valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

classes: use OO DB interface

This commit is contained in:
Andrew Dolgov 2013-04-17 20:12:14 +04:00
parent b4b45b4534
commit d9c85e0f11
17 changed files with 707 additions and 707 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

116
classes/api.php
View File

@ -50,16 +50,16 @@ class API extends Handler {
@session_destroy(); @session_destroy();
@session_start(); @session_start();
$login = db_escape_string($_REQUEST["user"]); $login = $this->dbh->escape_string($_REQUEST["user"]);
$password = $_REQUEST["password"]; $password = $_REQUEST["password"];
$password_base64 = base64_decode($_REQUEST["password"]); $password_base64 = base64_decode($_REQUEST["password"]);
if (SINGLE_USER_MODE) $login = "admin"; if (SINGLE_USER_MODE) $login = "admin";
$result = db_query("SELECT id FROM ttrss_users WHERE login = '$login'"); $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$uid = db_fetch_result($result, 0, "id"); $uid = $this->dbh->fetch_result($result, 0, "id");
} else { } else {
$uid = 0; $uid = 0;
} }
@ -95,8 +95,8 @@ class API extends Handler {
} }
function getUnread() { function getUnread() {
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
$is_cat = db_escape_string($_REQUEST["is_cat"]); $is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
if ($feed_id) { if ($feed_id) {
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat))); print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($feed_id, $is_cat)));
@ -111,10 +111,10 @@ class API extends Handler {
} }
function getFeeds() { function getFeeds() {
$cat_id = db_escape_string($_REQUEST["cat_id"]); $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]); $unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
$limit = (int) db_escape_string($_REQUEST["limit"]); $limit = (int) $this->dbh->escape_string($_REQUEST["limit"]);
$offset = (int) db_escape_string($_REQUEST["offset"]); $offset = (int) $this->dbh->escape_string($_REQUEST["offset"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]); $include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested); $feeds = $this->api_get_feeds($cat_id, $unread_only, $limit, $offset, $include_nested);
@ -134,7 +134,7 @@ class API extends Handler {
else else
$nested_qpart = "true"; $nested_qpart = "true";
$result = db_query("SELECT $result = $this->dbh->query("SELECT
id, title, order_id, (SELECT COUNT(id) FROM id, title, order_id, (SELECT COUNT(id) FROM
ttrss_feeds WHERE ttrss_feeds WHERE
ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds, ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds,
@ -147,7 +147,7 @@ class API extends Handler {
$cats = array(); $cats = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
if ($include_empty || $line["num_feeds"] > 0 || $line["num_cats"] > 0) { if ($include_empty || $line["num_feeds"] > 0 || $line["num_cats"] > 0) {
$unread = getFeedUnread($line["id"], true); $unread = getFeedUnread($line["id"], true);
@ -180,22 +180,22 @@ class API extends Handler {
} }
function getHeadlines() { function getHeadlines() {
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
if ($feed_id != "") { if ($feed_id != "") {
$limit = (int)db_escape_string($_REQUEST["limit"]); $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]);
if (!$limit || $limit >= 60) $limit = 60; if (!$limit || $limit >= 60) $limit = 60;
$offset = (int)db_escape_string($_REQUEST["skip"]); $offset = (int)$this->dbh->escape_string($_REQUEST["skip"]);
$filter = db_escape_string($_REQUEST["filter"]); $filter = $this->dbh->escape_string($_REQUEST["filter"]);
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]); $is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]); $show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
$show_content = sql_bool_to_bool($_REQUEST["show_content"]); $show_content = sql_bool_to_bool($_REQUEST["show_content"]);
/* all_articles, unread, adaptive, marked, updated */ /* all_articles, unread, adaptive, marked, updated */
$view_mode = db_escape_string($_REQUEST["view_mode"]); $view_mode = $this->dbh->escape_string($_REQUEST["view_mode"]);
$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]); $include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]); $since_id = (int)$this->dbh->escape_string($_REQUEST["since_id"]);
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]); $include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
$sanitize_content = true; $sanitize_content = true;
@ -211,8 +211,8 @@ class API extends Handler {
/* do not rely on params below */ /* do not rely on params below */
$search = db_escape_string($_REQUEST["search"]); $search = $this->dbh->escape_string($_REQUEST["search"]);
$search_mode = db_escape_string($_REQUEST["search_mode"]); $search_mode = $this->dbh->escape_string($_REQUEST["search_mode"]);
$headlines = $this->api_get_headlines($feed_id, $limit, $offset, $headlines = $this->api_get_headlines($feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, $override_order,
@ -226,10 +226,10 @@ class API extends Handler {
} }
function updateArticle() { function updateArticle() {
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); $article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
$mode = (int) db_escape_string($_REQUEST["mode"]); $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);
$data = db_escape_string($_REQUEST["data"]); $data = $this->dbh->escape_string($_REQUEST["data"]);
$field_raw = (int)db_escape_string($_REQUEST["field"]); $field_raw = (int)$this->dbh->escape_string($_REQUEST["field"]);
$field = ""; $field = "";
$set_to = ""; $set_to = "";
@ -269,15 +269,15 @@ class API extends Handler {
$article_ids = join(", ", $article_ids); $article_ids = join(", ", $article_ids);
$result = db_query("UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]); $result = $this->dbh->query("UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]);
$num_updated = db_affected_rows($result); $num_updated = $this->dbh->affected_rows($result);
if ($num_updated > 0 && $field == "unread") { if ($num_updated > 0 && $field == "unread") {
$result = db_query("SELECT DISTINCT feed_id FROM ttrss_user_entries $result = $this->dbh->query("SELECT DISTINCT feed_id FROM ttrss_user_entries
WHERE ref_id IN ($article_ids)"); WHERE ref_id IN ($article_ids)");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
ccache_update($line["feed_id"], $_SESSION["uid"]); ccache_update($line["feed_id"], $_SESSION["uid"]);
} }
} }
@ -304,7 +304,7 @@ class API extends Handler {
function getArticle() { function getArticle() {
$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric)); $article_id = join(",", array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_id"])), is_numeric));
$query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id, $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
marked,unread,published,score, marked,unread,published,score,
@ -314,13 +314,13 @@ class API extends Handler {
WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " . WHERE id IN ($article_id) AND ref_id = id AND owner_uid = " .
$_SESSION["uid"] ; $_SESSION["uid"] ;
$result = db_query($query); $result = $this->dbh->query($query);
$articles = array(); $articles = array();
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$attachments = get_article_enclosures($line['id']); $attachments = get_article_enclosures($line['id']);
@ -363,10 +363,10 @@ class API extends Handler {
$config["daemon_is_running"] = file_is_locked("update_daemon.lock"); $config["daemon_is_running"] = file_is_locked("update_daemon.lock");
$result = db_query("SELECT COUNT(*) AS cf FROM $result = $this->dbh->query("SELECT COUNT(*) AS cf FROM
ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]); ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
$num_feeds = db_fetch_result($result, 0, "cf"); $num_feeds = $this->dbh->fetch_result($result, 0, "cf");
$config["num_feeds"] = (int)$num_feeds; $config["num_feeds"] = (int)$num_feeds;
@ -376,7 +376,7 @@ class API extends Handler {
function updateFeed() { function updateFeed() {
require_once "include/rssfuncs.php"; require_once "include/rssfuncs.php";
$feed_id = (int) db_escape_string($_REQUEST["feed_id"]); $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]);
update_rss_feed($feed_id, true); update_rss_feed($feed_id, true);
@ -384,8 +384,8 @@ class API extends Handler {
} }
function catchupFeed() { function catchupFeed() {
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
$is_cat = db_escape_string($_REQUEST["is_cat"]); $is_cat = $this->dbh->escape_string($_REQUEST["is_cat"]);
catchup_feed($feed_id, $is_cat); catchup_feed($feed_id, $is_cat);
@ -393,19 +393,19 @@ class API extends Handler {
} }
function getPref() { function getPref() {
$pref_name = db_escape_string($_REQUEST["pref_name"]); $pref_name = $this->dbh->escape_string($_REQUEST["pref_name"]);
print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name))); print $this->wrap(self::STATUS_OK, array("value" => get_pref($pref_name)));
} }
function getLabels() { function getLabels() {
//$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); //$article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
$article_id = (int)$_REQUEST['article_id']; $article_id = (int)$_REQUEST['article_id'];
$rv = array(); $rv = array();
$result = db_query("SELECT id, caption, fg_color, bg_color $result = $this->dbh->query("SELECT id, caption, fg_color, bg_color
FROM ttrss_labels2 FROM ttrss_labels2
WHERE owner_uid = '".$_SESSION['uid']."' ORDER BY caption"); WHERE owner_uid = '".$_SESSION['uid']."' ORDER BY caption");
@ -414,7 +414,7 @@ class API extends Handler {
else else
$article_labels = array(); $article_labels = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$checked = false; $checked = false;
foreach ($article_labels as $al) { foreach ($article_labels as $al) {
@ -437,11 +437,11 @@ class API extends Handler {
function setArticleLabel() { function setArticleLabel() {
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); $article_ids = array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_ids"])), is_numeric);
$label_id = (int) db_escape_string($_REQUEST['label_id']); $label_id = (int) $this->dbh->escape_string($_REQUEST['label_id']);
$assign = (bool) db_escape_string($_REQUEST['assign']) == "true"; $assign = (bool) $this->dbh->escape_string($_REQUEST['assign']) == "true";
$label = db_escape_string(label_find_caption( $label = $this->dbh->escape_string(label_find_caption(
$label_id, $_SESSION["uid"])); $label_id, $_SESSION["uid"]));
$num_updated = 0; $num_updated = 0;
@ -481,9 +481,9 @@ class API extends Handler {
} }
function shareToPublished() { function shareToPublished() {
$title = db_escape_string(strip_tags($_REQUEST["title"])); $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"])); $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"])); $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) { if (Article::create_published_article($title, $url, $content, "", $_SESSION["uid"])) {
print $this->wrap(self::STATUS_OK, array("status" => 'OK')); print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
@ -709,12 +709,12 @@ class API extends Handler {
} }
function unsubscribeFeed() { function unsubscribeFeed() {
$feed_id = (int) db_escape_string($_REQUEST["feed_id"]); $feed_id = (int) $this->dbh->escape_string($_REQUEST["feed_id"]);
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]); id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]); Pref_Feeds::remove_feed($feed_id, $_SESSION["uid"]);
print $this->wrap(self::STATUS_OK, array("status" => "OK")); print $this->wrap(self::STATUS_OK, array("status" => "OK"));
} else { } else {
@ -723,10 +723,10 @@ class API extends Handler {
} }
function subscribeToFeed() { function subscribeToFeed() {
$feed_url = db_escape_string($_REQUEST["feed_url"]); $feed_url = $this->dbh->escape_string($_REQUEST["feed_url"]);
$category_id = (int) db_escape_string($_REQUEST["category_id"]); $category_id = (int) $this->dbh->escape_string($_REQUEST["category_id"]);
$login = db_escape_string($_REQUEST["login"]); $login = $this->dbh->escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]); $password = $this->dbh->escape_string($_REQUEST["password"]);
if ($feed_url) { if ($feed_url) {
$rc = subscribe_to_feed($feed_url, $category_id, $rc = subscribe_to_feed($feed_url, $category_id,
@ -760,16 +760,16 @@ class API extends Handler {
private function isCategoryEmpty($id) { private function isCategoryEmpty($id) {
if ($id == -2) { if ($id == -2) {
$result = db_query("SELECT COUNT(*) AS count FROM ttrss_labels2 $result = $this->dbh->query("SELECT COUNT(*) AS count FROM ttrss_labels2
WHERE owner_uid = " . $_SESSION["uid"]); WHERE owner_uid = " . $_SESSION["uid"]);
return db_fetch_result($result, 0, "count") == 0; return $this->dbh->fetch_result($result, 0, "count") == 0;
} else if ($id == 0) { } else if ($id == 0) {
$result = db_query("SELECT COUNT(*) AS count FROM ttrss_feeds $result = $this->dbh->query("SELECT COUNT(*) AS count FROM ttrss_feeds
WHERE cat_id IS NULL AND owner_uid = " . $_SESSION["uid"]); WHERE cat_id IS NULL AND owner_uid = " . $_SESSION["uid"]);
return db_fetch_result($result, 0, "count") == 0; return $this->dbh->fetch_result($result, 0, "count") == 0;
} }

64
classes/article.php
View File

@ -8,14 +8,14 @@ class Article extends Handler_Protected {
} }
function redirect() { function redirect() {
$id = db_escape_string($_REQUEST['id']); $id = $this->dbh->escape_string($_REQUEST['id']);
$result = db_query("SELECT link FROM ttrss_entries, ttrss_user_entries $result = $this->dbh->query("SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."' WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
LIMIT 1"); LIMIT 1");
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$article_url = db_fetch_result($result, 0, 'link'); $article_url = $this->dbh->fetch_result($result, 0, 'link');
$article_url = str_replace("\n", "", $article_url); $article_url = str_replace("\n", "", $article_url);
header("Location: $article_url"); header("Location: $article_url");
@ -27,10 +27,10 @@ class Article extends Handler_Protected {
} }
function view() { function view() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$cids = explode(",", db_escape_string($_REQUEST["cids"])); $cids = explode(",", $this->dbh->escape_string($_REQUEST["cids"]));
$mode = db_escape_string($_REQUEST["mode"]); $mode = $this->dbh->escape_string($_REQUEST["mode"]);
$omode = db_escape_string($_REQUEST["omode"]); $omode = $this->dbh->escape_string($_REQUEST["omode"]);
// in prefetch mode we only output requested cids, main article // in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache) // just gets marked as read (it already exists in client cache)
@ -68,15 +68,15 @@ class Article extends Handler_Protected {
private function catchupArticleById($id, $cmode) { private function catchupArticleById($id, $cmode) {
if ($cmode == 0) { if ($cmode == 0) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
unread = false,last_read = NOW() unread = false,last_read = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) { } else if ($cmode == 1) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
unread = true unread = true
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} else { } else {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
unread = NOT unread,last_read = NOW() unread = NOT unread,last_read = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} }
@ -178,9 +178,9 @@ class Article extends Handler_Protected {
print __("Tags for this article (separated by commas):")."<br>"; print __("Tags for this article (separated by commas):")."<br>";
$param = db_escape_string($_REQUEST['param']); $param = $this->dbh->escape_string($_REQUEST['param']);
$tags = get_article_tags(db_escape_string($param)); $tags = get_article_tags($this->dbh->escape_string($param));
$tags_str = join(", ", $tags); $tags_str = join(", ", $tags);
@ -209,10 +209,10 @@ class Article extends Handler_Protected {
} }
function setScore() { function setScore() {
$ids = db_escape_string($_REQUEST['id']); $ids = $this->dbh->escape_string($_REQUEST['id']);
$score = (int)db_escape_string($_REQUEST['score']); $score = (int)$this->dbh->escape_string($_REQUEST['score']);
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("id" => $id, print json_encode(array("id" => $id,
@ -222,23 +222,23 @@ class Article extends Handler_Protected {
function setArticleTags() { function setArticleTags() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$tags_str = db_escape_string($_REQUEST["tags_str"]); $tags_str = $this->dbh->escape_string($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str))); $tags = array_unique(trim_array(explode(",", $tags_str)));
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT int_id FROM ttrss_user_entries WHERE $result = $this->dbh->query("SELECT int_id FROM ttrss_user_entries WHERE
ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1"); ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$tags_to_cache = array(); $tags_to_cache = array();
$int_id = db_fetch_result($result, 0, "int_id"); $int_id = $this->dbh->fetch_result($result, 0, "int_id");
db_query("DELETE FROM ttrss_tags WHERE $this->dbh->query("DELETE FROM ttrss_tags WHERE
post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'"); post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
foreach ($tags as $tag) { foreach ($tags as $tag) {
@ -255,7 +255,7 @@ class Article extends Handler_Protected {
// print "<!-- $id : $int_id : $tag -->"; // print "<!-- $id : $int_id : $tag -->";
if ($tag != '') { if ($tag != '') {
db_query("INSERT INTO ttrss_tags $this->dbh->query("INSERT INTO ttrss_tags
(post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')"); (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
} }
@ -267,12 +267,12 @@ class Article extends Handler_Protected {
sort($tags_to_cache); sort($tags_to_cache);
$tags_str = join(",", $tags_to_cache); $tags_str = join(",", $tags_to_cache);
db_query("UPDATE ttrss_user_entries $this->dbh->query("UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id' SET tag_cache = '$tags_str' WHERE ref_id = '$id'
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
$tags = get_article_tags($id); $tags = get_article_tags($id);
$tags_str = format_tags_string($tags, $id); $tags_str = format_tags_string($tags, $id);
@ -286,15 +286,15 @@ class Article extends Handler_Protected {
function completeTags() { function completeTags() {
$search = db_escape_string($_REQUEST["search"]); $search = $this->dbh->escape_string($_REQUEST["search"]);
$result = db_query("SELECT DISTINCT tag_name FROM ttrss_tags $result = $this->dbh->query("SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = '".$_SESSION["uid"]."' AND WHERE owner_uid = '".$_SESSION["uid"]."' AND
tag_name LIKE '$search%' ORDER BY tag_name tag_name LIKE '$search%' ORDER BY tag_name
LIMIT 10"); LIMIT 10");
print "<ul>"; print "<ul>";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
print "<li>" . $line["tag_name"] . "</li>"; print "<li>" . $line["tag_name"] . "</li>";
} }
print "</ul>"; print "</ul>";
@ -311,10 +311,10 @@ class Article extends Handler_Protected {
private function labelops($assign) { private function labelops($assign) {
$reply = array(); $reply = array();
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]); $label_id = $this->dbh->escape_string($_REQUEST["lid"]);
$label = db_escape_string(label_find_caption($label_id, $label = $this->dbh->escape_string(label_find_caption($label_id,
$_SESSION["uid"])); $_SESSION["uid"]));
$reply["info-for-headlines"] = array(); $reply["info-for-headlines"] = array();

12
classes/auth/base.php
View File

@ -15,7 +15,7 @@ class Auth_Base {
$user_id = $this->find_user_by_login($login); $user_id = $this->find_user_by_login($login);
if (!$user_id) { if (!$user_id) {
$login = db_escape_string($login); $login = $this->dbh->escape_string($login);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($password, $salt, true); $pwd_hash = encrypt_password($password, $salt, true);
@ -23,7 +23,7 @@ class Auth_Base {
(login,access_level,last_login,created,pwd_hash,salt) (login,access_level,last_login,created,pwd_hash,salt)
VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')"; VALUES ('$login', 0, null, NOW(), '$pwd_hash','$salt')";
db_query($query); $this->dbh->query($query);
return $this->find_user_by_login($login); return $this->find_user_by_login($login);
@ -36,13 +36,13 @@ class Auth_Base {
} }
function find_user_by_login($login) { function find_user_by_login($login) {
$login = db_escape_string($login); $login = $this->dbh->escape_string($login);
$result = db_query("SELECT id FROM ttrss_users WHERE $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
login = '$login'"); login = '$login'");
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
return db_fetch_result($result, 0, "id"); return $this->dbh->fetch_result($result, 0, "id");
} else { } else {
return false; return false;
} }

24
classes/dbupdater.php
View File

@ -2,18 +2,18 @@
class DbUpdater { class DbUpdater {
private $dbh; private $dbh;
private $db_type; private $$this->dbh->type;
private $need_version; private $need_version;
function __construct($dbh, $db_type, $need_version) { function __construct($dbh, $$this->dbh->type, $need_version) {
$this->dbh = $dbh; $this->dbh = $dbh;
$this->db_type = $db_type; $this->$this->dbh->type = $db_type;
$this->need_version = (int) $need_version; $this->need_version = (int) $need_version;
} }
function getSchemaVersion() { function getSchemaVersion() {
$result = db_query("SELECT schema_version FROM ttrss_version"); $result = $this->dbh->query("SELECT schema_version FROM ttrss_version");
return (int) db_fetch_result($result, 0, "schema_version"); return (int) $this->dbh->fetch_result($result, 0, "schema_version");
} }
function isUpdateRequired() { function isUpdateRequired() {
@ -21,7 +21,7 @@ class DbUpdater {
} }
function getSchemaLines($version) { function getSchemaLines($version) {
$filename = "schema/versions/".$this->db_type."/$version.sql"; $filename = "schema/versions/".$this->$this->dbh->type."/$version.sql";
if (file_exists($filename)) { if (file_exists($filename)) {
return explode(";", preg_replace("/[\r\n]/", "", file_get_contents($filename))); return explode(";", preg_replace("/[\r\n]/", "", file_get_contents($filename)));
@ -37,21 +37,21 @@ class DbUpdater {
if (is_array($lines)) { if (is_array($lines)) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
foreach ($lines as $line) { foreach ($lines as $line) {
if (strpos($line, "--") !== 0 && $line) { if (strpos($line, "--") !== 0 && $line) {
db_query($line); $this->dbh->query($line);
} }
} }
$db_version = $this->getSchemaVersion(); $$this->dbh->version = $this->getSchemaVersion();
if ($db_version == $version) { if ($$this->dbh->version == $version) {
db_query("COMMIT"); $this->dbh->query("COMMIT");
return true; return true;
} else { } else {
db_query("ROLLBACK"); $this->dbh->query("ROLLBACK");
return false; return false;
} }
} else { } else {

16
classes/dlg.php
View File

@ -6,7 +6,7 @@ class Dlg extends Handler_Protected {
if (parent::before($method)) { if (parent::before($method)) {
header("Content-Type: text/html"); # required for iframe header("Content-Type: text/html"); # required for iframe
$this->param = db_escape_string($_REQUEST["param"]); $this->param = $this->dbh->escape_string($_REQUEST["param"]);
return true; return true;
} }
return false; return false;
@ -18,7 +18,7 @@ class Dlg extends Handler_Protected {
print "<div class=\"prefFeedOPMLHolder\">"; print "<div class=\"prefFeedOPMLHolder\">";
$owner_uid = $_SESSION["uid"]; $owner_uid = $_SESSION["uid"];
db_query("BEGIN"); $this->dbh->query("BEGIN");
print "<ul class='nomarks'>"; print "<ul class='nomarks'>";
@ -26,7 +26,7 @@ class Dlg extends Handler_Protected {
$opml->opml_import($_SESSION["uid"]); $opml->opml_import($_SESSION["uid"]);
db_query("COMMIT"); $this->dbh->query("COMMIT");
print "</ul>"; print "</ul>";
print "</div>"; print "</div>";
@ -106,11 +106,11 @@ class Dlg extends Handler_Protected {
FROM ttrss_tags WHERE owner_uid = ".$_SESSION["uid"]." FROM ttrss_tags WHERE owner_uid = ".$_SESSION["uid"]."
GROUP BY tag_name ORDER BY count DESC LIMIT 50"; GROUP BY tag_name ORDER BY count DESC LIMIT 50";
$result = db_query($query); $result = $this->dbh->query($query);
$tags = array(); $tags = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$tags[$line["tag_name"]] = $line["count"]; $tags[$line["tag_name"]] = $line["count"];
} }
@ -171,10 +171,10 @@ class Dlg extends Handler_Protected {
print "<label for=\"tag_mode_all\">".__("All tags.")."</input>"; print "<label for=\"tag_mode_all\">".__("All tags.")."</input>";
print "<select id=\"all_tags\" name=\"all_tags\" title=\"" . __('Which Tags?') . "\" multiple=\"multiple\" size=\"10\" style=\"width : 100%\">"; print "<select id=\"all_tags\" name=\"all_tags\" title=\"" . __('Which Tags?') . "\" multiple=\"multiple\" size=\"10\" style=\"width : 100%\">";
$result = db_query("SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']." $result = $this->dbh->query("SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = ".$_SESSION['uid']."
AND LENGTH(tag_name) <= 30 ORDER BY tag_name ASC"); AND LENGTH(tag_name) <= 30 ORDER BY tag_name ASC");
while ($row = db_fetch_assoc($result)) { while ($row = $this->dbh->fetch_assoc($result)) {
$tmp = htmlspecialchars($row["tag_name"]); $tmp = htmlspecialchars($row["tag_name"]);
print "<option value=\"" . str_replace(" ", "%20", $tmp) . "\">$tmp</option>"; print "<option value=\"" . str_replace(" ", "%20", $tmp) . "\">$tmp</option>";
} }
@ -195,7 +195,7 @@ class Dlg extends Handler_Protected {
function generatedFeed() { function generatedFeed() {
$this->params = explode(":", $this->param, 3); $this->params = explode(":", $this->param, 3);
$feed_id = db_escape_string($this->params[0]); $feed_id = $this->dbh->escape_string($this->params[0]);
$is_cat = (bool) $this->params[1]; $is_cat = (bool) $this->params[1];
$key = get_feed_access_key($feed_id, $is_cat); $key = get_feed_access_key($feed_id, $is_cat);

80
classes/feeds.php
View File

@ -164,19 +164,19 @@ class Feeds extends Handler_Protected {
if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) { if ($method == "ForceUpdate" && $feed > 0 && is_numeric($feed)) {
// Update the feed if required with some basic flood control // Update the feed if required with some basic flood control
$result = db_query( $result = $this->dbh->query(
"SELECT cache_images,".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated "SELECT cache_images,".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds WHERE id = '$feed'"); FROM ttrss_feeds WHERE id = '$feed'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$last_updated = strtotime(db_fetch_result($result, 0, "last_updated")); $last_updated = strtotime($this->dbh->fetch_result($result, 0, "last_updated"));
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
if (!$cache_images && time() - $last_updated > 120 || isset($_REQUEST['DevForceUpdate'])) { if (!$cache_images && time() - $last_updated > 120 || isset($_REQUEST['DevForceUpdate'])) {
include "rssfuncs.php"; include "rssfuncs.php";
update_rss_feed($feed, true, true); update_rss_feed($feed, true, true);
} else { } else {
db_query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01' $this->dbh->query("UPDATE ttrss_feeds SET last_updated = '1970-01-01', last_update_started = '1970-01-01'
WHERE id = '$feed'"); WHERE id = '$feed'");
} }
} }
@ -189,21 +189,21 @@ class Feeds extends Handler_Protected {
// FIXME: might break tag display? // FIXME: might break tag display?
if (is_numeric($feed) && $feed > 0 && !$cat_view) { if (is_numeric($feed) && $feed > 0 && !$cat_view) {
$result = db_query( $result = $this->dbh->query(
"SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1"); "SELECT id FROM ttrss_feeds WHERE id = '$feed' LIMIT 1");
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
$reply['content'] = "<div align='center'>".__('Feed not found.')."</div>"; $reply['content'] = "<div align='center'>".__('Feed not found.')."</div>";
} }
} }
@$search = db_escape_string($_REQUEST["query"]); @$search = $this->dbh->escape_string($_REQUEST["query"]);
if ($search) { if ($search) {
$disable_cache = true; $disable_cache = true;
} }
@$search_mode = db_escape_string($_REQUEST["search_mode"]); @$search_mode = $this->dbh->escape_string($_REQUEST["search_mode"]);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
@ -259,7 +259,7 @@ class Feeds extends Handler_Protected {
$feed, $cat_view, $search, $search_mode, $view_mode, $feed, $cat_view, $search, $search_mode, $view_mode,
$last_error); $last_error);
$headlines_count = db_num_rows($result); $headlines_count = $this->dbh->num_rows($result);
/* if (get_pref('COMBINED_DISPLAY_MODE')) { /* if (get_pref('COMBINED_DISPLAY_MODE')) {
$button_plugins = array(); $button_plugins = array();
@ -275,7 +275,7 @@ class Feeds extends Handler_Protected {
global $pluginhost; global $pluginhost;
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
$lnum = $offset; $lnum = $offset;
@ -288,7 +288,7 @@ class Feeds extends Handler_Protected {
$expand_cdm = get_pref('CDM_EXPANDED'); $expand_cdm = get_pref('CDM_EXPANDED');
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd"; $class = ($lnum % 2) ? "even" : "odd";
$id = $line["id"]; $id = $line["id"];
@ -633,17 +633,17 @@ class Feeds extends Handler_Protected {
if ($line["orig_feed_id"]) { if ($line["orig_feed_id"]) {
$tmp_result = db_query("SELECT * FROM ttrss_archived_feeds $tmp_result = $this->dbh->query("SELECT * FROM ttrss_archived_feeds
WHERE id = ".$line["orig_feed_id"]); WHERE id = ".$line["orig_feed_id"]);
if (db_num_rows($tmp_result) != 0) { if ($this->dbh->num_rows($tmp_result) != 0) {
$reply['content'] .= "<div clear='both'>"; $reply['content'] .= "<div clear='both'>";
$reply['content'] .= __("Originally from:"); $reply['content'] .= __("Originally from:");
$reply['content'] .= "&nbsp;"; $reply['content'] .= "&nbsp;";
$tmp_line = db_fetch_assoc($tmp_result); $tmp_line = $this->dbh->fetch_assoc($tmp_result);
$reply['content'] .= "<a target='_blank' $reply['content'] .= "<a target='_blank'
href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" . href=' " . htmlspecialchars($tmp_line['site_url']) . "'>" .
@ -757,18 +757,18 @@ class Feeds extends Handler_Protected {
$reply['content'] .= "<p><span class=\"insensitive\">"; $reply['content'] .= "<p><span class=\"insensitive\">";
$result = db_query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds $result = $this->dbh->query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
WHERE owner_uid = " . $_SESSION['uid']); WHERE owner_uid = " . $_SESSION['uid']);
$last_updated = db_fetch_result($result, 0, "last_updated"); $last_updated = $this->dbh->fetch_result($result, 0, "last_updated");
$last_updated = make_local_datetime($last_updated, false); $last_updated = make_local_datetime($last_updated, false);
$reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated); $reply['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
$result = db_query("SELECT COUNT(id) AS num_errors $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors"); $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
if ($num_errors > 0) { if ($num_errors > 0) {
$reply['content'] .= "<br/>"; $reply['content'] .= "<br/>";
@ -786,7 +786,7 @@ class Feeds extends Handler_Protected {
} }
function catchupAll() { function catchupAll() {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
last_read = NOW(), unread = false WHERE unread = true AND owner_uid = " . $_SESSION["uid"]); last_read = NOW(), unread = false WHERE unread = true AND owner_uid = " . $_SESSION["uid"]);
ccache_zero_all($_SESSION["uid"]); ccache_zero_all($_SESSION["uid"]);
} }
@ -798,17 +798,17 @@ class Feeds extends Handler_Protected {
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$omode = db_escape_string($_REQUEST["omode"]); $omode = $this->dbh->escape_string($_REQUEST["omode"]);
$feed = db_escape_string($_REQUEST["feed"]); $feed = $this->dbh->escape_string($_REQUEST["feed"]);
$method = db_escape_string($_REQUEST["m"]); $method = $this->dbh->escape_string($_REQUEST["m"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]); $view_mode = $this->dbh->escape_string($_REQUEST["view_mode"]);
$limit = 30; $limit = 30;
@$cat_view = $_REQUEST["cat"] == "true"; @$cat_view = $_REQUEST["cat"] == "true";
@$next_unread_feed = db_escape_string($_REQUEST["nuf"]); @$next_unread_feed = $this->dbh->escape_string($_REQUEST["nuf"]);
@$offset = db_escape_string($_REQUEST["skip"]); @$offset = $this->dbh->escape_string($_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); @$vgroup_last_feed = $this->dbh->escape_string($_REQUEST["vgrlf"]);
$order_by = db_escape_string($_REQUEST["order_by"]); $order_by = $this->dbh->escape_string($_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed; if (is_numeric($feed)) $feed = (int) $feed;
@ -824,17 +824,17 @@ class Feeds extends Handler_Protected {
if ($feed < LABEL_BASE_INDEX) { if ($feed < LABEL_BASE_INDEX) {
$label_feed = feed_to_label_id($feed); $label_feed = feed_to_label_id($feed);
$result = db_query("SELECT id FROM ttrss_labels2 WHERE $result = $this->dbh->query("SELECT id FROM ttrss_labels2 WHERE
id = '$label_feed' AND owner_uid = " . $_SESSION['uid']); id = '$label_feed' AND owner_uid = " . $_SESSION['uid']);
} else if (!$cat_view && is_numeric($feed) && $feed > 0) { } else if (!$cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']); id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} else if ($cat_view && is_numeric($feed) && $feed > 0) { } else if ($cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query("SELECT id FROM ttrss_feed_categories WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feed_categories WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']); id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} }
if ($result && db_num_rows($result) == 0) { if ($result && $this->dbh->num_rows($result) == 0) {
print json_encode($this->generate_error_feed(__("Feed not found."))); print json_encode($this->generate_error_feed(__("Feed not found.")));
return; return;
} }
@ -851,13 +851,13 @@ class Feeds extends Handler_Protected {
/* bump login timestamp if needed */ /* bump login timestamp if needed */
if (time() - $_SESSION["last_login_update"] > 3600) { if (time() - $_SESSION["last_login_update"] > 3600) {
db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " . $this->dbh->query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
$_SESSION["uid"]); $_SESSION["uid"]);
$_SESSION["last_login_update"] = time(); $_SESSION["last_login_update"] = time();
} }
if (!$cat_view && is_numeric($feed) && $feed > 0) { if (!$cat_view && is_numeric($feed) && $feed > 0) {
db_query("UPDATE ttrss_feeds SET last_viewed = NOW() $this->dbh->query("UPDATE ttrss_feeds SET last_viewed = NOW()
WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
} }
@ -924,18 +924,18 @@ class Feeds extends Handler_Protected {
$reply['headlines']['content'] .= "<p><span class=\"insensitive\">"; $reply['headlines']['content'] .= "<p><span class=\"insensitive\">";
$result = db_query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds $result = $this->dbh->query("SELECT ".SUBSTRING_FOR_DATE."(MAX(last_updated), 1, 19) AS last_updated FROM ttrss_feeds
WHERE owner_uid = " . $_SESSION['uid']); WHERE owner_uid = " . $_SESSION['uid']);
$last_updated = db_fetch_result($result, 0, "last_updated"); $last_updated = $this->dbh->fetch_result($result, 0, "last_updated");
$last_updated = make_local_datetime($last_updated, false); $last_updated = make_local_datetime($last_updated, false);
$reply['headlines']['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated); $reply['headlines']['content'] .= sprintf(__("Feeds last updated at %s"), $last_updated);
$result = db_query("SELECT COUNT(id) AS num_errors $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors"); $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
if ($num_errors > 0) { if ($num_errors > 0) {
$reply['headlines']['content'] .= "<br/>"; $reply['headlines']['content'] .= "<br/>";
@ -1044,7 +1044,7 @@ class Feeds extends Handler_Protected {
function feedBrowser() { function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$browser_search = db_escape_string($_REQUEST["search"]); $browser_search = $this->dbh->escape_string($_REQUEST["search"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
@ -1092,7 +1092,7 @@ class Feeds extends Handler_Protected {
} }
function search() { function search() {
$this->params = explode(":", db_escape_string($_REQUEST["param"]), 2); $this->params = explode(":", $this->dbh->escape_string($_REQUEST["param"]), 2);
$active_feed_id = sprintf("%d", $this->params[0]); $active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false"; $is_cat = $this->params[1] != "false";

120
classes/handler/public.php
View File

@ -28,8 +28,8 @@ class Handler_Public extends Handler {
$result = $qfh_ret[0]; $result = $qfh_ret[0];
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$ts = strtotime(db_fetch_result($result, 0, "date_entered")); $ts = strtotime($this->dbh->fetch_result($result, 0, "date_entered"));
if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) && if (isset($_SERVER['HTTP_IF_MODIFIED_SINCE']) &&
strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) { strtotime($_SERVER['HTTP_IF_MODIFIED_SINCE']) >= $ts) {
@ -74,7 +74,7 @@ class Handler_Public extends Handler {
$tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true); $tpl->setVariable('SELF_URL', htmlspecialchars(get_self_url_prefix()), true);
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true); $tpl->setVariable('ARTICLE_ID', htmlspecialchars($line['link']), true);
$tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true); $tpl->setVariable('ARTICLE_LINK', htmlspecialchars($line['link']), true);
@ -151,7 +151,7 @@ class Handler_Public extends Handler {
$feed['articles'] = array(); $feed['articles'] = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$article = array(); $article = array();
$article['id'] = $line['link']; $article['id'] = $line['link'];
@ -201,13 +201,13 @@ class Handler_Public extends Handler {
} }
function getUnread() { function getUnread() {
$login = db_escape_string($_REQUEST["login"]); $login = $this->dbh->escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1"; $fresh = $_REQUEST["fresh"] == "1";
$result = db_query("SELECT id FROM ttrss_users WHERE login = '$login'"); $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id"); $uid = $this->dbh->fetch_result($result, 0, "id");
print getGlobalUnread($uid); print getGlobalUnread($uid);
@ -223,16 +223,16 @@ class Handler_Public extends Handler {
} }
function getProfiles() { function getProfiles() {
$login = db_escape_string($_REQUEST["login"]); $login = $this->dbh->escape_string($_REQUEST["login"]);
$result = db_query("SELECT * FROM ttrss_settings_profiles,ttrss_users $result = $this->dbh->query("SELECT * FROM ttrss_settings_profiles,ttrss_users
WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title");
print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>"; print "<select dojoType='dijit.form.Select' style='width : 220px; margin : 0px' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>"; print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$id = $line["id"]; $id = $line["id"];
$title = $line["title"]; $title = $line["title"];
@ -243,9 +243,9 @@ class Handler_Public extends Handler {
} }
function pubsub() { function pubsub() {
$mode = db_escape_string($_REQUEST['hub_mode']); $mode = $this->dbh->escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']); $feed_id = (int) $this->dbh->escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']); $feed_url = $this->dbh->escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) { if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found'); header('HTTP/1.0 404 Not Found');
@ -255,17 +255,17 @@ class Handler_Public extends Handler {
// TODO: implement hub_verifytoken checking // TODO: implement hub_verifytoken checking
$result = db_query("SELECT feed_url FROM ttrss_feeds $result = $this->dbh->query("SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$check_feed_url = db_fetch_result($result, 0, "feed_url"); $check_feed_url = $this->dbh->fetch_result($result, 0, "feed_url");
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) { if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") { if ($mode == "subscribe") {
db_query("UPDATE ttrss_feeds SET pubsub_state = 2 $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge']; print $_REQUEST['hub_challenge'];
@ -273,7 +273,7 @@ class Handler_Public extends Handler {
} else if ($mode == "unsubscribe") { } else if ($mode == "unsubscribe") {
db_query("UPDATE ttrss_feeds SET pubsub_state = 0 $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge']; print $_REQUEST['hub_challenge'];
@ -284,7 +284,7 @@ class Handler_Public extends Handler {
// Received update ping, schedule feed update. // Received update ping, schedule feed update.
//update_rss_feed($feed_id, true, true); //update_rss_feed($feed_id, true, true);
db_query("UPDATE ttrss_feeds SET $this->dbh->query("UPDATE ttrss_feeds SET
last_update_started = '1970-01-01', last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id'"); last_updated = '1970-01-01' WHERE id = '$feed_id'");
@ -306,16 +306,16 @@ class Handler_Public extends Handler {
} }
function share() { function share() {
$uuid = db_escape_string($_REQUEST["key"]); $uuid = $this->dbh->escape_string($_REQUEST["key"]);
$result = db_query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE $result = $this->dbh->query("SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'"); uuid = '$uuid'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
header("Content-Type: text/html"); header("Content-Type: text/html");
$id = db_fetch_result($result, 0, "ref_id"); $id = $this->dbh->fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid"); $owner_uid = $this->dbh->fetch_result($result, 0, "owner_uid");
$article = format_article($id, false, true, $owner_uid); $article = format_article($id, false, true, $owner_uid);
@ -328,17 +328,17 @@ class Handler_Public extends Handler {
} }
function rss() { function rss() {
$feed = db_escape_string($_REQUEST["id"]); $feed = $this->dbh->escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]); $key = $this->dbh->escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false; $is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string($_REQUEST["limit"]); $limit = (int)$this->dbh->escape_string($_REQUEST["limit"]);
$offset = (int)db_escape_string($_REQUEST["offset"]); $offset = (int)$this->dbh->escape_string($_REQUEST["offset"]);
$search = db_escape_string($_REQUEST["q"]); $search = $this->dbh->escape_string($_REQUEST["q"]);
$search_mode = db_escape_string($_REQUEST["smode"]); $search_mode = $this->dbh->escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]); $view_mode = $this->dbh->escape_string($_REQUEST["view-mode"]);
$format = db_escape_string($_REQUEST['format']); $format = $this->dbh->escape_string($_REQUEST['format']);
if (!$format) $format = 'atom'; if (!$format) $format = 'atom';
@ -349,11 +349,11 @@ class Handler_Public extends Handler {
$owner_id = false; $owner_id = false;
if ($key) { if ($key) {
$result = db_query("SELECT owner_uid FROM $result = $this->dbh->query("SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'"); ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1) if ($this->dbh->num_rows($result) == 1)
$owner_id = db_fetch_result($result, 0, "owner_uid"); $owner_id = $this->dbh->fetch_result($result, 0, "owner_uid");
} }
if ($owner_id) { if ($owner_id) {
@ -402,10 +402,10 @@ class Handler_Public extends Handler {
if ($action == 'share') { if ($action == 'share') {
$title = db_escape_string(strip_tags($_REQUEST["title"])); $title = $this->dbh->escape_string(strip_tags($_REQUEST["title"]));
$url = db_escape_string(strip_tags($_REQUEST["url"])); $url = $this->dbh->escape_string(strip_tags($_REQUEST["url"]));
$content = db_escape_string(strip_tags($_REQUEST["content"])); $content = $this->dbh->escape_string(strip_tags($_REQUEST["content"]));
$labels = db_escape_string(strip_tags($_REQUEST["labels"])); $labels = $this->dbh->escape_string(strip_tags($_REQUEST["labels"]));
Article::create_published_article($title, $url, $content, $labels, Article::create_published_article($title, $url, $content, $labels,
$_SESSION["uid"]); $_SESSION["uid"]);
@ -513,7 +513,7 @@ class Handler_Public extends Handler {
if (!SINGLE_USER_MODE) { if (!SINGLE_USER_MODE) {
$login = db_escape_string($_POST["login"]); $login = $this->dbh->escape_string($_POST["login"]);
$password = $_POST["password"]; $password = $_POST["password"];
$remember_me = $_POST["remember_me"]; $remember_me = $_POST["remember_me"];
@ -534,12 +534,12 @@ class Handler_Public extends Handler {
if ($_POST["profile"]) { if ($_POST["profile"]) {
$profile = db_escape_string($_POST["profile"]); $profile = $this->dbh->escape_string($_POST["profile"]);
$result = db_query("SELECT id FROM ttrss_settings_profiles $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$_SESSION["profile"] = $profile; $_SESSION["profile"] = $profile;
$_SESSION["prefs_cache"] = array(); $_SESSION["prefs_cache"] = array();
} }
@ -563,7 +563,7 @@ class Handler_Public extends Handler {
if ($_SESSION["uid"]) { if ($_SESSION["uid"]) {
$feed_url = db_escape_string(trim($_REQUEST["feed_url"])); $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
header('Content-Type: text/html; charset=utf-8'); header('Content-Type: text/html; charset=utf-8');
print "<html> print "<html>
@ -625,10 +625,10 @@ class Handler_Public extends Handler {
$tt_uri = get_self_url_prefix(); $tt_uri = get_self_url_prefix();
if ($rc['code'] <= 2){ if ($rc['code'] <= 2){
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
$feed_id = db_fetch_result($result, 0, "id"); $feed_id = $this->dbh->fetch_result($result, 0, "id");
} else { } else {
$feed_id = 0; $feed_id = 0;
} }
@ -656,14 +656,14 @@ class Handler_Public extends Handler {
} }
function subscribe2() { function subscribe2() {
$feed_url = db_escape_string(trim($_REQUEST["feed_url"])); $feed_url = $this->dbh->escape_string(trim($_REQUEST["feed_url"]));
$cat_id = db_escape_string($_REQUEST["cat_id"]); $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
$from = db_escape_string($_REQUEST["from"]); $from = $this->dbh->escape_string($_REQUEST["from"]);
/* only read authentication information from POST */ /* only read authentication information from POST */
$auth_login = db_escape_string(trim($_POST["auth_login"])); $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"]));
$auth_pass = db_escape_string(trim($_POST["auth_pass"])); $auth_pass = $this->dbh->escape_string(trim($_POST["auth_pass"]));
$rc = subscribe_to_feed($feed_url, $cat_id, $auth_login, $auth_pass); $rc = subscribe_to_feed($feed_url, $cat_id, $auth_login, $auth_pass);
@ -712,10 +712,10 @@ class Handler_Public extends Handler {
$tt_uri = get_self_url_prefix(); $tt_uri = get_self_url_prefix();
if ($rc <= 2){ if ($rc <= 2){
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
$feed_id = db_fetch_result($result, 0, "id"); $feed_id = $this->dbh->fetch_result($result, 0, "id");
} else { } else {
$feed_id = 0; $feed_id = 0;
} }
@ -788,9 +788,9 @@ class Handler_Public extends Handler {
print "</form>"; print "</form>";
} else if ($method == 'do') { } else if ($method == 'do') {
$login = db_escape_string($_POST["login"]); $login = $this->dbh->escape_string($_POST["login"]);
$email = db_escape_string($_POST["email"]); $email = $this->dbh->escape_string($_POST["email"]);
$test = db_escape_string($_POST["test"]); $test = $this->dbh->escape_string($_POST["test"]);
if (($test != 4 && $test != 'four') || !$email || !$login) { if (($test != 4 && $test != 'four') || !$email || !$login) {
print_error(__('Some of the required form parameters are missing or incorrect.')); print_error(__('Some of the required form parameters are missing or incorrect.'));
@ -802,11 +802,11 @@ class Handler_Public extends Handler {
} else { } else {
$result = db_query("SELECT id FROM ttrss_users $result = $this->dbh->query("SELECT id FROM ttrss_users
WHERE login = '$login' AND email = '$email'"); WHERE login = '$login' AND email = '$email'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$id = db_fetch_result($result, 0, "id"); $id = $this->dbh->fetch_result($result, 0, "id");
Pref_Users::resetUserPassword($id, false); Pref_Users::resetUserPassword($id, false);

2
classes/logger/sql.php
View File

@ -12,7 +12,7 @@ class Logger_SQL {
$file = Db::get()->escape_string($file); $file = Db::get()->escape_string($file);
$line = Db::get()->escape_string($line); $line = Db::get()->escape_string($line);
$context = ''; // backtrace is a lot of data which is not really critical to store $context = ''; // backtrace is a lot of data which is not really critical to store
//$context = db_escape_string(serialize($context)); //$context = $this->dbh->escape_string(serialize($context));
$owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL"; $owner_uid = $_SESSION["uid"] ? $_SESSION["uid"] : "NULL";

108
classes/opml.php
View File

@ -66,27 +66,27 @@ class Opml extends Handler_Protected {
$out = ""; $out = "";
if ($cat_id) { if ($cat_id) {
$result = db_query("SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id' $result = $this->dbh->query("SELECT title FROM ttrss_feed_categories WHERE id = '$cat_id'
AND owner_uid = '$owner_uid'"); AND owner_uid = '$owner_uid'");
$cat_title = htmlspecialchars(db_fetch_result($result, 0, "title")); $cat_title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
} }
if ($cat_title) $out .= "<outline text=\"$cat_title\">\n"; if ($cat_title) $out .= "<outline text=\"$cat_title\">\n";
$result = db_query("SELECT id,title $result = $this->dbh->query("SELECT id,title
FROM ttrss_feed_categories WHERE FROM ttrss_feed_categories WHERE
$cat_qpart AND owner_uid = '$owner_uid' ORDER BY order_id, title"); $cat_qpart AND owner_uid = '$owner_uid' ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$title = htmlspecialchars($line["title"]); $title = htmlspecialchars($line["title"]);
$out .= $this->opml_export_category($owner_uid, $line["id"], $hide_private_feeds); $out .= $this->opml_export_category($owner_uid, $line["id"], $hide_private_feeds);
} }
$feeds_result = db_query("select title, feed_url, site_url $feeds_result = $this->dbh->query("select title, feed_url, site_url
from ttrss_feeds where $feed_cat_qpart AND owner_uid = '$owner_uid' AND $hide_qpart from ttrss_feeds where $feed_cat_qpart AND owner_uid = '$owner_uid' AND $hide_qpart
order by order_id, title"); order by order_id, title");
while ($fline = db_fetch_assoc($feeds_result)) { while ($fline = $this->dbh->fetch_assoc($feeds_result)) {
$title = htmlspecialchars($fline["title"]); $title = htmlspecialchars($fline["title"]);
$url = htmlspecialchars($fline["feed_url"]); $url = htmlspecialchars($fline["feed_url"]);
$site_url = htmlspecialchars($fline["site_url"]); $site_url = htmlspecialchars($fline["site_url"]);
@ -131,10 +131,10 @@ class Opml extends Handler_Protected {
if ($include_settings) { if ($include_settings) {
$out .= "<outline text=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">"; $out .= "<outline text=\"tt-rss-prefs\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query("SELECT pref_name, value FROM ttrss_user_prefs WHERE $result = $this->dbh->query("SELECT pref_name, value FROM ttrss_user_prefs WHERE
profile IS NULL AND owner_uid = " . $_SESSION["uid"] . " ORDER BY pref_name"); profile IS NULL AND owner_uid = " . $_SESSION["uid"] . " ORDER BY pref_name");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$name = $line["pref_name"]; $name = $line["pref_name"];
$value = htmlspecialchars($line["value"]); $value = htmlspecialchars($line["value"]);
@ -145,10 +145,10 @@ class Opml extends Handler_Protected {
$out .= "<outline text=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">"; $out .= "<outline text=\"tt-rss-labels\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query("SELECT * FROM ttrss_labels2 WHERE $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
owner_uid = " . $_SESSION['uid']); owner_uid = " . $_SESSION['uid']);
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$name = htmlspecialchars($line['caption']); $name = htmlspecialchars($line['caption']);
$fg_color = htmlspecialchars($line['fg_color']); $fg_color = htmlspecialchars($line['fg_color']);
$bg_color = htmlspecialchars($line['bg_color']); $bg_color = htmlspecialchars($line['bg_color']);
@ -161,10 +161,10 @@ class Opml extends Handler_Protected {
$out .= "<outline text=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">"; $out .= "<outline text=\"tt-rss-filters\" schema-version=\"".SCHEMA_VERSION."\">";
$result = db_query("SELECT * FROM ttrss_filters2 $result = $this->dbh->query("SELECT * FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY id"); WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY id");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
foreach (array('enabled', 'match_any_rule') as $b) { foreach (array('enabled', 'match_any_rule') as $b) {
$line[$b] = sql_bool_to_bool($line[$b]); $line[$b] = sql_bool_to_bool($line[$b]);
} }
@ -172,10 +172,10 @@ class Opml extends Handler_Protected {
$line["rules"] = array(); $line["rules"] = array();
$line["actions"] = array(); $line["actions"] = array();
$tmp_result = db_query("SELECT * FROM ttrss_filters2_rules $tmp_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = ".$line["id"]); WHERE filter_id = ".$line["id"]);
while ($tmp_line = db_fetch_assoc($tmp_result)) { while ($tmp_line = $this->dbh->fetch_assoc($tmp_result)) {
unset($tmp_line["id"]); unset($tmp_line["id"]);
unset($tmp_line["filter_id"]); unset($tmp_line["filter_id"]);
@ -197,10 +197,10 @@ class Opml extends Handler_Protected {
array_push($line["rules"], $tmp_line); array_push($line["rules"], $tmp_line);
} }
$tmp_result = db_query("SELECT * FROM ttrss_filters2_actions $tmp_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = ".$line["id"]); WHERE filter_id = ".$line["id"]);
while ($tmp_line = db_fetch_assoc($tmp_result)) { while ($tmp_line = $this->dbh->fetch_assoc($tmp_result)) {
unset($tmp_line["id"]); unset($tmp_line["id"]);
unset($tmp_line["filter_id"]); unset($tmp_line["filter_id"]);
@ -253,19 +253,19 @@ class Opml extends Handler_Protected {
private function opml_import_feed($doc, $node, $cat_id, $owner_uid) { private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
$attrs = $node->attributes; $attrs = $node->attributes;
$feed_title = db_escape_string(mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250)); $feed_title = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
if (!$feed_title) $feed_title = db_escape_string(mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250)); if (!$feed_title) $feed_title = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
$feed_url = db_escape_string(mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250)); $feed_url = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
if (!$feed_url) $feed_url = db_escape_string(mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250)); if (!$feed_url) $feed_url = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
$site_url = db_escape_string(mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250)); $site_url = $this->dbh->escape_string(mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
if ($feed_url && $feed_title) { if ($feed_url && $feed_title) {
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = '$owner_uid'"); feed_url = '$feed_url' AND owner_uid = '$owner_uid'");
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
#$this->opml_notice("[FEED] [$feed_title/$feed_url] dst_CAT=$cat_id"); #$this->opml_notice("[FEED] [$feed_title/$feed_url] dst_CAT=$cat_id");
$this->opml_notice(T_sprintf("Adding feed: %s", $feed_title)); $this->opml_notice(T_sprintf("Adding feed: %s", $feed_title));
@ -275,7 +275,7 @@ class Opml extends Handler_Protected {
(title, feed_url, owner_uid, cat_id, site_url, order_id) VALUES (title, feed_url, owner_uid, cat_id, site_url, order_id) VALUES
('$feed_title', '$feed_url', '$owner_uid', ('$feed_title', '$feed_url', '$owner_uid',
$cat_id, '$site_url', 0)"; $cat_id, '$site_url', 0)";
db_query($query); $this->dbh->query($query);
} else { } else {
$this->opml_notice(T_sprintf("Duplicate feed: %s", $feed_title)); $this->opml_notice(T_sprintf("Duplicate feed: %s", $feed_title));
@ -285,11 +285,11 @@ class Opml extends Handler_Protected {
private function opml_import_label($doc, $node, $owner_uid) { private function opml_import_label($doc, $node, $owner_uid) {
$attrs = $node->attributes; $attrs = $node->attributes;
$label_name = db_escape_string($attrs->getNamedItem('label-name')->nodeValue); $label_name = $this->dbh->escape_string($attrs->getNamedItem('label-name')->nodeValue);
if ($label_name) { if ($label_name) {
$fg_color = db_escape_string($attrs->getNamedItem('label-fg-color')->nodeValue); $fg_color = $this->dbh->escape_string($attrs->getNamedItem('label-fg-color')->nodeValue);
$bg_color = db_escape_string($attrs->getNamedItem('label-bg-color')->nodeValue); $bg_color = $this->dbh->escape_string($attrs->getNamedItem('label-bg-color')->nodeValue);
if (!label_find_id($label_name, $_SESSION['uid'])) { if (!label_find_id($label_name, $_SESSION['uid'])) {
$this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name))); $this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name)));
@ -302,10 +302,10 @@ class Opml extends Handler_Protected {
private function opml_import_preference($doc, $node, $owner_uid) { private function opml_import_preference($doc, $node, $owner_uid) {
$attrs = $node->attributes; $attrs = $node->attributes;
$pref_name = db_escape_string($attrs->getNamedItem('pref-name')->nodeValue); $pref_name = $this->dbh->escape_string($attrs->getNamedItem('pref-name')->nodeValue);
if ($pref_name) { if ($pref_name) {
$pref_value = db_escape_string($attrs->getNamedItem('value')->nodeValue); $pref_value = $this->dbh->escape_string($attrs->getNamedItem('value')->nodeValue);
$this->opml_notice(T_sprintf("Setting preference key %s to %s", $this->opml_notice(T_sprintf("Setting preference key %s to %s",
$pref_name, $pref_value)); $pref_name, $pref_value));
@ -317,7 +317,7 @@ class Opml extends Handler_Protected {
private function opml_import_filter($doc, $node, $owner_uid) { private function opml_import_filter($doc, $node, $owner_uid) {
$attrs = $node->attributes; $attrs = $node->attributes;
$filter_type = db_escape_string($attrs->getNamedItem('filter-type')->nodeValue); $filter_type = $this->dbh->escape_string($attrs->getNamedItem('filter-type')->nodeValue);
if ($filter_type == '2') { if ($filter_type == '2') {
$filter = json_decode($node->nodeValue, true); $filter = json_decode($node->nodeValue, true);
@ -326,14 +326,14 @@ class Opml extends Handler_Protected {
$match_any_rule = bool_to_sql_bool($filter["match_any_rule"]); $match_any_rule = bool_to_sql_bool($filter["match_any_rule"]);
$enabled = bool_to_sql_bool($filter["enabled"]); $enabled = bool_to_sql_bool($filter["enabled"]);
db_query("BEGIN"); $this->dbh->query("BEGIN");
db_query("INSERT INTO ttrss_filters2 (match_any_rule,enabled,owner_uid) $this->dbh->query("INSERT INTO ttrss_filters2 (match_any_rule,enabled,owner_uid)
VALUES ($match_any_rule, $enabled,".$_SESSION["uid"].")"); VALUES ($match_any_rule, $enabled,".$_SESSION["uid"].")");
$result = db_query("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE
owner_uid = ".$_SESSION["uid"]); owner_uid = ".$_SESSION["uid"]);
$filter_id = db_fetch_result($result, 0, "id"); $filter_id = $this->dbh->fetch_result($result, 0, "id");
if ($filter_id) { if ($filter_id) {
$this->opml_notice(T_sprintf("Adding filter...")); $this->opml_notice(T_sprintf("Adding filter..."));
@ -343,39 +343,39 @@ class Opml extends Handler_Protected {
$cat_id = "NULL"; $cat_id = "NULL";
if (!$rule["cat_filter"]) { if (!$rule["cat_filter"]) {
$tmp_result = db_query("SELECT id FROM ttrss_feeds $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feeds
WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); WHERE title = '".$this->dbh->escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) { if ($this->dbh->num_rows($tmp_result) > 0) {
$feed_id = db_fetch_result($tmp_result, 0, "id"); $feed_id = $this->dbh->fetch_result($tmp_result, 0, "id");
} }
} else { } else {
$tmp_result = db_query("SELECT id FROM ttrss_feed_categories $tmp_result = $this->dbh->query("SELECT id FROM ttrss_feed_categories
WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); WHERE title = '".$this->dbh->escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($tmp_result) > 0) { if ($this->dbh->num_rows($tmp_result) > 0) {
$cat_id = db_fetch_result($tmp_result, 0, "id"); $cat_id = $this->dbh->fetch_result($tmp_result, 0, "id");
} }
} }
$cat_filter = bool_to_sql_bool($rule["cat_filter"]); $cat_filter = bool_to_sql_bool($rule["cat_filter"]);
$reg_exp = db_escape_string($rule["reg_exp"]); $reg_exp = $this->dbh->escape_string($rule["reg_exp"]);
$filter_type = (int)$rule["filter_type"]; $filter_type = (int)$rule["filter_type"];
db_query("INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter) $this->dbh->query("INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter)
VALUES ($feed_id, $cat_id, $filter_id, $filter_type, '$reg_exp', $cat_filter)"); VALUES ($feed_id, $cat_id, $filter_id, $filter_type, '$reg_exp', $cat_filter)");
} }
foreach ($filter["actions"] as $action) { foreach ($filter["actions"] as $action) {
$action_id = (int)$action["action_id"]; $action_id = (int)$action["action_id"];
$action_param = db_escape_string($action["action_param"]); $action_param = $this->dbh->escape_string($action["action_param"]);
db_query("INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param) $this->dbh->query("INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param)
VALUES ($filter_id, $action_id, '$action_param')"); VALUES ($filter_id, $action_id, '$action_param')");
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
} }
@ -386,19 +386,19 @@ class Opml extends Handler_Protected {
$default_cat_id = (int) get_feed_category('Imported feeds', false); $default_cat_id = (int) get_feed_category('Imported feeds', false);
if ($root_node) { if ($root_node) {
$cat_title = db_escape_string(mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250)); $cat_title = $this->dbh->escape_string(mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
if (!$cat_title) if (!$cat_title)
$cat_title = db_escape_string(mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250)); $cat_title = $this->dbh->escape_string(mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) { if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = get_feed_category($cat_title, $parent_id); $cat_id = get_feed_category($cat_title, $parent_id);
db_query("BEGIN"); $this->dbh->query("BEGIN");
if ($cat_id === false) { if ($cat_id === false) {
add_feed_category($cat_title, $parent_id); add_feed_category($cat_title, $parent_id);
$cat_id = get_feed_category($cat_title, $parent_id); $cat_id = get_feed_category($cat_title, $parent_id);
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} else { } else {
$cat_id = 0; $cat_id = 0;
} }
@ -418,12 +418,12 @@ class Opml extends Handler_Protected {
foreach ($outlines as $node) { foreach ($outlines as $node) {
if ($node->hasAttributes() && strtolower($node->tagName) == "outline") { if ($node->hasAttributes() && strtolower($node->tagName) == "outline") {
$attrs = $node->attributes; $attrs = $node->attributes;
$node_cat_title = db_escape_string($attrs->getNamedItem('text')->nodeValue); $node_cat_title = $this->dbh->escape_string($attrs->getNamedItem('text')->nodeValue);
if (!$node_cat_title) if (!$node_cat_title)
$node_cat_title = db_escape_string($attrs->getNamedItem('title')->nodeValue); $node_cat_title = $this->dbh->escape_string($attrs->getNamedItem('title')->nodeValue);
$node_feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue); $node_feed_url = $this->dbh->escape_string($attrs->getNamedItem('xmlUrl')->nodeValue);
if ($node_cat_title && !$node_feed_url) { if ($node_cat_title && !$node_feed_url) {
$this->opml_import_category($doc, $node, $owner_uid, $cat_id); $this->opml_import_category($doc, $node, $owner_uid, $cat_id);

24
classes/pluginhost.php
View File

@ -222,12 +222,12 @@ class PluginHost {
function load_data($force = false) { function load_data($force = false) {
if ($this->owner_uid && (!$_SESSION["plugin_storage"] || $force)) { if ($this->owner_uid && (!$_SESSION["plugin_storage"] || $force)) {
$plugin = db_escape_string($plugin); $plugin = $this->dbh->escape_string($plugin);
$result = db_query("SELECT name, content FROM ttrss_plugin_storage $result = $this->dbh->query("SELECT name, content FROM ttrss_plugin_storage
WHERE owner_uid = '".$this->owner_uid."'"); WHERE owner_uid = '".$this->owner_uid."'");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$this->storage[$line["name"]] = unserialize($line["content"]); $this->storage[$line["name"]] = unserialize($line["content"]);
} }
@ -237,29 +237,29 @@ class PluginHost {
private function save_data($plugin) { private function save_data($plugin) {
if ($this->owner_uid) { if ($this->owner_uid) {
$plugin = db_escape_string($plugin); $plugin = $this->dbh->escape_string($plugin);
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT id FROM ttrss_plugin_storage WHERE $result = $this->dbh->query("SELECT id FROM ttrss_plugin_storage WHERE
owner_uid= '".$this->owner_uid."' AND name = '$plugin'"); owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
if (!isset($this->storage[$plugin])) if (!isset($this->storage[$plugin]))
$this->storage[$plugin] = array(); $this->storage[$plugin] = array();
$content = db_escape_string(serialize($this->storage[$plugin])); $content = $this->dbh->escape_string(serialize($this->storage[$plugin]));
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
db_query("UPDATE ttrss_plugin_storage SET content = '$content' $this->dbh->query("UPDATE ttrss_plugin_storage SET content = '$content'
WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'"); WHERE owner_uid= '".$this->owner_uid."' AND name = '$plugin'");
} else { } else {
db_query("INSERT INTO ttrss_plugin_storage $this->dbh->query("INSERT INTO ttrss_plugin_storage
(name,owner_uid,content) VALUES (name,owner_uid,content) VALUES
('$plugin','".$this->owner_uid."','$content')"); ('$plugin','".$this->owner_uid."','$content')");
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
@ -298,7 +298,7 @@ class PluginHost {
unset($this->storage[$idx]); unset($this->storage[$idx]);
db_query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx' $this->dbh->query("DELETE FROM ttrss_plugin_storage WHERE name = '$idx'
AND owner_uid = " . $this->owner_uid); AND owner_uid = " . $this->owner_uid);
$_SESSION["plugin_storage"] = $this->storage; $_SESSION["plugin_storage"] = $this->storage;

252
classes/pref/feeds.php
View File

@ -15,11 +15,11 @@ class Pref_Feeds extends Handler_Protected {
} }
function renamecat() { function renamecat() {
$title = db_escape_string($_REQUEST['title']); $title = $this->dbh->escape_string($_REQUEST['title']);
$id = db_escape_string($_REQUEST['id']); $id = $this->dbh->escape_string($_REQUEST['id']);
if ($title) { if ($title) {
db_query("UPDATE ttrss_feed_categories SET $this->dbh->query("UPDATE ttrss_feed_categories SET
title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} }
return; return;
@ -41,10 +41,10 @@ class Pref_Feeds extends Handler_Protected {
$items = array(); $items = array();
$result = db_query("SELECT id, title FROM ttrss_feed_categories $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title"); WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$cat = array(); $cat = array();
$cat['id'] = 'CAT:' . $line['id']; $cat['id'] = 'CAT:' . $line['id'];
@ -65,13 +65,13 @@ class Pref_Feeds extends Handler_Protected {
} }
$feed_result = db_query("SELECT id, title, last_error, $feed_result = $this->dbh->query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds FROM ttrss_feeds
WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"]. WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title"); "$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) { while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array(); $feed = array();
$feed['id'] = 'FEED:' . $feed_line['id']; $feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id']; $feed['bare_id'] = (int)$feed_line['id'];
@ -154,10 +154,10 @@ class Pref_Feeds extends Handler_Protected {
$root['items'] = array_merge($root['items'], $cat['items']); $root['items'] = array_merge($root['items'], $cat['items']);
} }
$result = db_query("SELECT * FROM $result = $this->dbh->query("SELECT * FROM
ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption"); ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption");
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
if (get_pref('ENABLE_FEED_CATS')) { if (get_pref('ENABLE_FEED_CATS')) {
$cat = $this->feedlist_init_cat(-2); $cat = $this->feedlist_init_cat(-2);
@ -165,7 +165,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = array(); $cat['items'] = array();
} }
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$label_id = label_to_feed_id($line['id']); $label_id = label_to_feed_id($line['id']);
@ -190,10 +190,10 @@ class Pref_Feeds extends Handler_Protected {
($_REQUEST['mode'] != 2 && !$search && ($_REQUEST['mode'] != 2 && !$search &&
get_pref('_PREFS_SHOW_EMPTY_CATS')); get_pref('_PREFS_SHOW_EMPTY_CATS'));
$result = db_query("SELECT id, title FROM ttrss_feed_categories $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title"); WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$cat = array(); $cat = array();
$cat['id'] = 'CAT:' . $line['id']; $cat['id'] = 'CAT:' . $line['id'];
$cat['bare_id'] = (int)$line['id']; $cat['bare_id'] = (int)$line['id'];
@ -226,13 +226,13 @@ class Pref_Feeds extends Handler_Protected {
$cat['unread'] = 0; $cat['unread'] = 0;
$cat['child_unread'] = 0; $cat['child_unread'] = 0;
$feed_result = db_query("SELECT id, title,last_error, $feed_result = $this->dbh->query("SELECT id, title,last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds FROM ttrss_feeds
WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"]. WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title"); "$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) { while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array(); $feed = array();
$feed['id'] = 'FEED:' . $feed_line['id']; $feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id']; $feed['bare_id'] = (int)$feed_line['id'];
@ -257,13 +257,13 @@ class Pref_Feeds extends Handler_Protected {
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); $root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
} else { } else {
$feed_result = db_query("SELECT id, title, last_error, $feed_result = $this->dbh->query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds FROM ttrss_feeds
WHERE owner_uid = ".$_SESSION["uid"]. WHERE owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title"); "$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) { while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array(); $feed = array();
$feed['id'] = 'FEED:' . $feed_line['id']; $feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id']; $feed['bare_id'] = (int)$feed_line['id'];
@ -296,13 +296,13 @@ class Pref_Feeds extends Handler_Protected {
} }
function catsortreset() { function catsortreset() {
db_query("UPDATE ttrss_feed_categories $this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return; return;
} }
function feedsortreset() { function feedsortreset() {
db_query("UPDATE ttrss_feeds $this->dbh->query("UPDATE ttrss_feeds
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return; return;
} }
@ -326,12 +326,12 @@ class Pref_Feeds extends Handler_Protected {
if ($item_id != 'root') { if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') { if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1); $parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
$parent_qpart = db_escape_string($parent_bare_id); $parent_qpart = $this->dbh->escape_string($parent_bare_id);
} else { } else {
$parent_qpart = 'NULL'; $parent_qpart = 'NULL';
} }
db_query("UPDATE ttrss_feed_categories $this->dbh->query("UPDATE ttrss_feed_categories
SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
} }
@ -352,12 +352,12 @@ class Pref_Feeds extends Handler_Protected {
if (strpos($id, "FEED") === 0) { if (strpos($id, "FEED") === 0) {
$cat_id = ($item_id != "root") ? $cat_id = ($item_id != "root") ?
db_escape_string($bare_item_id) : "NULL"; $this->dbh->escape_string($bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" : $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL"; "cat_id = NULL";
db_query("UPDATE ttrss_feeds $this->dbh->query("UPDATE ttrss_feeds
SET order_id = $order_id, $cat_qpart SET order_id = $order_id, $cat_qpart
WHERE id = '$bare_id' AND WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
@ -367,12 +367,12 @@ class Pref_Feeds extends Handler_Protected {
$nest_level+1); $nest_level+1);
if ($item_id != 'root') { if ($item_id != 'root') {
$parent_qpart = db_escape_string($bare_id); $parent_qpart = $this->dbh->escape_string($bare_id);
} else { } else {
$parent_qpart = 'NULL'; $parent_qpart = 'NULL';
} }
db_query("UPDATE ttrss_feed_categories $this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = '$order_id' WHERE id = '$bare_id' AND SET order_id = '$order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
} }
@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected {
++$cat_order_id; ++$cat_order_id;
if ($bare_id > 0) { if ($bare_id > 0) {
db_query("UPDATE ttrss_feed_categories $this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
} }
@ -441,7 +441,7 @@ class Pref_Feeds extends Handler_Protected {
else else
$cat_query = "cat_id = NULL"; $cat_query = "cat_id = NULL";
db_query("UPDATE ttrss_feeds $this->dbh->query("UPDATE ttrss_feeds
SET order_id = '$feed_order_id', SET order_id = '$feed_order_id',
$cat_query $cat_query
WHERE id = '$feed_id' AND WHERE id = '$feed_id' AND
@ -457,15 +457,15 @@ class Pref_Feeds extends Handler_Protected {
} }
function removeicon() { function removeicon() {
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
$result = db_query("SELECT id FROM ttrss_feeds $result = $this->dbh->query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
@unlink(ICONS_DIR . "/$feed_id.ico"); @unlink(ICONS_DIR . "/$feed_id.ico");
db_query("UPDATE ttrss_feeds SET favicon_avg_color = NULL $this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
where id = '$feed_id'"); where id = '$feed_id'");
} }
@ -491,24 +491,24 @@ class Pref_Feeds extends Handler_Protected {
} }
$icon_file = $tmp_file; $icon_file = $tmp_file;
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) { if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 20000) { if (filesize($icon_file) < 20000) {
$result = db_query("SELECT id FROM ttrss_feeds $result = $this->dbh->query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
@unlink(ICONS_DIR . "/$feed_id.ico"); @unlink(ICONS_DIR . "/$feed_id.ico");
if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) { if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) {
require_once "colors.php"; require_once "colors.php";
$favicon_color = db_escape_string( $favicon_color = $this->dbh->escape_string(
calculate_avg_color(ICONS_DIR . "/$feed_id.ico")); calculate_avg_color(ICONS_DIR . "/$feed_id.ico"));
db_query("UPDATE ttrss_feeds SET $this->dbh->query("UPDATE ttrss_feeds SET
favicon_avg_color = '$favicon_color' favicon_avg_color = '$favicon_color'
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
@ -536,16 +536,16 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals; global $purge_intervals;
global $update_intervals; global $update_intervals;
$feed_id = db_escape_string($_REQUEST["id"]); $feed_id = $this->dbh->escape_string($_REQUEST["id"]);
$result = db_query( $result = $this->dbh->query(
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
$auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0, $auth_pass_encrypted = sql_bool_to_bool($this->dbh->fetch_result($result, 0,
"auth_pass_encrypted")); "auth_pass_encrypted"));
$title = htmlspecialchars(db_fetch_result($result, $title = htmlspecialchars($this->dbh->fetch_result($result,
0, "title")); 0, "title"));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">";
@ -563,8 +563,8 @@ class Pref_Feeds extends Handler_Protected {
/* Feed URL */ /* Feed URL */
$feed_url = db_fetch_result($result, 0, "feed_url"); $feed_url = $this->dbh->fetch_result($result, 0, "feed_url");
$feed_url = htmlspecialchars(db_fetch_result($result, $feed_url = htmlspecialchars($this->dbh->fetch_result($result,
0, "feed_url")); 0, "feed_url"));
print "<hr/>"; print "<hr/>";
@ -575,7 +575,7 @@ class Pref_Feeds extends Handler_Protected {
regExp='^(http|https)://.*' style=\"width : 20em\" regExp='^(http|https)://.*' style=\"width : 20em\"
name=\"feed_url\" value=\"$feed_url\">"; name=\"feed_url\" value=\"$feed_url\">";
$last_error = db_fetch_result($result, 0, "last_error"); $last_error = $this->dbh->fetch_result($result, 0, "last_error");
if ($last_error) { if ($last_error) {
print "&nbsp;<span title=\"".htmlspecialchars($last_error)."\" print "&nbsp;<span title=\"".htmlspecialchars($last_error)."\"
@ -587,7 +587,7 @@ class Pref_Feeds extends Handler_Protected {
if (get_pref('ENABLE_FEED_CATS')) { if (get_pref('ENABLE_FEED_CATS')) {
$cat_id = db_fetch_result($result, 0, "cat_id"); $cat_id = $this->dbh->fetch_result($result, 0, "cat_id");
print "<hr/>"; print "<hr/>";
@ -604,14 +604,14 @@ class Pref_Feeds extends Handler_Protected {
/* Update Interval */ /* Update Interval */
$update_interval = db_fetch_result($result, 0, "update_interval"); $update_interval = $this->dbh->fetch_result($result, 0, "update_interval");
print_select_hash("update_interval", $update_interval, $update_intervals, print_select_hash("update_interval", $update_interval, $update_intervals,
'dojoType="dijit.form.Select"'); 'dojoType="dijit.form.Select"');
/* Purge intl */ /* Purge intl */
$purge_interval = db_fetch_result($result, 0, "purge_interval"); $purge_interval = $this->dbh->fetch_result($result, 0, "purge_interval");
print "<hr/>"; print "<hr/>";
print __('Article purging:') . " "; print __('Article purging:') . " ";
@ -624,13 +624,13 @@ class Pref_Feeds extends Handler_Protected {
print "<div class=\"dlgSec\">".__("Authentication")."</div>"; print "<div class=\"dlgSec\">".__("Authentication")."</div>";
print "<div class=\"dlgSecCont\">"; print "<div class=\"dlgSecCont\">";
$auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login")); $auth_login = htmlspecialchars($this->dbh->fetch_result($result, 0, "auth_login"));
print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\" print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
placeHolder=\"".__("Login")."\" placeHolder=\"".__("Login")."\"
name=\"auth_login\" value=\"$auth_login\"><hr/>"; name=\"auth_login\" value=\"$auth_login\"><hr/>";
$auth_pass = db_fetch_result($result, 0, "auth_pass"); $auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
if ($auth_pass_encrypted) { if ($auth_pass_encrypted) {
require_once "crypt.php"; require_once "crypt.php";
@ -651,7 +651,7 @@ class Pref_Feeds extends Handler_Protected {
print "<div class=\"dlgSec\">".__("Options")."</div>"; print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">"; print "<div class=\"dlgSecCont\">";
$private = sql_bool_to_bool(db_fetch_result($result, 0, "private")); $private = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "private"));
if ($private) { if ($private) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
@ -662,7 +662,7 @@ class Pref_Feeds extends Handler_Protected {
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\" print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
$checked>&nbsp;<label for=\"private\">".__('Hide from Popular feeds')."</label>"; $checked>&nbsp;<label for=\"private\">".__('Hide from Popular feeds')."</label>";
$include_in_digest = sql_bool_to_bool(db_fetch_result($result, 0, "include_in_digest")); $include_in_digest = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "include_in_digest"));
if ($include_in_digest) { if ($include_in_digest) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
@ -675,7 +675,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>"; $checked>&nbsp;<label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>";
$always_display_enclosures = sql_bool_to_bool(db_fetch_result($result, 0, "always_display_enclosures")); $always_display_enclosures = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "always_display_enclosures"));
if ($always_display_enclosures) { if ($always_display_enclosures) {
$checked = "checked"; $checked = "checked";
@ -687,7 +687,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"always_display_enclosures\" name=\"always_display_enclosures\"
$checked>&nbsp;<label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>"; $checked>&nbsp;<label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
$hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images")); $hide_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "hide_images"));
if ($hide_images) { if ($hide_images) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
@ -700,7 +700,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"hide_images\">". $checked>&nbsp;<label for=\"hide_images\">".
__('Do not embed images')."</label>"; __('Do not embed images')."</label>";
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
if ($cache_images) { if ($cache_images) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
@ -713,7 +713,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"cache_images\">". $checked>&nbsp;<label for=\"cache_images\">".
__('Cache images locally')."</label>"; __('Cache images locally')."</label>";
$mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update")); $mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update"));
if ($mark_unread_on_update) { if ($mark_unread_on_update) {
$checked = "checked"; $checked = "checked";
@ -758,7 +758,7 @@ class Pref_Feeds extends Handler_Protected {
__('Unsubscribe')."</button>"; __('Unsubscribe')."</button>";
if (PUBSUBHUBBUB_ENABLED) { if (PUBSUBHUBBUB_ENABLED) {
$pubsub_state = db_fetch_result($result, 0, "pubsub_state"); $pubsub_state = $this->dbh->fetch_result($result, 0, "pubsub_state");
$pubsub_btn_disabled = ($pubsub_state == 2) ? "" : "disabled=\"1\""; $pubsub_btn_disabled = ($pubsub_state == 2) ? "" : "disabled=\"1\"";
print "<button dojoType=\"dijit.form.Button\" id=\"pubsubReset_Btn\" $pubsub_btn_disabled print "<button dojoType=\"dijit.form.Button\" id=\"pubsubReset_Btn\" $pubsub_btn_disabled
@ -782,7 +782,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals; global $purge_intervals;
global $update_intervals; global $update_intervals;
$feed_ids = db_escape_string($_REQUEST["ids"]); $feed_ids = $this->dbh->escape_string($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:"); print_notice("Enable the options you wish to apply using checkboxes on the right:");
@ -938,27 +938,27 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) { function editsaveops($batch) {
$feed_title = db_escape_string(trim($_POST["title"])); $feed_title = $this->dbh->escape_string(trim($_POST["title"]));
$feed_link = db_escape_string(trim($_POST["feed_url"])); $feed_link = $this->dbh->escape_string(trim($_POST["feed_url"]));
$upd_intl = (int) db_escape_string($_POST["update_interval"]); $upd_intl = (int) $this->dbh->escape_string($_POST["update_interval"]);
$purge_intl = (int) db_escape_string($_POST["purge_interval"]); $purge_intl = (int) $this->dbh->escape_string($_POST["purge_interval"]);
$feed_id = (int) db_escape_string($_POST["id"]); /* editSave */ $feed_id = (int) $this->dbh->escape_string($_POST["id"]); /* editSave */
$feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */ $feed_ids = $this->dbh->escape_string($_POST["ids"]); /* batchEditSave */
$cat_id = (int) db_escape_string($_POST["cat_id"]); $cat_id = (int) $this->dbh->escape_string($_POST["cat_id"]);
$auth_login = db_escape_string(trim($_POST["auth_login"])); $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"]));
$auth_pass = trim($_POST["auth_pass"]); $auth_pass = trim($_POST["auth_pass"]);
$private = checkbox_to_sql_bool(db_escape_string($_POST["private"])); $private = checkbox_to_sql_bool($this->dbh->escape_string($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool( $include_in_digest = checkbox_to_sql_bool(
db_escape_string($_POST["include_in_digest"])); $this->dbh->escape_string($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool( $cache_images = checkbox_to_sql_bool(
db_escape_string($_POST["cache_images"])); $this->dbh->escape_string($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool( $hide_images = checkbox_to_sql_bool(
db_escape_string($_POST["hide_images"])); $this->dbh->escape_string($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool( $always_display_enclosures = checkbox_to_sql_bool(
db_escape_string($_POST["always_display_enclosures"])); $this->dbh->escape_string($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool( $mark_unread_on_update = checkbox_to_sql_bool(
db_escape_string($_POST["mark_unread_on_update"])); $this->dbh->escape_string($_POST["mark_unread_on_update"]));
if (strlen(FEED_CRYPT_KEY) > 0) { if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php"; require_once "crypt.php";
@ -968,7 +968,7 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false'; $auth_pass_encrypted = 'false';
} }
$auth_pass = db_escape_string($auth_pass); $auth_pass = $this->dbh->escape_string($auth_pass);
if (get_pref('ENABLE_FEED_CATS')) { if (get_pref('ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) { if ($cat_id && $cat_id != 0) {
@ -985,7 +985,7 @@ class Pref_Feeds extends Handler_Protected {
if (!$batch) { if (!$batch) {
$result = db_query("UPDATE ttrss_feeds SET $result = $this->dbh->query("UPDATE ttrss_feeds SET
$category_qpart $category_qpart
title = '$feed_title', feed_url = '$feed_link', title = '$feed_title', feed_url = '$feed_link',
update_interval = '$upd_intl', update_interval = '$upd_intl',
@ -1010,7 +1010,7 @@ class Pref_Feeds extends Handler_Protected {
} }
} }
db_query("BEGIN"); $this->dbh->query("BEGIN");
foreach (array_keys($feed_data) as $k) { foreach (array_keys($feed_data) as $k) {
@ -1073,23 +1073,23 @@ class Pref_Feeds extends Handler_Protected {
} }
if ($qpart) { if ($qpart) {
db_query( $this->dbh->query(
"UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids) "UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids)
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
print "<br/>"; print "<br/>";
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
return; return;
} }
function resetPubSub() { function resetPubSub() {
$ids = db_escape_string($_REQUEST["ids"]); $ids = $this->dbh->escape_string($_REQUEST["ids"]);
db_query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids) $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
return; return;
@ -1097,7 +1097,7 @@ class Pref_Feeds extends Handler_Protected {
function remove() { function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]); Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
@ -1107,20 +1107,20 @@ class Pref_Feeds extends Handler_Protected {
} }
function clear() { function clear() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$this->clear_feed_articles($id); $this->clear_feed_articles($id);
} }
function rescore() { function rescore() {
require_once "rssfuncs.php"; require_once "rssfuncs.php";
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
$filters = load_filters($id, $_SESSION["uid"], 6); $filters = load_filters($id, $_SESSION["uid"], 6);
$result = db_query("SELECT $result = $this->dbh->query("SELECT
title, content, link, ref_id, author,". title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM FROM
@ -1131,7 +1131,7 @@ class Pref_Feeds extends Handler_Protected {
$scores = array(); $scores = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$tags = get_article_tags($line["ref_id"]); $tags = get_article_tags($line["ref_id"]);
@ -1148,15 +1148,15 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) { foreach (array_keys($scores) as $s) {
if ($s > 1000) { if ($s > 1000) {
db_query("UPDATE ttrss_user_entries SET score = '$s', $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")"); ref_id IN (" . join(',', $scores[$s]) . ")");
} else if ($s < -500) { } else if ($s < -500) {
db_query("UPDATE ttrss_user_entries SET score = '$s', $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
unread = false WHERE unread = false WHERE
ref_id IN (" . join(',', $scores[$s]) . ")"); ref_id IN (" . join(',', $scores[$s]) . ")");
} else { } else {
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")"); ref_id IN (" . join(',', $scores[$s]) . ")");
} }
} }
@ -1168,16 +1168,16 @@ class Pref_Feeds extends Handler_Protected {
function rescoreAll() { function rescoreAll() {
$result = db_query( $result = $this->dbh->query(
"SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']); "SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']);
while ($feed_line = db_fetch_assoc($result)) { while ($feed_line = $this->dbh->fetch_assoc($result)) {
$id = $feed_line["id"]; $id = $feed_line["id"];
$filters = load_filters($id, $_SESSION["uid"], 6); $filters = load_filters($id, $_SESSION["uid"], 6);
$tmp_result = db_query("SELECT $tmp_result = $this->dbh->query("SELECT
title, content, link, ref_id, author,". title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM FROM
@ -1188,7 +1188,7 @@ class Pref_Feeds extends Handler_Protected {
$scores = array(); $scores = array();
while ($line = db_fetch_assoc($tmp_result)) { while ($line = $this->dbh->fetch_assoc($tmp_result)) {
$tags = get_article_tags($line["ref_id"]); $tags = get_article_tags($line["ref_id"]);
@ -1205,11 +1205,11 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) { foreach (array_keys($scores) as $s) {
if ($s > 1000) { if ($s > 1000) {
db_query("UPDATE ttrss_user_entries SET score = '$s', $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")"); ref_id IN (" . join(',', $scores[$s]) . ")");
} else { } else {
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")"); ref_id IN (" . join(',', $scores[$s]) . ")");
} }
} }
@ -1220,9 +1220,9 @@ class Pref_Feeds extends Handler_Protected {
} }
function categorize() { function categorize() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$cat_id = db_escape_string($_REQUEST["cat_id"]); $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
if ($cat_id == 0) { if ($cat_id == 0) {
$cat_id_qpart = 'NULL'; $cat_id_qpart = 'NULL';
@ -1230,28 +1230,28 @@ class Pref_Feeds extends Handler_Protected {
$cat_id_qpart = "'$cat_id'"; $cat_id_qpart = "'$cat_id'";
} }
db_query("BEGIN"); $this->dbh->query("BEGIN");
foreach ($ids as $id) { foreach ($ids as $id) {
db_query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart $this->dbh->query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
WHERE id = '$id' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
function removeCat() { function removeCat() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]); $this->remove_feed_category($id, $_SESSION["uid"]);
} }
} }
function addCat() { function addCat() {
$feed_cat = db_escape_string(trim($_REQUEST["cat"])); $feed_cat = $this->dbh->escape_string(trim($_REQUEST["cat"]));
add_feed_category($feed_cat); add_feed_category($feed_cat);
} }
@ -1261,10 +1261,10 @@ class Pref_Feeds extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">"; print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">";
$result = db_query("SELECT COUNT(id) AS num_errors $result = $this->dbh->query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors"); $num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
if ($num_errors > 0) { if ($num_errors > 0) {
@ -1279,13 +1279,13 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
} }
$result = db_query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
ttrss_feeds.owner_uid = ".$_SESSION["uid"]); ttrss_feeds.owner_uid = ".$_SESSION["uid"]);
$num_inactive = db_fetch_result($result, 0, "num_inactive"); $num_inactive = $this->dbh->fetch_result($result, 0, "num_inactive");
if ($num_inactive > 0) { if ($num_inactive > 0) {
$inactive_button = "<button dojoType=\"dijit.form.Button\" $inactive_button = "<button dojoType=\"dijit.form.Button\"
@ -1293,7 +1293,7 @@ class Pref_Feeds extends Handler_Protected {
__("Inactive feeds") . "</button>"; __("Inactive feeds") . "</button>";
} }
$feed_search = db_escape_string($_REQUEST["search"]); $feed_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search; $_SESSION["prefs_feed_search"] = $feed_search;
@ -1567,7 +1567,7 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
} }
$result = db_query("SELECT ttrss_feeds.title, ttrss_feeds.site_url, $result = $this->dbh->query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
@ -1598,7 +1598,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1; $lnum = 1;
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd"; $class = ($lnum % 2) ? "even" : "odd";
$feed_id = $line["id"]; $feed_id = $line["id"];
@ -1648,7 +1648,7 @@ class Pref_Feeds extends Handler_Protected {
print "<h2>" . __("These feeds have not been updated because of errors:") . print "<h2>" . __("These feeds have not been updated because of errors:") .
"</h2>"; "</h2>";
$result = db_query("SELECT id,title,feed_url,last_error,site_url $result = $this->dbh->query("SELECT id,title,feed_url,last_error,site_url
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
print "<div dojoType=\"dijit.Toolbar\">"; print "<div dojoType=\"dijit.Toolbar\">";
@ -1668,7 +1668,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1; $lnum = 1;
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd"; $class = ($lnum % 2) ? "even" : "odd";
$feed_id = $line["id"]; $feed_id = $line["id"];
@ -1725,14 +1725,14 @@ class Pref_Feeds extends Handler_Protected {
private function clear_feed_articles($id) { private function clear_feed_articles($id) {
if ($id != 0) { if ($id != 0) {
$result = db_query("DELETE FROM ttrss_user_entries $result = $this->dbh->query("DELETE FROM ttrss_user_entries
WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]); WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]);
} else { } else {
$result = db_query("DELETE FROM ttrss_user_entries $result = $this->dbh->query("DELETE FROM ttrss_user_entries
WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]); WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]);
} }
$result = db_query("DELETE FROM ttrss_entries WHERE $result = $this->dbh->query("DELETE FROM ttrss_entries WHERE
(SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0"); (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0");
ccache_update($id, $_SESSION['uid']); ccache_update($id, $_SESSION['uid']);
@ -1740,7 +1740,7 @@ class Pref_Feeds extends Handler_Protected {
private function remove_feed_category($id, $owner_uid) { private function remove_feed_category($id, $owner_uid) {
db_query("DELETE FROM ttrss_feed_categories $this->dbh->query("DELETE FROM ttrss_feed_categories
WHERE id = '$id' AND owner_uid = $owner_uid"); WHERE id = '$id' AND owner_uid = $owner_uid");
ccache_remove($id, $owner_uid, true); ccache_remove($id, $owner_uid, true);
@ -1855,17 +1855,17 @@ class Pref_Feeds extends Handler_Protected {
} }
function batchAddFeeds() { function batchAddFeeds() {
$cat_id = db_escape_string($_REQUEST['cat']); $cat_id = $this->dbh->escape_string($_REQUEST['cat']);
$feeds = explode("\n", $_REQUEST['feeds']); $feeds = explode("\n", $_REQUEST['feeds']);
$login = db_escape_string($_REQUEST['login']); $login = $this->dbh->escape_string($_REQUEST['login']);
$pass = trim($_REQUEST['pass']); $pass = trim($_REQUEST['pass']);
foreach ($feeds as $feed) { foreach ($feeds as $feed) {
$feed = db_escape_string(trim($feed)); $feed = $this->dbh->escape_string(trim($feed));
if (validate_feed_url($feed)) { if (validate_feed_url($feed)) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
if ($cat_id == "0" || !$cat_id) { if ($cat_id == "0" || !$cat_id) {
$cat_qpart = "NULL"; $cat_qpart = "NULL";
@ -1873,7 +1873,7 @@ class Pref_Feeds extends Handler_Protected {
$cat_qpart = "'$cat_id'"; $cat_qpart = "'$cat_id'";
} }
$result = db_query( $result = $this->dbh->query(
"SELECT id FROM ttrss_feeds "SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]); WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
@ -1885,17 +1885,17 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false'; $auth_pass_encrypted = 'false';
} }
$pass = db_escape_string($pass); $pass = $this->dbh->escape_string($pass);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
$result = db_query( $result = $this->dbh->query(
"INSERT INTO ttrss_feeds "INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted) (owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
VALUES ('".$_SESSION["uid"]."', '$feed', VALUES ('".$_SESSION["uid"]."', '$feed',
'[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)"); '[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
} }
@ -1910,8 +1910,8 @@ class Pref_Feeds extends Handler_Protected {
} }
function regenFeedKey() { function regenFeedKey() {
$feed_id = db_escape_string($_REQUEST['id']); $feed_id = $this->dbh->escape_string($_REQUEST['id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true"; $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
$new_key = $this->update_feed_access_key($feed_id, $is_cat); $new_key = $this->update_feed_access_key($feed_id, $is_cat);
@ -1924,14 +1924,14 @@ class Pref_Feeds extends Handler_Protected {
$sql_is_cat = bool_to_sql_bool($is_cat); $sql_is_cat = bool_to_sql_bool($is_cat);
$result = db_query("SELECT access_key FROM ttrss_access_keys $result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid); AND owner_uid = " . $owner_uid);
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$key = db_escape_string(sha1(uniqid(rand(), true))); $key = $this->dbh->escape_string(sha1(uniqid(rand(), true)));
db_query("UPDATE ttrss_access_keys SET access_key = '$key' $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid); AND owner_uid = " . $owner_uid);
@ -1944,7 +1944,7 @@ class Pref_Feeds extends Handler_Protected {
// Silent // Silent
function clearKeys() { function clearKeys() {
db_query("DELETE FROM ttrss_access_keys WHERE $this->dbh->query("DELETE FROM ttrss_access_keys WHERE
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
} }

168
classes/pref/filters.php
View File

@ -9,7 +9,7 @@ class Pref_Filters extends Handler_Protected {
} }
function filtersortreset() { function filtersortreset() {
db_query("UPDATE ttrss_filters2 $this->dbh->query("UPDATE ttrss_filters2
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return; return;
} }
@ -31,7 +31,7 @@ class Pref_Filters extends Handler_Protected {
if ($filter_id > 0) { if ($filter_id > 0) {
db_query("UPDATE ttrss_filters2 SET $this->dbh->query("UPDATE ttrss_filters2 SET
order_id = $index WHERE id = '$filter_id' AND order_id = $index WHERE id = '$filter_id' AND
owner_uid = " .$_SESSION["uid"]); owner_uid = " .$_SESSION["uid"]);
@ -49,16 +49,16 @@ class Pref_Filters extends Handler_Protected {
$filter["enabled"] = true; $filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool( $filter["match_any_rule"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]))); checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])));
$filter["inverse"] = sql_bool_to_bool( $filter["inverse"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]))); checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])));
$filter["rules"] = array(); $filter["rules"] = array();
$result = db_query("SELECT id,name FROM ttrss_filter_types"); $result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array(); $filter_types = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$filter_types[$line["id"]] = $line["name"]; $filter_types[$line["id"]] = $line["name"];
} }
@ -98,7 +98,7 @@ class Pref_Filters extends Handler_Protected {
print "<div class=\"filterTestHolder\">"; print "<div class=\"filterTestHolder\">";
print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">"; print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$entry_timestamp = strtotime($line["updated"]); $entry_timestamp = strtotime($line["updated"]);
$entry_tags = get_article_tags($line["id"], $_SESSION["uid"]); $entry_tags = get_article_tags($line["id"], $_SESSION["uid"]);
@ -158,7 +158,7 @@ class Pref_Filters extends Handler_Protected {
$filter_search = $_SESSION["prefs_filter_search"]; $filter_search = $_SESSION["prefs_filter_search"];
$result = db_query("SELECT *, $result = $this->dbh->query("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions (SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param, WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions (SELECT action_id FROM ttrss_filters2_actions
@ -176,7 +176,7 @@ class Pref_Filters extends Handler_Protected {
$folder = array(); $folder = array();
$folder['items'] = array(); $folder['items'] = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
/* if ($action_id != $line["action_id"]) { /* if ($action_id != $line["action_id"]) {
if (count($folder['items']) > 0) { if (count($folder['items']) > 0) {
@ -194,10 +194,10 @@ class Pref_Filters extends Handler_Protected {
$match_ok = false; $match_ok = false;
if ($filter_search) { if ($filter_search) {
$rules_result = db_query( $rules_result = $this->dbh->query(
"SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]); "SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]);
while ($rule_line = db_fetch_assoc($rules_result)) { while ($rule_line = $this->dbh->fetch_assoc($rules_result)) {
if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) { if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
$match_ok = true; $match_ok = true;
break; break;
@ -206,13 +206,13 @@ class Pref_Filters extends Handler_Protected {
} }
if ($line['action_id'] == 7) { if ($line['action_id'] == 7) {
$label_result = db_query("SELECT fg_color, bg_color $label_result = $this->dbh->query("SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($label_result) > 0) { if ($this->dbh->num_rows($label_result) > 0) {
$fg_color = db_fetch_result($label_result, 0, "fg_color"); $fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color");
$bg_color = db_fetch_result($label_result, 0, "bg_color"); $bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color");
$name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1]; $name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1];
} }
@ -248,15 +248,15 @@ class Pref_Filters extends Handler_Protected {
function edit() { function edit() {
$filter_id = db_escape_string($_REQUEST["id"]); $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
$result = db_query( $result = $this->dbh->query(
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled")); $enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled"));
$match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule")); $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
$inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse")); $inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse"));
$title = htmlspecialchars(db_fetch_result($result, 0, "title")); $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>"; print "<form id=\"filter_edit_form\" onsubmit='return false'>";
@ -294,10 +294,10 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Matches'>"; print "<ul id='filterDlg_Matches'>";
$rules_result = db_query("SELECT * FROM ttrss_filters2_rules $rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$filter_id' ORDER BY reg_exp, id"); WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
while ($line = db_fetch_assoc($rules_result)) { while ($line = $this->dbh->fetch_assoc($rules_result)) {
if (sql_bool_to_bool($line["cat_filter"])) { if (sql_bool_to_bool($line["cat_filter"])) {
$line["feed_id"] = "CAT:" . (int)$line["cat_id"]; $line["feed_id"] = "CAT:" . (int)$line["cat_id"];
} }
@ -342,10 +342,10 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Actions'>"; print "<ul id='filterDlg_Actions'>";
$actions_result = db_query("SELECT * FROM ttrss_filters2_actions $actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$filter_id' ORDER BY id"); WHERE filter_id = '$filter_id' ORDER BY id");
while ($line = db_fetch_assoc($actions_result)) { while ($line = $this->dbh->fetch_assoc($actions_result)) {
$line["action_param_label"] = $line["action_param"]; $line["action_param_label"] = $line["action_param"];
unset($line["filter_id"]); unset($line["filter_id"]);
@ -427,9 +427,9 @@ class Pref_Filters extends Handler_Protected {
$feed = __("All feeds"); $feed = __("All feeds");
} }
$result = db_query("SELECT description FROM ttrss_filter_types $result = $this->dbh->query("SELECT description FROM ttrss_filter_types
WHERE id = ".(int)$rule["filter_type"]); WHERE id = ".(int)$rule["filter_type"]);
$filter_type = db_fetch_result($result, 0, "description"); $filter_type = $this->dbh->fetch_result($result, 0, "description");
return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]),
$filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : ""); $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "");
@ -440,10 +440,10 @@ class Pref_Filters extends Handler_Protected {
} }
private function getActionName($action) { private function getActionName($action) {
$result = db_query("SELECT description FROM $result = $this->dbh->query("SELECT description FROM
ttrss_filter_actions WHERE id = " .(int)$action["action_id"]); ttrss_filter_actions WHERE id = " .(int)$action["action_id"]);
$title = __(db_fetch_result($result, 0, "description")); $title = __($this->dbh->fetch_result($result, 0, "description"));
if ($action["action_id"] == 4 || $action["action_id"] == 6 || if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
$action["action_id"] == 7) $action["action_id"] == 7)
@ -463,13 +463,13 @@ class Pref_Filters extends Handler_Protected {
# print_r($_REQUEST); # print_r($_REQUEST);
$filter_id = db_escape_string($_REQUEST["id"]); $filter_id = $this->dbh->escape_string($_REQUEST["id"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); $enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])); $match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); $inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]));
$title = db_escape_string($_REQUEST["title"]); $title = $this->dbh->escape_string($_REQUEST["title"]);
$result = db_query("UPDATE ttrss_filters2 SET enabled = $enabled, $result = $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled,
match_any_rule = $match_any_rule, match_any_rule = $match_any_rule,
inverse = $inverse, inverse = $inverse,
title = '$title' title = '$title'
@ -482,17 +482,17 @@ class Pref_Filters extends Handler_Protected {
function remove() { function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
db_query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
} }
} }
private function saveRulesAndActions($filter_id) { private function saveRulesAndActions($filter_id) {
db_query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'"); $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
db_query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'"); $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
if ($filter_id) { if ($filter_id) {
/* create rules */ /* create rules */
@ -521,11 +521,11 @@ class Pref_Filters extends Handler_Protected {
foreach ($rules as $rule) { foreach ($rules as $rule) {
if ($rule) { if ($rule) {
$reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"]))); $reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"])));
$inverse = isset($rule["inverse"]) ? "true" : "false"; $inverse = isset($rule["inverse"]) ? "true" : "false";
$filter_type = (int) db_escape_string(trim($rule["filter_type"])); $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));
$feed_id = db_escape_string(trim($rule["feed_id"])); $feed_id = $this->dbh->escape_string(trim($rule["feed_id"]));
if (strpos($feed_id, "CAT:") === 0) { if (strpos($feed_id, "CAT:") === 0) {
@ -546,16 +546,16 @@ class Pref_Filters extends Handler_Protected {
(filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES
('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)"; ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)";
db_query($query); $this->dbh->query($query);
} }
} }
foreach ($actions as $action) { foreach ($actions as $action) {
if ($action) { if ($action) {
$action_id = (int) db_escape_string($action["action_id"]); $action_id = (int) $this->dbh->escape_string($action["action_id"]);
$action_param = db_escape_string($action["action_param"]); $action_param = $this->dbh->escape_string($action["action_param"]);
$action_param_label = db_escape_string($action["action_param_label"]); $action_param_label = $this->dbh->escape_string($action["action_param_label"]);
if ($action_id == 7) { if ($action_id == 7) {
$action_param = $action_param_label; $action_param = $action_param_label;
@ -569,7 +569,7 @@ class Pref_Filters extends Handler_Protected {
(filter_id, action_id, action_param) VALUES (filter_id, action_id, action_param) VALUES
('$filter_id', '$action_id', '$action_param')"; ('$filter_id', '$action_id', '$action_param')";
db_query($query); $this->dbh->query($query);
} }
} }
} }
@ -586,35 +586,35 @@ class Pref_Filters extends Handler_Protected {
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
$title = db_escape_string($_REQUEST["title"]); $title = $this->dbh->escape_string($_REQUEST["title"]);
db_query("BEGIN"); $this->dbh->query("BEGIN");
/* create base filter */ /* create base filter */
$result = db_query("INSERT INTO ttrss_filters2 $result = $this->dbh->query("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title) VALUES (owner_uid, match_any_rule, enabled, title) VALUES
(".$_SESSION["uid"].",$match_any_rule,$enabled, '$title')"); (".$_SESSION["uid"].",$match_any_rule,$enabled, '$title')");
$result = db_query("SELECT MAX(id) AS id FROM ttrss_filters2 $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]); WHERE owner_uid = ".$_SESSION["uid"]);
$filter_id = db_fetch_result($result, 0, "id"); $filter_id = $this->dbh->fetch_result($result, 0, "id");
$this->saveRulesAndActions($filter_id); $this->saveRulesAndActions($filter_id);
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
function index() { function index() {
$sort = db_escape_string($_REQUEST["sort"]); $sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") { if (!$sort || $sort == "undefined") {
$sort = "reg_exp"; $sort = "reg_exp";
} }
$filter_search = db_escape_string($_REQUEST["search"]); $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search; $_SESSION["prefs_filter_search"] = $filter_search;
@ -626,7 +626,7 @@ class Pref_Filters extends Handler_Protected {
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
$filter_search = db_escape_string($_REQUEST["search"]); $filter_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search; $_SESSION["prefs_filter_search"] = $filter_search;
@ -832,12 +832,12 @@ class Pref_Filters extends Handler_Protected {
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>"; print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
$result = db_query("SELECT id,description $result = $this->dbh->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array(); $filter_types = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$filter_types[$line["id"]] = __($line["description"]); $filter_types[$line["id"]] = __($line["description"]);
} }
@ -888,7 +888,7 @@ class Pref_Filters extends Handler_Protected {
$action = json_decode($_REQUEST["action"], true); $action = json_decode($_REQUEST["action"], true);
if ($action) { if ($action) {
$action_param = db_escape_string($action["action_param"]); $action_param = $this->dbh->escape_string($action["action_param"]);
$action_id = (int)$action["action_id"]; $action_id = (int)$action["action_id"];
} else { } else {
$action_param = ""; $action_param = "";
@ -904,10 +904,10 @@ class Pref_Filters extends Handler_Protected {
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">"; onchange=\"filterDlgCheckAction(this)\">";
$result = db_query("SELECT id,description FROM ttrss_filter_actions $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name"); ORDER BY name");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$is_selected = ($line["id"] == $action_id) ? "selected='1'" : ""; $is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"])); printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
} }
@ -953,28 +953,28 @@ class Pref_Filters extends Handler_Protected {
private function getFilterName($id) { private function getFilterName($id) {
$result = db_query( $result = $this->dbh->query(
"SELECT title,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions "SELECT title,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
ON (r.filter_id = f.id) ON (r.filter_id = f.id)
LEFT JOIN ttrss_filters2_actions AS a LEFT JOIN ttrss_filters2_actions AS a
ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title"); ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title");
$title = db_fetch_result($result, 0, "title"); $title = $this->dbh->fetch_result($result, 0, "title");
$num_rules = db_fetch_result($result, 0, "num_rules"); $num_rules = $this->dbh->fetch_result($result, 0, "num_rules");
$num_actions = db_fetch_result($result, 0, "num_actions"); $num_actions = $this->dbh->fetch_result($result, 0, "num_actions");
if (!$title) $title = __("[No caption]"); if (!$title) $title = __("[No caption]");
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules); $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules);
$result = db_query( $result = $this->dbh->query(
"SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1"); "SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1");
$actions = ""; $actions = "";
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
$line = db_fetch_assoc($result); $line = $this->dbh->fetch_assoc($result);
$actions = $this->getActionName($line); $actions = $this->getActionName($line);
$num_actions -= 1; $num_actions -= 1;
@ -987,22 +987,22 @@ class Pref_Filters extends Handler_Protected {
} }
function join() { function join() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
if (count($ids) > 1) { if (count($ids) > 1) {
$base_id = array_shift($ids); $base_id = array_shift($ids);
$ids_str = join(",", $ids); $ids_str = join(",", $ids);
db_query("BEGIN"); $this->dbh->query("BEGIN");
db_query("UPDATE ttrss_filters2_rules $this->dbh->query("UPDATE ttrss_filters2_rules
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query("UPDATE ttrss_filters2_actions $this->dbh->query("UPDATE ttrss_filters2_actions
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)"); $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
db_query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'"); $this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
db_query("COMMIT"); $this->dbh->query("COMMIT");
$this->optimizeFilter($base_id); $this->optimizeFilter($base_id);
@ -1010,14 +1010,14 @@ class Pref_Filters extends Handler_Protected {
} }
private function optimizeFilter($id) { private function optimizeFilter($id) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT * FROM ttrss_filters2_actions $result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$id'"); WHERE filter_id = '$id'");
$tmp = array(); $tmp = array();
$dupe_ids = array(); $dupe_ids = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$id = $line["id"]; $id = $line["id"];
unset($line["id"]); unset($line["id"]);
@ -1030,17 +1030,17 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) { if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids); $ids_str = join(",", $dupe_ids);
db_query("DELETE FROM ttrss_filters2_actions $this->dbh->query("DELETE FROM ttrss_filters2_actions
WHERE id IN ($ids_str)"); WHERE id IN ($ids_str)");
} }
$result = db_query("SELECT * FROM ttrss_filters2_rules $result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$id'"); WHERE filter_id = '$id'");
$tmp = array(); $tmp = array();
$dupe_ids = array(); $dupe_ids = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$id = $line["id"]; $id = $line["id"];
unset($line["id"]); unset($line["id"]);
@ -1053,11 +1053,11 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) { if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids); $ids_str = join(",", $dupe_ids);
db_query("DELETE FROM ttrss_filters2_rules $this->dbh->query("DELETE FROM ttrss_filters2_rules
WHERE id IN ($ids_str)"); WHERE id IN ($ids_str)");
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
?> ?>

70
classes/pref/labels.php
View File

@ -8,12 +8,12 @@ class Pref_Labels extends Handler_Protected {
} }
function edit() { function edit() {
$label_id = db_escape_string($_REQUEST['id']); $label_id = $this->dbh->escape_string($_REQUEST['id']);
$result = db_query("SELECT * FROM ttrss_labels2 WHERE $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$line = db_fetch_assoc($result); $line = $this->dbh->fetch_assoc($result);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
@ -90,12 +90,12 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels'); $root['name'] = __('Labels');
$root['items'] = array(); $root['items'] = array();
$result = db_query("SELECT * $result = $this->dbh->query("SELECT *
FROM ttrss_labels2 FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]." WHERE owner_uid = ".$_SESSION["uid"]."
ORDER BY caption"); ORDER BY caption");
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$label = array(); $label = array();
$label['id'] = 'LABEL:' . $line['id']; $label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id']; $label['bare_id'] = $line['id'];
@ -118,29 +118,29 @@ class Pref_Labels extends Handler_Protected {
} }
function colorset() { function colorset() {
$kind = db_escape_string($_REQUEST["kind"]); $kind = $this->dbh->escape_string($_REQUEST["kind"]);
$ids = explode(',', db_escape_string($_REQUEST["ids"])); $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$color = db_escape_string($_REQUEST["color"]); $color = $this->dbh->escape_string($_REQUEST["color"]);
$fg = db_escape_string($_REQUEST["fg"]); $fg = $this->dbh->escape_string($_REQUEST["fg"]);
$bg = db_escape_string($_REQUEST["bg"]); $bg = $this->dbh->escape_string($_REQUEST["bg"]);
foreach ($ids as $id) { foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") { if ($kind == "fg" || $kind == "bg") {
db_query("UPDATE ttrss_labels2 SET $this->dbh->query("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id' ${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
} else { } else {
db_query("UPDATE ttrss_labels2 SET $this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id' fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
} }
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"])); $caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */ /* Remove cached data */
db_query("UPDATE ttrss_user_entries SET label_cache = '' $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
} }
@ -149,18 +149,18 @@ class Pref_Labels extends Handler_Protected {
} }
function colorreset() { function colorreset() {
$ids = explode(',', db_escape_string($_REQUEST["ids"])); $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
db_query("UPDATE ttrss_labels2 SET $this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id' fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = " . $_SESSION["uid"]);
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"])); $caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */ /* Remove cached data */
db_query("UPDATE ttrss_user_entries SET label_cache = '' $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
} }
@ -168,31 +168,31 @@ class Pref_Labels extends Handler_Protected {
function save() { function save() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$caption = db_escape_string(trim($_REQUEST["caption"])); $caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT caption FROM ttrss_labels2 $result = $this->dbh->query("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$old_caption = db_fetch_result($result, 0, "caption"); $old_caption = $this->dbh->fetch_result($result, 0, "caption");
$result = db_query("SELECT id FROM ttrss_labels2 $result = $this->dbh->query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]); WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
if ($caption) { if ($caption) {
$result = db_query("UPDATE ttrss_labels2 SET $result = $this->dbh->query("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
/* Update filters that reference label being renamed */ /* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption); $old_caption = $this->dbh->escape_string($old_caption);
db_query("UPDATE ttrss_filters2_actions SET $this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption' action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7 AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")"); AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
@ -206,14 +206,14 @@ class Pref_Labels extends Handler_Protected {
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
return; return;
} }
function remove() { function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
label_remove($id, $_SESSION["uid"]); label_remove($id, $_SESSION["uid"]);
@ -222,8 +222,8 @@ class Pref_Labels extends Handler_Protected {
} }
function add() { function add() {
$caption = db_escape_string($_REQUEST["caption"]); $caption = $this->dbh->escape_string($_REQUEST["caption"]);
$output = db_escape_string($_REQUEST["output"]); $output = $this->dbh->escape_string($_REQUEST["output"]);
if ($caption) { if ($caption) {
@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected {
function index() { function index() {
$sort = db_escape_string($_REQUEST["sort"]); $sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") { if (!$sort || $sort == "undefined") {
$sort = "caption"; $sort = "caption";
} }
$label_search = db_escape_string($_REQUEST["search"]); $label_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search; $_SESSION["prefs_label_search"] = $label_search;

64
classes/pref/prefs.php
View File

@ -103,13 +103,13 @@ class Pref_Prefs extends Handler_Protected {
foreach (array_keys($_POST) as $pref_name) { foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name); $pref_name = $this->dbh->escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]); $value = $this->dbh->escape_string($_POST[$pref_name]);
if ($pref_name == 'DIGEST_PREFERRED_TIME') { if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref('DIGEST_PREFERRED_TIME') != $value) { if (get_pref('DIGEST_PREFERRED_TIME') != $value) {
db_query("UPDATE ttrss_users SET $this->dbh->query("UPDATE ttrss_users SET
last_digest_sent = NULL WHERE id = " . $_SESSION['uid']); last_digest_sent = NULL WHERE id = " . $_SESSION['uid']);
} }
@ -138,13 +138,13 @@ class Pref_Prefs extends Handler_Protected {
function getHelp() { function getHelp() {
$pref_name = db_escape_string($_REQUEST["pn"]); $pref_name = $this->dbh->escape_string($_REQUEST["pn"]);
$result = db_query("SELECT help_text FROM ttrss_prefs $result = $this->dbh->query("SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'"); WHERE pref_name = '$pref_name'");
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text"); $help_text = $this->dbh->fetch_result($result, 0, "help_text");
print $help_text; print $help_text;
} else { } else {
printf(__("Unknown option: %s"), $pref_name); printf(__("Unknown option: %s"), $pref_name);
@ -153,12 +153,12 @@ class Pref_Prefs extends Handler_Protected {
function changeemail() { function changeemail() {
$email = db_escape_string($_POST["email"]); $email = $this->dbh->escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]); $full_name = $this->dbh->escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"]; $active_uid = $_SESSION["uid"];
db_query("UPDATE ttrss_users SET email = '$email', $this->dbh->query("UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'"); full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved."); print __("Your personal data has been saved.");
@ -176,7 +176,7 @@ class Pref_Prefs extends Handler_Protected {
$profile_qpart = "profile IS NULL"; $profile_qpart = "profile IS NULL";
} }
db_query("DELETE FROM ttrss_user_prefs $this->dbh->query("DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
@ -225,13 +225,13 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Personal data") . "</h2>"; print "<h2>" . __("Personal data") . "</h2>";
$result = db_query("SELECT email,full_name,otp_enabled, $result = $this->dbh->query("SELECT email,full_name,otp_enabled,
access_level FROM ttrss_users access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]); WHERE id = ".$_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email")); $email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); $full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name"));
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
print "<tr><td width=\"40%\">".__('Full name')."</td>"; print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\" print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@ -242,7 +242,7 @@ class Pref_Prefs extends Handler_Protected {
if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) { if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
$access_level = db_fetch_result($result, 0, "access_level"); $access_level = $this->dbh->fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">".__('Access level')."</td>"; print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>";
} }
@ -270,11 +270,11 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Password") . "</h2>"; print "<h2>" . __("Password") . "</h2>";
$result = db_query("SELECT id FROM ttrss_users $result = $this->dbh->query("SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
} }
@ -494,7 +494,7 @@ class Pref_Prefs extends Handler_Protected {
$access_query = 'true'; $access_query = 'true';
$result = db_query("SELECT DISTINCT $result = $this->dbh->query("SELECT DISTINCT
ttrss_user_prefs.pref_name,value,type_name, ttrss_user_prefs.pref_name,value,type_name,
ttrss_prefs_sections.order_id, ttrss_prefs_sections.order_id,
def_value,section_id def_value,section_id
@ -513,7 +513,7 @@ class Pref_Prefs extends Handler_Protected {
$listed_boolean_prefs = array(); $listed_boolean_prefs = array();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) { if (in_array($line["pref_name"], $prefs_blacklist)) {
continue; continue;
@ -897,17 +897,17 @@ class Pref_Prefs extends Handler_Protected {
require_once "lib/otphp/lib/totp.php"; require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php"; require_once "lib/phpqrcode/phpqrcode.php";
$result = db_query("SELECT login,salt,otp_enabled $result = $this->dbh->query("SELECT login,salt,otp_enabled
FROM ttrss_users FROM ttrss_users
WHERE id = ".$_SESSION["uid"]); WHERE id = ".$_SESSION["uid"]);
$base32 = new Base32(); $base32 = new Base32();
$login = db_fetch_result($result, 0, "login"); $login = $this->dbh->fetch_result($result, 0, "login");
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
if (!$otp_enabled) { if (!$otp_enabled) {
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret); $topt = new \OTPHP\TOTP($secret);
print QRcode::png($topt->provisioning_uri($login)); print QRcode::png($topt->provisioning_uri($login));
} }
@ -926,19 +926,19 @@ class Pref_Prefs extends Handler_Protected {
if ($authenticator->check_password($_SESSION["uid"], $password)) { if ($authenticator->check_password($_SESSION["uid"], $password)) {
$result = db_query("SELECT salt $result = $this->dbh->query("SELECT salt
FROM ttrss_users FROM ttrss_users
WHERE id = ".$_SESSION["uid"]); WHERE id = ".$_SESSION["uid"]);
$base32 = new Base32(); $base32 = new Base32();
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret); $topt = new \OTPHP\TOTP($secret);
$otp_check = $topt->now(); $otp_check = $topt->now();
if ($otp == $otp_check) { if ($otp == $otp_check) {
db_query("UPDATE ttrss_users SET otp_enabled = true WHERE $this->dbh->query("UPDATE ttrss_users SET otp_enabled = true WHERE
id = " . $_SESSION["uid"]); id = " . $_SESSION["uid"]);
print "OK"; print "OK";
@ -952,14 +952,14 @@ class Pref_Prefs extends Handler_Protected {
} }
function otpdisable() { function otpdisable() {
$password = db_escape_string($_REQUEST["password"]); $password = $this->dbh->escape_string($_REQUEST["password"]);
global $pluginhost; global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) { if ($authenticator->check_password($_SESSION["uid"], $password)) {
db_query("UPDATE ttrss_users SET otp_enabled = false WHERE $this->dbh->query("UPDATE ttrss_users SET otp_enabled = false WHERE
id = " . $_SESSION["uid"]); id = " . $_SESSION["uid"]);
print "OK"; print "OK";
@ -979,7 +979,7 @@ class Pref_Prefs extends Handler_Protected {
} }
function clearplugindata() { function clearplugindata() {
$name = db_escape_string($_REQUEST["name"]); $name = $this->dbh->escape_string($_REQUEST["name"]);
global $pluginhost; global $pluginhost;
$pluginhost->clear_data($pluginhost->get_plugin($name)); $pluginhost->clear_data($pluginhost->get_plugin($name));
@ -1034,7 +1034,7 @@ class Pref_Prefs extends Handler_Protected {
print "</div>"; print "</div>";
$result = db_query("SELECT title,id FROM ttrss_settings_profiles $result = $this->dbh->query("SELECT title,id FROM ttrss_settings_profiles
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title"); WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
print "<div class=\"prefProfileHolder\">"; print "<div class=\"prefProfileHolder\">";
@ -1065,7 +1065,7 @@ class Pref_Prefs extends Handler_Protected {
$lnum = 1; $lnum = 1;
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd"; $class = ($lnum % 2) ? "even" : "odd";

4
classes/pref/system.php
View File

@ -24,7 +24,7 @@ class Pref_System extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Error Log')."\">"; print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Error Log')."\">";
$result = db_query("SELECT errno, errstr, filename, lineno, $result = $this->dbh->query("SELECT errno, errstr, filename, lineno,
created_at, login FROM ttrss_error_log created_at, login FROM ttrss_error_log
LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id) LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id)
ORDER BY ttrss_error_log.id DESC ORDER BY ttrss_error_log.id DESC
@ -43,7 +43,7 @@ class Pref_System extends Handler_Protected {
<td width='5%'>".__("Date")."</td> <td width='5%'>".__("Date")."</td>
</tr>"; </tr>";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
print "<tr class=\"errrow\">"; print "<tr class=\"errrow\">";
foreach ($line as $k => $v) { foreach ($line as $k => $v) {

76
classes/pref/users.php
View File

@ -21,7 +21,7 @@ class Pref_Users extends Handler_Protected {
$uid = sprintf("%d", $_REQUEST["id"]); $uid = sprintf("%d", $_REQUEST["id"]);
$result = db_query("SELECT login, $result = $this->dbh->query("SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level, access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries (SELECT COUNT(int_id) FROM ttrss_user_entries
@ -30,33 +30,33 @@ class Pref_Users extends Handler_Protected {
FROM ttrss_users FROM ttrss_users
WHERE id = '$uid'"); WHERE id = '$uid'");
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
print "<h1>".__('User not found')."</h1>"; print "<h1>".__('User not found')."</h1>";
return; return;
} }
// print "<h1>User Details</h1>"; // print "<h1>User Details</h1>";
$login = db_fetch_result($result, 0, "login"); $login = $this->dbh->fetch_result($result, 0, "login");
print "<table width='100%'>"; print "<table width='100%'>";
$last_login = make_local_datetime( $last_login = make_local_datetime(
db_fetch_result($result, 0, "last_login"), true); $this->dbh->fetch_result($result, 0, "last_login"), true);
$created = make_local_datetime( $created = make_local_datetime(
db_fetch_result($result, 0, "created"), true); $this->dbh->fetch_result($result, 0, "created"), true);
$access_level = db_fetch_result($result, 0, "access_level"); $access_level = $this->dbh->fetch_result($result, 0, "access_level");
$stored_articles = db_fetch_result($result, 0, "stored_articles"); $stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>"; print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>"; print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
$result = db_query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds $result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
WHERE owner_uid = '$uid'"); WHERE owner_uid = '$uid'");
$num_feeds = db_fetch_result($result, 0, "num_feeds"); $num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>"; print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
@ -64,14 +64,14 @@ class Pref_Users extends Handler_Protected {
print "<h1>".__('Subscribed feeds')."</h1>"; print "<h1>".__('Subscribed feeds')."</h1>";
$result = db_query("SELECT id,title,site_url FROM ttrss_feeds $result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
WHERE owner_uid = '$uid' ORDER BY title"); WHERE owner_uid = '$uid' ORDER BY title");
print "<ul class=\"userFeedList\">"; print "<ul class=\"userFeedList\">";
$row_class = "odd"; $row_class = "odd";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$icon_file = ICONS_URL."/".$line["id"].".ico"; $icon_file = ICONS_URL."/".$line["id"].".ico";
@ -87,7 +87,7 @@ class Pref_Users extends Handler_Protected {
} }
if (db_num_rows($result) < $num_feeds) { if ($this->dbh->num_rows($result) < $num_feeds) {
// FIXME - add link to show ALL subscribed feeds here somewhere // FIXME - add link to show ALL subscribed feeds here somewhere
print "<li><img print "<li><img
class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>"; class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
@ -105,18 +105,18 @@ class Pref_Users extends Handler_Protected {
function edit() { function edit() {
global $access_level_names; global $access_level_names;
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
print "<form id=\"user_edit_form\" onsubmit='return false'>"; print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"$id\">"; print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">"; print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"method\" value=\"editSave\">"; print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
$result = db_query("SELECT * FROM ttrss_users WHERE id = '$id'"); $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
$login = db_fetch_result($result, 0, "login"); $login = $this->dbh->fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level"); $access_level = $this->dbh->fetch_result($result, 0, "access_level");
$email = db_fetch_result($result, 0, "email"); $email = $this->dbh->fetch_result($result, 0, "email");
$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
@ -181,10 +181,10 @@ class Pref_Users extends Handler_Protected {
} }
function editSave() { function editSave() {
$login = db_escape_string(trim($_REQUEST["login"])); $login = $this->dbh->escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]); $uid = $this->dbh->escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"]; $access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string(trim($_REQUEST["email"])); $email = $this->dbh->escape_string(trim($_REQUEST["email"]));
$password = $_REQUEST["password"]; $password = $_REQUEST["password"];
if ($password) { if ($password) {
@ -195,47 +195,47 @@ class Pref_Users extends Handler_Protected {
$pass_query_part = ""; $pass_query_part = "";
} }
db_query("UPDATE ttrss_users SET $pass_query_part login = '$login', $this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email', otp_enabled = false access_level = '$access_level', email = '$email', otp_enabled = false
WHERE id = '$uid'"); WHERE id = '$uid'");
} }
function remove() { function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) { if ($id != $_SESSION["uid"] && $id != 1) {
db_query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); $this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); $this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_users WHERE id = '$id'"); $this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
} }
} }
} }
function add() { function add() {
$login = db_escape_string(trim($_REQUEST["login"])); $login = $this->dbh->escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8); $tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
$result = db_query("SELECT id FROM ttrss_users WHERE $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
login = '$login'"); login = '$login'");
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
db_query("INSERT INTO ttrss_users $this->dbh->query("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt) (login,pwd_hash,access_level,last_login,created, salt)
VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')"); VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
$result = db_query("SELECT id FROM ttrss_users WHERE $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'"); login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id"); $new_uid = $this->dbh->fetch_result($result, 0, "id");
print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd)); $login, $tmp_user_pwd));
@ -304,7 +304,7 @@ class Pref_Users extends Handler_Protected {
} }
function resetPass() { function resetPass() {
$uid = db_escape_string($_REQUEST["id"]); $uid = $this->dbh->escape_string($_REQUEST["id"]);
Pref_Users::resetUserPassword($uid, true); Pref_Users::resetUserPassword($uid, true);
} }
@ -317,7 +317,7 @@ class Pref_Users extends Handler_Protected {
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">"; print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
$user_search = db_escape_string($_REQUEST["search"]); $user_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search; $_SESSION["prefs_user_search"] = $user_search;
@ -332,7 +332,7 @@ class Pref_Users extends Handler_Protected {
__('Search')."</button> __('Search')."</button>
</div>"; </div>";
$sort = db_escape_string($_REQUEST["sort"]); $sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") { if (!$sort || $sort == "undefined") {
$sort = "login"; $sort = "login";
@ -381,7 +381,7 @@ class Pref_Users extends Handler_Protected {
$user_search_query = ""; $user_search_query = "";
} }
$result = db_query("SELECT $result = $this->dbh->query("SELECT
id,login,access_level,email, id,login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
".SUBSTRING_FOR_DATE."(created,1,16) as created ".SUBSTRING_FOR_DATE."(created,1,16) as created
@ -392,7 +392,7 @@ class Pref_Users extends Handler_Protected {
id > 0 id > 0
ORDER BY $sort"); ORDER BY $sort");
if (db_num_rows($result) > 0) { if ($this->dbh->num_rows($result) > 0) {
print "<p><table width=\"100%\" cellspacing=\"0\" print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">"; class=\"prefUserList\" id=\"prefUserList\">";
@ -406,7 +406,7 @@ class Pref_Users extends Handler_Protected {
$lnum = 0; $lnum = 0;
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd"; $class = ($lnum % 2) ? "even" : "odd";

214
classes/rpc.php
View File

@ -8,18 +8,18 @@ class RPC extends Handler_Protected {
} }
function setprofile() { function setprofile() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$_SESSION["profile"] = $id; $_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array(); $_SESSION["prefs_cache"] = array();
} }
function remprofiles() { function remprofiles() {
$ids = explode(",", db_escape_string(trim($_REQUEST["ids"]))); $ids = explode(",", $this->dbh->escape_string(trim($_REQUEST["ids"])));
foreach ($ids as $id) { foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) { if ($_SESSION["profile"] != $id) {
db_query("DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND $this->dbh->query("DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
} }
} }
@ -27,23 +27,23 @@ class RPC extends Handler_Protected {
// Silent // Silent
function addprofile() { function addprofile() {
$title = db_escape_string(trim($_REQUEST["title"])); $title = $this->dbh->escape_string(trim($_REQUEST["title"]));
if ($title) { if ($title) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT id FROM ttrss_settings_profiles $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]); WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
db_query("INSERT INTO ttrss_settings_profiles (title, owner_uid) $this->dbh->query("INSERT INTO ttrss_settings_profiles (title, owner_uid)
VALUES ('$title', ".$_SESSION["uid"] .")"); VALUES ('$title', ".$_SESSION["uid"] .")");
$result = db_query("SELECT id FROM ttrss_settings_profiles WHERE $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles WHERE
title = '$title'"); title = '$title'");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$profile_id = db_fetch_result($result, 0, "id"); $profile_id = $this->dbh->fetch_result($result, 0, "id");
if ($profile_id) { if ($profile_id) {
initialize_user_prefs($_SESSION["uid"], $profile_id); initialize_user_prefs($_SESSION["uid"], $profile_id);
@ -51,14 +51,14 @@ class RPC extends Handler_Protected {
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
// Silent // Silent
function saveprofile() { function saveprofile() {
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$title = db_escape_string(trim($_REQUEST["value"])); $title = $this->dbh->escape_string(trim($_REQUEST["value"]));
if ($id == 0) { if ($id == 0) {
print __("Default profile"); print __("Default profile");
@ -66,44 +66,44 @@ class RPC extends Handler_Protected {
} }
if ($title) { if ($title) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT id FROM ttrss_settings_profiles $result = $this->dbh->query("SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]); WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
db_query("UPDATE ttrss_settings_profiles $this->dbh->query("UPDATE ttrss_settings_profiles
SET title = '$title' WHERE id = '$id' AND SET title = '$title' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
print $title; print $title;
} else { } else {
$result = db_query("SELECT title FROM ttrss_settings_profiles $result = $this->dbh->query("SELECT title FROM ttrss_settings_profiles
WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]); WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
print db_fetch_result($result, 0, "title"); print $this->dbh->fetch_result($result, 0, "title");
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
} }
// Silent // Silent
function remarchive() { function remarchive() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
$result = db_query("DELETE FROM ttrss_archived_feeds WHERE $result = $this->dbh->query("DELETE FROM ttrss_archived_feeds WHERE
(SELECT COUNT(*) FROM ttrss_user_entries (SELECT COUNT(*) FROM ttrss_user_entries
WHERE orig_feed_id = '$id') = 0 AND WHERE orig_feed_id = '$id') = 0 AND
id = '$id' AND owner_uid = ".$_SESSION["uid"]); id = '$id' AND owner_uid = ".$_SESSION["uid"]);
$rc = db_affected_rows($result); $rc = $this->dbh->affected_rows($result);
} }
} }
function addfeed() { function addfeed() {
$feed = db_escape_string($_REQUEST['feed']); $feed = $this->dbh->escape_string($_REQUEST['feed']);
$cat = db_escape_string($_REQUEST['cat']); $cat = $this->dbh->escape_string($_REQUEST['cat']);
$login = db_escape_string($_REQUEST['login']); $login = $this->dbh->escape_string($_REQUEST['login']);
$pass = trim($_REQUEST['pass']); // escaped later $pass = trim($_REQUEST['pass']); // escaped later
$rc = subscribe_to_feed($feed, $cat, $login, $pass); $rc = subscribe_to_feed($feed, $cat, $login, $pass);
@ -112,7 +112,7 @@ class RPC extends Handler_Protected {
} }
function togglepref() { function togglepref() {
$key = db_escape_string($_REQUEST["key"]); $key = $this->dbh->escape_string($_REQUEST["key"]);
set_pref($key, !get_pref($key)); set_pref($key, !get_pref($key));
$value = get_pref($key); $value = get_pref($key);
@ -131,7 +131,7 @@ class RPC extends Handler_Protected {
function mark() { function mark() {
$mark = $_REQUEST["mark"]; $mark = $_REQUEST["mark"];
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
if ($mark == "1") { if ($mark == "1") {
$mark = "true"; $mark = "true";
@ -139,7 +139,7 @@ class RPC extends Handler_Protected {
$mark = "false"; $mark = "false";
} }
$result = db_query("UPDATE ttrss_user_entries SET marked = $mark, $result = $this->dbh->query("UPDATE ttrss_user_entries SET marked = $mark,
last_marked = NOW() last_marked = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
@ -147,9 +147,9 @@ class RPC extends Handler_Protected {
} }
function delete() { function delete() {
$ids = db_escape_string($_REQUEST["ids"]); $ids = $this->dbh->escape_string($_REQUEST["ids"]);
$result = db_query("DELETE FROM ttrss_user_entries $result = $this->dbh->query("DELETE FROM ttrss_user_entries
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
purge_orphans(); purge_orphans();
@ -161,26 +161,26 @@ class RPC extends Handler_Protected {
$ids = explode(",", $_REQUEST["ids"]); $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) { foreach ($ids as $id) {
$id = db_escape_string(trim($id)); $id = $this->dbh->escape_string(trim($id));
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT feed_url,site_url,title FROM ttrss_archived_feeds $result = $this->dbh->query("SELECT feed_url,site_url,title FROM ttrss_archived_feeds
WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = $id WHERE id = (SELECT orig_feed_id FROM ttrss_user_entries WHERE ref_id = $id
AND owner_uid = ".$_SESSION["uid"].")"); AND owner_uid = ".$_SESSION["uid"].")");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url")); $feed_url = $this->dbh->escape_string(db_fetch_result($result, 0, "feed_url"));
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url")); $site_url = $this->dbh->escape_string(db_fetch_result($result, 0, "site_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title")); $title = $this->dbh->escape_string(db_fetch_result($result, 0, "title"));
$result = db_query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
AND owner_uid = " .$_SESSION["uid"]); AND owner_uid = " .$_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
if (!$title) $title = '[Unknown]'; if (!$title) $title = '[Unknown]';
$result = db_query( $result = $this->dbh->query(
"INSERT INTO ttrss_feeds "INSERT INTO ttrss_feeds
(owner_uid,feed_url,site_url,title,cat_id,auth_login,auth_pass,update_method) (owner_uid,feed_url,site_url,title,cat_id,auth_login,auth_pass,update_method)
VALUES (".$_SESSION["uid"].", VALUES (".$_SESSION["uid"].",
@ -189,33 +189,33 @@ class RPC extends Handler_Protected {
'$title', '$title',
NULL, '', '', 0)"); NULL, '', '', 0)");
$result = db_query( $result = $this->dbh->query(
"SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url'
AND owner_uid = ".$_SESSION["uid"]); AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$feed_id = db_fetch_result($result, 0, "id"); $feed_id = $this->dbh->fetch_result($result, 0, "id");
} }
} else { } else {
$feed_id = db_fetch_result($result, 0, "id"); $feed_id = $this->dbh->fetch_result($result, 0, "id");
} }
if ($feed_id) { if ($feed_id) {
$result = db_query("UPDATE ttrss_user_entries $result = $this->dbh->query("UPDATE ttrss_user_entries
SET feed_id = '$feed_id', orig_feed_id = NULL SET feed_id = '$feed_id', orig_feed_id = NULL
WHERE ref_id = $id AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = $id AND owner_uid = " . $_SESSION["uid"]);
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
print json_encode(array("message" => "UPDATE_COUNTERS")); print json_encode(array("message" => "UPDATE_COUNTERS"));
} }
function archive() { function archive() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) { foreach ($ids as $id) {
$this->archive_article($id, $_SESSION["uid"]); $this->archive_article($id, $_SESSION["uid"]);
@ -225,41 +225,41 @@ class RPC extends Handler_Protected {
} }
private function archive_article($id, $owner_uid) { private function archive_article($id, $owner_uid) {
db_query("BEGIN"); $this->dbh->query("BEGIN");
$result = db_query("SELECT feed_id FROM ttrss_user_entries $result = $this->dbh->query("SELECT feed_id FROM ttrss_user_entries
WHERE ref_id = '$id' AND owner_uid = $owner_uid"); WHERE ref_id = '$id' AND owner_uid = $owner_uid");
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
/* prepare the archived table */ /* prepare the archived table */
$feed_id = (int) db_fetch_result($result, 0, "feed_id"); $feed_id = (int) $this->dbh->fetch_result($result, 0, "feed_id");
if ($feed_id) { if ($feed_id) {
$result = db_query("SELECT id FROM ttrss_archived_feeds $result = $this->dbh->query("SELECT id FROM ttrss_archived_feeds
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
db_query("INSERT INTO ttrss_archived_feeds $this->dbh->query("INSERT INTO ttrss_archived_feeds
(id, owner_uid, title, feed_url, site_url) (id, owner_uid, title, feed_url, site_url)
SELECT id, owner_uid, title, feed_url, site_url from ttrss_feeds SELECT id, owner_uid, title, feed_url, site_url from ttrss_feeds
WHERE id = '$feed_id'"); WHERE id = '$feed_id'");
} }
db_query("UPDATE ttrss_user_entries $this->dbh->query("UPDATE ttrss_user_entries
SET orig_feed_id = feed_id, feed_id = NULL SET orig_feed_id = feed_id, feed_id = NULL
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
} }
} }
db_query("COMMIT"); $this->dbh->query("COMMIT");
} }
function publ() { function publ() {
$pub = $_REQUEST["pub"]; $pub = $_REQUEST["pub"];
$id = db_escape_string($_REQUEST["id"]); $id = $this->dbh->escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); $note = trim(strip_tags($this->dbh->escape_string($_REQUEST["note"])));
if ($pub == "1") { if ($pub == "1") {
$pub = "true"; $pub = "true";
@ -267,7 +267,7 @@ class RPC extends Handler_Protected {
$pub = "false"; $pub = "false";
} }
$result = db_query("UPDATE ttrss_user_entries SET $result = $this->dbh->query("UPDATE ttrss_user_entries SET
published = $pub, last_published = NOW() published = $pub, last_published = NOW()
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
@ -305,7 +305,7 @@ class RPC extends Handler_Protected {
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */ /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
function catchupSelected() { function catchupSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]); $cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById($ids, $cmode); catchupArticlesById($ids, $cmode);
@ -314,7 +314,7 @@ class RPC extends Handler_Protected {
} }
function markSelected() { function markSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]); $cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->markArticlesById($ids, $cmode); $this->markArticlesById($ids, $cmode);
@ -323,7 +323,7 @@ class RPC extends Handler_Protected {
} }
function publishSelected() { function publishSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]); $cmode = sprintf("%d", $_REQUEST["cmode"]);
$this->publishArticlesById($ids, $cmode); $this->publishArticlesById($ids, $cmode);
@ -349,40 +349,40 @@ class RPC extends Handler_Protected {
} }
function completeLabels() { function completeLabels() {
$search = db_escape_string($_REQUEST["search"]); $search = $this->dbh->escape_string($_REQUEST["search"]);
$result = db_query("SELECT DISTINCT caption FROM $result = $this->dbh->query("SELECT DISTINCT caption FROM
ttrss_labels2 ttrss_labels2
WHERE owner_uid = '".$_SESSION["uid"]."' AND WHERE owner_uid = '".$_SESSION["uid"]."' AND
LOWER(caption) LIKE LOWER('$search%') ORDER BY caption LOWER(caption) LIKE LOWER('$search%') ORDER BY caption
LIMIT 5"); LIMIT 5");
print "<ul>"; print "<ul>";
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
print "<li>" . $line["caption"] . "</li>"; print "<li>" . $line["caption"] . "</li>";
} }
print "</ul>"; print "</ul>";
} }
function purge() { function purge() {
$ids = explode(",", db_escape_string($_REQUEST["ids"])); $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$days = sprintf("%d", $_REQUEST["days"]); $days = sprintf("%d", $_REQUEST["days"]);
foreach ($ids as $id) { foreach ($ids as $id) {
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
id = '$id' AND owner_uid = ".$_SESSION["uid"]); id = '$id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
purge_feed($id, $days); purge_feed($id, $days);
} }
} }
} }
function updateFeedBrowser() { function updateFeedBrowser() {
$search = db_escape_string($_REQUEST["search"]); $search = $this->dbh->escape_string($_REQUEST["search"]);
$limit = db_escape_string($_REQUEST["limit"]); $limit = $this->dbh->escape_string($_REQUEST["limit"]);
$mode = (int) db_escape_string($_REQUEST["mode"]); $mode = (int) $this->dbh->escape_string($_REQUEST["mode"]);
require_once "feedbrowser.php"; require_once "feedbrowser.php";
@ -402,14 +402,14 @@ class RPC extends Handler_Protected {
if ($mode == 1) { if ($mode == 1) {
foreach ($payload as $feed) { foreach ($payload as $feed) {
$title = db_escape_string($feed[0]); $title = $this->dbh->escape_string($feed[0]);
$feed_url = db_escape_string($feed[1]); $feed_url = $this->dbh->escape_string($feed[1]);
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
$result = db_query("INSERT INTO ttrss_feeds $result = $this->dbh->query("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url) (owner_uid,feed_url,title,cat_id,site_url)
VALUES ('".$_SESSION["uid"]."', VALUES ('".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '')"); '$feed_url', '$title', NULL, '')");
@ -418,19 +418,19 @@ class RPC extends Handler_Protected {
} else if ($mode == 2) { } else if ($mode == 2) {
// feed archive // feed archive
foreach ($payload as $id) { foreach ($payload as $id) {
$result = db_query("SELECT * FROM ttrss_archived_feeds $result = $this->dbh->query("SELECT * FROM ttrss_archived_feeds
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url")); $site_url = $this->dbh->escape_string(db_fetch_result($result, 0, "site_url"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url")); $feed_url = $this->dbh->escape_string(db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title")); $title = $this->dbh->escape_string(db_fetch_result($result, 0, "title"));
$result = db_query("SELECT id FROM ttrss_feeds WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) { if ($this->dbh->num_rows($result) == 0) {
$result = db_query("INSERT INTO ttrss_feeds $result = $this->dbh->query("INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url) (owner_uid,feed_url,title,cat_id,site_url)
VALUES ('$id','".$_SESSION["uid"]."', VALUES ('$id','".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '$site_url')"); '$feed_url', '$title', NULL, '$site_url')");
@ -441,9 +441,9 @@ class RPC extends Handler_Protected {
} }
function catchupFeed() { function catchupFeed() {
$feed_id = db_escape_string($_REQUEST['feed_id']); $feed_id = $this->dbh->escape_string($_REQUEST['feed_id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true"; $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
$mode = db_escape_string($_REQUEST['mode']); $mode = $this->dbh->escape_string($_REQUEST['mode']);
catchup_feed($feed_id, $is_cat, false, false, $mode); catchup_feed($feed_id, $is_cat, false, false, $mode);
@ -451,15 +451,15 @@ class RPC extends Handler_Protected {
} }
function quickAddCat() { function quickAddCat() {
$cat = db_escape_string($_REQUEST["cat"]); $cat = $this->dbh->escape_string($_REQUEST["cat"]);
add_feed_category($cat); add_feed_category($cat);
$result = db_query("SELECT id FROM ttrss_feed_categories WHERE $result = $this->dbh->query("SELECT id FROM ttrss_feed_categories WHERE
title = '$cat' AND owner_uid = " . $_SESSION["uid"]); title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 1) { if ($this->dbh->num_rows($result) == 1) {
$id = db_fetch_result($result, 0, "id"); $id = $this->dbh->fetch_result($result, 0, "id");
} else { } else {
$id = 0; $id = 0;
} }
@ -469,7 +469,7 @@ class RPC extends Handler_Protected {
// Silent // Silent
function clearArticleKeys() { function clearArticleKeys() {
db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE $this->dbh->query("UPDATE ttrss_user_entries SET uuid = '' WHERE
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
return; return;
@ -516,7 +516,7 @@ class RPC extends Handler_Protected {
$random_qpart = sql_random_function(); $random_qpart = sql_random_function();
// We search for feed needing update. // We search for feed needing update.
$result = db_query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id $result = $this->dbh->query("SELECT ttrss_feeds.feed_url,ttrss_feeds.id
FROM FROM
ttrss_feeds, ttrss_users, ttrss_user_prefs ttrss_feeds, ttrss_users, ttrss_user_prefs
WHERE WHERE
@ -535,7 +535,7 @@ class RPC extends Handler_Protected {
$tstart = time(); $tstart = time();
while ($line = db_fetch_assoc($result)) { while ($line = $this->dbh->fetch_assoc($result)) {
$feed_id = $line["id"]; $feed_id = $line["id"];
if (time() - $tstart < ini_get("max_execution_time") * 0.7) { if (time() - $tstart < ini_get("max_execution_time") * 0.7) {
@ -570,15 +570,15 @@ class RPC extends Handler_Protected {
$ids_qpart = join(" OR ", $tmp_ids); $ids_qpart = join(" OR ", $tmp_ids);
if ($cmode == 0) { if ($cmode == 0) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
marked = false, last_marked = NOW() marked = false, last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) { } else if ($cmode == 1) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
marked = true, last_marked = NOW() marked = true, last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else { } else {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
marked = NOT marked,last_marked = NOW() marked = NOT marked,last_marked = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} }
@ -595,15 +595,15 @@ class RPC extends Handler_Protected {
$ids_qpart = join(" OR ", $tmp_ids); $ids_qpart = join(" OR ", $tmp_ids);
if ($cmode == 0) { if ($cmode == 0) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
published = false,last_published = NOW() published = false,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else if ($cmode == 1) { } else if ($cmode == 1) {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
published = true,last_published = NOW() published = true,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} else { } else {
db_query("UPDATE ttrss_user_entries SET $this->dbh->query("UPDATE ttrss_user_entries SET
published = NOT published,last_published = NOW() published = NOT published,last_published = NOW()
WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]);
} }
@ -620,14 +620,14 @@ class RPC extends Handler_Protected {
} }
function getlinktitlebyid() { function getlinktitlebyid() {
$id = db_escape_string($_REQUEST['id']); $id = $this->dbh->escape_string($_REQUEST['id']);
$result = db_query("SELECT link, title FROM ttrss_entries, ttrss_user_entries $result = $this->dbh->query("SELECT link, title FROM ttrss_entries, ttrss_user_entries
WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]); WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) { if ($this->dbh->num_rows($result) != 0) {
$link = db_fetch_result($result, 0, "link"); $link = $this->dbh->fetch_result($result, 0, "link");
$title = db_fetch_result($result, 0, "title"); $title = $this->dbh->fetch_result($result, 0, "title");
echo json_encode(array("link" => $link, "title" => $title)); echo json_encode(array("link" => $link, "title" => $title));
} else { } else {