diff options
| author | Andrew Dolgov <[email protected]> | 2017-12-03 10:16:32 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-12-03 10:16:32 +0300 |
| commit | d8bf94c2f29bb980aae6e7b2ba53e18e4e3fc1e1 (patch) | |
| tree | d1f6ee0168234cc5139a81c939bc8bff4382c6c5 /plugins | |
| parent | 69563c96b4778a12de6707574a331b32f263f6e9 (diff) | |
plugins/mailto: PDO
Diffstat (limited to 'plugins')
| -rw-r--r-- | plugins/mailto/init.php | 14 |
1 files changed, 9 insertions, 5 deletions
diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php index 83e643231..60c58b707 100644 --- a/plugins/mailto/init.php +++ b/plugins/mailto/init.php @@ -27,7 +27,8 @@ class MailTo extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $ids = explode(",", $_REQUEST['param']); + $ids_qmarks = arr_qmarks($ids); require_once "lib/MiniTemplator.class.php"; @@ -40,15 +41,18 @@ class MailTo extends Plugin { $tpl->setVariable('TTRSS_HOST', $_SERVER["HTTP_HOST"], true); - $result = db_query("SELECT DISTINCT link, content, title + $sth = $this->pdo->prepare("SELECT DISTINCT link, content, title FROM ttrss_user_entries, ttrss_entries WHERE id = ref_id AND - id IN ($param) AND owner_uid = " . $_SESSION["uid"]); + id IN ($ids_qmarks) AND owner_uid = ?"); + $sth->execute(array_merge($ids, [$_SESSION['uid']])); - if (db_num_rows($result) > 1) { + if (count($ids) > 1) { $subject = __("[Forwarded]") . " " . __("Multiple articles"); + } else { + $subject = ""; } - while ($line = db_fetch_assoc($result)) { + while ($line = $sth->fetch()) { if (!$subject) $subject = __("[Forwarded]") . " " . htmlspecialchars($line["title"]); |