escape_string( $_POST["mark_unread_on_update"]));
db_escape_string($_POST["mark_unread_on_update"]));
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
@ -968,9 +968,9 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false';
}
$auth_pass = db_escape_string( $auth_pass);
$auth_pass = db_escape_string($auth_pass);
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) {
$category_qpart = "cat_id = '$cat_id',";
$category_qpart_nocomma = "cat_id = '$cat_id'";
@ -985,7 +985,7 @@ class Pref_Feeds extends Handler_Protected {
if (!$batch) {
$result = db_query( "UPDATE ttrss_feeds SET
$result = db_query("UPDATE ttrss_feeds SET
$category_qpart
title = '$feed_title', feed_url = '$feed_link',
update_interval = '$upd_intl',
@ -1010,7 +1010,7 @@ class Pref_Feeds extends Handler_Protected {
}
}
db_query( "BEGIN");
db_query("BEGIN");
foreach (array_keys($feed_data) as $k) {
@ -1080,16 +1080,16 @@ class Pref_Feeds extends Handler_Protected {
}
}
db_query( "COMMIT");
db_query("COMMIT");
}
return;
}
function resetPubSub() {
$ids = db_escape_string( $_REQUEST["ids"]);
$ids = db_escape_string($_REQUEST["ids"]);
db_query( "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
db_query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
AND owner_uid = " . $_SESSION["uid"]);
return;
@ -1097,30 +1097,30 @@ class Pref_Feeds extends Handler_Protected {
function remove() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed( $id, $_SESSION["uid"]);
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
}
return;
}
function clear() {
$id = db_escape_string( $_REQUEST["id"]);
$this->clear_feed_articles( $id);
$id = db_escape_string($_REQUEST["id"]);
$this->clear_feed_articles($id);
}
function rescore() {
require_once "rssfuncs.php";
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$filters = load_filters( $id, $_SESSION["uid"], 6);
$filters = load_filters($id, $_SESSION["uid"], 6);
$result = db_query( "SELECT
$result = db_query("SELECT
title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM
@ -1133,7 +1133,7 @@ class Pref_Feeds extends Handler_Protected {
while ($line = db_fetch_assoc($result)) {
$tags = get_article_tags( $line["ref_id"]);
$tags = get_article_tags($line["ref_id"]);
$article_filters = get_article_filters($filters, $line['title'],
$line['content'], $line['link'], strtotime($line['updated']),
@ -1148,15 +1148,15 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) {
if ($s > 1000) {
db_query( "UPDATE ttrss_user_entries SET score = '$s',
db_query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else if ($s < -500) {
db_query( "UPDATE ttrss_user_entries SET score = '$s',
db_query("UPDATE ttrss_user_entries SET score = '$s',
unread = false WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else {
db_query( "UPDATE ttrss_user_entries SET score = '$s' WHERE
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
}
}
@ -1175,9 +1175,9 @@ class Pref_Feeds extends Handler_Protected {
$id = $feed_line["id"];
$filters = load_filters( $id, $_SESSION["uid"], 6);
$filters = load_filters($id, $_SESSION["uid"], 6);
$tmp_result = db_query( "SELECT
$tmp_result = db_query("SELECT
title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM
@ -1190,7 +1190,7 @@ class Pref_Feeds extends Handler_Protected {
while ($line = db_fetch_assoc($tmp_result)) {
$tags = get_article_tags( $line["ref_id"]);
$tags = get_article_tags($line["ref_id"]);
$article_filters = get_article_filters($filters, $line['title'],
$line['content'], $line['link'], strtotime($line['updated']),
@ -1205,11 +1205,11 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) {
if ($s > 1000) {
db_query( "UPDATE ttrss_user_entries SET score = '$s',
db_query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else {
db_query( "UPDATE ttrss_user_entries SET score = '$s' WHERE
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
}
}
@ -1220,9 +1220,9 @@ class Pref_Feeds extends Handler_Protected {
}
function categorize() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cat_id = db_escape_string( $_REQUEST["cat_id"]);
$cat_id = db_escape_string($_REQUEST["cat_id"]);
if ($cat_id == 0) {
$cat_id_qpart = 'NULL';
@ -1230,30 +1230,30 @@ class Pref_Feeds extends Handler_Protected {
$cat_id_qpart = "'$cat_id'";
}
db_query( "BEGIN");
db_query("BEGIN");
foreach ($ids as $id) {
db_query( "UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
db_query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
db_query( "COMMIT");
db_query("COMMIT");
}
function removeCat() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category( $id, $_SESSION["uid"]);
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
$feed_cat = db_escape_string( trim($_REQUEST["cat"]));
$feed_cat = db_escape_string(trim($_REQUEST["cat"]));
add_feed_category( $feed_cat);
add_feed_category($feed_cat);
}
function index() {
@ -1261,7 +1261,7 @@ class Pref_Feeds extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">";
$result = db_query( "SELECT COUNT(id) AS num_errors
$result = db_query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors");
@ -1279,7 +1279,7 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
$result = db_query( "SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
$result = db_query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
@ -1293,7 +1293,7 @@ class Pref_Feeds extends Handler_Protected {
__("Inactive feeds") . "</button>";
}
$feed_search = db_escape_string( $_REQUEST["search"]);
$feed_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
@ -1336,7 +1336,7 @@ class Pref_Feeds extends Handler_Protected {
.__('Unsubscribe')."</div> ";
print "</div></div>";
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Categories')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
@ -1522,14 +1522,14 @@ class Pref_Feeds extends Handler_Protected {
$cat_id = (int) $cat_id;
if ($cat_id > 0) {
$cat_unread = ccache_find( $cat_id, $_SESSION["uid"], true);
$cat_unread = ccache_find($cat_id, $_SESSION["uid"], true);
} else if ($cat_id == 0 || $cat_id == -2) {
$cat_unread = getCategoryUnread( $cat_id);
$cat_unread = getCategoryUnread($cat_id);
}
$obj['id'] = 'CAT:' . $cat_id;
$obj['items'] = array();
$obj['name'] = getCategoryTitle( $cat_id);
$obj['name'] = getCategoryTitle($cat_id);
$obj['type'] = 'category';
$obj['unread'] = (int) $cat_unread;
$obj['bare_id'] = $cat_id;
@ -1542,10 +1542,10 @@ class Pref_Feeds extends Handler_Protected {
$feed_id = (int) $feed_id;
if (!$title)
$title = getFeedTitle( $feed_id, false);
$title = getFeedTitle($feed_id, false);
if ($unread === false)
$unread = getFeedUnread( $feed_id, false);
$unread = getFeedUnread($feed_id, false);
$obj['id'] = 'FEED:' . $feed_id;
$obj['name'] = $title;
@ -1567,7 +1567,7 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
$result = db_query( "SELECT ttrss_feeds.title, ttrss_feeds.site_url,
$result = db_query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
@ -1621,7 +1621,7 @@ class Pref_Feeds extends Handler_Protected {
htmlspecialchars($line["title"])."</a>";
print "</td><td class=\"insensitive\" align='right'>";
print make_local_datetime( $line['last_article'], false);
print make_local_datetime($line['last_article'], false);
print "</td>";
print "</tr>";
@ -1648,7 +1648,7 @@ class Pref_Feeds extends Handler_Protected {
print "<h2>" . __("These feeds have not been updated because of errors:") .
"</h2>";
$result = db_query( "SELECT id,title,feed_url,last_error,site_url
$result = db_query("SELECT id,title,feed_url,last_error,site_url
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
print "<div dojoType=\"dijit.Toolbar\">";
@ -1725,50 +1725,50 @@ class Pref_Feeds extends Handler_Protected {
private function clear_feed_articles($id) {
if ($id != 0) {
$result = db_query( "DELETE FROM ttrss_user_entries
$result = db_query("DELETE FROM ttrss_user_entries
WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]);
} else {
$result = db_query( "DELETE FROM ttrss_user_entries
$result = db_query("DELETE FROM ttrss_user_entries
WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]);
}
$result = db_query( "DELETE FROM ttrss_entries WHERE
$result = db_query("DELETE FROM ttrss_entries WHERE
(SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0");
ccache_update( $id, $_SESSION['uid']);
ccache_update($id, $_SESSION['uid']);
} // function clear_feed_articles
private function remove_feed_category( $id, $owner_uid) {
private function remove_feed_category($id, $owner_uid) {
db_query( "DELETE FROM ttrss_feed_categories
db_query("DELETE FROM ttrss_feed_categories
WHERE id = '$id' AND owner_uid = $owner_uid");
ccache_remove( $id, $owner_uid, true);
ccache_remove($id, $owner_uid, true);
}
static function remove_feed( $id, $owner_uid) {
static function remove_feed($id, $owner_uid) {
if ($id > 0) {
/* save starred articles in Archived feed */
db_query( "BEGIN");
db_query("BEGIN");
/* prepare feed if necessary */
$result = db_query( "SELECT feed_url FROM ttrss_feeds WHERE id = $id
$result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = $id
AND owner_uid = $owner_uid");
$feed_url = db_escape_string( db_fetch_result($result, 0, "feed_url"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$result = db_query( "SELECT id FROM ttrss_archived_feeds
$result = db_query("SELECT id FROM ttrss_archived_feeds
WHERE feed_url = '$feed_url' AND owner_uid = $owner_uid");
if (db_num_rows($result) == 0) {
$result = db_query( "SELECT MAX(id) AS id FROM ttrss_archived_feeds");
$result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds");
$new_feed_id = (int)db_fetch_result($result, 0, "id") + 1;
db_query( "INSERT INTO ttrss_archived_feeds
db_query("INSERT INTO ttrss_archived_feeds
(id, owner_uid, title, feed_url, site_url)
SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds
WHERE id = '$id'");
@ -1778,31 +1778,31 @@ class Pref_Feeds extends Handler_Protected {
$archive_id = db_fetch_result($result, 0, "id");
}
db_query( "UPDATE ttrss_user_entries SET feed_id = NULL,
db_query("UPDATE ttrss_user_entries SET feed_id = NULL,
orig_feed_id = '$archive_id' WHERE feed_id = '$id' AND
marked = true AND owner_uid = $owner_uid");
/* Remove access key for the feed */
db_query( "DELETE FROM ttrss_access_keys WHERE
db_query("DELETE FROM ttrss_access_keys WHERE
feed_id = '$id' AND owner_uid = $owner_uid");
/* remove the feed */
db_query( "DELETE FROM ttrss_feeds
db_query("DELETE FROM ttrss_feeds
WHERE id = '$id' AND owner_uid = $owner_uid");
db_query( "COMMIT");
db_query("COMMIT");
if (file_exists(ICONS_DIR . "/$id.ico")) {
unlink(ICONS_DIR . "/$id.ico");
}
ccache_remove( $id, $owner_uid);
ccache_remove($id, $owner_uid);
} else {
label_remove( feed_to_label_id($id), $owner_uid);
//ccache_remove( $id, $owner_uid); don't think labels are cached
label_remove(feed_to_label_id($id), $owner_uid);
//ccache_remove($id, $owner_uid); don't think labels are cached
}
}
@ -1813,9 +1813,9 @@ class Pref_Feeds extends Handler_Protected {
print "<table width='100%'><tr><td>
".__("Add one valid RSS feed per line (no feed detection is done)")."
</td><td align='right'>";
if (get_pref( 'ENABLE_FEED_CATS')) {
if (get_pref('ENABLE_FEED_CATS')) {
print __('Place in category:') . " ";
print_feed_cat_select( "cat", false, 'dojoType="dijit.form.Select"');
print_feed_cat_select("cat", false, 'dojoType="dijit.form.Select"');
}
print "</td></tr><tr><td colspan='2'>";
print "<textarea
@ -1855,17 +1855,17 @@ class Pref_Feeds extends Handler_Protected {
}
function batchAddFeeds() {
$cat_id = db_escape_string( $_REQUEST['cat']);
$cat_id = db_escape_string($_REQUEST['cat']);
$feeds = explode("\n", $_REQUEST['feeds']);
$login = db_escape_string( $_REQUEST['login']);
$login = db_escape_string($_REQUEST['login']);
$pass = trim($_REQUEST['pass']);
foreach ($feeds as $feed) {
$feed = db_escape_string( trim($feed));
$feed = db_escape_string(trim($feed));
if (validate_feed_url($feed)) {
db_query( "BEGIN");
db_query("BEGIN");
if ($cat_id == "0" || !$cat_id) {
$cat_qpart = "NULL";
@ -1885,7 +1885,7 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false';
}
$pass = db_escape_string( $pass);
$pass = db_escape_string($pass);
if (db_num_rows($result) == 0) {
$result = db_query(
@ -1895,13 +1895,13 @@ class Pref_Feeds extends Handler_Protected {
'[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
}
function regenOPMLKey() {
$this->update_feed_access_key( 'OPML:Publish',
$this->update_feed_access_key('OPML:Publish',
false, $_SESSION["uid"]);
$new_link = Opml::opml_publish_url();
@ -1910,41 +1910,41 @@ class Pref_Feeds extends Handler_Protected {
}
function regenFeedKey() {
$feed_id = db_escape_string( $_REQUEST['id']);
$is_cat = db_escape_string( $_REQUEST['is_cat']) == "true";
$feed_id = db_escape_string($_REQUEST['id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
$new_key = $this->update_feed_access_key( $feed_id, $is_cat);
$new_key = $this->update_feed_access_key($feed_id, $is_cat);
print json_encode(array("link" => $new_key));
}
private function update_feed_access_key( $feed_id, $is_cat, $owner_uid = false) {
private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
$sql_is_cat = bool_to_sql_bool($is_cat);
$result = db_query( "SELECT access_key FROM ttrss_access_keys
$result = db_query("SELECT access_key FROM ttrss_access_keys
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid);
if (db_num_rows($result) == 1) {
$key = db_escape_string( sha1(uniqid(rand(), true)));
$key = db_escape_string(sha1(uniqid(rand(), true)));
db_query( "UPDATE ttrss_access_keys SET access_key = '$key'
db_query("UPDATE ttrss_access_keys SET access_key = '$key'
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid);
return $key;
} else {
return get_feed_access_key( $feed_id, $is_cat, $owner_uid);
return get_feed_access_key($feed_id, $is_cat, $owner_uid);
}
}
// Silent
function clearKeys() {
db_query( "DELETE FROM ttrss_access_keys WHERE
db_query("DELETE FROM ttrss_access_keys WHERE
owner_uid = " . $_SESSION["uid"]);
}

124
classes/pref/filters.php
View File

@ -9,7 +9,7 @@ class Pref_Filters extends Handler_Protected {
}
function filtersortreset() {
db_query( "UPDATE ttrss_filters2
db_query("UPDATE ttrss_filters2
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
@ -31,7 +31,7 @@ class Pref_Filters extends Handler_Protected {
if ($filter_id > 0) {
db_query( "UPDATE ttrss_filters2 SET
db_query("UPDATE ttrss_filters2 SET
order_id = $index WHERE id = '$filter_id' AND
owner_uid = " .$_SESSION["uid"]);
@ -49,13 +49,13 @@ class Pref_Filters extends Handler_Protected {
$filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string( $_REQUEST["match_any_rule"])));
checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])));
$filter["inverse"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string( $_REQUEST["inverse"])));
checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])));
$filter["rules"] = array();
$result = db_query( "SELECT id,name FROM ttrss_filter_types");
$result = db_query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
@ -83,9 +83,9 @@ class Pref_Filters extends Handler_Protected {
}
}
$feed_title = getFeedTitle( $feed);
$feed_title = getFeedTitle($feed);
$qfh_ret = queryFeedHeadlines( -4, 30, "", false, false, false,
$qfh_ret = queryFeedHeadlines(-4, 30, "", false, false, false,
"date_entered DESC", 0, $_SESSION["uid"], $filter);
$result = $qfh_ret[0];
@ -101,7 +101,7 @@ class Pref_Filters extends Handler_Protected {
while ($line = db_fetch_assoc($result)) {
$entry_timestamp = strtotime($line["updated"]);
$entry_tags = get_article_tags( $line["id"], $_SESSION["uid"]);
$entry_tags = get_article_tags($line["id"], $_SESSION["uid"]);
$content_preview = truncate_string(
strip_tags($line["content_preview"]), 100, '...');
@ -158,7 +158,7 @@ class Pref_Filters extends Handler_Protected {
$filter_search = $_SESSION["prefs_filter_search"];
$result = db_query( "SELECT *,
$result = db_query("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions
@ -206,8 +206,8 @@ class Pref_Filters extends Handler_Protected {
}
if ($line['action_id'] == 7) {
$label_result = db_query( "SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".db_escape_string( $line['action_param'])."' AND
$label_result = db_query("SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($label_result) > 0) {
@ -248,7 +248,7 @@ class Pref_Filters extends Handler_Protected {
function edit() {
$filter_id = db_escape_string( $_REQUEST["id"]);
$filter_id = db_escape_string($_REQUEST["id"]);
$result = db_query(
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
@ -294,7 +294,7 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Matches'>";
$rules_result = db_query( "SELECT * FROM ttrss_filters2_rules
$rules_result = db_query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
while ($line = db_fetch_assoc($rules_result)) {
@ -342,7 +342,7 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Actions'>";
$actions_result = db_query( "SELECT * FROM ttrss_filters2_actions
$actions_result = db_query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$filter_id' ORDER BY id");
while ($line = db_fetch_assoc($actions_result)) {
@ -417,17 +417,17 @@ class Pref_Filters extends Handler_Protected {
if (strpos($feed_id, "CAT:") === 0) {
$feed_id = (int) substr($feed_id, 4);
$feed = getCategoryTitle( $feed_id);
$feed = getCategoryTitle($feed_id);
} else {
$feed_id = (int) $feed_id;
if ($rule["feed_id"])
$feed = getFeedTitle( (int)$rule["feed_id"]);
$feed = getFeedTitle((int)$rule["feed_id"]);
else
$feed = __("All feeds");
}
$result = db_query( "SELECT description FROM ttrss_filter_types
$result = db_query("SELECT description FROM ttrss_filter_types
WHERE id = ".(int)$rule["filter_type"]);
$filter_type = db_fetch_result($result, 0, "description");
@ -440,7 +440,7 @@ class Pref_Filters extends Handler_Protected {
}
private function getActionName($action) {
$result = db_query( "SELECT description FROM
$result = db_query("SELECT description FROM
ttrss_filter_actions WHERE id = " .(int)$action["action_id"]);
$title = __(db_fetch_result($result, 0, "description"));
@ -463,13 +463,13 @@ class Pref_Filters extends Handler_Protected {
# print_r($_REQUEST);
$filter_id = db_escape_string( $_REQUEST["id"]);
$enabled = checkbox_to_sql_bool(db_escape_string( $_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool(db_escape_string( $_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool(db_escape_string( $_REQUEST["inverse"]));
$title = db_escape_string( $_REQUEST["title"]);
$filter_id = db_escape_string($_REQUEST["id"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
$title = db_escape_string($_REQUEST["title"]);
$result = db_query( "UPDATE ttrss_filters2 SET enabled = $enabled,
$result = db_query("UPDATE ttrss_filters2 SET enabled = $enabled,
match_any_rule = $match_any_rule,
inverse = $inverse,
title = '$title'
@ -482,17 +482,17 @@ class Pref_Filters extends Handler_Protected {
function remove() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query( "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
db_query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
}
}
private function saveRulesAndActions($filter_id) {
db_query( "DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
db_query( "DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
db_query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
db_query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
if ($filter_id) {
/* create rules */
@ -521,11 +521,11 @@ class Pref_Filters extends Handler_Protected {
foreach ($rules as $rule) {
if ($rule) {
$reg_exp = strip_tags(db_escape_string( trim($rule["reg_exp"])));
$reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"])));
$inverse = isset($rule["inverse"]) ? "true" : "false";
$filter_type = (int) db_escape_string( trim($rule["filter_type"]));
$feed_id = db_escape_string( trim($rule["feed_id"]));
$filter_type = (int) db_escape_string(trim($rule["filter_type"]));
$feed_id = db_escape_string(trim($rule["feed_id"]));
if (strpos($feed_id, "CAT:") === 0) {
@ -546,16 +546,16 @@ class Pref_Filters extends Handler_Protected {
(filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES
('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)";
db_query( $query);
db_query($query);
}
}
foreach ($actions as $action) {
if ($action) {
$action_id = (int) db_escape_string( $action["action_id"]);
$action_param = db_escape_string( $action["action_param"]);
$action_param_label = db_escape_string( $action["action_param_label"]);
$action_id = (int) db_escape_string($action["action_id"]);
$action_param = db_escape_string($action["action_param"]);
$action_param_label = db_escape_string($action["action_param_label"]);
if ($action_id == 7) {
$action_param = $action_param_label;
@ -569,7 +569,7 @@ class Pref_Filters extends Handler_Protected {
(filter_id, action_id, action_param) VALUES
('$filter_id', '$action_id', '$action_param')";
db_query( $query);
db_query($query);
}
}
}
@ -586,35 +586,35 @@ class Pref_Filters extends Handler_Protected {
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
$title = db_escape_string( $_REQUEST["title"]);
$title = db_escape_string($_REQUEST["title"]);
db_query( "BEGIN");
db_query("BEGIN");
/* create base filter */
$result = db_query( "INSERT INTO ttrss_filters2
$result = db_query("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title) VALUES
(".$_SESSION["uid"].",$match_any_rule,$enabled, '$title')");
$result = db_query( "SELECT MAX(id) AS id FROM ttrss_filters2
$result = db_query("SELECT MAX(id) AS id FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]);
$filter_id = db_fetch_result($result, 0, "id");
$this->saveRulesAndActions($filter_id);
db_query( "COMMIT");
db_query("COMMIT");
}
function index() {
$sort = db_escape_string( $_REQUEST["sort"]);
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
$filter_search = db_escape_string( $_REQUEST["search"]);
$filter_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@ -626,7 +626,7 @@ class Pref_Filters extends Handler_Protected {
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
$filter_search = db_escape_string( $_REQUEST["search"]);
$filter_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@ -832,7 +832,7 @@ class Pref_Filters extends Handler_Protected {
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
$result = db_query( "SELECT id,description
$result = db_query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array();
@ -864,7 +864,7 @@ class Pref_Filters extends Handler_Protected {
print __("in") . " ";
print "<span id='filterDlg_feeds'>";
print_feed_select( "feed_id",
print_feed_select("feed_id",
$cat_filter ? "CAT:$feed_id" : $feed_id,
'dojoType="dijit.form.FilteringSelect"');
print "</span>";
@ -888,7 +888,7 @@ class Pref_Filters extends Handler_Protected {
$action = json_decode($_REQUEST["action"], true);
if ($action) {
$action_param = db_escape_string( $action["action_param"]);
$action_param = db_escape_string($action["action_param"]);
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
@ -904,7 +904,7 @@ class Pref_Filters extends Handler_Protected {
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
$result = db_query( "SELECT id,description FROM ttrss_filter_actions
$result = db_query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
while ($line = db_fetch_assoc($result)) {
@ -928,7 +928,7 @@ class Pref_Filters extends Handler_Protected {
id=\"filterDlg_actionParam\" style=\"$param_hidden\"
name=\"action_param\" value=\"$action_param\">";
print_label_select( "action_param_label", $action_param,
print_label_select("action_param_label", $action_param,
"id=\"filterDlg_actionParamLabel\" style=\"$label_param_hidden\"
dojoType=\"dijit.form.Select\"");
@ -987,22 +987,22 @@ class Pref_Filters extends Handler_Protected {
}
function join() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
$ids_str = join(",", $ids);
db_query( "BEGIN");
db_query( "UPDATE ttrss_filters2_rules
db_query("BEGIN");
db_query("UPDATE ttrss_filters2_rules
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query( "UPDATE ttrss_filters2_actions
db_query("UPDATE ttrss_filters2_actions
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query( "DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
db_query( "UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
db_query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
db_query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
db_query( "COMMIT");
db_query("COMMIT");
$this->optimizeFilter($base_id);
@ -1010,8 +1010,8 @@ class Pref_Filters extends Handler_Protected {
}
private function optimizeFilter($id) {
db_query( "BEGIN");
$result = db_query( "SELECT * FROM ttrss_filters2_actions
db_query("BEGIN");
$result = db_query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$id'");
$tmp = array();
@ -1030,11 +1030,11 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
db_query( "DELETE FROM ttrss_filters2_actions
db_query("DELETE FROM ttrss_filters2_actions
WHERE id IN ($ids_str)");
}
$result = db_query( "SELECT * FROM ttrss_filters2_rules
$result = db_query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$id'");
$tmp = array();
@ -1053,11 +1053,11 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
db_query( "DELETE FROM ttrss_filters2_rules
db_query("DELETE FROM ttrss_filters2_rules
WHERE id IN ($ids_str)");
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
?>

66
classes/pref/labels.php
View File

@ -8,9 +8,9 @@ class Pref_Labels extends Handler_Protected {
}
function edit() {
$label_id = db_escape_string( $_REQUEST['id']);
$label_id = db_escape_string($_REQUEST['id']);
$result = db_query( "SELECT * FROM ttrss_labels2 WHERE
$result = db_query("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$line = db_fetch_assoc($result);
@ -90,7 +90,7 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels');
$root['items'] = array();
$result = db_query( "SELECT *
$result = db_query("SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
ORDER BY caption");
@ -118,29 +118,29 @@ class Pref_Labels extends Handler_Protected {
}
function colorset() {
$kind = db_escape_string( $_REQUEST["kind"]);
$ids = explode(',', db_escape_string( $_REQUEST["ids"]));
$color = db_escape_string( $_REQUEST["color"]);
$fg = db_escape_string( $_REQUEST["fg"]);
$bg = db_escape_string( $_REQUEST["bg"]);
$kind = db_escape_string($_REQUEST["kind"]);
$ids = explode(',', db_escape_string($_REQUEST["ids"]));
$color = db_escape_string($_REQUEST["color"]);
$fg = db_escape_string($_REQUEST["fg"]);
$bg = db_escape_string($_REQUEST["bg"]);
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
db_query( "UPDATE ttrss_labels2 SET
db_query("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query( "UPDATE ttrss_labels2 SET
db_query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
$caption = db_escape_string( label_find_caption($id, $_SESSION["uid"]));
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */
db_query( "UPDATE ttrss_user_entries SET label_cache = ''
db_query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
@ -149,18 +149,18 @@ class Pref_Labels extends Handler_Protected {
}
function colorreset() {
$ids = explode(',', db_escape_string( $_REQUEST["ids"]));
$ids = explode(',', db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query( "UPDATE ttrss_labels2 SET
db_query("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$caption = db_escape_string( label_find_caption($id, $_SESSION["uid"]));
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */
db_query( "UPDATE ttrss_user_entries SET label_cache = ''
db_query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
@ -168,31 +168,31 @@ class Pref_Labels extends Handler_Protected {
function save() {
$id = db_escape_string( $_REQUEST["id"]);
$caption = db_escape_string( trim($_REQUEST["caption"]));
$id = db_escape_string($_REQUEST["id"]);
$caption = db_escape_string(trim($_REQUEST["caption"]));
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT caption FROM ttrss_labels2
$result = db_query("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$old_caption = db_fetch_result($result, 0, "caption");
$result = db_query( "SELECT id FROM ttrss_labels2
$result = db_query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
if ($caption) {
$result = db_query( "UPDATE ttrss_labels2 SET
$result = db_query("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
/* Update filters that reference label being renamed */
$old_caption = db_escape_string( $old_caption);
$old_caption = db_escape_string($old_caption);
db_query( "UPDATE ttrss_filters2_actions SET
db_query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
@ -206,28 +206,28 @@ class Pref_Labels extends Handler_Protected {
}
}
db_query( "COMMIT");
db_query("COMMIT");
return;
}
function remove() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove( $id, $_SESSION["uid"]);
label_remove($id, $_SESSION["uid"]);
}
}
function add() {
$caption = db_escape_string( $_REQUEST["caption"]);
$output = db_escape_string( $_REQUEST["output"]);
$caption = db_escape_string($_REQUEST["caption"]);
$output = db_escape_string($_REQUEST["output"]);
if ($caption) {
if (label_create( $caption)) {
if (label_create($caption)) {
if (!$output) {
print T_sprintf("Created label <b>%s</b>", htmlspecialchars($caption));
}
@ -238,7 +238,7 @@ class Pref_Labels extends Handler_Protected {
print "<rpc-reply><payload>";
print_label_select( "select_label",
print_label_select("select_label",
$caption, "");
print "</payload></rpc-reply>";
@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected {
function index() {
$sort = db_escape_string( $_REQUEST["sort"]);
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
$label_search = db_escape_string( $_REQUEST["search"]);
$label_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;

54
classes/pref/prefs.php
View File

@ -103,13 +103,13 @@ class Pref_Prefs extends Handler_Protected {
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string( $pref_name);
$value = db_escape_string( $_POST[$pref_name]);
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref( 'DIGEST_PREFERRED_TIME') != $value) {
if (get_pref('DIGEST_PREFERRED_TIME') != $value) {
db_query( "UPDATE ttrss_users SET
db_query("UPDATE ttrss_users SET
last_digest_sent = NULL WHERE id = " . $_SESSION['uid']);
}
@ -124,7 +124,7 @@ class Pref_Prefs extends Handler_Protected {
$need_reload = true;
}
} else {
set_pref( $pref_name, $value);
set_pref($pref_name, $value);
}
}
@ -138,9 +138,9 @@ class Pref_Prefs extends Handler_Protected {
function getHelp() {
$pref_name = db_escape_string( $_REQUEST["pn"]);
$pref_name = db_escape_string($_REQUEST["pn"]);
$result = db_query( "SELECT help_text FROM ttrss_prefs
$result = db_query("SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
if (db_num_rows($result) > 0) {
@ -153,12 +153,12 @@ class Pref_Prefs extends Handler_Protected {
function changeemail() {
$email = db_escape_string( $_POST["email"]);
$full_name = db_escape_string( $_POST["full_name"]);
$email = db_escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
db_query( "UPDATE ttrss_users SET email = '$email',
db_query("UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved.");
@ -176,10 +176,10 @@ class Pref_Prefs extends Handler_Protected {
$profile_qpart = "profile IS NULL";
}
db_query( "DELETE FROM ttrss_user_prefs
db_query("DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs( $_SESSION["uid"], $_SESSION["profile"]);
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
echo __("Your preferences are now set to default values.");
}
@ -225,7 +225,7 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Personal data") . "</h2>";
$result = db_query( "SELECT email,full_name,otp_enabled,
$result = db_query("SELECT email,full_name,otp_enabled,
access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
@ -270,7 +270,7 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Password") . "</h2>";
$result = db_query( "SELECT id FROM ttrss_users
$result = db_query("SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
@ -480,10 +480,10 @@ class Pref_Prefs extends Handler_Protected {
}
if ($_SESSION["profile"]) {
initialize_user_prefs( $_SESSION["uid"], $_SESSION["profile"]);
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs( $_SESSION["uid"]);
initialize_user_prefs($_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
@ -494,7 +494,7 @@ class Pref_Prefs extends Handler_Protected {
$access_query = 'true';
$result = db_query( "SELECT DISTINCT
$result = db_query("SELECT DISTINCT
ttrss_user_prefs.pref_name,value,type_name,
ttrss_prefs_sections.order_id,
def_value,section_id
@ -767,7 +767,7 @@ class Pref_Prefs extends Handler_Protected {
<td width='10%'>".__('Author')."</td></tr>";
$system_enabled = array_map("trim", explode(",", PLUGINS));
$user_enabled = array_map("trim", explode(",", get_pref( "_ENABLED_PLUGINS")));
$user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS")));
$tmppluginhost = new PluginHost(Db::get());
$tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]);
@ -897,7 +897,7 @@ class Pref_Prefs extends Handler_Protected {
require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
$result = db_query( "SELECT login,salt,otp_enabled
$result = db_query("SELECT login,salt,otp_enabled
FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
@ -926,7 +926,7 @@ class Pref_Prefs extends Handler_Protected {
if ($authenticator->check_password($_SESSION["uid"], $password)) {
$result = db_query( "SELECT salt
$result = db_query("SELECT salt
FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
@ -938,7 +938,7 @@ class Pref_Prefs extends Handler_Protected {
$otp_check = $topt->now();
if ($otp == $otp_check) {
db_query( "UPDATE ttrss_users SET otp_enabled = true WHERE
db_query("UPDATE ttrss_users SET otp_enabled = true WHERE
id = " . $_SESSION["uid"]);
print "OK";
@ -952,14 +952,14 @@ class Pref_Prefs extends Handler_Protected {
}
function otpdisable() {
$password = db_escape_string( $_REQUEST["password"]);
$password = db_escape_string($_REQUEST["password"]);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
db_query( "UPDATE ttrss_users SET otp_enabled = false WHERE
db_query("UPDATE ttrss_users SET otp_enabled = false WHERE
id = " . $_SESSION["uid"]);
print "OK";
@ -975,18 +975,18 @@ class Pref_Prefs extends Handler_Protected {
else
$plugins = "";
set_pref( "_ENABLED_PLUGINS", $plugins);
set_pref("_ENABLED_PLUGINS", $plugins);
}
function clearplugindata() {
$name = db_escape_string( $_REQUEST["name"]);
$name = db_escape_string($_REQUEST["name"]);
global $pluginhost;
$pluginhost->clear_data($pluginhost->get_plugin($name));
}
function customizeCSS() {
$value = get_pref( "USER_STYLESHEET");
$value = get_pref("USER_STYLESHEET");
$value = str_replace("<br/>", "\n", $value);
@ -1034,7 +1034,7 @@ class Pref_Prefs extends Handler_Protected {
print "</div>";
$result = db_query( "SELECT title,id FROM ttrss_settings_profiles
$result = db_query("SELECT title,id FROM ttrss_settings_profiles
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
print "<div class=\"prefProfileHolder\">";

2
classes/pref/system.php
View File

@ -24,7 +24,7 @@ class Pref_System extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Error Log')."\">";
$result = db_query( "SELECT errno, errstr, filename, lineno,
$result = db_query("SELECT errno, errstr, filename, lineno,
created_at, login FROM ttrss_error_log
LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id)
ORDER BY ttrss_error_log.id DESC

50
classes/pref/users.php
View File

@ -21,7 +21,7 @@ class Pref_Users extends Handler_Protected {
$uid = sprintf("%d", $_REQUEST["id"]);
$result = db_query( "SELECT login,
$result = db_query("SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries
@ -53,7 +53,7 @@ class Pref_Users extends Handler_Protected {
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
$result = db_query( "SELECT COUNT(id) as num_feeds FROM ttrss_feeds
$result = db_query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
WHERE owner_uid = '$uid'");
$num_feeds = db_fetch_result($result, 0, "num_feeds");
@ -64,7 +64,7 @@ class Pref_Users extends Handler_Protected {
print "<h1>".__('Subscribed feeds')."</h1>";
$result = db_query( "SELECT id,title,site_url FROM ttrss_feeds
$result = db_query("SELECT id,title,site_url FROM ttrss_feeds
WHERE owner_uid = '$uid' ORDER BY title");
print "<ul class=\"userFeedList\">";
@ -105,14 +105,14 @@ class Pref_Users extends Handler_Protected {
function edit() {
global $access_level_names;
$id = db_escape_string( $_REQUEST["id"]);
$id = db_escape_string($_REQUEST["id"]);
print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
$result = db_query( "SELECT * FROM ttrss_users WHERE id = '$id'");
$result = db_query("SELECT * FROM ttrss_users WHERE id = '$id'");
$login = db_fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level");
@ -181,10 +181,10 @@ class Pref_Users extends Handler_Protected {
}
function editSave() {
$login = db_escape_string( trim($_REQUEST["login"]));
$uid = db_escape_string( $_REQUEST["id"]);
$login = db_escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string( trim($_REQUEST["email"]));
$email = db_escape_string(trim($_REQUEST["email"]));
$password = $_REQUEST["password"];
if ($password) {
@ -195,42 +195,42 @@ class Pref_Users extends Handler_Protected {
$pass_query_part = "";
}
db_query( "UPDATE ttrss_users SET $pass_query_part login = '$login',
db_query("UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email', otp_enabled = false
WHERE id = '$uid'");
}
function remove() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
db_query( "DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query( "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query( "DELETE FROM ttrss_users WHERE id = '$id'");
db_query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_users WHERE id = '$id'");
}
}
}
function add() {
$login = db_escape_string( trim($_REQUEST["login"]));
$login = db_escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
$result = db_query( "SELECT id FROM ttrss_users WHERE
$result = db_query("SELECT id FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_users
db_query("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt)
VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
$result = db_query( "SELECT id FROM ttrss_users WHERE
$result = db_query("SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) {
@ -240,7 +240,7 @@ class Pref_Users extends Handler_Protected {
print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd));
initialize_user( $new_uid);
initialize_user($new_uid);
} else {
@ -304,8 +304,8 @@ class Pref_Users extends Handler_Protected {
}
function resetPass() {
$uid = db_escape_string( $_REQUEST["id"]);
Pref_Users::resetUserPassword( $uid, true);
$uid = db_escape_string($_REQUEST["id"]);
Pref_Users::resetUserPassword($uid, true);
}
function index() {
@ -317,7 +317,7 @@ class Pref_Users extends Handler_Protected {
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
$user_search = db_escape_string( $_REQUEST["search"]);
$user_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
@ -332,7 +332,7 @@ class Pref_Users extends Handler_Protected {
__('Search')."</button>
</div>";
$sort = db_escape_string( $_REQUEST["sort"]);
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
@ -381,7 +381,7 @@ class Pref_Users extends Handler_Protected {
$user_search_query = "";
}
$result = db_query( "SELECT
$result = db_query("SELECT
id,login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
".SUBSTRING_FOR_DATE."(created,1,16) as created
@ -416,8 +416,8 @@ class Pref_Users extends Handler_Protected {
$line["login"] = htmlspecialchars($line["login"]);
$line["created"] = make_local_datetime( $line["created"], false);
$line["last_login"] = make_local_datetime( $line["last_login"], false);
$line["created"] = make_local_datetime($line["created"], false);
$line["last_login"] = make_local_datetime($line["last_login"], false);
print "<td align='center'><input onclick='toggleSelectRow2(this);'
dojoType=\"dijit.form.CheckBox\" type=\"checkbox\"

204
classes/rpc.php
View File

@ -8,18 +8,18 @@ class RPC extends Handler_Protected {
}
function setprofile() {
$id = db_escape_string( $_REQUEST["id"]);
$id = db_escape_string($_REQUEST["id"]);
$_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array();
}
function remprofiles() {
$ids = explode(",", db_escape_string( trim($_REQUEST["ids"])));
$ids = explode(",", db_escape_string(trim($_REQUEST["ids"])));
foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) {
db_query( "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
db_query("DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
}
}
@ -27,38 +27,38 @@ class RPC extends Handler_Protected {
// Silent
function addprofile() {
$title = db_escape_string( trim($_REQUEST["title"]));
$title = db_escape_string(trim($_REQUEST["title"]));
if ($title) {
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT id FROM ttrss_settings_profiles
$result = db_query("SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_settings_profiles (title, owner_uid)
db_query("INSERT INTO ttrss_settings_profiles (title, owner_uid)
VALUES ('$title', ".$_SESSION["uid"] .")");
$result = db_query( "SELECT id FROM ttrss_settings_profiles WHERE
$result = db_query("SELECT id FROM ttrss_settings_profiles WHERE
title = '$title'");
if (db_num_rows($result) != 0) {
$profile_id = db_fetch_result($result, 0, "id");
if ($profile_id) {
initialize_user_prefs( $_SESSION["uid"], $profile_id);
initialize_user_prefs($_SESSION["uid"], $profile_id);
}
}
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
// Silent
function saveprofile() {
$id = db_escape_string( $_REQUEST["id"]);
$title = db_escape_string( trim($_REQUEST["value"]));
$id = db_escape_string($_REQUEST["id"]);
$title = db_escape_string(trim($_REQUEST["value"]));
if ($id == 0) {
print __("Default profile");
@ -66,55 +66,55 @@ class RPC extends Handler_Protected {
}
if ($title) {
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT id FROM ttrss_settings_profiles
$result = db_query("SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query( "UPDATE ttrss_settings_profiles
db_query("UPDATE ttrss_settings_profiles
SET title = '$title' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
print $title;
} else {
$result = db_query( "SELECT title FROM ttrss_settings_profiles
$result = db_query("SELECT title FROM ttrss_settings_profiles
WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
print db_fetch_result($result, 0, "title");
}
db_query( "COMMIT");
db_query("COMMIT");
}
}
// Silent
function remarchive() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$result = db_query( "DELETE FROM ttrss_archived_feeds WHERE
$result = db_query("DELETE FROM ttrss_archived_feeds WHERE
(SELECT COUNT(*) FROM ttrss_user_entries
WHERE orig_feed_id = '$id') = 0 AND
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
$rc = db_affected_rows( $result);
$rc = db_affected_rows($result);
}
}
function addfeed() {
$feed = db_escape_string( $_REQUEST['feed']);
$cat = db_escape_string( $_REQUEST['cat']);
$login = db_escape_string( $_REQUEST['login']);
$feed = db_escape_string($_REQUEST['feed']);
$cat = db_escape_string($_REQUEST['cat']);
$login = db_escape_string($_REQUEST['login']);
$pass = trim($_REQUEST['pass']); // escaped later
$rc = subscribe_to_feed( $feed, $cat, $login, $pass);
$rc = subscribe_to_feed($feed, $cat, $login, $pass);
print json_encode(array("result" => $rc));
}
function togglepref() {
$key = db_escape_string( $_REQUEST["key"]);
set_pref( $key, !get_pref( $key));
$value = get_pref( $key);
$key = db_escape_string($_REQUEST["key"]);
set_pref($key, !get_pref($key));
$value = get_pref($key);
print json_encode(array("param" =>$key, "value" => $value));
}
@ -124,14 +124,14 @@ class RPC extends Handler_Protected {
$key = $_REQUEST['key'];
$value = str_replace("\n", "<br/>", $_REQUEST['value']);
set_pref( $key, $value, $_SESSION['uid'], $key != 'USER_STYLESHEET');
set_pref($key, $value, $_SESSION['uid'], $key != 'USER_STYLESHEET');
print json_encode(array("param" =>$key, "value" => $value));
}
function mark() {
$mark = $_REQUEST["mark"];
$id = db_escape_string( $_REQUEST["id"]);
$id = db_escape_string($_REQUEST["id"]);
if ($mark == "1") {
$mark = "true";
@ -139,7 +139,7 @@ class RPC extends Handler_Protected {
$mark = "false";
}
$result = db_query( "UPDATE ttrss_user_entries SET marked = $mark,
$result = db_query("UPDATE ttrss_user_entries SET marked = $mark,
last_marked = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
@ -147,9 +147,9 @@ class RPC extends Handler_Protected {
}
function delete() {
$ids = db_escape_string( $_REQUEST["ids"]);
$ids = db_escape_string($_REQUEST["ids"]);
$result = db_query( "DELETE FROM ttrss_user_entries
$result = db_query("DELETE FROM ttrss_user_entries
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
purge_orphans();
@ -161,19 +161,19 @@ class RPC extends Handler_Protected {
$ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
$id = db_escape_string( trim($id));
db_query( "BEGIN");
$id = db_escape_string(trim($id));
db_query("BEGIN");
$result = db_query( "SELECT feed_url,site_url,title FROM ttrss_archived_feeds
$result = db_query("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = $id
AND owner_uid = ".$_SESSION["uid"].")");
if (db_num_rows($result) != 0) {
$feed_url = db_escape_string( db_fetch_result($result, 0, "feed_url"));
$site_url = db_escape_string( db_fetch_result($result, 0, "site_url"));
$title = db_escape_string( db_fetch_result($result, 0, "title"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title"));
$result = db_query( "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
$result = db_query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
AND owner_uid = " .$_SESSION["uid"]);
if (db_num_rows($result) == 0) {
@ -202,32 +202,32 @@ class RPC extends Handler_Protected {
}
if ($feed_id) {
$result = db_query( "UPDATE ttrss_user_entries
$result = db_query("UPDATE ttrss_user_entries
SET feed_id = '$feed_id', orig_feed_id = NULL
WHERE ref_id = $id AND owner_uid = " . $_SESSION["uid"]);
}
}
db_query( "COMMIT");
db_query("COMMIT");
}
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function archive() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->archive_article( $id, $_SESSION["uid"]);
$this->archive_article($id, $_SESSION["uid"]);
}
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
private function archive_article( $id, $owner_uid) {
db_query( "BEGIN");
private function archive_article($id, $owner_uid) {
db_query("BEGIN");
$result = db_query( "SELECT feed_id FROM ttrss_user_entries
$result = db_query("SELECT feed_id FROM ttrss_user_entries
WHERE ref_id = '$id' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
@ -237,29 +237,29 @@ class RPC extends Handler_Protected {
$feed_id = (int) db_fetch_result($result, 0, "feed_id");
if ($feed_id) {
$result = db_query( "SELECT id FROM ttrss_archived_feeds
$result = db_query("SELECT id FROM ttrss_archived_feeds
WHERE id = '$feed_id'");
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_archived_feeds
db_query("INSERT INTO ttrss_archived_feeds
(id, owner_uid, title, feed_url, site_url)
SELECT id, owner_uid, title, feed_url, site_url from ttrss_feeds
WHERE id = '$feed_id'");
}
db_query( "UPDATE ttrss_user_entries
db_query("UPDATE ttrss_user_entries
SET orig_feed_id = feed_id, feed_id = NULL
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
}
}
db_query( "COMMIT");
db_query("COMMIT");
}
function publ() {
$pub = $_REQUEST["pub"];
$id = db_escape_string( $_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string( $_REQUEST["note"])));
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
if ($pub == "1") {
$pub = "true";
@ -267,7 +267,7 @@ class RPC extends Handler_Protected {
$pub = "false";
}
$result = db_query( "UPDATE ttrss_user_entries SET
$result = db_query("UPDATE ttrss_user_entries SET
published = $pub, last_published = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
@ -276,7 +276,7 @@ class RPC extends Handler_Protected {
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key( -2, false);
get_feed_access_key(-2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
@ -305,28 +305,28 @@ class RPC extends Handler_Protected {
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
function catchupSelected() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById( $ids, $cmode);
catchupArticlesById($ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS", "ids" => $ids));
}
function markSelected() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->markArticlesById( $ids, $cmode);
$this->markArticlesById($ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function publishSelected() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->publishArticlesById( $ids, $cmode);
$this->publishArticlesById($ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
@ -349,9 +349,9 @@ class RPC extends Handler_Protected {
}
function completeLabels() {
$search = db_escape_string( $_REQUEST["search"]);
$search = db_escape_string($_REQUEST["search"]);
$result = db_query( "SELECT DISTINCT caption FROM
$result = db_query("SELECT DISTINCT caption FROM
ttrss_labels2
WHERE owner_uid = '".$_SESSION["uid"]."' AND
LOWER(caption) LIKE LOWER('$search%') ORDER BY caption
@ -365,29 +365,29 @@ class RPC extends Handler_Protected {
}
function purge() {
$ids = explode(",", db_escape_string( $_REQUEST["ids"]));
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$days = sprintf("%d", $_REQUEST["days"]);
foreach ($ids as $id) {
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) == 1) {
purge_feed( $id, $days);
purge_feed($id, $days);
}
}
}
function updateFeedBrowser() {
$search = db_escape_string( $_REQUEST["search"]);
$limit = db_escape_string( $_REQUEST["limit"]);
$mode = (int) db_escape_string( $_REQUEST["mode"]);
$search = db_escape_string($_REQUEST["search"]);
$limit = db_escape_string($_REQUEST["limit"]);
$mode = (int) db_escape_string($_REQUEST["mode"]);
require_once "feedbrowser.php";
print json_encode(array("content" =>
make_feed_browser( $search, $limit, $mode),
make_feed_browser($search, $limit, $mode),
"mode" => $mode));
}
@ -402,14 +402,14 @@ class RPC extends Handler_Protected {
if ($mode == 1) {
foreach ($payload as $feed) {
$title = db_escape_string( $feed[0]);
$feed_url = db_escape_string( $feed[1]);
$title = db_escape_string($feed[0]);
$feed_url = db_escape_string($feed[1]);
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query( "INSERT INTO ttrss_feeds
$result = db_query("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '')");
@ -418,19 +418,19 @@ class RPC extends Handler_Protected {
} else if ($mode == 2) {
// feed archive
foreach ($payload as $id) {
$result = db_query( "SELECT * FROM ttrss_archived_feeds
$result = db_query("SELECT * FROM ttrss_archived_feeds
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$site_url = db_escape_string( db_fetch_result($result, 0, "site_url"));
$feed_url = db_escape_string( db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string( db_fetch_result($result, 0, "title"));
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title"));
$result = db_query( "SELECT id FROM ttrss_feeds WHERE
$result = db_query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query( "INSERT INTO ttrss_feeds
$result = db_query("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('$id','".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '$site_url')");
@ -441,21 +441,21 @@ class RPC extends Handler_Protected {
}
function catchupFeed() {
$feed_id = db_escape_string( $_REQUEST['feed_id']);
$is_cat = db_escape_string( $_REQUEST['is_cat']) == "true";
$mode = db_escape_string( $_REQUEST['mode']);
$feed_id = db_escape_string($_REQUEST['feed_id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
$mode = db_escape_string($_REQUEST['mode']);
catchup_feed( $feed_id, $is_cat, false, false, $mode);
catchup_feed($feed_id, $is_cat, false, false, $mode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function quickAddCat() {
$cat = db_escape_string( $_REQUEST["cat"]);
$cat = db_escape_string($_REQUEST["cat"]);
add_feed_category( $cat);
add_feed_category($cat);
$result = db_query( "SELECT id FROM ttrss_feed_categories WHERE
$result = db_query("SELECT id FROM ttrss_feed_categories WHERE
title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 1) {
@ -464,12 +464,12 @@ class RPC extends Handler_Protected {
$id = 0;
}
print_feed_cat_select( "cat_id", $id);
print_feed_cat_select("cat_id", $id);
}
// Silent
function clearArticleKeys() {
db_query( "UPDATE ttrss_user_entries SET uuid = '' WHERE
db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE
owner_uid = " . $_SESSION["uid"]);
return;
@ -516,7 +516,7 @@ class RPC extends Handler_Protected {
$random_qpart = sql_random_function();
// We search for feed needing update.
$result = db_query( "SELECT ttrss_feeds.feed_url,ttrss_feeds.id
$result = db_query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
FROM
ttrss_feeds, ttrss_users, ttrss_user_prefs
WHERE
@ -539,7 +539,7 @@ class RPC extends Handler_Protected {
$feed_id = $line["id"];
if (time() - $tstart < ini_get("max_execution_time") * 0.7) {
update_rss_feed( $feed_id, true);
update_rss_feed($feed_id, true);
++$num_updated;
} else {
break;
@ -548,7 +548,7 @@ class RPC extends Handler_Protected {
// Purge orphans and cleanup tags
purge_orphans();
cleanup_tags( 14, 50000);
cleanup_tags(14, 50000);
if ($num_updated > 0) {
print json_encode(array("message" => "UPDATE_COUNTERS",
@ -559,7 +559,7 @@ class RPC extends Handler_Protected {
}
private function markArticlesById( $ids, $cmode) {
private function markArticlesById($ids, $cmode) {
$tmp_ids = array();
@ -570,21 +570,21 @@ class RPC extends Handler_Protected {
$ids_qpart = join(" OR ", $tmp_ids);
if ($cmode == 0) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
marked = false, last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
marked = true, last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
marked = NOT marked,last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
}
}
private function publishArticlesById( $ids, $cmode) {
private function publishArticlesById($ids, $cmode) {
$tmp_ids = array();
@ -595,15 +595,15 @@ class RPC extends Handler_Protected {
$ids_qpart = join(" OR ", $tmp_ids);
if ($cmode == 0) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
published = false,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
published = true,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
published = NOT published,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
}
@ -611,7 +611,7 @@ class RPC extends Handler_Protected {
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key( -2, false);
get_feed_access_key(-2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
@ -620,9 +620,9 @@ class RPC extends Handler_Protected {
}
function getlinktitlebyid() {
$id = db_escape_string( $_REQUEST['id']);
$id = db_escape_string($_REQUEST['id']);
$result = db_query( "SELECT link, title FROM ttrss_entries, ttrss_user_entries
$result = db_query("SELECT link, title FROM ttrss_entries, ttrss_user_entries
WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {

4
classes/sessionhandler.php
View File

@ -46,14 +46,14 @@ class SessionHandler implements SessionHandlerInterface {
return false;
}
$data = $this->db->escape_string( base64_encode($data), false);
$data = $this->db->escape_string(base64_encode($data), false);
$expire = time() + max(SESSION_COOKIE_LIFETIME, 86400);
$query = "UPDATE ttrss_sessions SET data='$data',
expire = '$expire' WHERE id='$id'";
$this->db->query( $query);
$this->db->query($query);
return true;
}

78
include/ccache.php
View File

@ -1,19 +1,19 @@
<?php
/* function ccache_zero( $feed_id, $owner_uid) {
db_query( "UPDATE ttrss_counters_cache SET
/* function ccache_zero($feed_id, $owner_uid) {
db_query("UPDATE ttrss_counters_cache SET
value = 0, updated = NOW() WHERE
feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
} */
function ccache_zero_all( $owner_uid) {
db_query( "UPDATE ttrss_counters_cache SET
function ccache_zero_all($owner_uid) {
db_query("UPDATE ttrss_counters_cache SET
value = 0 WHERE owner_uid = '$owner_uid'");
db_query( "UPDATE ttrss_cat_counters_cache SET
db_query("UPDATE ttrss_cat_counters_cache SET
value = 0 WHERE owner_uid = '$owner_uid'");
}
function ccache_remove( $feed_id, $owner_uid, $is_cat = false) {
function ccache_remove($feed_id, $owner_uid, $is_cat = false) {
if (!$is_cat) {
$table = "ttrss_counters_cache";
@ -21,39 +21,39 @@
$table = "ttrss_cat_counters_cache";
}
db_query( "DELETE FROM $table WHERE
db_query("DELETE FROM $table WHERE
feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
}
function ccache_update_all( $owner_uid) {
function ccache_update_all($owner_uid) {
if (get_pref( 'ENABLE_FEED_CATS', $owner_uid)) {
if (get_pref('ENABLE_FEED_CATS', $owner_uid)) {
$result = db_query( "SELECT feed_id FROM ttrss_cat_counters_cache
$result = db_query("SELECT feed_id FROM ttrss_cat_counters_cache
WHERE feed_id > 0 AND owner_uid = '$owner_uid'");
while ($line = db_fetch_assoc($result)) {
ccache_update( $line["feed_id"], $owner_uid, true);
ccache_update($line["feed_id"], $owner_uid, true);
}
/* We have to manually include category 0 */
ccache_update( 0, $owner_uid, true);
ccache_update(0, $owner_uid, true);
} else {
$result = db_query( "SELECT feed_id FROM ttrss_counters_cache
$result = db_query("SELECT feed_id FROM ttrss_counters_cache
WHERE feed_id > 0 AND owner_uid = '$owner_uid'");
while ($line = db_fetch_assoc($result)) {
print ccache_update( $line["feed_id"], $owner_uid);
print ccache_update($line["feed_id"], $owner_uid);
}
}
}
function ccache_find( $feed_id, $owner_uid, $is_cat = false,
function ccache_find($feed_id, $owner_uid, $is_cat = false,
$no_update = false) {
if (!is_numeric($feed_id)) return;
@ -61,7 +61,7 @@
if (!$is_cat) {
$table = "ttrss_counters_cache";
/* if ($feed_id > 0) {
$tmp_result = db_query( "SELECT owner_uid FROM ttrss_feeds
$tmp_result = db_query("SELECT owner_uid FROM ttrss_feeds
WHERE id = '$feed_id'");
$owner_uid = db_fetch_result($tmp_result, 0, "owner_uid");
} */
@ -75,7 +75,7 @@
$date_qpart = "updated > DATE_SUB(NOW(), INTERVAL 15 MINUTE)";
}
$result = db_query( "SELECT value FROM $table
$result = db_query("SELECT value FROM $table
WHERE owner_uid = '$owner_uid' AND feed_id = '$feed_id'
LIMIT 1");
@ -85,30 +85,30 @@
if ($no_update) {
return -1;
} else {
return ccache_update( $feed_id, $owner_uid, $is_cat);
return ccache_update($feed_id, $owner_uid, $is_cat);
}
}
}
function ccache_update( $feed_id, $owner_uid, $is_cat = false,
function ccache_update($feed_id, $owner_uid, $is_cat = false,
$update_pcat = true) {
if (!is_numeric($feed_id)) return;
/* if (!$is_cat && $feed_id > 0) {
$tmp_result = db_query( "SELECT owner_uid FROM ttrss_feeds
$tmp_result = db_query("SELECT owner_uid FROM ttrss_feeds
WHERE id = '$feed_id'");
$owner_uid = db_fetch_result($tmp_result, 0, "owner_uid");
} */
$prev_unread = ccache_find( $feed_id, $owner_uid, $is_cat, true);
$prev_unread = ccache_find($feed_id, $owner_uid, $is_cat, true);
/* When updating a label, all we need to do is recalculate feed counters
* because labels are not cached */
if ($feed_id < 0) {
ccache_update_all( $owner_uid);
ccache_update_all($owner_uid);
return;
}
@ -127,14 +127,14 @@
/* Recalculate counters for child feeds */
$result = db_query( "SELECT id FROM ttrss_feeds
$result = db_query("SELECT id FROM ttrss_feeds
WHERE owner_uid = '$owner_uid' AND $cat_qpart");
while ($line = db_fetch_assoc($result)) {
ccache_update( $line["id"], $owner_uid, false, false);
ccache_update($line["id"], $owner_uid, false, false);
}
$result = db_query( "SELECT SUM(value) AS sv
$result = db_query("SELECT SUM(value) AS sv
FROM ttrss_counters_cache, ttrss_feeds
WHERE id = feed_id AND $cat_qpart AND
ttrss_feeds.owner_uid = '$owner_uid'");
@ -142,27 +142,27 @@
$unread = (int) db_fetch_result($result, 0, "sv");
} else {
$unread = (int) getFeedArticles( $feed_id, $is_cat, true, $owner_uid);
$unread = (int) getFeedArticles($feed_id, $is_cat, true, $owner_uid);
}
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT feed_id FROM $table
$result = db_query("SELECT feed_id FROM $table
WHERE owner_uid = '$owner_uid' AND feed_id = '$feed_id' LIMIT 1");
if (db_num_rows($result) == 1) {
db_query( "UPDATE $table SET
db_query("UPDATE $table SET
value = '$unread', updated = NOW() WHERE
feed_id = '$feed_id' AND owner_uid = '$owner_uid'");
} else {
db_query( "INSERT INTO $table
db_query("INSERT INTO $table
(feed_id, value, owner_uid, updated)
VALUES
($feed_id, $unread, $owner_uid, NOW())");
}
db_query( "COMMIT");
db_query("COMMIT");
if ($feed_id > 0 && $prev_unread != $unread) {
@ -172,36 +172,36 @@
if ($update_pcat) {
$result = db_query( "SELECT cat_id FROM ttrss_feeds
$result = db_query("SELECT cat_id FROM ttrss_feeds
WHERE owner_uid = '$owner_uid' AND id = '$feed_id'");
$cat_id = (int) db_fetch_result($result, 0, "cat_id");
ccache_update( $cat_id, $owner_uid, true);
ccache_update($cat_id, $owner_uid, true);
}
}
} else if ($feed_id < 0) {
ccache_update_all( $owner_uid);
ccache_update_all($owner_uid);
}
return $unread;
}
/* function ccache_cleanup( $owner_uid) {
/* function ccache_cleanup($owner_uid) {
if (DB_TYPE == "pgsql") {
db_query( "DELETE FROM ttrss_counters_cache AS c1 WHERE
db_query("DELETE FROM ttrss_counters_cache AS c1 WHERE
(SELECT count(*) FROM ttrss_counters_cache AS c2
WHERE c1.feed_id = c2.feed_id AND c2.owner_uid = c1.owner_uid) > 1
AND owner_uid = '$owner_uid'");
db_query( "DELETE FROM ttrss_cat_counters_cache AS c1 WHERE
db_query("DELETE FROM ttrss_cat_counters_cache AS c1 WHERE
(SELECT count(*) FROM ttrss_cat_counters_cache AS c2
WHERE c1.feed_id = c2.feed_id AND c2.owner_uid = c1.owner_uid) > 1
AND owner_uid = '$owner_uid'");
} else {
db_query( "DELETE c1 FROM
db_query("DELETE c1 FROM
ttrss_counters_cache AS c1,
ttrss_counters_cache AS c2
WHERE
@ -209,7 +209,7 @@
c1.owner_uid = c2.owner_uid AND
c1.feed_id = c2.feed_id");
db_query( "DELETE c1 FROM
db_query("DELETE c1 FROM
ttrss_cat_counters_cache AS c1,
ttrss_cat_counters_cache AS c2
WHERE

18
include/colors.php
View File

@ -237,13 +237,13 @@ function rgb2hsl($arr) {
} else {
$s = $del_Max / $var_Max;
$del_R = ( ( ( $max - $var_R ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;
$del_G = ( ( ( $max - $var_G ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;
$del_B = ( ( ( $max - $var_B ) / 6 ) + ( $del_Max / 2 ) ) / $del_Max;
$del_R = ((($max - $var_R ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_G = ((($max - $var_G ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
$del_B = ((($max - $var_B ) / 6 ) + ($del_Max / 2 ) ) / $del_Max;
if ($var_R == $var_Max) $h = $del_B - $del_G;
else if ($var_G == $var_Max) $h = ( 1 / 3 ) + $del_R - $del_B;
else if ($var_B == $var_Max) $h = ( 2 / 3 ) + $del_G - $del_R;
else if ($var_G == $var_Max) $h = (1 / 3 ) + $del_R - $del_B;
else if ($var_B == $var_Max) $h = (2 / 3 ) + $del_G - $del_R;
if ($H < 0) $h++;
if ($H > 1) $h--;
@ -261,10 +261,10 @@ function hsl2rgb($arr) {
$r = $g = $B = $v * 255;
} else {
$var_H = $h * 6;
$var_i = floor( $var_H );
$var_1 = $v * ( 1 - $s );
$var_2 = $v * ( 1 - $s * ( $var_H - $var_i ) );
$var_3 = $v * ( 1 - $s * (1 - ( $var_H - $var_i ) ) );
$var_i = floor($var_H );
$var_1 = $v * (1 - $s );
$var_2 = $v * (1 - $s * ($var_H - $var_i ) );
$var_3 = $v * (1 - $s * (1 - ($var_H - $var_i ) ) );
if ($var_i == 0) { $var_R = $v ; $var_G = $var_3 ; $var_B = $var_1 ; }
else if ($var_i == 1) { $var_R = $var_2 ; $var_G = $v ; $var_B = $var_1 ; }

18
include/db-prefs.php
View File

@ -21,7 +21,7 @@
if (get_schema_version() < 63) $profile_qpart = "";
$result = db_query( "SELECT
$result = db_query("SELECT
value,ttrss_prefs_types.type_name as type_name,ttrss_prefs.pref_name AS pref_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
@ -42,9 +42,9 @@
}
}
function get_pref( $pref_name, $user_id = false, $die_on_error = false) {
function get_pref($pref_name, $user_id = false, $die_on_error = false) {
$pref_name = db_escape_string( $pref_name);
$pref_name = db_escape_string($pref_name);
$prefs_cache = true;
$profile = false;
@ -71,7 +71,7 @@
if (get_schema_version() < 63) $profile_qpart = "";
$result = db_query( "SELECT
$result = db_query("SELECT
value,ttrss_prefs_types.type_name as type_name
FROM
ttrss_user_prefs,ttrss_prefs,ttrss_prefs_types
@ -114,9 +114,9 @@
}
}
function set_pref( $pref_name, $value, $user_id = false, $strip_tags = true) {
$pref_name = db_escape_string( $pref_name);
$value = db_escape_string( $value, $strip_tags);
function set_pref($pref_name, $value, $user_id = false, $strip_tags = true) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($value, $strip_tags);
if (!$user_id) {
$user_id = $_SESSION["uid"];
@ -145,7 +145,7 @@
}
if (!$type_name) {
$result = db_query( "SELECT type_name
$result = db_query("SELECT type_name
FROM ttrss_prefs,ttrss_prefs_types
WHERE pref_name = '$pref_name' AND type_id = ttrss_prefs_types.id");
@ -170,7 +170,7 @@
$value = 'UTC';
}
db_query( "UPDATE ttrss_user_prefs SET
db_query("UPDATE ttrss_user_prefs SET
value = '$value' WHERE pref_name = '$pref_name'
$profile_qpart
AND owner_uid = " . $_SESSION["uid"]);

6
include/db.php
View File

@ -1,10 +1,10 @@
<?php
function db_escape_string( $s, $strip_tags = true) {
function db_escape_string($s, $strip_tags = true) {
return Db::get()->escape_string($s, $strip_tags);
}
function db_query( $query, $die_on_error = true) {
function db_query($query, $die_on_error = true) {
return Db::get()->query($query, $die_on_error);
}
@ -21,7 +21,7 @@ function db_fetch_result($result, $row, $param) {
return Db::get()->fetch_result($result, $row, $param);
}
function db_affected_rows( $result) {
function db_affected_rows($result) {
return Db::get()->affected_rows($result);
}

26
include/digest.php
View File

@ -6,7 +6,7 @@
* @param integer $limit The maximum number of articles by digest.
* @return boolean Return false if digests are not enabled.
*/
function send_headlines_digests( $debug = false) {
function send_headlines_digests($debug = false) {
require_once 'classes/ttrssmailer.php';
@ -21,13 +21,13 @@
$interval_query = "last_digest_sent < DATE_SUB(NOW(), INTERVAL 1 DAY)";
}
$result = db_query( "SELECT id,email FROM ttrss_users
$result = db_query("SELECT id,email FROM ttrss_users
WHERE email != '' AND (last_digest_sent IS NULL OR $interval_query)");
while ($line = db_fetch_assoc($result)) {
if (get_pref( 'DIGEST_ENABLE', $line['id'], false)) {
$preferred_ts = strtotime(get_pref( 'DIGEST_PREFERRED_TIME', $line['id'], '00:00'));
if (get_pref('DIGEST_ENABLE', $line['id'], false)) {
$preferred_ts = strtotime(get_pref('DIGEST_PREFERRED_TIME', $line['id'], '00:00'));
// try to send digests within 2 hours of preferred time
if ($preferred_ts && time() >= $preferred_ts &&
@ -35,14 +35,14 @@
if ($debug) _debug("Sending digest for UID:" . $line['id'] . " - " . $line["email"]);
$do_catchup = get_pref( 'DIGEST_CATCHUP', $line['id'], false);
$do_catchup = get_pref('DIGEST_CATCHUP', $line['id'], false);
global $tz_offset;
// reset tz_offset global to prevent tz cache clash between users
$tz_offset = -1;
$tuple = prepare_headlines_digest( $line["id"], 1, $limit);
$tuple = prepare_headlines_digest($line["id"], 1, $limit);
$digest = $tuple[0];
$headlines_count = $tuple[1];
$affected_ids = $tuple[2];
@ -60,13 +60,13 @@
if ($rc && $do_catchup) {
if ($debug) _debug("Marking affected articles as read...");
catchupArticlesById( $affected_ids, 0, $line["id"]);
catchupArticlesById($affected_ids, 0, $line["id"]);
}
} else {
if ($debug) _debug("No headlines");
}
db_query( "UPDATE ttrss_users SET last_digest_sent = NOW()
db_query("UPDATE ttrss_users SET last_digest_sent = NOW()
WHERE id = " . $line["id"]);
}
@ -77,7 +77,7 @@
}
function prepare_headlines_digest( $user_id, $days = 1, $limit = 1000) {
function prepare_headlines_digest($user_id, $days = 1, $limit = 1000) {
require_once "lib/MiniTemplator.class.php";
@ -87,7 +87,7 @@
$tpl->readTemplateFromFile("templates/digest_template_html.txt");
$tpl_t->readTemplateFromFile("templates/digest_template.txt");
$user_tz_string = get_pref( 'USER_TIMEZONE', $user_id);
$user_tz_string = get_pref('USER_TIMEZONE', $user_id);
$local_ts = convert_timestamp(time(), 'UTC', $user_tz_string);
$tpl->setVariable('CUR_DATE', date('Y/m/d', $local_ts));
@ -104,7 +104,7 @@
$interval_query = "ttrss_entries.date_updated > DATE_SUB(NOW(), INTERVAL $days DAY)";
}
$result = db_query( "SELECT ttrss_entries.title,
$result = db_query("SELECT ttrss_entries.title,
ttrss_feeds.title AS feed_title,
COALESCE(ttrss_feed_categories.title, '".__('Uncategorized')."') AS cat_title,
date_updated,
@ -143,7 +143,7 @@
array_push($affected_ids, $line["ref_id"]);
$updated = make_local_datetime( $line['last_updated'], false,
$updated = make_local_datetime($line['last_updated'], false,
$user_id);
/* if ($line["score"] != 0) {
@ -152,7 +152,7 @@
$line["title"] .= " (".$line['score'].")";
} */
if (get_pref( 'ENABLE_FEED_CATS', $user_id)) {
if (get_pref('ENABLE_FEED_CATS', $user_id)) {
$line['feed_title'] = $line['cat_title'] . " / " . $line['feed_title'];
}

8
include/feedbrowser.php
View File

@ -1,5 +1,5 @@
<?php
function make_feed_browser( $search, $limit, $mode = 1) {
function make_feed_browser($search, $limit, $mode = 1) {
$owner_uid = $_SESSION["uid"];
$rv = '';
@ -12,13 +12,13 @@
}
if ($mode == 1) {
/* $result = db_query( "SELECT feed_url, subscribers FROM
/* $result = db_query("SELECT feed_url, subscribers FROM
ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
AND owner_uid = '$owner_uid') $search_qpart
ORDER BY subscribers DESC LIMIT $limit"); */
$result = db_query( "SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
$result = db_query("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
WHERE
@ -28,7 +28,7 @@
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
} else if ($mode == 2) {
$result = db_query( "SELECT *,
$result = db_query("SELECT *,
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
FROM

468
include/functions.php
View File

File diff suppressed because it is too large Load Diff

70
include/labels.php
View File

@ -1,5 +1,5 @@
<?php
function label_find_id( $label, $owner_uid) {
function label_find_id($label, $owner_uid) {
$result = db_query(
"SELECT id FROM ttrss_labels2 WHERE caption = '$label'
AND owner_uid = '$owner_uid' LIMIT 1");
@ -11,12 +11,12 @@
}
}
function get_article_labels( $id, $owner_uid = false) {
function get_article_labels($id, $owner_uid = false) {
$rv = array();
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
$result = db_query( "SELECT label_cache FROM
$result = db_query("SELECT label_cache FROM
ttrss_user_entries WHERE ref_id = '$id' AND owner_uid = " .
$owner_uid);
@ -48,15 +48,15 @@
}
if (count($rv) > 0)
label_update_cache( $owner_uid, $id, $rv);
label_update_cache($owner_uid, $id, $rv);
else
label_update_cache( $owner_uid, $id, array("no-labels" => 1));
label_update_cache($owner_uid, $id, array("no-labels" => 1));
return $rv;
}
function label_find_caption( $label, $owner_uid) {
function label_find_caption($label, $owner_uid) {
$result = db_query(
"SELECT caption FROM ttrss_labels2 WHERE id = '$label'
AND owner_uid = '$owner_uid' LIMIT 1");
@ -68,10 +68,10 @@
}
}
function get_all_labels( $owner_uid) {
function get_all_labels($owner_uid) {
$rv = array();
$result = db_query( "SELECT fg_color, bg_color, caption FROM ttrss_labels2 WHERE owner_uid = " . $owner_uid);
$result = db_query("SELECT fg_color, bg_color, caption FROM ttrss_labels2 WHERE owner_uid = " . $owner_uid);
while ($line = db_fetch_assoc($result)) {
array_push($rv, $line);
@ -80,31 +80,31 @@
return $rv;
}
function label_update_cache( $owner_uid, $id, $labels = false, $force = false) {
function label_update_cache($owner_uid, $id, $labels = false, $force = false) {
if ($force)
label_clear_cache( $id);
label_clear_cache($id);
if (!$labels)
$labels = get_article_labels( $id);
$labels = get_article_labels($id);
$labels = db_escape_string( json_encode($labels));
$labels = db_escape_string(json_encode($labels));
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
label_cache = '$labels' WHERE ref_id = '$id' AND owner_uid = '$owner_uid'");
}
function label_clear_cache( $id) {
function label_clear_cache($id) {
db_query( "UPDATE ttrss_user_entries SET
db_query("UPDATE ttrss_user_entries SET
label_cache = '' WHERE ref_id = '$id'");
}
function label_remove_article( $id, $label, $owner_uid) {
function label_remove_article($id, $label, $owner_uid) {
$label_id = label_find_id( $label, $owner_uid);
$label_id = label_find_id($label, $owner_uid);
if (!$label_id) return;
@ -114,12 +114,12 @@
label_id = '$label_id' AND
article_id = '$id'");
label_clear_cache( $id);
label_clear_cache($id);
}
function label_add_article( $id, $label, $owner_uid) {
function label_add_article($id, $label, $owner_uid) {
$label_id = label_find_id( $label, $owner_uid);
$label_id = label_find_id($label, $owner_uid);
if (!$label_id) return;
@ -133,55 +133,55 @@
LIMIT 1");
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_user_labels2
db_query("INSERT INTO ttrss_user_labels2
(label_id, article_id) VALUES ('$label_id', '$id')");
}
label_clear_cache( $id);
label_clear_cache($id);
}
function label_remove( $id, $owner_uid) {
function label_remove($id, $owner_uid) {
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT caption FROM ttrss_labels2
$result = db_query("SELECT caption FROM ttrss_labels2
WHERE id = '$id'");
$caption = db_fetch_result($result, 0, "caption");
$result = db_query( "DELETE FROM ttrss_labels2 WHERE id = '$id'
$result = db_query("DELETE FROM ttrss_labels2 WHERE id = '$id'
AND owner_uid = " . $owner_uid);
if (db_affected_rows( $result) != 0 && $caption) {
if (db_affected_rows($result) != 0 && $caption) {
/* Remove access key for the label */
$ext_id = LABEL_BASE_INDEX - 1 - $id;
db_query( "DELETE FROM ttrss_access_keys WHERE
db_query("DELETE FROM ttrss_access_keys WHERE
feed_id = '$ext_id' AND owner_uid = $owner_uid");
/* Remove cached data */
db_query( "UPDATE ttrss_user_entries SET label_cache = ''
db_query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $owner_uid);
}
db_query( "COMMIT");
db_query("COMMIT");
}
function label_create( $caption, $fg_color = '', $bg_color = '', $owner_uid = false) {
function label_create($caption, $fg_color = '', $bg_color = '', $owner_uid = false) {
if (!$owner_uid) $owner_uid = $_SESSION['uid'];
db_query( "BEGIN");
db_query("BEGIN");
$result = false;
$result = db_query( "SELECT id FROM ttrss_labels2
$result = db_query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = $owner_uid");
if (db_num_rows($result) == 0) {
@ -189,10 +189,10 @@
"INSERT INTO ttrss_labels2 (caption,owner_uid,fg_color,bg_color)
VALUES ('$caption', '$owner_uid', '$fg_color', '$bg_color')");
$result = db_affected_rows( $result) != 0;
$result = db_affected_rows($result) != 0;
}
db_query( "COMMIT");
db_query("COMMIT");
return $result;
}

190
include/rssfuncs.php
View File

@ -5,30 +5,30 @@
function update_feedbrowser_cache() {
$result = db_query( "SELECT feed_url, site_url, title, COUNT(id) AS subscribers
$result = db_query("SELECT feed_url, site_url, title, COUNT(id) AS subscribers
FROM ttrss_feeds WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = ttrss_feeds.feed_url
AND (private IS true OR auth_login != '' OR auth_pass != '' OR feed_url LIKE '%:%@%/%'))
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT 1000");
db_query( "BEGIN");
db_query("BEGIN");
db_query( "DELETE FROM ttrss_feedbrowser_cache");
db_query("DELETE FROM ttrss_feedbrowser_cache");
$count = 0;
while ($line = db_fetch_assoc($result)) {
$subscribers = db_escape_string( $line["subscribers"]);
$feed_url = db_escape_string( $line["feed_url"]);
$title = db_escape_string( $line["title"]);
$site_url = db_escape_string( $line["site_url"]);
$subscribers = db_escape_string($line["subscribers"]);
$feed_url = db_escape_string($line["feed_url"]);
$title = db_escape_string($line["title"]);
$site_url = db_escape_string($line["site_url"]);
$tmp_result = db_query( "SELECT subscribers FROM
$tmp_result = db_query("SELECT subscribers FROM
ttrss_feedbrowser_cache WHERE feed_url = '$feed_url'");
if (db_num_rows($tmp_result) == 0) {
db_query( "INSERT INTO ttrss_feedbrowser_cache
db_query("INSERT INTO ttrss_feedbrowser_cache
(feed_url, site_url, title, subscribers) VALUES ('$feed_url',
'$site_url', '$title', '$subscribers')");
@ -38,7 +38,7 @@
}
db_query( "COMMIT");
db_query("COMMIT");
return $count;
@ -57,7 +57,7 @@
* @param boolean $debug Set to false to disable debug output. Default to true.
* @return void
*/
function update_daemon_common( $limit = DAEMON_FEED_LIMIT, $from_http = false, $debug = true) {
function update_daemon_common($limit = DAEMON_FEED_LIMIT, $from_http = false, $debug = true) {
// Process all other feeds using last_updated and interval parameters
$schema_version = get_schema_version();
@ -116,7 +116,7 @@
$random_qpart = sql_random_function();
// We search for feed needing update.
$result = db_query( "SELECT DISTINCT ttrss_feeds.feed_url,$random_qpart
$result = db_query("SELECT DISTINCT ttrss_feeds.feed_url,$random_qpart
FROM
ttrss_feeds, ttrss_users, ttrss_user_prefs
WHERE
@ -134,7 +134,7 @@
// Here is a little cache magic in order to minimize risk of double feed updates.
$feeds_to_update = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds_to_update, db_escape_string( $line['feed_url']));
array_push($feeds_to_update, db_escape_string($line['feed_url']));
}
// We update the feed last update started date before anything else.
@ -145,16 +145,16 @@
$feeds_quoted = array();
foreach ($feeds_to_update as $feed) {
array_push($feeds_quoted, "'" . db_escape_string( $feed) . "'");
array_push($feeds_quoted, "'" . db_escape_string($feed) . "'");
}
db_query( sprintf("UPDATE ttrss_feeds SET last_update_started = NOW()
db_query(sprintf("UPDATE ttrss_feeds SET last_update_started = NOW()
WHERE feed_url IN (%s)", implode(',', $feeds_quoted)));
}
expire_cached_files($debug);
expire_lock_files($debug);
expire_error_log( $debug);
expire_error_log($debug);
$nf = 0;
@ -162,16 +162,16 @@
foreach ($feeds_to_update as $feed) {
if($debug) _debug("Base feed: $feed");
//update_rss_feed( $line["id"], true);
//update_rss_feed($line["id"], true);
// since we have the data cached, we can deal with other feeds with the same url
$tmp_result = db_query( "SELECT DISTINCT ttrss_feeds.id,last_updated
$tmp_result = db_query("SELECT DISTINCT ttrss_feeds.id,last_updated
FROM ttrss_feeds, ttrss_users, ttrss_user_prefs WHERE
ttrss_user_prefs.owner_uid = ttrss_feeds.owner_uid AND
ttrss_users.id = ttrss_user_prefs.owner_uid AND
ttrss_user_prefs.pref_name = 'DEFAULT_UPDATE_INTERVAL' AND
feed_url = '".db_escape_string( $feed)."' AND
feed_url = '".db_escape_string($feed)."' AND
(ttrss_feeds.update_interval > 0 OR
ttrss_user_prefs.value != '-1')
$login_thresh_qpart
@ -180,7 +180,7 @@
if (db_num_rows($tmp_result) > 0) {
while ($tline = db_fetch_assoc($tmp_result)) {
if($debug) _debug(" => " . $tline["last_updated"] . ", " . $tline["id"]);
update_rss_feed( $tline["id"], true);
update_rss_feed($tline["id"], true);
++$nf;
}
}
@ -189,14 +189,14 @@
require_once "digest.php";
// Send feed digests by email if needed.
send_headlines_digests( $debug);
send_headlines_digests($debug);
return $nf;
} // function update_daemon_common
// ignore_daemon is not used
function update_rss_feed( $feed, $ignore_daemon = false, $no_cache = false,
function update_rss_feed($feed, $ignore_daemon = false, $no_cache = false,
$override_url = false) {
require_once "lib/simplepie/simplepie.inc";
@ -207,7 +207,7 @@
_debug("update_rss_feed: start");
}
$result = db_query( "SELECT id,update_interval,auth_login,
$result = db_query("SELECT id,update_interval,auth_login,
feed_url,auth_pass,cache_images,last_updated,
mark_unread_on_update, owner_uid,
pubsub_state, auth_pass_encrypted
@ -228,7 +228,7 @@
$auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result,
0, "auth_pass_encrypted"));
db_query( "UPDATE ttrss_feeds SET last_update_started = NOW()
db_query("UPDATE ttrss_feeds SET last_update_started = NOW()
WHERE id = '$feed'");
$auth_login = db_fetch_result($result, 0, "auth_login");
@ -242,7 +242,7 @@
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
$fetch_url = db_fetch_result($result, 0, "feed_url");
$feed = db_escape_string( $feed);
$feed = db_escape_string($feed);
if ($override_url) $fetch_url = $override_url;
@ -252,7 +252,7 @@
// Ignore cache if new feed or manual update.
$cache_age = ($no_cache || is_null($last_updated) || $last_updated == '1970-01-01 00:00:00') ?
30 : get_feed_update_interval( $feed) * 60;
30 : get_feed_update_interval($feed) * 60;
if ($debug_enabled) {
_debug("update_rss_feed: cache filename: $cache_filename exists: " . file_exists($cache_filename));
@ -322,7 +322,7 @@
// If-Modified-Since
if ($fetch_last_error_code != 304) {
$error_escaped = db_escape_string( $fetch_last_error);
$error_escaped = db_escape_string($fetch_last_error);
} else {
if ($debug_enabled) {
_debug("update_rss_feed: source claims data not modified, nothing to do.");
@ -339,7 +339,7 @@
$pluginhost = new PluginHost(Db::get());
$pluginhost->set_debug($debug_enabled);
$user_plugins = get_pref( "_ENABLED_PLUGINS", $owner_uid);
$user_plugins = get_pref("_ENABLED_PLUGINS", $owner_uid);
$pluginhost->load(PLUGINS, $pluginhost::KIND_ALL);
$pluginhost->load($user_plugins, $pluginhost::KIND_USER, $owner_uid);
@ -364,7 +364,7 @@
// print_r($rss);
$feed = db_escape_string( $feed);
$feed = db_escape_string($feed);
if (!$rss->error()) {
@ -388,7 +388,7 @@
_debug("update_rss_feed: processing feed data...");
}
// db_query( "BEGIN");
// db_query("BEGIN");
if (DB_TYPE == "pgsql") {
$favicon_interval_qpart = "favicon_last_checked < NOW() - INTERVAL '12 hour'";
@ -396,7 +396,7 @@
$favicon_interval_qpart = "favicon_last_checked < DATE_SUB(NOW(), INTERVAL 12 HOUR)";
}
$result = db_query( "SELECT title,site_url,owner_uid,
$result = db_query("SELECT title,site_url,owner_uid,
(favicon_last_checked IS NULL OR $favicon_interval_qpart) AS
favicon_needs_check
FROM ttrss_feeds WHERE id = '$feed'");
@ -408,7 +408,7 @@
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$site_url = db_escape_string( mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
$site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245));
if ($favicon_needs_check || $force_refetch) {
if ($debug_enabled) {
@ -427,25 +427,25 @@
$favicon_colorstring = ",favicon_avg_color = '".$favicon_color."'";
}
db_query( "UPDATE ttrss_feeds SET favicon_last_checked = NOW()
db_query("UPDATE ttrss_feeds SET favicon_last_checked = NOW()
$favicon_colorstring
WHERE id = '$feed'");
}
if (!$registered_title || $registered_title == "[Unknown]") {
$feed_title = db_escape_string( $rss->get_title());
$feed_title = db_escape_string($rss->get_title());
if ($debug_enabled) {
_debug("update_rss_feed: registering title: $feed_title");
}
db_query( "UPDATE ttrss_feeds SET
db_query("UPDATE ttrss_feeds SET
title = '$feed_title' WHERE id = '$feed'");
}
if ($site_url && $orig_site_url != $site_url) {
db_query( "UPDATE ttrss_feeds SET
db_query("UPDATE ttrss_feeds SET
site_url = '$site_url' WHERE id = '$feed'");
}
@ -453,8 +453,8 @@
_debug("update_rss_feed: loading filters & labels...");
}
$filters = load_filters( $feed, $owner_uid);
$labels = get_all_labels( $owner_uid);
$filters = load_filters($feed, $owner_uid);
$labels = get_all_labels($owner_uid);
if ($debug_enabled) {
//print_r($filters);
@ -468,7 +468,7 @@
_debug("update_rss_feed: no articles found.");
}
db_query( "UPDATE ttrss_feeds
db_query("UPDATE ttrss_feeds
SET last_updated = NOW(), last_error = '' WHERE id = '$feed'");
return; // no articles
@ -506,7 +506,7 @@
if ($debug_enabled)
_debug("update_rss_feed: feed hub url found, subscribe request sent.");
db_query( "UPDATE ttrss_feeds SET pubsub_state = 1
db_query("UPDATE ttrss_feeds SET pubsub_state = 1
WHERE id = '$feed'");
}
}
@ -528,7 +528,7 @@
$entry_guid = "$owner_uid,$entry_guid";
$entry_guid_hashed = db_escape_string( 'SHA1:' . sha1($entry_guid));
$entry_guid_hashed = db_escape_string('SHA1:' . sha1($entry_guid));
if ($debug_enabled) {
_debug("update_rss_feed: guid $entry_guid / $entry_guid_hashed");
@ -578,13 +578,13 @@
$entry_author = $entry_author_item->get_name();
if (!$entry_author) $entry_author = $entry_author_item->get_email();
$entry_author = db_escape_string( $entry_author);
$entry_author = db_escape_string($entry_author);
}
$entry_guid = db_escape_string( mb_substr($entry_guid, 0, 245));
$entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245));
$entry_comments = db_escape_string( mb_substr($entry_comments, 0, 245));
$entry_author = db_escape_string( mb_substr($entry_author, 0, 245));
$entry_comments = db_escape_string(mb_substr($entry_comments, 0, 245));
$entry_author = db_escape_string(mb_substr($entry_author, 0, 245));
$num_comments = $item->get_item_tags('http://purl.org/rss/1.0/modules/slash/', 'comments');
@ -641,8 +641,8 @@
}
// FIXME not sure if owner_uid is a good idea here, we may have a base entry without user entry (?)
$result = db_query( "SELECT plugin_data,title,content,link,tag_cache,author FROM ttrss_entries, ttrss_user_entries
WHERE ref_id = id AND (guid = '".db_escape_string( $entry_guid)."' OR guid = '$entry_guid_hashed') AND owner_uid = $owner_uid");
$result = db_query("SELECT plugin_data,title,content,link,tag_cache,author FROM ttrss_entries, ttrss_user_entries
WHERE ref_id = id AND (guid = '".db_escape_string($entry_guid)."' OR guid = '$entry_guid_hashed') AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
$entry_plugin_data = db_fetch_result($result, 0, "plugin_data");
@ -671,11 +671,11 @@
}
$entry_tags = $article["tags"];
$entry_guid = db_escape_string( $entry_guid);
$entry_title = db_escape_string( $article["title"]);
$entry_author = db_escape_string( $article["author"]);
$entry_link = db_escape_string( $article["link"]);
$entry_plugin_data = db_escape_string( $article["plugin_data"]);
$entry_guid = db_escape_string($entry_guid);
$entry_title = db_escape_string($article["title"]);
$entry_author = db_escape_string($article["author"]);
$entry_link = db_escape_string($article["link"]);
$entry_plugin_data = db_escape_string($article["plugin_data"]);
$entry_content = $article["content"]; // escaped below
@ -686,13 +686,13 @@
if ($cache_images && is_writable(CACHE_DIR . '/images'))
cache_images($entry_content, $site_url, $debug_enabled);
$entry_content = db_escape_string( $entry_content, false);
$entry_content = db_escape_string($entry_content, false);
$content_hash = "SHA1:" . sha1($entry_content);
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT id FROM ttrss_entries
$result = db_query("SELECT id FROM ttrss_entries
WHERE (guid = '$entry_guid' OR guid = '$entry_guid_hashed')");
if (db_num_rows($result) == 0) {
@ -745,15 +745,15 @@
$base_entry_id = db_fetch_result($result, 0, "id");
db_query( "UPDATE ttrss_entries SET date_updated = NOW()
db_query("UPDATE ttrss_entries SET date_updated = NOW()
WHERE id = '$base_entry_id'");
$article_labels = get_article_labels( $base_entry_id, $owner_uid);
$article_labels = get_article_labels($base_entry_id, $owner_uid);
}
// now it should exist, if not - bad luck then
$result = db_query( "SELECT
$result = db_query("SELECT
id,content_hash,no_orig_date,title,plugin_data,guid,
".SUBSTRING_FOR_DATE."(date_updated,1,19) as date_updated,
".SUBSTRING_FOR_DATE."(updated,1,19) as updated,
@ -786,14 +786,14 @@
if ($stored_guid != $entry_guid_hashed) {
if ($debug_enabled) _debug("upgrading compat guid to hashed one");
db_query( "UPDATE ttrss_entries SET guid = '$entry_guid_hashed' WHERE
db_query("UPDATE ttrss_entries SET guid = '$entry_guid_hashed' WHERE
id = '$ref_id'");
} */
// check for user post link to main table
// do we allow duplicate posts with same GUID in different feeds?
if (get_pref( "ALLOW_DUPLICATE_POSTS", $owner_uid, false)) {
if (get_pref("ALLOW_DUPLICATE_POSTS", $owner_uid, false)) {
$dupcheck_qpart = "AND (feed_id = '$feed' OR feed_id IS NULL)";
} else {
$dupcheck_qpart = "";
@ -813,7 +813,7 @@
}
if (find_article_filter($article_filters, "filter")) {
db_query( "COMMIT"); // close transaction in progress
db_query("COMMIT"); // close transaction in progress
continue;
}
@ -829,7 +829,7 @@
// if ($_REQUEST["xdebug"]) print "$query\n";
$result = db_query( $query);
$result = db_query($query);
// okay it doesn't exist - create user entry
if (db_num_rows($result) == 0) {
@ -862,7 +862,7 @@
if (DB_TYPE == "pgsql" and defined('_NGRAM_TITLE_DUPLICATE_THRESHOLD')) {
$result = db_query( "SELECT COUNT(*) AS similar FROM
$result = db_query("SELECT COUNT(*) AS similar FROM
ttrss_entries,ttrss_user_entries
WHERE ref_id = id AND updated >= NOW() - INTERVAL '7 day'
AND similarity(title, '$entry_title') >= "._NGRAM_TITLE_DUPLICATE_THRESHOLD."
@ -894,7 +894,7 @@
if (PUBSUBHUBBUB_HUB && $published == 'true') {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key( -2, false, $owner_uid);
get_feed_access_key(-2, false, $owner_uid);
$p = new Publisher(PUBSUBHUBBUB_HUB);
@ -940,7 +940,7 @@
$update_insignificant = false;
}
if (db_escape_string( $orig_title) != $entry_title) {
if (db_escape_string($orig_title) != $entry_title) {
$post_needs_update = true;
$update_insignificant = false;
}
@ -955,7 +955,7 @@
// print "<!-- post $orig_title needs update : $post_needs_update -->";
db_query( "UPDATE ttrss_entries
db_query("UPDATE ttrss_entries
SET title = '$entry_title', content = '$entry_content',
content_hash = '$content_hash',
updated = '$entry_timestamp_fmt',
@ -965,20 +965,20 @@
if (!$update_insignificant) {
if ($mark_unread_on_update) {
db_query( "UPDATE ttrss_user_entries
db_query("UPDATE ttrss_user_entries
SET last_read = null, unread = true WHERE ref_id = '$ref_id'");
}
}
}
}
db_query( "COMMIT");
db_query("COMMIT");
if ($debug_enabled) {
_debug("update_rss_feed: assigning labels...");
}
assign_article_to_label_filters( $entry_ref_id, $article_filters,
assign_article_to_label_filters($entry_ref_id, $article_filters,
$owner_uid, $article_labels);
if ($debug_enabled) {
@ -1004,24 +1004,24 @@
print_r($enclosures);
}
db_query( "BEGIN");
db_query("BEGIN");
foreach ($enclosures as $enc) {
$enc_url = db_escape_string( $enc[0]);
$enc_type = db_escape_string( $enc[1]);
$enc_dur = db_escape_string( $enc[2]);
$enc_url = db_escape_string($enc[0]);
$enc_type = db_escape_string($enc[1]);
$enc_dur = db_escape_string($enc[2]);
$result = db_query( "SELECT id FROM ttrss_enclosures
$result = db_query("SELECT id FROM ttrss_enclosures
WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'");
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_enclosures
db_query("INSERT INTO ttrss_enclosures
(content_url, content_type, title, duration, post_id) VALUES
('$enc_url', '$enc_type', '', '$enc_dur', '$entry_ref_id')");
}
}
db_query( "COMMIT");
db_query("COMMIT");
// check for manual tags (we have to do it here since they're loaded from filters)
@ -1065,22 +1065,22 @@
if (count($filtered_tags) > 0) {
db_query( "BEGIN");
db_query("BEGIN");
foreach ($filtered_tags as $tag) {
$tag = sanitize_tag($tag);
$tag = db_escape_string( $tag);
$tag = db_escape_string($tag);
if (!tag_is_valid($tag)) continue;
$result = db_query( "SELECT id FROM ttrss_tags
$result = db_query("SELECT id FROM ttrss_tags
WHERE tag_name = '$tag' AND post_int_id = '$entry_int_id' AND
owner_uid = '$owner_uid' LIMIT 1");
if ($result && db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_tags
db_query("INSERT INTO ttrss_tags
(owner_uid,tag_name,post_int_id)
VALUES ('$owner_uid','$tag', '$entry_int_id')");
}
@ -1092,16 +1092,16 @@
$tags_to_cache = array_unique($tags_to_cache);
$tags_str = db_escape_string( join(",", $tags_to_cache));
$tags_str = db_escape_string(join(",", $tags_to_cache));
db_query( "UPDATE ttrss_user_entries
db_query("UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id'
AND owner_uid = $owner_uid");
db_query( "COMMIT");
db_query("COMMIT");
}
if (get_pref( "AUTO_ASSIGN_LABELS", $owner_uid, false)) {
if (get_pref("AUTO_ASSIGN_LABELS", $owner_uid, false)) {
if ($debug_enabled) {
_debug("update_rss_feed: auto-assigning labels...");
}
@ -1111,7 +1111,7 @@
if ($caption && preg_match("/\b$caption\b/i", "$tags_str " . strip_tags($entry_content) . " $entry_title")) {
if (!labels_contains_caption($article_labels, $caption)) {
label_add_article( $entry_ref_id, $caption, $owner_uid);
label_add_article($entry_ref_id, $caption, $owner_uid);
}
}
}
@ -1126,23 +1126,23 @@
if ($debug_enabled) {
_debug("update_rss_feed: new feed, catching it up...");
}
catchup_feed( $feed, false, $owner_uid);
catchup_feed($feed, false, $owner_uid);
}
if ($debug_enabled) {
_debug("purging feed...");
}
purge_feed( $feed, 0, $debug_enabled);
purge_feed($feed, 0, $debug_enabled);
db_query( "UPDATE ttrss_feeds
db_query("UPDATE ttrss_feeds
SET last_updated = NOW(), last_error = '' WHERE id = '$feed'");
// db_query( "COMMIT");
// db_query("COMMIT");
} else {
$error_msg = db_escape_string( mb_substr($rss->error(), 0, 245));
$error_msg = db_escape_string(mb_substr($rss->error(), 0, 245));
if ($debug_enabled) {
_debug("update_rss_feed: error fetching feed: $error_msg");
@ -1204,14 +1204,14 @@
return $doc->saveXML($node);
}
function expire_error_log( $debug) {
function expire_error_log($debug) {
if ($debug) _debug("Removing old error log entries...");
if (DB_TYPE == "pgsql") {
db_query( "DELETE FROM ttrss_error_log
db_query("DELETE FROM ttrss_error_log
WHERE created_at < NOW() - INTERVAL '7 days'");
} else {
db_query( "DELETE FROM ttrss_error_log
db_query("DELETE FROM ttrss_error_log
WHERE created_at < DATE_SUB(NOW(), INTERVAL 7 DAY)");
}
@ -1399,11 +1399,11 @@
return false;
}
function assign_article_to_label_filters( $id, $filters, $owner_uid, $article_labels) {
function assign_article_to_label_filters($id, $filters, $owner_uid, $article_labels) {
foreach ($filters as $f) {
if ($f["type"] == "label") {
if (!labels_contains_caption($article_labels, $f["param"])) {
label_add_article( $id, $f["param"], $owner_uid);
label_add_article($id, $f["param"], $owner_uid);
}
}
}

2
include/sanity_check.php
View File

@ -88,7 +88,7 @@
}
if (SINGLE_USER_MODE) {
$result = db_query( "SELECT id FROM ttrss_users WHERE id = 1");
$result = db_query("SELECT id FROM ttrss_users WHERE id = 1");
if (db_num_rows($result) != 1) {
array_push($errors, "SINGLE_USER_MODE is enabled in config.php but default admin account is not found.");

2
include/sanity_config.php
View File

@ -1,3 +1,3 @@
<?php # This file has been generated at: Tue Apr 16 16:41:13 MSK 2013
define('GENERATED_CONFIG_CHECK', 26);
$requred_defines = array( 'DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'CONFIG_VERSION'); ?>
$requred_defines = array('DB_TYPE', 'DB_HOST', 'DB_USER', 'DB_NAME', 'DB_PASS', 'MYSQL_CHARSET', 'SELF_URL_PATH', 'FEED_CRYPT_KEY', 'SINGLE_USER_MODE', 'SIMPLE_UPDATE_MODE', 'PHP_EXECUTABLE', 'LOCK_DIRECTORY', 'CACHE_DIR', 'ICONS_DIR', 'ICONS_URL', 'AUTH_AUTO_CREATE', 'AUTH_AUTO_LOGIN', 'FORCE_ARTICLE_PURGE', 'PUBSUBHUBBUB_HUB', 'PUBSUBHUBBUB_ENABLED', 'SPHINX_ENABLED', 'SPHINX_SERVER', 'SPHINX_INDEX', 'ENABLE_REGISTRATION', 'REG_NOTIFY_ADDRESS', 'REG_MAX_USERS', 'SESSION_COOKIE_LIFETIME', 'SESSION_CHECK_ADDRESS', 'SMTP_FROM_NAME', 'SMTP_FROM_ADDRESS', 'DIGEST_SUBJECT', 'SMTP_SERVER', 'SMTP_LOGIN', 'SMTP_PASSWORD', 'CHECK_FOR_NEW_VERSION', 'ENABLE_GZIP_OUTPUT', 'PLUGINS', 'CONFIG_VERSION'); ?>

24
plugins/auth_internal/init.php
View File

@ -19,12 +19,12 @@ class Auth_Internal extends Plugin implements IAuthModule {
$pwd_hash1 = encrypt_password($password);
$pwd_hash2 = encrypt_password($password, $login);
$login = db_escape_string( $login);
$otp = db_escape_string( $_REQUEST["otp"]);
$login = db_escape_string($login);
$otp = db_escape_string($_REQUEST["otp"]);
if (get_schema_version() > 96) {
if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) {
$result = db_query( "SELECT otp_enabled,salt FROM ttrss_users WHERE
$result = db_query("SELECT otp_enabled,salt FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) > 0) {
@ -74,7 +74,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
if (get_schema_version() > 87) {
$result = db_query( "SELECT salt FROM ttrss_users WHERE
$result = db_query("SELECT salt FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) != 1) {
@ -92,7 +92,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
// verify and upgrade password to new salt base
$result = db_query( $query);
$result = db_query($query);
if (db_num_rows($result) == 1) {
// upgrade password to MODE2
@ -100,7 +100,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true);
db_query( "UPDATE ttrss_users SET
db_query("UPDATE ttrss_users SET
pwd_hash = '$pwd_hash', salt = '$salt' WHERE login = '$login'");
$query = "SELECT id
@ -128,7 +128,7 @@ class Auth_Internal extends Plugin implements IAuthModule {
pwd_hash = '$pwd_hash2')";
}
$result = db_query( $query);
$result = db_query($query);
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "id");
@ -138,9 +138,9 @@ class Auth_Internal extends Plugin implements IAuthModule {
}
function check_password($owner_uid, $password) {
$owner_uid = db_escape_string( $owner_uid);
$owner_uid = db_escape_string($owner_uid);
$result = db_query( "SELECT salt,login FROM ttrss_users WHERE
$result = db_query("SELECT salt,login FROM ttrss_users WHERE
id = '$owner_uid'");
$salt = db_fetch_result($result, 0, "salt");
@ -161,20 +161,20 @@ class Auth_Internal extends Plugin implements IAuthModule {
id = '$owner_uid' AND pwd_hash = '$password_hash'";
}
$result = db_query( $query);
$result = db_query($query);
return db_num_rows($result) != 0;
}
function change_password($owner_uid, $old_password, $new_password) {
$owner_uid = db_escape_string( $owner_uid);
$owner_uid = db_escape_string($owner_uid);
if ($this->check_password($owner_uid, $old_password)) {
$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$new_password_hash = encrypt_password($new_password, $new_salt, true);
db_query( "UPDATE ttrss_users SET
db_query("UPDATE ttrss_users SET
pwd_hash = '$new_password_hash', salt = '$new_salt', otp_enabled = false
WHERE id = '$owner_uid'");

18
plugins/auth_remote/init.php
View File

@ -19,15 +19,15 @@ class Auth_Remote extends Plugin implements IAuthModule {
}
function get_login_by_ssl_certificate() {
$cert_serial = db_escape_string( get_ssl_certificate_id());
$cert_serial = db_escape_string(get_ssl_certificate_id());
if ($cert_serial) {
$result = db_query( "SELECT login FROM ttrss_user_prefs, ttrss_users
$result = db_query("SELECT login FROM ttrss_user_prefs, ttrss_users
WHERE pref_name = 'SSL_CERT_SERIAL' AND value = '$cert_serial' AND
owner_uid = ttrss_users.id");
if (db_num_rows($result) != 0) {
return db_escape_string( db_fetch_result($result, 0, "login"));
return db_escape_string(db_fetch_result($result, 0, "login"));
}
}
@ -36,10 +36,10 @@ class Auth_Remote extends Plugin implements IAuthModule {
function authenticate($login, $password) {
$try_login = db_escape_string( $_SERVER["REMOTE_USER"]);
$try_login = db_escape_string($_SERVER["REMOTE_USER"]);
// php-cgi
if (!$try_login) $try_login = db_escape_string( $_SERVER["REDIRECT_REMOTE_USER"]);
if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]);
if (!$try_login) $try_login = $this->get_login_by_ssl_certificate();
# if (!$try_login) $try_login = "test_qqq";
@ -58,15 +58,15 @@ class Auth_Remote extends Plugin implements IAuthModule {
// update user name
$fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN'];
if ($fullname){
$fullname = db_escape_string( $fullname);
db_query( "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
$fullname = db_escape_string($fullname);
db_query("UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " .
$user_id);
}
// update user mail
$email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL'];
if ($email){
$email = db_escape_string( $email);
db_query( "UPDATE ttrss_users SET email = '$email' WHERE id = " .
$email = db_escape_string($email);
db_query("UPDATE ttrss_users SET email = '$email' WHERE id = " .
$user_id);
}
}

2
plugins/close_button/init.php
View File

@ -15,7 +15,7 @@ class Close_Button extends Plugin {
}
function hook_article_button($line) {
if (!get_pref( "COMBINED_DISPLAY_MODE")) {
if (!get_pref("COMBINED_DISPLAY_MODE")) {
$rv = "<img src=\"plugins/close_button/button.png\"
class='tagsPic' style=\"cursor : pointer\"
onclick=\"closeArticlePanel()\"

20
plugins/digest/init.php
View File

@ -41,13 +41,13 @@ class Digest extends Plugin implements IHandler {
}
function digestgetcontents() {
$article_id = db_escape_string( $_REQUEST['article_id']);
$article_id = db_escape_string($_REQUEST['article_id']);
$result = db_query( "SELECT content,title,link,marked,published
$result = db_query("SELECT content,title,link,marked,published
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
$content = sanitize( db_fetch_result($result, 0, "content"));
$content = sanitize(db_fetch_result($result, 0, "content"));
$title = strip_tags(db_fetch_result($result, 0, "title"));
$article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));
@ -55,15 +55,15 @@ class Digest extends Plugin implements IHandler {
print json_encode(array("article" =>
array("id" => $article_id, "url" => $article_url,
"tags" => get_article_tags( $article_id),
"tags" => get_article_tags($article_id),
"marked" => $marked, "published" => $published,
"title" => $title, "content" => $content)));
}
function digestupdate() {
$feed_id = db_escape_string( $_REQUEST['feed_id']);
$offset = db_escape_string( $_REQUEST['offset']);
$seq = db_escape_string( $_REQUEST['seq']);
$feed_id = db_escape_string($_REQUEST['feed_id']);
$offset = db_escape_string($_REQUEST['offset']);
$seq = db_escape_string($_REQUEST['seq']);
if (!$feed_id) $feed_id = -4;
if (!$offset) $offset = 0;
@ -72,18 +72,18 @@ class Digest extends Plugin implements IHandler {
$reply['seq'] = $seq;
$headlines = API::api_get_headlines( $feed_id, 30, $offset,
$headlines = API::api_get_headlines($feed_id, 30, $offset,
'', ($feed_id == -4), true, false, "unread", "updated DESC", 0, 0);
$reply['headlines'] = array();
$reply['headlines']['title'] = getFeedTitle( $feed_id);
$reply['headlines']['title'] = getFeedTitle($feed_id);
$reply['headlines']['content'] = $headlines;
print json_encode($reply);
}
function digestinit() {
$tmp_feeds = API::api_get_feeds( -4, true, false, 0);
$tmp_feeds = API::api_get_feeds(-4, true, false, 0);
$params = array();
$feeds = array();

4
plugins/embed_original/init.php
View File

@ -34,9 +34,9 @@ class Embed_Original extends Plugin {
}
function getUrl() {
$id = db_escape_string( $_REQUEST['id']);
$id = db_escape_string($_REQUEST['id']);
$result = db_query( "SELECT link
$result = db_query("SELECT link
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND ref_id = id AND owner_uid = " .$_SESSION['uid']);

2
plugins/example/init.php
View File

@ -19,7 +19,7 @@ class Example extends Plugin {
}
function save() {
$example_value = db_escape_string( $_POST["example_value"]);
$example_value = db_escape_string($_POST["example_value"]);
$this->host->set($this, "example", $example_value);

2
plugins/example_vfeed/init.php
View File

@ -27,7 +27,7 @@ class Example_VFeed extends Plugin {
}
function get_headlines($feed_id, $options) {
$qfh_ret = queryFeedHeadlines( -4,
$qfh_ret = queryFeedHeadlines(-4,
$options['limit'],
$options['view_mode'], $options['cat_view'],
$options['search'],

46
plugins/googlereaderimport/init.php
View File

@ -30,11 +30,11 @@ class GoogleReaderImport extends Plugin {
_debug("please enter your username:");
$username = db_escape_string( trim(read_stdin()));
$username = db_escape_string(trim(read_stdin()));
_debug("looking up user: $username...");
$result = db_query( "SELECT id FROM ttrss_users
$result = db_query("SELECT id FROM ttrss_users
WHERE login = '$username'");
if (db_num_rows($result) == 0) {
@ -111,19 +111,19 @@ class GoogleReaderImport extends Plugin {
foreach ($doc['items'] as $item) {
// print_r($item);
$guid = db_escape_string( mb_substr($item['id'], 0, 250));
$title = db_escape_string( $item['title']);
$guid = db_escape_string(mb_substr($item['id'], 0, 250));
$title = db_escape_string($item['title']);
$updated = date('Y-m-d h:i:s', $item['updated']);
$link = '';
$content = '';
$author = db_escape_string( $item['author']);
$author = db_escape_string($item['author']);
$tags = array();
$orig_feed_data = array();
if (is_array($item['alternate'])) {
foreach ($item['alternate'] as $alt) {
if (isset($alt['type']) && $alt['type'] == 'text/html') {
$link = db_escape_string( $alt['href']);
$link = db_escape_string($alt['href']);
}
}
}
@ -206,9 +206,9 @@ class GoogleReaderImport extends Plugin {
$content_hash = sha1($content);
if (filter_var( FILTER_VALIDATE_URL) === FALSE) return false;
if (filter_var(FILTER_VALIDATE_URL) === FALSE) return false;
db_query( "BEGIN");
db_query("BEGIN");
$feed_id = 'NULL';
@ -254,18 +254,18 @@ class GoogleReaderImport extends Plugin {
// locate archived entry to file entries in, we don't want to file them in actual feeds because of purging
// maybe file marked in real feeds because eh
$result = db_query( "SELECT id FROM ttrss_archived_feeds WHERE
$result = db_query("SELECT id FROM ttrss_archived_feeds WHERE
feed_url = '".$orig_feed_data['feed_url']."' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
$orig_feed_id = db_fetch_result($result, 0, "id");
} else {
db_query( "INSERT INTO ttrss_archived_feeds
db_query("INSERT INTO ttrss_archived_feeds
(id, owner_uid, title, feed_url, site_url)
SELECT id, owner_uid, title, feed_url, site_url from ttrss_feeds
WHERE id = '$feed_id'");
$result = db_query( "SELECT id FROM ttrss_archived_feeds WHERE
$result = db_query("SELECT id FROM ttrss_archived_feeds WHERE
feed_url = '".$orig_feed_data['feed_url']."' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) {
@ -276,32 +276,32 @@ class GoogleReaderImport extends Plugin {
// delete temporarily inserted feed
if ($feed_id && $feed_inserted) {
db_query( "DELETE FROM ttrss_feeds WHERE id = $feed_id");
db_query("DELETE FROM ttrss_feeds WHERE id = $feed_id");
}
if (!$orig_feed_id) $orig_feed_id = 'NULL';
$result = db_query( "SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
$result = db_query("SELECT id FROM ttrss_entries, ttrss_user_entries WHERE
guid = '$guid' AND ref_id = id AND owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 0) {
$result = db_query( "INSERT INTO ttrss_entries
$result = db_query("INSERT INTO ttrss_entries
(title, guid, link, updated, content, content_hash, date_entered, date_updated, author)
VALUES
('$title', '$guid', '$link', '$updated', '$content', '$content_hash', NOW(), NOW(), '$author')");
$result = db_query( "SELECT id FROM ttrss_entries WHERE guid = '$guid'");
$result = db_query("SELECT id FROM ttrss_entries WHERE guid = '$guid'");
if (db_num_rows($result) != 0) {
$ref_id = db_fetch_result($result, 0, "id");
db_query( "INSERT INTO ttrss_user_entries
db_query("INSERT INTO ttrss_user_entries
(ref_id, uuid, feed_id, orig_feed_id, owner_uid, marked, tag_cache, label_cache,
last_read, note, unread, last_marked)
VALUES
('$ref_id', '', NULL, $orig_feed_id, $owner_uid, $marked, '', '', NOW(), '', false, NOW())");
$result = db_query( "SELECT int_id FROM ttrss_user_entries, ttrss_entries
$result = db_query("SELECT int_id FROM ttrss_user_entries, ttrss_entries
WHERE owner_uid = $owner_uid AND ref_id = id AND ref_id = $ref_id");
if (db_num_rows($result) != 0 && is_array($tags)) {
@ -311,16 +311,16 @@ class GoogleReaderImport extends Plugin {
foreach ($tags as $tag) {
$tag = db_escape_string( sanitize_tag($tag));
$tag = db_escape_string(sanitize_tag($tag));
if (!tag_is_valid($tag)) continue;
$result = db_query( "SELECT id FROM ttrss_tags
$result = db_query("SELECT id FROM ttrss_tags
WHERE tag_name = '$tag' AND post_int_id = '$entry_int_id' AND
owner_uid = '$owner_uid' LIMIT 1");
if ($result && db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_tags
db_query("INSERT INTO ttrss_tags
(owner_uid,tag_name,post_int_id)
VALUES ('$owner_uid','$tag', '$entry_int_id')");
}
@ -331,9 +331,9 @@ class GoogleReaderImport extends Plugin {
/* update the cache */
$tags_to_cache = array_unique($tags_to_cache);
$tags_str = db_escape_string( join(",", $tags_to_cache));
$tags_str = db_escape_string(join(",", $tags_to_cache));
db_query( "UPDATE ttrss_user_entries
db_query("UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$ref_id'
AND owner_uid = $owner_uid");
}
@ -342,7 +342,7 @@ class GoogleReaderImport extends Plugin {
}
}
db_query( "COMMIT");
db_query("COMMIT");
return $rc;
}

40
plugins/import_export/init.php
View File

@ -26,11 +26,11 @@ class Import_Export extends Plugin implements IHandler {
_debug("please enter your username:");
$username = db_escape_string( trim(read_stdin()));
$username = db_escape_string(trim(read_stdin()));
_debug("importing $filename for user $username...\n");
$result = db_query( "SELECT id FROM ttrss_users WHERE login = '$username'");
$result = db_query("SELECT id FROM ttrss_users WHERE login = '$username'");
if (db_num_rows($result) == 0) {
print "error: could not find user $username.\n";
@ -39,11 +39,11 @@ class Import_Export extends Plugin implements IHandler {
$owner_uid = db_fetch_result($result, 0, "id");
$this->perform_data_import( $filename, $owner_uid);
$this->perform_data_import($filename, $owner_uid);
}
function save() {
$example_value = db_escape_string( $_POST["example_value"]);
$example_value = db_escape_string($_POST["example_value"]);
echo "Value set to $example_value (not really)";
}
@ -117,12 +117,12 @@ class Import_Export extends Plugin implements IHandler {
}
function exportrun() {
$offset = (int) db_escape_string( $_REQUEST['offset']);
$offset = (int) db_escape_string($_REQUEST['offset']);
$exported = 0;
$limit = 250;
if ($offset < 10000 && is_writable(CACHE_DIR . "/export")) {
$result = db_query( "SELECT
$result = db_query("SELECT
ttrss_entries.guid,
ttrss_entries.title,
content,
@ -181,7 +181,7 @@ class Import_Export extends Plugin implements IHandler {
print json_encode(array("exported" => $exported));
}
function perform_data_import( $filename, $owner_uid) {
function perform_data_import($filename, $owner_uid) {
$num_imported = 0;
$num_processed = 0;
@ -234,7 +234,7 @@ class Import_Export extends Plugin implements IHandler {
foreach ($article_node->childNodes as $child) {
if ($child->nodeName != 'label_cache')
$article[$child->nodeName] = db_escape_string( $child->nodeValue);
$article[$child->nodeName] = db_escape_string($child->nodeValue);
else
$article[$child->nodeName] = $child->nodeValue;
}
@ -245,11 +245,11 @@ class Import_Export extends Plugin implements IHandler {
++$num_processed;
//db_query( "BEGIN");
//db_query("BEGIN");
//print 'GUID:' . $article['guid'] . "\n";
$result = db_query( "SELECT id FROM ttrss_entries
$result = db_query("SELECT id FROM ttrss_entries
WHERE guid = '".$article['guid']."'");
if (db_num_rows($result) == 0) {
@ -282,7 +282,7 @@ class Import_Export extends Plugin implements IHandler {
'0',
'')");
$result = db_query( "SELECT id FROM ttrss_entries
$result = db_query("SELECT id FROM ttrss_entries
WHERE guid = '".$article['guid']."'");
if (db_num_rows($result) != 0) {
@ -303,7 +303,7 @@ class Import_Export extends Plugin implements IHandler {
$feed = 'NULL';
if ($feed_url && $feed_title) {
$result = db_query( "SELECT id FROM ttrss_feeds
$result = db_query("SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed_url' AND owner_uid = '$owner_uid'");
if (db_num_rows($result) != 0) {
@ -311,10 +311,10 @@ class Import_Export extends Plugin implements IHandler {
} else {
// try autocreating feed in Uncategorized...
$result = db_query( "INSERT INTO ttrss_feeds (owner_uid,
$result = db_query("INSERT INTO ttrss_feeds (owner_uid,
feed_url, title) VALUES ($owner_uid, '$feed_url', '$feed_title')");
$result = db_query( "SELECT id FROM ttrss_feeds
$result = db_query("SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed_url' AND owner_uid = '$owner_uid'");
if (db_num_rows($result) != 0) {
@ -332,7 +332,7 @@ class Import_Export extends Plugin implements IHandler {
//print "$ref_id / $feed / " . $article['title'] . "\n";
$result = db_query( "SELECT int_id FROM ttrss_user_entries
$result = db_query("SELECT int_id FROM ttrss_user_entries
WHERE ref_id = '$ref_id' AND owner_uid = '$owner_uid' AND $feed_qpart");
if (db_num_rows($result) == 0) {
@ -342,7 +342,7 @@ class Import_Export extends Plugin implements IHandler {
$score = (int) $article['score'];
$tag_cache = $article['tag_cache'];
$label_cache = db_escape_string( $article['label_cache']);
$label_cache = db_escape_string($article['label_cache']);
$note = $article['note'];
//print "Importing " . $article['title'] . "<br/>";
@ -362,15 +362,15 @@ class Import_Export extends Plugin implements IHandler {
if (is_array($label_cache) && $label_cache["no-labels"] != 1) {
foreach ($label_cache as $label) {
label_create( $label[1],
label_create($label[1],
$label[2], $label[3], $owner_uid);
label_add_article( $ref_id, $label[1], $owner_uid);
label_add_article($ref_id, $label[1], $owner_uid);
}
}
//db_query( "COMMIT");
//db_query("COMMIT");
}
}
}
@ -438,7 +438,7 @@ class Import_Export extends Plugin implements IHandler {
}
if (is_file($tmp_file)) {
$this->perform_data_import( $tmp_file, $_SESSION['uid']);
$this->perform_data_import($tmp_file, $_SESSION['uid']);
unlink($tmp_file);
} else {
print_error(__('No file uploaded.'));

66
plugins/instances/init.php
View File

@ -37,7 +37,7 @@ class Instances extends Plugin implements IHandler {
// 2 - did not receive valid data
// >10 - server error, code + 10 (e.g. 16 means server error 6)
function get_linked_feeds( $instance_id = false) {
function get_linked_feeds($instance_id = false) {
if ($instance_id)
$instance_qpart = "id = '$instance_id' AND ";
else
@ -49,7 +49,7 @@ class Instances extends Plugin implements IHandler {
$date_qpart = "last_connected < DATE_SUB(NOW(), INTERVAL 6 HOUR)";
}
$result = db_query( "SELECT id, access_key, access_url FROM ttrss_linked_instances
$result = db_query("SELECT id, access_key, access_url FROM ttrss_linked_instances
WHERE $instance_qpart $date_qpart ORDER BY last_connected");
while ($line = db_fetch_assoc($result)) {
@ -77,7 +77,7 @@ class Instances extends Plugin implements IHandler {
// access denied
if ($status == 16) {
db_query( "DELETE FROM ttrss_linked_feeds
db_query("DELETE FROM ttrss_linked_feeds
WHERE instance_id = '$id'");
}
} else {
@ -85,16 +85,16 @@ class Instances extends Plugin implements IHandler {
if (count($feeds['feeds']) > 0) {
db_query( "DELETE FROM ttrss_linked_feeds
db_query("DELETE FROM ttrss_linked_feeds
WHERE instance_id = '$id'");
foreach ($feeds['feeds'] as $feed) {
$feed_url = db_escape_string( $feed['feed_url']);
$title = db_escape_string( $feed['title']);
$subscribers = db_escape_string( $feed['subscribers']);
$site_url = db_escape_string( $feed['site_url']);
$feed_url = db_escape_string($feed['feed_url']);
$title = db_escape_string($feed['title']);
$subscribers = db_escape_string($feed['subscribers']);
$site_url = db_escape_string($feed['site_url']);
db_query( "INSERT INTO ttrss_linked_feeds
db_query("INSERT INTO ttrss_linked_feeds
(feed_url, site_url, title, subscribers, instance_id, created, updated)
VALUES
('$feed_url', '$site_url', '$title', '$subscribers', '$id', NOW(), NOW())");
@ -119,7 +119,7 @@ class Instances extends Plugin implements IHandler {
_debug("Status: $status");
db_query( "UPDATE ttrss_linked_instances SET
db_query("UPDATE ttrss_linked_instances SET
last_status_out = '$status', last_connected = NOW() WHERE id = '$id'");
}
@ -127,7 +127,7 @@ class Instances extends Plugin implements IHandler {
function get_feeds() {
$this->get_linked_feeds( false);
$this->get_linked_feeds(false);
}
function get_prefs_js() {
@ -164,37 +164,37 @@ class Instances extends Plugin implements IHandler {
}
function remove() {
$ids = db_escape_string( $_REQUEST['ids']);
$ids = db_escape_string($_REQUEST['ids']);
db_query( "DELETE FROM ttrss_linked_instances WHERE
db_query("DELETE FROM ttrss_linked_instances WHERE
id IN ($ids)");
}
function add() {
$id = db_escape_string( $_REQUEST["id"]);
$access_url = db_escape_string( $_REQUEST["access_url"]);
$access_key = db_escape_string( $_REQUEST["access_key"]);
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
db_query( "BEGIN");
db_query("BEGIN");
$result = db_query( "SELECT id FROM ttrss_linked_instances
$result = db_query("SELECT id FROM ttrss_linked_instances
WHERE access_url = '$access_url'");
if (db_num_rows($result) == 0) {
db_query( "INSERT INTO ttrss_linked_instances
db_query("INSERT INTO ttrss_linked_instances
(access_url, access_key, last_connected, last_status_in, last_status_out)
VALUES
('$access_url', '$access_key', '1970-01-01', -1, -1)");
}
db_query( "COMMIT");
db_query("COMMIT");
}
function edit() {
$id = db_escape_string( $_REQUEST["id"]);
$id = db_escape_string($_REQUEST["id"]);
$result = db_query( "SELECT * FROM ttrss_linked_instances WHERE
$result = db_query("SELECT * FROM ttrss_linked_instances WHERE
id = '$id'");
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
@ -250,11 +250,11 @@ class Instances extends Plugin implements IHandler {
}
function editSave() {
$id = db_escape_string( $_REQUEST["id"]);
$access_url = db_escape_string( $_REQUEST["access_url"]);
$access_key = db_escape_string( $_REQUEST["access_key"]);
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
db_query( "UPDATE ttrss_linked_instances SET
db_query("UPDATE ttrss_linked_instances SET
access_key = '$access_key', access_url = '$access_url',
last_connected = '1970-01-01'
WHERE id = '$id'");
@ -274,7 +274,7 @@ class Instances extends Plugin implements IHandler {
print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">";
$sort = db_escape_string( $_REQUEST["sort"]);
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "access_url";
@ -295,7 +295,7 @@ class Instances extends Plugin implements IHandler {
print "</div>"; #toolbar
$result = db_query( "SELECT *,
$result = db_query("SELECT *,
(SELECT COUNT(*) FROM ttrss_linked_feeds
WHERE instance_id = ttrss_linked_instances.id) AS num_feeds
FROM ttrss_linked_instances
@ -324,7 +324,7 @@ class Instances extends Plugin implements IHandler {
$id = $line['id'];
$this_row_id = "id=\"LIRR-$id\"";
$line["last_connected"] = make_local_datetime( $line["last_connected"], false);
$line["last_connected"] = make_local_datetime($line["last_connected"], false);
print "<tr class=\"$class\" $this_row_id>";
@ -361,17 +361,17 @@ class Instances extends Plugin implements IHandler {
function fbexport() {
$access_key = db_escape_string( $_POST["key"]);
$access_key = db_escape_string($_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query( "SELECT id FROM ttrss_linked_instances
$result = db_query("SELECT id FROM ttrss_linked_instances
WHERE access_key = '$access_key'");
if (db_num_rows($result) == 1) {
$instance_id = db_fetch_result($result, 0, "id");
$result = db_query( "SELECT feed_url, site_url, title, subscribers
$result = db_query("SELECT feed_url, site_url, title, subscribers
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
$feeds = array();
@ -380,7 +380,7 @@ class Instances extends Plugin implements IHandler {
array_push($feeds, $line);
}
db_query( "UPDATE ttrss_linked_instances SET
db_query("UPDATE ttrss_linked_instances SET
last_status_in = 1 WHERE id = '$instance_id'");
print json_encode(array("feeds" => $feeds));

10
plugins/mail/init.php
View File

@ -28,13 +28,13 @@ class Mail extends Plugin {
function emailArticle() {
$param = db_escape_string( $_REQUEST['param']);
$param = db_escape_string($_REQUEST['param']);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pluginhandler\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"plugin\" value=\"mail\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"sendEmail\">";
$result = db_query( "SELECT email, full_name FROM ttrss_users WHERE
$result = db_query("SELECT email, full_name FROM ttrss_users WHERE
id = " . $_SESSION["uid"]);
$user_email = htmlspecialchars(db_fetch_result($result, 0, "email"));
@ -56,7 +56,7 @@ class Mail extends Plugin {
$tpl->setVariable('USER_EMAIL', $user_email, true);
$tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true);
$result = db_query( "SELECT link, content, title
$result = db_query("SELECT link, content, title
FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND
id IN ($param) AND owner_uid = " . $_SESSION["uid"]);
@ -147,7 +147,7 @@ class Mail extends Plugin {
if (!$rc) {
$reply['error'] = $mail->ErrorInfo;
} else {
save_email_address( db_escape_string($destination));
save_email_address(db_escape_string($destination));
$reply['message'] = "UPDATE_COUNTERS";
}
@ -155,7 +155,7 @@ class Mail extends Plugin {
}
function completeEmails() {
$search = db_escape_string( $_REQUEST["search"]);
$search = db_escape_string($_REQUEST["search"]);
print "<ul>";

4
plugins/mailto/init.php
View File

@ -27,7 +27,7 @@ class MailTo extends Plugin {
function emailArticle() {
$param = db_escape_string( $_REQUEST['param']);
$param = db_escape_string($_REQUEST['param']);
require_once "lib/MiniTemplator.class.php";
@ -41,7 +41,7 @@ class MailTo extends Plugin {
$tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true);
$result = db_query( "SELECT link, content, title
$result = db_query("SELECT link, content, title
FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND
id IN ($param) AND owner_uid = " . $_SESSION["uid"]);

2
plugins/mark_button/init.php
View File

@ -18,7 +18,7 @@ class Mark_Button extends Plugin {
$marked_pic = "";
$id = $line["id"];
if (get_pref( "COMBINED_DISPLAY_MODE")) {
if (get_pref("COMBINED_DISPLAY_MODE")) {
if (sql_bool_to_bool($line["marked"])) {
$marked_pic = "<img
src=\"images/mark_set.svg\"

12
plugins/mobile/article.php
View File

@ -20,13 +20,13 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
$id = db_escape_string( $_REQUEST["id"]);
$feed_id = db_escape_string( $_REQUEST["feed"]);
$cat_id = db_escape_string( $_REQUEST["cat"]);
$is_cat = db_escape_string( $_REQUEST["is_cat"]);
$id = db_escape_string($_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["feed"]);
$cat_id = db_escape_string($_REQUEST["cat"]);
$is_cat = db_escape_string($_REQUEST["is_cat"]);
render_article( $id, $feed_id, $cat_id, $is_cat);
render_article($id, $feed_id, $cat_id, $is_cat);
?>

24
plugins/mobile/backend.php
View File

@ -31,28 +31,28 @@
switch ($op) {
case "toggleMarked":
$cmode = db_escape_string( $_REQUEST["mark"]);
$id = db_escape_string( $_REQUEST["id"]);
$cmode = db_escape_string($_REQUEST["mark"]);
$id = db_escape_string($_REQUEST["id"]);
markArticlesById( array($id), $cmode);
markArticlesById(array($id), $cmode);
break;
case "togglePublished":
$cmode = db_escape_string( $_REQUEST["pub"]);
$id = db_escape_string( $_REQUEST["id"]);
$cmode = db_escape_string($_REQUEST["pub"]);
$id = db_escape_string($_REQUEST["id"]);
publishArticlesById( array($id), $cmode);
publishArticlesById(array($id), $cmode);
break;
case "toggleUnread":
$cmode = db_escape_string( $_REQUEST["unread"]);
$id = db_escape_string( $_REQUEST["id"]);
$cmode = db_escape_string($_REQUEST["unread"]);
$id = db_escape_string($_REQUEST["id"]);
catchupArticlesById( array($id), $cmode);
catchupArticlesById(array($id), $cmode);
break;
case "setPref":
$id = db_escape_string( $_REQUEST["id"]);
$value = db_escape_string( $_REQUEST["to"]);
mobile_set_pref( $id, $value);
$id = db_escape_string($_REQUEST["id"]);
$value = db_escape_string($_REQUEST["to"]);
mobile_set_pref($id, $value);
print_r($_SESSION);
break;
default:

6
plugins/mobile/cat.php
View File

@ -20,10 +20,10 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
$cat_id = db_escape_string( $_REQUEST["id"]);
$cat_id = db_escape_string($_REQUEST["id"]);
render_category( $cat_id);
render_category($cat_id);
?>

14
plugins/mobile/feed.php
View File

@ -20,14 +20,14 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
$feed_id = db_escape_string( $_REQUEST["id"]);
$cat_id = db_escape_string( $_REQUEST["cat"]);
$offset = (int) db_escape_string( $_REQUEST["skip"]);
$search = db_escape_string( $_REQUEST["search"]);
$is_cat = (bool) db_escape_string( $_REQUEST["is_cat"]);
$feed_id = db_escape_string($_REQUEST["id"]);
$cat_id = db_escape_string($_REQUEST["cat"]);
$offset = (int) db_escape_string($_REQUEST["skip"]);
$search = db_escape_string($_REQUEST["search"]);
$is_cat = (bool) db_escape_string($_REQUEST["is_cat"]);
render_headlines_list( $feed_id, $cat_id, $offset, $search, $is_cat);
render_headlines_list($feed_id, $cat_id, $offset, $search, $is_cat);
?>

8
plugins/mobile/home.php
View File

@ -20,14 +20,14 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
$use_cats = mobile_get_pref( 'ENABLE_CATS');
$offset = (int) db_escape_string( $_REQUEST["skip"]);
$use_cats = mobile_get_pref('ENABLE_CATS');
$offset = (int) db_escape_string($_REQUEST["skip"]);
if ($use_cats) {
render_categories_list($link);
} else {
render_flat_feed_list( $offset);
render_flat_feed_list($offset);
}
?>

8
plugins/mobile/index.php
View File

@ -20,7 +20,7 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
@ -76,13 +76,13 @@
</div>
<?php
$use_cats = mobile_get_pref( 'ENABLE_CATS');
$offset = (int) db_escape_string( $_REQUEST["skip"]);
$use_cats = mobile_get_pref('ENABLE_CATS');
$offset = (int) db_escape_string($_REQUEST["skip"]);
if ($use_cats) {
render_categories_list($link);
} else {
render_flat_feed_list( $offset);
render_flat_feed_list($offset);
}
?>

90
plugins/mobile/mobile-functions.php
View File

@ -8,34 +8,34 @@
/* TODO replace with interface to db-prefs */
function mobile_pref_toggled( $id) {
if (get_pref( "_MOBILE_$id"))
function mobile_pref_toggled($id) {
if (get_pref("_MOBILE_$id"))
return "true";
else
return "";
}
function mobile_get_pref( $id) {
function mobile_get_pref($id) {
//return $_SESSION["mobile-prefs"][$id];
return get_pref( "_MOBILE_$id");
return get_pref("_MOBILE_$id");
}
function mobile_set_pref( $id, $value) {
function mobile_set_pref($id, $value) {
//$_SESSION["mobile-prefs"][$id] = $value;
return set_pref( "_MOBILE_$id", $value);
return set_pref("_MOBILE_$id", $value);
}
function mobile_feed_has_icon($id) {
return file_exists("../../".ICONS_DIR."/$id.ico");
}
function render_flat_feed_list( $offset) {
function render_flat_feed_list($offset) {
$owner_uid = $_SESSION["uid"];
$limit = 0;
if (!$offset) $offset = 0;
if (mobile_get_pref( "SORT_FEEDS_UNREAD")) {
if (mobile_get_pref("SORT_FEEDS_UNREAD")) {
$order_by = "unread DESC, title";
} else {
$order_by = "title";
@ -47,7 +47,7 @@
$limit_qpart = "";
}
$result = db_query( "SELECT id,
$result = db_query("SELECT id,
title,
(SELECT COUNT(id) FROM ttrss_entries,ttrss_user_entries
WHERE feed_id = ttrss_feeds.id AND unread = true
@ -85,7 +85,7 @@
$icon_url = "../../images/blank_icon.gif";
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
print "<li class='$class'><a href='feed.php?id=$id'>" .
"<img class='tinyIcon' src='$icon_url'/>".
$line["title"] . "</a></li>";
@ -103,7 +103,7 @@
}
function render_category( $cat_id, $offset) {
function render_category($cat_id, $offset) {
$owner_uid = $_SESSION["uid"];
if ($cat_id >= 0) {
@ -114,13 +114,13 @@
$cat_query = "cat_id IS NULL";
}
if (mobile_get_pref( "SORT_FEEDS_UNREAD")) {
if (mobile_get_pref("SORT_FEEDS_UNREAD")) {
$order_by = "unread DESC, title";
} else {
$order_by = "title";
}
$result = db_query( "SELECT id,
$result = db_query("SELECT id,
title,
(SELECT COUNT(id) FROM ttrss_entries,ttrss_user_entries
WHERE feed_id = ttrss_feeds.id AND unread = true
@ -132,7 +132,7 @@
$cat_query
ORDER BY $order_by");
$title = getCategoryTitle( $cat_id);
$title = getCategoryTitle($cat_id);
print "<ul id='cat-$cat_id' title='$title' myBackLabel='".__("Home")."'
myBackHref='home.php'>";
@ -158,7 +158,7 @@
$icon_url = "../../images/blank_icon.gif";
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
print "<li class='$class'><a href='feed.php?id=$id&cat=$cat_id'>" .
"<img class='tinyIcon' src='$icon_url'/>".
$line["title"] . "</a></li>";
@ -174,8 +174,8 @@
myBackHref='home.php'>";
foreach (array(-4, -3, -1, -2, 0) as $id) {
$title = getFeedTitle( $id);
$unread = getFeedUnread( $id, false);
$title = getFeedTitle($id);
$unread = getFeedUnread($id, false);
$icon = getFeedIcon($id);
if ($unread > 0) {
@ -185,7 +185,7 @@
$class = 'oldItem';
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
print "<li class='$class'>
<a href='feed.php?id=$id&cat=-1'>
<img class='tinyIcon' src='../$icon'/>$title</a></li>";
@ -200,7 +200,7 @@
print "<ul id='cat--2' title='$title' myBackLabel='".__("Home")."'
myBackHref='home.php'>";
$result = db_query( "SELECT id, caption FROM ttrss_labels2
$result = db_query("SELECT id, caption FROM ttrss_labels2
WHERE owner_uid = '$owner_uid'");
$label_data = array();
@ -209,7 +209,7 @@
$id = label_to_feed_id($line["id"]);
$unread = getFeedUnread( $id);
$unread = getFeedUnread($id);
$title = $line["caption"];
if ($unread > 0) {
@ -219,7 +219,7 @@
$class = 'oldItem';
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
print "<li class='$class'>
<a href='feed.php?id=$id&cat=-2'>$title</a></li>";
}
@ -231,7 +231,7 @@
function render_categories_list($link) {
$owner_uid = $_SESSION["uid"];
$cat_browse = mobile_get_pref( "BROWSE_CATS");
$cat_browse = mobile_get_pref("BROWSE_CATS");
print '<ul id="home" title="'.__('Home').'" selected="true"
myBackLabel="'.__('Logout').'" myBackHref="logout.php" myBackTarget="_self">';
@ -239,8 +239,8 @@
// print "<li><a href='#searchForm'>Search...</a></li>";
foreach (array(-1, -2) as $id) {
$title = getCategoryTitle( $id);
$unread = getFeedUnread( $id, true);
$title = getCategoryTitle($id);
$unread = getFeedUnread($id, true);
if ($unread > 0) {
$title = $title . " ($unread)";
$class = '';
@ -254,7 +254,7 @@
print "<li class='$class'><a href='feed.php?id=$id&is_cat=true'>$title</a></li>";
}
$result = db_query( "SELECT
$result = db_query("SELECT
ttrss_feed_categories.id,
ttrss_feed_categories.title,
COUNT(ttrss_feeds.id) AS num_feeds
@ -269,7 +269,7 @@
if ($line["num_feeds"] > 0) {
$unread = getFeedUnread( $line["id"], true);
$unread = getFeedUnread($line["id"], true);
$id = $line["id"];
if ($unread > 0) {
@ -279,7 +279,7 @@
$class = 'oldItem';
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
if ($cat_browse)
print "<li class='$class'><a href='cat.php?id=$id'>" .
@ -292,13 +292,13 @@
}
$result = db_query( "SELECT COUNT(*) AS nf FROM ttrss_feeds WHERE
$result = db_query("SELECT COUNT(*) AS nf FROM ttrss_feeds WHERE
cat_id IS NULL and owner_uid = '$owner_uid'");
$num_feeds = db_fetch_result($result, 0, "nf");
if ($num_feeds > 0) {
$unread = getFeedUnread( 0, true);
$unread = getFeedUnread(0, true);
$title = "Uncategorized";
if ($unread > 0) {
@ -308,7 +308,7 @@
$class = 'oldItem';
}
if ($unread > 0 || !mobile_get_pref( "HIDE_READ")) {
if ($unread > 0 || !mobile_get_pref("HIDE_READ")) {
if ($cat_browse)
print "<li class='$class'><a href='cat.php?id=0'>$title</a></li>";
else
@ -320,14 +320,14 @@
print "</ul>";
}
function render_headlines_list( $feed_id, $cat_id, $offset, $search,
function render_headlines_list($feed_id, $cat_id, $offset, $search,
$is_cat = false) {
$feed_id = $feed_id;
$limit = 15;
$filter = '';
if (!mobile_get_pref( "HIDE_READ"))
if (!mobile_get_pref("HIDE_READ"))
$view_mode = "all_articles";
else
$view_mode = 'adaptive';
@ -338,9 +338,9 @@
$search_mode = '';
}
$qfh_ret = queryFeedHeadlines( $feed_id, $limit,
$qfh_ret = queryFeedHeadlines($feed_id, $limit,
$view_mode, $is_cat, $search, $search_mode,
"score DESC, date_entered ".(mobile_get_pref( 'REVERSE_HEADLINES') ? 'ASC' : 'DESC'), $offset);
"score DESC, date_entered ".(mobile_get_pref('REVERSE_HEADLINES') ? 'ASC' : 'DESC'), $offset);
$result = $qfh_ret[0];
$feed_title = $qfh_ret[1];
@ -364,7 +364,7 @@
</form>";
if ($cat_id) {
$cat_title = getCategoryTitle( $cat_id);
$cat_title = getCategoryTitle($cat_id);
print "<ul id=\"feed-$feed_id\" title=\"$feed_title\" selected=\"true\"
myBackLabel='$cat_title' myBackHref='cat.php?id=$cat_id'>";
@ -413,7 +413,7 @@
// print "<a target='_replace' href='feed.php?id=$feed_id&cat=$cat_id&skip=0'>Next $limit articles...</a>";
$next_offset = $offset + $num_headlines;
$num_unread = getFeedUnread( $feed_id, $is_cat);
$num_unread = getFeedUnread($feed_id, $is_cat);
/* FIXME needs normal implementation */
@ -435,7 +435,7 @@
}
function render_article( $id, $feed_id, $cat_id, $is_cat) {
function render_article($id, $feed_id, $cat_id, $is_cat) {
$query = "SELECT title,link,content,feed_id,comments,int_id,
marked,unread,published,
@ -445,33 +445,33 @@
WHERE id = '$id' AND ref_id = id AND owner_uid = " .
$_SESSION["uid"] ;
$result = db_query( $query);
$result = db_query($query);
if (db_num_rows($result) != 0) {
$line = db_fetch_assoc($result);
$tmp_result = db_query( "UPDATE ttrss_user_entries
$tmp_result = db_query("UPDATE ttrss_user_entries
SET unread = false,last_read = NOW()
WHERE ref_id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$updated_fmt = make_local_datetime( $line['updated'], false);
$updated_fmt = make_local_datetime($line['updated'], false);
$title = $line["title"];
$article_link = $line["link"];
if (!$is_cat)
$feed_title = getFeedTitle( $feed_id);
$feed_title = getFeedTitle($feed_id);
else
$feed_title = getCategoryTitle( $feed_id);
$feed_title = getCategoryTitle($feed_id);
print "<div class=\"panel\" id=\"article-$id\" title=\"$title\"
selected=\"true\"
myBackLabel='$feed_title' myBackHref='feed.php?id=$feed_id&cat=$cat_id&is_cat=$is_cat'>";
if ($line['feed_id'] != $feed_id) {
$real_feed_title = getFeedTitle( $line['feed_id']);
$real_feed_title = getFeedTitle($line['feed_id']);
$real_feed_id = $line['feed_id'];
$feed_link = "(<a href=\"feed.php?id=$real_feed_id\">$real_feed_title</a>)";
}
@ -497,10 +497,10 @@
// print "</fieldset>";
$content = sanitize( $line["content"]);
$content = sanitize($line["content"]);
$content = preg_replace("/href=/i", "target=\"_blank\" href=", $content);
if (!mobile_get_pref( "SHOW_IMAGES")) {
if (!mobile_get_pref("SHOW_IMAGES")) {
$content = preg_replace('/<img[^>]+>/is', '', $content);
}

14
plugins/mobile/prefs.php
View File

@ -22,7 +22,7 @@
init_plugins($link);
login_sequence( true);
login_sequence(true);
?>
<div class="panel" id="prefs" selected="yes" title="Preferences"
@ -32,33 +32,33 @@
<div class="row">
<label><?php echo __('Enable categories') ?></label>
<div class="toggle" id="ENABLE_CATS" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "ENABLE_CATS") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="ENABLE_CATS" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("ENABLE_CATS") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
<div class="row">
<label><?php echo __('Browse categories like folders') ?></label>
<div class="toggle" id="BROWSE_CATS" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "BROWSE_CATS") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="BROWSE_CATS" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("BROWSE_CATS") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
<div class="row">
<label><?php echo __('Show images in posts') ?></label>
<div class="toggle" id="SHOW_IMAGES" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "SHOW_IMAGES") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="SHOW_IMAGES" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("SHOW_IMAGES") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
<div class="row">
<label><?php echo __('Hide read articles and feeds') ?></label>
<div class="toggle" id="HIDE_READ" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "HIDE_READ") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="HIDE_READ" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("HIDE_READ") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
<div class="row">
<label><?php echo __('Sort feeds by unread count') ?></label>
<div class="toggle" id="SORT_FEEDS_UNREAD" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "SORT_FEEDS_UNREAD") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="SORT_FEEDS_UNREAD" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("SORT_FEEDS_UNREAD") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
<div class="row">
<label><?php echo __('Reverse headline order (oldest first)') ?></label>
<div class="toggle" id="REVERSE_HEADLINES" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled( "REVERSE_HEADLINES") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
<div class="toggle" id="REVERSE_HEADLINES" onclick="setPref(this)" toggled="<?php echo mobile_pref_toggled("REVERSE_HEADLINES") ?>"><span class="thumb"></span><span class="toggleOn"><?php echo __('ON') ?></span><span class="toggleOff"><?php echo __('OFF') ?></span></div>
</div>
</fieldset>

10
plugins/note/init.php
View File

@ -27,9 +27,9 @@ class Note extends Plugin {
}
function edit() {
$param = db_escape_string( $_REQUEST['param']);
$param = db_escape_string($_REQUEST['param']);
$result = db_query( "SELECT note FROM ttrss_user_entries WHERE
$result = db_query("SELECT note FROM ttrss_user_entries WHERE
ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
$note = db_fetch_result($result, 0, "note");
@ -56,10 +56,10 @@ class Note extends Plugin {
}
function setNote() {
$id = db_escape_string( $_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string( $_REQUEST["note"])));
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
db_query( "UPDATE ttrss_user_entries SET note = '$note'
db_query("UPDATE ttrss_user_entries SET note = '$note'
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$formatted_note = format_article_note($id, $note);

2
plugins/nsfw/init.php
View File

@ -88,7 +88,7 @@ class NSFW extends Plugin {
}
function save() {
$tags = explode(",", db_escape_string( $_POST["tags"]));
$tags = explode(",", db_escape_string($_POST["tags"]));
$tags = array_map("trim", $tags);
$tags = array_map("mb_strtolower", $tags);
$tags = join(", ", $tags);

14
plugins/share/init.php
View File

@ -26,9 +26,9 @@ class Share extends Plugin {
}
function shareArticle() {
$param = db_escape_string( $_REQUEST['param']);
$param = db_escape_string($_REQUEST['param']);
$result = db_query( "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
$result = db_query("SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
if (db_num_rows($result) == 0) {
@ -39,8 +39,8 @@ class Share extends Plugin {
$ref_id = db_fetch_result($result, 0, "ref_id");
if (!$uuid) {
$uuid = db_escape_string( sha1(uniqid(rand(), true)));
db_query( "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
$uuid = db_escape_string(sha1(uniqid(rand(), true)));
db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param'
AND owner_uid = " . $_SESSION['uid']);
}
@ -53,10 +53,10 @@ class Share extends Plugin {
print "<a id='pub_opml_url' href='$url_path' target='_blank'>$url_path</a>";
print "</div>";
/* if (!label_find_id( __('Shared'), $_SESSION["uid"]))
label_create( __('Shared'), $_SESSION["uid"]);
/* if (!label_find_id(__('Shared'), $_SESSION["uid"]))
label_create(__('Shared'), $_SESSION["uid"]);
label_add_article( $ref_id, __('Shared'), $_SESSION['uid']); */
label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */
}
print "<div align='center'>";

10
plugins/updater/init.php
View File

@ -20,7 +20,7 @@ class Updater extends Plugin {
$this);
}
function update_self_step( $step, $params, $force = false) {
function update_self_step($step, $params, $force = false) {
// __FILE__ is in plugins/updater so we need to go one level up
$work_dir = dirname(dirname(dirname(__FILE__)));
$parent_dir = dirname($work_dir);
@ -277,13 +277,13 @@ class Updater extends Plugin {
return array("step" => $step, "stop" => $stop, "params" => $params, "log" => $log);
}
function update_self_cli( $force = false) {
function update_self_cli($force = false) {
$step = 0;
$stop = false;
$params = array();
while (!$stop) {
$rc = $this->update_self_step( $step, $params, $force);
$rc = $this->update_self_step($step, $params, $force);
$params = $rc['params'];
$stop = $rc['stop'];
@ -307,7 +307,7 @@ class Updater extends Plugin {
if ($input != 'yes' && $input != 'force')
exit;
$this->update_self_cli( $input == 'force');
$this->update_self_cli($input == 'force');
}
function get_prefs_js() {
@ -376,7 +376,7 @@ class Updater extends Plugin {
$force = (bool) $_REQUEST["force"];
if (($_SESSION["access_level"] >= 10 || SINGLE_USER_MODE) && CHECK_FOR_NEW_VERSION) {
print json_encode($this->update_self_step( $step, $params, $force));
print json_encode($this->update_self_step($step, $params, $force));
}
}