diff options
author | Andrew Dolgov <[email protected]> | 2011-04-15 11:42:22 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2011-04-15 11:42:22 +0400 |
commit | b6c1201c33242bdf3341de7ed68792b57152bbc1 (patch) | |
tree | f57ab4a6fe3a6b43721c1a695c5e4eb480441e62 | |
parent | 90e71380bad862296084460c2b7d825f56086893 (diff) |
filters: cast score expression as integer on save to prevent misscoring
-rw-r--r-- | modules/pref-filters.php | 112 |
1 files changed, 60 insertions, 52 deletions
diff --git a/modules/pref-filters.php b/modules/pref-filters.php index 805562d9b..dc9015f3a 100644 --- a/modules/pref-filters.php +++ b/modules/pref-filters.php @@ -9,7 +9,7 @@ $root['name'] = __('Filters'); $root['items'] = array(); - $result = db_query($link, "SELECT + $result = db_query($link, "SELECT ttrss_filters.id AS id,reg_exp, ttrss_filter_types.name AS filter_type_name, ttrss_filter_types.description AS filter_type_descr, @@ -23,7 +23,7 @@ ttrss_feeds.title AS feed_title, ttrss_filter_actions.name AS action_name, ttrss_filters.action_param AS action_param - FROM + FROM ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id) WHERE @@ -39,41 +39,41 @@ while ($line = db_fetch_assoc($result)) { if ($cur_action_description != $line['action_description']) { - + if ($cat) array_push($root['items'], $cat); - + $cat = array(); $cat['id'] = 'ACTION:' . $line['action_id']; $cat['name'] = $line['action_description']; $cat['items'] = array(); - + $cur_action_description = $line['action_description']; } - - if (array_search($line["action_name"], + + if (array_search($line["action_name"], array("score", "tag", "label")) === false) { - + $line["action_param"] = ''; } else { if ($line['action_name'] == 'label') { - + $tmp_result = db_query($link, "SELECT fg_color, bg_color FROM ttrss_labels2 WHERE caption = '". db_escape_string($line["action_param"])."' AND owner_uid = " . $_SESSION["uid"]); - + if (db_num_rows($tmp_result) != 0) { $fg_color = db_fetch_result($tmp_result, 0, "fg_color"); $bg_color = db_fetch_result($tmp_result, 0, "bg_color"); - + $tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>α</span> " . $line['action_param']; - + $line['action_param'] = $tmp; } } } - + $filter = array(); $filter['id'] = 'FILTER:' . $line['id']; $filter['bare_id'] = $line['id']; @@ -83,13 +83,13 @@ $filter['param'] = $line['action_param']; $filter['inverse'] = sql_bool_to_bool($line['inverse']); $filter['checkbox'] = false; - + if ($line['feed_id']) - $filter['feed'] = $line['feed_title']; - + $filter['feed'] = $line['feed_title']; + array_push($cat['items'], $filter); } - + array_push($root['items'], $cat); } @@ -106,7 +106,7 @@ $filter_id = db_escape_string($_REQUEST["id"]); - $result = db_query($link, + $result = db_query($link, "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp")); @@ -123,13 +123,13 @@ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">"; - print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">"; - - $result = db_query($link, "SELECT id,description + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">"; + + $result = db_query($link, "SELECT id,description FROM ttrss_filter_types ORDER BY description"); - + $filter_types = array(); - + while ($line = db_fetch_assoc($result)) { //array_push($filter_types, $line["description"]); $filter_types[$line["id"]] = __($line["description"]); @@ -159,7 +159,7 @@ required=\"1\" name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">"; - print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>"; + print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>"; print " <button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">". __('Check it')."</button>"; print "</span>"; @@ -182,15 +182,15 @@ print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" onchange=\"filterDlgCheckAction(this)\">"; - - $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions + + $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions ORDER BY name"); while ($line = db_fetch_assoc($result)) { - $is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : ""; + $is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : ""; printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"])); } - + print "</select>"; $param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none"; @@ -206,8 +206,8 @@ $param_int_hidden = ($action_id == 7) ? "" : "display : none"; - print_label_select($link, "action_param_label", $action_param, - "style=\"$param_int_hidden\"" . + print_label_select($link, "action_param_label", $action_param, + "style=\"$param_int_hidden\"" . 'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"'); print "</span>"; @@ -271,9 +271,9 @@ $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $filter_id = db_escape_string($_REQUEST["id"]); $feed_id = db_escape_string($_REQUEST["feed_id"]); - $action_id = db_escape_string($_REQUEST["action_id"]); - $action_param = db_escape_string($_REQUEST["action_param"]); - $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); @@ -293,8 +293,12 @@ $action_param = $action_param_label; } - $result = db_query($link, "UPDATE ttrss_filters SET - reg_exp = '$reg_exp', + if ($action_id == 6) { + $action_param = (int) str_replace("+", "", $action_param); + } + + $result = db_query($link, "UPDATE ttrss_filters SET + reg_exp = '$reg_exp', feed_id = $feed_id, action_id = '$action_id', filter_type = '$filter_type', @@ -306,7 +310,7 @@ } if ($subop == "remove") { - + if ($memcache) $memcache->flush(); $ids = split(",", db_escape_string($_REQUEST["ids"])); @@ -324,9 +328,9 @@ $regexp = db_escape_string(trim($_REQUEST["reg_exp"])); $filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $feed_id = db_escape_string($_REQUEST["feed_id"]); - $action_id = db_escape_string($_REQUEST["action_id"]); - $action_param = db_escape_string($_REQUEST["action_param"]); - $action_param_label = db_escape_string($_REQUEST["action_param_label"]); + $action_id = db_escape_string($_REQUEST["action_id"]); + $action_param = db_escape_string($_REQUEST["action_param"]); + $action_param_label = db_escape_string($_REQUEST["action_param_label"]); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); # for the time being, no other filters use params anyway... @@ -347,11 +351,15 @@ $action_param = $action_param_label; } + if ($action_id == 6) { + $action_param = (int) str_replace("+", "", $action_param); + } + $result = db_query($link, "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id, - action_id, action_param, inverse, filter_param) - VALUES - ('$regexp', '$filter_type','".$_SESSION["uid"]."', + action_id, action_param, inverse, filter_param) + VALUES + ('$regexp', '$filter_type','".$_SESSION["uid"]."', $feed_id, '$action_id', '$action_param', $inverse, '$filter_param')"); if (db_affected_rows($link, $result) != 0) { @@ -369,7 +377,7 @@ $sort = "reg_exp"; } - $result = db_query($link, "SELECT id,description + $result = db_query($link, "SELECT id,description FROM ttrss_filter_types ORDER BY description"); $filter_types = array(); @@ -387,7 +395,7 @@ } else { $filter_search = $_SESSION["prefs_filter_search"]; } - + print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">"; print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; @@ -395,14 +403,14 @@ print "<div dojoType=\"dijit.form.DropDownButton\">". "<span>" . __('Select')."</span>"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" + print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" + print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" dojoType=\"dijit.MenuItem\">".__('None')."</div>"; print "</div></div>"; - + print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">". - __('Create filter')."</button> "; + __('Create filter')."</button> "; print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">". __('Edit')."</button> "; @@ -412,7 +420,7 @@ if (defined('_ENABLE_FEED_DEBUGGING')) { print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">". - __('Rescore articles')."</button> "; + __('Rescore articles')."</button> "; } print "</div>"; # toolbar @@ -423,14 +431,14 @@ <img src='images/indicator_tiny.gif'>". __("Loading, please wait...")."</div>"; - print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\" + print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\" url=\"backend.php?op=pref-filters&subop=getfiltertree\"> </div> <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\" query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\" childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\"> </div> - <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" + <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" model=\"filterModel\" openOnClick=\"true\"> <script type=\"dojo/method\" event=\"onLoad\" args=\"item\"> Element.hide(\"filterlistLoading\"); @@ -441,7 +449,7 @@ if (id.match('FILTER:')) { editFilter(bare_id); - } + } </script> </div>"; |