filters: use PDO

This commit is contained in:
Andrew Dolgov 2017-12-02 13:28:13 +03:00
parent 21295a52aa
commit f594717d18
1 changed files with 314 additions and 288 deletions

View File

@ -9,8 +9,9 @@ class Pref_Filters extends Handler_Protected {
} }
function filtersortreset() { function filtersortreset() {
$this->dbh->query("UPDATE ttrss_filters2 $sth = $this->pdo->prepare("UPDATE ttrss_filters2
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); SET order_id = 0 WHERE owner_uid = ?");
$sth->execute([$_SESSION['uid']]);
return; return;
} }
@ -26,15 +27,16 @@ class Pref_Filters extends Handler_Protected {
$index = 0; $index = 0;
if (is_array($data) && is_array($data['items'])) { if (is_array($data) && is_array($data['items'])) {
$sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET
order_id = ? WHERE id = ? AND
owner_uid = ?");
foreach ($data['items'][0]['items'] as $item) { foreach ($data['items'][0]['items'] as $item) {
$filter_id = (int) str_replace("FILTER:", "", $item['_reference']); $filter_id = (int) str_replace("FILTER:", "", $item['_reference']);
if ($filter_id > 0) { if ($filter_id > 0) {
$sth->execute([$index, $filter_id, $_SESSION['uid']]);
$this->dbh->query("UPDATE ttrss_filters2 SET
order_id = $index WHERE id = '$filter_id' AND
owner_uid = " .$_SESSION["uid"]);
++$index; ++$index;
} }
} }
@ -44,24 +46,24 @@ class Pref_Filters extends Handler_Protected {
} }
function testFilterDo() { function testFilterDo() {
$offset = (int) db_escape_string($_REQUEST["offset"]); $offset = (int) $_REQUEST["offset"];
$limit = (int) db_escape_string($_REQUEST["limit"]); $limit = (int) $_REQUEST["limit"];
$filter = array(); $filter = array();
$filter["enabled"] = true; $filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool( $filter["match_any_rule"] = sql_bool_to_bool(
checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]))); checkbox_to_sql_bool($_REQUEST["match_any_rule"]));
$filter["inverse"] = sql_bool_to_bool( $filter["inverse"] = sql_bool_to_bool(
checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]))); checkbox_to_sql_bool($_REQUEST["inverse"]));
$filter["rules"] = array(); $filter["rules"] = array();
$filter["actions"] = array("dummy-action"); $filter["actions"] = array("dummy-action");
$result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types"); $res = $this->pdo->query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array(); $filter_types = array();
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $res->fetch()) {
$filter_types[$line["id"]] = $line["name"]; $filter_types[$line["id"]] = $line["name"];
} }
@ -80,9 +82,9 @@ class Pref_Filters extends Handler_Protected {
if (strpos($feed_id, "CAT:") === 0) { if (strpos($feed_id, "CAT:") === 0) {
$cat_id = (int) substr($feed_id, 4); $cat_id = (int) substr($feed_id, 4);
array_push($scope_inner_qparts, "cat_id = " . $cat_id); array_push($scope_inner_qparts, "cat_id = " . $this->pdo->quote($cat_id));
} else if ($feed_id > 0) { } else if ($feed_id > 0) {
array_push($scope_inner_qparts, "feed_id = " . $feed_id); array_push($scope_inner_qparts, "feed_id = " . $this->pdo->quote($feed_id));
} }
} }
@ -109,7 +111,7 @@ class Pref_Filters extends Handler_Protected {
//while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) { //while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) {
$result = db_query("SELECT ttrss_entries.id, $sth = $this->pdo->prepare("SELECT ttrss_entries.id,
ttrss_entries.title, ttrss_entries.title,
ttrss_feeds.id AS feed_id, ttrss_feeds.id AS feed_id,
ttrss_feeds.title AS feed_title, ttrss_feeds.title AS feed_title,
@ -126,10 +128,12 @@ class Pref_Filters extends Handler_Protected {
WHERE WHERE
ref_id = ttrss_entries.id AND ref_id = ttrss_entries.id AND
($scope_qpart) AND ($scope_qpart) AND
ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " ttrss_user_entries.owner_uid = ?
ORDER BY date_entered DESC LIMIT $limit OFFSET $offset"); ORDER BY date_entered DESC LIMIT ?OFFSET ?");
while ($line = db_fetch_assoc($result)) { $sth->execute([$_SESSION['uid'], $limit, $offset]);;
while ($line = $sth->fetch()) {
$rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'], $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'],
$line['author'], explode(",", $line['tag_cache'])); $line['author'], explode(",", $line['tag_cache']));
@ -209,7 +213,7 @@ class Pref_Filters extends Handler_Protected {
} }
private function getfilterrules_concise($filter_id) { private function getfilterrules_concise($filter_id) {
$result = $this->dbh->query("SELECT reg_exp, $sth = $this->pdo->prepare("SELECT reg_exp,
inverse, inverse,
match_on, match_on,
feed_id, feed_id,
@ -219,12 +223,13 @@ class Pref_Filters extends Handler_Protected {
FROM FROM
ttrss_filters2_rules, ttrss_filter_types ttrss_filters2_rules, ttrss_filter_types
WHERE WHERE
filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id filter_id = ? AND filter_type = ttrss_filter_types.id
ORDER BY reg_exp"); ORDER BY reg_exp");
$sth->execute([$filter_id]);
$rv = ""; $rv = "";
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
if ($line["match_on"]) { if ($line["match_on"]) {
$feeds = json_decode($line["match_on"], true); $feeds = json_decode($line["match_on"], true);
@ -275,7 +280,7 @@ class Pref_Filters extends Handler_Protected {
$filter_search = $_SESSION["prefs_filter_search"]; $filter_search = $_SESSION["prefs_filter_search"];
$result = $this->dbh->query("SELECT *, $sth = $this->pdo->prepare("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions (SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param, WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions (SELECT action_id FROM ttrss_filters2_actions
@ -286,22 +291,23 @@ class Pref_Filters extends Handler_Protected {
(SELECT reg_exp FROM ttrss_filters2_rules (SELECT reg_exp FROM ttrss_filters2_rules
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp
FROM ttrss_filters2 WHERE FROM ttrss_filters2 WHERE
owner_uid = ".$_SESSION["uid"]." ORDER BY order_id, title"); owner_uid = ? ORDER BY order_id, title");
$sth->execute([$_SESSION['uid']]);
$folder = array(); $folder = array();
$folder['items'] = array(); $folder['items'] = array();
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
$name = $this->getFilterName($line["id"]); $name = $this->getFilterName($line["id"]);
$match_ok = false; $match_ok = false;
if ($filter_search) { if ($filter_search) {
$rules_result = $this->dbh->query( $rules_sth = $this->pdo->prepare("SELECT reg_exp
"SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]); FROM ttrss_filters2_rules WHERE filter_id = ?");
$rules_sth->execute([$line['id']]);
while ($rule_line = $this->dbh->fetch_assoc($rules_result)) { while ($rule_line = $rules_sth->fetch()) {
if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) { if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
$match_ok = true; $match_ok = true;
break; break;
@ -310,13 +316,14 @@ class Pref_Filters extends Handler_Protected {
} }
if ($line['action_id'] == 7) { if ($line['action_id'] == 7) {
$label_result = $this->dbh->query("SELECT fg_color, bg_color $label_sth = $this->pdo->prepare("SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND FROM ttrss_labels2 WHERE caption = ? AND
owner_uid = " . $_SESSION["uid"]); owner_uid = ?");
$label_sth->execute([$line['action_param'], $_SESSION['uid']]);
if ($this->dbh->num_rows($label_result) > 0) { if ($label_row = $label_sth->fetch()) {
$fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color"); $fg_color = $label_row["fg_color"];
$bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color"); $bg_color = $label_row["bg_color"];
$name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1]; $name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1];
} }
@ -336,10 +343,6 @@ class Pref_Filters extends Handler_Protected {
} }
} }
/* if (count($folder['items']) > 0) {
array_push($root['items'], $folder);
} */
$root['items'] = $folder['items']; $root['items'] = $folder['items'];
$fl = array(); $fl = array();
@ -353,175 +356,182 @@ class Pref_Filters extends Handler_Protected {
function edit() { function edit() {
$filter_id = $this->dbh->escape_string($_REQUEST["id"]); $filter_id = $_REQUEST["id"];
$result = $this->dbh->query( $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); WHERE id = ? AND owner_uid = ?");
$sth->execute([$filter_id, $_SESSION['uid']]);
$enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled")); if ($row = $sth->fetch()) {
$match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
$inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse"));
$title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>"; $enabled = sql_bool_to_bool($row["enabled"]);
$match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
$inverse = sql_bool_to_bool($row["inverse"]);
$title = htmlspecialchars($row["title"]);
print_hidden("op", "pref-filters"); print "<form id=\"filter_edit_form\" onsubmit='return false'>";
print_hidden("id", "$filter_id");
print_hidden("method", "editSave");
print_hidden("csrf_token", $_SESSION['csrf_token']);
print "<div class=\"dlgSec\">".__("Caption")."</div>"; print_hidden("op", "pref-filters");
print_hidden("id", "$filter_id");
print_hidden("method", "editSave");
print_hidden("csrf_token", $_SESSION['csrf_token']);
print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">"; print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "</div>"; print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">";
print "<div class=\"dlgSec\">".__("Match")."</div>"; print "</div>";
print "<div dojoType=\"dijit.Toolbar\">"; print "<div class=\"dlgSec\">".__("Match")."</div>";
print "<div dojoType=\"dijit.form.DropDownButton\">". print "<div dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>"; "<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\" print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>"; dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\" print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>"; dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>"; print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">".
__('Add')."</button> "; __('Add')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">".
__('Delete')."</button> "; __('Delete')."</button> ";
print "</div>"; print "</div>";
print "<ul id='filterDlg_Matches'>"; print "<ul id='filterDlg_Matches'>";
$rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$filter_id' ORDER BY reg_exp, id"); WHERE filter_id = ? ORDER BY reg_exp, id");
$rules_sth->execute([$filter_id]);
while ($line = $this->dbh->fetch_assoc($rules_result)) { while ($line = $rules_sth->fetch()) {
if ($line["match_on"]) { if ($line["match_on"]) {
$line["feed_id"] = json_decode($line["match_on"], true); $line["feed_id"] = json_decode($line["match_on"], true);
} else { } else {
if (sql_bool_to_bool($line["cat_filter"])) { if (sql_bool_to_bool($line["cat_filter"])) {
$feed_id = "CAT:" . (int)$line["cat_id"]; $feed_id = "CAT:" . (int)$line["cat_id"];
} else { } else {
$feed_id = (int)$line["feed_id"]; $feed_id = (int)$line["feed_id"];
} }
$line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array() $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array()
} }
unset($line["cat_filter"]); unset($line["cat_filter"]);
unset($line["cat_id"]); unset($line["cat_id"]);
unset($line["filter_id"]); unset($line["filter_id"]);
unset($line["id"]); unset($line["id"]);
if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
unset($line["match_on"]); unset($line["match_on"]);
$data = htmlspecialchars(json_encode($line)); $data = htmlspecialchars(json_encode($line));
print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
"<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>". "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>".
"<input type='hidden' name='rule[]' value=\"$data\"/></li>"; "<input type='hidden' name='rule[]' value=\"$data\"/></li>";
} }
print "</ul>"; print "</ul>";
print "</div>"; print "</div>";
print "<div class=\"dlgSec\">".__("Apply actions")."</div>"; print "<div class=\"dlgSec\">".__("Apply actions")."</div>";
print "<div dojoType=\"dijit.Toolbar\">"; print "<div dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">". print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>"; "<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\" print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>"; dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\" print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>"; dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>"; print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">".
__('Add')."</button> "; __('Add')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">".
__('Delete')."</button> "; __('Delete')."</button> ";
print "</div>"; print "</div>";
print "<ul id='filterDlg_Actions'>"; print "<ul id='filterDlg_Actions'>";
$actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$filter_id' ORDER BY id"); WHERE filter_id = ? ORDER BY id");
$actions_sth->execute([$filter_id]);
while ($line = $this->dbh->fetch_assoc($actions_result)) { while ($line = $actions_sth->fetch()) {
$line["action_param_label"] = $line["action_param"]; $line["action_param_label"] = $line["action_param"];
unset($line["filter_id"]); unset($line["filter_id"]);
unset($line["id"]); unset($line["id"]);
$data = htmlspecialchars(json_encode($line)); $data = htmlspecialchars(json_encode($line));
print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>".
"<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>". "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>".
"<input type='hidden' name='action[]' value=\"$data\"/></li>"; "<input type='hidden' name='action[]' value=\"$data\"/></li>";
} }
print "</ul>"; print "</ul>";
print "</div>"; print "</div>";
if ($enabled) { if ($enabled) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
} else { } else {
$checked = ""; $checked = "";
} }
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked> print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
<label for=\"enabled\">".__('Enabled')."</label>"; <label for=\"enabled\">".__('Enabled')."</label>";
if ($match_any_rule) { if ($match_any_rule) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
} else { } else {
$checked = ""; $checked = "";
} }
print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked> print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
<label for=\"match_any_rule\">".__('Match any rule')."</label>"; <label for=\"match_any_rule\">".__('Match any rule')."</label>";
if ($inverse) { if ($inverse) {
$checked = "checked=\"1\""; $checked = "checked=\"1\"";
} else { } else {
$checked = ""; $checked = "";
} }
print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked> print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse matching')."</label>"; <label for=\"inverse\">".__('Inverse matching')."</label>";
print "<p/>"; print "<p/>";
print "<div class=\"dlgButtons\">"; print "<div class=\"dlgButtons\">";
print "<div style=\"float : left\">"; print "<div style=\"float : left\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
__('Remove')."</button>"; __('Remove')."</button>";
print "</div>"; print "</div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
__('Test')."</button> "; __('Test')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
__('Save')."</button> "; __('Save')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
__('Cancel')."</button>"; __('Cancel')."</button>";
print "</div>"; print "</div>";
}
} }
private function getRuleName($rule) { private function getRuleName($rule) {
@ -547,9 +557,15 @@ class Pref_Filters extends Handler_Protected {
$feed = implode(", ", $feeds_fmt); $feed = implode(", ", $feeds_fmt);
$result = $this->dbh->query("SELECT description FROM ttrss_filter_types $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_types
WHERE id = ".(int)$rule["filter_type"]); WHERE id = ?");
$filter_type = $this->dbh->fetch_result($result, 0, "description"); $sth->execute([(int)$rule["filter_type"]]);
if ($row = $sth->fetch()) {
$filter_type = $row["description"];
} else {
$filter_type = "?UNKNOWN?";
}
$inverse = isset($rule["inverse"]) ? "inverse" : ""; $inverse = isset($rule["inverse"]) ? "inverse" : "";
@ -563,25 +579,31 @@ class Pref_Filters extends Handler_Protected {
} }
private function getActionName($action) { private function getActionName($action) {
$result = $this->dbh->query("SELECT description FROM $sth = $this->pdo->prepare("SELECT description FROM
ttrss_filter_actions WHERE id = " .(int)$action["action_id"]); ttrss_filter_actions WHERE id = ?");
$sth->execute([(int)$action["action_id"]]);
$title = __($this->dbh->fetch_result($result, 0, "description")); $title = "";
if ($action["action_id"] == 4 || $action["action_id"] == 6 || if ($row = $sth->fetch()) {
$action["action_id"] == 7)
$title = __($row["description"]);
if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
$action["action_id"] == 7)
$title .= ": " . $action["action_param"]; $title .= ": " . $action["action_param"];
if ($action["action_id"] == 9) { if ($action["action_id"] == 9) {
list ($pfclass, $pfaction) = explode(":", $action["action_param"]); list ($pfclass, $pfaction) = explode(":", $action["action_param"]);
$filter_actions = PluginHost::getInstance()->get_filter_actions(); $filter_actions = PluginHost::getInstance()->get_filter_actions();
foreach ($filter_actions as $fclass => $factions) { foreach ($filter_actions as $fclass => $factions) {
foreach ($factions as $faction) { foreach ($factions as $faction) {
if ($pfaction == $faction["action"] && $pfclass == $fclass) { if ($pfaction == $faction["action"] && $pfclass == $fclass) {
$title .= ": " . $fclass . ": " . $faction["description"]; $title .= ": " . $fclass . ": " . $faction["description"];
break; break;
}
} }
} }
} }
@ -599,39 +621,49 @@ class Pref_Filters extends Handler_Protected {
return $this->testFilter(); return $this->testFilter();
} }
# print_r($_REQUEST); $filter_id = $_REQUEST["id"];
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
$inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
$title = $_REQUEST["title"];
$filter_id = $this->dbh->escape_string($_REQUEST["id"]); $this->pdo->beginTransaction();
$enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]));
$title = $this->dbh->escape_string($_REQUEST["title"]);
$this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled, $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET enabled = ?,
match_any_rule = $match_any_rule, match_any_rule = ?,
inverse = $inverse, inverse = ?,
title = '$title' title = ?
WHERE id = '$filter_id' WHERE id = ? AND owner_uid = ?");
AND owner_uid = ". $_SESSION["uid"]);
$sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]);
$this->saveRulesAndActions($filter_id); $this->saveRulesAndActions($filter_id);
$this->pdo->commit();
} }
function remove() { function remove() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(",", $_REQUEST["ids"]);
$ids_qmarks = arr_qmarks($ids);
foreach ($ids as $id) { $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)
$this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); AND owner_uid = ?");
} $sth->execute(array_merge($ids, [$_SESSION['uid']]));
} }
private function saveRulesAndActions($filter_id) { private function saveRulesAndActions($filter_id)
{
$this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'"); $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?");
$this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'"); $sth->execute([$filter_id]);
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?");
$sth->execute([$filter_id]);
if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = [];
if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = [];
if ($filter_id) { if ($filter_id) {
/* create rules */ /* create rules */
@ -656,63 +688,46 @@ class Pref_Filters extends Handler_Protected {
} }
} }
$rsth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules
(filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
(?, ?, ?, NULL, NULL, ?, ?)");
foreach ($rules as $rule) { foreach ($rules as $rule) {
if ($rule) { if ($rule) {
$reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false); $reg_exp = trim($rule["reg_exp"]);
$inverse = isset($rule["inverse"]) ? "true" : "false"; $inverse = isset($rule["inverse"]) ? "true" : "false";
$filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"])); $filter_type = (int)trim($rule["filter_type"]);
$match_on = $this->dbh->escape_string(json_encode($rule["feed_id"])); $match_on = json_encode($rule["feed_id"]);
/*if (strpos($feed_id, "CAT:") === 0) { $rsth->execute([$filter_id, $reg_exp, $filter_type, $match_on, $inverse]);
$cat_filter = bool_to_sql_bool(true);
$cat_id = (int) substr($feed_id, 4);
$feed_id = "NULL";
if (!$cat_id) $cat_id = "NULL"; // Uncategorized
} else {
$cat_filter = bool_to_sql_bool(false);
$feed_id = (int) $feed_id;
$cat_id = "NULL";
if (!$feed_id) $feed_id = "NULL"; // Uncategorized
}*/
$query = "INSERT INTO ttrss_filters2_rules
(filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES
('$filter_id', '$reg_exp', '$filter_type', NULL, NULL, '$match_on', $inverse)";
$this->dbh->query($query);
} }
} }
$asth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions
(filter_id, action_id, action_param) VALUES
(?, ?, ?)");
foreach ($actions as $action) { foreach ($actions as $action) {
if ($action) { if ($action) {
$action_id = (int) $this->dbh->escape_string($action["action_id"]); $action_id = (int)$action["action_id"];
$action_param = $this->dbh->escape_string($action["action_param"]); $action_param = $action["action_param"];
$action_param_label = $this->dbh->escape_string($action["action_param_label"]); $action_param_label = $action["action_param_label"];
if ($action_id == 7) { if ($action_id == 7) {
$action_param = $action_param_label; $action_param = $action_param_label;
} }
if ($action_id == 6) { if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param); $action_param = (int)str_replace("+", "", $action_param);
} }
$query = "INSERT INTO ttrss_filters2_actions $asth->execute([$filter_id, $action_id, $action_param]);
(filter_id, action_id, action_param) VALUES
('$filter_id', '$action_id', '$action_param')";
$this->dbh->query($query);
} }
} }
} }
} }
function add() { function add() {
@ -720,40 +735,42 @@ class Pref_Filters extends Handler_Protected {
return $this->testFilter(); return $this->testFilter();
} }
# print_r($_REQUEST);
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
$title = $this->dbh->escape_string($_REQUEST["title"]); $title = $_REQUEST["title"];
$inverse = checkbox_to_sql_bool($_REQUEST["inverse"]); $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]);
$this->dbh->query("BEGIN"); $this->pdo->beginTransaction();
/* create base filter */ /* create base filter */
$result = $this->dbh->query("INSERT INTO ttrss_filters2 $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title, inverse) VALUES (owner_uid, match_any_rule, enabled, title, inverse) VALUES
(".$_SESSION["uid"].",$match_any_rule,$enabled, '$title', $inverse)"); (?, ?, ?, ?, ?)");
$result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2 $sth->execute([$_SESSION['uid'], $match_any_rule, $enabled, $title, $inverse]);
WHERE owner_uid = ".$_SESSION["uid"]);
$filter_id = $this->dbh->fetch_result($result, 0, "id"); $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2
WHERE owner_uid = ?");
$sth->execute([$_SESSION['uid']]);
$this->saveRulesAndActions($filter_id); if ($row = $sth->fetch()) {
$filter_id = $row['id'];
$this->saveRulesAndActions($filter_id);
}
$this->dbh->query("COMMIT"); $this->pdo->commit();
} }
function index() { function index() {
$sort = $this->dbh->escape_string($_REQUEST["sort"]); $sort = $_REQUEST["sort"];
if (!$sort || $sort == "undefined") { if (!$sort || $sort == "undefined") {
$sort = "reg_exp"; $sort = "reg_exp";
} }
$filter_search = $this->dbh->escape_string($_REQUEST["search"]); $filter_search = $_REQUEST["search"];
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search; $_SESSION["prefs_filter_search"] = $filter_search;
@ -765,7 +782,7 @@ class Pref_Filters extends Handler_Protected {
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
$filter_search = $this->dbh->escape_string($_REQUEST["search"]); $filter_search = $_REQUEST["search"];
if (array_key_exists("search", $_REQUEST)) { if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search; $_SESSION["prefs_filter_search"] = $filter_search;
@ -960,21 +977,14 @@ class Pref_Filters extends Handler_Protected {
$inverse_checked = ""; $inverse_checked = "";
} }
/*if (strpos($feed_id, "CAT:") === 0) {
$feed_id = substr($feed_id, 4);
$cat_filter = true;
} else {
$cat_filter = false;
}*/
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>"; print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
$result = $this->dbh->query("SELECT id,description $res = $this->pdo->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array(); $filter_types = array();
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $res->fetch()) {
$filter_types[$line["id"]] = __($line["description"]); $filter_types[$line["id"]] = __($line["description"]);
} }
@ -1030,7 +1040,7 @@ class Pref_Filters extends Handler_Protected {
$action = json_decode($_REQUEST["action"], true); $action = json_decode($_REQUEST["action"], true);
if ($action) { if ($action) {
$action_param = $this->dbh->escape_string($action["action_param"]); $action_param = $action["action_param"];
$action_id = (int)$action["action_id"]; $action_id = (int)$action["action_id"];
} else { } else {
$action_param = ""; $action_param = "";
@ -1046,10 +1056,10 @@ class Pref_Filters extends Handler_Protected {
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">"; onchange=\"filterDlgCheckAction(this)\">";
$result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name"); ORDER BY name");
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $res->fetch()) {
$is_selected = ($line["id"] == $action_id) ? "selected='1'" : ""; $is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"])); printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
} }
@ -1121,60 +1131,72 @@ class Pref_Filters extends Handler_Protected {
private function getFilterName($id) { private function getFilterName($id) {
$result = $this->dbh->query( $sth = $this->pdo->prepare(
"SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions "SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
ON (r.filter_id = f.id) ON (r.filter_id = f.id)
LEFT JOIN ttrss_filters2_actions AS a LEFT JOIN ttrss_filters2_actions AS a
ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title, f.match_any_rule"); ON (a.filter_id = f.id) WHERE f.id = ? GROUP BY f.title, f.match_any_rule");
$sth->execute([$id]);
$title = $this->dbh->fetch_result($result, 0, "title"); if ($row = $sth->fetch()) {
$num_rules = $this->dbh->fetch_result($result, 0, "num_rules");
$num_actions = $this->dbh->fetch_result($result, 0, "num_actions");
$match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
if (!$title) $title = __("[No caption]"); $title = $row["title"];
$num_rules = $row["num_rules"];
$num_actions = $row["num_actions"];
$match_any_rule = sql_bool_to_bool($row["match_any_rule"]);
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules); if (!$title) $title = __("[No caption]");
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules);
$result = $this->dbh->query( $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
"SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1"); WHERE filter_id = ? ORDER BY id LIMIT 1");
$sth->execute([$id]);
$actions = ""; $actions = "";
if ($this->dbh->num_rows($result) > 0) { if ($line = $sth->fetch()) {
$line = $this->dbh->fetch_assoc($result); $actions = $this->getActionName($line);
$actions = $this->getActionName($line);
$num_actions -= 1; $num_actions -= 1;
}
if ($match_any_rule) $title .= " (" . __("matches any rule") . ")";
if ($num_actions > 0)
$actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
return [$title, $actions];
} }
if ($match_any_rule) $title .= " (" . __("matches any rule") . ")"; return [];
if ($num_actions > 0)
$actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions);
return array($title, $actions);
} }
function join() { function join() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(",", $_REQUEST["ids"]);
if (count($ids) > 1) { if (count($ids) > 1) {
$base_id = array_shift($ids); $base_id = array_shift($ids);
$ids_str = join(",", $ids); $ids_qmarks = arr_qmarks($ids);
$this->dbh->query("BEGIN"); $this->pdo->beginTransaction();
$this->dbh->query("UPDATE ttrss_filters2_rules
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
$this->dbh->query("UPDATE ttrss_filters2_actions
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
$this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)"); $sth = $this->pdo->prepare("UPDATE ttrss_filters2_rules
$this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'"); SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
$sth->execute(array_merge([$base_id], $ids));
$this->dbh->query("COMMIT"); $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions
SET filter_id = ? WHERE filter_id IN ($ids_qmarks)");
$sth->execute(array_merge([$base_id], $ids));
$sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)");
$sth->execute($ids);
$sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = ?");
$sth->execute([$base_id]);
$this->pdo->commit();
$this->optimizeFilter($base_id); $this->optimizeFilter($base_id);
@ -1182,14 +1204,17 @@ class Pref_Filters extends Handler_Protected {
} }
private function optimizeFilter($id) { private function optimizeFilter($id) {
$this->dbh->query("BEGIN");
$result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions $this->pdo->beginTransaction();
WHERE filter_id = '$id'");
$sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = ?");
$sth->execute([$id]);
$tmp = array(); $tmp = array();
$dupe_ids = array(); $dupe_ids = array();
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
$id = $line["id"]; $id = $line["id"];
unset($line["id"]); unset($line["id"]);
@ -1202,17 +1227,18 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) { if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids); $ids_str = join(",", $dupe_ids);
$this->dbh->query("DELETE FROM ttrss_filters2_actions
WHERE id IN ($ids_str)"); $this->pdo->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)");
} }
$result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$id'"); WHERE filter_id = ?");
$sth->execute([$id]);
$tmp = array(); $tmp = array();
$dupe_ids = array(); $dupe_ids = array();
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
$id = $line["id"]; $id = $line["id"];
unset($line["id"]); unset($line["id"]);
@ -1225,10 +1251,10 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) { if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids); $ids_str = join(",", $dupe_ids);
$this->dbh->query("DELETE FROM ttrss_filters2_rules
WHERE id IN ($ids_str)"); $this->pdo->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)");
} }
$this->dbh->query("COMMIT"); $this->pdo->commit();
} }
} }