From b4e75b2a25d0a30d77b2160c8195835c9816cfe0 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Tue, 29 Dec 2009 18:49:27 +0300 Subject: [PATCH] use POST parameters for frontend requests --- api/index.php | 2 +- backend.php | 74 ++++++++--------- feedlist.js | 19 +++-- functions.js | 30 ++++--- functions.php | 102 +++++++++++------------ manifest.json.php | 3 +- modules/backend-rpc.php | 52 ++++++------ modules/help.php | 6 +- modules/popup-dialog.php | 10 +-- modules/pref-feeds.php | 28 +++---- modules/pref-filters.php | 52 ++++++------ modules/pref-labels.php | 12 +-- modules/pref-prefs.php | 2 +- modules/pref-users.php | 18 ++-- offline.js | 12 +-- prefs.js | 173 +++++++++++++++++++++++---------------- tt-rss.js | 66 +++++++++------ viewfeed.js | 101 ++++++++++++----------- 18 files changed, 412 insertions(+), 350 deletions(-) diff --git a/api/index.php b/api/index.php index dc3d183f8..0e07abb4b 100644 --- a/api/index.php +++ b/api/index.php @@ -269,7 +269,7 @@ break; case "updateArticle": - $article_id = (int) db_escape_string($_GET["article_id"]); + $article_id = (int) db_escape_string($_REQUEST["article_id"]); $mode = (int) db_escape_string($_REQUEST["mode"]); $field_raw = (int)db_escape_string($_REQUEST["field"]); diff --git a/backend.php b/backend.php index b83c4ff2a..f6e7acc79 100644 --- a/backend.php +++ b/backend.php @@ -4,7 +4,7 @@ /* remove ill effects of magic quotes */ if (get_magic_quotes_gpc()) { - $_GET = array_map('stripslashes', $_GET); + $_REQUEST = array_map('stripslashes', $_REQUEST); $_POST = array_map('stripslashes', $_POST); $_REQUEST = array_map('stripslashes', $_REQUEST); $_COOKIE = array_map('stripslashes', $_COOKIE); @@ -13,7 +13,7 @@ require_once "sessions.php"; require_once "modules/backend-rpc.php"; -/* if ($_GET["debug"]) { +/* if ($_REQUEST["debug"]) { define('DEFAULT_ERROR_LEVEL', E_ALL); } else { define('DEFAULT_ERROR_LEVEL', E_ERROR | E_WARNING | E_PARSE); @@ -159,9 +159,9 @@ ob_start("ob_gzhandler"); } - $tags = $_GET["tags"]; + $tags = $_REQUEST["tags"]; - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; switch($subop) { case "catchupAll": @@ -172,7 +172,7 @@ break; case "collapse": - $cat_id = db_escape_string($_GET["cid"]); + $cat_id = db_escape_string($_REQUEST["cid"]); toggle_collapse_cat($link, $cat_id); return; break; @@ -184,7 +184,7 @@ break; case "catsort": - $corder = db_escape_string($_GET["corder"]); + $corder = db_escape_string($_REQUEST["corder"]); $cats = split(",", $corder); @@ -210,12 +210,12 @@ case "view": - $id = db_escape_string($_GET["id"]); - $cids = split(",", db_escape_string($_GET["cids"])); - $mode = db_escape_string($_GET["mode"]); - $omode = db_escape_string($_GET["omode"]); + $id = db_escape_string($_REQUEST["id"]); + $cids = split(",", db_escape_string($_REQUEST["cids"])); + $mode = db_escape_string($_REQUEST["mode"]); + $omode = db_escape_string($_REQUEST["omode"]); - $csync = $_GET["csync"]; + $csync = $_REQUEST["csync"]; print ""; @@ -259,20 +259,20 @@ print ""; - if ($_GET["debug"]) $timing_info = print_checkpoint("0", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - $omode = db_escape_string($_GET["omode"]); + $omode = db_escape_string($_REQUEST["omode"]); - $feed = db_escape_string($_GET["feed"]); - $subop = db_escape_string($_GET["subop"]); - $view_mode = db_escape_string($_GET["view_mode"]); - $limit = db_escape_string($_GET["limit"]); - $cat_view = db_escape_string($_GET["cat"]); - $next_unread_feed = db_escape_string($_GET["nuf"]); - $offset = db_escape_string($_GET["skip"]); - $vgroup_last_feed = db_escape_string($_GET["vgrlf"]); - $csync = $_GET["csync"]; - $order_by = db_escape_string($_GET["order_by"]); + $feed = db_escape_string($_REQUEST["feed"]); + $subop = db_escape_string($_REQUEST["subop"]); + $view_mode = db_escape_string($_REQUEST["view_mode"]); + $limit = db_escape_string($_REQUEST["limit"]); + $cat_view = db_escape_string($_REQUEST["cat"]); + $next_unread_feed = db_escape_string($_REQUEST["nuf"]); + $offset = db_escape_string($_REQUEST["skip"]); + $vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); + $csync = $_REQUEST["csync"]; + $order_by = db_escape_string($_REQUEST["order_by"]); /* Updating a label ccache means recalculating all of the caches * so for performance reasons we don't do that here */ @@ -345,7 +345,7 @@ print ""; printf("", $disable_cache); - if ($_GET["debug"]) $timing_info = print_checkpoint("10", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("10", $timing_info); if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) { print ""; @@ -355,7 +355,7 @@ print ""; } - if ($_GET["debug"]) $timing_info = print_checkpoint("20", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info); // if (get_pref($link, "SYNC_COUNTERS") || @@ -375,7 +375,7 @@ } } - if ($_GET["debug"]) $timing_info = print_checkpoint("30", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info); print_runtime_info($link); @@ -432,8 +432,8 @@ break; // pref-feed-browser case "publish": - $key = db_escape_string($_GET["key"]); - $limit = (int)db_escape_string($_GET["limit"]); + $key = db_escape_string($_REQUEST["key"]); + $limit = (int)db_escape_string($_REQUEST["limit"]); $result = db_query($link, "SELECT login, owner_uid FROM ttrss_user_prefs, ttrss_users WHERE @@ -453,15 +453,15 @@ break; // publish case "rss": - $feed = db_escape_string($_GET["id"]); - $user = db_escape_string($_GET["user"]); - $pass = db_escape_string($_GET["pass"]); - $is_cat = $_GET["is_cat"] != false; - $limit = (int)db_escape_string($_GET["limit"]); + $feed = db_escape_string($_REQUEST["id"]); + $user = db_escape_string($_REQUEST["user"]); + $pass = db_escape_string($_REQUEST["pass"]); + $is_cat = $_REQUEST["is_cat"] != false; + $limit = (int)db_escape_string($_REQUEST["limit"]); - $search = db_escape_string($_GET["q"]); - $match_on = db_escape_string($_GET["m"]); - $search_mode = db_escape_string($_GET["smode"]); + $search = db_escape_string($_REQUEST["q"]); + $match_on = db_escape_string($_REQUEST["m"]); + $search_mode = db_escape_string($_REQUEST["smode"]); if (SINGLE_USER_MODE) { authenticate_user($link, "admin", null); @@ -480,7 +480,7 @@ break; // rss case "getUnread": - $login = db_escape_string($_GET["login"]); + $login = db_escape_string($_REQUEST["login"]); header("Content-Type: text/plain; charset=utf-8"); diff --git a/feedlist.js b/feedlist.js index f0cb73f77..008f0297f 100644 --- a/feedlist.js +++ b/feedlist.js @@ -172,7 +172,7 @@ function viewfeed(feed, subop, is_cat, subop_param, skip_history, offset) { toolbar_form.query.value = ""; } - var query = "backend.php?op=viewfeed&feed=" + feed + "&" + + var query = "?op=viewfeed&feed=" + feed + "&" + toolbar_query + "&subop=" + param_escape(subop); if ($("search_form")) { @@ -349,7 +349,8 @@ function viewfeed(feed, subop, is_cat, subop_param, skip_history, offset) { } } - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { headlines_callback2(transport, page_offset); } }); @@ -392,8 +393,9 @@ function toggleCollapseCat(cat) { Effect.toggle('FCATLIST-' + cat, 'blind', { duration: 0.5, afterFinish: toggleCollapseCat_af }); - new Ajax.Request("backend.php?op=feeds&subop=collapse&cid=" + - param_escape(cat)); + new Ajax.Request("backend.php", + { parameters: "backend.php?op=feeds&subop=collapse&cid=" + + param_escape(cat) } ); local_collapse_cat(cat); @@ -417,12 +419,12 @@ function feedlist_dragsorted(ctr) { if (ordered_cats.length > 0) { - var query = "backend.php?op=feeds&subop=catsort&corder=" + + var query = "?op=feeds&subop=catsort&corder=" + param_escape(ordered_cats.toString()); debug(query); - new Ajax.Request(query); + new Ajax.Request("backend.php", { parameters: query }); } } catch (e) { @@ -663,7 +665,7 @@ function request_counters_real() { debug("requesting counters..."); - var query = "backend.php?op=rpc&subop=getAllCounters"; + var query = "?op=rpc&subop=getAllCounters"; if (tagsAreDisplayed()) { query = query + "&omode=tl"; @@ -671,7 +673,8 @@ function request_counters_real() { query = query + "&omode=flc"; } - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { try { all_counters_callback2(transport, true); diff --git a/functions.js b/functions.js index 78569c074..3c7971558 100644 --- a/functions.js +++ b/functions.js @@ -1319,10 +1319,11 @@ function displayDlg(id, param) { disableHotkeys(); - var query = "backend.php?op=dlg&id=" + + var query = "?op=dlg&id=" + param_escape(id) + "¶m=" + param_escape(param); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function (transport) { infobox_callback2(transport); } }); @@ -1656,9 +1657,10 @@ function filterDlgCheckDate() { var reg_exp = form.reg_exp.value; - var query = "backend.php?op=rpc&subop=checkDate&date=" + reg_exp; + var query = "?op=rpc&subop=checkDate&date=" + reg_exp; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { var form = document.forms["filter_add_form"]; @@ -1733,7 +1735,7 @@ function openArticleInNewWindow(id) { try { debug("openArticleInNewWindow: " + id); - var query = "backend.php?op=rpc&subop=getArticleLink&id=" + id; + var query = "?op=rpc&subop=getArticleLink&id=" + id; var wname = "ttrss_article_" + id; debug(query + " " + wname); @@ -1742,7 +1744,8 @@ function openArticleInNewWindow(id) { if (!w) notify_error("Failed to open window for the article"); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { open_article_callback(transport); } }); @@ -1810,10 +1813,11 @@ function labelTest() { notify_progress("Loading, please wait..."); - var query = "backend.php?op=pref-labels&subop=test&expr=" + + var query = "?op=pref-labels&subop=test&expr=" + param_escape(sql_exp) + "&descr=" + param_escape(description); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function (transport) { labeltest_callback(transport); } }); @@ -2047,7 +2051,7 @@ function getSelectedFeedsFromBrowser() { function updateFeedBrowser() { try { - var query = "backend.php?op=rpc&subop=feedBrowser"; + var query = "?op=rpc&subop=feedBrowser"; var search = $("feed_browser_search"); var limit = $("feed_browser_limit"); @@ -2064,7 +2068,8 @@ function updateFeedBrowser() { Element.show('feed_browser_spinner'); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { notify(''); @@ -2099,11 +2104,12 @@ function browseFeeds(limit) { try { - var query = "backend.php?op=pref-feeds&subop=browse"; + var query = "?op=pref-feeds&subop=browse"; notify_progress("Loading, please wait...", true); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); diff --git a/functions.php b/functions.php index 1e73dcc85..5657e04c9 100644 --- a/functions.php +++ b/functions.php @@ -1,6 +1,6 @@ set_output_encoding('UTF-8'); if (SIMPLEPIE_CACHE_IMAGES && $cache_images) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("enabling image cache"); } $rss->set_image_handler('./image.php', 'i'); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("feed update interval (sec): " . get_feed_update_interval($link, $feed)*60); } @@ -632,7 +632,7 @@ // print_r($rss); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: fetch done, parsing..."); } else { error_reporting (DEFAULT_ERROR_LEVEL); @@ -648,7 +648,7 @@ if ($fetch_ok) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: processing feed data..."); } @@ -670,7 +670,7 @@ } if (get_pref($link, 'ENABLE_FEED_ICONS', $owner_uid, false)) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: checking favicon..."); } @@ -685,7 +685,7 @@ $feed_title = db_escape_string($rss->channel["title"]); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: registering title: $feed_title"); } @@ -716,7 +716,7 @@ db_query($link, "UPDATE ttrss_feeds SET icon_url = '$icon_url' WHERE id = '$feed'"); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: loading filters..."); } @@ -738,7 +738,7 @@ // clear any errors and mark feed as updated if fetched okay // even if it's blank - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: entry iterator is not an array, no articles?"); } @@ -748,13 +748,13 @@ return; // no articles } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: processing articles..."); } foreach ($iterator as $item) { - if ($_GET['xdebug'] == 2) { + if ($_REQUEST['xdebug'] == 2) { print_r($item); } @@ -772,7 +772,7 @@ if (!$entry_guid) $entry_guid = make_guid_from_title($item["title"]); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: guid $entry_guid"); } @@ -802,7 +802,7 @@ $entry_timestamp_fmt = strftime("%Y/%m/%d %H:%M:%S", $entry_timestamp); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: date $entry_timestamp [$entry_timestamp_fmt]"); } @@ -820,7 +820,7 @@ if (!$entry_link) $entry_link = $item["link"]; } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: title $entry_title"); } @@ -856,7 +856,7 @@ } } - if ($_GET["xdebug"] == 2) { + if ($_REQUEST["xdebug"] == 2) { print "update_rss_feed: content: "; print_r(htmlspecialchars($entry_content)); } @@ -934,7 +934,7 @@ } } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: category tags:"); print_r($additional_tags); } @@ -1049,7 +1049,7 @@ $entry_content = sanitize_article_content($entry_content); $entry_title = sanitize_article_content($entry_title); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); } @@ -1057,7 +1057,7 @@ if (db_num_rows($result) == 0) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: base guid not found"); } @@ -1116,7 +1116,7 @@ if (db_num_rows($result) == 1) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: base guid found, checking for user record"); } @@ -1144,7 +1144,7 @@ $article_filters = get_article_filters($filters, $entry_title, $entry_content, $entry_link, $entry_timestamp); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: article filters: "); if (count($article_filters) != 0) { print_r($article_filters); @@ -1160,7 +1160,7 @@ $score = calculate_article_score($article_filters); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: initial score: $score"); } @@ -1168,14 +1168,14 @@ ref_id = '$ref_id' AND owner_uid = '$owner_uid' $dupcheck_qpart"; -// if ($_GET["xdebug"]) print "$query\n"; +// if ($_REQUEST["xdebug"]) print "$query\n"; $result = db_query($link, $query); // okay it doesn't exist - create user entry if (db_num_rows($result) == 0) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: user record not found, creating..."); } @@ -1215,7 +1215,7 @@ $entry_int_id = db_fetch_result($result, 0, "int_id"); } } else { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: user record FOUND"); } @@ -1223,7 +1223,7 @@ $entry_int_id = db_fetch_result($result, 0, "int_id"); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: RID: $entry_ref_id, IID: $entry_int_id"); } @@ -1278,18 +1278,18 @@ db_query($link, "COMMIT"); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: assigning labels..."); } assign_article_to_labels($link, $entry_ref_id, $article_filters, $owner_uid); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: looking for enclosures..."); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { print_r($enclosures); } @@ -1312,7 +1312,7 @@ db_query($link, "COMMIT"); - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: looking for tags..."); } @@ -1359,7 +1359,7 @@ // print "

TAGS: "; print_r($entry_tags); print "

"; - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { print_r($entry_tags); } @@ -1391,20 +1391,20 @@ db_query($link, "COMMIT"); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: article processed"); } } if (!$last_updated) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: new feed, catching it up..."); } catchup_feed($link, $feed, false, $owner_uid); } if (!$hidden) { - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: updating counters cache..."); } @@ -1427,7 +1427,7 @@ $error_msg = mb_substr(magpie_error(), 0, 250); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: error fetching feed: $error_msg"); } @@ -1442,7 +1442,7 @@ unset($rss); } - if (defined('DAEMON_EXTENDED_DEBUG') || $_GET['xdebug']) { + if (defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']) { _debug("update_rss_feed: done"); } @@ -3520,7 +3520,7 @@ $query_strategy_part ORDER BY $order_by $limit_query_part $offset_query_part"; - if ($_GET["debug"]) print $query; + if ($_REQUEST["debug"]) print $query; $result = db_query($link, $query); @@ -4339,7 +4339,7 @@ $result = db_query($link, $query); - $actid = $_GET["actid"]; + $actid = $_REQUEST["actid"]; /* real feeds */ @@ -4360,7 +4360,7 @@ $feed_id = $line["id"]; $unread = $line["unread"]; - $subop = $_GET["subop"]; + $subop = $_REQUEST["subop"]; if (get_pref($link, 'HEADLINES_SMART_DATE')) { $last_updated = smart_date_time(strtotime($line["last_updated_noms"])); @@ -4931,8 +4931,8 @@ $subop_split = split(":", $subop); if ($subop == "CatchupSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); catchupArticlesById($link, $ids, $cmode); } @@ -4991,14 +4991,14 @@ /// START ///////////////////////////////////////////////////////////////////////////////// - $search = db_escape_string($_GET["query"]); + $search = db_escape_string($_REQUEST["query"]); if ($search) { $disable_cache = true; } - $search_mode = db_escape_string($_GET["search_mode"]); - $match_on = db_escape_string($_GET["match_on"]); + $search_mode = db_escape_string($_REQUEST["search_mode"]); + $match_on = db_escape_string($_REQUEST["match_on"]); if (!$match_on) { $match_on = "both"; @@ -5006,12 +5006,12 @@ $real_offset = $offset * $limit; - if ($_GET["debug"]) $timing_info = print_checkpoint("H0", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info); $qfh_ret = queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view, $search, $search_mode, $match_on, $override_order, $real_offset); - if ($_GET["debug"]) $timing_info = print_checkpoint("H1", $timing_info); + if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H1", $timing_info); $result = $qfh_ret[0]; $feed_title = $qfh_ret[1]; diff --git a/manifest.json.php b/manifest.json.php index 7d3ee7259..066cbd0e8 100644 --- a/manifest.json.php +++ b/manifest.json.php @@ -16,7 +16,8 @@ "images/c1.png", "images/c2.png", "images/c3.png", - "images/c4.png", + "images/c4.png", + "images/archive.png", "images/cat-collapse.png", "images/down_arrow.png", "images/footer.png", diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 2d1a8f90b..019368685 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -1,7 +1,7 @@ "; - $key = db_escape_string($_GET["key"]); - $value = db_escape_string($_GET["value"]); + $key = db_escape_string($_REQUEST["key"]); + $value = db_escape_string($_REQUEST["value"]); set_pref($link, $key, $value); @@ -23,7 +23,7 @@ } if ($subop == "getLabelCounters") { - $aid = $_GET["aid"]; + $aid = $_REQUEST["aid"]; print ""; print ""; getLabelCounters($link); @@ -50,7 +50,7 @@ print ""; print ""; - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; getAllCounters($link, $omode); print ""; @@ -61,8 +61,8 @@ } if ($subop == "mark") { - $mark = $_GET["mark"]; - $id = db_escape_string($_GET["id"]); + $mark = $_REQUEST["mark"]; + $id = db_escape_string($_REQUEST["id"]); if ($mark == "1") { $mark = "true"; @@ -87,7 +87,7 @@ } if ($subop == "delete") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "DELETE FROM ttrss_user_entries WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -103,7 +103,7 @@ } if ($subop == "unarchive") { - $ids = db_escape_string($_GET["ids"]); + $ids = db_escape_string($_REQUEST["ids"]); $result = db_query($link, "UPDATE ttrss_user_entries SET feed_id = orig_feed_id, orig_feed_id = NULL @@ -120,7 +120,7 @@ } if ($subop == "archive") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { archive_article($link, $id, $_SESSION["uid"]); @@ -183,7 +183,7 @@ } if ($subop == "updateFeed") { - $feed_id = db_escape_string($_GET["feed"]); + $feed_id = db_escape_string($_REQUEST["feed"]); $result = db_query($link, "SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id' @@ -205,7 +205,7 @@ if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") { - $global_unread_caller = sprintf("%d", $_GET["uctr"]); + $global_unread_caller = sprintf("%d", $_REQUEST["uctr"]); $global_unread = getGlobalUnread($link); print ""; @@ -214,7 +214,7 @@ if ($global_unread_caller != $global_unread) { - $omode = $_GET["omode"]; + $omode = $_REQUEST["omode"]; if (!$omode) $omode = "tflc"; @@ -251,7 +251,7 @@ print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -261,14 +261,14 @@ if ($subop == "markSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); markArticlesById($link, $ids, $cmode); print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -278,14 +278,14 @@ if ($subop == "publishSelected") { - $ids = split(",", db_escape_string($_GET["ids"])); - $cmode = sprintf("%d", $_GET["cmode"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $cmode = sprintf("%d", $_REQUEST["cmode"]); publishArticlesById($link, $ids, $cmode); print ""; print ""; - getAllCounters($link, $_GET["omode"]); + getAllCounters($link, $_REQUEST["omode"]); print ""; print_runtime_info($link); print ""; @@ -301,7 +301,7 @@ print_runtime_info($link); # assign client-passed params to session - $_SESSION["client.userAgent"] = $_GET["ua"]; + $_SESSION["client.userAgent"] = $_REQUEST["ua"]; } print ""; @@ -320,7 +320,7 @@ if ($subop == "getArticleLink") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'"); @@ -337,9 +337,9 @@ if ($subop == "setArticleTags") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); - $tags_str = db_escape_string($_GET["tags_str"]); + $tags_str = db_escape_string($_REQUEST["tags_str"]); $tags = array_unique(trim_array(split(",", $tags_str))); @@ -426,8 +426,8 @@ } if ($subop == "purge") { - $ids = split(",", db_escape_string($_GET["ids"])); - $days = sprintf("%d", $_GET["days"]); + $ids = split(",", db_escape_string($_REQUEST["ids"])); + $days = sprintf("%d", $_REQUEST["days"]); print ""; diff --git a/modules/help.php b/modules/help.php index 415870d45..64ec087bb 100644 --- a/modules/help.php +++ b/modules/help.php @@ -1,7 +1,7 @@ ".__('Help')." @@ -9,7 +9,7 @@ "; } - $tid = sprintf("%d", $_GET["tid"]); + $tid = sprintf("%d", $_REQUEST["tid"]); if (file_exists("help/$tid.php")) { include("help/$tid.php"); @@ -21,7 +21,7 @@ onclick=\"javascript:window.close()\" value=\"".__('Close this window')."\">"; - if (!$_GET["noheaders"]) { + if (!$_REQUEST["noheaders"]) { print ""; } } diff --git a/modules/popup-dialog.php b/modules/popup-dialog.php index ab28d1746..57237823e 100644 --- a/modules/popup-dialog.php +++ b/modules/popup-dialog.php @@ -1,7 +1,7 @@ "; - #$active_feed_id = db_escape_string($_GET["param"]); + #$active_feed_id = db_escape_string($_REQUEST["param"]); - $params = split(":", db_escape_string($_GET["param"])); + $params = split(":", db_escape_string($_REQUEST["param"])); $active_feed_id = sprintf("%d", $params[0]); $is_cat = $params[1] == "true"; @@ -221,7 +221,7 @@ if ($id == "quickAddFilter") { - $active_feed_id = db_escape_string($_GET["param"]); + $active_feed_id = db_escape_string($_REQUEST["param"]); print "
".__('Create Filter')."
"; print "
"; diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php index 73fbe8079..4c9ed19a9 100644 --- a/modules/pref-feeds.php +++ b/modules/pref-feeds.php @@ -15,7 +15,7 @@ $quiet = $_REQUEST["quiet"]; if ($subop == "massSubscribe") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); $subscribed = array(); @@ -64,7 +64,7 @@ print "
"; - $browser_search = db_escape_string($_GET["search"]); + $browser_search = db_escape_string($_REQUEST["search"]); //print "

".__("Showing top 25 registered feeds, sorted by popularity:")."

"; @@ -726,7 +726,7 @@ if ($subop == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed($link, $id, $_SESSION["uid"]); @@ -734,12 +734,12 @@ } if ($subop == "clear") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); clear_feed_articles($link, $id); } if ($subop == "rescore") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { @@ -901,9 +901,9 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); - $cat_id = db_escape_string($_GET["cat_id"]); + $cat_id = db_escape_string($_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -938,7 +938,7 @@ if ($action == "save") { $cat_title = db_escape_string(trim($_REQUEST["value"])); - $cat_id = db_escape_string($_GET["cid"]); + $cat_id = db_escape_string($_REQUEST["cid"]); db_query($link, "BEGIN"); @@ -977,7 +977,7 @@ if (!WEB_DEMO_MODE) { - $feed_cat = db_escape_string(trim($_GET["cat"])); + $feed_cat = db_escape_string(trim($_REQUEST["cat"])); $result = db_query($link, "SELECT id FROM ttrss_feed_categories @@ -1000,7 +1000,7 @@ if ($action == "remove") { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { remove_feed_category($link, $id, $_SESSION["uid"]); @@ -1111,9 +1111,9 @@ __('Some feeds have update errors (click for details)').""); } - $feed_search = db_escape_string($_GET["search"]); + $feed_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; } else { $feed_search = $_SESSION["prefs_feed_search"]; @@ -1138,7 +1138,7 @@ onclick=\"javascript:browseFeeds()\" value=\"".__('More Feeds')."\">"; } - $feeds_sort = db_escape_string($_GET["sort"]); + $feeds_sort = db_escape_string($_REQUEST["sort"]); if (!$feeds_sort || $feeds_sort == "undefined") { $feeds_sort = $_SESSION["pref_sort_feeds"]; @@ -1171,7 +1171,7 @@ $show_last_article_checked = ""; $show_last_article_qpart = ""; - if ($_GET["slat"] == "true") { + if ($_REQUEST["slat"] == "true") { $show_last_article_info = true; $show_last_article_checked = "checked"; $show_last_article_qpart = ", (SELECT ".SUBSTRING_FOR_DATE."(MAX(updated),1,16) FROM ttrss_user_entries, diff --git a/modules/pref-filters.php b/modules/pref-filters.php index 238ceb151..a0760de4e 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -1,11 +1,11 @@ ".__('User details')."
"; @@ -103,7 +103,7 @@ if ($subop == "edit") { - $id = db_escape_string($_GET["id"]); + $id = db_escape_string($_REQUEST["id"]); print "
".__('User Editor')."
"; @@ -213,7 +213,7 @@ if ($_SESSION["access_level"] >= 10) { - $ids = split(",", db_escape_string($_GET["ids"])); + $ids = split(",", db_escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"]) { @@ -227,7 +227,7 @@ if ($_SESSION["access_level"] >= 10) { - $login = db_escape_string(trim($_GET["login"])); + $login = db_escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $pwd_hash = encrypt_password($tmp_user_pwd, $login); @@ -266,7 +266,7 @@ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $uid = db_escape_string($_GET["id"]); + $uid = db_escape_string($_REQUEST["id"]); $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -346,9 +346,9 @@ set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig"); - $user_search = db_escape_string($_GET["search"]); + $user_search = db_escape_string($_REQUEST["search"]); - if (array_key_exists("search", $_GET)) { + if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; } else { $user_search = $_SESSION["prefs_user_search"]; @@ -363,7 +363,7 @@ onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\">
"; - $sort = db_escape_string($_GET["sort"]); + $sort = db_escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; @@ -427,7 +427,7 @@ $class = ($lnum % 2) ? "even" : "odd"; $uid = $line["id"]; - $edit_uid = $_GET["id"]; + $edit_uid = $_REQUEST["id"]; if ($subop == "edit" && $uid != $edit_uid) { $class .= "Grayed"; diff --git a/offline.js b/offline.js index f62bd46b9..2650515f1 100644 --- a/offline.js +++ b/offline.js @@ -854,7 +854,7 @@ function update_offline_data(stage) { if (!db || offline_mode || getInitParam("offline_enabled") != "1") return; - var query = "backend.php?op=rpc&subop=download"; + var query = "?op=rpc&subop=download"; var rs = db.execute("SELECT MAX(id), MIN(id) FROM articles"); @@ -877,10 +877,10 @@ function update_offline_data(stage) { var to_sync = prepare_local_sync_data(); if (to_sync != "") { - to_sync = "?sync=" + param_escape(to_sync); + to_sync = "&sync=" + param_escape(to_sync); } - debug(query + "/" + to_sync); + query = query + to_sync; var pic = $("offlineModePic"); @@ -896,8 +896,10 @@ function update_offline_data(stage) { sync_in_progress = true; - new Ajax.Request(query, { - parameters: to_sync, + debug(query); + + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { offline_download_parse(stage, transport); } }); diff --git a/prefs.js b/prefs.js index 8c0d2fbe1..20277a462 100644 --- a/prefs.js +++ b/prefs.js @@ -226,12 +226,13 @@ function updateFeedList(sort_key) { slat_checked = slat.checked; } - var query = "backend.php?op=pref-feeds" + + var query = "?op=pref-feeds" + "&sort=" + param_escape(sort_key) + "&slat=" + param_escape(slat_checked) + "&search=" + param_escape(search); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -248,11 +249,12 @@ function updateUsersList(sort_key) { var search = ""; if (user_search) { search = user_search.value; } - var query = "backend.php?op=pref-users&sort=" + var query = "?op=pref-users&sort=" + param_escape(sort_key) + "&search=" + param_escape(search); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { userlist_callback2(transport); } }); @@ -280,10 +282,11 @@ function addLabel() { // we can be called from some other tab active_tab = "labelConfig"; - query = "backend.php?op=pref-labels&subop=add&caption=" + + query = "?op=pref-labels&subop=add&caption=" + param_escape(caption); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_submit_callback2(transport); } }); @@ -306,10 +309,11 @@ function addFeed() { } else { notify_progress("Adding feed..."); - var query = "backend.php?op=pref-feeds&subop=add&from=tt-rss&feed_url=" + + var query = "?op=pref-feeds&subop=add&from=tt-rss&feed_url=" + param_escape(link.value); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -333,10 +337,11 @@ function addFeedCat() { } else { notify_progress("Adding feed category..."); - var query = "backend.php?op=pref-feeds&subop=editCats&action=add&cat=" + + var query = "?op=pref-feeds&subop=editCats&action=add&cat=" + param_escape(cat.value); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_feed_cat_callback2(transport); } }); @@ -363,10 +368,11 @@ function addUser() { notify_progress("Adding user..."); - var query = "backend.php?op=pref-users&subop=add&login=" + + var query = "?op=pref-users&subop=add&login=" + param_escape(login); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { userlist_callback2(transport); } }); @@ -389,10 +395,11 @@ function editUser(id) { disableContainerChildren("userOpToolbar", false); - var query = "backend.php?op=pref-users&subop=edit&id=" + + var query = "?op=pref-users&subop=edit&id=" + param_escape(id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -416,10 +423,11 @@ function editFilter(id) { selectTableRowsByIdPrefix('prefFilterList', 'FILRR-', 'FICHK-', false); selectTableRowById('FILRR-'+id, 'FICHK-'+id, true); - var query = "backend.php?op=pref-filters&subop=edit&id=" + + var query = "?op=pref-filters&subop=edit&id=" + param_escape(id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -442,10 +450,11 @@ function editFeed(feed) { disableContainerChildren("feedOpToolbar", false); - var query = "backend.php?op=pref-feeds&subop=editfeed&id=" + + var query = "?op=pref-feeds&subop=editfeed&id=" + param_escape(feed); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -487,10 +496,11 @@ function removeSelectedLabels() { if (ok) { notify_progress("Removing selected labels..."); - var query = "backend.php?op=pref-labels&subop=remove&ids="+ + var query = "?op=pref-labels&subop=remove&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { labellist_callback2(transport); } }); @@ -516,10 +526,11 @@ function removeSelectedUsers() { if (ok) { notify_progress("Removing selected users..."); - var query = "backend.php?op=pref-users&subop=remove&ids="+ + var query = "?op=pref-users&subop=remove&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { userlist_callback2(transport); } }); @@ -550,10 +561,11 @@ function removeSelectedFilters() { if (ok) { notify_progress("Removing selected filters..."); - var query = "backend.php?op=pref-filters&subop=remove&ids="+ + var query = "?op=pref-filters&subop=remove&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { filterlist_callback2(transport); } }); @@ -585,10 +597,11 @@ function removeSelectedFeeds() { notify_progress("Unsubscribing from selected feeds..."); - var query = "backend.php?op=pref-feeds&subop=remove&ids="+ + var query = "?op=pref-feeds&subop=remove&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -643,12 +656,13 @@ function purgeSelectedFeeds() { if (pr != undefined) { notify_progress("Purging selected feed..."); - var query = "backend.php?op=rpc&subop=purge&ids="+ + var query = "?op=rpc&subop=purge&ids="+ param_escape(sel_rows.toString()) + "&days=" + pr; debug(query); - new Ajax.Request(query, { + new Ajax.Request("prefs.php", { + parameters: query, onComplete: function(transport) { notify(''); } }); @@ -674,10 +688,11 @@ function removeSelectedFeedCats() { if (ok) { notify_progress("Removing selected categories..."); - var query = "backend.php?op=pref-feeds&subop=editCats&action=remove&ids="+ + var query = "?op=pref-feeds&subop=editCats&action=remove&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_feed_cat_callback2(transport); } }); @@ -792,13 +807,14 @@ function filterEditSave() { notify_progress("Saving filter..."); - var query = "backend.php?" + Form.serialize("filter_edit_form"); + var query = "?" + Form.serialize("filter_edit_form"); closeInfoBox(); $("create_filter_btn").disabled = false; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { filterlist_callback2(transport); } }); @@ -852,10 +868,11 @@ function resetSelectedUserPass() { var id = rows[0]; - var query = "backend.php?op=pref-users&subop=resetPass&id=" + + var query = "?op=pref-users&subop=resetPass&id=" + param_escape(id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { userlist_callback2(transport); } }); @@ -887,9 +904,10 @@ function selectedUserDetails() { var id = rows[0]; - var query = "backend.php?op=pref-users&subop=user-details&id=" + id; + var query = "?op=pref-users&subop=user-details&id=" + id; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -954,10 +972,11 @@ function editSelectedFeeds() { notify_progress("Loading, please wait..."); - var query = "backend.php?op=pref-feeds&subop=editfeeds&ids=" + + var query = "?op=pref-feeds&subop=editfeeds&ids=" + param_escape(rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -998,11 +1017,12 @@ function updateFilterList(sort_key) { var search = ""; if (filter_search) { search = filter_search.value; } - var query = "backend.php?op=pref-filters&sort=" + + var query = "?op=pref-filters&sort=" + param_escape(sort_key) + "&search=" + param_escape(search); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { filterlist_callback2(transport); } }); @@ -1021,11 +1041,12 @@ function updateLabelList(sort_key) { var search = ""; if (label_search) { search = label_search.value; } - var query = "backend.php?op=pref-labels&sort=" + + var query = "?op=pref-labels&sort=" + param_escape(sort_key) + "&search=" + param_escape(search); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { labellist_callback2(transport); } }); @@ -1037,9 +1058,10 @@ function updateLabelList(sort_key) { function updatePrefsList() { - var query = "backend.php?op=pref-prefs"; + var query = "?op=pref-prefs"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { prefslist_callback2(transport); } }); @@ -1224,9 +1246,10 @@ function init() { loading_set_progress(30); - var query = "backend.php?op=rpc&subop=sanityCheck"; + var query = "?op=rpc&subop=sanityCheck"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { backend_sanity_check_callback2(transport); } }); @@ -1247,10 +1270,11 @@ function categorizeSelectedFeeds() { notify_progress("Changing category of selected feeds..."); - var query = "backend.php?op=pref-feeds&subop=categorize&ids="+ + var query = "?op=pref-feeds&subop=categorize&ids="+ param_escape(sel_rows.toString()) + "&cat_id=" + param_escape(cat_id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -1297,10 +1321,11 @@ function feedBrowserSubscribe() { if (selected.length > 0) { closeInfoBox(); - var query = "backend.php?op=pref-feeds&subop=massSubscribe&ids="+ + var query = "?op=pref-feeds&subop=massSubscribe&ids="+ param_escape(selected.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -1609,9 +1634,10 @@ function editFeedCats() { // this button is not always available, no-op if not found } - var query = "backend.php?op=pref-feeds&subop=editCats"; + var query = "?op=pref-feeds&subop=editCats"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_feed_cat_callback2(transport); } }); @@ -1711,9 +1737,10 @@ function pubRegenKey() { notify_progress("Trying to change address..."); - var query = "backend.php?op=rpc&subop=regenPubKey"; + var query = "?op=rpc&subop=regenPubKey"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { replace_pubkey_callback(transport); } }); @@ -1804,9 +1831,10 @@ function clearFeedArticles(feed_id) { notify_progress("Clearing feed..."); - var query = "backend.php?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id; + var query = "?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { notify(''); } }); @@ -1826,10 +1854,11 @@ function rescoreSelectedFeeds() { if (ok) { notify_progress("Rescoring selected feeds...", true); - var query = "backend.php?op=pref-feeds&subop=rescore&quiet=1&ids="+ + var query = "?op=pref-feeds&subop=rescore&quiet=1&ids="+ param_escape(sel_rows.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { notify_callback2(transport); } }); @@ -1848,9 +1877,10 @@ function rescore_all_feeds() { if (ok) { notify_progress("Rescoring feeds...", true); - var query = "backend.php?op=pref-feeds&subop=rescoreAll&quiet=1"; + var query = "?op=pref-feeds&subop=rescoreAll&quiet=1"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { notify_callback2(transport); } }); @@ -1870,10 +1900,11 @@ function removeFilter(id, title) { notify_progress("Removing filter..."); - var query = "backend.php?op=pref-filters&subop=remove&ids="+ + var query = "?op=pref-filters&subop=remove&ids="+ param_escape(id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { filterlist_callback2(transport); } }); @@ -1900,10 +1931,11 @@ function unsubscribeFeed(id, title) { notify_progress("Removing feed..."); - var query = "backend.php?op=pref-feeds&subop=remove&ids="+ + var query = "?op=pref-feeds&subop=remove&ids="+ param_escape(id); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -2009,10 +2041,11 @@ function labelColorReset() { if (ok) { - var query = "backend.php?op=pref-labels&subop=color-reset&ids="+ + var query = "?op=pref-labels&subop=color-reset&ids="+ param_escape(labels.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { labellist_callback2(transport); } }); @@ -2036,7 +2069,7 @@ function labelColorAsk(id, kind) { if (p != null) { - var query = "backend.php?op=pref-labels&subop=color-set&kind=" + kind + + var query = "?op=pref-labels&subop=color-set&kind=" + kind + "&ids="+ param_escape(id) + "&color=" + param_escape(p); selectPrefRows('label', false); @@ -2051,7 +2084,7 @@ function labelColorAsk(id, kind) { } } - new Ajax.Request(query); + new Ajax.Request("backend.php", { parameters: query }); } } catch (e) { @@ -2092,7 +2125,7 @@ function colorPickerHideAll() { function colorPickerDo(id, fg, bg) { try { - var query = "backend.php?op=pref-labels&subop=color-set&kind=both"+ + var query = "?op=pref-labels&subop=color-set&kind=both"+ "&ids=" + param_escape(id) + "&fg=" + param_escape(fg) + "&bg=" + param_escape(bg); @@ -2103,7 +2136,7 @@ function colorPickerDo(id, fg, bg) { e.style.backgroundColor = bg; } - new Ajax.Request(query); + new Ajax.Request("backend.php", { parameters: query }); } catch (e) { exception_error("colorPickerDo", e); diff --git a/tt-rss.js b/tt-rss.js index 86b4e5644..824727291 100644 --- a/tt-rss.js +++ b/tt-rss.js @@ -229,7 +229,8 @@ function scheduleFeedUpdate(force) { debug("REFETCH query: " + query_str); - new Ajax.Request(query_str, { + new Ajax.Request("backend.php", { + parameters: query_str, onComplete: function(transport) { refetch_callback2(transport); } }); @@ -266,7 +267,8 @@ function updateFeedList(silent, fetch) { debug("updateFeedList Q=" + query_str); - new Ajax.Request(query_str, { + new Ajax.Request("backend.php", { + parameters: query_str, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -285,7 +287,8 @@ function catchupAllFeeds() { debug("catchupAllFeeds Q=" + query_str); - new Ajax.Request(query_str, { + new Ajax.Request("backend.php", { + parameters: query_str, onComplete: function(transport) { feedlist_callback2(transport); } }); @@ -401,7 +404,8 @@ function init() { loading_set_progress(30); - new Ajax.Request("backend.php?op=rpc&subop=sanityCheck" + params, { + new Ajax.Request("backend.php", { + parameters: "backend.php?op=rpc&subop=sanityCheck" + params, onComplete: function(transport) { backend_sanity_check_callback(transport); } }); @@ -677,11 +681,12 @@ function quickMenuGo(opid) { if (confirm(__("Reset category order?"))) { - var query = "backend.php?op=feeds&subop=catsortreset"; + var query = "?op=feeds&subop=catsortreset"; notify_progress("Loading, please wait...", true); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { window.setTimeout('updateFeedList(false, false)', 50); } }); @@ -701,9 +706,10 @@ function unsubscribeFeed(feed_id, title) { if (title == undefined || confirm(msg)) { notify_progress("Removing feed..."); - var query = "backend.php?op=pref-feeds&quiet=1&subop=remove&ids=" + feed_id; + var query = "?op=pref-feeds&quiet=1&subop=remove&ids=" + feed_id; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { dlg_frefresh_callback(transport, feed_id); } }); @@ -840,16 +846,17 @@ function editFeedDlg(feed) { var query = ""; if (feed > 0) { - query = "backend.php?op=pref-feeds&subop=editfeed&id=" + param_escape(feed); + query = "?op=pref-feeds&subop=editfeed&id=" + param_escape(feed); } else { - query = "backend.php?op=pref-labels&subop=edit&id=" + param_escape(-feed-11); + query = "?op=pref-labels&subop=edit&id=" + param_escape(-feed-11); } disableHotkeys(); notify_progress("Loading, please wait...", true); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { infobox_callback2(transport); } }); @@ -897,9 +904,10 @@ function clearFeedArticles(feed_id) { notify_progress("Clearing feed..."); - var query = "backend.php?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id; + var query = "?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { dlg_frefresh_callback(transport, feed_id); } }); @@ -941,9 +949,9 @@ function collapse_feedlist() { if (fc) fc.style.left = fl.offsetWidth + 40 + "px"; } - query = "backend.php?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=false"; + query = "?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=false"; - new Ajax.Request(query); + new Ajax.Request("backend.php", { parameters: query }); } else { Element.hide(fl); @@ -965,9 +973,9 @@ function collapse_feedlist() { } - query = "backend.php?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=true"; + query = "?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=true"; - new Ajax.Request(query); + new Ajax.Request("backend.php", { parameters: query }); } } catch (e) { @@ -991,9 +999,10 @@ function viewLimitChanged() { var pr = prompt(__("Assign score to article:"), score); if (pr != undefined) { - var query = "backend.php?op=rpc&subop=setScore&id=" + id + "&score=" + pr; + var query = "?op=rpc&subop=setScore&id=" + id + "&score=" + pr; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { viewCurrentFeed(); } }); @@ -1024,12 +1033,13 @@ function rescoreCurrentFeed() { if (confirm(pr)) { notify_progress("Rescoring articles..."); - var query = "backend.php?op=pref-feeds&subop=rescore&quiet=1&ids=" + actid; + var query = "?op=pref-feeds&subop=rescore&quiet=1&ids=" + actid; - new Ajax.Request(query, { - onComplete: function(transport) { - viewCurrentFeed(); - } }); + new Ajax.Request("backend.php", { + parameters: query, + onComplete: function(transport) { + viewCurrentFeed(); + } }); } } @@ -1456,12 +1466,13 @@ function addLabel() { return false; } - var query = "backend.php?op=pref-labels&subop=add&caption=" + + var query = "?op=pref-labels&subop=add&caption=" + param_escape(caption); notify_progress("Loading, please wait...", true); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { updateFeedList(); } }); @@ -1491,7 +1502,8 @@ function feedBrowserSubscribe() { var query = "backend.php?op=pref-feeds&subop=massSubscribe&ids="+ param_escape(selected.toString()); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { updateFeedList(); } }); diff --git a/viewfeed.js b/viewfeed.js index d79620421..d0c325d2d 100644 --- a/viewfeed.js +++ b/viewfeed.js @@ -474,7 +474,7 @@ function view(id, feed_id) { //setActiveFeedId(feed_id); - var query = "backend.php?op=view&id=" + param_escape(id) + + var query = "?op=view&id=" + param_escape(id) + "&feed=" + param_escape(feed_id); var date = new Date(); @@ -556,7 +556,8 @@ function view(id, feed_id) { last_requested_article = id; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { article_callback2(transport, id, feed_id); } }); @@ -614,7 +615,7 @@ function toggleMark(id, client_only, no_effects) { try { - var query = "backend.php?op=rpc&id=" + id + "&subop=mark"; + var query = "?op=rpc&id=" + id + "&subop=mark"; query = query + "&afid=" + getActiveFeedId(); @@ -663,7 +664,8 @@ function toggleMark(id, client_only, no_effects) { if (!client_only) { debug(query); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { all_counters_callback2(transport); } }); @@ -679,7 +681,7 @@ function togglePub(id, client_only, no_effects, note) { try { - var query = "backend.php?op=rpc&id=" + id + "&subop=publ"; + var query = "?op=rpc&id=" + id + "&subop=publ"; query = query + "&afid=" + getActiveFeedId(); @@ -721,7 +723,8 @@ function togglePub(id, client_only, no_effects, note) { } if (!client_only) { - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { toggle_published_callback(transport); } }); @@ -946,15 +949,13 @@ function toggleUnread(id, cmode, effect) { if (cmode == undefined) cmode = 2; - var query = "backend.php?op=rpc&subop=catchupSelected" + - "&cmode=" + param_escape(cmode); - - var ids = "?ids=" + param_escape(id); + var query = "?op=rpc&subop=catchupSelected" + + "&cmode=" + param_escape(cmode) + "&ids=" + param_escape(id); // notify_progress("Loading, please wait..."); - new Ajax.Request(query, { - parameters: ids, + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { all_counters_callback2(transport); } }); @@ -980,14 +981,15 @@ function selectionRemoveLabel(id) { // if (ok) { - var query = "backend.php?op=rpc&subop=removeFromLabel&ids=" + + var query = "?op=rpc&subop=removeFromLabel&ids=" + param_escape(ids.toString()) + "&lid=" + param_escape(id); // notify_progress("Loading, please wait..."); cache_invalidate("F:" + (-11 - id)); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { show_labels_in_headlines(transport); all_counters_callback2(transport); @@ -1017,12 +1019,13 @@ function selectionAssignLabel(id) { cache_invalidate("F:" + (-11 - id)); - var query = "backend.php?op=rpc&subop=assignToLabel&ids=" + + var query = "?op=rpc&subop=assignToLabel&ids=" + param_escape(ids.toString()) + "&lid=" + param_escape(id); // notify_progress("Loading, please wait..."); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { show_labels_in_headlines(transport); all_counters_callback2(transport); @@ -1102,15 +1105,13 @@ function selectionToggleUnread(cdm_mode, set_state, callback_func, no_error) { cmode = "0"; } - var query = "backend.php?op=rpc&subop=catchupSelected" + - "&cmode=" + cmode; - - var ids = "?ids=" + param_escape(rows.toString()); + var query = "?op=rpc&subop=catchupSelected" + + "&cmode=" + cmode + "&ids=" + param_escape(rows.toString()); notify_progress("Loading, please wait..."); - new Ajax.Request(query, { - parameters: ids, + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { catchup_callback2(transport, callback_func); } }); @@ -1146,7 +1147,7 @@ function selectionToggleMarked(cdm_mode) { if (rows.length > 0) { - var query = "backend.php?op=rpc&subop=markSelected&ids=" + + var query = "?op=rpc&subop=markSelected&ids=" + param_escape(rows.toString()) + "&cmode=2"; query = query + "&afid=" + getActiveFeedId(); @@ -1159,7 +1160,8 @@ function selectionToggleMarked(cdm_mode) { query = query + "&omode=lc"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { all_counters_callback2(transport); } }); @@ -1193,7 +1195,7 @@ function selectionTogglePublished(cdm_mode) { if (rows.length > 0) { - var query = "backend.php?op=rpc&subop=publishSelected&ids=" + + var query = "?op=rpc&subop=publishSelected&ids=" + param_escape(rows.toString()) + "&cmode=2"; query = query + "&afid=" + getActiveFeedId(); @@ -1206,7 +1208,8 @@ function selectionTogglePublished(cdm_mode) { query = query + "&omode=lc"; - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { all_counters_callback2(transport); } }); @@ -1357,11 +1360,12 @@ function deleteSelection() { return; } - query = "backend.php?op=rpc&subop=delete&ids=" + param_escape(rows); + query = "?op=rpc&subop=delete&ids=" + param_escape(rows); debug(query); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { viewCurrentFeed(); } }); @@ -1408,7 +1412,7 @@ function archiveSelection() { return; } - query = "backend.php?op=rpc&subop="+op+"&ids=" + param_escape(rows); + query = "?op=rpc&subop="+op+"&ids=" + param_escape(rows); debug(query); @@ -1416,7 +1420,8 @@ function archiveSelection() { cache_invalidate(rows[i]); } - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { viewCurrentFeed(); } }); @@ -1513,11 +1518,12 @@ function editTagsSave() { var query = Form.serialize("tag_edit_form"); - query = "backend.php?op=rpc&subop=setArticleTags&" + query; + query = "?op=rpc&subop=setArticleTags&" + query; debug(query); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { tag_saved_callback(transport); } }); @@ -1708,13 +1714,11 @@ function cdmWatchdog() { } } - var query = "backend.php?op=rpc&subop=catchupSelected" + - "&cmode=0"; + var query = "?op=rpc&subop=catchupSelected" + + "&cmode=0" + "&ids=" + param_escape(ids.toString()); - var ids = "?ids=" + param_escape(ids.toString()); - - new Ajax.Request(query, { - parameters: ids, + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { all_counters_callback2(transport); } }); @@ -1972,9 +1976,11 @@ function preloadArticleUnderPointer(id) { cids_to_request.push(id); - var query = "backend.php?op=rpc&subop=getArticles&ids=" + + var query = "?op=rpc&subop=getArticles&ids=" + cids_to_request.toString(); - new Ajax.Request(query, { + + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { preload_article_callback(transport); } }); @@ -2092,13 +2098,11 @@ function catchupRelativeToArticle(below) { e.className = e.className.replace("Unread", ""); } - var query = "backend.php?op=rpc&subop=catchupSelected" + - "&cmode=0"; + var query = "?op=rpc&subop=catchupSelected" + + "&cmode=0" + "&ids=" + param_escape(ids_to_mark.toString()); - var ids = "?ids=" + param_escape(ids_to_mark.toString()); - - new Ajax.Request(query, { - parameters: ids, + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { catchup_callback2(transport); } }); @@ -2252,11 +2256,12 @@ function zoomToArticle(id) { function showOriginalArticleInline(id) { try { - var query = "backend.php?op=rpc&subop=getArticleLink&id=" + id; + var query = "?op=rpc&subop=getArticleLink&id=" + id; notify_progress("Loading, please wait...", true); - new Ajax.Request(query, { + new Ajax.Request("backend.php", { + parameters: query, onComplete: function(transport) { if (transport.responseXML) {