diff options
| author | Andrew Dolgov <[email protected]> | 2017-12-03 09:43:18 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-12-03 09:43:18 +0300 |
| commit | b6f3562d1e2c30a696e6cfbea3703f4aa3138e8d (patch) | |
| tree | 85def0ee6ea9653b162e6be8035571284013dc26 /plugins | |
| parent | 187abfe732fe62cf4b30847665dab30903d00d99 (diff) | |
plugin base class: init pdo object
plugins/share: use PDO
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/share/init.php | 48 |
1 files changed, 28 insertions, 20 deletions
diff --git a/plugins/share/init.php b/plugins/share/init.php index 133f09447..84bc78eb4 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -8,6 +8,7 @@ class Share extends Plugin { "fox"); } + /* @var PluginHost $host */ function init($host) { $this->host = $host; @@ -25,10 +26,11 @@ class Share extends Plugin { function unshare() { - $id = db_escape_string($_REQUEST['id']); + $id = $_REQUEST['id']; - db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = '$id' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$id, $_SESSION['uid']]); print "OK"; } @@ -48,20 +50,21 @@ class Share extends Plugin { // Silent function clearArticleKeys() { - db_query("UPDATE ttrss_user_entries SET uuid = '' WHERE - owner_uid = " . $_SESSION["uid"]); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = '' WHERE + owner_uid = ?"); + $sth->execute([$_SESSION['uid']]); return; } function newkey() { - $id = db_escape_string($_REQUEST['id']); + $id = $_REQUEST['id']; + $uuid = uniqid_short(); - $uuid = db_escape_string(uniqid_short()); - - db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$id' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$uuid, $id, $_SESSION['uid']]); print json_encode(array("link" => $uuid)); } @@ -76,21 +79,22 @@ class Share extends Plugin { } function shareArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = $_REQUEST['param']; - $result = db_query("SELECT uuid FROM ttrss_user_entries WHERE int_id = '$param' - AND owner_uid = " . $_SESSION['uid']); + $sth = $this->pdo->prepare("SELECT uuid FROM ttrss_user_entries WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$param, $_SESSION['uid']]); - if (db_num_rows($result) == 0) { - print "Article not found."; - } else { + if ($row = $sth->fetch()) { - $uuid = db_fetch_result($result, 0, "uuid"); + $uuid = $row['uuid']; if (!$uuid) { - $uuid = db_escape_string(uniqid_short()); - db_query("UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' - AND owner_uid = " . $_SESSION['uid']); + $uuid = uniqid_short(); + + $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET uuid = ? WHERE int_id = ? + AND owner_uid = ?"); + $sth->execute([$uuid, $param, $_SESSION['uid']]); } print __("You can share this article by the following unique URL:") . "<br/>"; @@ -106,6 +110,10 @@ class Share extends Plugin { label_create(__('Shared'), $_SESSION["uid"]); label_add_article($ref_id, __('Shared'), $_SESSION['uid']); */ + + + } else { + print "Article not found."; } print "<div align='center'>"; |