public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-16 08:15:56 +00:00
Code Issues Releases Wiki Activity

properly handle invalid regular expressions supplied when testing filters, add some additional regexp checks (closes #427)

Browse Source
This commit is contained in:
Andrew Dolgov
2012-02-21 12:36:29 +04:00
parent 7b8ff151ed
commit 56fbb82cb0
4 changed files with 136 additions and 95 deletions
Download Patch File Download Diff File Expand all files Collapse all files

107
include/functions.php
View File

@@ -4973,63 +4973,70 @@
function filter_to_sql($filter) {
$query = "";
if (DB_TYPE == "pgsql")
$reg_qpart = "~";
else
$reg_qpart = "REGEXP";
$regexp_valid = preg_match('/' . $filter['reg_exp'] . '/',
$filter['reg_exp']) !== FALSE;
switch ($filter["type"]) {
case "title":
$query = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "content":
$query = "LOWER(ttrss_entries.content) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "both":
$query = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
$filter['reg_exp'] . "') OR LOWER(" .
"ttrss_entries.content) $reg_qpart LOWER('" . $filter['reg_exp'] . "')";
break;
case "tag":
$query = "LOWER(ttrss_user_entries.tag_cache) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "link":
$query = "LOWER(ttrss_entries.link) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "date":
if ($regexp_valid) {
if ($filter["filter_param"] == "before")
$cmp_qpart = "<";
else
$cmp_qpart = ">=";
if (DB_TYPE == "pgsql")
$reg_qpart = "~";
else
$reg_qpart = "REGEXP";
$timestamp = date("Y-m-d H:N:s", strtotime($filter["reg_exp"]));
$query = "ttrss_entries.date_entered $cmp_qpart '$timestamp'";
break;
case "author":
$query = "LOWER(ttrss_entries.author) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
}
switch ($filter["type"]) {
case "title":
$query = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "content":
$query = "LOWER(ttrss_entries.content) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "both":
$query = "LOWER(ttrss_entries.title) $reg_qpart LOWER('".
$filter['reg_exp'] . "') OR LOWER(" .
"ttrss_entries.content) $reg_qpart LOWER('" . $filter['reg_exp'] . "')";
break;
case "tag":
$query = "LOWER(ttrss_user_entries.tag_cache) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "link":
$query = "LOWER(ttrss_entries.link) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
case "date":
if ($filter["inverse"])
$query = "NOT ($query)";
if ($filter["filter_param"] == "before")
$cmp_qpart = "<";
else
$cmp_qpart = ">=";
if ($query) {
if (DB_TYPE == "pgsql") {
$query = " ($query) AND ttrss_entries.date_entered > NOW() - INTERVAL '14 days'";
} else {
$query = " ($query) AND ttrss_entries.date_entered > DATE_SUB(NOW(), INTERVAL 14 DAY)";
$timestamp = date("Y-m-d H:N:s", strtotime($filter["reg_exp"]));
$query = "ttrss_entries.date_entered $cmp_qpart '$timestamp'";
break;
case "author":
$query = "LOWER(ttrss_entries.author) $reg_qpart LOWER('".
$filter['reg_exp'] . "')";
break;
}
$query .= " AND ";
if ($filter["inverse"])
$query = "NOT ($query)";
if ($query) {
if (DB_TYPE == "pgsql") {
$query = " ($query) AND ttrss_entries.date_entered > NOW() - INTERVAL '14 days'";
} else {
$query = " ($query) AND ttrss_entries.date_entered > DATE_SUB(NOW(), INTERVAL 14 DAY)";
}
$query .= " AND ";
}
return $query;
} else {
return false;
}
return $query;
}
// Status codes: