plugins/mailto: PDO

This commit is contained in:
Andrew Dolgov 2017-12-03 10:16:32 +03:00
parent 69563c96b4
commit d8bf94c2f2
1 changed files with 9 additions and 5 deletions

View File

@ -27,7 +27,8 @@ class MailTo extends Plugin {
function emailArticle() { function emailArticle() {
$param = db_escape_string($_REQUEST['param']); $ids = explode(",", $_REQUEST['param']);
$ids_qmarks = arr_qmarks($ids);
require_once "lib/MiniTemplator.class.php"; require_once "lib/MiniTemplator.class.php";
@ -40,15 +41,18 @@ class MailTo extends Plugin {
$tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true);
$result = db_query("SELECT DISTINCT link, content, title $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title
FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND
id IN ($param) AND owner_uid = " . $_SESSION["uid"]); id IN ($ids_qmarks) AND owner_uid = ?");
$sth->execute(array_merge($ids, [$_SESSION['uid']]));
if (db_num_rows($result) > 1) { if (count($ids) > 1) {
$subject = __("[Forwarded]") . " " . __("Multiple articles"); $subject = __("[Forwarded]") . " " . __("Multiple articles");
} else {
$subject = "";
} }
while ($line = db_fetch_assoc($result)) { while ($line = $sth->fetch()) {
if (!$subject) if (!$subject)
$subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]); $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]);