mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2025-12-31 05:41:29 +00:00
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
This commit is contained in:
Andrew Dolgov
@@ -47,7 +47,7 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function login() {
|
||||
$login = db_escape_string($_REQUEST["user"]);
|
||||
$login = db_escape_string($this->link, $_REQUEST["user"]);
|
||||
$password = $_REQUEST["password"];
|
||||
$password_base64 = base64_decode($_REQUEST["password"]);
|
||||
|
||||
@@ -92,8 +92,8 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function getUnread() {
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$is_cat = db_escape_string($_REQUEST["is_cat"]);
|
||||
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
|
||||
$is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
|
||||
|
||||
if ($feed_id) {
|
||||
print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($this->link, $feed_id, $is_cat)));
|
||||
@@ -108,10 +108,10 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function getFeeds() {
|
||||
$cat_id = db_escape_string($_REQUEST["cat_id"]);
|
||||
$cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
|
||||
$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
|
||||
$limit = (int) db_escape_string($_REQUEST["limit"]);
|
||||
$offset = (int) db_escape_string($_REQUEST["offset"]);
|
||||
$limit = (int) db_escape_string($this->link, $_REQUEST["limit"]);
|
||||
$offset = (int) db_escape_string($this->link, $_REQUEST["offset"]);
|
||||
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
|
||||
|
||||
$feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
|
||||
@@ -171,29 +171,29 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function getHeadlines() {
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
|
||||
if ($feed_id != "") {
|
||||
|
||||
$limit = (int)db_escape_string($_REQUEST["limit"]);
|
||||
$limit = (int)db_escape_string($this->link, $_REQUEST["limit"]);
|
||||
|
||||
if (!$limit || $limit >= 60) $limit = 60;
|
||||
|
||||
$offset = (int)db_escape_string($_REQUEST["skip"]);
|
||||
$filter = db_escape_string($_REQUEST["filter"]);
|
||||
$offset = (int)db_escape_string($this->link, $_REQUEST["skip"]);
|
||||
$filter = db_escape_string($this->link, $_REQUEST["filter"]);
|
||||
$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
|
||||
$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
|
||||
$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
|
||||
/* all_articles, unread, adaptive, marked, updated */
|
||||
$view_mode = db_escape_string($_REQUEST["view_mode"]);
|
||||
$view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]);
|
||||
$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
|
||||
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
|
||||
$since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]);
|
||||
$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
|
||||
$sanitize_content = true;
|
||||
|
||||
/* do not rely on params below */
|
||||
|
||||
$search = db_escape_string($_REQUEST["search"]);
|
||||
$search_mode = db_escape_string($_REQUEST["search_mode"]);
|
||||
$search = db_escape_string($this->link, $_REQUEST["search"]);
|
||||
$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]);
|
||||
|
||||
$headlines = $this->api_get_headlines($this->link, $feed_id, $limit, $offset,
|
||||
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
|
||||
@@ -207,10 +207,10 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function updateArticle() {
|
||||
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
|
||||
$mode = (int) db_escape_string($_REQUEST["mode"]);
|
||||
$data = db_escape_string($_REQUEST["data"]);
|
||||
$field_raw = (int)db_escape_string($_REQUEST["field"]);
|
||||
$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
|
||||
$mode = (int) db_escape_string($this->link, $_REQUEST["mode"]);
|
||||
$data = db_escape_string($this->link, $_REQUEST["data"]);
|
||||
$field_raw = (int)db_escape_string($this->link, $_REQUEST["field"]);
|
||||
|
||||
$field = "";
|
||||
$set_to = "";
|
||||
@@ -285,7 +285,7 @@ class API extends Handler {
|
||||
|
||||
function getArticle() {
|
||||
|
||||
$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
|
||||
$article_id = join(",", array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_id"])), is_numeric));
|
||||
|
||||
$query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
|
||||
marked,unread,published,
|
||||
@@ -348,7 +348,7 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function updateFeed() {
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
|
||||
|
||||
update_rss_feed($this->link, $feed_id, true);
|
||||
|
||||
@@ -356,8 +356,8 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function catchupFeed() {
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$is_cat = db_escape_string($_REQUEST["is_cat"]);
|
||||
$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
|
||||
$is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
|
||||
|
||||
catchup_feed($this->link, $feed_id, $is_cat);
|
||||
|
||||
@@ -365,13 +365,13 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function getPref() {
|
||||
$pref_name = db_escape_string($_REQUEST["pref_name"]);
|
||||
$pref_name = db_escape_string($this->link, $_REQUEST["pref_name"]);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, array("value" => get_pref($this->link, $pref_name)));
|
||||
}
|
||||
|
||||
function getLabels() {
|
||||
//$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
|
||||
//$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
|
||||
|
||||
$article_id = (int)$_REQUEST['article_id'];
|
||||
|
||||
@@ -409,11 +409,11 @@ class API extends Handler {
|
||||
|
||||
function setArticleLabel() {
|
||||
|
||||
$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
|
||||
$label_id = (int) db_escape_string($_REQUEST['label_id']);
|
||||
$assign = (bool) db_escape_string($_REQUEST['assign']) == "true";
|
||||
$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
|
||||
$label_id = (int) db_escape_string($this->link, $_REQUEST['label_id']);
|
||||
$assign = (bool) db_escape_string($this->link, $_REQUEST['assign']) == "true";
|
||||
|
||||
$label = db_escape_string(label_find_caption($this->link,
|
||||
$label = db_escape_string($this->link, label_find_caption($this->link,
|
||||
$label_id, $_SESSION["uid"]));
|
||||
|
||||
$num_updated = 0;
|
||||
@@ -442,9 +442,9 @@ class API extends Handler {
|
||||
}
|
||||
|
||||
function shareToPublished() {
|
||||
$title = db_escape_string(strip_tags($_REQUEST["title"]));
|
||||
$url = db_escape_string(strip_tags($_REQUEST["url"]));
|
||||
$content = db_escape_string(strip_tags($_REQUEST["content"]));
|
||||
$title = db_escape_string($this->link, strip_tags($_REQUEST["title"]));
|
||||
$url = db_escape_string($this->link, strip_tags($_REQUEST["url"]));
|
||||
$content = db_escape_string($this->link, strip_tags($_REQUEST["content"]));
|
||||
|
||||
if (Article::create_published_article($this->link, $title, $url, $content, "", $_SESSION["uid"])) {
|
||||
print $this->wrap(self::STATUS_OK, array("status" => 'OK'));
|
||||
|
||||
Reference in New Issue
Block a user