diff options
| author | Andrew Dolgov <[email protected]> | 2013-05-07 15:36:14 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2013-05-07 15:36:14 +0400 |
| commit | 82076ce53113be9cc053f8740356e7e1b81e5643 (patch) | |
| tree | 5eba36805f593ec7dd0aad671b5bcca0ae01cf53 /classes/pref | |
| parent | 66af65f14b4f3c670bb3f9ca7b1c80081f9281d1 (diff) | |
| parent | 23923fb29b345c1eea5b70a6df4d30395425bf37 (diff) | |
Merge branch 'master' into css-feedtree-counter
Conflicts:
tt-rss.css
Diffstat (limited to 'classes/pref')
| -rw-r--r-- | classes/pref/feeds.php | 465 | ||||
| -rw-r--r-- | classes/pref/filters.php | 185 | ||||
| -rw-r--r-- | classes/pref/labels.php | 79 | ||||
| -rw-r--r-- | classes/pref/prefs.php | 195 | ||||
| -rw-r--r-- | classes/pref/system.php | 90 | ||||
| -rw-r--r-- | classes/pref/users.php | 107 |
6 files changed, 618 insertions, 503 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index 469ca1111..7d050f135 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -15,11 +15,11 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = db_escape_string($this->link, $_REQUEST['title']); - $id = db_escape_string($this->link, $_REQUEST['id']); + $title = $this->dbh->escape_string($_REQUEST['title']); + $id = $this->dbh->escape_string($_REQUEST['id']); if ($title) { - db_query($this->link, "UPDATE ttrss_feed_categories SET + $this->dbh->query("UPDATE ttrss_feed_categories SET title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); } return; @@ -36,15 +36,14 @@ class Pref_Feeds extends Handler_Protected { // first one is set by API $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search && - get_pref($this->link, '_PREFS_SHOW_EMPTY_CATS')); + ($_REQUEST['mode'] != 2 && !$search); $items = array(); - $result = db_query($this->link, "SELECT id, title FROM ttrss_feed_categories + $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title"); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $cat = array(); $cat['id'] = 'CAT:' . $line['id']; @@ -65,13 +64,13 @@ class Pref_Feeds extends Handler_Protected { } - $feed_result = db_query($this->link, "SELECT id, title, last_error, + $feed_result = $this->dbh->query("SELECT id, title, last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"]. "$search_qpart ORDER BY order_id, title"); - while ($feed_line = db_fetch_assoc($feed_result)) { + while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -80,7 +79,7 @@ class Pref_Feeds extends Handler_Protected { $feed['unread'] = 0; $feed['error'] = $feed_line['last_error']; $feed['icon'] = getFeedIcon($feed_line['id']); - $feed['param'] = make_local_datetime($this->link, + $feed['param'] = make_local_datetime( $feed_line['last_updated'], true); array_push($items, $feed); @@ -108,7 +107,7 @@ class Pref_Feeds extends Handler_Protected { $root['items'] = array(); $root['type'] = 'category'; - $enable_cats = get_pref($this->link, 'ENABLE_FEED_CATS'); + $enable_cats = get_pref('ENABLE_FEED_CATS'); if ($_REQUEST['mode'] == 2) { @@ -124,9 +123,7 @@ class Pref_Feeds extends Handler_Protected { /* Plugin feeds for -1 */ - global $pluginhost; - - $feeds = $pluginhost->get_feeds(-1); + $feeds = PluginHost::getInstance()->get_feeds(-1); if ($feeds) { foreach ($feeds as $feed) { @@ -154,18 +151,18 @@ class Pref_Feeds extends Handler_Protected { $root['items'] = array_merge($root['items'], $cat['items']); } - $result = db_query($this->link, "SELECT * FROM + $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption"); - if (db_num_rows($result) > 0) { + if ($this->dbh->num_rows($result) > 0) { - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { $cat = $this->feedlist_init_cat(-2); } else { $cat['items'] = array(); } - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $label_id = label_to_feed_id($line['id']); @@ -187,13 +184,12 @@ class Pref_Feeds extends Handler_Protected { if ($enable_cats) { $show_empty_cats = $_REQUEST['force_show_empty'] || - ($_REQUEST['mode'] != 2 && !$search && - get_pref($this->link, '_PREFS_SHOW_EMPTY_CATS')); + ($_REQUEST['mode'] != 2 && !$search); - $result = db_query($this->link, "SELECT id, title FROM ttrss_feed_categories + $result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title"); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $cat = array(); $cat['id'] = 'CAT:' . $line['id']; $cat['bare_id'] = (int)$line['id']; @@ -226,13 +222,13 @@ class Pref_Feeds extends Handler_Protected { $cat['unread'] = 0; $cat['child_unread'] = 0; - $feed_result = db_query($this->link, "SELECT id, title,last_error, + $feed_result = $this->dbh->query("SELECT id, title,last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"]. "$search_qpart ORDER BY order_id, title"); - while ($feed_line = db_fetch_assoc($feed_result)) { + while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -240,7 +236,7 @@ class Pref_Feeds extends Handler_Protected { $feed['checkbox'] = false; $feed['error'] = $feed_line['last_error']; $feed['icon'] = getFeedIcon($feed_line['id']); - $feed['param'] = make_local_datetime($this->link, + $feed['param'] = make_local_datetime( $feed_line['last_updated'], true); $feed['unread'] = 0; $feed['type'] = 'feed'; @@ -257,13 +253,13 @@ class Pref_Feeds extends Handler_Protected { $root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); } else { - $feed_result = db_query($this->link, "SELECT id, title, last_error, + $feed_result = $this->dbh->query("SELECT id, title, last_error, ".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated FROM ttrss_feeds WHERE owner_uid = ".$_SESSION["uid"]. "$search_qpart ORDER BY order_id, title"); - while ($feed_line = db_fetch_assoc($feed_result)) { + while ($feed_line = $this->dbh->fetch_assoc($feed_result)) { $feed = array(); $feed['id'] = 'FEED:' . $feed_line['id']; $feed['bare_id'] = (int)$feed_line['id']; @@ -271,7 +267,7 @@ class Pref_Feeds extends Handler_Protected { $feed['checkbox'] = false; $feed['error'] = $feed_line['last_error']; $feed['icon'] = getFeedIcon($feed_line['id']); - $feed['param'] = make_local_datetime($this->link, + $feed['param'] = make_local_datetime( $feed_line['last_updated'], true); $feed['unread'] = 0; $feed['type'] = 'feed'; @@ -296,22 +292,17 @@ class Pref_Feeds extends Handler_Protected { } function catsortreset() { - db_query($this->link, "UPDATE ttrss_feed_categories + $this->dbh->query("UPDATE ttrss_feed_categories SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); return; } function feedsortreset() { - db_query($this->link, "UPDATE ttrss_feeds + $this->dbh->query("UPDATE ttrss_feeds SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); return; } - function togglehiddenfeedcats() { - set_pref($this->link, '_PREFS_SHOW_EMPTY_CATS', - (get_pref($this->link, '_PREFS_SHOW_EMPTY_CATS') ? 'false' : 'true')); - } - private function process_category_order(&$data_map, $item_id, $parent_id = false, $nest_level = 0) { $debug = isset($_REQUEST["debug"]); @@ -326,12 +317,12 @@ class Pref_Feeds extends Handler_Protected { if ($item_id != 'root') { if ($parent_id && $parent_id != 'root') { $parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1); - $parent_qpart = db_escape_string($this->link, $parent_bare_id); + $parent_qpart = $this->dbh->escape_string($parent_bare_id); } else { $parent_qpart = 'NULL'; } - db_query($this->link, "UPDATE ttrss_feed_categories + $this->dbh->query("UPDATE ttrss_feed_categories SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -352,12 +343,12 @@ class Pref_Feeds extends Handler_Protected { if (strpos($id, "FEED") === 0) { $cat_id = ($item_id != "root") ? - db_escape_string($this->link, $bare_item_id) : "NULL"; + $this->dbh->escape_string($bare_item_id) : "NULL"; $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" : "cat_id = NULL"; - db_query($this->link, "UPDATE ttrss_feeds + $this->dbh->query("UPDATE ttrss_feeds SET order_id = $order_id, $cat_qpart WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); @@ -367,12 +358,12 @@ class Pref_Feeds extends Handler_Protected { $nest_level+1); if ($item_id != 'root') { - $parent_qpart = db_escape_string($this->link, $bare_id); + $parent_qpart = $this->dbh->escape_string($bare_id); } else { $parent_qpart = 'NULL'; } - db_query($this->link, "UPDATE ttrss_feed_categories + $this->dbh->query("UPDATE ttrss_feed_categories SET order_id = '$order_id' WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -424,7 +415,7 @@ class Pref_Feeds extends Handler_Protected { ++$cat_order_id; if ($bare_id > 0) { - db_query($this->link, "UPDATE ttrss_feed_categories + $this->dbh->query("UPDATE ttrss_feed_categories SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND owner_uid = " . $_SESSION["uid"]); } @@ -441,7 +432,7 @@ class Pref_Feeds extends Handler_Protected { else $cat_query = "cat_id = NULL"; - db_query($this->link, "UPDATE ttrss_feeds + $this->dbh->query("UPDATE ttrss_feeds SET order_id = '$feed_order_id', $cat_query WHERE id = '$feed_id' AND @@ -457,13 +448,16 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); + $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]); - $result = db_query($this->link, "SELECT id FROM ttrss_feeds + $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); - if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); + if ($this->dbh->num_rows($result) != 0) { + @unlink(ICONS_DIR . "/$feed_id.ico"); + + $this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL + where id = '$feed_id'"); } return; @@ -472,19 +466,39 @@ class Pref_Feeds extends Handler_Protected { function uploadicon() { header("Content-type: text/html"); - $icon_file = $_FILES['icon_file']['tmp_name']; - $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); + $tmp_file = false; + + if (is_uploaded_file($_FILES['icon_file']['tmp_name'])) { + $tmp_file = tempnam(CACHE_DIR . '/upload', 'icon'); + + $result = move_uploaded_file($_FILES['icon_file']['tmp_name'], + $tmp_file); + + if (!$result) { + return; + } + } else { + return; + } + + $icon_file = $tmp_file; + $feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 20000) { - $result = db_query($this->link, "SELECT id FROM ttrss_feeds + $result = $this->dbh->query("SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); - if (db_num_rows($result) != 0) { - unlink(ICONS_DIR . "/$feed_id.ico"); - move_uploaded_file($icon_file, ICONS_DIR . "/$feed_id.ico"); - $rc = 0; + if ($this->dbh->num_rows($result) != 0) { + @unlink(ICONS_DIR . "/$feed_id.ico"); + if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) { + $this->dbh->query("UPDATE ttrss_feeds SET + favicon_avg_color = '' + WHERE id = '$feed_id'"); + + $rc = 0; + } } else { $rc = 2; } @@ -495,6 +509,8 @@ class Pref_Feeds extends Handler_Protected { $rc = 2; } + @unlink($icon_file); + print "<script type=\"text/javascript\">"; print "parent.uploadIconHandler($rc);"; print "</script>"; @@ -505,13 +521,16 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_id = db_escape_string($this->link, $_REQUEST["id"]); + $feed_id = $this->dbh->escape_string($_REQUEST["id"]); - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]); - $title = htmlspecialchars(db_fetch_result($result, + $auth_pass_encrypted = sql_bool_to_bool($this->dbh->fetch_result($result, 0, + "auth_pass_encrypted")); + + $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title")); print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">"; @@ -529,8 +548,8 @@ class Pref_Feeds extends Handler_Protected { /* Feed URL */ - $feed_url = db_fetch_result($result, 0, "feed_url"); - $feed_url = htmlspecialchars(db_fetch_result($result, + $feed_url = $this->dbh->fetch_result($result, 0, "feed_url"); + $feed_url = htmlspecialchars($this->dbh->fetch_result($result, 0, "feed_url")); print "<hr/>"; @@ -541,7 +560,7 @@ class Pref_Feeds extends Handler_Protected { regExp='^(http|https)://.*' style=\"width : 20em\" name=\"feed_url\" value=\"$feed_url\">"; - $last_error = db_fetch_result($result, 0, "last_error"); + $last_error = $this->dbh->fetch_result($result, 0, "last_error"); if ($last_error) { print " <span title=\"".htmlspecialchars($last_error)."\" @@ -551,15 +570,15 @@ class Pref_Feeds extends Handler_Protected { /* Category */ - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { - $cat_id = db_fetch_result($result, 0, "cat_id"); + $cat_id = $this->dbh->fetch_result($result, 0, "cat_id"); print "<hr/>"; print __('Place in category:') . " "; - print_feed_cat_select($this->link, "cat_id", $cat_id, + print_feed_cat_select("cat_id", $cat_id, 'dojoType="dijit.form.Select"'); } @@ -570,14 +589,14 @@ class Pref_Feeds extends Handler_Protected { /* Update Interval */ - $update_interval = db_fetch_result($result, 0, "update_interval"); + $update_interval = $this->dbh->fetch_result($result, 0, "update_interval"); print_select_hash("update_interval", $update_interval, $update_intervals, 'dojoType="dijit.form.Select"'); /* Purge intl */ - $purge_interval = db_fetch_result($result, 0, "purge_interval"); + $purge_interval = $this->dbh->fetch_result($result, 0, "purge_interval"); print "<hr/>"; print __('Article purging:') . " "; @@ -590,13 +609,20 @@ class Pref_Feeds extends Handler_Protected { print "<div class=\"dlgSec\">".__("Authentication")."</div>"; print "<div class=\"dlgSecCont\">"; - $auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login")); + $auth_login = htmlspecialchars($this->dbh->fetch_result($result, 0, "auth_login")); print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\" placeHolder=\"".__("Login")."\" name=\"auth_login\" value=\"$auth_login\"><hr/>"; - $auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass")); + $auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass"); + + if ($auth_pass_encrypted) { + require_once "crypt.php"; + $auth_pass = decrypt_string($auth_pass); + } + + $auth_pass = htmlspecialchars($auth_pass); print "<input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\" placeHolder=\"".__("Password")."\" @@ -610,7 +636,7 @@ class Pref_Feeds extends Handler_Protected { print "<div class=\"dlgSec\">".__("Options")."</div>"; print "<div class=\"dlgSecCont\">"; - $private = sql_bool_to_bool(db_fetch_result($result, 0, "private")); + $private = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "private")); if ($private) { $checked = "checked=\"1\""; @@ -621,7 +647,7 @@ class Pref_Feeds extends Handler_Protected { print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\" $checked> <label for=\"private\">".__('Hide from Popular feeds')."</label>"; - $include_in_digest = sql_bool_to_bool(db_fetch_result($result, 0, "include_in_digest")); + $include_in_digest = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "include_in_digest")); if ($include_in_digest) { $checked = "checked=\"1\""; @@ -634,7 +660,7 @@ class Pref_Feeds extends Handler_Protected { $checked> <label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>"; - $always_display_enclosures = sql_bool_to_bool(db_fetch_result($result, 0, "always_display_enclosures")); + $always_display_enclosures = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "always_display_enclosures")); if ($always_display_enclosures) { $checked = "checked"; @@ -646,7 +672,7 @@ class Pref_Feeds extends Handler_Protected { name=\"always_display_enclosures\" $checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>"; - $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images")); + $hide_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "hide_images")); if ($hide_images) { $checked = "checked=\"1\""; @@ -659,7 +685,7 @@ class Pref_Feeds extends Handler_Protected { $checked> <label for=\"hide_images\">". __('Do not embed images')."</label>"; - $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); + $cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images")); if ($cache_images) { $checked = "checked=\"1\""; @@ -672,7 +698,7 @@ class Pref_Feeds extends Handler_Protected { $checked> <label for=\"cache_images\">". __('Cache images locally')."</label>"; - $mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update")); + $mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update")); if ($mark_unread_on_update) { $checked = "checked"; @@ -709,6 +735,9 @@ class Pref_Feeds extends Handler_Protected { print "</div>"; + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_EDIT_FEED, + "hook_prefs_edit_feed", $feed_id); + $title = htmlspecialchars($title, ENT_QUOTES); print "<div class='dlgButtons'> @@ -717,7 +746,7 @@ class Pref_Feeds extends Handler_Protected { __('Unsubscribe')."</button>"; if (PUBSUBHUBBUB_ENABLED) { - $pubsub_state = db_fetch_result($result, 0, "pubsub_state"); + $pubsub_state = $this->dbh->fetch_result($result, 0, "pubsub_state"); $pubsub_btn_disabled = ($pubsub_state == 2) ? "" : "disabled=\"1\""; print "<button dojoType=\"dijit.form.Button\" id=\"pubsubReset_Btn\" $pubsub_btn_disabled @@ -741,7 +770,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_ids = db_escape_string($this->link, $_REQUEST["ids"]); + $feed_ids = $this->dbh->escape_string($_REQUEST["ids"]); print_notice("Enable the options you wish to apply using checkboxes on the right:"); @@ -758,7 +787,7 @@ class Pref_Feeds extends Handler_Protected { print "<input dojoType=\"dijit.form.ValidationTextBox\" disabled=\"1\" style=\"font-size : 16px; width : 20em;\" required=\"1\" - name=\"title\" value=\"$title\">"; + name=\"title\" value=\"\">"; $this->batch_edit_cbox("title"); @@ -769,19 +798,19 @@ class Pref_Feeds extends Handler_Protected { print __('URL:') . " "; print "<input dojoType=\"dijit.form.ValidationTextBox\" disabled=\"1\" required=\"1\" regExp='^(http|https)://.*' style=\"width : 20em\" - name=\"feed_url\" value=\"$feed_url\">"; + name=\"feed_url\" value=\"\">"; $this->batch_edit_cbox("feed_url"); /* Category */ - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { print "<br/>"; print __('Place in category:') . " "; - print_feed_cat_select($this->link, "cat_id", $cat_id, + print_feed_cat_select("cat_id", false, 'disabled="1" dojoType="dijit.form.Select"'); $this->batch_edit_cbox("cat_id"); @@ -795,7 +824,7 @@ class Pref_Feeds extends Handler_Protected { /* Update Interval */ - print_select_hash("update_interval", $update_interval, $update_intervals, + print_select_hash("update_interval", "", $update_intervals, 'disabled="1" dojoType="dijit.form.Select"'); $this->batch_edit_cbox("update_interval"); @@ -808,7 +837,7 @@ class Pref_Feeds extends Handler_Protected { print __('Article purging:') . " "; - print_select_hash("purge_interval", $purge_interval, $purge_intervals, + print_select_hash("purge_interval", "", $purge_intervals, 'disabled="1" dojoType="dijit.form.Select"'); $this->batch_edit_cbox("purge_interval"); @@ -820,13 +849,13 @@ class Pref_Feeds extends Handler_Protected { print "<input dojoType=\"dijit.form.TextBox\" placeHolder=\"".__("Login")."\" disabled=\"1\" - name=\"auth_login\" value=\"$auth_login\">"; + name=\"auth_login\" value=\"\">"; $this->batch_edit_cbox("auth_login"); print "<br/><input dojoType=\"dijit.form.TextBox\" type=\"password\" name=\"auth_pass\" placeHolder=\"".__("Password")."\" disabled=\"1\" - value=\"$auth_pass\">"; + value=\"\">"; $this->batch_edit_cbox("auth_pass"); @@ -897,29 +926,39 @@ class Pref_Feeds extends Handler_Protected { function editsaveops($batch) { - $feed_title = db_escape_string($this->link, trim($_POST["title"])); - $feed_link = db_escape_string($this->link, trim($_POST["feed_url"])); - $upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]); - $purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]); - $feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */ - $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */ - $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]); - $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); - $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); - $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"])); + $feed_title = $this->dbh->escape_string(trim($_POST["title"])); + $feed_link = $this->dbh->escape_string(trim($_POST["feed_url"])); + $upd_intl = (int) $this->dbh->escape_string($_POST["update_interval"]); + $purge_intl = (int) $this->dbh->escape_string($_POST["purge_interval"]); + $feed_id = (int) $this->dbh->escape_string($_POST["id"]); /* editSave */ + $feed_ids = $this->dbh->escape_string($_POST["ids"]); /* batchEditSave */ + $cat_id = (int) $this->dbh->escape_string($_POST["cat_id"]); + $auth_login = $this->dbh->escape_string(trim($_POST["auth_login"])); + $auth_pass = trim($_POST["auth_pass"]); + $private = checkbox_to_sql_bool($this->dbh->escape_string($_POST["private"])); $include_in_digest = checkbox_to_sql_bool( - db_escape_string($this->link, $_POST["include_in_digest"])); + $this->dbh->escape_string($_POST["include_in_digest"])); $cache_images = checkbox_to_sql_bool( - db_escape_string($this->link, $_POST["cache_images"])); + $this->dbh->escape_string($_POST["cache_images"])); $hide_images = checkbox_to_sql_bool( - db_escape_string($this->link, $_POST["hide_images"])); + $this->dbh->escape_string($_POST["hide_images"])); $always_display_enclosures = checkbox_to_sql_bool( - db_escape_string($this->link, $_POST["always_display_enclosures"])); + $this->dbh->escape_string($_POST["always_display_enclosures"])); $mark_unread_on_update = checkbox_to_sql_bool( - db_escape_string($this->link, $_POST["mark_unread_on_update"])); + $this->dbh->escape_string($_POST["mark_unread_on_update"])); + + if (strlen(FEED_CRYPT_KEY) > 0) { + require_once "crypt.php"; + $auth_pass = substr(encrypt_string($auth_pass), 0, 250); + $auth_pass_encrypted = 'true'; + } else { + $auth_pass_encrypted = 'false'; + } - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + $auth_pass = $this->dbh->escape_string($auth_pass); + + if (get_pref('ENABLE_FEED_CATS')) { if ($cat_id && $cat_id != 0) { $category_qpart = "cat_id = '$cat_id',"; $category_qpart_nocomma = "cat_id = '$cat_id'"; @@ -934,13 +973,14 @@ class Pref_Feeds extends Handler_Protected { if (!$batch) { - $result = db_query($this->link, "UPDATE ttrss_feeds SET + $result = $this->dbh->query("UPDATE ttrss_feeds SET $category_qpart title = '$feed_title', feed_url = '$feed_link', update_interval = '$upd_intl', purge_interval = '$purge_intl', auth_login = '$auth_login', auth_pass = '$auth_pass', + auth_pass_encrypted = $auth_pass_encrypted, private = $private, cache_images = $cache_images, hide_images = $hide_images, @@ -949,6 +989,9 @@ class Pref_Feeds extends Handler_Protected { mark_unread_on_update = $mark_unread_on_update WHERE id = '$feed_id' AND owner_uid = " . $_SESSION["uid"]); + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_SAVE_FEED, + "hook_prefs_save_feed", $feed_id); + } else { $feed_data = array(); @@ -958,7 +1001,7 @@ class Pref_Feeds extends Handler_Protected { } } - db_query($this->link, "BEGIN"); + $this->dbh->query("BEGIN"); foreach (array_keys($feed_data) as $k) { @@ -986,7 +1029,8 @@ class Pref_Feeds extends Handler_Protected { break; case "auth_pass": - $qpart = "auth_pass = '$auth_pass'"; + $qpart = "auth_pass = '$auth_pass' AND + auth_pass_encrypted = $auth_pass_encrypted"; break; case "private": @@ -1020,23 +1064,23 @@ class Pref_Feeds extends Handler_Protected { } if ($qpart) { - db_query($this->link, + $this->dbh->query( "UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids) AND owner_uid = " . $_SESSION["uid"]); print "<br/>"; } } - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); } return; } function resetPubSub() { - $ids = db_escape_string($this->link, $_REQUEST["ids"]); + $ids = $this->dbh->escape_string($_REQUEST["ids"]); - db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids) + $this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); return; @@ -1044,30 +1088,30 @@ class Pref_Feeds extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - Pref_Feeds::remove_feed($this->link, $id, $_SESSION["uid"]); + Pref_Feeds::remove_feed($id, $_SESSION["uid"]); } return; } function clear() { - $id = db_escape_string($this->link, $_REQUEST["id"]); - $this->clear_feed_articles($this->link, $id); + $id = $this->dbh->escape_string($_REQUEST["id"]); + $this->clear_feed_articles($id); } function rescore() { require_once "rssfuncs.php"; - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - $filters = load_filters($this->link, $id, $_SESSION["uid"], 6); + $filters = load_filters($id, $_SESSION["uid"], 6); - $result = db_query($this->link, "SELECT + $result = $this->dbh->query("SELECT title, content, link, ref_id, author,". SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated FROM @@ -1078,9 +1122,9 @@ class Pref_Feeds extends Handler_Protected { $scores = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { - $tags = get_article_tags($this->link, $line["ref_id"]); + $tags = get_article_tags($line["ref_id"]); $article_filters = get_article_filters($filters, $line['title'], $line['content'], $line['link'], strtotime($line['updated']), @@ -1095,15 +1139,15 @@ class Pref_Feeds extends Handler_Protected { foreach (array_keys($scores) as $s) { if ($s > 1000) { - db_query($this->link, "UPDATE ttrss_user_entries SET score = '$s', + $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s', marked = true WHERE ref_id IN (" . join(',', $scores[$s]) . ")"); } else if ($s < -500) { - db_query($this->link, "UPDATE ttrss_user_entries SET score = '$s', + $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s', unread = false WHERE ref_id IN (" . join(',', $scores[$s]) . ")"); } else { - db_query($this->link, "UPDATE ttrss_user_entries SET score = '$s' WHERE + $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE ref_id IN (" . join(',', $scores[$s]) . ")"); } } @@ -1115,16 +1159,16 @@ class Pref_Feeds extends Handler_Protected { function rescoreAll() { - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']); - while ($feed_line = db_fetch_assoc($result)) { + while ($feed_line = $this->dbh->fetch_assoc($result)) { $id = $feed_line["id"]; - $filters = load_filters($this->link, $id, $_SESSION["uid"], 6); + $filters = load_filters($id, $_SESSION["uid"], 6); - $tmp_result = db_query($this->link, "SELECT + $tmp_result = $this->dbh->query("SELECT title, content, link, ref_id, author,". SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated FROM @@ -1135,9 +1179,9 @@ class Pref_Feeds extends Handler_Protected { $scores = array(); - while ($line = db_fetch_assoc($tmp_result)) { + while ($line = $this->dbh->fetch_assoc($tmp_result)) { - $tags = get_article_tags($this->link, $line["ref_id"]); + $tags = get_article_tags($line["ref_id"]); $article_filters = get_article_filters($filters, $line['title'], $line['content'], $line['link'], strtotime($line['updated']), @@ -1152,11 +1196,11 @@ class Pref_Feeds extends Handler_Protected { foreach (array_keys($scores) as $s) { if ($s > 1000) { - db_query($this->link, "UPDATE ttrss_user_entries SET score = '$s', + $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s', marked = true WHERE ref_id IN (" . join(',', $scores[$s]) . ")"); } else { - db_query($this->link, "UPDATE ttrss_user_entries SET score = '$s' WHERE + $this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE ref_id IN (" . join(',', $scores[$s]) . ")"); } } @@ -1167,9 +1211,9 @@ class Pref_Feeds extends Handler_Protected { } function categorize() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); - $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); + $cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -1177,30 +1221,30 @@ class Pref_Feeds extends Handler_Protected { $cat_id_qpart = "'$cat_id'"; } - db_query($this->link, "BEGIN"); + $this->dbh->query("BEGIN"); foreach ($ids as $id) { - db_query($this->link, "UPDATE ttrss_feeds SET cat_id = $cat_id_qpart + $this->dbh->query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); } - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); } function removeCat() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - $this->remove_feed_category($this->link, $id, $_SESSION["uid"]); + $this->remove_feed_category($id, $_SESSION["uid"]); } } function addCat() { - $feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"])); + $feed_cat = $this->dbh->escape_string(trim($_REQUEST["cat"])); - add_feed_category($this->link, $feed_cat); + add_feed_category($feed_cat); } function index() { @@ -1208,10 +1252,10 @@ class Pref_Feeds extends Handler_Protected { print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">"; - $result = db_query($this->link, "SELECT COUNT(id) AS num_errors + $result = $this->dbh->query("SELECT COUNT(id) AS num_errors FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); - $num_errors = db_fetch_result($result, 0, "num_errors"); + $num_errors = $this->dbh->fetch_result($result, 0, "num_errors"); if ($num_errors > 0) { @@ -1226,13 +1270,13 @@ class Pref_Feeds extends Handler_Protected { $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; } - $result = db_query($this->link, "SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE + $result = $this->dbh->query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE ttrss_entries.id = ref_id AND ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND ttrss_feeds.owner_uid = ".$_SESSION["uid"]); - $num_inactive = db_fetch_result($result, 0, "num_inactive"); + $num_inactive = $this->dbh->fetch_result($result, 0, "num_inactive"); if ($num_inactive > 0) { $inactive_button = "<button dojoType=\"dijit.form.Button\" @@ -1240,7 +1284,7 @@ class Pref_Feeds extends Handler_Protected { __("Inactive feeds") . "</button>"; } - $feed_search = db_escape_string($this->link, $_REQUEST["search"]); + $feed_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; @@ -1283,7 +1327,7 @@ class Pref_Feeds extends Handler_Protected { .__('Unsubscribe')."</div> "; print "</div></div>"; - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { print "<div dojoType=\"dijit.form.DropDownButton\">". "<span>" . __('Categories')."</span>"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; @@ -1300,9 +1344,6 @@ class Pref_Feeds extends Handler_Protected { print $error_button; print $inactive_button; - print "<button onclick=\"toggleHiddenFeedCats()\" - dojoType=\"dijit.form.Button\">".__('(Un)hide empty categories')."</button>"; - if (defined('_ENABLE_FEED_DEBUGGING')) { print "<select id=\"feedActionChooser\" onchange=\"feedActionChange()\"> @@ -1403,8 +1444,7 @@ class Pref_Feeds extends Handler_Protected { print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('".__("Public OPML URL")."','pubOPMLUrl')\">". __('Display published OPML URL')."</button> "; - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefFeedsOPML"); print "</div>"; # pane @@ -1450,15 +1490,12 @@ class Pref_Feeds extends Handler_Protected { print "<button dojoType=\"dijit.form.Button\" onclick=\"return clearArticleAccessKeys()\">". __('Unshare all articles')."</button> "; - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefFeedsPublishedGenerated"); print "</div>"; #pane - global $pluginhost; - - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefFeeds"); print "</div>"; #container @@ -1469,14 +1506,14 @@ class Pref_Feeds extends Handler_Protected { $cat_id = (int) $cat_id; if ($cat_id > 0) { - $cat_unread = ccache_find($this->link, $cat_id, $_SESSION["uid"], true); + $cat_unread = ccache_find($cat_id, $_SESSION["uid"], true); } else if ($cat_id == 0 || $cat_id == -2) { - $cat_unread = getCategoryUnread($this->link, $cat_id); + $cat_unread = getCategoryUnread($cat_id); } $obj['id'] = 'CAT:' . $cat_id; $obj['items'] = array(); - $obj['name'] = getCategoryTitle($this->link, $cat_id); + $obj['name'] = getCategoryTitle($cat_id); $obj['type'] = 'category'; $obj['unread'] = (int) $cat_unread; $obj['bare_id'] = $cat_id; @@ -1489,10 +1526,10 @@ class Pref_Feeds extends Handler_Protected { $feed_id = (int) $feed_id; if (!$title) - $title = getFeedTitle($this->link, $feed_id, false); + $title = getFeedTitle($feed_id, false); if ($unread === false) - $unread = getFeedUnread($this->link, $feed_id, false); + $unread = getFeedUnread($feed_id, false); $obj['id'] = 'FEED:' . $feed_id; $obj['name'] = $title; @@ -1514,7 +1551,7 @@ class Pref_Feeds extends Handler_Protected { $interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)"; } - $result = db_query($this->link, "SELECT ttrss_feeds.title, ttrss_feeds.site_url, + $result = $this->dbh->query("SELECT ttrss_feeds.title, ttrss_feeds.site_url, ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE (SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE @@ -1545,9 +1582,8 @@ class Pref_Feeds extends Handler_Protected { $lnum = 1; - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { - $class = ($lnum % 2) ? "even" : "odd"; $feed_id = $line["id"]; $this_row_id = "id=\"FUPDD-$feed_id\""; @@ -1568,7 +1604,7 @@ class Pref_Feeds extends Handler_Protected { htmlspecialchars($line["title"])."</a>"; print "</td><td class=\"insensitive\" align='right'>"; - print make_local_datetime($this->link, $line['last_article'], false); + print make_local_datetime($line['last_article'], false); print "</td>"; print "</tr>"; @@ -1595,7 +1631,7 @@ class Pref_Feeds extends Handler_Protected { print "<h2>" . __("These feeds have not been updated because of errors:") . "</h2>"; - $result = db_query($this->link, "SELECT id,title,feed_url,last_error,site_url + $result = $this->dbh->query("SELECT id,title,feed_url,last_error,site_url FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]); print "<div dojoType=\"dijit.Toolbar\">"; @@ -1615,9 +1651,8 @@ class Pref_Feeds extends Handler_Protected { $lnum = 1; - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { - $class = ($lnum % 2) ? "even" : "odd"; $feed_id = $line["id"]; $this_row_id = "id=\"FERDD-$feed_id\""; @@ -1669,53 +1704,53 @@ class Pref_Feeds extends Handler_Protected { * @param integer $id The id of the feed to purge. * @return void */ - private function clear_feed_articles($link, $id) { + private function clear_feed_articles($id) { if ($id != 0) { - $result = db_query($link, "DELETE FROM ttrss_user_entries + $result = $this->dbh->query("DELETE FROM ttrss_user_entries WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]); } else { - $result = db_query($link, "DELETE FROM ttrss_user_entries + $result = $this->dbh->query("DELETE FROM ttrss_user_entries WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]); } - $result = db_query($link, "DELETE FROM ttrss_entries WHERE + $result = $this->dbh->query("DELETE FROM ttrss_entries WHERE (SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0"); - ccache_update($link, $id, $_SESSION['uid']); + ccache_update($id, $_SESSION['uid']); } // function clear_feed_articles - private function remove_feed_category($link, $id, $owner_uid) { + private function remove_feed_category($id, $owner_uid) { - db_query($link, "DELETE FROM ttrss_feed_categories + $this->dbh->query("DELETE FROM ttrss_feed_categories WHERE id = '$id' AND owner_uid = $owner_uid"); - ccache_remove($link, $id, $owner_uid, true); + ccache_remove($id, $owner_uid, true); } - static function remove_feed($link, $id, $owner_uid) { + static function remove_feed($id, $owner_uid) { if ($id > 0) { /* save starred articles in Archived feed */ - db_query($link, "BEGIN"); + db_query("BEGIN"); /* prepare feed if necessary */ - $result = db_query($link, "SELECT feed_url FROM ttrss_feeds WHERE id = $id + $result = db_query("SELECT feed_url FROM ttrss_feeds WHERE id = $id AND owner_uid = $owner_uid"); - $feed_url = db_escape_string($link, db_fetch_result($result, 0, "feed_url")); + $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url")); - $result = db_query($link, "SELECT id FROM ttrss_archived_feeds + $result = db_query("SELECT id FROM ttrss_archived_feeds WHERE feed_url = '$feed_url' AND owner_uid = $owner_uid"); if (db_num_rows($result) == 0) { - $result = db_query($link, "SELECT MAX(id) AS id FROM ttrss_archived_feeds"); + $result = db_query("SELECT MAX(id) AS id FROM ttrss_archived_feeds"); $new_feed_id = (int)db_fetch_result($result, 0, "id") + 1; - db_query($link, "INSERT INTO ttrss_archived_feeds + db_query("INSERT INTO ttrss_archived_feeds (id, owner_uid, title, feed_url, site_url) SELECT $new_feed_id, owner_uid, title, feed_url, site_url from ttrss_feeds WHERE id = '$id'"); @@ -1725,31 +1760,31 @@ class Pref_Feeds extends Handler_Protected { $archive_id = db_fetch_result($result, 0, "id"); } - db_query($link, "UPDATE ttrss_user_entries SET feed_id = NULL, + db_query("UPDATE ttrss_user_entries SET feed_id = NULL, orig_feed_id = '$archive_id' WHERE feed_id = '$id' AND marked = true AND owner_uid = $owner_uid"); /* Remove access key for the feed */ - db_query($link, "DELETE FROM ttrss_access_keys WHERE + db_query("DELETE FROM ttrss_access_keys WHERE feed_id = '$id' AND owner_uid = $owner_uid"); /* remove the feed */ - db_query($link, "DELETE FROM ttrss_feeds + db_query("DELETE FROM ttrss_feeds WHERE id = '$id' AND owner_uid = $owner_uid"); - db_query($link, "COMMIT"); + db_query("COMMIT"); if (file_exists(ICONS_DIR . "/$id.ico")) { unlink(ICONS_DIR . "/$id.ico"); } - ccache_remove($link, $id, $owner_uid); + ccache_remove($id, $owner_uid); } else { - label_remove($link, feed_to_label_id($id), $owner_uid); - //ccache_remove($link, $id, $owner_uid); don't think labels are cached + label_remove(feed_to_label_id($id), $owner_uid); + //ccache_remove($id, $owner_uid); don't think labels are cached } } @@ -1760,9 +1795,9 @@ class Pref_Feeds extends Handler_Protected { print "<table width='100%'><tr><td> ".__("Add one valid RSS feed per line (no feed detection is done)")." </td><td align='right'>"; - if (get_pref($this->link, 'ENABLE_FEED_CATS')) { + if (get_pref('ENABLE_FEED_CATS')) { print __('Place in category:') . " "; - print_feed_cat_select($this->link, "cat", false, 'dojoType="dijit.form.Select"'); + print_feed_cat_select("cat", false, 'dojoType="dijit.form.Select"'); } print "</td></tr><tr><td colspan='2'>"; print "<textarea @@ -1802,17 +1837,17 @@ class Pref_Feeds extends Handler_Protected { } function batchAddFeeds() { - $cat_id = db_escape_string($this->link, $_REQUEST['cat']); + $cat_id = $this->dbh->escape_string($_REQUEST['cat']); $feeds = explode("\n", $_REQUEST['feeds']); - $login = db_escape_string($this->link, $_REQUEST['login']); - $pass = db_escape_string($this->link, $_REQUEST['pass']); + $login = $this->dbh->escape_string($_REQUEST['login']); + $pass = trim($_REQUEST['pass']); foreach ($feeds as $feed) { - $feed = db_escape_string($this->link, trim($feed)); + $feed = $this->dbh->escape_string(trim($feed)); if (validate_feed_url($feed)) { - db_query($this->link, "BEGIN"); + $this->dbh->query("BEGIN"); if ($cat_id == "0" || !$cat_id) { $cat_qpart = "NULL"; @@ -1820,68 +1855,78 @@ class Pref_Feeds extends Handler_Protected { $cat_qpart = "'$cat_id'"; } - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]); - if (db_num_rows($result) == 0) { - $result = db_query($this->link, + if (strlen(FEED_CRYPT_KEY) > 0) { + require_once "crypt.php"; + $pass = substr(encrypt_string($pass), 0, 250); + $auth_pass_encrypted = 'true'; + } else { + $auth_pass_encrypted = 'false'; + } + + $pass = $this->dbh->escape_string($pass); + + if ($this->dbh->num_rows($result) == 0) { + $result = $this->dbh->query( "INSERT INTO ttrss_feeds - (owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method) + (owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted) VALUES ('".$_SESSION["uid"]."', '$feed', - '[Unknown]', $cat_qpart, '$login', '$pass', 0)"); + '[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)"); } - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); } } } function regenOPMLKey() { - $this->update_feed_access_key($this->link, 'OPML:Publish', + $this->update_feed_access_key('OPML:Publish', false, $_SESSION["uid"]); - $new_link = Opml::opml_publish_url($this->link); + $new_link = Opml::opml_publish_url(); print json_encode(array("link" => $new_link)); } function regenFeedKey() { - $feed_id = db_escape_string($this->link, $_REQUEST['id']); - $is_cat = db_escape_string($this->link, $_REQUEST['is_cat']) == "true"; + $feed_id = $this->dbh->escape_string($_REQUEST['id']); + $is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true"; - $new_key = $this->update_feed_access_key($this->link, $feed_id, $is_cat); + $new_key = $this->update_feed_access_key($feed_id, $is_cat); print json_encode(array("link" => $new_key)); } - private function update_feed_access_key($link, $feed_id, $is_cat, $owner_uid = false) { + private function update_feed_access_key($feed_id, $is_cat, $owner_uid = false) { if (!$owner_uid) $owner_uid = $_SESSION["uid"]; $sql_is_cat = bool_to_sql_bool($is_cat); - $result = db_query($link, "SELECT access_key FROM ttrss_access_keys + $result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat AND owner_uid = " . $owner_uid); - if (db_num_rows($result) == 1) { - $key = db_escape_string($this->link, sha1(uniqid(rand(), true))); + if ($this->dbh->num_rows($result) == 1) { + $key = $this->dbh->escape_string(sha1(uniqid(rand(), true))); - db_query($link, "UPDATE ttrss_access_keys SET access_key = '$key' + $this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key' WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat AND owner_uid = " . $owner_uid); return $key; } else { - return get_feed_access_key($link, $feed_id, $is_cat, $owner_uid); + return get_feed_access_key($feed_id, $is_cat, $owner_uid); } } // Silent function clearKeys() { - db_query($this->link, "DELETE FROM ttrss_access_keys WHERE + $this->dbh->query("DELETE FROM ttrss_access_keys WHERE owner_uid = " . $_SESSION["uid"]); } diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 4be1cdae5..bcc7b5aec 100644 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -9,7 +9,7 @@ class Pref_Filters extends Handler_Protected { } function filtersortreset() { - db_query($this->link, "UPDATE ttrss_filters2 + $this->dbh->query("UPDATE ttrss_filters2 SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]); return; } @@ -31,7 +31,7 @@ class Pref_Filters extends Handler_Protected { if ($filter_id > 0) { - db_query($this->link, "UPDATE ttrss_filters2 SET + $this->dbh->query("UPDATE ttrss_filters2 SET order_id = $index WHERE id = '$filter_id' AND owner_uid = " .$_SESSION["uid"]); @@ -49,16 +49,16 @@ class Pref_Filters extends Handler_Protected { $filter["enabled"] = true; $filter["match_any_rule"] = sql_bool_to_bool( - checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"]))); + checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]))); $filter["inverse"] = sql_bool_to_bool( - checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"]))); + checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]))); $filter["rules"] = array(); - $result = db_query($this->link, "SELECT id,name FROM ttrss_filter_types"); + $result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types"); $filter_types = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $filter_types[$line["id"]] = $line["name"]; } @@ -83,9 +83,7 @@ class Pref_Filters extends Handler_Protected { } } - $feed_title = getFeedTitle($this->link, $feed); - - $qfh_ret = queryFeedHeadlines($this->link, -4, 30, "", false, false, false, + $qfh_ret = queryFeedHeadlines(-4, 30, "", false, false, false, "date_entered DESC", 0, $_SESSION["uid"], $filter); $result = $qfh_ret[0]; @@ -98,10 +96,10 @@ class Pref_Filters extends Handler_Protected { print "<div class=\"filterTestHolder\">"; print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">"; - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $entry_timestamp = strtotime($line["updated"]); - $entry_tags = get_article_tags($this->link, $line["id"], $_SESSION["uid"]); + $entry_tags = get_article_tags($line["id"], $_SESSION["uid"]); $content_preview = truncate_string( strip_tags($line["content_preview"]), 100, '...'); @@ -158,7 +156,7 @@ class Pref_Filters extends Handler_Protected { $filter_search = $_SESSION["prefs_filter_search"]; - $result = db_query($this->link, "SELECT *, + $result = $this->dbh->query("SELECT *, (SELECT action_param FROM ttrss_filters2_actions WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param, (SELECT action_id FROM ttrss_filters2_actions @@ -176,7 +174,7 @@ class Pref_Filters extends Handler_Protected { $folder = array(); $folder['items'] = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { /* if ($action_id != $line["action_id"]) { if (count($folder['items']) > 0) { @@ -194,10 +192,10 @@ class Pref_Filters extends Handler_Protected { $match_ok = false; if ($filter_search) { - $rules_result = db_query($this->link, + $rules_result = $this->dbh->query( "SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]); - while ($rule_line = db_fetch_assoc($rules_result)) { + while ($rule_line = $this->dbh->fetch_assoc($rules_result)) { if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) { $match_ok = true; break; @@ -206,13 +204,13 @@ class Pref_Filters extends Handler_Protected { } if ($line['action_id'] == 7) { - $label_result = db_query($this->link, "SELECT fg_color, bg_color - FROM ttrss_labels2 WHERE caption = '".db_escape_string($this->link, $line['action_param'])."' AND + $label_result = $this->dbh->query("SELECT fg_color, bg_color + FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND owner_uid = " . $_SESSION["uid"]); - if (db_num_rows($label_result) > 0) { - $fg_color = db_fetch_result($label_result, 0, "fg_color"); - $bg_color = db_fetch_result($label_result, 0, "bg_color"); + if ($this->dbh->num_rows($label_result) > 0) { + $fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color"); + $bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color"); $name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>α</span>" . $name[1]; } @@ -248,15 +246,15 @@ class Pref_Filters extends Handler_Protected { function edit() { - $filter_id = db_escape_string($this->link, $_REQUEST["id"]); + $filter_id = $this->dbh->escape_string($_REQUEST["id"]); - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); - $enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled")); - $match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule")); - $inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse")); - $title = htmlspecialchars(db_fetch_result($result, 0, "title")); + $enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled")); + $match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule")); + $inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse")); + $title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title")); print "<form id=\"filter_edit_form\" onsubmit='return false'>"; @@ -294,10 +292,10 @@ class Pref_Filters extends Handler_Protected { print "<ul id='filterDlg_Matches'>"; - $rules_result = db_query($this->link, "SELECT * FROM ttrss_filters2_rules + $rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules WHERE filter_id = '$filter_id' ORDER BY reg_exp, id"); - while ($line = db_fetch_assoc($rules_result)) { + while ($line = $this->dbh->fetch_assoc($rules_result)) { if (sql_bool_to_bool($line["cat_filter"])) { $line["feed_id"] = "CAT:" . (int)$line["cat_id"]; } @@ -342,10 +340,10 @@ class Pref_Filters extends Handler_Protected { print "<ul id='filterDlg_Actions'>"; - $actions_result = db_query($this->link, "SELECT * FROM ttrss_filters2_actions + $actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$filter_id' ORDER BY id"); - while ($line = db_fetch_assoc($actions_result)) { + while ($line = $this->dbh->fetch_assoc($actions_result)) { $line["action_param_label"] = $line["action_param"]; unset($line["filter_id"]); @@ -417,19 +415,19 @@ class Pref_Filters extends Handler_Protected { if (strpos($feed_id, "CAT:") === 0) { $feed_id = (int) substr($feed_id, 4); - $feed = getCategoryTitle($this->link, $feed_id); + $feed = getCategoryTitle($feed_id); } else { $feed_id = (int) $feed_id; if ($rule["feed_id"]) - $feed = getFeedTitle($this->link, (int)$rule["feed_id"]); + $feed = getFeedTitle((int)$rule["feed_id"]); else $feed = __("All feeds"); } - $result = db_query($this->link, "SELECT description FROM ttrss_filter_types + $result = $this->dbh->query("SELECT description FROM ttrss_filter_types WHERE id = ".(int)$rule["filter_type"]); - $filter_type = db_fetch_result($result, 0, "description"); + $filter_type = $this->dbh->fetch_result($result, 0, "description"); return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : ""); @@ -440,10 +438,10 @@ class Pref_Filters extends Handler_Protected { } private function getActionName($action) { - $result = db_query($this->link, "SELECT description FROM + $result = $this->dbh->query("SELECT description FROM ttrss_filter_actions WHERE id = " .(int)$action["action_id"]); - $title = __(db_fetch_result($result, 0, "description")); + $title = __($this->dbh->fetch_result($result, 0, "description")); if ($action["action_id"] == 4 || $action["action_id"] == 6 || $action["action_id"] == 7) @@ -463,13 +461,13 @@ class Pref_Filters extends Handler_Protected { # print_r($_REQUEST); - $filter_id = db_escape_string($this->link, $_REQUEST["id"]); - $enabled = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["enabled"])); - $match_any_rule = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"])); - $inverse = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"])); - $title = db_escape_string($this->link, $_REQUEST["title"]); + $filter_id = $this->dbh->escape_string($_REQUEST["id"]); + $enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"])); + $match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])); + $inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])); + $title = $this->dbh->escape_string($_REQUEST["title"]); - $result = db_query($this->link, "UPDATE ttrss_filters2 SET enabled = $enabled, + $result = $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled, match_any_rule = $match_any_rule, inverse = $inverse, title = '$title' @@ -482,17 +480,17 @@ class Pref_Filters extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); + $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); } } private function saveRulesAndActions($filter_id) { - db_query($this->link, "DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'"); - db_query($this->link, "DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'"); + $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'"); + $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'"); if ($filter_id) { /* create rules */ @@ -521,11 +519,11 @@ class Pref_Filters extends Handler_Protected { foreach ($rules as $rule) { if ($rule) { - $reg_exp = strip_tags(db_escape_string($this->link, trim($rule["reg_exp"]))); + $reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"]))); $inverse = isset($rule["inverse"]) ? "true" : "false"; - $filter_type = (int) db_escape_string($this->link, trim($rule["filter_type"])); - $feed_id = db_escape_string($this->link, trim($rule["feed_id"])); + $filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"])); + $feed_id = $this->dbh->escape_string(trim($rule["feed_id"])); if (strpos($feed_id, "CAT:") === 0) { @@ -546,16 +544,16 @@ class Pref_Filters extends Handler_Protected { (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)"; - db_query($this->link, $query); + $this->dbh->query($query); } } foreach ($actions as $action) { if ($action) { - $action_id = (int) db_escape_string($this->link, $action["action_id"]); - $action_param = db_escape_string($this->link, $action["action_param"]); - $action_param_label = db_escape_string($this->link, $action["action_param_label"]); + $action_id = (int) $this->dbh->escape_string($action["action_id"]); + $action_param = $this->dbh->escape_string($action["action_param"]); + $action_param_label = $this->dbh->escape_string($action["action_param_label"]); if ($action_id == 7) { $action_param = $action_param_label; @@ -569,7 +567,7 @@ class Pref_Filters extends Handler_Protected { (filter_id, action_id, action_param) VALUES ('$filter_id', '$action_id', '$action_param')"; - db_query($this->link, $query); + $this->dbh->query($query); } } } @@ -586,35 +584,35 @@ class Pref_Filters extends Handler_Protected { $enabled = checkbox_to_sql_bool($_REQUEST["enabled"]); $match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]); - $title = db_escape_string($this->link, $_REQUEST["title"]); + $title = $this->dbh->escape_string($_REQUEST["title"]); - db_query($this->link, "BEGIN"); + $this->dbh->query("BEGIN"); /* create base filter */ - $result = db_query($this->link, "INSERT INTO ttrss_filters2 + $result = $this->dbh->query("INSERT INTO ttrss_filters2 (owner_uid, match_any_rule, enabled, title) VALUES (".$_SESSION["uid"].",$match_any_rule,$enabled, '$title')"); - $result = db_query($this->link, "SELECT MAX(id) AS id FROM ttrss_filters2 + $result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"]); - $filter_id = db_fetch_result($result, 0, "id"); + $filter_id = $this->dbh->fetch_result($result, 0, "id"); $this->saveRulesAndActions($filter_id); - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); } function index() { - $sort = db_escape_string($this->link, $_REQUEST["sort"]); + $sort = $this->dbh->escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "reg_exp"; } - $filter_search = db_escape_string($this->link, $_REQUEST["search"]); + $filter_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -626,7 +624,7 @@ class Pref_Filters extends Handler_Protected { print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; - $filter_search = db_escape_string($this->link, $_REQUEST["search"]); + $filter_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -706,8 +704,7 @@ class Pref_Filters extends Handler_Protected { print "</div>"; #pane - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefFilters"); print "</div>"; #container @@ -832,12 +829,12 @@ class Pref_Filters extends Handler_Protected { print "<form name='filter_new_rule_form' id='filter_new_rule_form'>"; - $result = db_query($this->link, "SELECT id,description + $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_types WHERE id != 5 ORDER BY description"); $filter_types = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $filter_types[$line["id"]] = __($line["description"]); } @@ -864,7 +861,7 @@ class Pref_Filters extends Handler_Protected { print __("in") . " "; print "<span id='filterDlg_feeds'>"; - print_feed_select($this->link, "feed_id", + print_feed_select("feed_id", $cat_filter ? "CAT:$feed_id" : $feed_id, 'dojoType="dijit.form.FilteringSelect"'); print "</span>"; @@ -888,7 +885,7 @@ class Pref_Filters extends Handler_Protected { $action = json_decode($_REQUEST["action"], true); if ($action) { - $action_param = db_escape_string($this->link, $action["action_param"]); + $action_param = $this->dbh->escape_string($action["action_param"]); $action_id = (int)$action["action_id"]; } else { $action_param = ""; @@ -904,10 +901,10 @@ class Pref_Filters extends Handler_Protected { print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" onchange=\"filterDlgCheckAction(this)\">"; - $result = db_query($this->link, "SELECT id,description FROM ttrss_filter_actions + $result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions ORDER BY name"); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $is_selected = ($line["id"] == $action_id) ? "selected='1'" : ""; printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"])); } @@ -928,7 +925,7 @@ class Pref_Filters extends Handler_Protected { id=\"filterDlg_actionParam\" style=\"$param_hidden\" name=\"action_param\" value=\"$action_param\">"; - print_label_select($this->link, "action_param_label", $action_param, + print_label_select("action_param_label", $action_param, "id=\"filterDlg_actionParamLabel\" style=\"$label_param_hidden\" dojoType=\"dijit.form.Select\""); @@ -953,28 +950,28 @@ class Pref_Filters extends Handler_Protected { private function getFilterName($id) { - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT title,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r ON (r.filter_id = f.id) LEFT JOIN ttrss_filters2_actions AS a ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title"); - $title = db_fetch_result($result, 0, "title"); - $num_rules = db_fetch_result($result, 0, "num_rules"); - $num_actions = db_fetch_result($result, 0, "num_actions"); + $title = $this->dbh->fetch_result($result, 0, "title"); + $num_rules = $this->dbh->fetch_result($result, 0, "num_rules"); + $num_actions = $this->dbh->fetch_result($result, 0, "num_actions"); if (!$title) $title = __("[No caption]"); $title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules); - $result = db_query($this->link, + $result = $this->dbh->query( "SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1"); $actions = ""; - if (db_num_rows($result) > 0) { - $line = db_fetch_assoc($result); + if ($this->dbh->num_rows($result) > 0) { + $line = $this->dbh->fetch_assoc($result); $actions = $this->getActionName($line); $num_actions -= 1; @@ -987,22 +984,22 @@ class Pref_Filters extends Handler_Protected { } function join() { - $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); if (count($ids) > 1) { $base_id = array_shift($ids); $ids_str = join(",", $ids); - db_query($this->link, "BEGIN"); - db_query($this->link, "UPDATE ttrss_filters2_rules + $this->dbh->query("BEGIN"); + $this->dbh->query("UPDATE ttrss_filters2_rules SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); - db_query($this->link, "UPDATE ttrss_filters2_actions + $this->dbh->query("UPDATE ttrss_filters2_actions SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)"); - db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)"); - db_query($this->link, "UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'"); + $this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)"); + $this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'"); - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); $this->optimizeFilter($base_id); @@ -1010,14 +1007,14 @@ class Pref_Filters extends Handler_Protected { } private function optimizeFilter($id) { - db_query($this->link, "BEGIN"); - $result = db_query($this->link, "SELECT * FROM ttrss_filters2_actions + $this->dbh->query("BEGIN"); + $result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id'"); $tmp = array(); $dupe_ids = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $id = $line["id"]; unset($line["id"]); @@ -1030,17 +1027,17 @@ class Pref_Filters extends Handler_Protected { if (count($dupe_ids) > 0) { $ids_str = join(",", $dupe_ids); - db_query($this->link, "DELETE FROM ttrss_filters2_actions + $this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE id IN ($ids_str)"); } - $result = db_query($this->link, "SELECT * FROM ttrss_filters2_rules + $result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules WHERE filter_id = '$id'"); $tmp = array(); $dupe_ids = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $id = $line["id"]; unset($line["id"]); @@ -1053,11 +1050,11 @@ class Pref_Filters extends Handler_Protected { if (count($dupe_ids) > 0) { $ids_str = join(",", $dupe_ids); - db_query($this->link, "DELETE FROM ttrss_filters2_rules + $this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE id IN ($ids_str)"); } - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); } } ?> diff --git a/classes/pref/labels.php b/classes/pref/labels.php index b45354c94..2ad152c2d 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -8,12 +8,12 @@ class Pref_Labels extends Handler_Protected { } function edit() { - $label_id = db_escape_string($this->link, $_REQUEST['id']); + $label_id = $this->dbh->escape_string($_REQUEST['id']); - $result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE + $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); - $line = db_fetch_assoc($result); + $line = $this->dbh->fetch_assoc($result); print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">"; @@ -90,12 +90,12 @@ class Pref_Labels extends Handler_Protected { $root['name'] = __('Labels'); $root['items'] = array(); - $result = db_query($this->link, "SELECT * + $result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY caption"); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $label = array(); $label['id'] = 'LABEL:' . $line['id']; $label['bare_id'] = $line['id']; @@ -118,29 +118,29 @@ class Pref_Labels extends Handler_Protected { } function colorset() { - $kind = db_escape_string($this->link, $_REQUEST["kind"]); - $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); - $color = db_escape_string($this->link, $_REQUEST["color"]); - $fg = db_escape_string($this->link, $_REQUEST["fg"]); - $bg = db_escape_string($this->link, $_REQUEST["bg"]); + $kind = $this->dbh->escape_string($_REQUEST["kind"]); + $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); + $color = $this->dbh->escape_string($_REQUEST["color"]); + $fg = $this->dbh->escape_string($_REQUEST["fg"]); + $bg = $this->dbh->escape_string($_REQUEST["bg"]); foreach ($ids as $id) { if ($kind == "fg" || $kind == "bg") { - db_query($this->link, "UPDATE ttrss_labels2 SET + $this->dbh->query("UPDATE ttrss_labels2 SET ${kind}_color = '$color' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); } else { - db_query($this->link, "UPDATE ttrss_labels2 SET + $this->dbh->query("UPDATE ttrss_labels2 SET fg_color = '$fg', bg_color = '$bg' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); } - $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"])); /* Remove cached data */ - db_query($this->link, "UPDATE ttrss_user_entries SET label_cache = '' + $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); } @@ -149,18 +149,18 @@ class Pref_Labels extends Handler_Protected { } function colorreset() { - $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - db_query($this->link, "UPDATE ttrss_labels2 SET + $this->dbh->query("UPDATE ttrss_labels2 SET fg_color = '', bg_color = '' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); - $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"])); /* Remove cached data */ - db_query($this->link, "UPDATE ttrss_user_entries SET label_cache = '' + $this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); } @@ -168,31 +168,31 @@ class Pref_Labels extends Handler_Protected { function save() { - $id = db_escape_string($this->link, $_REQUEST["id"]); - $caption = db_escape_string($this->link, trim($_REQUEST["caption"])); + $id = $this->dbh->escape_string($_REQUEST["id"]); + $caption = $this->dbh->escape_string(trim($_REQUEST["caption"])); - db_query($this->link, "BEGIN"); + $this->dbh->query("BEGIN"); - $result = db_query($this->link, "SELECT caption FROM ttrss_labels2 + $result = $this->dbh->query("SELECT caption FROM ttrss_labels2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); - if (db_num_rows($result) != 0) { - $old_caption = db_fetch_result($result, 0, "caption"); + if ($this->dbh->num_rows($result) != 0) { + $old_caption = $this->dbh->fetch_result($result, 0, "caption"); - $result = db_query($this->link, "SELECT id FROM ttrss_labels2 + $result = $this->dbh->query("SELECT id FROM ttrss_labels2 WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]); - if (db_num_rows($result) == 0) { + if ($this->dbh->num_rows($result) == 0) { if ($caption) { - $result = db_query($this->link, "UPDATE ttrss_labels2 SET + $result = $this->dbh->query("UPDATE ttrss_labels2 SET caption = '$caption' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); /* Update filters that reference label being renamed */ - $old_caption = db_escape_string($this->link, $old_caption); + $old_caption = $this->dbh->escape_string($old_caption); - db_query($this->link, "UPDATE ttrss_filters2_actions SET + $this->dbh->query("UPDATE ttrss_filters2_actions SET action_param = '$caption' WHERE action_param = '$old_caption' AND action_id = 7 AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")"); @@ -206,28 +206,28 @@ class Pref_Labels extends Handler_Protected { } } - db_query($this->link, "COMMIT"); + $this->dbh->query("COMMIT"); return; } function remove() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { - label_remove($this->link, $id, $_SESSION["uid"]); + label_remove($id, $_SESSION["uid"]); } } function add() { - $caption = db_escape_string($this->link, $_REQUEST["caption"]); - $output = db_escape_string($this->link, $_REQUEST["output"]); + $caption = $this->dbh->escape_string($_REQUEST["caption"]); + $output = $this->dbh->escape_string($_REQUEST["output"]); if ($caption) { - if (label_create($this->link, $caption)) { + if (label_create($caption)) { if (!$output) { print T_sprintf("Created label <b>%s</b>", htmlspecialchars($caption)); } @@ -238,7 +238,7 @@ class Pref_Labels extends Handler_Protected { print "<rpc-reply><payload>"; - print_label_select($this->link, "select_label", + print_label_select("select_label", $caption, ""); print "</payload></rpc-reply>"; @@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected { function index() { - $sort = db_escape_string($this->link, $_REQUEST["sort"]); + $sort = $this->dbh->escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "caption"; } - $label_search = db_escape_string($this->link, $_REQUEST["search"]); + $label_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_label_search"] = $label_search; @@ -319,8 +319,7 @@ class Pref_Labels extends Handler_Protected { print "</div>"; #pane - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefLabels"); print "</div>"; #container diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 29541e04d..fb6795957 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -11,8 +11,8 @@ class Pref_Prefs extends Handler_Protected { return array_search($method, $csrf_ignored) !== false; } - function __construct($link, $args) { - parent::__construct($link, $args); + function __construct($args) { + parent::__construct($args); $this->pref_sections = array( 1 => __('General'), @@ -52,9 +52,10 @@ class Pref_Prefs extends Handler_Protected { "STRIP_IMAGES" => array(__("Do not embed images in articles"), ""), "STRIP_UNSAFE_TAGS" => array(__("Strip unsafe tags from articles"), __("Strip all but most common HTML tags when reading articles.")), "USER_STYLESHEET" => array(__("Customize stylesheet"), __("Customize CSS stylesheet to your liking")), - "USER_TIMEZONE" => array(__("User timezone"), ""), + "USER_TIMEZONE" => array(__("Time zone"), ""), "VFEED_GROUP_BY_FEED" => array(__("Group headlines in virtual feeds"), __("Special feeds, labels, and categories are grouped by originating feeds")), - "USER_CSS_THEME" => array(__("Select theme"), __("Select one of the available CSS themes")) + "USER_LANGUAGE" => array(__("Language")), + "USER_CSS_THEME" => array(__("Theme"), __("Select one of the available CSS themes")) ); } @@ -79,8 +80,7 @@ class Pref_Prefs extends Handler_Protected { return; } - global $pluginhost; - $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); + $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); if (method_exists($authenticator, "change_password")) { print $authenticator->change_password($_SESSION["uid"], $old_pw, $new_pw); @@ -90,9 +90,6 @@ class Pref_Prefs extends Handler_Protected { } function saveconfig() { - - $_SESSION["prefs_cache"] = false; - $boolean_prefs = explode(",", $_POST["boolean_prefs"]); foreach ($boolean_prefs as $pref) { @@ -103,30 +100,25 @@ class Pref_Prefs extends Handler_Protected { foreach (array_keys($_POST) as $pref_name) { - $pref_name = db_escape_string($this->link, $pref_name); - $value = db_escape_string($this->link, $_POST[$pref_name]); + $pref_name = $this->dbh->escape_string($pref_name); + $value = $this->dbh->escape_string($_POST[$pref_name]); if ($pref_name == 'DIGEST_PREFERRED_TIME') { - if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) { + if (get_pref('DIGEST_PREFERRED_TIME') != $value) { - db_query($this->link, "UPDATE ttrss_users SET + $this->dbh->query("UPDATE ttrss_users SET last_digest_sent = NULL WHERE id = " . $_SESSION['uid']); } } - if ($pref_name == "language") { + if ($pref_name == "USER_LANGUAGE") { if ($_SESSION["language"] != $value) { - setcookie("ttrss_lang", $value, - time() + SESSION_COOKIE_LIFETIME); - $_SESSION["language"] = $value; - $need_reload = true; } - } else { - set_pref($this->link, $pref_name, $value); } + set_pref($pref_name, $value); } if ($need_reload) { @@ -138,13 +130,13 @@ class Pref_Prefs extends Handler_Protected { function getHelp() { - $pref_name = db_escape_string($this->link, $_REQUEST["pn"]); + $pref_name = $this->dbh->escape_string($_REQUEST["pn"]); - $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs + $result = $this->dbh->query("SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); - if (db_num_rows($result) > 0) { - $help_text = db_fetch_result($result, 0, "help_text"); + if ($this->dbh->num_rows($result) > 0) { + $help_text = $this->dbh->fetch_result($result, 0, "help_text"); print $help_text; } else { printf(__("Unknown option: %s"), $pref_name); @@ -153,12 +145,12 @@ class Pref_Prefs extends Handler_Protected { function changeemail() { - $email = db_escape_string($this->link, $_POST["email"]); - $full_name = db_escape_string($this->link, $_POST["full_name"]); + $email = $this->dbh->escape_string($_POST["email"]); + $full_name = $this->dbh->escape_string($_POST["full_name"]); $active_uid = $_SESSION["uid"]; - db_query($this->link, "UPDATE ttrss_users SET email = '$email', + $this->dbh->query("UPDATE ttrss_users SET email = '$email', full_name = '$full_name' WHERE id = '$active_uid'"); print __("Your personal data has been saved."); @@ -176,10 +168,10 @@ class Pref_Prefs extends Handler_Protected { $profile_qpart = "profile IS NULL"; } - db_query($this->link, "DELETE FROM ttrss_user_prefs + $this->dbh->query("DELETE FROM ttrss_user_prefs WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]); - initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); echo __("Your preferences are now set to default values."); } @@ -225,13 +217,13 @@ class Pref_Prefs extends Handler_Protected { print "<h2>" . __("Personal data") . "</h2>"; - $result = db_query($this->link, "SELECT email,full_name,otp_enabled, + $result = $this->dbh->query("SELECT email,full_name,otp_enabled, access_level FROM ttrss_users WHERE id = ".$_SESSION["uid"]); - $email = htmlspecialchars(db_fetch_result($result, 0, "email")); - $full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name")); - $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); + $email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email")); + $full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name")); + $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled")); print "<tr><td width=\"40%\">".__('Full name')."</td>"; print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\" @@ -242,7 +234,7 @@ class Pref_Prefs extends Handler_Protected { if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) { - $access_level = db_fetch_result($result, 0, "access_level"); + $access_level = $this->dbh->fetch_result($result, 0, "access_level"); print "<tr><td width=\"40%\">".__('Access level')."</td>"; print "<td>" . $access_level_names[$access_level] . "</td></tr>"; } @@ -258,10 +250,7 @@ class Pref_Prefs extends Handler_Protected { print "</form>"; if ($_SESSION["auth_module"]) { - global $pluginhost; - - $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); - + $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); } else { $authenticator = false; } @@ -270,11 +259,11 @@ class Pref_Prefs extends Handler_Protected { print "<h2>" . __("Password") . "</h2>"; - $result = db_query($this->link, "SELECT id FROM ttrss_users + $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE id = ".$_SESSION["uid"]." AND pwd_hash = 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'"); - if (db_num_rows($result) != 0) { + if ($this->dbh->num_rows($result) != 0) { print format_warning(__("Your password is at default value, please change it."), "default_pass_warning"); } @@ -375,7 +364,7 @@ class Pref_Prefs extends Handler_Protected { print "</form>"; - } else { + } else if (function_exists("imagecreatefromstring")) { print "<p>".__("You will need a compatible Authenticator to use this. Changing your password would automatically disable OTP.") . "</p>"; @@ -399,8 +388,8 @@ class Pref_Prefs extends Handler_Protected { parameters: dojo.objectToQuery(this.getValues()), onComplete: function(transport) { notify(''); - if (transport.responseText.indexOf('ERROR: ') == 0) { - notify_error(transport.responseText.replace('ERROR: ', '')); + if (transport.responseText.indexOf('ERROR:') == 0) { + notify_error(transport.responseText.replace('ERROR:', '')); } else { window.location.reload(); } @@ -416,11 +405,13 @@ class Pref_Prefs extends Handler_Protected { print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"password\"></td></tr>"; - print "<tr><td colspan=\"2\">"; + print "<tr><td width=\"40%\">".__("Enter the generated one time password")."</td>"; - print "<input dojoType=\"dijit.form.CheckBox\" required=\"1\" - type=\"checkbox\" id=\"enable_otp\" name=\"enable_otp\"/> "; - print "<label for=\"enable_otp\">".__("I have scanned the code and would like to enable OTP")."</label>"; + print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" autocomplete=\"off\" + required=\"1\" + name=\"otp\"></td></tr>"; + + print "<tr><td colspan=\"2\">"; print "</td></tr><tr><td colspan=\"2\">"; @@ -432,13 +423,16 @@ class Pref_Prefs extends Handler_Protected { print "</form>"; + } else { + + print_notice(__("PHP GD functions are required for OTP support.")); + } } } - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsAuth"); print "</div>"; #pane @@ -478,10 +472,10 @@ class Pref_Prefs extends Handler_Protected { } if ($_SESSION["profile"]) { - initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]); + initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]); $profile_qpart = "profile = '" . $_SESSION["profile"] . "'"; } else { - initialize_user_prefs($this->link, $_SESSION["uid"]); + initialize_user_prefs($_SESSION["uid"]); $profile_qpart = "profile IS NULL"; } @@ -492,7 +486,7 @@ class Pref_Prefs extends Handler_Protected { $access_query = 'true'; - $result = db_query($this->link, "SELECT DISTINCT + $result = $this->dbh->query("SELECT DISTINCT ttrss_user_prefs.pref_name,value,type_name, ttrss_prefs_sections.order_id, def_value,section_id @@ -511,7 +505,7 @@ class Pref_Prefs extends Handler_Protected { $listed_boolean_prefs = array(); - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { continue; @@ -545,22 +539,6 @@ class Pref_Prefs extends Handler_Protected { print "<tr><td colspan=\"3\"><h3>".$section_name."</h3></td></tr>"; $lnum = 0; - - if ($active_section == 2) { - print "<tr>"; - - print "<td width=\"40%\" class=\"prefName\">"; - print "<label>"; - print __("Language:"); - print "</label>"; - - print "<td>"; - print_select_hash("language", $_COOKIE["ttrss_lang"], get_translations(), - "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'"); - print "</td>"; - print "</tr>"; - } - } print "<tr>"; @@ -576,7 +554,11 @@ class Pref_Prefs extends Handler_Protected { print "<td class=\"prefValue\">"; - if ($pref_name == "USER_TIMEZONE") { + if ($pref_name == "USER_LANGUAGE") { + print_select_hash($pref_name, $value, get_translations(), + "style='width : 220px; margin : 0px' dojoType='dijit.form.Select'"); + + } else if ($pref_name == "USER_TIMEZONE") { $timezones = explode("\n", file_get_contents("lib/timezones.txt")); @@ -676,8 +658,7 @@ class Pref_Prefs extends Handler_Protected { print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">"; - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside"); print '</div>'; # inside pane @@ -713,8 +694,7 @@ class Pref_Prefs extends Handler_Protected { <label for='prefs_show_advanced'>" . __("Show additional preferences") . "</label>"; */ - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsOutside"); print "</form>"; @@ -765,9 +745,9 @@ class Pref_Prefs extends Handler_Protected { <td width='10%'>".__('Author')."</td></tr>"; $system_enabled = array_map("trim", explode(",", PLUGINS)); - $user_enabled = array_map("trim", explode(",", get_pref($this->link, "_ENABLED_PLUGINS"))); + $user_enabled = array_map("trim", explode(",", get_pref("_ENABLED_PLUGINS"))); - $tmppluginhost = new PluginHost($this->link); + $tmppluginhost = new PluginHost(); $tmppluginhost->load_all($tmppluginhost::KIND_ALL, $_SESSION["uid"]); $tmppluginhost->load_data(true); @@ -878,8 +858,7 @@ class Pref_Prefs extends Handler_Protected { print "</div>"; #pane - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefPrefs"); print "</div>"; #container @@ -895,52 +874,67 @@ class Pref_Prefs extends Handler_Protected { require_once "lib/otphp/lib/totp.php"; require_once "lib/phpqrcode/phpqrcode.php"; - $result = db_query($this->link, "SELECT login,salt,otp_enabled + $result = $this->dbh->query("SELECT login,salt,otp_enabled FROM ttrss_users WHERE id = ".$_SESSION["uid"]); $base32 = new Base32(); - $login = db_fetch_result($result, 0, "login"); - $otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled")); + $login = $this->dbh->fetch_result($result, 0, "login"); + $otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled")); if (!$otp_enabled) { - $secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt"))); + $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt"))); $topt = new \OTPHP\TOTP($secret); print QRcode::png($topt->provisioning_uri($login)); } } function otpenable() { - $password = db_escape_string($this->link, $_REQUEST["password"]); - $enable_otp = $_REQUEST["enable_otp"] == "on"; + require_once "lib/otphp/vendor/base32.php"; + require_once "lib/otphp/lib/otp.php"; + require_once "lib/otphp/lib/totp.php"; - global $pluginhost; - $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); + $password = $_REQUEST["password"]; + $otp = $_REQUEST["otp"]; + + $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { - if ($enable_otp) { - db_query($this->link, "UPDATE ttrss_users SET otp_enabled = true WHERE + $result = $this->dbh->query("SELECT salt + FROM ttrss_users + WHERE id = ".$_SESSION["uid"]); + + $base32 = new Base32(); + + $secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt"))); + $topt = new \OTPHP\TOTP($secret); + + $otp_check = $topt->now(); + + if ($otp == $otp_check) { + $this->dbh->query("UPDATE ttrss_users SET otp_enabled = true WHERE id = " . $_SESSION["uid"]); print "OK"; + } else { + print "ERROR:".__("Incorrect one time password"); } } else { - print "ERROR: ".__("Incorrect password"); + print "ERROR:".__("Incorrect password"); } } function otpdisable() { - $password = db_escape_string($this->link, $_REQUEST["password"]); + $password = $this->dbh->escape_string($_REQUEST["password"]); - global $pluginhost; - $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); + $authenticator = PluginHost::getInstance()->get_plugin($_SESSION["auth_module"]); if ($authenticator->check_password($_SESSION["uid"], $password)) { - db_query($this->link, "UPDATE ttrss_users SET otp_enabled = false WHERE + $this->dbh->query("UPDATE ttrss_users SET otp_enabled = false WHERE id = " . $_SESSION["uid"]); print "OK"; @@ -956,18 +950,17 @@ class Pref_Prefs extends Handler_Protected { else $plugins = ""; - set_pref($this->link, "_ENABLED_PLUGINS", $plugins); + set_pref("_ENABLED_PLUGINS", $plugins); } function clearplugindata() { - $name = db_escape_string($this->link, $_REQUEST["name"]); + $name = $this->dbh->escape_string($_REQUEST["name"]); - global $pluginhost; - $pluginhost->clear_data($pluginhost->get_plugin($name)); + PluginHost::getInstance()->clear_data(PluginHost::getInstance()->get_plugin($name)); } function customizeCSS() { - $value = get_pref($this->link, "USER_STYLESHEET"); + $value = get_pref("USER_STYLESHEET"); $value = str_replace("<br/>", "\n", $value); @@ -1015,7 +1008,7 @@ class Pref_Prefs extends Handler_Protected { print "</div>"; - $result = db_query($this->link, "SELECT title,id FROM ttrss_settings_profiles + $result = $this->dbh->query("SELECT title,id FROM ttrss_settings_profiles WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title"); print "<div class=\"prefProfileHolder\">"; @@ -1046,9 +1039,7 @@ class Pref_Prefs extends Handler_Protected { $lnum = 1; - while ($line = db_fetch_assoc($result)) { - - $class = ($lnum % 2) ? "even" : "odd"; + while ($line = $this->dbh->fetch_assoc($result)) { $profile_id = $line["id"]; $this_row_id = "id=\"FCATR-$profile_id\""; diff --git a/classes/pref/system.php b/classes/pref/system.php new file mode 100644 index 000000000..7accb1f91 --- /dev/null +++ b/classes/pref/system.php @@ -0,0 +1,90 @@ +<?php + +class Pref_System extends Handler_Protected { + + function before($method) { + if (parent::before($method)) { + if ($_SESSION["access_level"] < 10) { + print __("Your access level is insufficient to open this tab."); + return false; + } + return true; + } + return false; + } + + function csrf_ignore($method) { + $csrf_ignored = array("index"); + + return array_search($method, $csrf_ignored) !== false; + } + + function clearLog() { + $this->dbh->query("DELETE FROM ttrss_error_log"); + } + + function index() { + + print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">"; + print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Error Log')."\">"; + + if (LOG_DESTINATION == "sql") { + + $result = $this->dbh->query("SELECT errno, errstr, filename, lineno, + created_at, login FROM ttrss_error_log + LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id) + ORDER BY ttrss_error_log.id DESC + LIMIT 100"); + + print "<button dojoType=\"dijit.form.Button\" + onclick=\"updateSystemList()\">".__('Refresh')."</button> "; + + print " <button dojoType=\"dijit.form.Button\" + onclick=\"clearSqlLog()\">".__('Clear log')."</button> "; + + print "<p><table width=\"100%\" cellspacing=\"10\" class=\"prefErrorLog\">"; + + print "<tr class=\"title\"> + <td width='5%'>".__("Error")."</td> + <td>".__("Filename")."</td> + <td>".__("Message")."</td> + <td width='5%'>".__("User")."</td> + <td width='5%'>".__("Date")."</td> + </tr>"; + + while ($line = $this->dbh->fetch_assoc($result)) { + print "<tr class=\"errrow\">"; + + foreach ($line as $k => $v) { + $line[$k] = htmlspecialchars($v); + } + + print "<td class='errno'>" . Logger::$errornames[$line["errno"]] . " (" . $line["errno"] . ")</td>"; + print "<td class='filename'>" . $line["filename"] . ":" . $line["lineno"] . "</td>"; + print "<td class='errstr'>" . $line["errstr"] . "</td>"; + print "<td class='login'>" . $line["login"] . "</td>"; + + print "<td class='timestamp'>" . + make_local_datetime( + $line["created_at"], false) . "</td>"; + + print "</tr>"; + } + + print "</table>"; + } else { + + print_notice("Please set LOG_DESTINATION to 'sql' in config.php to enable database logging."); + + } + + print "</div>"; + + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, + "hook_prefs_tab", "prefSystem"); + + print "</div>"; #container + } + +} +?> diff --git a/classes/pref/users.php b/classes/pref/users.php index 891a69a52..60059dc8d 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -21,7 +21,7 @@ class Pref_Users extends Handler_Protected { $uid = sprintf("%d", $_REQUEST["id"]); - $result = db_query($this->link, "SELECT login, + $result = $this->dbh->query("SELECT login, ".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login, access_level, (SELECT COUNT(int_id) FROM ttrss_user_entries @@ -30,33 +30,33 @@ class Pref_Users extends Handler_Protected { FROM ttrss_users WHERE id = '$uid'"); - if (db_num_rows($result) == 0) { + if ($this->dbh->num_rows($result) == 0) { print "<h1>".__('User not found')."</h1>"; return; } // print "<h1>User Details</h1>"; - $login = db_fetch_result($result, 0, "login"); + $login = $this->dbh->fetch_result($result, 0, "login"); print "<table width='100%'>"; - $last_login = make_local_datetime($this->link, - db_fetch_result($result, 0, "last_login"), true); + $last_login = make_local_datetime( + $this->dbh->fetch_result($result, 0, "last_login"), true); - $created = make_local_datetime($this->link, - db_fetch_result($result, 0, "created"), true); + $created = make_local_datetime( + $this->dbh->fetch_result($result, 0, "created"), true); - $access_level = db_fetch_result($result, 0, "access_level"); - $stored_articles = db_fetch_result($result, 0, "stored_articles"); + $access_level = $this->dbh->fetch_result($result, 0, "access_level"); + $stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles"); print "<tr><td>".__('Registered')."</td><td>$created</td></tr>"; print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>"; - $result = db_query($this->link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds + $result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds WHERE owner_uid = '$uid'"); - $num_feeds = db_fetch_result($result, 0, "num_feeds"); + $num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds"); print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>"; @@ -64,14 +64,12 @@ class Pref_Users extends Handler_Protected { print "<h1>".__('Subscribed feeds')."</h1>"; - $result = db_query($this->link, "SELECT id,title,site_url FROM ttrss_feeds + $result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds WHERE owner_uid = '$uid' ORDER BY title"); print "<ul class=\"userFeedList\">"; - $row_class = "odd"; - - while ($line = db_fetch_assoc($result)) { + while ($line = $this->dbh->fetch_assoc($result)) { $icon_file = ICONS_URL."/".$line["id"].".ico"; @@ -81,13 +79,11 @@ class Pref_Users extends Handler_Protected { $feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">"; } - print "<li class=\"$row_class\">$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>"; - - $row_class = $row_class == "even" ? "odd" : "even"; + print "<li>$feed_icon <a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>"; } - if (db_num_rows($result) < $num_feeds) { + if ($this->dbh->num_rows($result) < $num_feeds) { // FIXME - add link to show ALL subscribed feeds here somewhere print "<li><img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\"> ...</li>"; @@ -105,18 +101,18 @@ class Pref_Users extends Handler_Protected { function edit() { global $access_level_names; - $id = db_escape_string($this->link, $_REQUEST["id"]); + $id = $this->dbh->escape_string($_REQUEST["id"]); print "<form id=\"user_edit_form\" onsubmit='return false'>"; print "<input type=\"hidden\" name=\"id\" value=\"$id\">"; print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">"; print "<input type=\"hidden\" name=\"method\" value=\"editSave\">"; - $result = db_query($this->link, "SELECT * FROM ttrss_users WHERE id = '$id'"); + $result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'"); - $login = db_fetch_result($result, 0, "login"); - $access_level = db_fetch_result($result, 0, "access_level"); - $email = db_fetch_result($result, 0, "email"); + $login = $this->dbh->fetch_result($result, 0, "login"); + $access_level = $this->dbh->fetch_result($result, 0, "access_level"); + $email = $this->dbh->fetch_result($result, 0, "email"); $sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : ""; @@ -181,10 +177,10 @@ class Pref_Users extends Handler_Protected { } function editSave() { - $login = db_escape_string($this->link, trim($_REQUEST["login"])); - $uid = db_escape_string($this->link, $_REQUEST["id"]); + $login = $this->dbh->escape_string(trim($_REQUEST["login"])); + $uid = $this->dbh->escape_string($_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; - $email = db_escape_string($this->link, trim($_REQUEST["email"])); + $email = $this->dbh->escape_string(trim($_REQUEST["email"])); $password = $_REQUEST["password"]; if ($password) { @@ -195,52 +191,52 @@ class Pref_Users extends Handler_Protected { $pass_query_part = ""; } - db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login', + $this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login', access_level = '$access_level', email = '$email', otp_enabled = false WHERE id = '$uid'"); } function remove() { - $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); + $ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { - db_query($this->link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); - db_query($this->link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); - db_query($this->link, "DELETE FROM ttrss_users WHERE id = '$id'"); + $this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'"); + $this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'"); + $this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'"); } } } function add() { - $login = db_escape_string($this->link, trim($_REQUEST["login"])); + $login = $this->dbh->escape_string(trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); - $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE + $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login'"); - if (db_num_rows($result) == 0) { + if ($this->dbh->num_rows($result) == 0) { - db_query($this->link, "INSERT INTO ttrss_users + $this->dbh->query("INSERT INTO ttrss_users (login,pwd_hash,access_level,last_login,created, salt) VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')"); - $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE + $result = $this->dbh->query("SELECT id FROM ttrss_users WHERE login = '$login' AND pwd_hash = '$pwd_hash'"); - if (db_num_rows($result) == 1) { + if ($this->dbh->num_rows($result) == 1) { - $new_uid = db_fetch_result($result, 0, "id"); + $new_uid = $this->dbh->fetch_result($result, 0, "id"); print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>", $login, $tmp_user_pwd)); - initialize_user($this->link, $new_uid); + initialize_user($new_uid); } else { @@ -252,9 +248,9 @@ class Pref_Users extends Handler_Protected { } } - static function resetUserPassword($link, $uid, $show_password) { + static function resetUserPassword($uid, $show_password) { - $result = db_query($link, "SELECT login,email + $result = db_query("SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); @@ -266,7 +262,7 @@ class Pref_Users extends Handler_Protected { $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' + db_query("UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); if ($show_password) { @@ -304,8 +300,8 @@ class Pref_Users extends Handler_Protected { } function resetPass() { - $uid = db_escape_string($this->link, $_REQUEST["id"]); - Pref_Users::resetUserPassword($this->link, $uid, true); + $uid = $this->dbh->escape_string($_REQUEST["id"]); + Pref_Users::resetUserPassword($uid, true); } function index() { @@ -317,7 +313,7 @@ class Pref_Users extends Handler_Protected { print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">"; - $user_search = db_escape_string($this->link, $_REQUEST["search"]); + $user_search = $this->dbh->escape_string($_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; @@ -332,7 +328,7 @@ class Pref_Users extends Handler_Protected { __('Search')."</button> </div>"; - $sort = db_escape_string($this->link, $_REQUEST["sort"]); + $sort = $this->dbh->escape_string($_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; @@ -367,7 +363,7 @@ class Pref_Users extends Handler_Protected { if ($user_search) { - $user_search = split(" ", $user_search); + $user_search = explode(" ", $user_search); $tokens = array(); foreach ($user_search as $token) { @@ -381,7 +377,7 @@ class Pref_Users extends Handler_Protected { $user_search_query = ""; } - $result = db_query($this->link, "SELECT + $result = $this->dbh->query("SELECT id,login,access_level,email, ".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login, ".SUBSTRING_FOR_DATE."(created,1,16) as created @@ -392,7 +388,7 @@ class Pref_Users extends Handler_Protected { id > 0 ORDER BY $sort"); - if (db_num_rows($result) > 0) { + if ($this->dbh->num_rows($result) > 0) { print "<p><table width=\"100%\" cellspacing=\"0\" class=\"prefUserList\" id=\"prefUserList\">"; @@ -406,9 +402,7 @@ class Pref_Users extends Handler_Protected { $lnum = 0; - while ($line = db_fetch_assoc($result)) { - - $class = ($lnum % 2) ? "even" : "odd"; + while ($line = $this->dbh->fetch_assoc($result)) { $uid = $line["id"]; @@ -416,8 +410,8 @@ class Pref_Users extends Handler_Protected { $line["login"] = htmlspecialchars($line["login"]); - $line["created"] = make_local_datetime($this->link, $line["created"], false); - $line["last_login"] = make_local_datetime($this->link, $line["last_login"], false); + $line["created"] = make_local_datetime($line["created"], false); + $line["last_login"] = make_local_datetime($line["last_login"], false); print "<td align='center'><input onclick='toggleSelectRow2(this);' dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" @@ -453,8 +447,7 @@ class Pref_Users extends Handler_Protected { print "</div>"; #pane - global $pluginhost; - $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB, + PluginHost::getInstance()->run_hooks(PluginHost::HOOK_PREFS_TAB, "hook_prefs_tab", "prefUsers"); print "</div>"; #container |