diff options
Diffstat (limited to 'classes/pref')
-rw-r--r-- | classes/pref/feeds.php | 106 | ||||
-rw-r--r-- | classes/pref/filters.php | 82 | ||||
-rw-r--r-- | classes/pref/labels.php | 34 | ||||
-rw-r--r-- | classes/pref/prefs.php | 55 | ||||
-rw-r--r-- | classes/pref/users.php | 72 |
5 files changed, 198 insertions, 151 deletions
diff --git a/classes/pref/feeds.php b/classes/pref/feeds.php index bfcc75f0d..ca4ae344f 100644 --- a/classes/pref/feeds.php +++ b/classes/pref/feeds.php @@ -14,8 +14,8 @@ class Pref_Feeds extends Handler_Protected { } function renamecat() { - $title = db_escape_string($_REQUEST['title']); - $id = db_escape_string($_REQUEST['id']); + $title = db_escape_string($this->link, $_REQUEST['title']); + $id = db_escape_string($this->link, $_REQUEST['id']); if ($title) { db_query($this->link, "UPDATE ttrss_feed_categories SET @@ -55,7 +55,7 @@ class Pref_Feeds extends Handler_Protected { $cat['items'] = $this->get_category_items($line['id']); - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($items, $cat); @@ -172,7 +172,7 @@ class Pref_Feeds extends Handler_Protected { $cat['items'] = $this->get_category_items($line['id']); - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($root['items'], $cat); @@ -214,13 +214,13 @@ class Pref_Feeds extends Handler_Protected { array_push($cat['items'], $feed); } - $cat['param'] = T_sprintf('(%d feeds)', count($cat['items'])); + $cat['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); if (count($cat['items']) > 0 || $show_empty_cats) array_push($root['items'], $cat); $root['param'] += count($cat['items']); - $root['param'] = T_sprintf('(%d feeds)', $root['param']); + $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); } else { $feed_result = db_query($this->link, "SELECT id, title, last_error, @@ -245,7 +245,7 @@ class Pref_Feeds extends Handler_Protected { array_push($root['items'], $feed); } - $root['param'] = T_sprintf('(%d feeds)', count($root['items'])); + $root['param'] = vsprintf(ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items'])); } $fl = array(); @@ -293,7 +293,7 @@ class Pref_Feeds extends Handler_Protected { if ($item_id != 'root') { if ($parent_id && $parent_id != 'root') { $parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1); - $parent_qpart = db_escape_string($parent_bare_id); + $parent_qpart = db_escape_string($this->link, $parent_bare_id); } else { $parent_qpart = 'NULL'; } @@ -319,7 +319,7 @@ class Pref_Feeds extends Handler_Protected { if (strpos($id, "FEED") === 0) { $cat_id = ($item_id != "root") ? - db_escape_string($bare_item_id) : "NULL"; + db_escape_string($this->link, $bare_item_id) : "NULL"; $cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" : "cat_id = NULL"; @@ -334,7 +334,7 @@ class Pref_Feeds extends Handler_Protected { $nest_level+1); if ($item_id != 'root') { - $parent_qpart = db_escape_string($bare_id); + $parent_qpart = db_escape_string($this->link, $bare_id); } else { $parent_qpart = 'NULL'; } @@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected { } function removeicon() { - $feed_id = db_escape_string($_REQUEST["feed_id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]); @@ -440,7 +440,7 @@ class Pref_Feeds extends Handler_Protected { header("Content-type: text/html"); $icon_file = $_FILES['icon_file']['tmp_name']; - $feed_id = db_escape_string($_REQUEST["feed_id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]); if (is_file($icon_file) && $feed_id) { if (filesize($icon_file) < 20000) { @@ -472,7 +472,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_id = db_escape_string($_REQUEST["id"]); + $feed_id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND @@ -613,6 +613,18 @@ class Pref_Feeds extends Handler_Protected { name=\"always_display_enclosures\" $checked> <label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>"; + $hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images")); + + if ($hide_images) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } + + print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"hide_images\" + name=\"hide_images\" + $checked> <label for=\"hide_images\">". + __('Do not embed images')."</label>"; $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); @@ -696,7 +708,7 @@ class Pref_Feeds extends Handler_Protected { global $purge_intervals; global $update_intervals; - $feed_ids = db_escape_string($_REQUEST["ids"]); + $feed_ids = db_escape_string($this->link, $_REQUEST["ids"]); print "<div class=\"dialogNotice\">" . __("Enable the options you wish to apply using checkboxes on the right:") . "</div>"; @@ -804,6 +816,14 @@ class Pref_Feeds extends Handler_Protected { print " "; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l"); + print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"hide_images\" + name=\"hide_images\" + dojoType=\"dijit.form.CheckBox\"> <label class='insensitive' id=\"hide_images_l\" + for=\"hide_images\">". + __('Do not embed images')."</label>"; + + print " "; $this->batch_edit_cbox("hide_images", "hide_images_l"); + print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\" name=\"cache_images\" dojoType=\"dijit.form.CheckBox\"> <label class='insensitive' id=\"cache_images_l\" @@ -842,26 +862,27 @@ class Pref_Feeds extends Handler_Protected { function editsaveops($batch) { - $feed_title = db_escape_string(trim($_POST["title"])); - $feed_link = db_escape_string(trim($_POST["feed_url"])); - $upd_intl = (int) db_escape_string($_POST["update_interval"]); - $purge_intl = (int) db_escape_string($_POST["purge_interval"]); - $feed_id = (int) db_escape_string($_POST["id"]); /* editSave */ - $feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */ - $cat_id = (int) db_escape_string($_POST["cat_id"]); - $auth_login = db_escape_string(trim($_POST["auth_login"])); - $auth_pass = db_escape_string(trim($_POST["auth_pass"])); - $private = checkbox_to_sql_bool(db_escape_string($_POST["private"])); + $feed_title = db_escape_string($this->link, trim($_POST["title"])); + $feed_link = db_escape_string($this->link, trim($_POST["feed_url"])); + $upd_intl = (int) db_escape_string($this->link, $_POST["update_interval"]); + $purge_intl = (int) db_escape_string($this->link, $_POST["purge_interval"]); + $feed_id = (int) db_escape_string($this->link, $_POST["id"]); /* editSave */ + $feed_ids = db_escape_string($this->link, $_POST["ids"]); /* batchEditSave */ + $cat_id = (int) db_escape_string($this->link, $_POST["cat_id"]); + $auth_login = db_escape_string($this->link, trim($_POST["auth_login"])); + $auth_pass = db_escape_string($this->link, trim($_POST["auth_pass"])); + $private = checkbox_to_sql_bool(db_escape_string($this->link, $_POST["private"])); $include_in_digest = checkbox_to_sql_bool( - db_escape_string($_POST["include_in_digest"])); + db_escape_string($this->link, $_POST["include_in_digest"])); $cache_images = checkbox_to_sql_bool( - db_escape_string($_POST["cache_images"])); - + db_escape_string($this->link, $_POST["cache_images"])); + $hide_images = checkbox_to_sql_bool( + db_escape_string($this->link, $_POST["hide_images"])); $always_display_enclosures = checkbox_to_sql_bool( - db_escape_string($_POST["always_display_enclosures"])); + db_escape_string($this->link, $_POST["always_display_enclosures"])); $mark_unread_on_update = checkbox_to_sql_bool( - db_escape_string($_POST["mark_unread_on_update"])); + db_escape_string($this->link, $_POST["mark_unread_on_update"])); if (get_pref($this->link, 'ENABLE_FEED_CATS')) { if ($cat_id && $cat_id != 0) { @@ -887,6 +908,7 @@ class Pref_Feeds extends Handler_Protected { auth_pass = '$auth_pass', private = $private, cache_images = $cache_images, + hide_images = $hide_images, include_in_digest = $include_in_digest, always_display_enclosures = $always_display_enclosures, mark_unread_on_update = $mark_unread_on_update @@ -952,6 +974,10 @@ class Pref_Feeds extends Handler_Protected { $qpart = "cache_images = $cache_images"; break; + case "hide_images": + $qpart = "hide_images = $hide_images"; + break; + case "cat_id": $qpart = $category_qpart_nocomma; break; @@ -973,7 +999,7 @@ class Pref_Feeds extends Handler_Protected { function resetPubSub() { - $ids = db_escape_string($_REQUEST["ids"]); + $ids = db_escape_string($this->link, $_REQUEST["ids"]); db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids) AND owner_uid = " . $_SESSION["uid"]); @@ -983,24 +1009,24 @@ class Pref_Feeds extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { - $this->remove_feed($this->link, $id, $_SESSION["uid"]); + Pref_Feeds::remove_feed($this->link, $id, $_SESSION["uid"]); } return; } function clear() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $this->clear_feed_articles($this->link, $id); } function rescore() { require_once "rssfuncs.php"; - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { @@ -1106,9 +1132,9 @@ class Pref_Feeds extends Handler_Protected { } function categorize() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); - $cat_id = db_escape_string($_REQUEST["cat_id"]); + $cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]); if ($cat_id == 0) { $cat_id_qpart = 'NULL'; @@ -1130,14 +1156,14 @@ class Pref_Feeds extends Handler_Protected { } function removeCat() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { $this->remove_feed_category($this->link, $id, $_SESSION["uid"]); } } function addCat() { - $feed_cat = db_escape_string(trim($_REQUEST["cat"])); + $feed_cat = db_escape_string($this->link, trim($_REQUEST["cat"])); add_feed_category($this->link, $feed_cat); } @@ -1179,7 +1205,7 @@ class Pref_Feeds extends Handler_Protected { __("Inactive feeds") . "</button>"; } - $feed_search = db_escape_string($_REQUEST["search"]); + $feed_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_feed_search"] = $feed_search; @@ -1631,7 +1657,7 @@ class Pref_Feeds extends Handler_Protected { ccache_remove($link, $id, $owner_uid, true); } - private function remove_feed($link, $id, $owner_uid) { + static function remove_feed($link, $id, $owner_uid) { if ($id > 0) { diff --git a/classes/pref/filters.php b/classes/pref/filters.php index 74a29c619..883ff0ebd 100644 --- a/classes/pref/filters.php +++ b/classes/pref/filters.php @@ -13,7 +13,10 @@ class Pref_Filters extends Handler_Protected { $filter["enabled"] = true; $filter["match_any_rule"] = sql_bool_to_bool( - checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]))); + checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"]))); + $filter["inverse"] = sql_bool_to_bool( + checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"]))); + $filter["rules"] = array(); $result = db_query($this->link, "SELECT id,name FROM ttrss_filter_types"); @@ -47,7 +50,7 @@ class Pref_Filters extends Handler_Protected { $feed_title = getFeedTitle($this->link, $feed); $qfh_ret = queryFeedHeadlines($this->link, -4, 30, "", false, false, false, - false, "date_entered DESC", 0, $_SESSION["uid"], $filter); + "date_entered DESC", 0, $_SESSION["uid"], $filter); $result = $qfh_ret[0]; @@ -168,7 +171,7 @@ class Pref_Filters extends Handler_Protected { if ($line['action_id'] == 7) { $label_result = db_query($this->link, "SELECT fg_color, bg_color - FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND + FROM ttrss_labels2 WHERE caption = '".db_escape_string($this->link, $line['action_param'])."' AND owner_uid = " . $_SESSION["uid"]); if (db_num_rows($label_result) > 0) { @@ -207,13 +210,14 @@ class Pref_Filters extends Handler_Protected { function edit() { - $filter_id = db_escape_string($_REQUEST["id"]); + $filter_id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); $enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled")); $match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule")); + $inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse")); print "<form id=\"filter_edit_form\" onsubmit='return false'>"; @@ -257,6 +261,7 @@ class Pref_Filters extends Handler_Protected { unset($line["cat_id"]); unset($line["filter_id"]); unset($line["id"]); + if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); $data = htmlspecialchars(json_encode($line)); @@ -330,6 +335,15 @@ class Pref_Filters extends Handler_Protected { print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\" $checked> <label for=\"match_any_rule\">".__('Match any rule')."</label>"; + if ($inverse) { + $checked = "checked=\"1\""; + } else { + $checked = ""; + } + + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked> + <label for=\"inverse\">".__('Inverse matching')."</label>"; + print "<p/>"; print "<div class=\"dlgButtons\">"; @@ -370,9 +384,10 @@ class Pref_Filters extends Handler_Protected { $result = db_query($this->link, "SELECT description FROM ttrss_filter_types WHERE id = ".(int)$rule["filter_type"]); - $match_on = db_fetch_result($result, 0, "description"); + $filter_type = db_fetch_result($result, 0, "description"); - return T_sprintf("%s on %s in %s", $rule["reg_exp"], $match_on, $feed); + return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]), + $filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : ""); } function printRuleName() { @@ -403,12 +418,14 @@ class Pref_Filters extends Handler_Protected { # print_r($_REQUEST); - $filter_id = db_escape_string($_REQUEST["id"]); - $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); - $match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])); + $filter_id = db_escape_string($this->link, $_REQUEST["id"]); + $enabled = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["enabled"])); + $match_any_rule = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["match_any_rule"])); + $inverse = checkbox_to_sql_bool(db_escape_string($this->link, $_REQUEST["inverse"])); $result = db_query($this->link, "UPDATE ttrss_filters2 SET enabled = $enabled, - match_any_rule = $match_any_rule + match_any_rule = $match_any_rule, + inverse = $inverse WHERE id = '$filter_id' AND owner_uid = ". $_SESSION["uid"]); @@ -418,7 +435,7 @@ class Pref_Filters extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { db_query($this->link, "DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); @@ -457,9 +474,11 @@ class Pref_Filters extends Handler_Protected { foreach ($rules as $rule) { if ($rule) { - $reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"]))); - $filter_type = (int) db_escape_string(trim($rule["filter_type"])); - $feed_id = db_escape_string(trim($rule["feed_id"])); + $reg_exp = strip_tags(db_escape_string($this->link, trim($rule["reg_exp"]))); + $inverse = isset($rule["inverse"]) ? "true" : "false"; + + $filter_type = (int) db_escape_string($this->link, trim($rule["filter_type"])); + $feed_id = db_escape_string($this->link, trim($rule["feed_id"])); if (strpos($feed_id, "CAT:") === 0) { @@ -477,8 +496,8 @@ class Pref_Filters extends Handler_Protected { } $query = "INSERT INTO ttrss_filters2_rules - (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter) VALUES - ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter)"; + (filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES + ('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)"; db_query($this->link, $query); } @@ -487,9 +506,9 @@ class Pref_Filters extends Handler_Protected { foreach ($actions as $action) { if ($action) { - $action_id = (int) db_escape_string($action["action_id"]); - $action_param = db_escape_string($action["action_param"]); - $action_param_label = db_escape_string($action["action_param_label"]); + $action_id = (int) db_escape_string($this->link, $action["action_id"]); + $action_param = db_escape_string($this->link, $action["action_param"]); + $action_param_label = db_escape_string($this->link, $action["action_param_label"]); if ($action_id == 7) { $action_param = $action_param_label; @@ -541,13 +560,13 @@ class Pref_Filters extends Handler_Protected { function index() { - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "reg_exp"; } - $filter_search = db_escape_string($_REQUEST["search"]); + $filter_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -559,7 +578,7 @@ class Pref_Filters extends Handler_Protected { print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; - $filter_search = db_escape_string($_REQUEST["search"]); + $filter_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_filter_search"] = $filter_search; @@ -710,10 +729,8 @@ class Pref_Filters extends Handler_Protected { print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"match_any_rule\" id=\"match_any_rule\"> <label for=\"match_any_rule\">".__('Match any rule')."</label>"; - print "<p/>"; - -/* print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\"> - <label for=\"inverse\">".__('Inverse match')."</label><hr/>"; */ + print "<br/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\"> + <label for=\"inverse\">".__('Inverse matching')."</label>"; // print "</div>"; @@ -739,10 +756,12 @@ class Pref_Filters extends Handler_Protected { $reg_exp = htmlspecialchars($rule["reg_exp"]); $filter_type = $rule["filter_type"]; $feed_id = $rule["feed_id"]; + $inverse_checked = isset($rule["inverse"]) ? "checked" : ""; } else { $reg_exp = ""; $filter_type = 1; $feed_id = 0; + $inverse_checked = ""; } if (strpos($feed_id, "CAT:") === 0) { @@ -773,6 +792,11 @@ class Pref_Filters extends Handler_Protected { style=\"font-size : 16px; width : 20em;\" name=\"reg_exp\" value=\"$reg_exp\"/>"; + print "<hr/>"; + print "<input id=\"filterDlg_inverse\" dojoType=\"dijit.form.CheckBox\" + name=\"inverse\" $inverse_checked/>"; + print "<label for=\"filterDlg_inverse\">".__("Inverse regular expression matching")."</label>"; + print "<hr/>" . __("on field") . " "; print_select_hash("filter_type", $filter_type, $filter_types, 'dojoType="dijit.form.Select"'); @@ -806,7 +830,7 @@ class Pref_Filters extends Handler_Protected { $action = json_decode($_REQUEST["action"], true); if ($action) { - $action_param = db_escape_string($action["action_param"]); + $action_param = db_escape_string($this->link, $action["action_param"]); $action_id = (int)$action["action_id"]; } else { $action_param = ""; @@ -885,6 +909,8 @@ class Pref_Filters extends Handler_Protected { unset($line["cat_id"]); } + if (!sql_bool_to_bool($line["inverse"])) unset($line["inverse"]); + if ($count < 2) { array_push($titles, $this->getRuleName($line)); } else { @@ -914,7 +940,7 @@ class Pref_Filters extends Handler_Protected { } function join() { - $ids = explode(",", db_escape_string($_REQUEST["ids"])); + $ids = explode(",", db_escape_string($this->link, $_REQUEST["ids"])); if (count($ids) > 1) { $base_id = array_shift($ids); diff --git a/classes/pref/labels.php b/classes/pref/labels.php index e63a0cfc2..b45354c94 100644 --- a/classes/pref/labels.php +++ b/classes/pref/labels.php @@ -8,7 +8,7 @@ class Pref_Labels extends Handler_Protected { } function edit() { - $label_id = db_escape_string($_REQUEST['id']); + $label_id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); @@ -118,11 +118,11 @@ class Pref_Labels extends Handler_Protected { } function colorset() { - $kind = db_escape_string($_REQUEST["kind"]); - $ids = split(',', db_escape_string($_REQUEST["ids"])); - $color = db_escape_string($_REQUEST["color"]); - $fg = db_escape_string($_REQUEST["fg"]); - $bg = db_escape_string($_REQUEST["bg"]); + $kind = db_escape_string($this->link, $_REQUEST["kind"]); + $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); + $color = db_escape_string($this->link, $_REQUEST["color"]); + $fg = db_escape_string($this->link, $_REQUEST["fg"]); + $bg = db_escape_string($this->link, $_REQUEST["bg"]); foreach ($ids as $id) { @@ -136,7 +136,7 @@ class Pref_Labels extends Handler_Protected { AND owner_uid = " . $_SESSION["uid"]); } - $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); /* Remove cached data */ @@ -149,14 +149,14 @@ class Pref_Labels extends Handler_Protected { } function colorreset() { - $ids = split(',', db_escape_string($_REQUEST["ids"])); + $ids = split(',', db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { db_query($this->link, "UPDATE ttrss_labels2 SET fg_color = '', bg_color = '' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); - $caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"])); + $caption = db_escape_string($this->link, label_find_caption($this->link, $id, $_SESSION["uid"])); /* Remove cached data */ @@ -168,8 +168,8 @@ class Pref_Labels extends Handler_Protected { function save() { - $id = db_escape_string($_REQUEST["id"]); - $caption = db_escape_string(trim($_REQUEST["caption"])); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $caption = db_escape_string($this->link, trim($_REQUEST["caption"])); db_query($this->link, "BEGIN"); @@ -190,7 +190,7 @@ class Pref_Labels extends Handler_Protected { /* Update filters that reference label being renamed */ - $old_caption = db_escape_string($old_caption); + $old_caption = db_escape_string($this->link, $old_caption); db_query($this->link, "UPDATE ttrss_filters2_actions SET action_param = '$caption' WHERE action_param = '$old_caption' @@ -213,7 +213,7 @@ class Pref_Labels extends Handler_Protected { function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { label_remove($this->link, $id, $_SESSION["uid"]); @@ -222,8 +222,8 @@ class Pref_Labels extends Handler_Protected { } function add() { - $caption = db_escape_string($_REQUEST["caption"]); - $output = db_escape_string($_REQUEST["output"]); + $caption = db_escape_string($this->link, $_REQUEST["caption"]); + $output = db_escape_string($this->link, $_REQUEST["output"]); if ($caption) { @@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected { function index() { - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "caption"; } - $label_search = db_escape_string($_REQUEST["search"]); + $label_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_label_search"] = $label_search; diff --git a/classes/pref/prefs.php b/classes/pref/prefs.php index 810b1e164..a5a699a67 100644 --- a/classes/pref/prefs.php +++ b/classes/pref/prefs.php @@ -42,10 +42,16 @@ class Pref_Prefs extends Handler_Protected { $_SESSION["prefs_cache"] = false; + $boolean_prefs = explode(",", $_POST["boolean_prefs"]); + + foreach ($boolean_prefs as $pref) { + if (!isset($_POST[$pref])) $_POST[$pref] = 'false'; + } + foreach (array_keys($_POST) as $pref_name) { - $pref_name = db_escape_string($pref_name); - $value = db_escape_string($_POST[$pref_name]); + $pref_name = db_escape_string($this->link, $pref_name); + $value = db_escape_string($this->link, $_POST[$pref_name]); if ($pref_name == 'DIGEST_PREFERRED_TIME') { if (get_pref($this->link, 'DIGEST_PREFERRED_TIME') != $value) { @@ -65,7 +71,7 @@ class Pref_Prefs extends Handler_Protected { function getHelp() { - $pref_name = db_escape_string($_REQUEST["pn"]); + $pref_name = db_escape_string($this->link, $_REQUEST["pn"]); $result = db_query($this->link, "SELECT help_text FROM ttrss_prefs WHERE pref_name = '$pref_name'"); @@ -80,8 +86,8 @@ class Pref_Prefs extends Handler_Protected { function changeemail() { - $email = db_escape_string($_POST["email"]); - $full_name = db_escape_string($_POST["full_name"]); + $email = db_escape_string($this->link, $_POST["email"]); + $full_name = db_escape_string($this->link, $_POST["full_name"]); $active_uid = $_SESSION["uid"]; @@ -227,7 +233,7 @@ class Pref_Prefs extends Handler_Protected { </script>"; if ($otp_enabled) { - print_notice("Changing your current password will disable OTP."); + print_notice(__("Changing your current password will disable OTP.")); } print "<table width=\"100%\" class=\"prefPrefsList\">"; @@ -260,7 +266,7 @@ class Pref_Prefs extends Handler_Protected { if ($otp_enabled) { - print_notice("One time passwords are currently enabled. Enter your current password below to disable."); + print_notice(__("One time passwords are currently enabled. Enter your current password below to disable.")); print "<form dojoType=\"dijit.form.Form\">"; @@ -395,7 +401,7 @@ class Pref_Prefs extends Handler_Protected { print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">'; if ($_SESSION["profile"]) { - print_notice("Some preferences are only available in default profile."); + print_notice(__("Some preferences are only available in default profile.")); } if ($_SESSION["profile"]) { @@ -429,6 +435,8 @@ class Pref_Prefs extends Handler_Protected { $active_section = ""; + $listed_boolean_prefs = array(); + while ($line = db_fetch_assoc($result)) { if (in_array($line["pref_name"], $prefs_blacklist)) { @@ -463,7 +471,10 @@ class Pref_Prefs extends Handler_Protected { $def_value = $line["def_value"]; $help_text = $line["help_text"]; - print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]); + print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">"; + print "<label for='CB_$pref_name'>"; + print __($line["short_desc"]); + print "</label>"; if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>"; @@ -497,21 +508,19 @@ class Pref_Prefs extends Handler_Protected { } else if ($type_name == "bool") { - if ($value == "true") { - $value = __("Yes"); - } else { - $value = __("No"); - } + array_push($listed_boolean_prefs, $pref_name); + + $checked = ($value == "true") ? "checked=\"checked\"" : ""; if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) { $disabled = "disabled=\"1\""; - $value = __("Yes"); + $checked = "checked=\"checked\""; } else { $disabled = ""; } - print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")), - $disabled); + print "<input type='checkbox' name='$pref_name' $checked $disabled + dojoType='dijit.form.CheckBox' id='CB_$pref_name' value='1'>"; } else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT', 'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) { @@ -568,6 +577,10 @@ class Pref_Prefs extends Handler_Protected { print "</table>"; + $listed_boolean_prefs = htmlspecialchars(join(",", $listed_boolean_prefs)); + + print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"boolean_prefs\" value=\"$listed_boolean_prefs\">"; + global $pluginhost; $pluginhost->run_hooks($pluginhost::HOOK_PREFS_TAB_SECTION, "hook_prefs_tab_section", "prefPrefsPrefsInside"); @@ -613,7 +626,7 @@ class Pref_Prefs extends Handler_Protected { print "<h2>".__("Plugins")."</h2>"; - print_notice("You will need to reload Tiny Tiny RSS for plugin changes to take effect."); + print_notice(__("You will need to reload Tiny Tiny RSS for plugin changes to take effect.")); print "<form dojoType=\"dijit.form.Form\" id=\"changePluginsForm\">"; @@ -785,7 +798,7 @@ class Pref_Prefs extends Handler_Protected { } function otpenable() { - $password = db_escape_string($_REQUEST["password"]); + $password = db_escape_string($this->link, $_REQUEST["password"]); $enable_otp = $_REQUEST["enable_otp"] == "on"; global $pluginhost; @@ -806,7 +819,7 @@ class Pref_Prefs extends Handler_Protected { } function otpdisable() { - $password = db_escape_string($_REQUEST["password"]); + $password = db_escape_string($this->link, $_REQUEST["password"]); global $pluginhost; $authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]); @@ -833,7 +846,7 @@ class Pref_Prefs extends Handler_Protected { } function clearplugindata() { - $name = db_escape_string($_REQUEST["name"]); + $name = db_escape_string($this->link, $_REQUEST["name"]); global $pluginhost; $pluginhost->clear_data($pluginhost->get_plugin($name)); diff --git a/classes/pref/users.php b/classes/pref/users.php index 0d7ca3c6e..4055bca45 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -116,7 +116,7 @@ class Pref_Users extends Handler_Protected { header("Content-Type: text/xml"); - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); print "<dlg id=\"$method\">"; print "<title>".__('User Editor')."</title>"; @@ -199,11 +199,11 @@ class Pref_Users extends Handler_Protected { } function editSave() { - $login = db_escape_string(trim($_REQUEST["login"])); - $uid = db_escape_string($_REQUEST["id"]); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); + $uid = db_escape_string($this->link, $_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; - $email = db_escape_string(trim($_REQUEST["email"])); - $password = db_escape_string(trim($_REQUEST["password"])); + $email = db_escape_string($this->link, trim($_REQUEST["email"])); + $password = db_escape_string($this->link, trim($_REQUEST["password"])); if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); @@ -214,13 +214,13 @@ class Pref_Users extends Handler_Protected { } db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login', - access_level = '$access_level', email = '$email', otp_enabled = 'false' + access_level = '$access_level', email = '$email', otp_enabled = false WHERE id = '$uid'"); } function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { @@ -233,7 +233,7 @@ class Pref_Users extends Handler_Protected { function add() { - $login = db_escape_string(trim($_REQUEST["login"])); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); @@ -270,11 +270,9 @@ class Pref_Users extends Handler_Protected { } } - function resetPass() { - - $uid = db_escape_string($_REQUEST["id"]); + static function resetUserPassword($link, $uid, $show_password) { - $result = db_query($this->link, "SELECT login,email + $result = db_query($link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); $login = db_fetch_result($result, 0, "login"); @@ -286,18 +284,18 @@ class Pref_Users extends Handler_Protected { $pwd_hash = encrypt_password($tmp_user_pwd, $new_salt, true); - db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' + db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash', salt = '$new_salt' WHERE id = '$uid'"); - print T_sprintf("Changed password of user <b>%s</b> - to <b>%s</b>", $login, $tmp_user_pwd); + if ($show_password) { + print T_sprintf("Changed password of user <b>%s</b> to <b>%s</b>", $login, $tmp_user_pwd); + } else { + print T_sprintf("Sending new password of user <b>%s</b> to <b>%s</b>", $login, $email); + } - require_once 'lib/phpmailer/class.phpmailer.php'; + require_once 'classes/ttrssmailer.php'; if ($email) { - print " "; - print T_sprintf("Notifying <b>%s</b>.", $email); - require_once "lib/MiniTemplator.class.php"; $tpl = new MiniTemplator; @@ -313,35 +311,19 @@ class Pref_Users extends Handler_Protected { $tpl->generateOutputToString($message); - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; + $mail = new ttrssMailer(); - $mail->From = SMTP_FROM_ADDRESS; - $mail->FromName = SMTP_FROM_NAME; - $mail->AddAddress($email, $login); - - if (SMTP_HOST) { - $mail->Host = SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->SMTPAuth = SMTP_LOGIN != ''; - $mail->Username = SMTP_LOGIN; - $mail->Password = SMTP_PASSWORD; - } - - $mail->IsHTML(false); - $mail->Subject = __("[tt-rss] Password change notification"); - $mail->Body = $message; - - $rc = $mail->Send(); + $rc = $mail->quickMail($email, $login, + __("[tt-rss] Password change notification"), + $message, false); if (!$rc) print_error($mail->ErrorInfo); } + } - print "</div>"; + function resetPass() { + $uid = db_escape_string($this->link, $_REQUEST["id"]); + Pref_Users::resetUserPassword($this->link, $uid, true); } function index() { @@ -353,7 +335,7 @@ class Pref_Users extends Handler_Protected { print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">"; - $user_search = db_escape_string($_REQUEST["search"]); + $user_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; @@ -368,7 +350,7 @@ class Pref_Users extends Handler_Protected { __('Search')."</button> </div>"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; |