diff options
author | Andrew Dolgov <[email protected]> | 2017-12-02 12:45:33 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-12-02 12:45:33 +0300 |
commit | 21295a52aad20ec621d3f2cd633bf841bd972953 (patch) | |
tree | 7c0f9bcf101002a4cc73235c214526bb331ec00d /classes/pref/labels.php | |
parent | c2418a559bcf8fd52391d2a3ee97d1d858fb5c4d (diff) |
labels: PDO
Diffstat (limited to 'classes/pref/labels.php')
-rw-r--r-- | classes/pref/labels.php | 188 |
1 files changed, 98 insertions, 90 deletions
diff --git a/classes/pref/labels.php b/classes/pref/labels.php index 5720a1f4b..8f1f70be9 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -8,80 +8,80 @@ class Pref_Labels extends Handler_Protected { } function edit() { - $label_id = $this->dbh->escape_string($_REQUEST['id']); + $label_id = $_REQUEST['id']; - $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE - id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE + id = ? AND owner_uid = ?"); + $sth->execute([$label_id, $_SESSION['uid']]); - $line = $this->dbh->fetch_assoc($result); + if ($line = $sth->fetch()) { - print_hidden("id", "$label_id"); - print_hidden("op", "pref-labels"); - print_hidden("method", "save"); + print_hidden("id", "$label_id"); + print_hidden("op", "pref-labels"); + print_hidden("method", "save"); - print "<div class=\"dlgSec\">".__("Caption")."</div>"; + print "<div class=\"dlgSec\">".__("Caption")."</div>"; - print "<div class=\"dlgSecCont\">"; + print "<div class=\"dlgSecCont\">"; - $fg_color = $line['fg_color']; - $bg_color = $line['bg_color']; + $fg_color = $line['fg_color']; + $bg_color = $line['bg_color']; - print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>"; + print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>α</span>"; - print "<input style=\"font-size : 16px\" name=\"caption\" + print "<input style=\"font-size : 16px\" name=\"caption\" dojoType=\"dijit.form.ValidationTextBox\" required=\"true\" value=\"".htmlspecialchars($line['caption'])."\">"; - print "</div>"; - print "<div class=\"dlgSec\">" . __("Colors") . "</div>"; - print "<div class=\"dlgSecCont\">"; + print "</div>"; + print "<div class=\"dlgSec\">" . __("Colors") . "</div>"; + print "<div class=\"dlgSecCont\">"; - print "<table cellspacing=\"0\">"; + print "<table cellspacing=\"0\">"; - print "<tr><td>".__("Foreground:")."</td><td>".__("Background:"). - "</td></tr>"; + print "<tr><td>".__("Foreground:")."</td><td>".__("Background:"). + "</td></tr>"; - print "<tr><td style='padding-right : 10px'>"; + print "<tr><td style='padding-right : 10px'>"; - print "<input dojoType=\"dijit.form.TextBox\" + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" id=\"labelEdit_fgColor\" name=\"fg_color\" value=\"$fg_color\">"; - print "<input dojoType=\"dijit.form.TextBox\" + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" id=\"labelEdit_bgColor\" name=\"bg_color\" value=\"$bg_color\">"; - print "<div dojoType=\"dijit.ColorPalette\"> + print "<div dojoType=\"dijit.ColorPalette\"> <script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\"> dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color); $('label-editor-indicator').setStyle({color: fg_color}); </script> - </div>"; - print "</div>"; + </div>"; + print "</div>"; - print "</td><td>"; + print "</td><td>"; - print "<div dojoType=\"dijit.ColorPalette\"> + print "<div dojoType=\"dijit.ColorPalette\"> <script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\"> dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color); $('label-editor-indicator').setStyle({backgroundColor: bg_color}); </script> - </div>"; - print "</div>"; + </div>"; + print "</div>"; - print "</td></tr></table>"; - print "</div>"; + print "</td></tr></table>"; + print "</div>"; # print "</form>"; - print "<div class=\"dlgButtons\">"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">". - __('Save')."</button>"; - print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">". - __('Cancel')."</button>"; - print "</div>"; - - return; + print "<div class=\"dlgButtons\">"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">". + __('Save')."</button>"; + print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">". + __('Cancel')."</button>"; + print "</div>"; + } } function getlabeltree() { @@ -90,12 +90,13 @@ class Pref_Labels extends Handler_Protected { $root['name'] = __('Labels'); $root['items'] = array(); - $result = $this->dbh->query("SELECT * + $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 - WHERE owner_uid = ".$_SESSION["uid"]." + WHERE owner_uid = ? ORDER BY caption"); + $sth->execute([$_SESSION['uid']]); - while ($line = $this->dbh->fetch_assoc($result)) { + while ($line = $sth->fetch()) { $label = array(); $label['id'] = 'LABEL:' . $line['id']; $label['bare_id'] = $line['id']; @@ -118,84 +119,92 @@ class Pref_Labels extends Handler_Protected { } function colorset() { - $kind = $this->dbh->escape_string($_REQUEST["kind"]); - $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); - $color = $this->dbh->escape_string($_REQUEST["color"]); - $fg = $this->dbh->escape_string($_REQUEST["fg"]); - $bg = $this->dbh->escape_string($_REQUEST["bg"]); + $kind = $_REQUEST["kind"]; + $ids = explode(',', $_REQUEST["ids"]); + $color = $_REQUEST["color"]; + $fg = $_REQUEST["fg"]; + $bg = $_REQUEST["bg"]; foreach ($ids as $id) { if ($kind == "fg" || $kind == "bg") { - $this->dbh->query("UPDATE ttrss_labels2 SET - ${kind}_color = '$color' WHERE id = '$id' - AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET + ${kind}_color = ? WHERE id = ? + AND owner_uid = ?"); + + $sth->execute([$color, $id, $_SESSION['uid']]); + } else { - $this->dbh->query("UPDATE ttrss_labels2 SET - fg_color = '$fg', bg_color = '$bg' WHERE id = '$id' - AND owner_uid = " . $_SESSION["uid"]); + + $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET + fg_color = ?, bg_color = ? WHERE id = ? + AND owner_uid = ?"); + + $sth->execute([$fg, $bg, $id, $_SESSION['uid']]); } - $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); + $caption = Labels::find_caption($id, $_SESSION["uid"]); /* Remove cached data */ - $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' - WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); - + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = '' + WHERE label_cache LIKE ? AND owner_uid = ?"); + $sth->execute(["%$caption%", $_SESSION['uid']]); } - - return; } function colorreset() { - $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); + $ids = explode(',', $_REQUEST["ids"]); foreach ($ids as $id) { - $this->dbh->query("UPDATE ttrss_labels2 SET - fg_color = '', bg_color = '' WHERE id = '$id' - AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET + fg_color = '', bg_color = '' WHERE id = ? + AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); - $caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); + $caption = Labels::find_caption($id, $_SESSION["uid"]); /* Remove cached data */ - $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' - WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = '' + WHERE label_cache LIKE ? AND owner_uid = ?"); + $sth->execute(["%$caption%", $_SESSION['uid']]); } - } function save() { - $id = $this->dbh->escape_string($_REQUEST["id"]); - $caption = $this->dbh->escape_string(trim($_REQUEST["caption"])); + $id = $_REQUEST["id"]; + $caption = trim($_REQUEST["caption"]); - $this->dbh->query("BEGIN"); + $this->pdo->beginTransaction(); - $result = $this->dbh->query("SELECT caption FROM ttrss_labels2 - WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2 + WHERE id = ? AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); - if ($this->dbh->num_rows($result) != 0) { - $old_caption = $this->dbh->fetch_result($result, 0, "caption"); + if ($row = $sth->fetch()) { + $old_caption = $row["caption"]; - $result = $this->dbh->query("SELECT id FROM ttrss_labels2 - WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]); + $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2 + WHERE caption = ? AND owner_uid = ?"); + $sth->execute([$caption, $_SESSION['uid']]); - if ($this->dbh->num_rows($result) == 0) { + if (!$sth->fetch()) { if ($caption) { - $result = $this->dbh->query("UPDATE ttrss_labels2 SET - caption = '$caption' WHERE id = '$id' AND - owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET + caption = ? WHERE id = ? AND + owner_uid = ?"); + $sth->execute([$caption, $id, $_SESSION['uid']]); /* Update filters that reference label being renamed */ - $old_caption = $this->dbh->escape_string($old_caption); - - $this->dbh->query("UPDATE ttrss_filters2_actions SET - action_param = '$caption' WHERE action_param = '$old_caption' + $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET + action_param = ? WHERE action_param = ? AND action_id = 7 - AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")"); + AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)"); + + $sth->execute([$caption, $old_caption, $_SESSION['uid']]); print $_REQUEST["value"]; } else { @@ -206,14 +215,13 @@ class Pref_Labels extends Handler_Protected { } } - $this->dbh->query("COMMIT"); + $this->pdo->commit(); - return; } function remove() { - $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); + $ids = explode(",", $_REQUEST["ids"]); foreach ($ids as $id) { Labels::remove($id, $_SESSION["uid"]); @@ -222,8 +230,8 @@ class Pref_Labels extends Handler_Protected { } function add() { - $caption = $this->dbh->escape_string($_REQUEST["caption"]); - $output = $this->dbh->escape_string($_REQUEST["output"]); + $caption = $_REQUEST["caption"]; + $output = $_REQUEST["output"]; if ($caption) { |