diff options
| author | Andrew Dolgov <[email protected]> | 2017-12-02 13:28:13 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-12-02 13:28:13 +0300 |
| commit | f594717d18a89c189559d6da72253e769bce2656 (patch) | |
| tree | 86b292fd4a04e5ce95caa63cc8d75b7e2eab6cfc /classes/pref/filters.php | |
| parent | 21295a52aad20ec621d3f2cd633bf841bd972953 (diff) | |
filters: use PDO
Diffstat (limited to 'classes/pref/filters.php')
| -rwxr-xr-x | classes/pref/filters.php | 600 |
1 files changed, 313 insertions, 287 deletions
diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 6ea233cb6..7049630b1 100755 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -9,8 +9,9 @@ class Pref_Filters extends Handler_Protected { } function filtersortreset() { - $this->dbh->query("UPDATE ttrss_filters2 - SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_filters2 + SET order_id = 0 WHERE owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); return; } @@ -26,15 +27,16 @@ class Pref_Filters extends Handler_Protected { $index = 0; if (is_array($data) && is_array($data['items'])) { + + $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET + order_id = ? WHERE id = ? AND + owner_uid = ?"); + foreach ($data['items'][0]['items'] as $item) { $filter_id = (int) str_replace("FILTER:", "", $item['_reference']); if ($filter_id > 0) { - - $this->dbh->query("UPDATE ttrss_filters2 SET - order_id = $index WHERE id = '$filter_id' AND - owner_uid = " .$_SESSION["uid"]); - + $sth->execute([$index, $filter_id, $_SESSION['uid']]); ++$index; } } @@ -44,24 +46,24 @@ class Pref_Filters extends Handler_Protected { } function testFilterDo() { - $offset = (int) db_escape_string($_REQUEST["offset"]); - $limit = (int) db_escape_string($_REQUEST["limit"]); + $offset = (int) $_REQUEST["offset"]; + $limit = (int) $_REQUEST["limit"]; $filter = array(); $filter["enabled"] = true; $filter["match_any_rule"] = sql_bool_to_bool( - checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]))); + checkbox_to_sql_bool($_REQUEST["match_any_rule"])); $filter["inverse"] = sql_bool_to_bool( - checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]))); + checkbox_to_sql_bool($_REQUEST["inverse"])); $filter["rules"] = array(); $filter["actions"] = array("dummy-action"); - $result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types"); + $res = $this->pdo->query("SELECT id,name FROM ttrss_filter_types"); $filter_types = array(); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $res->fetch()) { $filter_types[$line["id"]] = $line["name"]; } @@ -80,9 +82,9 @@ class Pref_Filters extends Handler_Protected { if (strpos($feed_id, "CAT:") === 0) { $cat_id = (int) substr($feed_id, 4); - array_push($scope_inner_qparts, "cat_id = " . $cat_id); + array_push($scope_inner_qparts, "cat_id = " . $this->pdo->quote($cat_id)); } else if ($feed_id > 0) { - array_push($scope_inner_qparts, "feed_id = " . $feed_id); + array_push($scope_inner_qparts, "feed_id = " . $this->pdo->quote($feed_id)); } } @@ -109,7 +111,7 @@ class Pref_Filters extends Handler_Protected { //while ($found < $limit && $offset < $limit * 1000 && time() - $started < ini_get("max_execution_time") * 0.7) { - $result = db_query("SELECT ttrss_entries.id, + $sth = $this->pdo->prepare("SELECT ttrss_entries.id, ttrss_entries.title, ttrss_feeds.id AS feed_id, ttrss_feeds.title AS feed_title, @@ -126,10 +128,12 @@ class Pref_Filters extends Handler_Protected { WHERE ref_id = ttrss_entries.id AND ($scope_qpart) AND - ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . " - ORDER BY date_entered DESC LIMIT $limit OFFSET $offset"); + ttrss_user_entries.owner_uid = ? + ORDER BY date_entered DESC LIMIT ?OFFSET ?"); - while ($line = db_fetch_assoc($result)) { + $sth->execute([$_SESSION['uid'], $limit, $offset]);; + + while ($line = $sth->fetch()) { $rc = RSSUtils::get_article_filters(array($filter), $line['title'], $line['content'], $line['link'], $line['author'], explode(",", $line['tag_cache'])); @@ -209,7 +213,7 @@ class Pref_Filters extends Handler_Protected { } private function getfilterrules_concise($filter_id) { - $result = $this->dbh->query("SELECT reg_exp, + $sth = $this->pdo->prepare("SELECT reg_exp, inverse, match_on, feed_id, @@ -219,12 +223,13 @@ class Pref_Filters extends Handler_Protected { FROM ttrss_filters2_rules, ttrss_filter_types WHERE - filter_id = '$filter_id' AND filter_type = ttrss_filter_types.id + filter_id = ? AND filter_type = ttrss_filter_types.id ORDER BY reg_exp"); + $sth->execute([$filter_id]); $rv = ""; - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { if ($line["match_on"]) { $feeds = json_decode($line["match_on"], true); @@ -275,7 +280,7 @@ class Pref_Filters extends Handler_Protected { $filter_search = $_SESSION["prefs_filter_search"]; - $result = $this->dbh->query("SELECT *, + $sth = $this->pdo->prepare("SELECT *, (SELECT action_param FROM ttrss_filters2_actions WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param, (SELECT action_id FROM ttrss_filters2_actions @@ -286,22 +291,23 @@ class Pref_Filters extends Handler_Protected { (SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS reg_exp FROM ttrss_filters2 WHERE - owner_uid = ".$_SESSION["uid"]." ORDER BY order_id, title"); - + owner_uid = ? ORDER BY order_id, title"); + $sth->execute([$_SESSION['uid']]); $folder = array(); $folder['items'] = array(); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { $name = $this->getFilterName($line["id"]); $match_ok = false; if ($filter_search) { - $rules_result = $this->dbh->query( - "SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]); + $rules_sth = $this->pdo->prepare("SELECT reg_exp + FROM ttrss_filters2_rules WHERE filter_id = ?"); + $rules_sth->execute([$line['id']]); - while ($rule_line = $this->dbh->fetch_assoc($rules_result)) { + while ($rule_line = $rules_sth->fetch()) { if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) { $match_ok = true; break; @@ -310,13 +316,14 @@ class Pref_Filters extends Handler_Protected { } if ($line['action_id'] == 7) { - $label_result = $this->dbh->query("SELECT fg_color, bg_color - FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND - owner_uid = " . $_SESSION["uid"]); + $label_sth = $this->pdo->prepare("SELECT fg_color, bg_color + FROM ttrss_labels2 WHERE caption = ? AND + owner_uid = ?"); + $label_sth->execute([$line['action_param'], $_SESSION['uid']]); - if ($this->dbh->num_rows($label_result) > 0) { - $fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color"); - $bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color"); + if ($label_row = $label_sth->fetch()) { + $fg_color = $label_row["fg_color"]; + $bg_color = $label_row["bg_color"]; $name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>α</span>" . $name[1]; } @@ -336,10 +343,6 @@ class Pref_Filters extends Handler_Protected { } } - /* if (count($folder['items']) > 0) { - array_push($root['items'], $folder); - } */ - $root['items'] = $folder['items']; $fl = array(); @@ -353,175 +356,182 @@ class Pref_Filters extends Handler_Protected { function edit() { - $filter_id = $this->dbh->escape_string($_REQUEST["id"]); + $filter_id = $_REQUEST["id"]; - $result = $this->dbh->query( - "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2 + WHERE id = ? AND owner_uid = ?"); + $sth->execute([$filter_id, $_SESSION['uid']]); - $enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled")); - $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule")); - $inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse")); - $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title")); + if ($row = $sth->fetch()) { - print "<form id=\"filter_edit_form\" onsubmit='return false'>"; + $enabled = sql_bool_to_bool($row["enabled"]); + $match_any_rule = sql_bool_to_bool($row["match_any_rule"]); + $inverse = sql_bool_to_bool($row["inverse"]); + $title = htmlspecialchars($row["title"]); - print_hidden("op", "pref-filters"); - print_hidden("id", "$filter_id"); - print_hidden("method", "editSave"); - print_hidden("csrf_token", $_SESSION['csrf_token']); + print "<form id=\"filter_edit_form\" onsubmit='return false'>"; - print "<div class=\"dlgSec\">".__("Caption")."</div>"; + print_hidden("op", "pref-filters"); + print_hidden("id", "$filter_id"); + print_hidden("method", "editSave"); + print_hidden("csrf_token", $_SESSION['csrf_token']); - print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">"; + print "<div class=\"dlgSec\">".__("Caption")."</div>"; - print "</div>"; + print "<input required=\"true\" dojoType=\"dijit.form.ValidationTextBox\" style=\"width : 20em;\" name=\"title\" value=\"$title\">"; - print "<div class=\"dlgSec\">".__("Match")."</div>"; + print "</div>"; - print "<div dojoType=\"dijit.Toolbar\">"; + print "<div class=\"dlgSec\">".__("Match")."</div>"; - print "<div dojoType=\"dijit.form.DropDownButton\">". + print "<div dojoType=\"dijit.Toolbar\">"; + + print "<div dojoType=\"dijit.form.DropDownButton\">". "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\" + print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; + print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(true)\" dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\" + print "<div onclick=\"dijit.byId('filterEditDlg').selectRules(false)\" dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; + print "</div></div>"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">". - __('Add')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addRule()\">". + __('Add')."</button> "; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">". - __('Delete')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteRule()\">". + __('Delete')."</button> "; - print "</div>"; + print "</div>"; - print "<ul id='filterDlg_Matches'>"; + print "<ul id='filterDlg_Matches'>"; - $rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules - WHERE filter_id = '$filter_id' ORDER BY reg_exp, id"); + $rules_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules + WHERE filter_id = ? ORDER BY reg_exp, id"); + $rules_sth->execute([$filter_id]); - while ($line = $this->dbh->fetch_assoc($rules_result)) { - if ($line["match_on"]) { - $line["feed_id"] = json_decode($line["match_on"], true); - } else { - if (sql_bool_to_bool($line["cat_filter"])) { - $feed_id = "CAT:" . (int)$line["cat_id"]; - } else { - $feed_id = (int)$line["feed_id"]; - } + while ($line = $rules_sth->fetch()) { + if ($line["match_on"]) { + $line["feed_id"] = json_decode($line["match_on"], true); + } else { + if (sql_bool_to_bool($line["cat_filter"])) { + $feed_id = "CAT:" . (int)$line["cat_id"]; + } else { + $feed_id = (int)$line["feed_id"]; + } - $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array() - } + $line["feed_id"] = ["" . $feed_id]; // set item type to string for in_array() + } - unset($line["cat_filter"]); - unset($line["cat_id"]); - unset($line["filter_id"]); - unset($line["id"]); - if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); - unset($line["match_on"]); + unset($line["cat_filter"]); + unset($line["cat_id"]); + unset($line["filter_id"]); + unset($line["id"]); + if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); + unset($line["match_on"]); - $data = htmlspecialchars(json_encode($line)); + $data = htmlspecialchars(json_encode($line)); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". - "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>". - "<input type='hidden' name='rule[]' value=\"$data\"/></li>"; - } + print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". + "<span onclick=\"dijit.byId('filterEditDlg').editRule(this)\">".$this->getRuleName($line)."</span>". + "<input type='hidden' name='rule[]' value=\"$data\"/></li>"; + } - print "</ul>"; + print "</ul>"; - print "</div>"; + print "</div>"; - print "<div class=\"dlgSec\">".__("Apply actions")."</div>"; + print "<div class=\"dlgSec\">".__("Apply actions")."</div>"; - print "<div dojoType=\"dijit.Toolbar\">"; + print "<div dojoType=\"dijit.Toolbar\">"; - print "<div dojoType=\"dijit.form.DropDownButton\">". + print "<div dojoType=\"dijit.form.DropDownButton\">". "<span>" . __('Select')."</span>"; - print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; - print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\" + print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; + print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(true)\" dojoType=\"dijit.MenuItem\">".__('All')."</div>"; - print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\" + print "<div onclick=\"dijit.byId('filterEditDlg').selectActions(false)\" dojoType=\"dijit.MenuItem\">".__('None')."</div>"; - print "</div></div>"; + print "</div></div>"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">". - __('Add')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').addAction()\">". + __('Add')."</button> "; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">". - __('Delete')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').deleteAction()\">". + __('Delete')."</button> "; - print "</div>"; + print "</div>"; - print "<ul id='filterDlg_Actions'>"; + print "<ul id='filterDlg_Actions'>"; - $actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions - WHERE filter_id = '$filter_id' ORDER BY id"); + $actions_sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions + WHERE filter_id = ? ORDER BY id"); + $actions_sth->execute([$filter_id]); - while ($line = $this->dbh->fetch_assoc($actions_result)) { - $line["action_param_label"] = $line["action_param"]; + while ($line = $actions_sth->fetch()) { + $line["action_param_label"] = $line["action_param"]; - unset($line["filter_id"]); - unset($line["id"]); + unset($line["filter_id"]); + unset($line["id"]); - $data = htmlspecialchars(json_encode($line)); + $data = htmlspecialchars(json_encode($line)); - print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". - "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>". - "<input type='hidden' name='action[]' value=\"$data\"/></li>"; - } + print "<li><input dojoType='dijit.form.CheckBox' type='checkbox' onclick='toggleSelectListRow2(this)'>". + "<span onclick=\"dijit.byId('filterEditDlg').editAction(this)\">".$this->getActionName($line)."</span>". + "<input type='hidden' name='action[]' value=\"$data\"/></li>"; + } - print "</ul>"; + print "</ul>"; - print "</div>"; + print "</div>"; - if ($enabled) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($enabled) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked> + print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked> <label for=\"enabled\">".__('Enabled')."</label>"; - if ($match_any_rule) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($match_any_rule) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked> + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked> <label for=\"match_any_rule\">".__('Match any rule')."</label>"; - if ($inverse) { - $checked = "checked=\"1\""; - } else { - $checked = ""; - } + if ($inverse) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } - print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked> + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked> <label for=\"inverse\">".__('Inverse matching')."</label>"; - print "<p/>"; + print "<p/>"; - print "<div class=\"dlgButtons\">"; + print "<div class=\"dlgButtons\">"; - print "<div style=\"float : left\">"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">". - __('Remove')."</button>"; - print "</div>"; + print "<div style=\"float : left\">"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">". + __('Remove')."</button>"; + print "</div>"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">". - __('Test')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">". + __('Test')."</button> "; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">". - __('Save')."</button> "; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">". + __('Save')."</button> "; - print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">". - __('Cancel')."</button>"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">". + __('Cancel')."</button>"; - print "</div>"; + print "</div>"; + + } } private function getRuleName($rule) { @@ -547,9 +557,15 @@ class Pref_Filters extends Handler_Protected { $feed = implode(", ", $feeds_fmt); - $result = $this->dbh->query("SELECT description FROM ttrss_filter_types - WHERE id = ".(int)$rule["filter_type"]); - $filter_type = $this->dbh->fetch_result($result, 0, "description"); + $sth = $this->pdo->prepare("SELECT description FROM ttrss_filter_types + WHERE id = ?"); + $sth->execute([(int)$rule["filter_type"]]); + + if ($row = $sth->fetch()) { + $filter_type = $row["description"]; + } else { + $filter_type = "?UNKNOWN?"; + } $inverse = isset($rule["inverse"]) ? "inverse" : ""; @@ -563,25 +579,31 @@ class Pref_Filters extends Handler_Protected { } private function getActionName($action) { - $result = $this->dbh->query("SELECT description FROM - ttrss_filter_actions WHERE id = " .(int)$action["action_id"]); + $sth = $this->pdo->prepare("SELECT description FROM + ttrss_filter_actions WHERE id = ?"); + $sth->execute([(int)$action["action_id"]]); + + $title = ""; + + if ($row = $sth->fetch()) { - $title = __($this->dbh->fetch_result($result, 0, "description")); + $title = __($row["description"]); - if ($action["action_id"] == 4 || $action["action_id"] == 6 || - $action["action_id"] == 7) + if ($action["action_id"] == 4 || $action["action_id"] == 6 || + $action["action_id"] == 7) $title .= ": " . $action["action_param"]; - if ($action["action_id"] == 9) { - list ($pfclass, $pfaction) = explode(":", $action["action_param"]); + if ($action["action_id"] == 9) { + list ($pfclass, $pfaction) = explode(":", $action["action_param"]); - $filter_actions = PluginHost::getInstance()->get_filter_actions(); + $filter_actions = PluginHost::getInstance()->get_filter_actions(); - foreach ($filter_actions as $fclass => $factions) { - foreach ($factions as $faction) { - if ($pfaction == $faction["action"] && $pfclass == $fclass) { - $title .= ": " . $fclass . ": " . $faction["description"]; - break; + foreach ($filter_actions as $fclass => $factions) { + foreach ($factions as $faction) { + if ($pfaction == $faction["action"] && $pfclass == $fclass) { + $title .= ": " . $fclass . ": " . $faction["description"]; + break; + } } } } @@ -599,39 +621,49 @@ class Pref_Filters extends Handler_Protected { return $this->testFilter(); } -# print_r($_REQUEST); + $filter_id = $_REQUEST["id"]; + $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); + $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); + $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]); + $title = $_REQUEST["title"]; - $filter_id = $this->dbh->escape_string($_REQUEST["id"]); - $enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"])); - $match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])); - $inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])); - $title = $this->dbh->escape_string($_REQUEST["title"]); + $this->pdo->beginTransaction(); - $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled, - match_any_rule = $match_any_rule, - inverse = $inverse, - title = '$title' - WHERE id = '$filter_id' - AND owner_uid = ". $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET enabled = ?, + match_any_rule = ?, + inverse = ?, + title = ? + WHERE id = ? AND owner_uid = ?"); + + $sth->execute([$enabled, $match_any_rule, $inverse, $title, $filter_id, $_SESSION['uid']]); $this->saveRulesAndActions($filter_id); + $this->pdo->commit(); } function remove() { - $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); + $ids = explode(",", $_REQUEST["ids"]); + $ids_qmarks = arr_qmarks($ids); - foreach ($ids as $id) { - $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); - } + $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks) + AND owner_uid = ?"); + $sth->execute(array_merge($ids, [$_SESSION['uid']])); } - private function saveRulesAndActions($filter_id) { + private function saveRulesAndActions($filter_id) + { - $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'"); - $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'"); + $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_rules WHERE filter_id = ?"); + $sth->execute([$filter_id]); + $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2_actions WHERE filter_id = ?"); + $sth->execute([$filter_id]); + + if (!is_array($_REQUEST["rule"])) $_REQUEST["rule"] = []; + if (!is_array($_REQUEST["action"])) $_REQUEST["action"] = []; + if ($filter_id) { /* create rules */ @@ -656,63 +688,46 @@ class Pref_Filters extends Handler_Protected { } } + $rsth = $this->pdo->prepare("INSERT INTO ttrss_filters2_rules + (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES + (?, ?, ?, NULL, NULL, ?, ?)"); + foreach ($rules as $rule) { if ($rule) { - $reg_exp = $this->dbh->escape_string(trim($rule["reg_exp"]), false); + $reg_exp = trim($rule["reg_exp"]); $inverse = isset($rule["inverse"]) ? "true" : "false"; - $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"])); - $match_on = $this->dbh->escape_string(json_encode($rule["feed_id"])); - - /*if (strpos($feed_id, "CAT:") === 0) { - - $cat_filter = bool_to_sql_bool(true); - $cat_id = (int) substr($feed_id, 4); - $feed_id = "NULL"; + $filter_type = (int)trim($rule["filter_type"]); + $match_on = json_encode($rule["feed_id"]); - if (!$cat_id) $cat_id = "NULL"; // Uncategorized - } else { - $cat_filter = bool_to_sql_bool(false); - $feed_id = (int) $feed_id; - $cat_id = "NULL"; - - if (!$feed_id) $feed_id = "NULL"; // Uncategorized - }*/ - - $query = "INSERT INTO ttrss_filters2_rules - (filter_id, reg_exp,filter_type,feed_id,cat_id,match_on,inverse) VALUES - ('$filter_id', '$reg_exp', '$filter_type', NULL, NULL, '$match_on', $inverse)"; - - $this->dbh->query($query); + $rsth->execute([$filter_id, $reg_exp, $filter_type, $match_on, $inverse]); } } + $asth = $this->pdo->prepare("INSERT INTO ttrss_filters2_actions + (filter_id, action_id, action_param) VALUES + (?, ?, ?)"); + foreach ($actions as $action) { if ($action) { - $action_id = (int) $this->dbh->escape_string($action["action_id"]); - $action_param = $this->dbh->escape_string($action["action_param"]); - $action_param_label = $this->dbh->escape_string($action["action_param_label"]); + $action_id = (int)$action["action_id"]; + $action_param = $action["action_param"]; + $action_param_label = $action["action_param_label"]; if ($action_id == 7) { $action_param = $action_param_label; } if ($action_id == 6) { - $action_param = (int) str_replace("+", "", $action_param); + $action_param = (int)str_replace("+", "", $action_param); } - $query = "INSERT INTO ttrss_filters2_actions - (filter_id, action_id, action_param) VALUES - ('$filter_id', '$action_id', '$action_param')"; - - $this->dbh->query($query); + $asth->execute([$filter_id, $action_id, $action_param]); } } } - - } function add() { @@ -720,40 +735,42 @@ class Pref_Filters extends Handler_Protected { return $this->testFilter(); } -# print_r($_REQUEST); - $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); - $title = $this->dbh->escape_string($_REQUEST["title"]); + $title = $_REQUEST["title"]; $inverse = checkbox_to_sql_bool($_REQUEST["inverse"]); - $this->dbh->query("BEGIN"); + $this->pdo->beginTransaction(); /* create base filter */ - $result = $this->dbh->query("INSERT INTO ttrss_filters2 + $sth = $this->pdo->prepare("INSERT INTO ttrss_filters2 (owner_uid, match_any_rule, enabled, title, inverse) VALUES - (".$_SESSION["uid"].",$match_any_rule,$enabled, '$title', $inverse)"); + (?, ?, ?, ?, ?)"); - $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2 - WHERE owner_uid = ".$_SESSION["uid"]); + $sth->execute([$_SESSION['uid'], $match_any_rule, $enabled, $title, $inverse]); - $filter_id = $this->dbh->fetch_result($result, 0, "id"); + $sth = $this->pdo->prepare("SELECT MAX(id) AS id FROM ttrss_filters2 + WHERE owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); - $this->saveRulesAndActions($filter_id); + if ($row = $sth->fetch()) { + $filter_id = $row['id']; + $this->saveRulesAndActions($filter_id); + } - $this->dbh->query("COMMIT"); + $this->pdo->commit(); } function index() { - $sort = $this->dbh->escape_string($_REQUEST["sort"]); + $sort = $_REQUEST["sort"]; if (!$sort || $sort == "undefined") { $sort = "reg_exp"; } - $filter_search = $this->dbh->escape_string($_REQUEST["search"]); + $filter_search = $_REQUEST["search"]; if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -765,7 +782,7 @@ class Pref_Filters extends Handler_Protected { print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; - $filter_search = $this->dbh->escape_string($_REQUEST["search"]); + $filter_search = $_REQUEST["search"]; if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -960,21 +977,14 @@ class Pref_Filters extends Handler_Protected { $inverse_checked = ""; } - /*if (strpos($feed_id, "CAT:") === 0) { - $feed_id = substr($feed_id, 4); - $cat_filter = true; - } else { - $cat_filter = false; - }*/ - print "<form name='filter_new_rule_form' id='filter_new_rule_form'>"; - $result = $this->dbh->query("SELECT id,description + $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); $filter_types = array(); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $res->fetch()) { $filter_types[$line["id"]] = __($line["description"]); } @@ -1030,7 +1040,7 @@ class Pref_Filters extends Handler_Protected { $action = json_decode($_REQUEST["action"], true); if ($action) { - $action_param = $this->dbh->escape_string($action["action_param"]); + $action_param = $action["action_param"]; $action_id = (int)$action["action_id"]; } else { $action_param = ""; @@ -1046,10 +1056,10 @@ class Pref_Filters extends Handler_Protected { print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" onchange=\"filterDlgCheckAction(this)\">"; - $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions + $res = $this->pdo->query("SELECT id,description FROM ttrss_filter_actions ORDER BY name"); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $res->fetch()) { $is_selected = ($line["id"] == $action_id) ? "selected='1'" : ""; printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"])); } @@ -1121,60 +1131,72 @@ class Pref_Filters extends Handler_Protected { private function getFilterName($id) { - $result = $this->dbh->query( + $sth = $this->pdo->prepare( "SELECT title,match_any_rule,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r ON (r.filter_id = f.id) LEFT JOIN ttrss_filters2_actions AS a - ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title, f.match_any_rule"); + ON (a.filter_id = f.id) WHERE f.id = ? GROUP BY f.title, f.match_any_rule"); + $sth->execute([$id]); - $title = $this->dbh->fetch_result($result, 0, "title"); - $num_rules = $this->dbh->fetch_result($result, 0, "num_rules"); - $num_actions = $this->dbh->fetch_result($result, 0, "num_actions"); - $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule")); + if ($row = $sth->fetch()) { - if (!$title) $title = __("[No caption]"); + $title = $row["title"]; + $num_rules = $row["num_rules"]; + $num_actions = $row["num_actions"]; + $match_any_rule = sql_bool_to_bool($row["match_any_rule"]); - $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules); + if (!$title) $title = __("[No caption]"); + $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", (int) $num_rules), $title, $num_rules); - $result = $this->dbh->query( - "SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1"); + $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions + WHERE filter_id = ? ORDER BY id LIMIT 1"); + $sth->execute([$id]); - $actions = ""; + $actions = ""; - if ($this->dbh->num_rows($result) > 0) { - $line = $this->dbh->fetch_assoc($result); - $actions = $this->getActionName($line); + if ($line = $sth->fetch()) { + $actions = $this->getActionName($line); - $num_actions -= 1; - } + $num_actions -= 1; + } + + if ($match_any_rule) $title .= " (" . __("matches any rule") . ")"; - if ($match_any_rule) $title .= " (" . __("matches any rule") . ")"; + if ($num_actions > 0) + $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions); - if ($num_actions > 0) - $actions = sprintf(_ngettext("%s (+%d action)", "%s (+%d actions)", (int) $num_actions), $actions, $num_actions); + return [$title, $actions]; + } - return array($title, $actions); + return []; } function join() { - $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); + $ids = explode(",", $_REQUEST["ids"]); if (count($ids) > 1) { $base_id = array_shift($ids); - $ids_str = join(",", $ids); + $ids_qmarks = arr_qmarks($ids); - $this->dbh->query("BEGIN"); - $this->dbh->query("UPDATE ttrss_filters2_rules - SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); - $this->dbh->query("UPDATE ttrss_filters2_actions - SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); + $this->pdo->beginTransaction(); - $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)"); - $this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'"); + $sth = $this->pdo->prepare("UPDATE ttrss_filters2_rules + SET filter_id = ? WHERE filter_id IN ($ids_qmarks)"); + $sth->execute(array_merge([$base_id], $ids)); - $this->dbh->query("COMMIT"); + $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions + SET filter_id = ? WHERE filter_id IN ($ids_qmarks)"); + $sth->execute(array_merge([$base_id], $ids)); + + $sth = $this->pdo->prepare("DELETE FROM ttrss_filters2 WHERE id IN ($ids_qmarks)"); + $sth->execute($ids); + + $sth = $this->pdo->prepare("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = ?"); + $sth->execute([$base_id]); + + $this->pdo->commit(); $this->optimizeFilter($base_id); @@ -1182,14 +1204,17 @@ class Pref_Filters extends Handler_Protected { } private function optimizeFilter($id) { - $this->dbh->query("BEGIN"); - $result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions - WHERE filter_id = '$id'"); + + $this->pdo->beginTransaction(); + + $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_actions + WHERE filter_id = ?"); + $sth->execute([$id]); $tmp = array(); $dupe_ids = array(); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { $id = $line["id"]; unset($line["id"]); @@ -1202,17 +1227,18 @@ class Pref_Filters extends Handler_Protected { if (count($dupe_ids) > 0) { $ids_str = join(",", $dupe_ids); - $this->dbh->query("DELETE FROM ttrss_filters2_actions - WHERE id IN ($ids_str)"); + + $this->pdo->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)"); } - $result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules - WHERE filter_id = '$id'"); + $sth = $this->pdo->prepare("SELECT * FROM ttrss_filters2_rules + WHERE filter_id = ?"); + $sth->execute([$id]); $tmp = array(); $dupe_ids = array(); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { $id = $line["id"]; unset($line["id"]); @@ -1225,10 +1251,10 @@ class Pref_Filters extends Handler_Protected { if (count($dupe_ids) > 0) { $ids_str = join(",", $dupe_ids); - $this->dbh->query("DELETE FROM ttrss_filters2_rules - WHERE id IN ($ids_str)"); + + $this->pdo->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)"); } - $this->dbh->query("COMMIT"); + $this->pdo->commit(); } }
\ No newline at end of file |