summaryrefslogtreecommitdiff
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/controls.php170
-rw-r--r--include/feedbrowser.php32
-rw-r--r--include/functions.php439
-rw-r--r--include/login_form.php93
-rwxr-xr-xinclude/sanity_check.php16
-rw-r--r--include/sessions.php59
-rw-r--r--include/version.php2
7 files changed, 329 insertions, 482 deletions
diff --git a/include/controls.php b/include/controls.php
index c3dbbfe18..931ccdd52 100644
--- a/include/controls.php
+++ b/include/controls.php
@@ -72,7 +72,9 @@ function print_radio($id, $default, $true_is, $values, $attributes = "") {
function print_feed_multi_select($id, $default_ids = [],
$attributes = "", $include_all_feeds = true,
- $root_id = false, $nest_level = 0) {
+ $root_id = null, $nest_level = 0) {
+
+ $pdo = DB::pdo();
print_r(in_array("CAT:6",$default_ids));
@@ -86,18 +88,18 @@ function print_feed_multi_select($id, $default_ids = [],
if (get_pref('ENABLE_FEED_CATS')) {
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
+ if (!$root_id) $root_id = null;
- $result = db_query("SELECT id,title,
+ $sth = $pdo->prepare("SELECT id,title,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
+ WHERE owner_uid = :uid AND
+ (parent_cat = :root_id OR (:root_id IS NULL AND parent_cat IS NULL)) ORDER BY title");
+
+ $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
for ($i = 0; $i < $nest_level; $i++)
$line["title"] = " - " . $line["title"];
@@ -111,10 +113,12 @@ function print_feed_multi_select($id, $default_ids = [],
print_feed_multi_select($id, $default_ids, $attributes,
$include_all_feeds, $line["id"], $nest_level+1);
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id = '".$line["id"]."' AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id = ? AND owner_uid = ? ORDER BY title");
- while ($fline = db_fetch_assoc($feed_result)) {
+ $f_sth->execute([$line['id'], $_SESSION['uid']]);
+
+ while ($fline = $f_sth->fetch()) {
$is_selected = (in_array($fline["id"], $default_ids)) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
@@ -133,10 +137,11 @@ function print_feed_multi_select($id, $default_ids = [],
printf("<option $is_selected value='CAT:0'>%s</option>",
__("Uncategorized"));
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
+ $f_sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE cat_id IS NULL AND owner_uid = ? ORDER BY title");
+ $f_sth->execute([$_SESSION['uid']]);
- while ($fline = db_fetch_assoc($feed_result)) {
+ while ($fline = $f_sth->fetch()) {
$is_selected = in_array($fline["id"], $default_ids) ? "selected=\"1\"" : "";
$fline["title"] = " + " . $fline["title"];
@@ -150,10 +155,11 @@ function print_feed_multi_select($id, $default_ids = [],
}
} else {
- $result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
+ $sth = $pdo->prepare("SELECT id,title FROM ttrss_feeds
+ WHERE owner_uid = ? ORDER BY title");
+ $sth->execute([$_SESSION['uid']]);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$is_selected = (in_array($line["id"], $default_ids)) ? "selected=\"1\"" : "";
@@ -167,122 +173,30 @@ function print_feed_multi_select($id, $default_ids = [],
}
}
-
-/*function print_feed_select($id, $default_id = "",
- $attributes = "", $include_all_feeds = true,
- $root_id = false, $nest_level = 0) {
+function print_feed_cat_select($id, $default_id,
+ $attributes, $include_all_cats = true, $root_id = null, $nest_level = 0) {
if (!$root_id) {
- print "<select id=\"$id\" name=\"$id\" $attributes>";
- if ($include_all_feeds) {
- $is_selected = ("0" == $default_id) ? "selected=\"1\"" : "";
- print "<option $is_selected value=\"0\">".__('All feeds')."</option>";
- }
+ print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" $attributes>";
}
- if (get_pref('ENABLE_FEED_CATS')) {
+ $pdo = DB::pdo();
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
+ if (!$root_id) $root_id = null;
- $result = db_query("SELECT id,title,
+ $sth = $pdo->prepare("SELECT id,title,
(SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
c2.parent_cat = ttrss_feed_categories.id) AS num_children
FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
-
- for ($i = 0; $i < $nest_level; $i++)
- $line["title"] = " - " . $line["title"];
-
- $is_selected = ("CAT:".$line["id"] == $default_id) ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='CAT:%d'>%s</option>",
- $line["id"], htmlspecialchars($line["title"]));
-
- if ($line["num_children"] > 0)
- print_feed_select($id, $default_id, $attributes,
- $include_all_feeds, $line["id"], $nest_level+1);
-
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id = '".$line["id"]."' AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
-
- while ($fline = db_fetch_assoc($feed_result)) {
- $is_selected = ($fline["id"] == $default_id) ? "selected=\"1\"" : "";
-
- $fline["title"] = " + " . $fline["title"];
-
- for ($i = 0; $i < $nest_level; $i++)
- $fline["title"] = " - " . $fline["title"];
-
- printf("<option $is_selected value='%d'>%s</option>",
- $fline["id"], htmlspecialchars($fline["title"]));
- }
- }
-
- if (!$root_id) {
- $default_is_cat = ($default_id == "CAT:0");
- $is_selected = $default_is_cat ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='CAT:0'>%s</option>",
- __("Uncategorized"));
-
- $feed_result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"] . " ORDER BY title");
-
- while ($fline = db_fetch_assoc($feed_result)) {
- $is_selected = ($fline["id"] == $default_id && !$default_is_cat) ? "selected=\"1\"" : "";
-
- $fline["title"] = " + " . $fline["title"];
-
- for ($i = 0; $i < $nest_level; $i++)
- $fline["title"] = " - " . $fline["title"];
+ WHERE owner_uid = :uid AND
+ (parent_cat = :root_id OR (:root_id IS NULL AND parent_cat IS NULL)) ORDER BY title");
+ $sth->execute([":uid" => $_SESSION['uid'], ":root_id" => $root_id]);
- printf("<option $is_selected value='%d'>%s</option>",
- $fline["id"], htmlspecialchars($fline["title"]));
- }
- }
-
- } else {
- $result = db_query("SELECT id,title FROM ttrss_feeds
- WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
-
- $is_selected = ($line["id"] == $default_id) ? "selected=\"1\"" : "";
-
- printf("<option $is_selected value='%d'>%s</option>",
- $line["id"], htmlspecialchars($line["title"]));
- }
- }
+ $found = 0;
- if (!$root_id) {
- print "</select>";
- }
-}*/
+ while ($line = $sth->fetch()) {
+ ++$found;
-function print_feed_cat_select($id, $default_id,
- $attributes, $include_all_cats = true, $root_id = false, $nest_level = 0) {
-
- if (!$root_id) {
- print "<select id=\"$id\" name=\"$id\" default=\"$default_id\" $attributes>";
- }
-
- if ($root_id)
- $parent_qpart = "parent_cat = '$root_id'";
- else
- $parent_qpart = "parent_cat IS NULL";
-
- $result = db_query("SELECT id,title,
- (SELECT COUNT(id) FROM ttrss_feed_categories AS c2 WHERE
- c2.parent_cat = ttrss_feed_categories.id) AS num_children
- FROM ttrss_feed_categories
- WHERE owner_uid = ".$_SESSION["uid"]." AND $parent_qpart ORDER BY title");
-
- while ($line = db_fetch_assoc($result)) {
if ($line["id"] == $default_id) {
$is_selected = "selected=\"1\"";
} else {
@@ -303,7 +217,7 @@ function print_feed_cat_select($id, $default_id,
if (!$root_id) {
if ($include_all_cats) {
- if (db_num_rows($result) > 0) {
+ if ($found > 0) {
print "<option disabled=\"1\">--------</option>";
}
@@ -401,13 +315,16 @@ function format_inline_player($url, $ctype) {
function print_label_select($name, $value, $attributes = "") {
- $result = db_query("SELECT caption FROM ttrss_labels2
- WHERE owner_uid = '".$_SESSION["uid"]."' ORDER BY caption");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT caption FROM ttrss_labels2
+ WHERE owner_uid = ? ORDER BY caption");
+ $sth->execute([$_SESSION['uid']]);
print "<select default=\"$value\" name=\"" . htmlspecialchars($name) .
"\" $attributes>";
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$issel = ($line["caption"] == $value) ? "selected=\"1\"" : "";
@@ -421,5 +338,4 @@ function print_label_select($name, $value, $attributes = "") {
print "</select>";
-}
-
+} \ No newline at end of file
diff --git a/include/feedbrowser.php b/include/feedbrowser.php
index b70e47fdf..a5a9f3dca 100644
--- a/include/feedbrowser.php
+++ b/include/feedbrowser.php
@@ -3,34 +3,32 @@
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
- $owner_uid = $_SESSION["uid"];
$rv = '';
+ $pdo = Db::pdo();
+
if ($search) {
- $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
+ $search = $pdo->quote($search);
+
+ $search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
UPPER(title) LIKE UPPER('%$search%'))";
} else {
$search_qpart = "";
}
if ($mode == 1) {
- /* $result = db_query("SELECT feed_url, subscribers FROM
- ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
- WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
- AND owner_uid = '$owner_uid') $search_qpart
- ORDER BY subscribers DESC LIMIT $limit"); */
-
- $result = db_query("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
+ $sth = $pdo->prepare("SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
WHERE
(SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = qqq.feed_url
- AND owner_uid = '$owner_uid') $search_qpart
- GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
+ AND owner_uid = ?) $search_qpart
+ GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT ?");
+ $sth->execute([$_SESSION['uid'], $limit]);
} else if ($mode == 2) {
- $result = db_query("SELECT *,
+ $sth = $pdo->prepare("SELECT *,
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
FROM
@@ -38,14 +36,16 @@
WHERE
(SELECT COUNT(*) FROM ttrss_feeds
WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
- owner_uid = '$owner_uid') = 0 AND
- owner_uid = '$owner_uid' $search_qpart
- ORDER BY id DESC LIMIT $limit");
+ owner_uid = :uid) = 0 AND
+ owner_uid = :uid $search_qpart
+ ORDER BY id DESC LIMIT :limit");
+
+ $sth->execute([":uid" => $_SESSION['uid'], ":limit" => $limit]);
}
$feedctr = 0;
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if ($mode == 1) {
diff --git a/include/functions.php b/include/functions.php
index 5667ac416..e1e63c2a3 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -226,15 +226,15 @@
if (!$purge_interval) $purge_interval = feed_purge_interval($feed_id);
- $rows = -1;
+ $pdo = Db::pdo();
- $result = db_query(
- "SELECT owner_uid FROM ttrss_feeds WHERE id = '$feed_id'");
+ $sth = $pdo->prepare("SELECT owner_uid FROM ttrss_feeds WHERE id = ?");
+ $sth->execute([$feed_id]);
$owner_uid = false;
- if (db_num_rows($result) == 1) {
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
+ $owner_uid = $row["owner_uid"];
}
if ($purge_interval == -1 || !$purge_interval) {
@@ -254,34 +254,36 @@
$purge_interval = FORCE_ARTICLE_PURGE;
}
- if (!$purge_unread) $query_limit = " unread = false AND ";
+ if (!$purge_unread)
+ $query_limit = " unread = false AND ";
+ else
+ $query_limit = "";
+
+ $purge_interval = (int) $purge_interval;
if (DB_TYPE == "pgsql") {
- $result = db_query("DELETE FROM ttrss_user_entries
+ $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_entries
WHERE ttrss_entries.id = ref_id AND
marked = false AND
- feed_id = '$feed_id' AND
+ feed_id = ? AND
$query_limit
ttrss_entries.date_updated < NOW() - INTERVAL '$purge_interval days'");
+ $sth->execute([$feed_id]);
} else {
-
-/* $result = db_query("DELETE FROM ttrss_user_entries WHERE
- marked = false AND feed_id = '$feed_id' AND
- (SELECT date_updated FROM ttrss_entries WHERE
- id = ref_id) < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)"); */
-
- $result = db_query("DELETE FROM ttrss_user_entries
+ $sth = $pdo->prepare("DELETE FROM ttrss_user_entries
USING ttrss_user_entries, ttrss_entries
WHERE ttrss_entries.id = ref_id AND
marked = false AND
- feed_id = '$feed_id' AND
+ feed_id = ? AND
$query_limit
ttrss_entries.date_updated < DATE_SUB(NOW(), INTERVAL $purge_interval DAY)");
+ $sth->execute([$feed_id]);
+
}
- $rows = db_affected_rows($result);
+ $rows = $sth->rowCount();
CCache::update($feed_id, $owner_uid);
@@ -294,12 +296,15 @@
function feed_purge_interval($feed_id) {
- $result = db_query("SELECT purge_interval, owner_uid FROM ttrss_feeds
- WHERE id = '$feed_id'");
+ $pdo = DB::pdo();
+
+ $sth = $pdo->prepare("SELECT purge_interval, owner_uid FROM ttrss_feeds
+ WHERE id = ?");
+ $sth->execute([$feed_id]);
- if (db_num_rows($result) == 1) {
- $purge_interval = db_fetch_result($result, 0, "purge_interval");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
+ if ($row = $sth->fetch()) {
+ $purge_interval = $row["purge_interval"];
+ $owner_uid = $row["owner_uid"];
if ($purge_interval == 0) $purge_interval = get_pref(
'PURGE_OLD_DAYS', $owner_uid);
@@ -311,25 +316,6 @@
}
}
- /*function get_feed_update_interval($feed_id) {
- $result = db_query("SELECT owner_uid, update_interval FROM
- ttrss_feeds WHERE id = '$feed_id'");
-
- if (db_num_rows($result) == 1) {
- $update_interval = db_fetch_result($result, 0, "update_interval");
- $owner_uid = db_fetch_result($result, 0, "owner_uid");
-
- if ($update_interval != 0) {
- return $update_interval;
- } else {
- return get_pref('DEFAULT_UPDATE_INTERVAL', $owner_uid, false);
- }
-
- } else {
- return -1;
- }
- }*/
-
// TODO: multiple-argument way is deprecated, first parameter is a hash now
function fetch_file_contents($options /* previously: 0: $url , 1: $type = false, 2: $login = false, 3: $pass = false,
4: $post_query = false, 5: $timeout = false, 6: $timestamp = 0, 7: $useragent = false*/) {
@@ -603,52 +589,53 @@
function initialize_user_prefs($uid, $profile = false) {
- $uid = db_escape_string($uid);
+ if (get_schema_version() < 63) $profile_qpart = "";
- if (!$profile) {
- $profile = "NULL";
- $profile_qpart = "AND profile IS NULL";
- } else {
- $profile_qpart = "AND profile = '$profile'";
- }
+ $pdo = DB::pdo();
+ $in_nested_tr = false;
- if (get_schema_version() < 63) $profile_qpart = "";
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $in_nested_tr = true;
+ }
- db_query("BEGIN");
+ $sth = $pdo->query("SELECT pref_name,def_value FROM ttrss_prefs");
- $result = db_query("SELECT pref_name,def_value FROM ttrss_prefs");
+ $profile = $profile ? $profile : null;
- $u_result = db_query("SELECT pref_name
- FROM ttrss_user_prefs WHERE owner_uid = '$uid' $profile_qpart");
+ $u_sth = $pdo->prepare("SELECT pref_name
+ FROM ttrss_user_prefs WHERE owner_uid = :uid AND
+ (profile = :profile OR (:profile IS NULL AND profile IS NULL))");
+ $u_sth->execute([':uid' => $uid, ':profile' => $profile]);
$active_prefs = array();
- while ($line = db_fetch_assoc($u_result)) {
+ while ($line = $u_sth->fetch()) {
array_push($active_prefs, $line["pref_name"]);
}
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>";
- $line["def_value"] = db_escape_string($line["def_value"]);
- $line["pref_name"] = db_escape_string($line["pref_name"]);
-
if (get_schema_version() < 63) {
- db_query("INSERT INTO ttrss_user_prefs
+ $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value) VALUES
- ('$uid', '".$line["pref_name"]."','".$line["def_value"]."')");
+ (?, ?, ?)");
+ $i_sth->execute([$uid, $line["pref_name"], $line["def_value"]]);
} else {
- db_query("INSERT INTO ttrss_user_prefs
+ $i_sth = $pdo->prepare("INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value, profile) VALUES
- ('$uid', '".$line["pref_name"]."','".$line["def_value"]."', $profile)");
+ (?, ?, ?, ?)");
+ $i_sth->execute([$uid, $line["pref_name"], $line["def_value"], $profile]);
}
}
}
- db_query("COMMIT");
+ if (!$in_nested_tr) $pdo->commit();
}
@@ -689,19 +676,22 @@
$_SESSION["uid"] = $user_id;
$_SESSION["version"] = VERSION_STATIC;
- $result = db_query("SELECT login,access_level,pwd_hash FROM ttrss_users
- WHERE id = '$user_id'");
+ $pdo = DB::pdo();
+ $sth = $pdo->prepare("SELECT login,access_level,pwd_hash FROM ttrss_users
+ WHERE id = ?");
+ $sth->execute([$user_id]);
+ $row = $sth->fetch();
- $_SESSION["name"] = db_fetch_result($result, 0, "login");
- $_SESSION["access_level"] = db_fetch_result($result, 0, "access_level");
+ $_SESSION["name"] = $row["login"];
+ $_SESSION["access_level"] = $row["access_level"];
$_SESSION["csrf_token"] = uniqid_short();
- db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
- $_SESSION["uid"]);
+ $usth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $usth->execute([$user_id]);
$_SESSION["ip_address"] = $_SERVER["REMOTE_ADDR"];
$_SESSION["user_agent"] = sha1($_SERVER['HTTP_USER_AGENT']);
- $_SESSION["pwd_hash"] = db_fetch_result($result, 0, "pwd_hash");
+ $_SESSION["pwd_hash"] = $row["pwd_hash"];
$_SESSION["last_version_check"] = time();
@@ -735,6 +725,17 @@
}
}
+ // this is used for user http parameters unless HTML code is actually needed
+ function clean($param) {
+ if (is_array($param)) {
+ return array_map(strip_tags, $param);
+ } else if (is_string($param)) {
+ return strip_tags($param);
+ } else {
+ return $param;
+ }
+ }
+
function make_password($length = 8) {
$password = "";
@@ -760,9 +761,12 @@
function initialize_user($uid) {
- db_query("insert into ttrss_feeds (owner_uid,title,feed_url)
- values ('$uid', 'Tiny Tiny RSS: Forum',
+ $pdo = DB::pdo();
+
+ $sth = $pdo->prepare("insert into ttrss_feeds (owner_uid,title,feed_url)
+ values (?, 'Tiny Tiny RSS: Forum',
'http://tt-rss.org/forum/rss.php')");
+ $sth->execute([$uid]);
}
function logout_user() {
@@ -792,6 +796,8 @@
}
function login_sequence() {
+ $pdo = Db::pdo();
+
if (SINGLE_USER_MODE) {
@session_start();
authenticate_user("admin", null);
@@ -818,8 +824,9 @@
} else {
/* bump login timestamp */
- db_query("UPDATE ttrss_users SET last_login = NOW() WHERE id = " .
- $_SESSION["uid"]);
+ $sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
+
$_SESSION["last_login_update"] = time();
}
@@ -829,16 +836,19 @@
/* cleanup ccache */
- db_query("DELETE FROM ttrss_counters_cache WHERE owner_uid = ".
- $_SESSION["uid"] . " AND
+ $sth = $pdo->prepare("DELETE FROM ttrss_counters_cache WHERE owner_uid = ?
+ AND
(SELECT COUNT(id) FROM ttrss_feeds WHERE
ttrss_feeds.id = feed_id) = 0");
- db_query("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ".
- $_SESSION["uid"] . " AND
+ $sth->execute([$_SESSION['uid']]);
+
+ $sth = $pdo->prepare("DELETE FROM ttrss_cat_counters_cache WHERE owner_uid = ?
+ AND
(SELECT COUNT(id) FROM ttrss_feed_categories WHERE
ttrss_feed_categories.id = feed_id) = 0");
+ $sth->execute([$_SESSION['uid']]);
}
}
@@ -942,19 +952,11 @@
}
function sql_bool_to_bool($s) {
- if ($s == "t" || $s == "1" || strtolower($s) == "true") {
- return true;
- } else {
- return false;
- }
+ return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer
}
function bool_to_sql_bool($s) {
- if ($s) {
- return "true";
- } else {
- return "false";
- }
+ return $s ? 1 : 0;
}
// Session caching removed due to causing wrong redirects to upgrade
@@ -963,9 +965,11 @@
function get_schema_version($nocache = false) {
global $schema_version;
+ $pdo = DB::pdo();
+
if (!$schema_version && !$nocache) {
- $result = db_query("SELECT schema_version FROM ttrss_version");
- $version = db_fetch_result($result, 0, "schema_version");
+ $row = $pdo->query("SELECT schema_version FROM ttrss_version")->fetch();
+ $version = $row["schema_version"];
$schema_version = $version;
return $version;
} else {
@@ -984,17 +988,6 @@
$error_code = 5;
}
- if (DB_TYPE == "mysql") {
- $result = db_query("SELECT true", false);
- if (db_num_rows($result) != 1) {
- $error_code = 10;
- }
- }
-
- if (db_escape_string("testTEST") != "testTEST") {
- $error_code = 12;
- }
-
return array("code" => $error_code, "message" => $ERRORS[$error_code]);
}
@@ -1070,36 +1063,9 @@
return Feeds::getFeedArticles($feed, $is_cat, true, $_SESSION["uid"]);
}
-
- /*function get_pgsql_version() {
- $result = db_query("SELECT version() AS version");
- $version = explode(" ", db_fetch_result($result, 0, "version"));
- return $version[1];
- }*/
-
function checkbox_to_sql_bool($val) {
- return ($val == "on") ? "true" : "false";
- }
-
- /*function getFeedCatTitle($id) {
- if ($id == -1) {
- return __("Special");
- } else if ($id < LABEL_BASE_INDEX) {
- return __("Labels");
- } else if ($id > 0) {
- $result = db_query("SELECT ttrss_feed_categories.title
- FROM ttrss_feeds, ttrss_feed_categories WHERE ttrss_feeds.id = '$id' AND
- cat_id = ttrss_feed_categories.id");
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "title");
- } else {
- return __("Uncategorized");
- }
- } else {
- return "getFeedCatTitle($id) failed";
- }
-
- }*/
+ return ($val == "on") ? 1 : 0;
+ }
function uniqid_short() {
return uniqid(base_convert(rand(), 10, 36));
@@ -1122,6 +1088,7 @@
$params["default_view_limit"] = (int) get_pref("_DEFAULT_VIEW_LIMIT");
$params["default_view_order_by"] = get_pref("_DEFAULT_VIEW_ORDER_BY");
$params["bw_limit"] = (int) $_SESSION["bw_limit"];
+ $params["is_default_pw"] = Pref_Prefs::isdefaultpassword();
$params["label_base_index"] = (int) LABEL_BASE_INDEX;
$theme = get_pref( "USER_CSS_THEME", false, false);
@@ -1134,11 +1101,15 @@
$params["sanity_checksum"] = sha1(file_get_contents("include/sanity_check.php"));
- $result = db_query("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
+ $pdo = Db::pdo();
- $max_feed_id = db_fetch_result($result, 0, "mid");
- $num_feeds = db_fetch_result($result, 0, "nf");
+ $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
+
+ $max_feed_id = $row["mid"];
+ $num_feeds = $row["nf"];
$params["max_feed_id"] = (int) $max_feed_id;
$params["num_feeds"] = (int) $num_feeds;
@@ -1339,11 +1310,15 @@
function make_runtime_info($disable_update_check = false) {
$data = array();
- $result = db_query("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
- ttrss_feeds WHERE owner_uid = " . $_SESSION["uid"]);
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT MAX(id) AS mid, COUNT(*) AS nf FROM
+ ttrss_feeds WHERE owner_uid = ?");
+ $sth->execute([$_SESSION['uid']]);
+ $row = $sth->fetch();
- $max_feed_id = db_fetch_result($result, 0, "mid");
- $num_feeds = db_fetch_result($result, 0, "nf");
+ $max_feed_id = $row['mid'];
+ $num_feeds = $row['nf'];
$data["max_feed_id"] = (int) $max_feed_id;
$data["num_feeds"] = (int) $num_feeds;
@@ -1401,8 +1376,10 @@
$search_words = array();
$search_query_leftover = array();
+ $pdo = Db::pdo();
+
if ($search_language)
- $search_language = db_escape_string(mb_strtolower($search_language));
+ $search_language = $pdo->quote(mb_strtolower($search_language));
else
$search_language = "english";
@@ -1419,21 +1396,21 @@
switch ($commandpair[0]) {
case "title":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(ttrss_entries.title) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%') ."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
case "author":
if ($commandpair[1]) {
- array_push($query_keywords, "($not (LOWER(author) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(author) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
array_push($search_words, $k);
}
break;
@@ -1444,11 +1421,11 @@
else if ($commandpair[1] == "false")
array_push($query_keywords, "($not (note IS NULL OR note = ''))");
else
- array_push($query_keywords, "($not (LOWER(note) LIKE '%".
- db_escape_string(mb_strtolower($commandpair[1]))."%'))");
+ array_push($query_keywords, "($not (LOWER(note) LIKE ".
+ $pdo->quote('%' . mb_strtolower($commandpair[1]) . '%')."))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
@@ -1460,8 +1437,8 @@
else
array_push($query_keywords, "($not (marked = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
@@ -1474,7 +1451,7 @@
} else {
array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
@@ -1486,8 +1463,8 @@
array_push($query_keywords, "($not (unread = false))");
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
if (!$not) array_push($search_words, $k);
}
break;
@@ -1507,8 +1484,8 @@
$k = mb_strtolower($k);
array_push($search_query_leftover, $not ? "!$k" : $k);
} else {
- array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER('%$k%')
- OR UPPER(ttrss_entries.content) $not LIKE UPPER('%$k%'))");
+ array_push($query_keywords, "(UPPER(ttrss_entries.title) $not LIKE UPPER(".$pdo->quote("%$k%").")
+ OR UPPER(ttrss_entries.content) $not LIKE UPPER(".$pdo->quote("%$k%")."))");
}
if (!$not) array_push($search_words, $k);
@@ -1517,11 +1494,11 @@
}
if (count($search_query_leftover) > 0) {
- $search_query_leftover = db_escape_string(implode(" & ", $search_query_leftover));
+ $search_query_leftover = $pdo->quote(implode(" & ", $search_query_leftover));
if (DB_TYPE == "pgsql") {
array_push($query_keywords,
- "(tsvector_combined @@ to_tsquery('$search_language', '$search_query_leftover'))");
+ "(tsvector_combined @@ to_tsquery($search_language, $search_query_leftover))");
}
}
@@ -1846,6 +1823,7 @@
function load_filters($feed_id, $owner_uid) {
$filters = array();
+ $feed_id = (int) $feed_id;
$cat_id = (int)Feeds::getFeedCategory($feed_id);
if ($cat_id == 0)
@@ -1853,8 +1831,11 @@
else
$null_cat_qpart = "";
- $result = db_query("SELECT * FROM ttrss_filters2 WHERE
- owner_uid = $owner_uid AND enabled = true ORDER BY order_id, title");
+ $pdo = Db::pdo();
+
+ $sth = $pdo->prepare("SELECT * FROM ttrss_filters2 WHERE
+ owner_uid = ? AND enabled = true ORDER BY order_id, title");
+ $sth->execute([$owner_uid]);
$check_cats = array_merge(
Feeds::getParentCategories($cat_id, $owner_uid),
@@ -1863,25 +1844,26 @@
$check_cats_str = join(",", $check_cats);
$check_cats_fullids = array_map(function($a) { return "CAT:$a"; }, $check_cats);
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
$filter_id = $line["id"];
$match_any_rule = sql_bool_to_bool($line["match_any_rule"]);
- $result2 = db_query("SELECT
+ $sth2 = $pdo->prepare("SELECT
r.reg_exp, r.inverse, r.feed_id, r.cat_id, r.cat_filter, r.match_on, t.name AS type_name
FROM ttrss_filters2_rules AS r,
ttrss_filter_types AS t
WHERE
(match_on IS NOT NULL OR
(($null_cat_qpart (cat_id IS NULL AND cat_filter = false) OR cat_id IN ($check_cats_str)) AND
- (feed_id IS NULL OR feed_id = '$feed_id'))) AND
- filter_type = t.id AND filter_id = '$filter_id'");
+ (feed_id IS NULL OR feed_id = ?))) AND
+ filter_type = t.id AND filter_id = ?");
+ $sth2->execute([$feed_id, $filter_id]);
$rules = array();
$actions = array();
- while ($rule_line = db_fetch_assoc($result2)) {
+ while ($rule_line = $sth2->fetch()) {
# print_r($rule_line);
if ($rule_line["match_on"]) {
@@ -1915,13 +1897,14 @@
}
if (count($rules) > 0) {
- $result2 = db_query("SELECT a.action_param,t.name AS type_name
+ $sth2 = $pdo->prepare("SELECT a.action_param,t.name AS type_name
FROM ttrss_filters2_actions AS a,
ttrss_filter_actions AS t
WHERE
- action_id = t.id AND filter_id = '$filter_id'");
+ action_id = t.id AND filter_id = ?");
+ $sth2->execute([$filter_id]);
- while ($action_line = db_fetch_assoc($result2)) {
+ while ($action_line = $sth2->fetch()) {
# print_r($action_line);
$action = array();
@@ -1960,10 +1943,6 @@
}
}
- function feed_has_icon($id) {
- return is_file(ICONS_DIR . "/$id.ico") && filesize(ICONS_DIR . "/$id.ico") > 0;
- }
-
function init_plugins() {
PluginHost::getInstance()->load(PLUGINS, PluginHost::KIND_ALL);
@@ -1974,33 +1953,36 @@
if (!$feed_cat) return false;
- db_query("BEGIN");
+ $feed_cat = mb_substr($feed_cat, 0, 250);
+ if (!$parent_cat_id) $parent_cat_id = null;
- if ($parent_cat_id) {
- $parent_qpart = "parent_cat = '$parent_cat_id'";
- $parent_insert = "'$parent_cat_id'";
- } else {
- $parent_qpart = "parent_cat IS NULL";
- $parent_insert = "NULL";
- }
+ $pdo = Db::pdo();
+ $tr_in_progress = false;
- $feed_cat = mb_substr($feed_cat, 0, 250);
+ try {
+ $pdo->beginTransaction();
+ } catch (Exception $e) {
+ $tr_in_progress = true;
+ }
- $result = db_query(
- "SELECT id FROM ttrss_feed_categories
- WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);
+ $sth = $pdo->prepare("SELECT id FROM ttrss_feed_categories
+ WHERE (parent_cat = :parent OR (:parent IS NULL AND parent_cat IS NULL))
+ AND title = :title AND owner_uid = :uid");
+ $sth->execute([':parent' => $parent_cat_id, ':title' => $feed_cat, ':uid' => $_SESSION['uid']]);
- if (db_num_rows($result) == 0) {
+ if (!$sth->fetch()) {
- $result = db_query(
- "INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
- VALUES ('".$_SESSION["uid"]."', '$feed_cat', $parent_insert)");
+ $sth = $pdo->prepare("INSERT INTO ttrss_feed_categories (owner_uid,title,parent_cat)
+ VALUES (?, ?, ?)");
+ $sth->execute([$_SESSION['uid'], $feed_cat, $parent_cat_id]);
- db_query("COMMIT");
+ if (!$tr_in_progress) $pdo->commit();
return true;
}
+ $pdo->commit();
+
return false;
}
@@ -2070,24 +2052,28 @@
if (!$owner_uid) $owner_uid = $_SESSION["uid"];
- $sql_is_cat = bool_to_sql_bool($is_cat);
+ $is_cat = bool_to_sql_bool($is_cat);
+
+ $pdo = Db::pdo();
- $result = db_query("SELECT access_key FROM ttrss_access_keys
- WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
- AND owner_uid = " . $owner_uid);
+ $sth = $pdo->prepare("SELECT access_key FROM ttrss_access_keys
+ WHERE feed_id = ? AND is_cat = ?
+ AND owner_uid = ?");
+ $sth->execute([$feed_id, (int)$is_cat, $owner_uid]);
- if (db_num_rows($result) == 1) {
- return db_fetch_result($result, 0, "access_key");
+ if ($row = $sth->fetch()) {
+ return $row["access_key"];
} else {
- $key = db_escape_string(uniqid_short());
+ $key = uniqid_short();
- $result = db_query("INSERT INTO ttrss_access_keys
+ $sth = $pdo->prepare("INSERT INTO ttrss_access_keys
(access_key, feed_id, is_cat, owner_uid)
- VALUES ('$key', '$feed_id', $sql_is_cat, '$owner_uid')");
+ VALUES (?, ?, ?, ?)");
+
+ $sth->execute([$key, $feed_id, (int)$is_cat, $owner_uid]);
return $key;
}
- return false;
}
function get_feeds_from_html($url, $content)
@@ -2180,6 +2166,8 @@
function cleanup_tags($days = 14, $limit = 1000) {
+ $days = (int) $days;
+
if (DB_TYPE == "pgsql") {
$interval_query = "date_updated < NOW() - INTERVAL '$days days'";
} else if (DB_TYPE == "mysql") {
@@ -2188,27 +2176,28 @@
$tags_deleted = 0;
- while ($limit > 0) {
+ $pdo = Db::pdo();
+
+ while ($limit > 0) {
$limit_part = 500;
- $query = "SELECT ttrss_tags.id AS id
+ $sth = $pdo->prepare("SELECT ttrss_tags.id AS id
FROM ttrss_tags, ttrss_user_entries, ttrss_entries
WHERE post_int_id = int_id AND $interval_query AND
- ref_id = ttrss_entries.id AND tag_cache != '' LIMIT $limit_part";
-
- $result = db_query($query);
+ ref_id = ttrss_entries.id AND tag_cache != '' LIMIT ?");
+ $sth->execute([$limit]);
$ids = array();
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($ids, $line['id']);
}
if (count($ids) > 0) {
$ids = join(",", $ids);
- $tmp_result = db_query("DELETE FROM ttrss_tags WHERE id IN ($ids)");
- $tags_deleted += db_affected_rows($tmp_result);
+ $usth = $pdo->query("DELETE FROM ttrss_tags WHERE id IN ($ids)");
+ $tags_deleted = $usth->rowCount();
} else {
break;
}
@@ -2233,6 +2222,8 @@
function filter_to_sql($filter, $owner_uid) {
$query = array();
+ $pdo = Db::pdo();
+
if (DB_TYPE == "pgsql")
$reg_qpart = "~";
else
@@ -2245,7 +2236,7 @@
if ($regexp_valid) {
- $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+ $rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
switch ($rule["type"]) {
case "title":
@@ -2278,7 +2269,7 @@
if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
- $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+ $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
}
if (isset($rule["cat_id"])) {
@@ -2358,9 +2349,9 @@
foreach ($files as $js) {
if (!isset($_GET['debug'])) {
- $cached_file = CACHE_DIR . "/js/".basename($js).".js";
+ $cached_file = CACHE_DIR . "/js/".basename($js);
- if (file_exists($cached_file) && is_readable($cached_file) && filemtime($cached_file) >= filemtime("js/$js.js")) {
+ if (file_exists($cached_file) && is_readable($cached_file) && filemtime($cached_file) >= filemtime("js/$js")) {
list($header, $contents) = explode("\n", file_get_contents($cached_file), 2);
@@ -2374,12 +2365,12 @@
}
}
- $minified = JShrink\Minifier::minify(file_get_contents("js/$js.js"));
+ $minified = JShrink\Minifier::minify(file_get_contents("js/$js"));
file_put_contents($cached_file, "tt-rss:" . VERSION . "\n" . $minified);
$rv .= $minified;
} else {
- $rv .= file_get_contents("js/$js.js"); // no cache in debug mode
+ $rv .= file_get_contents("js/$js"); // no cache in debug mode
}
}
@@ -2442,6 +2433,9 @@
}
function get_theme_path($theme) {
+ if ($theme == "default.php")
+ return "css/default.css";
+
$check = "themes/$theme";
if (file_exists($check)) return $check;
@@ -2550,17 +2544,28 @@
}
function check_mysql_tables() {
- $schema = db_escape_string(DB_NAME);
+ $pdo = Db::pdo();
- $result = db_query("SELECT engine, table_name FROM information_schema.tables WHERE
- table_schema = '$schema' AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
+ $sth = $pdo->prepare("SELECT engine, table_name FROM information_schema.tables WHERE
+ table_schema = ? AND table_name LIKE 'ttrss_%' AND engine != 'InnoDB'");
+ $sth->execute([DB_NAME]);
$bad_tables = [];
- while ($line = db_fetch_assoc($result)) {
+ while ($line = $sth->fetch()) {
array_push($bad_tables, $line);
}
return $bad_tables;
}
+ function validate_field($string, $allowed, $default = "") {
+ if (in_array($string, $allowed))
+ return $string;
+ else
+ return $default;
+ }
+
+ function arr_qmarks($arr) {
+ return str_repeat('?,', count($arr) - 1) . '?';
+ }
diff --git a/include/login_form.php b/include/login_form.php
index 41c3f173e..bb142f6c5 100644
--- a/include/login_form.php
+++ b/include/login_form.php
@@ -23,98 +23,9 @@
init();
});
</script>
- <style type="text/css">
- body#ttrssLogin {
- padding : 2em;
- font-size : 14px;
- }
-
- fieldset {
- margin-left : auto;
- margin-right : auto;
- display : block;
- width : 400px;
- border-width : 0px;
- }
-
- /*input.input {
- font-family : sans-serif;
- font-size : medium;
- border-spacing : 2px;
- border : 1px solid #b5bcc7;
- padding : 2px;
- }*/
-
- label {
- width : 120px;
- margin-right : 20px;
- display : inline-block;
- text-align : right;
- color : gray;
- }
-
- div.header {
- border-width : 0px 0px 1px 0px;
- border-style : solid;
- border-color : #0088cc;
- margin-bottom : 1em;
- padding-bottom : 5px;
- }
-
- div.footer {
- margin-top : 1em;
- padding-top : 5px;
- border-width : 1px 0px 0px 0px;
- border-style : solid;
- border-color : #0088cc;
- text-align : center;
- color : gray;
- font-size : 12px;
- }
-
- a.forgotpass {
- text-align : right;
- font-size : 11px;
- display : inline-block;
- }
-
- a {
- color : #0088cc;
- }
-
- a {
- color: #0088cc;
- text-decoration: none;
- }
-
- a:hover,
- a:focus {
- color: #005580;
- text-decoration: underline;
- }
-
- div.footer a {
- color : gray;
- }
-
- div.footer a:hover {
- color : #0088cc;
- }
-
- div.row {
- padding : 0px 0px 5px 0px;
- }
-
- div.row-error {
- color : red;
- text-align : center;
- padding : 0px 0px 5px 0px;
- }
-
- </style>
</head>
-<body id="ttrssLogin" class="claro">
+<body class="claro ttrss_main ttrss_login">
<script type="text/javascript">
function init() {
@@ -143,7 +54,7 @@ function fetchProfiles() {
onComplete: function(transport) {
if (transport.responseText.match("select")) {
$('profile_box').innerHTML = transport.responseText;
- dojo.parser.parse('profile_box');
+ //dojo.parser.parse('profile_box');
}
} });
}
diff --git a/include/sanity_check.php b/include/sanity_check.php
index a84959f8e..94578b404 100755
--- a/include/sanity_check.php
+++ b/include/sanity_check.php
@@ -90,10 +90,12 @@
}
}
- if (SINGLE_USER_MODE) {
- $result = db_query("SELECT id FROM ttrss_users WHERE id = 1");
+ if (SINGLE_USER_MODE && class_exists("PDO")) {
+ $pdo = DB::pdo();
- if (db_num_rows($result) != 1) {
+ $res = $pdo->query("SELECT id FROM ttrss_users WHERE id = 1");
+
+ if (!$res->fetch()) {
array_push($errors, "SINGLE_USER_MODE is enabled in config.php but default admin account is not found.");
}
}
@@ -137,6 +139,10 @@
array_push($errors, "PHP support for PostgreSQL is required for configured DB_TYPE in config.php");
}
+ if (!class_exists("PDO")) {
+ array_push($errors, "PHP support for PDO is required but was not found.");
+ }
+
if (!function_exists("mb_strlen")) {
array_push($errors, "PHP support for mbstring functions is required but was not found.");
}
@@ -186,9 +192,9 @@
<head>
<title>Startup failed</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
- <link rel="stylesheet" type="text/css" href="css/utility.css">
+ <link rel="stylesheet" type="text/css" href="css/default.css">
</head>
- <body class='sanity_failed'>
+ <body class='sanity_failed claro ttrss_utility'>
<div class="floatingLogo"><img src="images/logo_small.png"></div>
<div class="content">
diff --git a/include/sessions.php b/include/sessions.php
index 7ea9052bc..c80c21de3 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -27,8 +27,10 @@
global $schema_version;
if (!$schema_version) {
- $result = Db::get()->query("SELECT schema_version FROM ttrss_version");
- $version = Db::get()->fetch_result($result, 0, "schema_version");
+ $row = Db::pdo()->query("SELECT schema_version FROM ttrss_version")->fetch();
+
+ $version = $row["schema_version"];
+
$schema_version = $version;
return $version;
} else {
@@ -44,28 +46,30 @@
__("Session failed to validate (schema version changed)");
return false;
}
+ $pdo = Db::pdo();
if ($_SESSION["uid"]) {
- $result = Db::get()->query(
- "SELECT pwd_hash FROM ttrss_users WHERE id = '".$_SESSION["uid"]."'");
+ $sth = $pdo->prepare("SELECT pwd_hash FROM ttrss_users WHERE id = ?");
+ $sth->execute([$_SESSION['uid']]);
// user not found
- if (Db::get()->num_rows($result) == 0) {
+ if ($row = $sth->fetch()) {
+ $pwd_hash = $row["pwd_hash"];
+
+ if ($pwd_hash != $_SESSION["pwd_hash"]) {
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (user not found)");
+ $_SESSION["login_error_msg"] =
+ __("Session failed to validate (password changed)");
- return false;
+ return false;
+ }
} else {
- $pwd_hash = Db::get()->fetch_result($result, 0, "pwd_hash");
- if ($pwd_hash != $_SESSION["pwd_hash"]) {
+ $_SESSION["login_error_msg"] =
+ __("Session failed to validate (user not found)");
- $_SESSION["login_error_msg"] =
- __("Session failed to validate (password changed)");
+ return false;
- return false;
- }
}
}
@@ -82,18 +86,21 @@
function ttrss_read ($id){
global $session_expire;
- $res = Db::get()->query("SELECT data FROM ttrss_sessions WHERE id='$id'");
+ $sth = Db::pdo()->prepare("SELECT data FROM ttrss_sessions WHERE id=?");
+ $sth->execute([$id]);
- if (Db::get()->num_rows($res) != 1) {
+ if ($row = $sth->fetch()) {
+ return base64_decode($row["data"]);
- $expire = time() + $session_expire;
+ } else {
+ $expire = time() + $session_expire;
- Db::get()->query("INSERT INTO ttrss_sessions (id, data, expire)
- VALUES ('$id', '', '$expire')");
+ $sth = Db::pdo()->prepare("INSERT INTO ttrss_sessions (id, data, expire)
+ VALUES (?, '', ?)");
+ $sth->execute([$id, $expire]);
+
+ return "";
- return "";
- } else {
- return base64_decode(Db::get()->fetch_result($res, 0, "data"));
}
}
@@ -104,7 +111,8 @@
$data = base64_encode($data);
$expire = time() + $session_expire;
- Db::get()->query("UPDATE ttrss_sessions SET data='$data', expire='$expire' WHERE id='$id'");
+ $sth = Db::pdo()->prepare("UPDATE ttrss_sessions SET data=?, expire=? WHERE id=?");
+ $sth->execute([$data, $expire, $id]);
return true;
}
@@ -114,7 +122,8 @@
}
function ttrss_destroy($id) {
- Db::get()->query("DELETE FROM ttrss_sessions WHERE id = '$id'");
+ $sth = Db::pdo()->prepare("DELETE FROM ttrss_sessions WHERE id = ?");
+ $sth->execute([$id]);
return true;
}
@@ -123,7 +132,7 @@
* @SuppressWarnings(PHPMD.UnusedFormalParameter)
*/
function ttrss_gc ($expire) {
- Db::get()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
+ Db::pdo()->query("DELETE FROM ttrss_sessions WHERE expire < " . time());
return true;
}
diff --git a/include/version.php b/include/version.php
index 02bc7f3be..1d7567bb1 100644
--- a/include/version.php
+++ b/include/version.php
@@ -1,5 +1,5 @@
<?php
- define('VERSION_STATIC', '17.4');
+ define('VERSION_STATIC', '17.12');
function get_version() {
date_default_timezone_set('UTC');
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 10:32:41 +0000