summaryrefslogtreecommitdiff
path: root/classes/pref
diff options
context:
space:
mode:
Diffstat (limited to 'classes/pref')
-rw-r--r--classes/pref/feeds.php106
-rw-r--r--classes/pref/filters.php82
-rw-r--r--classes/pref/labels.php34
-rw-r--r--classes/pref/prefs.php55
-rw-r--r--classes/pref/users.php72
5 files changed, 198 insertions, 151 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php
index bfcc75f0d..ca4ae344f 100644
--- a/classes/pref/feeds.php
+++ b/classes/pref/feeds.php
@@ -14,8 +14,8 @@ class Pref_Feeds extends Handler_Protected {
}
function renamecat() {
- $title = db_escape_string($_REQUEST['title']);
- $id = db_escape_string($_REQUEST['id']);
+ $title = db_escape_string($this->link, $_REQUEST['title']);
+ $id = db_escape_string($this->link, $_REQUEST['id']);
if ($title) {
db_query($this->link, "UPDATE ttrss_feed_categories SET
@@ -55,7 +55,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = $this->get_category_items($line['id']);
- $cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+ $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
if (count($cat['items']) > 0 || $show_empty_cats)
array_push($items, $cat);
@@ -172,7 +172,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = $this->get_category_items($line['id']);
- $cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+ $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
if (count($cat['items']) > 0 || $show_empty_cats)
array_push($root['items'], $cat);
@@ -214,13 +214,13 @@ class Pref_Feeds extends Handler_Protected {
array_push($cat['items'], $feed);
}
- $cat['param'] = T_sprintf('(%d feeds)', count($cat['items']));
+ $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
if (count($cat['items']) > 0 || $show_empty_cats)
array_push($root['items'], $cat);
$root['param'] += count($cat['items']);
- $root['param'] = T_sprintf('(%d feeds)', $root['param']);
+ $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
} else {
$feed_result = db_query($this->link, "SELECT id, title, last_error,
@@ -245,7 +245,7 @@ class Pref_Feeds extends Handler_Protected {
array_push($root['items'], $feed);
}
- $root['param'] = T_sprintf('(%d feeds)', count($root['items']));
+ $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
}
$fl = array();
@@ -293,7 +293,7 @@ class Pref_Feeds extends Handler_Protected {
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
- $parent_qpart = db_escape_string($parent_bare_id);
+ $parent_qpart = db_escape_string($this->link, $parent_bare_id);
} else {
$parent_qpart = 'NULL';
}
@@ -319,7 +319,7 @@ class Pref_Feeds extends Handler_Protected {
if (strpos($id, "FEED") === 0) {
$cat_id = ($item_id != "root") ?
- db_escape_string($bare_item_id) : "NULL";
+ db_escape_string($this->link, $bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL";
@@ -334,7 +334,7 @@ class Pref_Feeds extends Handler_Protected {
$nest_level+1);
if ($item_id != 'root') {
- $parent_qpart = db_escape_string($bare_id);
+ $parent_qpart = db_escape_string($this->link, $bare_id);
} else {
$parent_qpart = 'NULL';
}
@@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected {
}
function removeicon() {
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
$result = db_query($this->link, "SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
@@ -440,7 +440,7 @@ class Pref_Feeds extends Handler_Protected {
header("Content-type: text/html");
$icon_file = $_FILES['icon_file']['tmp_name'];
- $feed_id = db_escape_string($_REQUEST["feed_id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 20000) {
@@ -472,7 +472,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
- $feed_id = db_escape_string($_REQUEST["id"]);
+ $feed_id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link,
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
@@ -613,6 +613,18 @@ class Pref_Feeds extends Handler_Protected {
name=\"always_display_enclosures\"
$checked>&nbsp;<label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
+ $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images"));
+
+ if ($hide_images) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
+
+ print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\"
+ name=\"hide_images\"
+ $checked>&nbsp;<label for=\"hide_images\">".
+ __('Do not embed images')."</label>";
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
@@ -696,7 +708,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
- $feed_ids = db_escape_string($_REQUEST["ids"]);
+ $feed_ids = db_escape_string($this->link, $_REQUEST["ids"]);
print "<div class=\"dialogNotice\">" . __("Enable the options you wish to apply using checkboxes on the right:") . "</div>";
@@ -804,6 +816,14 @@ class Pref_Feeds extends Handler_Protected {
print "&nbsp;"; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l");
+ print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"hide_images\"
+ name=\"hide_images\"
+ dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"hide_images_l\"
+ for=\"hide_images\">".
+ __('Do not embed images')."</label>";
+
+ print "&nbsp;"; $this->batch_edit_cbox("hide_images", "hide_images_l");
+
print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"cache_images_l\"
@@ -842,26 +862,27 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
- $feed_title = db_escape_string(trim($_POST["title"]));
- $feed_link = db_escape_string(trim($_POST["feed_url"]));
- $upd_intl = (int) db_escape_string($_POST["update_interval"]);
- $purge_intl = (int) db_escape_string($_POST["purge_interval"]);
- $feed_id = (int) db_escape_string($_POST["id"]); /* editSave */
- $feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */
- $cat_id = (int) db_escape_string($_POST["cat_id"]);
- $auth_login = db_escape_string(trim($_POST["auth_login"]));
- $auth_pass = db_escape_string(trim($_POST["auth_pass"]));
- $private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
+ $feed_title = db_escape_string($this->link, trim($_POST["title"]));
+ $feed_link = db_escape_string($this->link, trim($_POST["feed_url"]));
+ $upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]);
+ $purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]);
+ $feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */
+ $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */
+ $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]);
+ $auth_login = db_escape_string($this->link, trim($_POST["auth_login"]));
+ $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"]));
+ $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
- db_escape_string($_POST["include_in_digest"]));
+ db_escape_string($this->link, $_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
- db_escape_string($_POST["cache_images"]));
-
+ db_escape_string($this->link, $_POST["cache_images"]));
+ $hide_images = checkbox_to_sql_bool(
+ db_escape_string($this->link, $_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
- db_escape_string($_POST["always_display_enclosures"]));
+ db_escape_string($this->link, $_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
- db_escape_string($_POST["mark_unread_on_update"]));
+ db_escape_string($this->link, $_POST["mark_unread_on_update"]));
if (get_pref($this->link, 'ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) {
@@ -887,6 +908,7 @@ class Pref_Feeds extends Handler_Protected {
auth_pass = '$auth_pass',
private = $private,
cache_images = $cache_images,
+ hide_images = $hide_images,
include_in_digest = $include_in_digest,
always_display_enclosures = $always_display_enclosures,
mark_unread_on_update = $mark_unread_on_update
@@ -952,6 +974,10 @@ class Pref_Feeds extends Handler_Protected {
$qpart = "cache_images = $cache_images";
break;
+ case "hide_images":
+ $qpart = "hide_images = $hide_images";
+ break;
+
case "cat_id":
$qpart = $category_qpart_nocomma;
break;
@@ -973,7 +999,7 @@ class Pref_Feeds extends Handler_Protected {
function resetPubSub() {
- $ids = db_escape_string($_REQUEST["ids"]);
+ $ids = db_escape_string($this->link, $_REQUEST["ids"]);
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
AND owner_uid = " . $_SESSION["uid"]);
@@ -983,24 +1009,24 @@ class Pref_Feeds extends Handler_Protected {
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
- $this->remove_feed($this->link, $id, $_SESSION["uid"]);
+ Pref_Feeds::remove_feed($this->link, $id, $_SESSION["uid"]);
}
return;
}
function clear() {
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
$this->clear_feed_articles($this->link, $id);
}
function rescore() {
require_once "rssfuncs.php";
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
@@ -1106,9 +1132,9 @@ class Pref_Feeds extends Handler_Protected {
}
function categorize() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
- $cat_id = db_escape_string($_REQUEST["cat_id"]);
+ $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
if ($cat_id == 0) {
$cat_id_qpart = 'NULL';
@@ -1130,14 +1156,14 @@ class Pref_Feeds extends Handler_Protected {
}
function removeCat() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($this->link, $id, $_SESSION["uid"]);
}
}
function addCat() {
- $feed_cat = db_escape_string(trim($_REQUEST["cat"]));
+ $feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"]));
add_feed_category($this->link, $feed_cat);
}
@@ -1179,7 +1205,7 @@ class Pref_Feeds extends Handler_Protected {
__("Inactive feeds") . "</button>";
}
- $feed_search = db_escape_string($_REQUEST["search"]);
+ $feed_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
@@ -1631,7 +1657,7 @@ class Pref_Feeds extends Handler_Protected {
ccache_remove($link, $id, $owner_uid, true);
}
- private function remove_feed($link, $id, $owner_uid) {
+ static function remove_feed($link, $id, $owner_uid) {
if ($id > 0) {
diff --git a/classes/pref/filters.php b/classes/pref/filters.php
index 74a29c619..883ff0ebd 100644
--- a/classes/pref/filters.php
+++ b/classes/pref/filters.php
@@ -13,7 +13,10 @@ class Pref_Filters extends Handler_Protected {
$filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool(
- checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])));
+ checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"])));
+ $filter["inverse"] = sql_bool_to_bool(
+ checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"])));
+
$filter["rules"] = array();
$result = db_query($this->link, "SELECT id,name FROM ttrss_filter_types");
@@ -47,7 +50,7 @@ class Pref_Filters extends Handler_Protected {
$feed_title = getFeedTitle($this->link, $feed);
$qfh_ret = queryFeedHeadlines($this->link, -4, 30, "", false, false, false,
- false, "date_entered DESC", 0, $_SESSION["uid"], $filter);
+ "date_entered DESC", 0, $_SESSION["uid"], $filter);
$result = $qfh_ret[0];
@@ -168,7 +171,7 @@ class Pref_Filters extends Handler_Protected {
if ($line['action_id'] == 7) {
$label_result = db_query($this->link, "SELECT fg_color, bg_color
- FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND
+ FROM ttrss_labels2 WHERE caption = '".db_escape_string($this->link, $line['action_param'])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($label_result) > 0) {
@@ -207,13 +210,14 @@ class Pref_Filters extends Handler_Protected {
function edit() {
- $filter_id = db_escape_string($_REQUEST["id"]);
+ $filter_id = db_escape_string($this->link, $_REQUEST["id"]);
$result = db_query($this->link,
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled"));
$match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule"));
+ $inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
@@ -257,6 +261,7 @@ class Pref_Filters extends Handler_Protected {
unset($line["cat_id"]);
unset($line["filter_id"]);
unset($line["id"]);
+ if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
$data = htmlspecialchars(json_encode($line));
@@ -330,6 +335,15 @@ class Pref_Filters extends Handler_Protected {
print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked>
<label for=\"match_any_rule\">".__('Match any rule')."</label>";
+ if ($inverse) {
+ $checked = "checked=\"1\"";
+ } else {
+ $checked = "";
+ }
+
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
+ <label for=\"inverse\">".__('Inverse matching')."</label>";
+
print "<p/>";
print "<div class=\"dlgButtons\">";
@@ -370,9 +384,10 @@ class Pref_Filters extends Handler_Protected {
$result = db_query($this->link, "SELECT description FROM ttrss_filter_types
WHERE id = ".(int)$rule["filter_type"]);
- $match_on = db_fetch_result($result, 0, "description");
+ $filter_type = db_fetch_result($result, 0, "description");
- return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed);
+ return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]),
+ $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "");
}
function printRuleName() {
@@ -403,12 +418,14 @@ class Pref_Filters extends Handler_Protected {
# print_r($_REQUEST);
- $filter_id = db_escape_string($_REQUEST["id"]);
- $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
- $match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]));
+ $filter_id = db_escape_string($this->link, $_REQUEST["id"]);
+ $enabled = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["enabled"]));
+ $match_any_rule = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"]));
+ $inverse = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"]));
$result = db_query($this->link, "UPDATE ttrss_filters2 SET enabled = $enabled,
- match_any_rule = $match_any_rule
+ match_any_rule = $match_any_rule,
+ inverse = $inverse
WHERE id = '$filter_id'
AND owner_uid = ". $_SESSION["uid"]);
@@ -418,7 +435,7 @@ class Pref_Filters extends Handler_Protected {
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
@@ -457,9 +474,11 @@ class Pref_Filters extends Handler_Protected {
foreach ($rules as $rule) {
if ($rule) {
- $reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"])));
- $filter_type = (int) db_escape_string(trim($rule["filter_type"]));
- $feed_id = db_escape_string(trim($rule["feed_id"]));
+ $reg_exp = strip_tags(db_escape_string($this->link, trim($rule["reg_exp"])));
+ $inverse = isset($rule["inverse"]) ? "true" : "false";
+
+ $filter_type = (int) db_escape_string($this->link, trim($rule["filter_type"]));
+ $feed_id = db_escape_string($this->link, trim($rule["feed_id"]));
if (strpos($feed_id, "CAT:") === 0) {
@@ -477,8 +496,8 @@ class Pref_Filters extends Handler_Protected {
}
$query = "INSERT INTO ttrss_filters2_rules
- (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter) VALUES
- ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter)";
+ (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES
+ ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)";
db_query($this->link, $query);
}
@@ -487,9 +506,9 @@ class Pref_Filters extends Handler_Protected {
foreach ($actions as $action) {
if ($action) {
- $action_id = (int) db_escape_string($action["action_id"]);
- $action_param = db_escape_string($action["action_param"]);
- $action_param_label = db_escape_string($action["action_param_label"]);
+ $action_id = (int) db_escape_string($this->link, $action["action_id"]);
+ $action_param = db_escape_string($this->link, $action["action_param"]);
+ $action_param_label = db_escape_string($this->link, $action["action_param_label"]);
if ($action_id == 7) {
$action_param = $action_param_label;
@@ -541,13 +560,13 @@ class Pref_Filters extends Handler_Protected {
function index() {
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
- $filter_search = db_escape_string($_REQUEST["search"]);
+ $filter_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@@ -559,7 +578,7 @@ class Pref_Filters extends Handler_Protected {
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
- $filter_search = db_escape_string($_REQUEST["search"]);
+ $filter_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@@ -710,10 +729,8 @@ class Pref_Filters extends Handler_Protected {
print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\">
<label for=\"match_any_rule\">".__('Match any rule')."</label>";
- print "<p/>";
-
-/* print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\">
- <label for=\"inverse\">".__('Inverse match')."</label><hr/>"; */
+ print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\">
+ <label for=\"inverse\">".__('Inverse matching')."</label>";
// print "</div>";
@@ -739,10 +756,12 @@ class Pref_Filters extends Handler_Protected {
$reg_exp = htmlspecialchars($rule["reg_exp"]);
$filter_type = $rule["filter_type"];
$feed_id = $rule["feed_id"];
+ $inverse_checked = isset($rule["inverse"]) ? "checked" : "";
} else {
$reg_exp = "";
$filter_type = 1;
$feed_id = 0;
+ $inverse_checked = "";
}
if (strpos($feed_id, "CAT:") === 0) {
@@ -773,6 +792,11 @@ class Pref_Filters extends Handler_Protected {
style=\"font-size : 16px; width : 20em;\"
name=\"reg_exp\" value=\"$reg_exp\"/>";
+ print "<hr/>";
+ print "<input id=\"filterDlg_inverse\" dojoType=\"dijit.form.CheckBox\"
+ name=\"inverse\" $inverse_checked/>";
+ print "<label for=\"filterDlg_inverse\">".__("Inverse regular expression matching")."</label>";
+
print "<hr/>" . __("on field") . " ";
print_select_hash("filter_type", $filter_type, $filter_types,
'dojoType="dijit.form.Select"');
@@ -806,7 +830,7 @@ class Pref_Filters extends Handler_Protected {
$action = json_decode($_REQUEST["action"], true);
if ($action) {
- $action_param = db_escape_string($action["action_param"]);
+ $action_param = db_escape_string($this->link, $action["action_param"]);
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
@@ -885,6 +909,8 @@ class Pref_Filters extends Handler_Protected {
unset($line["cat_id"]);
}
+ if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]);
+
if ($count < 2) {
array_push($titles, $this->getRuleName($line));
} else {
@@ -914,7 +940,7 @@ class Pref_Filters extends Handler_Protected {
}
function join() {
- $ids = explode(",", db_escape_string($_REQUEST["ids"]));
+ $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
diff --git a/classes/pref/labels.php b/classes/pref/labels.php
index e63a0cfc2..b45354c94 100644
--- a/classes/pref/labels.php
+++ b/classes/pref/labels.php
@@ -8,7 +8,7 @@ class Pref_Labels extends Handler_Protected {
}
function edit() {
- $label_id = db_escape_string($_REQUEST['id']);
+ $label_id = db_escape_string($this->link, $_REQUEST['id']);
$result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
@@ -118,11 +118,11 @@ class Pref_Labels extends Handler_Protected {
}
function colorset() {
- $kind = db_escape_string($_REQUEST["kind"]);
- $ids = split(',', db_escape_string($_REQUEST["ids"]));
- $color = db_escape_string($_REQUEST["color"]);
- $fg = db_escape_string($_REQUEST["fg"]);
- $bg = db_escape_string($_REQUEST["bg"]);
+ $kind = db_escape_string($this->link, $_REQUEST["kind"]);
+ $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"]));
+ $color = db_escape_string($this->link, $_REQUEST["color"]);
+ $fg = db_escape_string($this->link, $_REQUEST["fg"]);
+ $bg = db_escape_string($this->link, $_REQUEST["bg"]);
foreach ($ids as $id) {
@@ -136,7 +136,7 @@ class Pref_Labels extends Handler_Protected {
AND owner_uid = " . $_SESSION["uid"]);
}
- $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
+ $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
@@ -149,14 +149,14 @@ class Pref_Labels extends Handler_Protected {
}
function colorreset() {
- $ids = split(',', db_escape_string($_REQUEST["ids"]));
+ $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
- $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
+ $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
@@ -168,8 +168,8 @@ class Pref_Labels extends Handler_Protected {
function save() {
- $id = db_escape_string($_REQUEST["id"]);
- $caption = db_escape_string(trim($_REQUEST["caption"]));
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
+ $caption = db_escape_string($this->link, trim($_REQUEST["caption"]));
db_query($this->link, "BEGIN");
@@ -190,7 +190,7 @@ class Pref_Labels extends Handler_Protected {
/* Update filters that reference label being renamed */
- $old_caption = db_escape_string($old_caption);
+ $old_caption = db_escape_string($this->link, $old_caption);
db_query($this->link, "UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
@@ -213,7 +213,7 @@ class Pref_Labels extends Handler_Protected {
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove($this->link, $id, $_SESSION["uid"]);
@@ -222,8 +222,8 @@ class Pref_Labels extends Handler_Protected {
}
function add() {
- $caption = db_escape_string($_REQUEST["caption"]);
- $output = db_escape_string($_REQUEST["output"]);
+ $caption = db_escape_string($this->link, $_REQUEST["caption"]);
+ $output = db_escape_string($this->link, $_REQUEST["output"]);
if ($caption) {
@@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected {
function index() {
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
- $label_search = db_escape_string($_REQUEST["search"]);
+ $label_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;
diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php
index 810b1e164..a5a699a67 100644
--- a/classes/pref/prefs.php
+++ b/classes/pref/prefs.php
@@ -42,10 +42,16 @@ class Pref_Prefs extends Handler_Protected {
$_SESSION["prefs_cache"] = false;
+ $boolean_prefs = explode(",", $_POST["boolean_prefs"]);
+
+ foreach ($boolean_prefs as $pref) {
+ if (!isset($_POST[$pref])) $_POST[$pref] = 'false';
+ }
+
foreach (array_keys($_POST) as $pref_name) {
- $pref_name = db_escape_string($pref_name);
- $value = db_escape_string($_POST[$pref_name]);
+ $pref_name = db_escape_string($this->link, $pref_name);
+ $value = db_escape_string($this->link, $_POST[$pref_name]);
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) {
@@ -65,7 +71,7 @@ class Pref_Prefs extends Handler_Protected {
function getHelp() {
- $pref_name = db_escape_string($_REQUEST["pn"]);
+ $pref_name = db_escape_string($this->link, $_REQUEST["pn"]);
$result = db_query($this->link, "SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
@@ -80,8 +86,8 @@ class Pref_Prefs extends Handler_Protected {
function changeemail() {
- $email = db_escape_string($_POST["email"]);
- $full_name = db_escape_string($_POST["full_name"]);
+ $email = db_escape_string($this->link, $_POST["email"]);
+ $full_name = db_escape_string($this->link, $_POST["full_name"]);
$active_uid = $_SESSION["uid"];
@@ -227,7 +233,7 @@ class Pref_Prefs extends Handler_Protected {
</script>";
if ($otp_enabled) {
- print_notice("Changing your current password will disable OTP.");
+ print_notice(__("Changing your current password will disable OTP."));
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
@@ -260,7 +266,7 @@ class Pref_Prefs extends Handler_Protected {
if ($otp_enabled) {
- print_notice("One time passwords are currently enabled. Enter your current password below to disable.");
+ print_notice(__("One time passwords are currently enabled. Enter your current password below to disable."));
print "<form dojoType=\"dijit.form.Form\">";
@@ -395,7 +401,7 @@ class Pref_Prefs extends Handler_Protected {
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) {
- print_notice("Some preferences are only available in default profile.");
+ print_notice(__("Some preferences are only available in default profile."));
}
if ($_SESSION["profile"]) {
@@ -429,6 +435,8 @@ class Pref_Prefs extends Handler_Protected {
$active_section = "";
+ $listed_boolean_prefs = array();
+
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
@@ -463,7 +471,10 @@ class Pref_Prefs extends Handler_Protected {
$def_value = $line["def_value"];
$help_text = $line["help_text"];
- print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
+ print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">";
+ print "<label for='CB_$pref_name'>";
+ print __($line["short_desc"]);
+ print "</label>";
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
@@ -497,21 +508,19 @@ class Pref_Prefs extends Handler_Protected {
} else if ($type_name == "bool") {
- if ($value == "true") {
- $value = __("Yes");
- } else {
- $value = __("No");
- }
+ array_push($listed_boolean_prefs, $pref_name);
+
+ $checked = ($value == "true") ? "checked=\"checked\"" : "";
if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
- $value = __("Yes");
+ $checked = "checked=\"checked\"";
} else {
$disabled = "";
}
- print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")),
- $disabled);
+ print "<input type='checkbox' name='$pref_name' $checked $disabled
+ dojoType='dijit.form.CheckBox' id='CB_$pref_name' value='1'>";
} else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT',
'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
@@ -568,6 +577,10 @@ class Pref_Prefs extends Handler_Protected {
print "</table>";
+ $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs));
+
+ print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">";
+
global $pluginhost;
$pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION,
"hook_prefs_tab_section", "prefPrefsPrefsInside");
@@ -613,7 +626,7 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>".__("Plugins")."</h2>";
- print_notice("You will need to reload Tiny Tiny RSS for plugin changes to take effect.");
+ print_notice(__("You will need to reload Tiny Tiny RSS for plugin changes to take effect."));
print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">";
@@ -785,7 +798,7 @@ class Pref_Prefs extends Handler_Protected {
}
function otpenable() {
- $password = db_escape_string($_REQUEST["password"]);
+ $password = db_escape_string($this->link, $_REQUEST["password"]);
$enable_otp = $_REQUEST["enable_otp"] == "on";
global $pluginhost;
@@ -806,7 +819,7 @@ class Pref_Prefs extends Handler_Protected {
}
function otpdisable() {
- $password = db_escape_string($_REQUEST["password"]);
+ $password = db_escape_string($this->link, $_REQUEST["password"]);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
@@ -833,7 +846,7 @@ class Pref_Prefs extends Handler_Protected {
}
function clearplugindata() {
- $name = db_escape_string($_REQUEST["name"]);
+ $name = db_escape_string($this->link, $_REQUEST["name"]);
global $pluginhost;
$pluginhost->clear_data($pluginhost->get_plugin($name));
diff --git a/classes/pref/users.php b/classes/pref/users.php
index 0d7ca3c6e..4055bca45 100644
--- a/classes/pref/users.php
+++ b/classes/pref/users.php
@@ -116,7 +116,7 @@ class Pref_Users extends Handler_Protected {
header("Content-Type: text/xml");
- $id = db_escape_string($_REQUEST["id"]);
+ $id = db_escape_string($this->link, $_REQUEST["id"]);
print "<dlg id=\"$method\">";
print "<title>".__('User Editor')."</title>";
@@ -199,11 +199,11 @@ class Pref_Users extends Handler_Protected {
}
function editSave() {
- $login = db_escape_string(trim($_REQUEST["login"]));
- $uid = db_escape_string($_REQUEST["id"]);
+ $login = db_escape_string($this->link, trim($_REQUEST["login"]));
+ $uid = db_escape_string($this->link, $_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
- $email = db_escape_string(trim($_REQUEST["email"]));
- $password = db_escape_string(trim($_REQUEST["password"]));
+ $email = db_escape_string($this->link, trim($_REQUEST["email"]));
+ $password = db_escape_string($this->link, trim($_REQUEST["password"]));
if ($password) {
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
@@ -214,13 +214,13 @@ class Pref_Users extends Handler_Protected {
}
db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
- access_level = '$access_level', email = '$email', otp_enabled = 'false'
+ access_level = '$access_level', email = '$email', otp_enabled = false
WHERE id = '$uid'");
}
function remove() {
- $ids = split(",", db_escape_string($_REQUEST["ids"]));
+ $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
@@ -233,7 +233,7 @@ class Pref_Users extends Handler_Protected {
function add() {
- $login = db_escape_string(trim($_REQUEST["login"]));
+ $login = db_escape_string($this->link, trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
@@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected {
}
}
- function resetPass() {
-
- $uid = db_escape_string($_REQUEST["id"]);
+ static function resetUserPassword($link, $uid, $show_password) {
- $result = db_query($this->link, "SELECT login,email
+ $result = db_query($link, "SELECT login,email
FROM ttrss_users WHERE id = '$uid'");
$login = db_fetch_result($result, 0, "login");
@@ -286,18 +284,18 @@ class Pref_Users extends Handler_Protected {
$pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true);
- db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
+ db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt'
WHERE id = '$uid'");
- print T_sprintf("Changed password of user <b>%s</b>
- to <b>%s</b>", $login, $tmp_user_pwd);
+ if ($show_password) {
+ print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd);
+ } else {
+ print T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email);
+ }
- require_once 'lib/phpmailer/class.phpmailer.php';
+ require_once 'classes/ttrssmailer.php';
if ($email) {
- print " ";
- print T_sprintf("Notifying <b>%s</b>.", $email);
-
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator;
@@ -313,35 +311,19 @@ class Pref_Users extends Handler_Protected {
$tpl->generateOutputToString($message);
- $mail = new PHPMailer();
-
- $mail->PluginDir = "lib/phpmailer/";
- $mail->SetLanguage("en", "lib/phpmailer/language/");
-
- $mail->CharSet = "UTF-8";
+ $mail = new ttrssMailer();
- $mail->From = SMTP_FROM_ADDRESS;
- $mail->FromName = SMTP_FROM_NAME;
- $mail->AddAddress($email, $login);
-
- if (SMTP_HOST) {
- $mail->Host = SMTP_HOST;
- $mail->Mailer = "smtp";
- $mail->SMTPAuth = SMTP_LOGIN != '';
- $mail->Username = SMTP_LOGIN;
- $mail->Password = SMTP_PASSWORD;
- }
-
- $mail->IsHTML(false);
- $mail->Subject = __("[tt-rss] Password change notification");
- $mail->Body = $message;
-
- $rc = $mail->Send();
+ $rc = $mail->quickMail($email, $login,
+ __("[tt-rss] Password change notification"),
+ $message, false);
if (!$rc) print_error($mail->ErrorInfo);
}
+ }
- print "</div>";
+ function resetPass() {
+ $uid = db_escape_string($this->link, $_REQUEST["id"]);
+ Pref_Users::resetUserPassword($this->link, $uid, true);
}
function index() {
@@ -353,7 +335,7 @@ class Pref_Users extends Handler_Protected {
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
- $user_search = db_escape_string($_REQUEST["search"]);
+ $user_search = db_escape_string($this->link, $_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
@@ -368,7 +350,7 @@ class Pref_Users extends Handler_Protected {
__('Search')."</button>
</div>";
- $sort = db_escape_string($_REQUEST["sort"]);
+ $sort = db_escape_string($this->link, $_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-18 00:34:52 +0000