diff options
Diffstat (limited to 'classes')
| -rw-r--r-- | classes/api.php | 160 | ||||
| -rw-r--r-- | classes/article.php | 23 | ||||
| -rw-r--r-- | classes/auth/base.php | 4 | ||||
| -rw-r--r-- | classes/backend.php | 22 | ||||
| -rw-r--r-- | classes/dlg.php | 16 | ||||
| -rw-r--r-- | classes/feeds.php | 125 | ||||
| -rw-r--r-- | classes/handler/public.php | 150 | ||||
| -rw-r--r-- | classes/opml.php | 43 | ||||
| -rw-r--r-- | classes/pluginhost.php | 12 | ||||
| -rw-r--r-- | classes/pref/feeds.php | 106 | ||||
| -rw-r--r-- | classes/pref/filters.php | 82 | ||||
| -rw-r--r-- | classes/pref/labels.php | 34 | ||||
| -rw-r--r-- | classes/pref/prefs.php | 55 | ||||
| -rw-r--r-- | classes/pref/users.php | 72 | ||||
| -rw-r--r-- | classes/rpc.php | 169 | ||||
| -rw-r--r-- | classes/ttrssmailer.php | 64 |
16 files changed, 731 insertions, 406 deletions
diff --git a/classes/api.php b/classes/api.php index a23f20ae2..ba0eebb36 100644 --- a/classes/api.php +++ b/classes/api.php @@ -2,7 +2,7 @@ class API extends Handler { - const API_LEVEL = 4; + const API_LEVEL = 5; const STATUS_OK = 0; const STATUS_ERR = 1; @@ -47,7 +47,7 @@ class API extends Handler { } function login() { - $login = db_escape_string($_REQUEST["user"]); + $login = db_escape_string($this->link, $_REQUEST["user"]); $password = $_REQUEST["password"]; $password_base64 = base64_decode($_REQUEST["password"]); @@ -92,8 +92,8 @@ class API extends Handler { } function getUnread() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); - $is_cat = db_escape_string($_REQUEST["is_cat"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); + $is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]); if ($feed_id) { print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($this->link, $feed_id, $is_cat))); @@ -108,11 +108,11 @@ class API extends Handler { } function getFeeds() { - $cat_id = db_escape_string($_REQUEST["cat_id"]); - $unread_only = (bool)db_escape_string($_REQUEST["unread_only"]); - $limit = (int) db_escape_string($_REQUEST["limit"]); - $offset = (int) db_escape_string($_REQUEST["offset"]); - $include_nested = (bool)db_escape_string($_REQUEST["include_nested"]); + $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); + $unread_only = sql_bool_to_bool($_REQUEST["unread_only"]); + $limit = (int) db_escape_string($this->link, $_REQUEST["limit"]); + $offset = (int) db_escape_string($this->link, $_REQUEST["offset"]); + $include_nested = sql_bool_to_bool($_REQUEST["include_nested"]); $feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested); @@ -120,8 +120,8 @@ class API extends Handler { } function getCategories() { - $unread_only = (bool)db_escape_string($_REQUEST["unread_only"]); - $enable_nested = (bool)db_escape_string($_REQUEST["enable_nested"]); + $unread_only = sql_bool_to_bool($_REQUEST["unread_only"]); + $enable_nested = sql_bool_to_bool($_REQUEST["enable_nested"]); // TODO do not return empty categories, return Uncategorized and standard virtual cats @@ -133,7 +133,10 @@ class API extends Handler { $result = db_query($this->link, "SELECT id, title, order_id, (SELECT COUNT(id) FROM ttrss_feeds WHERE - ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds + ttrss_feed_categories.id IS NOT NULL AND cat_id = ttrss_feed_categories.id) AS num_feeds, + (SELECT COUNT(id) FROM + ttrss_feed_categories AS c2 WHERE + c2.parent_cat = ttrss_feed_categories.id) AS num_cats FROM ttrss_feed_categories WHERE $nested_qpart AND owner_uid = " . $_SESSION["uid"]); @@ -141,7 +144,7 @@ class API extends Handler { $cats = array(); while ($line = db_fetch_assoc($result)) { - if ($line["num_feeds"] > 0) { + if ($line["num_feeds"] > 0 || $line["num_cats"] > 0) { $unread = getFeedUnread($this->link, $line["id"], true); if ($enable_nested) @@ -171,34 +174,33 @@ class API extends Handler { } function getHeadlines() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); if ($feed_id != "") { - $limit = (int)db_escape_string($_REQUEST["limit"]); + $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]); if (!$limit || $limit >= 60) $limit = 60; - $offset = (int)db_escape_string($_REQUEST["skip"]); - $filter = db_escape_string($_REQUEST["filter"]); - $is_cat = (bool)db_escape_string($_REQUEST["is_cat"]); - $show_excerpt = (bool)db_escape_string($_REQUEST["show_excerpt"]); - $show_content = (bool)db_escape_string($_REQUEST["show_content"]); + $offset = (int)db_escape_string($this->link, $_REQUEST["skip"]); + $filter = db_escape_string($this->link, $_REQUEST["filter"]); + $is_cat = sql_bool_to_bool($_REQUEST["is_cat"]); + $show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]); + $show_content = sql_bool_to_bool($_REQUEST["show_content"]); /* all_articles, unread, adaptive, marked, updated */ - $view_mode = db_escape_string($_REQUEST["view_mode"]); - $include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]); - $since_id = (int)db_escape_string($_REQUEST["since_id"]); - $include_nested = (bool)db_escape_string($_REQUEST["include_nested"]); + $view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]); + $include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]); + $since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]); + $include_nested = sql_bool_to_bool($_REQUEST["include_nested"]); $sanitize_content = true; /* do not rely on params below */ - $search = db_escape_string($_REQUEST["search"]); - $search_mode = db_escape_string($_REQUEST["search_mode"]); - $match_on = db_escape_string($_REQUEST["match_on"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); + $search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]); $headlines = $this->api_get_headlines($this->link, $feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, false, - $include_attachments, $since_id, $search, $search_mode, $match_on, + $include_attachments, $since_id, $search, $search_mode, $include_nested, $sanitize_content); print $this->wrap(self::STATUS_OK, $headlines); @@ -208,10 +210,10 @@ class API extends Handler { } function updateArticle() { - $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); - $mode = (int) db_escape_string($_REQUEST["mode"]); - $data = db_escape_string($_REQUEST["data"]); - $field_raw = (int)db_escape_string($_REQUEST["field"]); + $article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric); + $mode = (int) db_escape_string($this->link, $_REQUEST["mode"]); + $data = db_escape_string($this->link, $_REQUEST["data"]); + $field_raw = (int)db_escape_string($this->link, $_REQUEST["field"]); $field = ""; $set_to = ""; @@ -219,12 +221,15 @@ class API extends Handler { switch ($field_raw) { case 0: $field = "marked"; + $additional_fields = ",last_marked = NOW()"; break; case 1: $field = "published"; + $additional_fields = ",last_published = NOW()"; break; case 2: $field = "unread"; + $additional_fields = ",last_read = NOW()"; break; case 3: $field = "note"; @@ -248,14 +253,7 @@ class API extends Handler { $article_ids = join(", ", $article_ids); - if ($field == "unread") { - $result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to, - last_read = NOW() - WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]); - } else { - $result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to - WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]); - } + $result = db_query($this->link, "UPDATE ttrss_user_entries SET $field = $set_to $additional_fields WHERE ref_id IN ($article_ids) AND owner_uid = " . $_SESSION["uid"]); $num_updated = db_affected_rows($this->link, $result); @@ -268,6 +266,17 @@ class API extends Handler { } } + if ($num_updated > 0 && $field == "published") { + if (PUBSUBHUBBUB_HUB) { + $rss_link = get_self_url_prefix() . + "/public.php?op=rss&id=-2&key=" . + get_feed_access_key($this->link, -2, false); + + $p = new Publisher(PUBSUBHUBBUB_HUB); + $pubsub_result = $p->publish_update($rss_link); + } + } + print $this->wrap(self::STATUS_OK, array("status" => "OK", "updated" => $num_updated)); @@ -279,7 +288,7 @@ class API extends Handler { function getArticle() { - $article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric)); + $article_id = join(",", array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_id"])), is_numeric)); $query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id, marked,unread,published, @@ -342,7 +351,9 @@ class API extends Handler { } function updateFeed() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); + require_once "include/rssfuncs.php"; + + $feed_id = (int) db_escape_string($this->link, $_REQUEST["feed_id"]); update_rss_feed($this->link, $feed_id, true); @@ -350,8 +361,8 @@ class API extends Handler { } function catchupFeed() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); - $is_cat = db_escape_string($_REQUEST["is_cat"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); + $is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]); catchup_feed($this->link, $feed_id, $is_cat); @@ -359,13 +370,13 @@ class API extends Handler { } function getPref() { - $pref_name = db_escape_string($_REQUEST["pref_name"]); + $pref_name = db_escape_string($this->link, $_REQUEST["pref_name"]); print $this->wrap(self::STATUS_OK, array("value" => get_pref($this->link, $pref_name))); } function getLabels() { - //$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); + //$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric); $article_id = (int)$_REQUEST['article_id']; @@ -403,11 +414,11 @@ class API extends Handler { function setArticleLabel() { - $article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric); - $label_id = (int) db_escape_string($_REQUEST['label_id']); - $assign = (bool) db_escape_string($_REQUEST['assign']) == "true"; + $article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric); + $label_id = (int) db_escape_string($this->link, $_REQUEST['label_id']); + $assign = (bool) db_escape_string($this->link, $_REQUEST['assign']) == "true"; - $label = db_escape_string(label_find_caption($this->link, + $label = db_escape_string($this->link, label_find_caption($this->link, $label_id, $_SESSION["uid"])); $num_updated = 0; @@ -436,9 +447,9 @@ class API extends Handler { } function shareToPublished() { - $title = db_escape_string(strip_tags($_REQUEST["title"])); - $url = db_escape_string(strip_tags($_REQUEST["url"])); - $content = db_escape_string(strip_tags($_REQUEST["content"])); + $title = db_escape_string($this->link, strip_tags($_REQUEST["title"])); + $url = db_escape_string($this->link, strip_tags($_REQUEST["url"])); + $content = db_escape_string($this->link, strip_tags($_REQUEST["content"])); if (Article::create_published_article($this->link, $title, $url, $content, "", $_SESSION["uid"])) { print $this->wrap(self::STATUS_OK, array("status" => 'OK')); @@ -577,11 +588,11 @@ class API extends Handler { static function api_get_headlines($link, $feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order, $include_attachments, $since_id, - $search = "", $search_mode = "", $match_on = "", + $search = "", $search_mode = "", $include_nested = false, $sanitize_content = true) { $qfh_ret = queryFeedHeadlines($link, $feed_id, $limit, - $view_mode, $is_cat, $search, $search_mode, $match_on, + $view_mode, $is_cat, $search, $search_mode, $order, $offset, 0, false, $since_id, $include_nested); $result = $qfh_ret[0]; @@ -629,7 +640,9 @@ class API extends Handler { if ($sanitize_content) { $headline_row["content"] = sanitize($link, - $line["content_preview"], false, false, $line["site_url"]); + $line["content_preview"], + sql_bool_to_bool($line['hide_images']), + false, $line["site_url"]); } else { $headline_row["content"] = $line["content_preview"]; } @@ -647,12 +660,47 @@ class API extends Handler { $headline_row["always_display_attachments"] = sql_bool_to_bool($line["always_display_enclosures"]); + global $pluginhost; + foreach ($pluginhost->get_hooks($pluginhost::HOOK_RENDER_ARTICLE_API) as $p) { + $headline_row = $p->hook_render_article_api($headline_row); + } + array_push($headlines, $headline_row); } return $headlines; } + function unsubscribeFeed() { + $feed_id = (int) db_escape_string($this->link, $_REQUEST["feed_id"]); + + $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE + id = '$feed_id' AND owner_uid = ".$_SESSION["uid"]); + + if (db_num_rows($result) != 0) { + Pref_Feeds::remove_feed($this->link, $feed_id, $_SESSION["uid"]); + print $this->wrap(self::STATUS_OK, array("status" => "OK")); + } else { + print $this->wrap(self::STATUS_ERR, array("error" => "FEED_NOT_FOUND")); + } + } + + function subscribeToFeed() { + $feed_url = db_escape_string($this->link, $_REQUEST["feed_url"]); + $category_id = (int) db_escape_string($this->link, $_REQUEST["category_id"]); + $login = db_escape_string($this->link, $_REQUEST["login"]); + $password = db_escape_string($this->link, $_REQUEST["password"]); + + if ($feed_url) { + $rc = subscribe_to_feed($this->link, $feed_url, $category_id, + $login, $password, false); + + print $this->wrap(self::STATUS_OK, array("status" => $rc)); + } else { + print $this->wrap(self::STATUS_ERR, array("error" => 'INCORRECT_USAGE')); + } + } + } ?> diff --git a/classes/article.php b/classes/article.php index 2f49b1827..b10766bf5 100644 --- a/classes/article.php +++ b/classes/article.php @@ -8,7 +8,7 @@ class Article extends Handler_Protected { } function redirect() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT link FROM ttrss_entries, ttrss_user_entries WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."' @@ -27,10 +27,10 @@ class Article extends Handler_Protected { } function view() { - $id = db_escape_string($_REQUEST["id"]); - $cids = explode(",", db_escape_string($_REQUEST["cids"])); - $mode = db_escape_string($_REQUEST["mode"]); - $omode = db_escape_string($_REQUEST["omode"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $cids = explode(",", db_escape_string($this->link, $_REQUEST["cids"])); + $mode = db_escape_string($this->link, $_REQUEST["mode"]); + $omode = db_escape_string($this->link, $_REQUEST["omode"]); // in prefetch mode we only output requested cids, main article // just gets marked as read (it already exists in client cache) @@ -122,14 +122,16 @@ class Article extends Handler_Protected { db_query($link, "UPDATE ttrss_entries SET content = '$content', content_hash = '$content_hash' WHERE id = '$ref_id'"); - db_query($link, "UPDATE ttrss_user_entries SET published = true WHERE + db_query($link, "UPDATE ttrss_user_entries SET published = true, + last_published = NOW() WHERE int_id = '$int_id' AND owner_uid = '$owner_uid'"); } else { db_query($link, "INSERT INTO ttrss_user_entries - (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache, last_read, note, unread) + (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache, + last_read, note, unread, last_published) VALUES - ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false)"); + ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())"); } if (count($labels) != 0) { @@ -152,9 +154,10 @@ class Article extends Handler_Protected { $ref_id = db_fetch_result($result, 0, "id"); db_query($link, "INSERT INTO ttrss_user_entries - (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache, last_read, note, unread) + (ref_id, uuid, feed_id, orig_feed_id, owner_uid, published, tag_cache, label_cache, + last_read, note, unread, last_published) VALUES - ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false)"); + ('$ref_id', '', NULL, NULL, $owner_uid, true, '', '', NOW(), '', false, NOW())"); if (count($labels) != 0) { foreach ($labels as $label) { diff --git a/classes/auth/base.php b/classes/auth/base.php index aa9d657a4..ad7ff3646 100644 --- a/classes/auth/base.php +++ b/classes/auth/base.php @@ -21,7 +21,7 @@ class Auth_Base { $user_id = $this->find_user_by_login($login); if (!$user_id) { - $login = db_escape_string($login); + $login = db_escape_string($this->link, $login); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($password, $salt, true); @@ -42,7 +42,7 @@ class Auth_Base { } function find_user_by_login($login) { - $login = db_escape_string($login); + $login = db_escape_string($this->link, $login); $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); diff --git a/classes/backend.php b/classes/backend.php index 5473c5c79..7848b0714 100644 --- a/classes/backend.php +++ b/classes/backend.php @@ -45,6 +45,28 @@ class Backend extends Handler { $sequence = substr($sequence, strpos($sequence, "|")+1, strlen($sequence)); + } else { + $keys = explode(" ", $sequence); + + for ($i = 0; $i < count($keys); $i++) { + if (strlen($keys[$i]) > 1) { + $tmp = ''; + foreach (str_split($keys[$i]) as $c) { + switch ($c) { + case '*': + $tmp .= __('Shift') . '+'; + break; + case '^': + $tmp .= __('Ctrl') . '+'; + break; + default: + $tmp .= $c; + } + } + $keys[$i] = $tmp; + } + } + $sequence = join(" ", $keys); } print "<li>"; diff --git a/classes/dlg.php b/classes/dlg.php index 74eb9f633..23b9c78fa 100644 --- a/classes/dlg.php +++ b/classes/dlg.php @@ -5,7 +5,7 @@ class Dlg extends Handler_Protected { function before($method) { if (parent::before($method)) { header("Content-Type: text/xml; charset=utf-8"); - $this->param = db_escape_string($_REQUEST["param"]); + $this->param = db_escape_string($this->link, $_REQUEST["param"]); print "<dlg>"; return true; } @@ -236,8 +236,7 @@ class Dlg extends Handler_Protected { print "<div style='float : right'> <img style='display : none' - id='feed_add_spinner' src='". - theme_image($this->link, 'images/indicator_white.gif')."'></div>"; + id='feed_add_spinner' src='images/indicator_white.gif'></div>"; print "<input style=\"font-size : 16px; width : 20em;\" placeHolder=\"".__("Feed or site URL")."\" @@ -303,7 +302,7 @@ class Dlg extends Handler_Protected { function feedBrowser() { if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; - $browser_search = db_escape_string($_REQUEST["search"]); + $browser_search = db_escape_string($this->link, $_REQUEST["search"]); print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">"; @@ -311,8 +310,7 @@ class Dlg extends Handler_Protected { print "<div dojoType=\"dijit.Toolbar\"> <div style='float : right'> <img style='display : none' - id='feed_browser_spinner' src='". - theme_image($this->link, 'images/indicator_white.gif')."'> + id='feed_browser_spinner' src='images/indicator_white.gif'> <input name=\"search\" dojoType=\"dijit.form.TextBox\" size=\"20\" type=\"search\" onchange=\"dijit.byId('feedBrowserDlg').update()\" value=\"$browser_search\"> <button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('feedBrowserDlg').update()\">".__('Search')."</button> @@ -352,7 +350,7 @@ class Dlg extends Handler_Protected { } function search() { - $this->params = explode(":", db_escape_string($_REQUEST["param"]), 2); + $this->params = explode(":", db_escape_string($this->link, $_REQUEST["param"]), 2); $active_feed_id = sprintf("%d", $this->params[0]); $is_cat = $this->params[1] != "false"; @@ -552,7 +550,7 @@ class Dlg extends Handler_Protected { print "<content><![CDATA["; $this->params = explode(":", $this->param, 3); - $feed_id = db_escape_string($this->params[0]); + $feed_id = db_escape_string($this->link, $this->params[0]); $is_cat = (bool) $this->params[1]; $key = get_feed_access_key($this->link, $feed_id, $is_cat); @@ -600,7 +598,7 @@ class Dlg extends Handler_Protected { print "<div style='text-align : center'>"; print "<button dojoType=\"dijit.form.Button\" - onclick=\"return window.open('$details')\">".__("Details")."</button>"; + onclick=\"return window.open('$details')\">".__("See the release notes")."</button>"; print "<button dojoType=\"dijit.form.Button\" onclick=\"return window.open('$download')\">".__("Download")."</button>"; print "<button dojoType=\"dijit.form.Button\" diff --git a/classes/feeds.php b/classes/feeds.php index e96aaba30..89ebd4a0a 100644 --- a/classes/feeds.php +++ b/classes/feeds.php @@ -22,7 +22,7 @@ class Feeds extends Handler_Protected { } private function format_headline_subtoolbar($feed_site_url, $feed_title, - $feed_id, $is_cat, $search, $match_on, + $feed_id, $is_cat, $search, $search_mode, $view_mode, $error) { $page_prev_link = "viewFeedGoPage(-1)"; @@ -50,7 +50,7 @@ class Feeds extends Handler_Protected { if ($is_cat) $cat_q = "&is_cat=$is_cat"; if ($search) { - $search_q = "&q=$search&m=$match_on&smode=$search_mode"; + $search_q = "&q=$search&smode=$search_mode"; } else { $search_q = ""; } @@ -126,6 +126,11 @@ class Feeds extends Handler_Protected { "</option>"; } + if ($pluginhost->get_plugin("mailto")) { + $reply .= "<option value=\"mailtoArticle(false)\">".__('Forward by email'). + "</option>"; + } + $reply .= "<option value=\"0\" disabled=\"1\">".__('Feed:')."</option>"; $reply .= "<option value=\"catchupPage()\">".__('Mark as read')."</option>"; @@ -197,14 +202,13 @@ class Feeds extends Handler_Protected { } } - @$search = db_escape_string($_REQUEST["query"]); + @$search = db_escape_string($this->link, $_REQUEST["query"]); if ($search) { $disable_cache = true; } - @$search_mode = db_escape_string($_REQUEST["search_mode"]); - $match_on = "both"; // deprecated, TODO: remove + @$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info); @@ -214,7 +218,7 @@ class Feeds extends Handler_Protected { } // error_log("search_mode: " . $search_mode); $qfh_ret = queryFeedHeadlines($this->link, $feed, $limit, $view_mode, $cat_view, - $search, $search_mode, $match_on, $override_order, $offset, 0, + $search, $search_mode, $override_order, $offset, 0, false, 0, $include_children); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H1", $timing_info); @@ -228,7 +232,7 @@ class Feeds extends Handler_Protected { $reply['toolbar'] = $this->format_headline_subtoolbar($feed_site_url, $feed_title, - $feed, $cat_view, $search, $match_on, $search_mode, $view_mode, + $feed, $cat_view, $search, $search_mode, $view_mode, $last_error); $headlines_count = db_num_rows($result); @@ -258,6 +262,8 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("PS", $timing_info); + $expand_cdm = get_pref($this->link, 'CDM_EXPANDED'); + while ($line = db_fetch_assoc($result)) { $class = ($lnum % 2) ? "even" : "odd"; @@ -314,24 +320,22 @@ class Feeds extends Handler_Protected { if ($line["marked"] == "t" || $line["marked"] == "1") { $marked_pic = "<img id=\"FMPIC-$id\" - src=\"".theme_image($this->link, 'images/mark_set.svg')."\" + src=\"images/mark_set.svg\" class=\"markedPic\" alt=\"Unstar article\" onclick='javascript:toggleMark($id)'>"; } else { $marked_pic = "<img id=\"FMPIC-$id\" - src=\"".theme_image($this->link, 'images/mark_unset.svg')."\" + src=\"images/mark_unset.svg\" class=\"markedPic\" alt=\"Star article\" onclick='javascript:toggleMark($id)'>"; } if ($line["published"] == "t" || $line["published"] == "1") { - $published_pic = "<img id=\"FPPIC-$id\" src=\"".theme_image($this->link, - 'images/pub_set.svg')."\" + $published_pic = "<img id=\"FPPIC-$id\" src=\"images/pub_set.svg\" class=\"markedPic\" alt=\"Unpublish article\" onclick='javascript:togglePub($id)'>"; } else { - $published_pic = "<img id=\"FPPIC-$id\" src=\"".theme_image($this->link, - 'images/pub_unset.svg')."\" + $published_pic = "<img id=\"FPPIC-$id\" src=\"images/pub_unset.svg\" class=\"markedPic\" alt=\"Publish article\" onclick='javascript:togglePub($id)'>"; } @@ -356,8 +360,7 @@ class Feeds extends Handler_Protected { $score = $line["score"]; - $score_pic = theme_image($this->link, - "images/" . get_score_pic($score)); + $score_pic = "images/" . get_score_pic($score); /* $score_title = __("(Click to change)"); $score_pic = "<img class='hlScorePic' src=\"images/$score_pic\" @@ -388,6 +391,8 @@ class Feeds extends Handler_Protected { $feed_icon_img = "<img class=\"tinyFeedIcon\" src=\"images/pub_set.svg\" alt=\"\">"; } + $entry_site_url = $line["site_url"]; + if (!get_pref($this->link, 'COMBINED_DISPLAY_MODE')) { if (get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { @@ -398,17 +403,17 @@ class Feeds extends Handler_Protected { $cur_feed_title = htmlspecialchars($cur_feed_title); - $vf_catchup_link = "(<a onclick='catchupFeedInGroup($feed_id);' href='#'>".__('mark as read')."</a>)"; + $vf_catchup_link = "(<a class='catchup' onclick='catchupFeedInGroup($feed_id);' href='#'>".__('Mark as read')."</a>)"; $reply['content'] .= "<div class='cdmFeedTitle'>". "<div style=\"float : right\">$feed_icon_img</div>". - "<a href=\"#\" onclick=\"viewfeed($feed_id)\">". + "<a class='title' href=\"#\" onclick=\"viewfeed($feed_id)\">". $line["feed_title"]."</a> $vf_catchup_link</div>"; } } - $mouseover_attrs = "onmouseover='postMouseIn($id)' + $mouseover_attrs = "onmouseover='postMouseIn(event, $id)' onmouseout='postMouseOut($id)'"; $reply['content'] .= "<div class='$class' id='RROW-$id' $label_row_style $mouseover_attrs>"; @@ -445,12 +450,14 @@ class Feeds extends Handler_Protected { $reply['content'] .= "<span class=\"hlUpdated\">"; - if (@$line["feed_title"]) { - $reply['content'] .= "<span class=\"hlFeed\"> + if (!get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { + if (@$line["feed_title"]) { + $reply['content'] .= "<div class=\"hlFeed\"> <a href=\"#\" onclick=\"viewfeed($feed_id)\">". - $line["feed_title"]."</a><br/> - </span>"; + $line["feed_title"]."</a> + </div>"; } + } $reply['content'] .= "$updated_fmt</span>"; $reply['content'] .= "<div class=\"hlRight\">"; @@ -474,7 +481,7 @@ class Feeds extends Handler_Protected { unset($line["tag_cache"]); $line["content"] = sanitize($this->link, $line["content_preview"], - false, false, $feed_site_url); + sql_bool_to_bool($line['hide_images']), false, $entry_site_url); foreach ($pluginhost->get_hooks($pluginhost::HOOK_RENDER_ARTICLE_CDM) as $p) { $line = $p->hook_render_article_cdm($line); @@ -488,7 +495,7 @@ class Feeds extends Handler_Protected { $cur_feed_title = htmlspecialchars($cur_feed_title); - $vf_catchup_link = "(<a onclick='javascript:catchupFeedInGroup($feed_id);' href='#'>".__('mark as read')."</a>)"; + $vf_catchup_link = "(<a class='catchup' onclick='javascript:catchupFeedInGroup($feed_id);' href='#'>".__('mark as read')."</a>)"; $has_feed_icon = feed_has_icon($feed_id); @@ -500,17 +507,17 @@ class Feeds extends Handler_Protected { $reply['content'] .= "<div class='cdmFeedTitle'>". "<div style=\"float : right\">$feed_icon_img</div>". - "<a href=\"#\" onclick=\"viewfeed($feed_id)\">". + "<a href=\"#\" class='title' onclick=\"viewfeed($feed_id)\">". $line["feed_title"]."</a> $vf_catchup_link</div>"; } } - $expand_cdm = get_pref($this->link, 'CDM_EXPANDED'); - - $mouseover_attrs = "onmouseover='postMouseIn($id)' + $mouseover_attrs = "onmouseover='postMouseIn(event, $id)' onmouseout='postMouseOut($id)'"; - $reply['content'] .= "<div class=\"cdm $class\" + $expanded_class = $expand_cdm ? "expanded" : ""; + + $reply['content'] .= "<div class=\"cdm $expanded_class $class\" id=\"RROW-$id\" $mouseover_attrs'>"; $reply['content'] .= "<div class=\"cdmHeader\">"; @@ -526,21 +533,21 @@ class Feeds extends Handler_Protected { $reply['content'] .= "</div>"; - $reply['content'] .= "<div id=\"PTITLE-FULL-$id\" style=\"display : none\">" . - htmlspecialchars(strip_tags($line['title'])) . "</div>"; - $reply['content'] .= "<span id=\"RTITLE-$id\" onclick=\"return cdmClicked(event, $id);\" class=\"titleWrap$hlc_suffix\"> <a class=\"title\" - title=\"".htmlspecialchars($line['title'])."\" target=\"_blank\" href=\"". htmlspecialchars($line["link"])."\">". $line["title"] . - " $entry_author</a>"; + " <span class=\"author\">$entry_author</span></a>"; $reply['content'] .= $labels_str; + $reply['content'] .= "<span class='collapseBtn' style='display : none'> + <img src=\"images/collapse.png\" onclick=\"cdmCollapseArticle(event, $id)\" + title=\"".__("Collapse article")."\"/></span>"; + if (!$expand_cdm) $content_hidden = "style=\"display : none\""; else @@ -548,7 +555,6 @@ class Feeds extends Handler_Protected { $reply['content'] .= "<span $excerpt_hidden id=\"CEXC-$id\" class=\"cdmExcerpt\"> - $content_preview</span>"; - $reply['content'] .= "</span>"; if (!get_pref($this->link, 'VFEED_GROUP_BY_FEED')) { @@ -614,24 +620,22 @@ class Feeds extends Handler_Protected { } } - $feed_site_url = $line["site_url"]; - $reply['content'] .= "<span id=\"CWRAP-$id\">"; - $reply['content'] .= $line["content"]; - $reply['content'] .= "</span>"; -/* $tmp_result = db_query($this->link, "SELECT always_display_enclosures FROM - ttrss_feeds WHERE id = ". - (($line['feed_id'] == null) ? $line['orig_feed_id'] : - $line['feed_id'])." AND owner_uid = ".$_SESSION["uid"]); +// if (!$expand_cdm) { + $reply['content'] .= "<span id=\"CENCW-$id\" style=\"display : none\">"; + $reply['content'] .= htmlspecialchars($line["content"]); + $reply['content'] .= "</span."; - $always_display_enclosures = sql_bool_to_bool(db_fetch_result($tmp_result, - 0, "always_display_enclosures")); */ +// } else { +// $reply['content'] .= $line["content"]; +// } + + $reply['content'] .= "</span>"; $always_display_enclosures = sql_bool_to_bool($line["always_display_enclosures"]); - $reply['content'] .= format_article_enclosures($this->link, $id, $always_display_enclosures, - $line["content"]); + $reply['content'] .= format_article_enclosures($this->link, $id, $always_display_enclosures, $line["content"], sql_bool_to_bool($line["hide_images"])); $reply['content'] .= "</div>"; @@ -639,8 +643,7 @@ class Feeds extends Handler_Protected { $tags_str = format_tags_string($line["tags"], $id); - $reply['content'] .= "<img src='".theme_image($this->link, - 'images/tag.png')."' alt='Tags' title='Tags'> + $reply['content'] .= "<img src='images/tag.png' alt='Tags' title='Tags'> <span id=\"ATSTR-$id\">$tags_str</span> <a title=\"".__('Edit tags for this article')."\" href=\"#\" onclick=\"editArticleTags($id, $feed_id, true)\">(+)</a>"; @@ -750,17 +753,17 @@ class Feeds extends Handler_Protected { if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); - $omode = db_escape_string($_REQUEST["omode"]); + $omode = db_escape_string($this->link, $_REQUEST["omode"]); - $feed = db_escape_string($_REQUEST["feed"]); - $method = db_escape_string($_REQUEST["m"]); - $view_mode = db_escape_string($_REQUEST["view_mode"]); + $feed = db_escape_string($this->link, $_REQUEST["feed"]); + $method = db_escape_string($this->link, $_REQUEST["m"]); + $view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]); $limit = (int) get_pref($this->link, "DEFAULT_ARTICLE_LIMIT"); @$cat_view = $_REQUEST["cat"] == "true"; - @$next_unread_feed = db_escape_string($_REQUEST["nuf"]); - @$offset = db_escape_string($_REQUEST["skip"]); - @$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); - $order_by = db_escape_string($_REQUEST["order_by"]); + @$next_unread_feed = db_escape_string($this->link, $_REQUEST["nuf"]); + @$offset = db_escape_string($this->link, $_REQUEST["skip"]); + @$vgroup_last_feed = db_escape_string($this->link, $_REQUEST["vgrlf"]); + $order_by = db_escape_string($this->link, $_REQUEST["order_by"]); if (is_numeric($feed)) $feed = (int) $feed; @@ -802,6 +805,13 @@ class Feeds extends Handler_Protected { set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit); set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by); + /* bump login timestamp if needed */ + if (time() - $_SESSION["last_login_update"] > 3600) { + db_query($this->link, "UPDATE ttrss_users SET last_login = NOW() WHERE id = " . + $_SESSION["uid"]); + $_SESSION["last_login_update"] = time(); + } + if (!$cat_view && is_numeric($feed) && $feed > 0) { db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW() WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]); @@ -935,6 +945,5 @@ class Feeds extends Handler_Protected { return $reply; } - } ?> diff --git a/classes/handler/public.php b/classes/handler/public.php index 4a9b0c48e..53051a1f8 100644 --- a/classes/handler/public.php +++ b/classes/handler/public.php @@ -2,7 +2,7 @@ class Handler_Public extends Handler { private function generate_syndicated_feed($owner_uid, $feed, $is_cat, - $limit, $offset, $search, $search_mode, $match_on, + $limit, $offset, $search, $search_mode, $view_mode = false, $format = 'atom') { require_once "lib/MiniTemplator.class.php"; @@ -21,11 +21,13 @@ class Handler_Public extends Handler { } if ($feed == -2) - $date_sort_field = "last_read"; + $date_sort_field = "last_published"; + else if ($feed == -1) + $date_sort_field = "last_marked"; $qfh_ret = queryFeedHeadlines($this->link, $feed, $limit, $view_mode, $is_cat, $search, $search_mode, - $match_on, "$date_sort_field DESC", $offset, $owner_uid, + "$date_sort_field DESC", $offset, $owner_uid, false, 0, false, true); $result = $qfh_ret[0]; @@ -180,7 +182,7 @@ class Handler_Public extends Handler { } function getUnread() { - $login = db_escape_string($_REQUEST["login"]); + $login = db_escape_string($this->link, $_REQUEST["login"]); $fresh = $_REQUEST["fresh"] == "1"; $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'"); @@ -202,7 +204,7 @@ class Handler_Public extends Handler { } function getProfiles() { - $login = db_escape_string($_REQUEST["login"]); + $login = db_escape_string($this->link, $_REQUEST["login"]); $result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles,ttrss_users WHERE ttrss_users.id = ttrss_settings_profiles.owner_uid AND login = '$login' ORDER BY title"); @@ -222,9 +224,9 @@ class Handler_Public extends Handler { } function pubsub() { - $mode = db_escape_string($_REQUEST['hub_mode']); - $feed_id = (int) db_escape_string($_REQUEST['id']); - $feed_url = db_escape_string($_REQUEST['hub_topic']); + $mode = db_escape_string($this->link, $_REQUEST['hub_mode']); + $feed_id = (int) db_escape_string($this->link, $_REQUEST['id']); + $feed_url = db_escape_string($this->link, $_REQUEST['hub_topic']); if (!PUBSUBHUBBUB_ENABLED) { header('HTTP/1.0 404 Not Found'); @@ -285,7 +287,7 @@ class Handler_Public extends Handler { } function share() { - $uuid = db_escape_string($_REQUEST["key"]); + $uuid = db_escape_string($this->link, $_REQUEST["key"]); $result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE uuid = '$uuid'"); @@ -307,18 +309,17 @@ class Handler_Public extends Handler { } function rss() { - $feed = db_escape_string($_REQUEST["id"]); - $key = db_escape_string($_REQUEST["key"]); + $feed = db_escape_string($this->link, $_REQUEST["id"]); + $key = db_escape_string($this->link, $_REQUEST["key"]); $is_cat = $_REQUEST["is_cat"] != false; - $limit = (int)db_escape_string($_REQUEST["limit"]); - $offset = (int)db_escape_string($_REQUEST["offset"]); + $limit = (int)db_escape_string($this->link, $_REQUEST["limit"]); + $offset = (int)db_escape_string($this->link, $_REQUEST["offset"]); - $search = db_escape_string($_REQUEST["q"]); - $match_on = db_escape_string($_REQUEST["m"]); - $search_mode = db_escape_string($_REQUEST["smode"]); - $view_mode = db_escape_string($_REQUEST["view-mode"]); + $search = db_escape_string($this->link, $_REQUEST["q"]); + $search_mode = db_escape_string($this->link, $_REQUEST["smode"]); + $view_mode = db_escape_string($this->link, $_REQUEST["view-mode"]); - $format = db_escape_string($_REQUEST['format']); + $format = db_escape_string($this->link, $_REQUEST['format']); if (!$format) $format = 'atom'; @@ -338,7 +339,7 @@ class Handler_Public extends Handler { if ($owner_id) { $this->generate_syndicated_feed($owner_id, $feed, $is_cat, $limit, - $offset, $search, $search_mode, $match_on, $view_mode, $format); + $offset, $search, $search_mode, $view_mode, $format); } else { header('HTTP/1.1 403 Forbidden'); } @@ -372,10 +373,10 @@ class Handler_Public extends Handler { if ($action == 'share') { - $title = db_escape_string(strip_tags($_REQUEST["title"])); - $url = db_escape_string(strip_tags($_REQUEST["url"])); - $content = db_escape_string(strip_tags($_REQUEST["content"])); - $labels = db_escape_string(strip_tags($_REQUEST["labels"])); + $title = db_escape_string($this->link, strip_tags($_REQUEST["title"])); + $url = db_escape_string($this->link, strip_tags($_REQUEST["url"])); + $content = db_escape_string($this->link, strip_tags($_REQUEST["content"])); + $labels = db_escape_string($this->link, strip_tags($_REQUEST["labels"])); Article::create_published_article($this->link, $title, $url, $content, $labels, $_SESSION["uid"]); @@ -484,7 +485,7 @@ class Handler_Public extends Handler { if (!SINGLE_USER_MODE) { - $login = db_escape_string($_POST["login"]); + $login = db_escape_string($this->link, $_POST["login"]); $password = $_POST["password"]; $remember_me = $_POST["remember_me"]; @@ -497,7 +498,7 @@ class Handler_Public extends Handler { if ($_POST["profile"]) { - $profile = db_escape_string($_POST["profile"]); + $profile = db_escape_string($this->link, $_POST["profile"]); $result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles WHERE id = '$profile' AND owner_uid = " . $_SESSION["uid"]); @@ -526,7 +527,7 @@ class Handler_Public extends Handler { if ($_SESSION["uid"]) { - $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); + $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"])); header('Content-Type: text/html; charset=utf-8'); print "<html> @@ -619,14 +620,14 @@ class Handler_Public extends Handler { } function subscribe2() { - $feed_url = db_escape_string(trim($_REQUEST["feed_url"])); - $cat_id = db_escape_string($_REQUEST["cat_id"]); - $from = db_escape_string($_REQUEST["from"]); + $feed_url = db_escape_string($this->link, trim($_REQUEST["feed_url"])); + $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); + $from = db_escape_string($this->link, $_REQUEST["from"]); /* only read authentication information from POST */ - $auth_login = db_escape_string(trim($_POST["auth_login"])); - $auth_pass = db_escape_string(trim($_POST["auth_pass"])); + $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); + $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); $rc = subscribe_to_feed($this->link, $feed_url, $cat_id, $auth_login, $auth_pass); @@ -707,5 +708,92 @@ class Handler_Public extends Handler { print json_encode(array("error" => array("code" => 7))); } + function forgotpass() { + header('Content-Type: text/html; charset=utf-8'); + print "<html> + <head> + <title>Tiny Tiny RSS</title> + <link rel=\"stylesheet\" type=\"text/css\" href=\"utility.css\"> + <script type=\"text/javascript\" src=\"lib/prototype.js\"></script> + <script type=\"text/javascript\" src=\"lib/scriptaculous/scriptaculous.js?load=effects,dragdrop,controls\"></script> + <meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\"/> + </head> + <body id='forgotpass'>"; + + print '<div class="floatingLogo"><img src="images/logo_wide.png"></div>'; + print "<h1>".__("Reset password")."</h1>"; + + @$method = $_POST['method']; + + if (!$method) { + $secretkey = uniqid(); + $_SESSION["secretkey"] = $secretkey; + + print "<form method='POST' action='public.php'>"; + print "<input type='hidden' name='secretkey' value='$secretkey'>"; + print "<input type='hidden' name='method' value='do'>"; + print "<input type='hidden' name='op' value='forgotpass'>"; + + print "<fieldset>"; + print "<label>".__("Login:")."</label>"; + print "<input type='text' name='login' value='' required>"; + print "</fieldset>"; + + print "<fieldset>"; + print "<label>".__("Email:")."</label>"; + print "<input type='email' name='email' value='' required>"; + print "</fieldset>"; + + print "<fieldset>"; + print "<label>".__("How much is two plus two:")."</label>"; + print "<input type='text' name='test' value='' required>"; + print "</fieldset>"; + + print "<p/>"; + print "<button type='submit'>".__("Reset password")."</button>"; + + print "</form>"; + } else if ($method == 'do') { + + $secretkey = $_POST["secretkey"]; + $login = db_escape_string($this->link, $_POST["login"]); + $email = db_escape_string($this->link, $_POST["email"]); + $test = db_escape_string($this->link, $_POST["test"]); + + if (($test != 4 && $test != 'four') || !$email || !$login) { + print_error(__('Some of the required form parameters are missing or incorrect.')); + + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + + } else if ($_SESSION["secretkey"] == $secretkey) { + + $result = db_query($this->link, "SELECT id FROM ttrss_users + WHERE login = '$login' AND email = '$email'"); + + if (db_num_rows($result) != 0) { + $id = db_fetch_result($result, 0, "id"); + + Pref_Users::resetUserPassword($this->link, $id, false); + + print "<p>".__("Completed.")."</p>"; + + } else { + print_error(__("Sorry, login and email combination not found.")); + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + } + + } else { + print_error(__("Form secret key incorrect. Please enable cookies and try again.")); + print "<p><a href=\"public.php?op=forgotpass\">".__("Go back")."</a></p>"; + + } + + } + + print "</body>"; + print "</html>"; + + } + } ?> diff --git a/classes/opml.php b/classes/opml.php index b91e395d1..d4a0e9875 100644 --- a/classes/opml.php +++ b/classes/opml.php @@ -253,13 +253,13 @@ class Opml extends Handler_Protected { private function opml_import_feed($doc, $node, $cat_id, $owner_uid) { $attrs = $node->attributes; - $feed_title = db_escape_string($attrs->getNamedItem('text')->nodeValue); - if (!$feed_title) $feed_title = db_escape_string($attrs->getNamedItem('title')->nodeValue); + $feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue); + if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue); - $feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue); - if (!$feed_url) $feed_url = db_escape_string($attrs->getNamedItem('xmlURL')->nodeValue); + $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue); + if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue); - $site_url = db_escape_string($attrs->getNamedItem('htmlUrl')->nodeValue); + $site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue); if ($feed_url && $feed_title) { $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE @@ -285,11 +285,11 @@ class Opml extends Handler_Protected { private function opml_import_label($doc, $node, $owner_uid) { $attrs = $node->attributes; - $label_name = db_escape_string($attrs->getNamedItem('label-name')->nodeValue); + $label_name = db_escape_string($this->link, $attrs->getNamedItem('label-name')->nodeValue); if ($label_name) { - $fg_color = db_escape_string($attrs->getNamedItem('label-fg-color')->nodeValue); - $bg_color = db_escape_string($attrs->getNamedItem('label-bg-color')->nodeValue); + $fg_color = db_escape_string($this->link, $attrs->getNamedItem('label-fg-color')->nodeValue); + $bg_color = db_escape_string($this->link, $attrs->getNamedItem('label-bg-color')->nodeValue); if (!label_find_id($this->link, $label_name, $_SESSION['uid'])) { $this->opml_notice(T_sprintf("Adding label %s", htmlspecialchars($label_name))); @@ -302,10 +302,10 @@ class Opml extends Handler_Protected { private function opml_import_preference($doc, $node, $owner_uid) { $attrs = $node->attributes; - $pref_name = db_escape_string($attrs->getNamedItem('pref-name')->nodeValue); + $pref_name = db_escape_string($this->link, $attrs->getNamedItem('pref-name')->nodeValue); if ($pref_name) { - $pref_value = db_escape_string($attrs->getNamedItem('value')->nodeValue); + $pref_value = db_escape_string($this->link, $attrs->getNamedItem('value')->nodeValue); $this->opml_notice(T_sprintf("Setting preference key %s to %s", $pref_name, $pref_value)); @@ -317,7 +317,7 @@ class Opml extends Handler_Protected { private function opml_import_filter($doc, $node, $owner_uid) { $attrs = $node->attributes; - $filter_type = db_escape_string($attrs->getNamedItem('filter-type')->nodeValue); + $filter_type = db_escape_string($this->link, $attrs->getNamedItem('filter-type')->nodeValue); if ($filter_type == '2') { $filter = json_decode($node->nodeValue, true); @@ -344,13 +344,13 @@ class Opml extends Handler_Protected { if (!$rule["cat_filter"]) { $tmp_result = db_query($this->link, "SELECT id FROM ttrss_feeds - WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); + WHERE title = '".db_escape_string($this->link, $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); if (db_num_rows($tmp_result) > 0) { $feed_id = db_fetch_result($tmp_result, 0, "id"); } } else { $tmp_result = db_query($this->link, "SELECT id FROM ttrss_feed_categories - WHERE title = '".db_escape_string($rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); + WHERE title = '".db_escape_string($this->link, $rule["feed"])."' AND owner_uid = ".$_SESSION["uid"]); if (db_num_rows($tmp_result) > 0) { $cat_id = db_fetch_result($tmp_result, 0, "id"); @@ -358,7 +358,7 @@ class Opml extends Handler_Protected { } $cat_filter = bool_to_sql_bool($rule["cat_filter"]); - $reg_exp = db_escape_string($rule["reg_exp"]); + $reg_exp = db_escape_string($this->link, $rule["reg_exp"]); $filter_type = (int)$rule["filter_type"]; db_query($this->link, "INSERT INTO ttrss_filters2_rules (feed_id,cat_id,filter_id,filter_type,reg_exp,cat_filter) @@ -368,7 +368,7 @@ class Opml extends Handler_Protected { foreach ($filter["actions"] as $action) { $action_id = (int)$action["action_id"]; - $action_param = db_escape_string($action["action_param"]); + $action_param = db_escape_string($this->link, $action["action_param"]); db_query($this->link, "INSERT INTO ttrss_filters2_actions (filter_id,action_id,action_param) VALUES ($filter_id, $action_id, '$action_param')"); @@ -386,10 +386,10 @@ class Opml extends Handler_Protected { $default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false); if ($root_node) { - $cat_title = db_escape_string($root_node->attributes->getNamedItem('text')->nodeValue); + $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue); if (!$cat_title) - $cat_title = db_escape_string($root_node->attributes->getNamedItem('title')->nodeValue); + $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue); if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) { $cat_id = get_feed_category($this->link, $cat_title, $parent_id); @@ -418,12 +418,12 @@ class Opml extends Handler_Protected { foreach ($outlines as $node) { if ($node->hasAttributes() && strtolower($node->tagName) == "outline") { $attrs = $node->attributes; - $node_cat_title = db_escape_string($attrs->getNamedItem('text')->nodeValue); + $node_cat_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue); if (!$node_cat_title) - $node_cat_title = db_escape_string($attrs->getNamedItem('title')->nodeValue); + $node_cat_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue); - $node_feed_url = db_escape_string($attrs->getNamedItem('xmlUrl')->nodeValue); + $node_feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue); if ($node_cat_title && !$node_feed_url) { $this->opml_import_category($doc, $node, $owner_uid, $cat_id); @@ -462,7 +462,8 @@ class Opml extends Handler_Protected { # if ($debug) $doc = DOMDocument::load("/tmp/test.opml"); if (is_file($_FILES['opml_file']['tmp_name'])) { - $doc = DOMDocument::load($_FILES['opml_file']['tmp_name']); + $doc = new DOMDocument(); + $doc->load($_FILES['opml_file']['tmp_name']); } else if (!$doc) { print_error(__('Error: please upload OPML file.')); return; diff --git a/classes/pluginhost.php b/classes/pluginhost.php index 592629881..0ef17b77e 100644 --- a/classes/pluginhost.php +++ b/classes/pluginhost.php @@ -21,6 +21,8 @@ class PluginHost { const HOOK_RENDER_ARTICLE = 10; const HOOK_RENDER_ARTICLE_CDM = 11; const HOOK_FEED_FETCHED = 12; + const HOOK_SANITIZE = 13; + const HOOK_RENDER_ARTICLE_API = 14; const KIND_ALL = 1; const KIND_SYSTEM = 2; @@ -170,7 +172,7 @@ class PluginHost { } function add_command($command, $description, $sender) { - $command = "-" . str_replace("-", "_", strtolower($command)); + $command = str_replace("-", "_", strtolower($command)); $this->commands[$command] = array("description" => $description, "class" => $sender); @@ -200,7 +202,7 @@ class PluginHost { function run_commands($args) { foreach ($this->get_commands() as $command => $data) { - if (in_array($command, $args)) { + if (isset($args[$command])) { $command = str_replace("-", "", $command); $data["class"]->$command($args); } @@ -209,7 +211,7 @@ class PluginHost { function load_data($force = false) { if ($this->owner_uid && (!$_SESSION["plugin_storage"] || $force)) { - $plugin = db_escape_string($plugin); + $plugin = db_escape_string($this->link, $plugin); $result = db_query($this->link, "SELECT name, content FROM ttrss_plugin_storage WHERE owner_uid = '".$this->owner_uid."'"); @@ -224,7 +226,7 @@ class PluginHost { private function save_data($plugin) { if ($this->owner_uid) { - $plugin = db_escape_string($plugin); + $plugin = db_escape_string($this->link, $plugin); db_query($this->link, "BEGIN"); @@ -234,7 +236,7 @@ class PluginHost { if (!isset($this->storage[$plugin])) $this->storage[$plugin] = array(); - $content = db_escape_string(serialize($this->storage[$plugin])); + $content = db_escape_string($this->link, serialize($this->storage[$plugin])); if (db_num_rows($result) != 0) { db_query($this->link, "UPDATE ttrss_plugin_storage SET content = '$content' diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index bfcc75f0d..ca4ae344f 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -14,8 +14,8 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = db_escape_string($_REQUEST['title']); - $id = db_escape_string($_REQUEST['id']); + $title = db_escape_string($this->link, $_REQUEST['title']); + $id = db_escape_string($this->link, $_REQUEST['id']); if ($title) { db_query($this->link, "UPDATE ttrss_feed_categories SET @@ -55,7 +55,7 @@ class Pref_Feeds extends Handler_Protected { $cat['items'] = $this->get_category_items($line['id']); - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($items, $cat); @@ -172,7 +172,7 @@ class Pref_Feeds extends Handler_Protected { $cat['items'] = $this->get_category_items($line['id']); - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($root['items'], $cat); @@ -214,13 +214,13 @@ class Pref_Feeds extends Handler_Protected { array_push($cat['items'], $feed); } - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($root['items'], $cat); $root['param'] += count($cat['items']); - $root['param'] = T_sprintf('(%d feeds)', $root['param']); + $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); } else { $feed_result = db_query($this->link, "SELECT id, title, last_error, @@ -245,7 +245,7 @@ class Pref_Feeds extends Handler_Protected { array_push($root['items'], $feed); } - $root['param'] = T_sprintf('(%d feeds)', count($root['items'])); + $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); } $fl = array(); @@ -293,7 +293,7 @@ class Pref_Feeds extends Handler_Protected { if ($item_id != 'root') { if ($parent_id && $parent_id != 'root') { $parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1); - $parent_qpart = db_escape_string($parent_bare_id); + $parent_qpart = db_escape_string($this->link, $parent_bare_id); } else { $parent_qpart = 'NULL'; } @@ -319,7 +319,7 @@ class Pref_Feeds extends Handler_Protected { if (strpos($id, "FEED") === 0) { $cat_id = ($item_id != "root") ? - db_escape_string($bare_item_id) : "NULL"; + db_escape_string($this->link, $bare_item_id) : "NULL"; $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" : "cat_id = NULL"; @@ -334,7 +334,7 @@ class Pref_Feeds extends Handler_Protected { $nest_level+1); if ($item_id != 'root') { - $parent_qpart = db_escape_string($bare_id); + $parent_qpart = db_escape_string($this->link, $bare_id); } else { $parent_qpart = 'NULL'; } @@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); @@ -440,7 +440,7 @@ class Pref_Feeds extends Handler_Protected { header("Content-type: text/html"); $icon_file = $_FILES['icon_file']['tmp_name']; - $feed_id = db_escape_string($_REQUEST["feed_id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 20000) { @@ -472,7 +472,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_id = db_escape_string($_REQUEST["id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND @@ -613,6 +613,18 @@ class Pref_Feeds extends Handler_Protected { name=\"always_display_enclosures\" $checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>"; + $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images")); + + if ($hide_images) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } + + print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\" + name=\"hide_images\" + $checked> <label for=\"hide_images\">". + __('Do not embed images')."</label>"; $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); @@ -696,7 +708,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_ids = db_escape_string($_REQUEST["ids"]); + $feed_ids = db_escape_string($this->link, $_REQUEST["ids"]); print "<div class=\"dialogNotice\">" . __("Enable the options you wish to apply using checkboxes on the right:") . "</div>"; @@ -804,6 +816,14 @@ class Pref_Feeds extends Handler_Protected { print " "; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l"); + print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"hide_images\" + name=\"hide_images\" + dojoType=\"dijit.form.CheckBox\"> <label class='insensitive' id=\"hide_images_l\" + for=\"hide_images\">". + __('Do not embed images')."</label>"; + + print " "; $this->batch_edit_cbox("hide_images", "hide_images_l"); + print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\" name=\"cache_images\" dojoType=\"dijit.form.CheckBox\"> <label class='insensitive' id=\"cache_images_l\" @@ -842,26 +862,27 @@ class Pref_Feeds extends Handler_Protected { function editsaveops($batch) { - $feed_title = db_escape_string(trim($_POST["title"])); - $feed_link = db_escape_string(trim($_POST["feed_url"])); - $upd_intl = (int) db_escape_string($_POST["update_interval"]); - $purge_intl = (int) db_escape_string($_POST["purge_interval"]); - $feed_id = (int) db_escape_string($_POST["id"]); /* editSave */ - $feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */ - $cat_id = (int) db_escape_string($_POST["cat_id"]); - $auth_login = db_escape_string(trim($_POST["auth_login"])); - $auth_pass = db_escape_string(trim($_POST["auth_pass"])); - $private = checkbox_to_sql_bool(db_escape_string($_POST["private"])); + $feed_title = db_escape_string($this->link, trim($_POST["title"])); + $feed_link = db_escape_string($this->link, trim($_POST["feed_url"])); + $upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]); + $purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]); + $feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */ + $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */ + $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]); + $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); + $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); + $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"])); $include_in_digest = checkbox_to_sql_bool( - db_escape_string($_POST["include_in_digest"])); + db_escape_string($this->link, $_POST["include_in_digest"])); $cache_images = checkbox_to_sql_bool( - db_escape_string($_POST["cache_images"])); - + db_escape_string($this->link, $_POST["cache_images"])); + $hide_images = checkbox_to_sql_bool( + db_escape_string($this->link, $_POST["hide_images"])); $always_display_enclosures = checkbox_to_sql_bool( - db_escape_string($_POST["always_display_enclosures"])); + db_escape_string($this->link, $_POST["always_display_enclosures"])); $mark_unread_on_update = checkbox_to_sql_bool( - db_escape_string($_POST["mark_unread_on_update"])); + db_escape_string($this->link, $_POST["mark_unread_on_update"])); if (get_pref($this->link, 'ENABLE_FEED_CATS')) { if ($cat_id && $cat_id != 0) { @@ -887,6 +908,7 @@ class Pref_Feeds extends Handler_Protected { auth_pass = '$auth_pass', private = $private, cache_images = $cache_images, + hide_images = $hide_images, include_in_digest = $include_in_digest, always_display_enclosures = $always_display_enclosures, mark_unread_on_update = $mark_unread_on_update @@ -952,6 +974,10 @@ class Pref_Feeds extends Handler_Protected { $qpart = "cache_images = $cache_images"; break; + case "hide_images": + $qpart = "hide_images = $hide_images"; + break; + case "cat_id": $qpart = $category_qpart_nocomma; break; @@ -973,7 +999,7 @@ class Pref_Feeds extends Handler_Protected { function resetPubSub() { - $ids = db_escape_string($_REQUEST["ids"]); + $ids = db_escape_string($this->link, $_REQUEST["ids"]); db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -983,24 +1009,24 @@ class Pref_Feeds extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { - $this->remove_feed($this->link, $id, $_SESSION["uid"]); + Pref_Feeds::remove_feed($this->link, $id, $_SESSION["uid"]); } return; } function clear() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $this->clear_feed_articles($this->link, $id); } function rescore() { require_once "rssfuncs.php"; - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { @@ -1106,9 +1132,9 @@ class Pref_Feeds extends Handler_Protected { } function categorize() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); - $cat_id = db_escape_string($_REQUEST["cat_id"]); + $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -1130,14 +1156,14 @@ class Pref_Feeds extends Handler_Protected { } function removeCat() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { $this->remove_feed_category($this->link, $id, $_SESSION["uid"]); } } function addCat() { - $feed_cat = db_escape_string(trim($_REQUEST["cat"])); + $feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"])); add_feed_category($this->link, $feed_cat); } @@ -1179,7 +1205,7 @@ class Pref_Feeds extends Handler_Protected { __("Inactive feeds") . "</button>"; } - $feed_search = db_escape_string($_REQUEST["search"]); + $feed_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; @@ -1631,7 +1657,7 @@ class Pref_Feeds extends Handler_Protected { ccache_remove($link, $id, $owner_uid, true); } - private function remove_feed($link, $id, $owner_uid) { + static function remove_feed($link, $id, $owner_uid) { if ($id > 0) { diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 74a29c619..883ff0ebd 100644 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -13,7 +13,10 @@ class Pref_Filters extends Handler_Protected { $filter["enabled"] = true; $filter["match_any_rule"] = sql_bool_to_bool( - checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]))); + checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"]))); + $filter["inverse"] = sql_bool_to_bool( + checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"]))); + $filter["rules"] = array(); $result = db_query($this->link, "SELECT id,name FROM ttrss_filter_types"); @@ -47,7 +50,7 @@ class Pref_Filters extends Handler_Protected { $feed_title = getFeedTitle($this->link, $feed); $qfh_ret = queryFeedHeadlines($this->link, -4, 30, "", false, false, false, - false, "date_entered DESC", 0, $_SESSION["uid"], $filter); + "date_entered DESC", 0, $_SESSION["uid"], $filter); $result = $qfh_ret[0]; @@ -168,7 +171,7 @@ class Pref_Filters extends Handler_Protected { if ($line['action_id'] == 7) { $label_result = db_query($this->link, "SELECT fg_color, bg_color - FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND + FROM ttrss_labels2 WHERE caption = '".db_escape_string($this->link, $line['action_param'])."' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($label_result) > 0) { @@ -207,13 +210,14 @@ class Pref_Filters extends Handler_Protected { function edit() { - $filter_id = db_escape_string($_REQUEST["id"]); + $filter_id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); $enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled")); $match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule")); + $inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse")); print "<form id=\"filter_edit_form\" onsubmit='return false'>"; @@ -257,6 +261,7 @@ class Pref_Filters extends Handler_Protected { unset($line["cat_id"]); unset($line["filter_id"]); unset($line["id"]); + if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); $data = htmlspecialchars(json_encode($line)); @@ -330,6 +335,15 @@ class Pref_Filters extends Handler_Protected { print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked> <label for=\"match_any_rule\">".__('Match any rule')."</label>"; + if ($inverse) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } + + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked> + <label for=\"inverse\">".__('Inverse matching')."</label>"; + print "<p/>"; print "<div class=\"dlgButtons\">"; @@ -370,9 +384,10 @@ class Pref_Filters extends Handler_Protected { $result = db_query($this->link, "SELECT description FROM ttrss_filter_types WHERE id = ".(int)$rule["filter_type"]); - $match_on = db_fetch_result($result, 0, "description"); + $filter_type = db_fetch_result($result, 0, "description"); - return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed); + return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), + $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : ""); } function printRuleName() { @@ -403,12 +418,14 @@ class Pref_Filters extends Handler_Protected { # print_r($_REQUEST); - $filter_id = db_escape_string($_REQUEST["id"]); - $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); - $match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])); + $filter_id = db_escape_string($this->link, $_REQUEST["id"]); + $enabled = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["enabled"])); + $match_any_rule = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"])); + $inverse = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"])); $result = db_query($this->link, "UPDATE ttrss_filters2 SET enabled = $enabled, - match_any_rule = $match_any_rule + match_any_rule = $match_any_rule, + inverse = $inverse WHERE id = '$filter_id' AND owner_uid = ". $_SESSION["uid"]); @@ -418,7 +435,7 @@ class Pref_Filters extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); @@ -457,9 +474,11 @@ class Pref_Filters extends Handler_Protected { foreach ($rules as $rule) { if ($rule) { - $reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"]))); - $filter_type = (int) db_escape_string(trim($rule["filter_type"])); - $feed_id = db_escape_string(trim($rule["feed_id"])); + $reg_exp = strip_tags(db_escape_string($this->link, trim($rule["reg_exp"]))); + $inverse = isset($rule["inverse"]) ? "true" : "false"; + + $filter_type = (int) db_escape_string($this->link, trim($rule["filter_type"])); + $feed_id = db_escape_string($this->link, trim($rule["feed_id"])); if (strpos($feed_id, "CAT:") === 0) { @@ -477,8 +496,8 @@ class Pref_Filters extends Handler_Protected { } $query = "INSERT INTO ttrss_filters2_rules - (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter) VALUES - ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter)"; + (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES + ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)"; db_query($this->link, $query); } @@ -487,9 +506,9 @@ class Pref_Filters extends Handler_Protected { foreach ($actions as $action) { if ($action) { - $action_id = (int) db_escape_string($action["action_id"]); - $action_param = db_escape_string($action["action_param"]); - $action_param_label = db_escape_string($action["action_param_label"]); + $action_id = (int) db_escape_string($this->link, $action["action_id"]); + $action_param = db_escape_string($this->link, $action["action_param"]); + $action_param_label = db_escape_string($this->link, $action["action_param_label"]); if ($action_id == 7) { $action_param = $action_param_label; @@ -541,13 +560,13 @@ class Pref_Filters extends Handler_Protected { function index() { - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "reg_exp"; } - $filter_search = db_escape_string($_REQUEST["search"]); + $filter_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -559,7 +578,7 @@ class Pref_Filters extends Handler_Protected { print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; - $filter_search = db_escape_string($_REQUEST["search"]); + $filter_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -710,10 +729,8 @@ class Pref_Filters extends Handler_Protected { print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\"> <label for=\"match_any_rule\">".__('Match any rule')."</label>"; - print "<p/>"; - -/* print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\"> - <label for=\"inverse\">".__('Inverse match')."</label><hr/>"; */ + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\"> + <label for=\"inverse\">".__('Inverse matching')."</label>"; // print "</div>"; @@ -739,10 +756,12 @@ class Pref_Filters extends Handler_Protected { $reg_exp = htmlspecialchars($rule["reg_exp"]); $filter_type = $rule["filter_type"]; $feed_id = $rule["feed_id"]; + $inverse_checked = isset($rule["inverse"]) ? "checked" : ""; } else { $reg_exp = ""; $filter_type = 1; $feed_id = 0; + $inverse_checked = ""; } if (strpos($feed_id, "CAT:") === 0) { @@ -773,6 +792,11 @@ class Pref_Filters extends Handler_Protected { style=\"font-size : 16px; width : 20em;\" name=\"reg_exp\" value=\"$reg_exp\"/>"; + print "<hr/>"; + print "<input id=\"filterDlg_inverse\" dojoType=\"dijit.form.CheckBox\" + name=\"inverse\" $inverse_checked/>"; + print "<label for=\"filterDlg_inverse\">".__("Inverse regular expression matching")."</label>"; + print "<hr/>" . __("on field") . " "; print_select_hash("filter_type", $filter_type, $filter_types, 'dojoType="dijit.form.Select"'); @@ -806,7 +830,7 @@ class Pref_Filters extends Handler_Protected { $action = json_decode($_REQUEST["action"], true); if ($action) { - $action_param = db_escape_string($action["action_param"]); + $action_param = db_escape_string($this->link, $action["action_param"]); $action_id = (int)$action["action_id"]; } else { $action_param = ""; @@ -885,6 +909,8 @@ class Pref_Filters extends Handler_Protected { unset($line["cat_id"]); } + if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); + if ($count < 2) { array_push($titles, $this->getRuleName($line)); } else { @@ -914,7 +940,7 @@ class Pref_Filters extends Handler_Protected { } function join() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); if (count($ids) > 1) { $base_id = array_shift($ids); diff --git a/classes/pref/labels.php b/classes/pref/labels.php index e63a0cfc2..b45354c94 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -8,7 +8,7 @@ class Pref_Labels extends Handler_Protected { } function edit() { - $label_id = db_escape_string($_REQUEST['id']); + $label_id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); @@ -118,11 +118,11 @@ class Pref_Labels extends Handler_Protected { } function colorset() { - $kind = db_escape_string($_REQUEST["kind"]); - $ids = split(',', db_escape_string($_REQUEST["ids"])); - $color = db_escape_string($_REQUEST["color"]); - $fg = db_escape_string($_REQUEST["fg"]); - $bg = db_escape_string($_REQUEST["bg"]); + $kind = db_escape_string($this->link, $_REQUEST["kind"]); + $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); + $color = db_escape_string($this->link, $_REQUEST["color"]); + $fg = db_escape_string($this->link, $_REQUEST["fg"]); + $bg = db_escape_string($this->link, $_REQUEST["bg"]); foreach ($ids as $id) { @@ -136,7 +136,7 @@ class Pref_Labels extends Handler_Protected { AND owner_uid = " . $_SESSION["uid"]); } - $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); /* Remove cached data */ @@ -149,14 +149,14 @@ class Pref_Labels extends Handler_Protected { } function colorreset() { - $ids = split(',', db_escape_string($_REQUEST["ids"])); + $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { db_query($this->link, "UPDATE ttrss_labels2 SET fg_color = '', bg_color = '' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); - $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); /* Remove cached data */ @@ -168,8 +168,8 @@ class Pref_Labels extends Handler_Protected { function save() { - $id = db_escape_string($_REQUEST["id"]); - $caption = db_escape_string(trim($_REQUEST["caption"])); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $caption = db_escape_string($this->link, trim($_REQUEST["caption"])); db_query($this->link, "BEGIN"); @@ -190,7 +190,7 @@ class Pref_Labels extends Handler_Protected { /* Update filters that reference label being renamed */ - $old_caption = db_escape_string($old_caption); + $old_caption = db_escape_string($this->link, $old_caption); db_query($this->link, "UPDATE ttrss_filters2_actions SET action_param = '$caption' WHERE action_param = '$old_caption' @@ -213,7 +213,7 @@ class Pref_Labels extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { label_remove($this->link, $id, $_SESSION["uid"]); @@ -222,8 +222,8 @@ class Pref_Labels extends Handler_Protected { } function add() { - $caption = db_escape_string($_REQUEST["caption"]); - $output = db_escape_string($_REQUEST["output"]); + $caption = db_escape_string($this->link, $_REQUEST["caption"]); + $output = db_escape_string($this->link, $_REQUEST["output"]); if ($caption) { @@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected { function index() { - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "caption"; } - $label_search = db_escape_string($_REQUEST["search"]); + $label_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_label_search"] = $label_search; diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 810b1e164..a5a699a67 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -42,10 +42,16 @@ class Pref_Prefs extends Handler_Protected { $_SESSION["prefs_cache"] = false; + $boolean_prefs = explode(",", $_POST["boolean_prefs"]); + + foreach ($boolean_prefs as $pref) { + if (!isset($_POST[$pref])) $_POST[$pref] = 'false'; + } + foreach (array_keys($_POST) as $pref_name) { - $pref_name = db_escape_string($pref_name); - $value = db_escape_string($_POST[$pref_name]); + $pref_name = db_escape_string($this->link, $pref_name); + $value = db_escape_string($this->link, $_POST[$pref_name]); if ($pref_name == 'DIGEST_PREFERRED_TIME') { if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) { @@ -65,7 +71,7 @@ class Pref_Prefs extends Handler_Protected { function getHelp() { - $pref_name = db_escape_string($_REQUEST["pn"]); + $pref_name = db_escape_string($this->link, $_REQUEST["pn"]); $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); @@ -80,8 +86,8 @@ class Pref_Prefs extends Handler_Protected { function changeemail() { - $email = db_escape_string($_POST["email"]); - $full_name = db_escape_string($_POST["full_name"]); + $email = db_escape_string($this->link, $_POST["email"]); + $full_name = db_escape_string($this->link, $_POST["full_name"]); $active_uid = $_SESSION["uid"]; @@ -227,7 +233,7 @@ class Pref_Prefs extends Handler_Protected { </script>"; if ($otp_enabled) { - print_notice("Changing your current password will disable OTP."); + print_notice(__("Changing your current password will disable OTP.")); } print "<table width=\"100%\" class=\"prefPrefsList\">"; @@ -260,7 +266,7 @@ class Pref_Prefs extends Handler_Protected { if ($otp_enabled) { - print_notice("One time passwords are currently enabled. Enter your current password below to disable."); + print_notice(__("One time passwords are currently enabled. Enter your current password below to disable.")); print "<form dojoType=\"dijit.form.Form\">"; @@ -395,7 +401,7 @@ class Pref_Prefs extends Handler_Protected { print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; if ($_SESSION["profile"]) { - print_notice("Some preferences are only available in default profile."); + print_notice(__("Some preferences are only available in default profile.")); } if ($_SESSION["profile"]) { @@ -429,6 +435,8 @@ class Pref_Prefs extends Handler_Protected { $active_section = ""; + $listed_boolean_prefs = array(); + while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { @@ -463,7 +471,10 @@ class Pref_Prefs extends Handler_Protected { $def_value = $line["def_value"]; $help_text = $line["help_text"]; - print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]); + print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">"; + print "<label for='CB_$pref_name'>"; + print __($line["short_desc"]); + print "</label>"; if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>"; @@ -497,21 +508,19 @@ class Pref_Prefs extends Handler_Protected { } else if ($type_name == "bool") { - if ($value == "true") { - $value = __("Yes"); - } else { - $value = __("No"); - } + array_push($listed_boolean_prefs, $pref_name); + + $checked = ($value == "true") ? "checked=\"checked\"" : ""; if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; - $value = __("Yes"); + $checked = "checked=\"checked\""; } else { $disabled = ""; } - print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), - $disabled); + print "<input type='checkbox' name='$pref_name' $checked $disabled + dojoType='dijit.form.CheckBox' id='CB_$pref_name' value='1'>"; } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { @@ -568,6 +577,10 @@ class Pref_Prefs extends Handler_Protected { print "</table>"; + $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs)); + + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">"; + global $pluginhost; $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside"); @@ -613,7 +626,7 @@ class Pref_Prefs extends Handler_Protected { print "<h2>".__("Plugins")."</h2>"; - print_notice("You will need to reload Tiny Tiny RSS for plugin changes to take effect."); + print_notice(__("You will need to reload Tiny Tiny RSS for plugin changes to take effect.")); print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">"; @@ -785,7 +798,7 @@ class Pref_Prefs extends Handler_Protected { } function otpenable() { - $password = db_escape_string($_REQUEST["password"]); + $password = db_escape_string($this->link, $_REQUEST["password"]); $enable_otp = $_REQUEST["enable_otp"] == "on"; global $pluginhost; @@ -806,7 +819,7 @@ class Pref_Prefs extends Handler_Protected { } function otpdisable() { - $password = db_escape_string($_REQUEST["password"]); + $password = db_escape_string($this->link, $_REQUEST["password"]); global $pluginhost; $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); @@ -833,7 +846,7 @@ class Pref_Prefs extends Handler_Protected { } function clearplugindata() { - $name = db_escape_string($_REQUEST["name"]); + $name = db_escape_string($this->link, $_REQUEST["name"]); global $pluginhost; $pluginhost->clear_data($pluginhost->get_plugin($name)); diff --git a/classes/pref/users.php b/classes/pref/users.php index 0d7ca3c6e..4055bca45 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -116,7 +116,7 @@ class Pref_Users extends Handler_Protected { header("Content-Type: text/xml"); - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); print "<dlg id=\"$method\">"; print "<title>".__('User Editor')."</title>"; @@ -199,11 +199,11 @@ class Pref_Users extends Handler_Protected { } function editSave() { - $login = db_escape_string(trim($_REQUEST["login"])); - $uid = db_escape_string($_REQUEST["id"]); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); + $uid = db_escape_string($this->link, $_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; - $email = db_escape_string(trim($_REQUEST["email"])); - $password = db_escape_string(trim($_REQUEST["password"])); + $email = db_escape_string($this->link, trim($_REQUEST["email"])); + $password = db_escape_string($this->link, trim($_REQUEST["password"])); if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); @@ -214,13 +214,13 @@ class Pref_Users extends Handler_Protected { } db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login', - access_level = '$access_level', email = '$email', otp_enabled = 'false' + access_level = '$access_level', email = '$email', otp_enabled = false WHERE id = '$uid'"); } function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { @@ -233,7 +233,7 @@ class Pref_Users extends Handler_Protected { function add() { - $login = db_escape_string(trim($_REQUEST["login"])); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); @@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected { } } - function resetPass() { - - $uid = db_escape_string($_REQUEST["id"]); + static function resetUserPassword($link, $uid, $show_password) { - $result = db_query($this->link, "SELECT login,email + $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); @@ -286,18 +284,18 @@ class Pref_Users extends Handler_Protected { $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); - print T_sprintf("Changed password of user <b>%s</b> - to <b>%s</b>", $login, $tmp_user_pwd); + if ($show_password) { + print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd); + } else { + print T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email); + } - require_once 'lib/phpmailer/class.phpmailer.php'; + require_once 'classes/ttrssmailer.php'; if ($email) { - print " "; - print T_sprintf("Notifying <b>%s</b>.", $email); - require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator; @@ -313,35 +311,19 @@ class Pref_Users extends Handler_Protected { $tpl->generateOutputToString($message); - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; + $mail = new ttrssMailer(); - $mail->From = SMTP_FROM_ADDRESS; - $mail->FromName = SMTP_FROM_NAME; - $mail->AddAddress($email, $login); - - if (SMTP_HOST) { - $mail->Host = SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->SMTPAuth = SMTP_LOGIN != ''; - $mail->Username = SMTP_LOGIN; - $mail->Password = SMTP_PASSWORD; - } - - $mail->IsHTML(false); - $mail->Subject = __("[tt-rss] Password change notification"); - $mail->Body = $message; - - $rc = $mail->Send(); + $rc = $mail->quickMail($email, $login, + __("[tt-rss] Password change notification"), + $message, false); if (!$rc) print_error($mail->ErrorInfo); } + } - print "</div>"; + function resetPass() { + $uid = db_escape_string($this->link, $_REQUEST["id"]); + Pref_Users::resetUserPassword($this->link, $uid, true); } function index() { @@ -353,7 +335,7 @@ class Pref_Users extends Handler_Protected { print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">"; - $user_search = db_escape_string($_REQUEST["search"]); + $user_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; @@ -368,7 +350,7 @@ class Pref_Users extends Handler_Protected { __('Search')."</button> </div>"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; diff --git a/classes/rpc.php b/classes/rpc.php index 46c8b0d85..eb241591b 100644 --- a/classes/rpc.php +++ b/classes/rpc.php @@ -8,14 +8,14 @@ class RPC extends Handler_Protected { } function setprofile() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $_SESSION["profile"] = $id; $_SESSION["prefs_cache"] = array(); } function remprofiles() { - $ids = explode(",", db_escape_string(trim($_REQUEST["ids"]))); + $ids = explode(",", db_escape_string($this->link, trim($_REQUEST["ids"]))); foreach ($ids as $id) { if ($_SESSION["profile"] != $id) { @@ -27,7 +27,7 @@ class RPC extends Handler_Protected { // Silent function addprofile() { - $title = db_escape_string(trim($_REQUEST["title"])); + $title = db_escape_string($this->link, trim($_REQUEST["title"])); if ($title) { db_query($this->link, "BEGIN"); @@ -57,8 +57,8 @@ class RPC extends Handler_Protected { // Silent function saveprofile() { - $id = db_escape_string($_REQUEST["id"]); - $title = db_escape_string(trim($_REQUEST["value"])); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $title = db_escape_string($this->link, trim($_REQUEST["value"])); if ($id == 0) { print __("Default profile"); @@ -88,7 +88,7 @@ class RPC extends Handler_Protected { // Silent function remarchive() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { $result = db_query($this->link, "DELETE FROM ttrss_archived_feeds WHERE @@ -101,19 +101,18 @@ class RPC extends Handler_Protected { } function addfeed() { - $feed = db_escape_string($_REQUEST['feed']); - $cat = db_escape_string($_REQUEST['cat']); - $login = db_escape_string($_REQUEST['login']); - $pass = db_escape_string($_REQUEST['pass']); - $need_auth = db_escape_string($_REQUEST['need_auth']) != ""; + $feed = db_escape_string($this->link, $_REQUEST['feed']); + $cat = db_escape_string($this->link, $_REQUEST['cat']); + $login = db_escape_string($this->link, $_REQUEST['login']); + $pass = db_escape_string($this->link, $_REQUEST['pass']); - $rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass, $need_auth); + $rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass); print json_encode(array("result" => $rc)); } function togglepref() { - $key = db_escape_string($_REQUEST["key"]); + $key = db_escape_string($this->link, $_REQUEST["key"]); set_pref($this->link, $key, !get_pref($this->link, $key)); $value = get_pref($this->link, $key); @@ -132,7 +131,7 @@ class RPC extends Handler_Protected { function mark() { $mark = $_REQUEST["mark"]; - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); if ($mark == "1") { $mark = "true"; @@ -140,14 +139,15 @@ class RPC extends Handler_Protected { $mark = "false"; } - $result = db_query($this->link, "UPDATE ttrss_user_entries SET marked = $mark + $result = db_query($this->link, "UPDATE ttrss_user_entries SET marked = $mark, + last_marked = NOW() WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); print json_encode(array("message" => "UPDATE_COUNTERS")); } function delete() { - $ids = db_escape_string($_REQUEST["ids"]); + $ids = db_escape_string($this->link, $_REQUEST["ids"]); $result = db_query($this->link, "DELETE FROM ttrss_user_entries WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -156,7 +156,7 @@ class RPC extends Handler_Protected { } function unarchive() { - $ids = db_escape_string($_REQUEST["ids"]); + $ids = db_escape_string($this->link, $_REQUEST["ids"]); $result = db_query($this->link, "UPDATE ttrss_user_entries SET feed_id = orig_feed_id, orig_feed_id = NULL @@ -166,7 +166,7 @@ class RPC extends Handler_Protected { } function archive() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { $this->archive_article($this->link, $id, $_SESSION["uid"]); @@ -209,8 +209,8 @@ class RPC extends Handler_Protected { function publ() { $pub = $_REQUEST["pub"]; - $id = db_escape_string($_REQUEST["id"]); - $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"]))); if ($pub == "1") { $pub = "true"; @@ -219,7 +219,7 @@ class RPC extends Handler_Protected { } $result = db_query($this->link, "UPDATE ttrss_user_entries SET - published = $pub, last_read = NOW() + published = $pub, last_published = NOW() WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); $pubsub_result = false; @@ -256,7 +256,7 @@ class RPC extends Handler_Protected { /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */ function catchupSelected() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); $cmode = sprintf("%d", $_REQUEST["cmode"]); catchupArticlesById($this->link, $ids, $cmode); @@ -265,7 +265,7 @@ class RPC extends Handler_Protected { } function markSelected() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); $cmode = sprintf("%d", $_REQUEST["cmode"]); $this->markArticlesById($this->link, $ids, $cmode); @@ -274,7 +274,7 @@ class RPC extends Handler_Protected { } function publishSelected() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); $cmode = sprintf("%d", $_REQUEST["cmode"]); $this->publishArticlesById($this->link, $ids, $cmode); @@ -284,6 +284,7 @@ class RPC extends Handler_Protected { function sanityCheck() { $_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true"; + $_SESSION["hasSandbox"] = $_REQUEST["hasSandbox"] === "true"; $reply = array(); @@ -299,9 +300,9 @@ class RPC extends Handler_Protected { function setArticleTags() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); - $tags_str = db_escape_string($_REQUEST["tags_str"]); + $tags_str = db_escape_string($this->link, $_REQUEST["tags_str"]); $tags = array_unique(trim_array(explode(",", $tags_str))); db_query($this->link, "BEGIN"); @@ -371,7 +372,7 @@ class RPC extends Handler_Protected { } function completeLabels() { - $search = db_escape_string($_REQUEST["search"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); $result = db_query($this->link, "SELECT DISTINCT caption FROM ttrss_labels2 @@ -388,7 +389,7 @@ class RPC extends Handler_Protected { function completeTags() { - $search = db_escape_string($_REQUEST["search"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); $result = db_query($this->link, "SELECT DISTINCT tag_name FROM ttrss_tags WHERE owner_uid = '".$_SESSION["uid"]."' AND @@ -403,7 +404,7 @@ class RPC extends Handler_Protected { } function purge() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); $days = sprintf("%d", $_REQUEST["days"]); foreach ($ids as $id) { @@ -418,7 +419,7 @@ class RPC extends Handler_Protected { } function getArticles() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); $articles = array(); foreach ($ids as $id) { @@ -431,7 +432,7 @@ class RPC extends Handler_Protected { } function checkDate() { - $date = db_escape_string($_REQUEST["date"]); + $date = db_escape_string($this->link, $_REQUEST["date"]); $date_parsed = strtotime($date); print json_encode(array("result" => (bool)$date_parsed, @@ -449,10 +450,10 @@ class RPC extends Handler_Protected { function labelops($assign) { $reply = array(); - $ids = explode(",", db_escape_string($_REQUEST["ids"])); - $label_id = db_escape_string($_REQUEST["lid"]); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); + $label_id = db_escape_string($this->link, $_REQUEST["lid"]); - $label = db_escape_string(label_find_caption($this->link, $label_id, + $label = db_escape_string($this->link, label_find_caption($this->link, $label_id, $_SESSION["uid"])); $reply["info-for-headlines"] = array(); @@ -480,9 +481,9 @@ class RPC extends Handler_Protected { } function updateFeedBrowser() { - $search = db_escape_string($_REQUEST["search"]); - $limit = db_escape_string($_REQUEST["limit"]); - $mode = (int) db_escape_string($_REQUEST["mode"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); + $limit = db_escape_string($this->link, $_REQUEST["limit"]); + $mode = (int) db_escape_string($this->link, $_REQUEST["mode"]); require_once "feedbrowser.php"; @@ -502,8 +503,8 @@ class RPC extends Handler_Protected { if ($mode == 1) { foreach ($payload as $feed) { - $title = db_escape_string($feed[0]); - $feed_url = db_escape_string($feed[1]); + $title = db_escape_string($this->link, $feed[0]); + $feed_url = db_escape_string($this->link, $feed[1]); $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); @@ -522,9 +523,9 @@ class RPC extends Handler_Protected { WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($result) != 0) { - $site_url = db_escape_string(db_fetch_result($result, 0, "site_url")); - $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url")); - $title = db_escape_string(db_fetch_result($result, 0, "title")); + $site_url = db_escape_string($this->link, db_fetch_result($result, 0, "site_url")); + $feed_url = db_escape_string($this->link, db_fetch_result($result, 0, "feed_url")); + $title = db_escape_string($this->link, db_fetch_result($result, 0, "title")); $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); @@ -541,9 +542,9 @@ class RPC extends Handler_Protected { } function catchupFeed() { - $feed_id = db_escape_string($_REQUEST['feed_id']); - $is_cat = db_escape_string($_REQUEST['is_cat']) == "true"; - $max_id = (int) db_escape_string($_REQUEST['max_id']); + $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']); + $is_cat = db_escape_string($this->link, $_REQUEST['is_cat']) == "true"; + $max_id = (int) db_escape_string($this->link, $_REQUEST['max_id']); catchup_feed($this->link, $feed_id, $is_cat, false, $max_id); @@ -551,7 +552,7 @@ class RPC extends Handler_Protected { } function quickAddCat() { - $cat = db_escape_string($_REQUEST["cat"]); + $cat = db_escape_string($this->link, $_REQUEST["cat"]); add_feed_category($this->link, $cat); @@ -568,8 +569,8 @@ class RPC extends Handler_Protected { } function regenFeedKey() { - $feed_id = db_escape_string($_REQUEST['id']); - $is_cat = db_escape_string($_REQUEST['is_cat']) == "true"; + $feed_id = db_escape_string($this->link, $_REQUEST['id']); + $is_cat = db_escape_string($this->link, $_REQUEST['is_cat']) == "true"; $new_key = $this->update_feed_access_key($this->link, $feed_id, $is_cat); @@ -617,11 +618,10 @@ class RPC extends Handler_Protected { } function batchAddFeeds() { - $cat_id = db_escape_string($_REQUEST['cat']); - $feeds = explode("\n", db_escape_string($_REQUEST['feeds'])); - $login = db_escape_string($_REQUEST['login']); - $pass = db_escape_string($_REQUEST['pass']); - $need_auth = db_escape_string($_REQUEST['need_auth']) != ""; + $cat_id = db_escape_string($this->link, $_REQUEST['cat']); + $feeds = explode("\n", db_escape_string($this->link, $_REQUEST['feeds'])); + $login = db_escape_string($this->link, $_REQUEST['login']); + $pass = db_escape_string($this->link, $_REQUEST['pass']); foreach ($feeds as $feed) { $feed = trim($feed); @@ -654,14 +654,14 @@ class RPC extends Handler_Protected { } function setScore() { - $ids = db_escape_string($_REQUEST['id']); - $score = (int)db_escape_string($_REQUEST['score']); + $ids = db_escape_string($this->link, $_REQUEST['id']); + $score = (int)db_escape_string($this->link, $_REQUEST['score']); db_query($this->link, "UPDATE ttrss_user_entries SET score = '$score' WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); print json_encode(array("id" => $id, - "score_pic" => theme_image($link, get_score_pic($score)))); + "score_pic" => get_score_pic($score))); } function setpanelmode() { @@ -754,7 +754,7 @@ class RPC extends Handler_Protected { AND owner_uid = " . $owner_uid); if (db_num_rows($result) == 1) { - $key = db_escape_string(sha1(uniqid(rand(), true))); + $key = db_escape_string($this->link, sha1(uniqid(rand(), true))); db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key' WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat @@ -779,15 +779,15 @@ class RPC extends Handler_Protected { if ($cmode == 0) { db_query($link, "UPDATE ttrss_user_entries SET - marked = false,last_read = NOW() + marked = false, last_marked = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } else if ($cmode == 1) { db_query($link, "UPDATE ttrss_user_entries SET - marked = true + marked = true, last_marked = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } else { db_query($link, "UPDATE ttrss_user_entries SET - marked = NOT marked,last_read = NOW() + marked = NOT marked,last_marked = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } } @@ -804,15 +804,15 @@ class RPC extends Handler_Protected { if ($cmode == 0) { db_query($link, "UPDATE ttrss_user_entries SET - published = false,last_read = NOW() + published = false,last_published = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } else if ($cmode == 1) { db_query($link, "UPDATE ttrss_user_entries SET - published = true,last_read = NOW() + published = true,last_published = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } else { db_query($link, "UPDATE ttrss_user_entries SET - published = NOT published,last_read = NOW() + published = NOT published,last_published = NOW() WHERE ($ids_qpart) AND owner_uid = " . $_SESSION["uid"]); } @@ -827,5 +827,48 @@ class RPC extends Handler_Protected { } } + function getlinktitlebyid() { + $id = db_escape_string($this->link, $_REQUEST['id']); + + $result = db_query($this->link, "SELECT link, title FROM ttrss_entries, ttrss_user_entries + WHERE ref_id = '$id' AND ref_id = id AND owner_uid = ". $_SESSION["uid"]); + + if (db_num_rows($result) != 0) { + $link = db_fetch_result($result, 0, "link"); + $title = db_fetch_result($result, 0, "title"); + + echo json_encode(array("link" => $link, "title" => $title)); + } else { + echo json_encode(array("error" => "ARTICLE_NOT_FOUND")); + } + } + + function cdmArticlePreview() { + $id = db_escape_string($this->link, $_REQUEST['id']); + + $result = db_query($this->link, "SELECT link, + ttrss_entries.title, content, feed_url + FROM + ttrss_entries, ttrss_user_entries + LEFT JOIN ttrss_feeds ON (ttrss_user_entries.feed_id = ttrss_feeds.id) + WHERE ref_id = '$id' AND ref_id = ttrss_entries.id AND + ttrss_user_entries.owner_uid = ". $_SESSION["uid"]); + + if (db_num_rows($result) != 0) { + $link = db_fetch_result($result, 0, "link"); + $title = db_fetch_result($result, 0, "title"); + $feed_url = db_fetch_result($result, 0, "feed_url"); + + $content = sanitize($this->link, + db_fetch_result($result, 0, "content"), false, false, $feed_url); + + print "<div class='content'>".$content."</content>"; + + } else { + print "Article not found."; + } + + } + } ?> diff --git a/classes/ttrssmailer.php b/classes/ttrssmailer.php new file mode 100644 index 000000000..1eb9f1d3a --- /dev/null +++ b/classes/ttrssmailer.php @@ -0,0 +1,64 @@ +<?php
+/* @class ttrssMailer
+* @brief A TTRSS extension to the PHPMailer class
+* Configures default values through the __construct() function
+* @author Derek Murawsky
+* @version .1 (alpha)
+*
+*/
+require_once 'lib/phpmailer/class.phpmailer.php';
+require_once "config.php";
+
+class ttrssMailer extends PHPMailer {
+
+ //define all items that we want to override with defaults in PHPMailer
+ public $From = SMTP_FROM_ADDRESS;
+ public $FromName = SMTP_FROM_NAME;
+ public $CharSet = "UTF-8";
+ public $PluginDir = "lib/phpmailer/";
+ public $ContentType = "text/html"; //default email type is HTML
+ public $Host;
+ public $Port;
+ public $SMTPAuth=False;
+ public $Username;
+ public $Password;
+
+ function __construct() {
+ $this->SetLanguage("en", "lib/phpmailer/language/");
+ //if SMTP_HOST is specified, use SMTP to send mail directly
+ if (SMTP_HOST) {
+ $Host = SMTP_HOST;
+ $Mailer = "smtp";
+ }
+ //if SMTP_PORT is specified, assign it. Otherwise default to port 25
+ if(SMTP_PORT){
+ $Port = SMTP_PORT;
+ }else{
+ $Port = "25";
+ }
+
+ //if SMTP_LOGIN is specified, set credentials and enable auth
+ if(SMTP_LOGIN){
+ $SMTPAuth = true;
+ $Username = SMTP_LOGIN;
+ $Password = SMTP_PASSWORD;
+ }
+ }
+ /* @brief a simple mail function to send email using the defaults
+ * This will send an HTML email using the configured defaults
+ * @param $toAddress A string with the recipients email address
+ * @param $toName A string with the recipients name
+ * @param $subject A string with the emails subject
+ * @param $body A string containing the body of the email
+ */
+ public function quickMail ($toAddress, $toName, $subject, $body, $altbody=""){
+ $this->addAddress($toAddress, $toName);
+ $this->Subject = $subject;
+ $this->Body = $body;
+ $this->IsHTML($altbody != '');
+ $rc=$this->send();
+ return $rc;
+ }
+}
+
+?>
|