diff options
Diffstat (limited to 'plugins')
-rw-r--r-- | plugins/auth_internal/init.php | 8 | ||||
-rw-r--r-- | plugins/auth_remote/init.php | 12 | ||||
-rw-r--r-- | plugins/digest/init.php | 8 | ||||
-rw-r--r-- | plugins/embed_original/button.png | bin | 0 -> 1298 bytes | |||
-rw-r--r-- | plugins/embed_original/init.css | 13 | ||||
-rw-r--r-- | plugins/embed_original/init.js | 69 | ||||
-rw-r--r-- | plugins/embed_original/init.php | 56 | ||||
-rw-r--r-- | plugins/example/init.php | 2 | ||||
-rw-r--r-- | plugins/googleplus/init.php | 2 | ||||
-rw-r--r-- | plugins/googlereaderkeys/init.php | 1 | ||||
-rw-r--r-- | plugins/googlereadertheme/init.css | 73 | ||||
-rw-r--r-- | plugins/googlereadertheme/init.php | 27 | ||||
-rw-r--r-- | plugins/identica/init.php | 2 | ||||
-rw-r--r-- | plugins/import_export/init.php | 8 | ||||
-rw-r--r-- | plugins/instances/init.php | 28 | ||||
-rw-r--r-- | plugins/mail/init.php | 33 | ||||
-rw-r--r-- | plugins/mailto/init.php | 2 | ||||
-rw-r--r-- | plugins/note/init.php | 6 | ||||
-rw-r--r-- | plugins/nsfw/init.php | 2 | ||||
-rw-r--r-- | plugins/owncloud/init.php | 4 | ||||
-rw-r--r-- | plugins/pinterest/init.php | 2 | ||||
-rw-r--r-- | plugins/pocket/init.php | 2 | ||||
-rw-r--r-- | plugins/share/init.php | 4 | ||||
-rw-r--r-- | plugins/tweet/init.php | 2 |
24 files changed, 194 insertions, 172 deletions
diff --git a/plugins/auth_internal/init.php b/plugins/auth_internal/init.php index cf6c13780..e910e52aa 100644 --- a/plugins/auth_internal/init.php +++ b/plugins/auth_internal/init.php @@ -22,8 +22,8 @@ class Auth_Internal extends Plugin implements IAuthModule { $pwd_hash1 = encrypt_password($password); $pwd_hash2 = encrypt_password($password, $login); - $login = db_escape_string($login); - $otp = db_escape_string($_REQUEST["otp"]); + $login = db_escape_string($this->link, $login); + $otp = db_escape_string($this->link, $_REQUEST["otp"]); if (get_schema_version($this->link) > 96) { if (!defined('AUTH_DISABLE_OTP') || !AUTH_DISABLE_OTP) { @@ -140,7 +140,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function check_password($owner_uid, $password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); $result = db_query($this->link, "SELECT salt,login FROM ttrss_users WHERE id = '$owner_uid'"); @@ -169,7 +169,7 @@ class Auth_Internal extends Plugin implements IAuthModule { } function change_password($owner_uid, $old_password, $new_password) { - $owner_uid = db_escape_string($owner_uid); + $owner_uid = db_escape_string($this->link, $owner_uid); if ($this->check_password($owner_uid, $old_password)) { diff --git a/plugins/auth_remote/init.php b/plugins/auth_remote/init.php index 7c8d835f8..7e4638fb2 100644 --- a/plugins/auth_remote/init.php +++ b/plugins/auth_remote/init.php @@ -21,7 +21,7 @@ class Auth_Remote extends Plugin implements IAuthModule { } function get_login_by_ssl_certificate() { - $cert_serial = db_escape_string(get_ssl_certificate_id()); + $cert_serial = db_escape_string($this->link, get_ssl_certificate_id()); if ($cert_serial) { $result = db_query($this->link, "SELECT login FROM ttrss_user_prefs, ttrss_users @@ -29,7 +29,7 @@ class Auth_Remote extends Plugin implements IAuthModule { owner_uid = ttrss_users.id"); if (db_num_rows($result) != 0) { - return db_escape_string(db_fetch_result($result, 0, "login")); + return db_escape_string($this->link, db_fetch_result($result, 0, "login")); } } @@ -38,10 +38,10 @@ class Auth_Remote extends Plugin implements IAuthModule { function authenticate($login, $password) { - $try_login = db_escape_string($_SERVER["REMOTE_USER"]); + $try_login = db_escape_string($this->link, $_SERVER["REMOTE_USER"]); // php-cgi - if (!$try_login) $try_login = db_escape_string($_SERVER["REDIRECT_REMOTE_USER"]); + if (!$try_login) $try_login = db_escape_string($this->link, $_SERVER["REDIRECT_REMOTE_USER"]); if (!$try_login) $try_login = $this->get_login_by_ssl_certificate(); # if (!$try_login) $try_login = "test_qqq"; @@ -60,14 +60,14 @@ class Auth_Remote extends Plugin implements IAuthModule { // update user name $fullname = $_SERVER['HTTP_USER_NAME'] ? $_SERVER['HTTP_USER_NAME'] : $_SERVER['AUTHENTICATE_CN']; if ($fullname){ - $fullname = db_escape_string($fullname); + $fullname = db_escape_string($this->link, $fullname); db_query($this->link, "UPDATE ttrss_users SET full_name = '$fullname' WHERE id = " . $user_id); } // update user mail $email = $_SERVER['HTTP_USER_MAIL'] ? $_SERVER['HTTP_USER_MAIL'] : $_SERVER['AUTHENTICATE_MAIL']; if ($email){ - $email = db_escape_string($email); + $email = db_escape_string($this->link, $email); db_query($this->link, "UPDATE ttrss_users SET email = '$email' WHERE id = " . $user_id); } diff --git a/plugins/digest/init.php b/plugins/digest/init.php index 2feabe3b4..2fc98b0ec 100644 --- a/plugins/digest/init.php +++ b/plugins/digest/init.php @@ -47,7 +47,7 @@ class Digest extends Plugin implements IHandler { } function digestgetcontents() { - $article_id = db_escape_string($_REQUEST['article_id']); + $article_id = db_escape_string($this->link, $_REQUEST['article_id']); $result = db_query($this->link, "SELECT content,title,link,marked,published FROM ttrss_entries, ttrss_user_entries @@ -67,9 +67,9 @@ class Digest extends Plugin implements IHandler { } function digestupdate() { - $feed_id = db_escape_string($_REQUEST['feed_id']); - $offset = db_escape_string($_REQUEST['offset']); - $seq = db_escape_string($_REQUEST['seq']); + $feed_id = db_escape_string($this->link, $_REQUEST['feed_id']); + $offset = db_escape_string($this->link, $_REQUEST['offset']); + $seq = db_escape_string($this->link, $_REQUEST['seq']); if (!$feed_id) $feed_id = -4; if (!$offset) $offset = 0; diff --git a/plugins/embed_original/button.png b/plugins/embed_original/button.png Binary files differnew file mode 100644 index 000000000..e861201d5 --- /dev/null +++ b/plugins/embed_original/button.png diff --git a/plugins/embed_original/init.css b/plugins/embed_original/init.css new file mode 100644 index 000000000..4ce482e1a --- /dev/null +++ b/plugins/embed_original/init.css @@ -0,0 +1,13 @@ +div.cdmContentInner iframe.embeddedContent { + overflow : hidden; + width : 100%; + height : 600px; + border-width : 0px; +} + +div.postContent iframe.embeddedContent { + overflow : hidden; + width : 100%; + height : 100%; + border-width : 0px; +} diff --git a/plugins/embed_original/init.js b/plugins/embed_original/init.js new file mode 100644 index 000000000..517f2cd54 --- /dev/null +++ b/plugins/embed_original/init.js @@ -0,0 +1,69 @@ +function embedOriginalArticle(id) { + try { + var hasSandbox = "sandbox" in document.createElement("iframe"); + + if (!hasSandbox) { + alert(__("Sorry, your browser does not support sandboxed iframes.")); + return; + } + + var query = "op=pluginhandler&plugin=embed_original&method=getUrl&id=" + + param_escape(id); + + var c = false; + + if (isCdmMode()) { + c = $$("div#RROW-" + id + " div[class=cdmContentInner]")[0]; + } else if (id == getActiveArticleId()) { + c = $$("div[class=postContent]")[0]; + } + + if (c) { + var iframe = c.getElementsByClassName("embeddedContent")[0]; + + if (iframe) { + Element.show(c.firstChild); + c.removeChild(iframe); + + if (isCdmMode()) { + cdmScrollToArticleId(id, true); + } + + return; + } + } + + new Ajax.Request("backend.php", { + parameters: query, + onComplete: function(transport) { + var ti = JSON.parse(transport.responseText); + + if (ti) { + + var iframe = new Element("iframe", { + class: "embeddedContent", + src: ti.url, + sandbox: 'allow-scripts', + }); + + if (c) { + Element.hide(c.firstChild); + + if (c.firstChild.nextSibling) + c.insertBefore(iframe, c.firstChild.nextSibling); + else + c.appendChild(iframe); + + if (isCdmMode()) { + cdmScrollToArticleId(id, true); + } + } + } + + } }); + + + } catch (e) { + exception_error("embedOriginalArticle", e); + } +} diff --git a/plugins/embed_original/init.php b/plugins/embed_original/init.php new file mode 100644 index 000000000..0e0eb9603 --- /dev/null +++ b/plugins/embed_original/init.php @@ -0,0 +1,56 @@ +<?php +class Embed_Original extends Plugin { + private $link; + private $host; + + function init($host) { + $this->link = $host->get_link(); + $this->host = $host; + + $host->add_hook($host::HOOK_ARTICLE_BUTTON, $this); + } + + function about() { + return array(1.0, + "Try to display original article content inside tt-rss", + "fox"); + } + + function get_js() { + return file_get_contents(dirname(__FILE__) . "/init.js"); + } + + function get_css() { + return file_get_contents(dirname(__FILE__) . "/init.css"); + } + + function hook_article_button($line) { + $id = $line["id"]; + + $rv = "<img src=\"plugins/embed_original/button.png\" + class='tagsPic' style=\"cursor : pointer\" + onclick=\"embedOriginalArticle($id)\" + title='".__('Toggle embed original')."'>"; + + return $rv; + } + + function getUrl() { + $id = db_escape_string($this->link, $_REQUEST['id']); + + $result = db_query($this->link, "SELECT link + FROM ttrss_entries, ttrss_user_entries + WHERE id = '$id' AND ref_id = id AND owner_uid = " .$_SESSION['uid']); + + $url = ""; + + if (db_num_rows($result) != 0) { + $url = db_fetch_result($result, 0, "link"); + + } + + print json_encode(array("url" => $url, "id" => $id)); + } + +} +?> diff --git a/plugins/example/init.php b/plugins/example/init.php index f3788ae8c..926a57da8 100644 --- a/plugins/example/init.php +++ b/plugins/example/init.php @@ -21,7 +21,7 @@ class Example extends Plugin { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); $this->host->set($this, "example", $example_value); diff --git a/plugins/googleplus/init.php b/plugins/googleplus/init.php index 7ae6d1456..6045d2df6 100644 --- a/plugins/googleplus/init.php +++ b/plugins/googleplus/init.php @@ -32,7 +32,7 @@ class GooglePlus extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/googlereaderkeys/init.php b/plugins/googlereaderkeys/init.php index 92bf626e6..afdc58ec7 100644 --- a/plugins/googlereaderkeys/init.php +++ b/plugins/googlereaderkeys/init.php @@ -25,6 +25,7 @@ class GoogleReaderKeys extends Plugin { $hotkeys["*p"] = "prev_feed"; $hotkeys["v"] = "open_in_new_window"; $hotkeys["r"] = "feed_refresh"; + $hotkeys["m"] = "toggle_unread"; $hotkeys["(32)|space"] = "next_article"; $hotkeys["(38)|up"] = "article_scroll_up"; $hotkeys["(40)|down"] = "article_scroll_down"; diff --git a/plugins/googlereadertheme/init.css b/plugins/googlereadertheme/init.css deleted file mode 100644 index 8d5c8cefe..000000000 --- a/plugins/googlereadertheme/init.css +++ /dev/null @@ -1,73 +0,0 @@ -/* fix dijit */ -:focus { - outline: none; -} -input[type="search"] { - -webkit-appearance: none; -} -.claro .dijitToolbar .dijitButton .dijitButtonNode, -.claro .dijitToolbar .dijitDropDownButton .dijitButtonNode, -.claro .dijitToolbar .dijitComboButton .dijitButtonNode, -.claro .dijitToolbar .dijitToggleButton .dijitButtonNode, -.claro .dijitToolbar .dijitComboBox .dijitButtonNode { - -moz-transition: background-color, border-color, color; - -webkit-transition-property: background-color, border-color, color; - transition: background-color, border-color, color; -} - - -/* some style */ -body#ttrssMain, -a, -.titleWrap .title { - color: #444; -} -a:hover, -.Unread .titleWrap .title, -.Selected .titleWrap .title, -html div.cdmContent a { - color: #15c; -} -#feeds-holder, -#content-wrap, -#headlines-frame { - border: none; -} -#ttrssMain #headlines-toolbar, -#ttrssMain .dijitToolbar, -#ttrssMain .cdmHeader { - background: #fff; - border-color: transparent; -} -#ttrssMain #headlines-toolbar { - border-color: #ebebeb; -} -#ttrssMain .cdm { - margin: 5px 25px 10px 5px; - border: 1px solid #ddd !important; - box-shadow: 0 0 4px rgba(0,0,0,.1); - background: #fff !important; -} -#ttrssMain .cdm.Selected { - border-left-color: #4d90f0 !important; - background: #fff !important; -} -#ttrssMain .cdmFeedTitle { - border-color: #ebebeb; - background: #fff; - font-size: 1.2em; - font-weight: bold; -} -#headlines-frame .cdmFooter { - border-top: 1px solid #ebebeb; - background: #fafafa; -} - -.titleWrap .title { - font-size: 1.5em; - font-weight: bold; -} -div.cdmHeader span.hlFeed { - padding-top: .5em; -} - diff --git a/plugins/googlereadertheme/init.php b/plugins/googlereadertheme/init.php deleted file mode 100644 index 4ee4a4ba3..000000000 --- a/plugins/googlereadertheme/init.php +++ /dev/null @@ -1,27 +0,0 @@ -<?php -class GoogleReaderTheme extends Plugin { - - private $link; - private $host; - - function about() { - return array(1.0, - "Make tt-rss look similar to Google Reader", - "levito"); - } - - function init($host) { - $this->link = $host->get_link(); - $this->host = $host; - - if ($_SESSION["uid"]) { - // force-enable combined mode - set_pref($this->link, "COMBINED_DISPLAY_MODE", true, $_SESSION["uid"]); - } - } - - function get_css() { - return file_get_contents(dirname(__FILE__) . "/init.css"); - } -} -?> diff --git a/plugins/identica/init.php b/plugins/identica/init.php index c9aa4118e..8e0ad4b9a 100644 --- a/plugins/identica/init.php +++ b/plugins/identica/init.php @@ -32,7 +32,7 @@ class Identica extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/import_export/init.php b/plugins/import_export/init.php index de21dbf32..61b9a439f 100644 --- a/plugins/import_export/init.php +++ b/plugins/import_export/init.php @@ -49,7 +49,7 @@ class Import_Export extends Plugin implements IHandler { } function save() { - $example_value = db_escape_string($_POST["example_value"]); + $example_value = db_escape_string($this->link, $_POST["example_value"]); echo "Value set to $example_value (not really)"; } @@ -122,7 +122,7 @@ class Import_Export extends Plugin implements IHandler { } function exportrun() { - $offset = (int) db_escape_string($_REQUEST['offset']); + $offset = (int) db_escape_string($this->link, $_REQUEST['offset']); $exported = 0; $limit = 250; @@ -238,7 +238,7 @@ class Import_Export extends Plugin implements IHandler { foreach ($article_node->childNodes as $child) { if ($child->nodeName != 'label_cache') - $article[$child->nodeName] = db_escape_string($child->nodeValue); + $article[$child->nodeName] = db_escape_string($this->link, $child->nodeValue); else $article[$child->nodeName] = $child->nodeValue; } @@ -346,7 +346,7 @@ class Import_Export extends Plugin implements IHandler { $score = (int) $article['score']; $tag_cache = $article['tag_cache']; - $label_cache = db_escape_string($article['label_cache']); + $label_cache = db_escape_string($this->link, $article['label_cache']); $note = $article['note']; //print "Importing " . $article['title'] . "<br/>"; diff --git a/plugins/instances/init.php b/plugins/instances/init.php index 6c0f89e1c..6e8d43e9b 100644 --- a/plugins/instances/init.php +++ b/plugins/instances/init.php @@ -92,10 +92,10 @@ class Instances extends Plugin implements IHandler { WHERE instance_id = '$id'"); foreach ($feeds['feeds'] as $feed) { - $feed_url = db_escape_string($feed['feed_url']); - $title = db_escape_string($feed['title']); - $subscribers = db_escape_string($feed['subscribers']); - $site_url = db_escape_string($feed['site_url']); + $feed_url = db_escape_string($this->link, $feed['feed_url']); + $title = db_escape_string($this->link, $feed['title']); + $subscribers = db_escape_string($this->link, $feed['subscribers']); + $site_url = db_escape_string($this->link, $feed['site_url']); db_query($link, "INSERT INTO ttrss_linked_feeds (feed_url, site_url, title, subscribers, instance_id, created, updated) @@ -167,16 +167,16 @@ class Instances extends Plugin implements IHandler { } function remove() { - $ids = db_escape_string($_REQUEST['ids']); + $ids = db_escape_string($this->link, $_REQUEST['ids']); db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE id IN ($ids)"); } function add() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "BEGIN"); @@ -195,7 +195,7 @@ class Instances extends Plugin implements IHandler { } function edit() { - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE id = '$id'"); @@ -253,9 +253,9 @@ class Instances extends Plugin implements IHandler { } function editSave() { - $id = db_escape_string($_REQUEST["id"]); - $access_url = db_escape_string($_REQUEST["access_url"]); - $access_key = db_escape_string($_REQUEST["access_key"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $access_url = db_escape_string($this->link, $_REQUEST["access_url"]); + $access_key = db_escape_string($this->link, $_REQUEST["access_key"]); db_query($this->link, "UPDATE ttrss_linked_instances SET access_key = '$access_key', access_url = '$access_url', @@ -277,7 +277,7 @@ class Instances extends Plugin implements IHandler { print "<div id=\"pref-instance-toolbar\" dojoType=\"dijit.Toolbar\">"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "access_url"; @@ -364,7 +364,7 @@ class Instances extends Plugin implements IHandler { function fbexport() { - $access_key = db_escape_string($_POST["key"]); + $access_key = db_escape_string($this->link, $_POST["key"]); // TODO: rate limit checking using last_connected $result = db_query($this->link, "SELECT id FROM ttrss_linked_instances diff --git a/plugins/mail/init.php b/plugins/mail/init.php index 30a417a1b..49de96afd 100644 --- a/plugins/mail/init.php +++ b/plugins/mail/init.php @@ -30,7 +30,7 @@ class Mail extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $secretkey = sha1(uniqid(rand(), true)); @@ -137,7 +137,7 @@ class Mail extends Plugin { function sendEmail() { $secretkey = $_REQUEST['secretkey']; - require_once 'lib/phpmailer/class.phpmailer.php'; + require_once 'classes/ttrssmailer.php'; $reply = array(); @@ -146,42 +146,25 @@ class Mail extends Plugin { $_SESSION['email_secretkey'] = ''; - $destination = $_REQUEST['destination']; - $subject = $_REQUEST['subject']; - $content = $_REQUEST['content']; - $replyto = strip_tags($_SESSION['email_replyto']); $fromname = strip_tags($_SESSION['email_fromname']); - $mail = new PHPMailer(); - - $mail->PluginDir = "lib/phpmailer/"; - $mail->SetLanguage("en", "lib/phpmailer/language/"); - - $mail->CharSet = "UTF-8"; + $mail = new ttrssMailer(); $mail->From = $replyto; $mail->FromName = $fromname; - $mail->AddAddress($destination); - - if (SMTP_HOST) { - $mail->Host = SMTP_HOST; - $mail->Mailer = "smtp"; - $mail->SMTPAuth = SMTP_LOGIN != ''; - $mail->Username = SMTP_LOGIN; - $mail->Password = SMTP_PASSWORD; - } + $mail->AddAddress($_REQUEST['destination']); $mail->IsHTML(false); - $mail->Subject = $subject; - $mail->Body = $content; + $mail->Subject = $_REQUEST['subject']; + $mail->Body = $_REQUEST['content']; $rc = $mail->Send(); if (!$rc) { $reply['error'] = $mail->ErrorInfo; } else { - save_email_address($this->link, db_escape_string($destination)); + save_email_address($this->link, db_escape_string($this->link, $destination)); $reply['message'] = "UPDATE_COUNTERS"; } @@ -193,7 +176,7 @@ class Mail extends Plugin { } function completeEmails() { - $search = db_escape_string($_REQUEST["search"]); + $search = db_escape_string($this->link, $_REQUEST["search"]); print "<ul>"; diff --git a/plugins/mailto/init.php b/plugins/mailto/init.php index 8d175ae1c..e140bbea7 100644 --- a/plugins/mailto/init.php +++ b/plugins/mailto/init.php @@ -30,7 +30,7 @@ class MailTo extends Plugin { function emailArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); require_once "lib/MiniTemplator.class.php"; diff --git a/plugins/note/init.php b/plugins/note/init.php index 83db94248..7e8cfb57f 100644 --- a/plugins/note/init.php +++ b/plugins/note/init.php @@ -29,7 +29,7 @@ class Note extends Plugin { } function edit() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE ref_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -58,8 +58,8 @@ class Note extends Plugin { } function setNote() { - $id = db_escape_string($_REQUEST["id"]); - $note = trim(strip_tags(db_escape_string($_REQUEST["note"]))); + $id = db_escape_string($this->link, $_REQUEST["id"]); + $note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"]))); db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note' WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]); diff --git a/plugins/nsfw/init.php b/plugins/nsfw/init.php index 9aadde4dd..247d56a1e 100644 --- a/plugins/nsfw/init.php +++ b/plugins/nsfw/init.php @@ -91,7 +91,7 @@ class NSFW extends Plugin { } function save() { - $tags = explode(",", db_escape_string($_POST["tags"])); + $tags = explode(",", db_escape_string($this->link, $_POST["tags"])); $tags = array_map("trim", $tags); $tags = array_map("mb_strtolower", $tags); $tags = join(", ", $tags); diff --git a/plugins/owncloud/init.php b/plugins/owncloud/init.php index 48377e9d9..5d215b386 100644 --- a/plugins/owncloud/init.php +++ b/plugins/owncloud/init.php @@ -20,7 +20,7 @@ class OwnCloud extends Plugin { } function save() { - $owncloud_url = db_escape_string($_POST["owncloud_url"]); + $owncloud_url = db_escape_string($this->link, $_POST["owncloud_url"]); $this->host->set($this, "owncloud", $owncloud_url); echo "Value set to $owncloud_url"; } @@ -75,7 +75,7 @@ class OwnCloud extends Plugin { } function getOwnCloud() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pinterest/init.php b/plugins/pinterest/init.php index 96c730e84..11fe64eb5 100644 --- a/plugins/pinterest/init.php +++ b/plugins/pinterest/init.php @@ -32,7 +32,7 @@ class Pinterest extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/pocket/init.php b/plugins/pocket/init.php index 688a6258d..e96d08001 100644 --- a/plugins/pocket/init.php +++ b/plugins/pocket/init.php @@ -33,7 +33,7 @@ class Pocket extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries diff --git a/plugins/share/init.php b/plugins/share/init.php index f52d2a4fa..a3dc35224 100644 --- a/plugins/share/init.php +++ b/plugins/share/init.php @@ -28,7 +28,7 @@ class Share extends Plugin { } function shareArticle() { - $param = db_escape_string($_REQUEST['param']); + $param = db_escape_string($this->link, $_REQUEST['param']); $result = db_query($this->link, "SELECT uuid, ref_id FROM ttrss_user_entries WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); @@ -41,7 +41,7 @@ class Share extends Plugin { $ref_id = db_fetch_result($result, 0, "ref_id"); if (!$uuid) { - $uuid = db_escape_string(sha1(uniqid(rand(), true))); + $uuid = db_escape_string($this->link, sha1(uniqid(rand(), true))); db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '$uuid' WHERE int_id = '$param' AND owner_uid = " . $_SESSION['uid']); } diff --git a/plugins/tweet/init.php b/plugins/tweet/init.php index 2d20c7187..bbcf7836c 100644 --- a/plugins/tweet/init.php +++ b/plugins/tweet/init.php @@ -32,7 +32,7 @@ class Tweet extends Plugin { } function getInfo() { - $id = db_escape_string($_REQUEST['id']); + $id = db_escape_string($this->link, $_REQUEST['id']); $result = db_query($this->link, "SELECT title, link FROM ttrss_entries, ttrss_user_entries |