diff options
Diffstat (limited to 'plugins')
30 files changed, 232 insertions, 203 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index cf6c13780..e910e52aa 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -22,8 +22,8 @@ class Auth_Internal extends Plugin implements IAuthModule { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); - $login = db_escape_string($login); - $otp = db_escape_string($_REQUEST["otp"]); + $login = db_escape_string($this->link, $login); + $otp = db_escape_string($this->link, $_REQUEST["otp"]); if (get_schema_version($this->link) > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { @@ -140,7 +140,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function check_password($owner_uid, $password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE id = '$owner_uid'"); @@ -169,7 +169,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function change_password($owner_uid, $old_password, $new_password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); if ($this->check_password($owner_uid, $old_password)) { diff --git a/plugins/auth_ldap/init.php b/plugins/auth_ldap/init.php index e1a4c49f1..8a7488e1c 100644 --- a/plugins/auth_ldap/init.php +++ b/plugins/auth_ldap/init.php @@ -10,12 +10,13 @@ * Configuration * Put the following options in config.php and customize them for your environment * - * define('LDAP_AUTH_SERVER_URI, 'ldaps://LDAPServerHostname:port/'); - * define('LDAP_AUTH_USETLS, FALSE); // Enable TLS Support for ldaps:// + * define('LDAP_AUTH_SERVER_URI', 'ldaps://LDAPServerHostname:port/'); + * define('LDAP_AUTH_USETLS', FALSE); // Enable TLS Support for ldaps:// * define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', TRUE); // Allows untrusted certificate * define('LDAP_AUTH_BINDDN', 'cn=serviceaccount,dc=example,dc=com'); * define('LDAP_AUTH_BINDPW', 'ServiceAccountsPassword'); * define('LDAP_AUTH_BASEDN', 'dc=example,dc=com'); + * define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE); * // ??? will be replaced with the entered username(escaped) at login * define('LDAP_AUTH_SEARCHFILTER', '(&(objectClass=person)(uid=???))'); */ @@ -54,7 +55,7 @@ class Auth_Ldap extends Plugin implements IAuthModule { } private function _log($msg) { - trigger_error($msg, E_USER_WARN); + trigger_error($msg, E_USER_WARNING); } function authenticate($login, $password) { @@ -73,10 +74,15 @@ class Auth_Ldap extends Plugin implements IAuthModule { return FALSE; } $ldapConnParams=array( - 'host'=>$parsedURI['scheme'].'://'.$parsedURI['host'], + 'host'=>$parsedURI['host'], 'basedn'=>LDAP_AUTH_BASEDN, 'options' => array('LDAP_OPT_REFERRALS' => 0) ); + + if (!LDAP_AUTH_ANONYMOUSBEFOREBIND) { + $ldapConnParams['binddn']= LDAP_AUTH_BINDDN; + $ldapConnParams['bindpw']= LDAP_AUTH_BINDPW; + } $ldapConnParams['starttls']= defined('LDAP_AUTH_USETLS') ? LDAP_AUTH_USETLS : FALSE; @@ -92,11 +98,13 @@ class Auth_Ldap extends Plugin implements IAuthModule { $this->_log('Could not connect to LDAP Server: '.$ldapConn->getMessage()); return FALSE; } - // Bind with service account - $binding=$ldapConn->bind(LDAP_AUTH_BINDDN, LDAP_AUTH_BINDPW); - if (Net_LDAP2::isError($binding)) { - $this->_log('Cound not bind service account: '.$binding->getMessage()); - return FALSE; + // Bind with service account if orignal connexion was anonymous + if (LDAP_AUTH_ANONYMOUSBEFOREBIND) { + $binding=$ldapConn->bind(LDAP_AUTH_BINDDN, LDAP_AUTH_BINDPW); + if (Net_LDAP2::isError($binding)) { + $this->_log('Cound not bind service account: '.$binding->getMessage()); + return FALSE; + } } //Searching for user $completedSearchFiler=str_replace('???',$login,LDAP_AUTH_SEARCHFILTER); diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php index 7c8d835f8..7e4638fb2 100644 --- a/plugins/auth_remote/init.php +++ b/plugins/auth_remote/init.php @@ -21,7 +21,7 @@ class Auth_Remote extends Plugin implements IAuthModule { } function get_login_by_ssl_certificate() { - $cert_serial = db_escape_string(get_ssl_certificate_id()); + $cert_serial = db_escape_string($this->link, get_ssl_certificate_id()); if ($cert_serial) { $result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users @@ -29,7 +29,7 @@ class Auth_Remote extends Plugin implements IAuthModule { owner_uid = ttrss_users.id"); if (db_num_rows($result) != 0) { - return db_escape_string(db_fetch_result($result, 0, "login")); + return db_escape_string($this->link, db_fetch_result($result, 0, "login")); } } @@ -38,10 +38,10 @@ class Auth_Remote extends Plugin implements IAuthModule { function authenticate($login, $password) { - $try_login = db_escape_string($_SERVER["REMOTE_USER"]); + $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]); // php-cgi - if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]); + if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]); if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); # if (!$try_login) $try_login = "test_qqq"; @@ -60,14 +60,14 @@ class Auth_Remote extends Plugin implements IAuthModule { // update user name $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; if ($fullname){ - $fullname = db_escape_string($fullname); + $fullname = db_escape_string($this->link, $fullname); db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " . $user_id); } // update user mail $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; if ($email){ - $email = db_escape_string($email); + $email = db_escape_string($this->link, $email); db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " . $user_id); } diff --git a/plugins/close_button/init.php b/plugins/close_button/init.php index bf4183320..ff2027bc7 100644 --- a/plugins/close_button/init.php +++ b/plugins/close_button/init.php @@ -18,7 +18,7 @@ class Close_Button extends Plugin { function hook_article_button($line) { if (!get_pref($this->link, "COMBINED_DISPLAY_MODE")) { - $rv = "<img src=\"".theme_image($this->link, 'plugins/close_button/button.png')."\" + $rv = "<img src=\"plugins/close_button/button.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"closeArticlePanel()\" title='".__('Close article')."'>"; diff --git a/plugins/digest/digest.js b/plugins/digest/digest.js index 197847411..c8a08648c 100644 --- a/plugins/digest/digest.js +++ b/plugins/digest/digest.js @@ -68,7 +68,7 @@ function catchup_visible_articles(callback) { var ids = get_visible_article_ids(); - if (confirm(__("Mark %d displayed articles as read?").replace("%d", ids.length))) { + if (confirm(ngettext("Mark %d displayed article as read?", "Mark %d displayed articles as read?", ids.length).replace("%d", ids.length))) { var query = "?op=rpc&method=catchupSelected" + "&cmode=0&ids=" + param_escape(ids); @@ -515,7 +515,7 @@ function redraw_feedlist(feeds) { $('feeds-content').innerHTML += "<li id='F-MORE-PROMPT'>" + "<img src='images/blank_icon.gif'>" + "<a href=\"#\" onclick=\"expand_feeds()\">" + - __("%d more...").replace("%d", feeds.length-10) + + ngettext("%d more...", "%d more...", feeds.length-10).replace("%d", feeds.length-10) + "</a>" + "</li>"; } diff --git a/plugins/digest/digest_body.php b/plugins/digest/digest_body.php index 5ffcfd812..a77d378cb 100644 --- a/plugins/digest/digest_body.php +++ b/plugins/digest/digest_body.php @@ -40,9 +40,7 @@ <div id="overlay_inner"> <noscript> <p> - <?php print_error(__("Your browser doesn't support Javascript, which is required - for this application to function properly. Please check your - browser settings.")) ?></p> + <?php print_error(__("Your browser doesn't support Javascript, which is required for this application to function properly. Please check your browser settings.")) ?></p> </noscript> <img src="images/indicator_white.gif"/> diff --git a/plugins/digest/init.php b/plugins/digest/init.php index 2feabe3b4..2fc98b0ec 100644 --- a/plugins/digest/init.php +++ b/plugins/digest/init.php @@ -47,7 +47,7 @@ class Digest extends Plugin implements IHandler { } function digestgetcontents() { - $article_id = db_escape_string($_REQUEST['article_id']); + $article_id = db_escape_string($this->link, $_REQUEST['article_id']); $result = db_query($this->link, "SELECT content,title,link,marked,published FROM ttrss_entries, ttrss_user_entries @@ -67,9 +67,9 @@ class Digest extends Plugin implements IHandler { } function digestupdate() { - $feed_id = db_escape_string($_REQUEST['feed_id']); - $offset = db_escape_string($_REQUEST['offset']); - $seq = db_escape_string($_REQUEST['seq']); + $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']); + $offset = db_escape_string($this->link, $_REQUEST['offset']); + $seq = db_escape_string($this->link, $_REQUEST['seq']); if (!$feed_id) $feed_id = -4; if (!$offset) $offset = 0; diff --git a/plugins/embed_original/button.png b/plugins/embed_original/button.png Binary files differnew file mode 100644 index 000000000..e861201d5 --- /dev/null +++ b/plugins/embed_original/button.png diff --git a/plugins/embed_original/init.css b/plugins/embed_original/init.css new file mode 100644 index 000000000..4ce482e1a --- /dev/null +++ b/plugins/embed_original/init.css @@ -0,0 +1,13 @@ +div.cdmContentInner iframe.embeddedContent { + overflow : hidden; + width : 100%; + height : 600px; + border-width : 0px; +} + +div.postContent iframe.embeddedContent { + overflow : hidden; + width : 100%; + height : 100%; + border-width : 0px; +} diff --git a/plugins/embed_original/init.js b/plugins/embed_original/init.js new file mode 100644 index 000000000..517f2cd54 --- /dev/null +++ b/plugins/embed_original/init.js @@ -0,0 +1,69 @@ +function embedOriginalArticle(id) { + try { + var hasSandbox = "sandbox" in document.createElement("iframe"); + + if (!hasSandbox) { + alert(__("Sorry, your browser does not support sandboxed iframes.")); + return; + } + + var query = "op=pluginhandler&plugin=embed_original&method=getUrl&id=" + + param_escape(id); + + var c = false; + + if (isCdmMode()) { + c = $$("div#RROW-" + id + " div[class=cdmContentInner]")[0]; + } else if (id == getActiveArticleId()) { + c = $$("div[class=postContent]")[0]; + } + + if (c) { + var iframe = c.getElementsByClassName("embeddedContent")[0]; + + if (iframe) { + Element.show(c.firstChild); + c.removeChild(iframe); + + if (isCdmMode()) { + cdmScrollToArticleId(id, true); + } + + return; + } + } + + new Ajax.Request("backend.php", { + parameters: query, + onComplete: function(transport) { + var ti = JSON.parse(transport.responseText); + + if (ti) { + + var iframe = new Element("iframe", { + class: "embeddedContent", + src: ti.url, + sandbox: 'allow-scripts', + }); + + if (c) { + Element.hide(c.firstChild); + + if (c.firstChild.nextSibling) + c.insertBefore(iframe, c.firstChild.nextSibling); + else + c.appendChild(iframe); + + if (isCdmMode()) { + cdmScrollToArticleId(id, true); + } + } + } + + } }); + + + } catch (e) { + exception_error("embedOriginalArticle", e); + } +} diff --git a/plugins/embed_original/init.php b/plugins/embed_original/init.php new file mode 100644 index 000000000..0e0eb9603 --- /dev/null +++ b/plugins/embed_original/init.php @@ -0,0 +1,56 @@ +<?php +class Embed_Original extends Plugin { + private $link; + private $host; + + function init($host) { + $this->link = $host->get_link(); + $this->host = $host; + + $host->add_hook($host::HOOK_ARTICLE_BUTTON, $this); + } + + function about() { + return array(1.0, + "Try to display original article content inside tt-rss", + "fox"); + } + + function get_js() { + return file_get_contents(dirname(__FILE__) . "/init.js"); + } + + function get_css() { + return file_get_contents(dirname(__FILE__) . "/init.css"); + } + + function hook_article_button($line) { + $id = $line["id"]; + + $rv = "<img src=\"plugins/embed_original/button.png\" + class='tagsPic' style=\"cursor : pointer\" + onclick=\"embedOriginalArticle($id)\" + title='".__('Toggle embed original')."'>"; + + return $rv; + } + + function getUrl() { + $id = db_escape_string($this->link, $_REQUEST['id']); + + $result = db_query($this->link, "SELECT link + FROM ttrss_entries, ttrss_user_entries + WHERE id = '$id' AND ref_id = id AND owner_uid = " .$_SESSION['uid']); + + $url = ""; + + if (db_num_rows($result) != 0) { + $url = db_fetch_result($result, 0, "link"); + + } + + print json_encode(array("url" => $url, "id" => $id)); + } + +} +?> diff --git a/plugins/example/init.php b/plugins/example/init.php index f3788ae8c..926a57da8 100644 --- a/plugins/example/init.php +++ b/plugins/example/init.php @@ -21,7 +21,7 @@ class Example extends Plugin { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); $this->host->set($this, "example", $example_value); diff --git a/plugins/flattr/init.php b/plugins/flattr/init.php index d5e4ad025..b91019880 100644 --- a/plugins/flattr/init.php +++ b/plugins/flattr/init.php @@ -25,7 +25,7 @@ class Flattr extends Plugin { $encoded = urlencode($article_link); $r = file_get_contents("https://api.flattr.com/rest/v2/things/lookup/?url=$encoded"); $response = json_decode($r, true); - $image = "<img src=\"".theme_image($this->link, 'plugins/flattr/flattr.png')."\" + $image = "<img src=\"plugins/flattr/flattr.png\" class='tagsPic' style=\"cursor : pointer\" title='".__('Flattr this article.')."'>"; // if Flattr has it in the catalogue, we display the button diff --git a/plugins/googleplus/init.php b/plugins/googleplus/init.php index 3d6c60887..6045d2df6 100644 --- a/plugins/googleplus/init.php +++ b/plugins/googleplus/init.php @@ -23,7 +23,7 @@ class GooglePlus extends Plugin { function hook_article_button($line) { $article_id = $line["id"]; - $rv = "<img src=\"".theme_image($this->link, 'plugins/googleplus/googleplus.png')."\" + $rv = "<img src=\"plugins/googleplus/googleplus.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"shareArticleToGooglePlus($article_id)\" title='".__('Share on Google+')."'>"; @@ -32,7 +32,7 @@ class GooglePlus extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/googlereaderkeys/init.php b/plugins/googlereaderkeys/init.php index 92bf626e6..afdc58ec7 100644 --- a/plugins/googlereaderkeys/init.php +++ b/plugins/googlereaderkeys/init.php @@ -25,6 +25,7 @@ class GoogleReaderKeys extends Plugin { $hotkeys["*p"] = "prev_feed"; $hotkeys["v"] = "open_in_new_window"; $hotkeys["r"] = "feed_refresh"; + $hotkeys["m"] = "toggle_unread"; $hotkeys["(32)|space"] = "next_article"; $hotkeys["(38)|up"] = "article_scroll_up"; $hotkeys["(40)|down"] = "article_scroll_down"; diff --git a/plugins/googlereadertheme/init.css b/plugins/googlereadertheme/init.css deleted file mode 100644 index 8d5c8cefe..000000000 --- a/plugins/googlereadertheme/init.css +++ /dev/null @@ -1,73 +0,0 @@ -/* fix dijit */ -:focus { - outline: none; -} -input[type="search"] { - -webkit-appearance: none; -} -.claro .dijitToolbar .dijitButton .dijitButtonNode, -.claro .dijitToolbar .dijitDropDownButton .dijitButtonNode, -.claro .dijitToolbar .dijitComboButton .dijitButtonNode, -.claro .dijitToolbar .dijitToggleButton .dijitButtonNode, -.claro .dijitToolbar .dijitComboBox .dijitButtonNode { - -moz-transition: background-color, border-color, color; - -webkit-transition-property: background-color, border-color, color; - transition: background-color, border-color, color; -} - - -/* some style */ -body#ttrssMain, -a, -.titleWrap .title { - color: #444; -} -a:hover, -.Unread .titleWrap .title, -.Selected .titleWrap .title, -html div.cdmContent a { - color: #15c; -} -#feeds-holder, -#content-wrap, -#headlines-frame { - border: none; -} -#ttrssMain #headlines-toolbar, -#ttrssMain .dijitToolbar, -#ttrssMain .cdmHeader { - background: #fff; - border-color: transparent; -} -#ttrssMain #headlines-toolbar { - border-color: #ebebeb; -} -#ttrssMain .cdm { - margin: 5px 25px 10px 5px; - border: 1px solid #ddd !important; - box-shadow: 0 0 4px rgba(0,0,0,.1); - background: #fff !important; -} -#ttrssMain .cdm.Selected { - border-left-color: #4d90f0 !important; - background: #fff !important; -} -#ttrssMain .cdmFeedTitle { - border-color: #ebebeb; - background: #fff; - font-size: 1.2em; - font-weight: bold; -} -#headlines-frame .cdmFooter { - border-top: 1px solid #ebebeb; - background: #fafafa; -} - -.titleWrap .title { - font-size: 1.5em; - font-weight: bold; -} -div.cdmHeader span.hlFeed { - padding-top: .5em; -} - diff --git a/plugins/googlereadertheme/init.php b/plugins/googlereadertheme/init.php deleted file mode 100644 index 4ee4a4ba3..000000000 --- a/plugins/googlereadertheme/init.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php -class GoogleReaderTheme extends Plugin { - - private $link; - private $host; - - function about() { - return array(1.0, - "Make tt-rss look similar to Google Reader", - "levito"); - } - - function init($host) { - $this->link = $host->get_link(); - $this->host = $host; - - if ($_SESSION["uid"]) { - // force-enable combined mode - set_pref($this->link, "COMBINED_DISPLAY_MODE", true, $_SESSION["uid"]); - } - } - - function get_css() { - return file_get_contents(dirname(__FILE__) . "/init.css"); - } -} -?> diff --git a/plugins/identica/init.php b/plugins/identica/init.php index c260334af..8e0ad4b9a 100644 --- a/plugins/identica/init.php +++ b/plugins/identica/init.php @@ -23,7 +23,7 @@ class Identica extends Plugin { function hook_article_button($line) { $article_id = $line["id"]; - $rv = "<img src=\"".theme_image($this->link, 'plugins/identica/identica.png')."\" + $rv = "<img src=\"plugins/identica/identica.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"shareArticleToIdentica($article_id)\" title='".__('Share on identi.ca')."'>"; @@ -32,7 +32,7 @@ class Identica extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/import_export/import_export.js b/plugins/import_export/import_export.js index b3b760f15..86b0458be 100644 --- a/plugins/import_export/import_export.js +++ b/plugins/import_export/import_export.js @@ -37,7 +37,7 @@ function exportData() { } else { $("export_status_message").innerHTML = - __("Finished, exported %d articles. You can download the data <a class='visibleLink' href='%u'>here</a>.") + ngettext("Finished, exported %d article. You can download the data <a class='visibleLink' href='%u'>here</a>.", "Finished, exported %d articles. You can download the data <a class='visibleLink' href='%u'>here</a>.", exported) .replace("%d", exported) .replace("%u", "backend.php?op=pluginhandler&plugin=import_export&subop=exportget"); diff --git a/plugins/import_export/init.php b/plugins/import_export/init.php index de21dbf32..5a3051edb 100644 --- a/plugins/import_export/init.php +++ b/plugins/import_export/init.php @@ -49,7 +49,7 @@ class Import_Export extends Plugin implements IHandler { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); echo "Value set to $example_value (not really)"; } @@ -122,7 +122,7 @@ class Import_Export extends Plugin implements IHandler { } function exportrun() { - $offset = (int) db_escape_string($_REQUEST['offset']); + $offset = (int) db_escape_string($this->link, $_REQUEST['offset']); $exported = 0; $limit = 250; @@ -238,7 +238,7 @@ class Import_Export extends Plugin implements IHandler { foreach ($article_node->childNodes as $child) { if ($child->nodeName != 'label_cache') - $article[$child->nodeName] = db_escape_string($child->nodeValue); + $article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue); else $article[$child->nodeName] = $child->nodeValue; } @@ -346,7 +346,7 @@ class Import_Export extends Plugin implements IHandler { $score = (int) $article['score']; $tag_cache = $article['tag_cache']; - $label_cache = db_escape_string($article['label_cache']); + $label_cache = db_escape_string($this->link, $article['label_cache']); $note = $article['note']; //print "Importing " . $article['title'] . "<br/>"; @@ -382,8 +382,10 @@ class Import_Export extends Plugin implements IHandler { } print "<p>" . - T_sprintf("Finished: %d articles processed, %d imported, %d feeds created.", - $num_processed, $num_imported, $num_feeds_created) . + vsprintf(__("Finished: ")). + vsprintf(ngettext("%d article processed, ", "%d articles processed, ", $num_processed), $num_processed). + vsprintf(ngettext("%d imported, ", "%d imported, ", $num_imported), $num_imported). + vsprintf(ngettext("%d feed created.", "%d feeds created.", $num_feeds_created), $num_feeds_created). "</p>"; } else { @@ -421,8 +423,7 @@ class Import_Export extends Plugin implements IHandler { $this->perform_data_import($this->link, $_FILES['export_file']['tmp_name'], $_SESSION['uid']); } else { - print "<p>" . T_sprintf("Could not upload file. You might need to adjust upload_max_filesize - in PHP.ini (current value = %s)", ini_get("upload_max_filesize")) . " or use CLI import tool.</p>"; + print "<p>" . T_sprintf("Could not upload file. You might need to adjust upload_max_filesize in PHP.ini (current value = %s)", ini_get("upload_max_filesize")) . " or use CLI import tool.</p>"; } diff --git a/plugins/instances/init.php b/plugins/instances/init.php index 6c0f89e1c..6e8d43e9b 100644 --- a/plugins/instances/init.php +++ b/plugins/instances/init.php @@ -92,10 +92,10 @@ class Instances extends Plugin implements IHandler { WHERE instance_id = '$id'"); foreach ($feeds['feeds'] as $feed) { - $feed_url = db_escape_string($feed['feed_url']); - $title = db_escape_string($feed['title']); - $subscribers = db_escape_string($feed['subscribers']); - $site_url = db_escape_string($feed['site_url']); + $feed_url = db_escape_string($this->link, $feed['feed_url']); + $title = db_escape_string($this->link, $feed['title']); + $subscribers = db_escape_string($this->link, $feed['subscribers']); + $site_url = db_escape_string($this->link, $feed['site_url']); db_query($link, "INSERT INTO ttrss_linked_feeds (feed_url, site_url, title, subscribers, instance_id, created, updated) @@ -167,16 +167,16 @@ class Instances extends Plugin implements IHandler { } function remove() { - $ids = db_escape_string($_REQUEST['ids']); + $ids = db_escape_string($this->link, $_REQUEST['ids']); db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE id IN ($ids)"); } function add() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "BEGIN"); @@ -195,7 +195,7 @@ class Instances extends Plugin implements IHandler { } function edit() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE id = '$id'"); @@ -253,9 +253,9 @@ class Instances extends Plugin implements IHandler { } function editSave() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "UPDATE ttrss_linked_instances SET access_key = '$access_key', access_url = '$access_url', @@ -277,7 +277,7 @@ class Instances extends Plugin implements IHandler { print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "access_url"; @@ -364,7 +364,7 @@ class Instances extends Plugin implements IHandler { function fbexport() { - $access_key = db_escape_string($_POST["key"]); + $access_key = db_escape_string($this->link, $_POST["key"]); // TODO: rate limit checking using last_connected $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances diff --git a/plugins/mail/init.php b/plugins/mail/init.php index 84fd5d3b2..49de96afd 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -22,7 +22,7 @@ class Mail extends Plugin { } function hook_article_button($line) { - return "<img src=\"".theme_image($link, 'plugins/mail/mail.png')."\" + return "<img src=\"plugins/mail/mail.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"emailArticle(".$line["id"].")\" alt='Zoom' title='".__('Forward by email')."'>"; @@ -30,7 +30,7 @@ class Mail extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $secretkey = sha1(uniqid(rand(), true)); @@ -137,7 +137,7 @@ class Mail extends Plugin { function sendEmail() { $secretkey = $_REQUEST['secretkey']; - require_once 'lib/phpmailer/class.phpmailer.php'; + require_once 'classes/ttrssmailer.php'; $reply = array(); @@ -146,42 +146,25 @@ class Mail extends Plugin { $_SESSION['email_secretkey'] = ''; - $destination = $_REQUEST['destination']; - $subject = $_REQUEST['subject']; - $content = $_REQUEST['content']; - $replyto = strip_tags($_SESSION['email_replyto']); $fromname = strip_tags($_SESSION['email_fromname']); - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; + $mail = new ttrssMailer(); $mail->From = $replyto; $mail->FromName = $fromname; - $mail->AddAddress($destination); - - if (SMTP_HOST) { - $mail->Host = SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->SMTPAuth = SMTP_LOGIN != ''; - $mail->Username = SMTP_LOGIN; - $mail->Password = SMTP_PASSWORD; - } + $mail->AddAddress($_REQUEST['destination']); $mail->IsHTML(false); - $mail->Subject = $subject; - $mail->Body = $content; + $mail->Subject = $_REQUEST['subject']; + $mail->Body = $_REQUEST['content']; $rc = $mail->Send(); if (!$rc) { $reply['error'] = $mail->ErrorInfo; } else { - save_email_address($this->link, db_escape_string($destination)); + save_email_address($this->link, db_escape_string($this->link, $destination)); $reply['message'] = "UPDATE_COUNTERS"; } @@ -193,7 +176,7 @@ class Mail extends Plugin { } function completeEmails() { - $search = db_escape_string($_REQUEST["search"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); print "<ul>"; diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php index bbc0dffa4..e140bbea7 100644 --- a/plugins/mailto/init.php +++ b/plugins/mailto/init.php @@ -22,7 +22,7 @@ class MailTo extends Plugin { } function hook_article_button($line) { - return "<img src=\"".theme_image($link, 'plugins/mailto/mail.png')."\" + return "<img src=\"plugins/mailto/mail.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"mailtoArticle(".$line["id"].")\" alt='Zoom' title='".__('Forward by email')."'>"; @@ -30,7 +30,7 @@ class MailTo extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); require_once "lib/MiniTemplator.class.php"; diff --git a/plugins/note/init.php b/plugins/note/init.php index 560796a69..7e8cfb57f 100644 --- a/plugins/note/init.php +++ b/plugins/note/init.php @@ -22,14 +22,14 @@ class Note extends Plugin { function hook_article_button($line) { - return "<img src=\"".theme_image($this->link, "plugins/note/note.png")."\" + return "<img src=\"plugins/note/note.png\" style=\"cursor : pointer\" style=\"cursor : pointer\" onclick=\"editArticleNote(".$line["id"].")\" class='tagsPic' title='".__('Edit article note')."'>"; } function edit() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE ref_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -58,8 +58,8 @@ class Note extends Plugin { } function setNote() { - $id = db_escape_string($_REQUEST["id"]); - $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"]))); db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note' WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); diff --git a/plugins/nsfw/init.php b/plugins/nsfw/init.php index 9aadde4dd..247d56a1e 100644 --- a/plugins/nsfw/init.php +++ b/plugins/nsfw/init.php @@ -91,7 +91,7 @@ class NSFW extends Plugin { } function save() { - $tags = explode(",", db_escape_string($_POST["tags"])); + $tags = explode(",", db_escape_string($this->link, $_POST["tags"])); $tags = array_map("trim", $tags); $tags = array_map("mb_strtolower", $tags); $tags = join(", ", $tags); diff --git a/plugins/owncloud/init.php b/plugins/owncloud/init.php index b846241b8..5d215b386 100644 --- a/plugins/owncloud/init.php +++ b/plugins/owncloud/init.php @@ -20,7 +20,7 @@ class OwnCloud extends Plugin { } function save() { - $owncloud_url = db_escape_string($_POST["owncloud_url"]); + $owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]); $this->host->set($this, "owncloud", $owncloud_url); echo "Value set to $owncloud_url"; } @@ -68,14 +68,14 @@ class OwnCloud extends Plugin { } function hook_article_button($line) { - return "<img src=\"".theme_image($this->link, "plugins/owncloud/owncloud.png")."\" + return "<img src=\"plugins/owncloud/owncloud.png\" style=\"cursor : pointer\" style=\"cursor : pointer\" onclick=\"ownArticle(".$line["id"].")\" class='tagsPic' title='".__('Bookmark on OwnCloud ')."'>"; } function getOwnCloud() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pinterest/init.php b/plugins/pinterest/init.php index aef9d8511..11fe64eb5 100644 --- a/plugins/pinterest/init.php +++ b/plugins/pinterest/init.php @@ -23,7 +23,7 @@ class Pinterest extends Plugin { function hook_article_button($line) { $article_id = $line["id"]; - $rv = "<img src=\"".theme_image($this->link, 'plugins/pinterest/pinterest.png')."\" + $rv = "<img src=\"plugins/pinterest/pinterest.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"pinterest($article_id)\" title='".__('Pinterest')."'>"; @@ -32,7 +32,7 @@ class Pinterest extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pocket/init.php b/plugins/pocket/init.php index 3fc51dd91..e96d08001 100644 --- a/plugins/pocket/init.php +++ b/plugins/pocket/init.php @@ -24,7 +24,7 @@ class Pocket extends Plugin { function hook_article_button($line) { $article_id = $line["id"]; - $rv = "<img src=\"".theme_image($this->link, 'plugins/pocket/pocket.png')."\" + $rv = "<img src=\"plugins/pocket/pocket.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"shareArticleToPocket($article_id)\" title='".__('Pocket')."'>"; @@ -33,7 +33,7 @@ class Pocket extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/share/init.php b/plugins/share/init.php index e1151849b..a3dc35224 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -21,14 +21,14 @@ class Share extends Plugin { } function hook_article_button($line) { - return "<img src=\"".theme_image($this->link, 'plugins/share/share.png')."\" + return "<img src=\"plugins/share/share.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"shareArticle(".$line['int_id'].")\" title='".__('Share by URL')."'>"; } function shareArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -41,7 +41,7 @@ class Share extends Plugin { $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { - $uuid = db_escape_string(sha1(uniqid(rand(), true))); + $uuid = db_escape_string($this->link, sha1(uniqid(rand(), true))); db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); } diff --git a/plugins/tweet/init.php b/plugins/tweet/init.php index e7f8ce949..bbcf7836c 100644 --- a/plugins/tweet/init.php +++ b/plugins/tweet/init.php @@ -23,7 +23,7 @@ class Tweet extends Plugin { function hook_article_button($line) { $article_id = $line["id"]; - $rv = "<img src=\"".theme_image($this->link, 'plugins/tweet/tweet.png')."\" + $rv = "<img src=\"plugins/tweet/tweet.png\" class='tagsPic' style=\"cursor : pointer\" onclick=\"tweetArticle($article_id)\" title='".__('Share on Twitter')."'>"; @@ -32,7 +32,7 @@ class Tweet extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries |