From d8bf94c2f29bb980aae6e7b2ba53e18e4e3fc1e1 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 3 Dec 2017 10:16:32 +0300 Subject: [PATCH] plugins/mailto: PDO --- plugins/mailto/init.php | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php index 83e643231..60c58b707 100644 --- a/plugins/mailto/init.php +++ b/plugins/mailto/init.php @@ -27,7 +27,8 @@ class MailTo extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $ids = explode(",", $_REQUEST['param']); + $ids_qmarks = arr_qmarks($ids); require_once "lib/MiniTemplator.class.php"; @@ -40,15 +41,18 @@ class MailTo extends Plugin { $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); - $result = db_query("SELECT DISTINCT link, content, title + $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND - id IN ($param) AND owner_uid = " . $_SESSION["uid"]); + id IN ($ids_qmarks) AND owner_uid = ?"); + $sth->execute(array_merge($ids, [$_SESSION['uid']])); - if (db_num_rows($result) > 1) { + if (count($ids) > 1) { $subject = __("[Forwarded]") . " " . __("Multiple articles"); + } else { + $subject = ""; } - while ($line = db_fetch_assoc($result)) { + while ($line = $sth->fetch()) { if (!$subject) $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]);