public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-14 01:15:56 +00:00
Code Issues Releases Wiki Activity

labels: PDO

Browse Source
This commit is contained in:
Andrew Dolgov
2017-12-02 12:45:33 +03:00
parent c2418a559b
commit 21295a52aa
1 changed files with 98 additions and 90 deletions
Download Patch File Download Diff File Expand all files Collapse all files

122
classes/pref/labels.php
View File

@@ -8,12 +8,13 @@ class Pref_Labels extends Handler_Protected {
} }
function edit() { function edit() {
$label_id = $this->dbh->escape_string($_REQUEST['id']); $label_id = $_REQUEST['id'];
$result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); id = ? AND owner_uid = ?");
$sth->execute([$label_id, $_SESSION['uid']]);
$line = $this->dbh->fetch_assoc($result); if ($line = $sth->fetch()) {
print_hidden("id", "$label_id"); print_hidden("id", "$label_id");
print_hidden("op", "pref-labels"); print_hidden("op", "pref-labels");
@@ -80,8 +81,7 @@ class Pref_Labels extends Handler_Protected {
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>"; __('Cancel')."</button>";
print "</div>"; print "</div>";
}
return;
} }
function getlabeltree() { function getlabeltree() {
@@ -90,12 +90,13 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels'); $root['name'] = __('Labels');
$root['items'] = array(); $root['items'] = array();
$result = $this->dbh->query("SELECT * $sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2 FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]." WHERE owner_uid = ?
ORDER BY caption"); ORDER BY caption");
$sth->execute([$_SESSION['uid']]);
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
$label = array(); $label = array();
$label['id'] = 'LABEL:' . $line['id']; $label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id']; $label['bare_id'] = $line['id'];
@@ -118,84 +119,92 @@ class Pref_Labels extends Handler_Protected {
} }
function colorset() { function colorset() {
$kind = $this->dbh->escape_string($_REQUEST["kind"]); $kind = $_REQUEST["kind"];
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(',', $_REQUEST["ids"]);
$color = $this->dbh->escape_string($_REQUEST["color"]); $color = $_REQUEST["color"];
$fg = $this->dbh->escape_string($_REQUEST["fg"]); $fg = $_REQUEST["fg"];
$bg = $this->dbh->escape_string($_REQUEST["bg"]); $bg = $_REQUEST["bg"];
foreach ($ids as $id) { foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") { if ($kind == "fg" || $kind == "bg") {
$this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id' ${kind}_color = ? WHERE id = ?
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = ?");
$sth->execute([$color, $id, $_SESSION['uid']]);
} else { } else {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id' $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
AND owner_uid = " . $_SESSION["uid"]); fg_color = ?, bg_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
} }
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */ /* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
} }
return;
} }
function colorreset() { function colorreset() {
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) { foreach ($ids as $id) {
$this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id' fg_color = '', bg_color = '' WHERE id = ?
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */ /* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
} }
} }
function save() { function save() {
$id = $this->dbh->escape_string($_REQUEST["id"]); $id = $_REQUEST["id"];
$caption = $this->dbh->escape_string(trim($_REQUEST["caption"])); $caption = trim($_REQUEST["caption"]);
$this->dbh->query("BEGIN"); $this->pdo->beginTransaction();
$result = $this->dbh->query("SELECT caption FROM ttrss_labels2 $sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); WHERE id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) != 0) { if ($row = $sth->fetch()) {
$old_caption = $this->dbh->fetch_result($result, 0, "caption"); $old_caption = $row["caption"];
$result = $this->dbh->query("SELECT id FROM ttrss_labels2 $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]); WHERE caption = ? AND owner_uid = ?");
$sth->execute([$caption, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) == 0) { if (!$sth->fetch()) {
if ($caption) { if ($caption) {
$result = $this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND caption = ? WHERE id = ? AND
owner_uid = " . $_SESSION["uid"]); owner_uid = ?");
$sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */ /* Update filters that reference label being renamed */
$old_caption = $this->dbh->escape_string($old_caption); $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
action_param = ? WHERE action_param = ?
$this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7 AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")"); AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
$sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"]; print $_REQUEST["value"];
} else { } else {
@@ -206,14 +215,13 @@ class Pref_Labels extends Handler_Protected {
} }
} }
$this->dbh->query("COMMIT"); $this->pdo->commit();
return;
} }
function remove() { function remove() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) { foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]); Labels::remove($id, $_SESSION["uid"]);
@@ -222,8 +230,8 @@ class Pref_Labels extends Handler_Protected {
} }
function add() { function add() {
$caption = $this->dbh->escape_string($_REQUEST["caption"]); $caption = $_REQUEST["caption"];
$output = $this->dbh->escape_string($_REQUEST["output"]); $output = $_REQUEST["output"];
if ($caption) { if ($caption) {