mirror of
https://git.tt-rss.org/git/tt-rss.git
synced 2026-01-21 04:35:52 +00:00
use POST parameters for frontend requests
This commit is contained in:
Andrew Dolgov
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
function handle_rpc_request($link) {
|
||||
|
||||
$subop = $_GET["subop"];
|
||||
$subop = $_REQUEST["subop"];
|
||||
|
||||
if ($subop == "setpref") {
|
||||
if (WEB_DEMO_MODE) {
|
||||
@@ -10,8 +10,8 @@
|
||||
|
||||
print "<rpc-reply>";
|
||||
|
||||
$key = db_escape_string($_GET["key"]);
|
||||
$value = db_escape_string($_GET["value"]);
|
||||
$key = db_escape_string($_REQUEST["key"]);
|
||||
$value = db_escape_string($_REQUEST["value"]);
|
||||
|
||||
set_pref($link, $key, $value);
|
||||
|
||||
@@ -23,7 +23,7 @@
|
||||
}
|
||||
|
||||
if ($subop == "getLabelCounters") {
|
||||
$aid = $_GET["aid"];
|
||||
$aid = $_REQUEST["aid"];
|
||||
print "<rpc-reply>";
|
||||
print "<counters>";
|
||||
getLabelCounters($link);
|
||||
@@ -50,7 +50,7 @@
|
||||
print "<rpc-reply>";
|
||||
print "<counters>";
|
||||
|
||||
$omode = $_GET["omode"];
|
||||
$omode = $_REQUEST["omode"];
|
||||
|
||||
getAllCounters($link, $omode);
|
||||
print "</counters>";
|
||||
@@ -61,8 +61,8 @@
|
||||
}
|
||||
|
||||
if ($subop == "mark") {
|
||||
$mark = $_GET["mark"];
|
||||
$id = db_escape_string($_GET["id"]);
|
||||
$mark = $_REQUEST["mark"];
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
if ($mark == "1") {
|
||||
$mark = "true";
|
||||
@@ -87,7 +87,7 @@
|
||||
}
|
||||
|
||||
if ($subop == "delete") {
|
||||
$ids = db_escape_string($_GET["ids"]);
|
||||
$ids = db_escape_string($_REQUEST["ids"]);
|
||||
|
||||
$result = db_query($link, "DELETE FROM ttrss_user_entries
|
||||
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
|
||||
@@ -103,7 +103,7 @@
|
||||
}
|
||||
|
||||
if ($subop == "unarchive") {
|
||||
$ids = db_escape_string($_GET["ids"]);
|
||||
$ids = db_escape_string($_REQUEST["ids"]);
|
||||
|
||||
$result = db_query($link, "UPDATE ttrss_user_entries
|
||||
SET feed_id = orig_feed_id, orig_feed_id = NULL
|
||||
@@ -120,7 +120,7 @@
|
||||
}
|
||||
|
||||
if ($subop == "archive") {
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
archive_article($link, $id, $_SESSION["uid"]);
|
||||
@@ -183,7 +183,7 @@
|
||||
}
|
||||
|
||||
if ($subop == "updateFeed") {
|
||||
$feed_id = db_escape_string($_GET["feed"]);
|
||||
$feed_id = db_escape_string($_REQUEST["feed"]);
|
||||
|
||||
$result = db_query($link,
|
||||
"SELECT feed_url FROM ttrss_feeds WHERE id = '$feed_id'
|
||||
@@ -205,7 +205,7 @@
|
||||
|
||||
if ($subop == "forceUpdateAllFeeds" || $subop == "updateAllFeeds") {
|
||||
|
||||
$global_unread_caller = sprintf("%d", $_GET["uctr"]);
|
||||
$global_unread_caller = sprintf("%d", $_REQUEST["uctr"]);
|
||||
$global_unread = getGlobalUnread($link);
|
||||
|
||||
print "<rpc-reply>";
|
||||
@@ -214,7 +214,7 @@
|
||||
|
||||
if ($global_unread_caller != $global_unread) {
|
||||
|
||||
$omode = $_GET["omode"];
|
||||
$omode = $_REQUEST["omode"];
|
||||
|
||||
if (!$omode) $omode = "tflc";
|
||||
|
||||
@@ -251,7 +251,7 @@
|
||||
|
||||
print "<rpc-reply>";
|
||||
print "<counters>";
|
||||
getAllCounters($link, $_GET["omode"]);
|
||||
getAllCounters($link, $_REQUEST["omode"]);
|
||||
print "</counters>";
|
||||
print_runtime_info($link);
|
||||
print "</rpc-reply>";
|
||||
@@ -261,14 +261,14 @@
|
||||
|
||||
if ($subop == "markSelected") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$cmode = sprintf("%d", $_GET["cmode"]);
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
$cmode = sprintf("%d", $_REQUEST["cmode"]);
|
||||
|
||||
markArticlesById($link, $ids, $cmode);
|
||||
|
||||
print "<rpc-reply>";
|
||||
print "<counters>";
|
||||
getAllCounters($link, $_GET["omode"]);
|
||||
getAllCounters($link, $_REQUEST["omode"]);
|
||||
print "</counters>";
|
||||
print_runtime_info($link);
|
||||
print "</rpc-reply>";
|
||||
@@ -278,14 +278,14 @@
|
||||
|
||||
if ($subop == "publishSelected") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$cmode = sprintf("%d", $_GET["cmode"]);
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
$cmode = sprintf("%d", $_REQUEST["cmode"]);
|
||||
|
||||
publishArticlesById($link, $ids, $cmode);
|
||||
|
||||
print "<rpc-reply>";
|
||||
print "<counters>";
|
||||
getAllCounters($link, $_GET["omode"]);
|
||||
getAllCounters($link, $_REQUEST["omode"]);
|
||||
print "</counters>";
|
||||
print_runtime_info($link);
|
||||
print "</rpc-reply>";
|
||||
@@ -301,7 +301,7 @@
|
||||
print_runtime_info($link);
|
||||
|
||||
# assign client-passed params to session
|
||||
$_SESSION["client.userAgent"] = $_GET["ua"];
|
||||
$_SESSION["client.userAgent"] = $_REQUEST["ua"];
|
||||
|
||||
}
|
||||
print "</rpc-reply>";
|
||||
@@ -320,7 +320,7 @@
|
||||
|
||||
if ($subop == "getArticleLink") {
|
||||
|
||||
$id = db_escape_string($_GET["id"]);
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
$result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
|
||||
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'");
|
||||
@@ -337,9 +337,9 @@
|
||||
|
||||
if ($subop == "setArticleTags") {
|
||||
|
||||
$id = db_escape_string($_GET["id"]);
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
$tags_str = db_escape_string($_GET["tags_str"]);
|
||||
$tags_str = db_escape_string($_REQUEST["tags_str"]);
|
||||
|
||||
$tags = array_unique(trim_array(split(",", $tags_str)));
|
||||
|
||||
@@ -426,8 +426,8 @@
|
||||
}
|
||||
|
||||
if ($subop == "purge") {
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$days = sprintf("%d", $_GET["days"]);
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
$days = sprintf("%d", $_REQUEST["days"]);
|
||||
|
||||
print "<rpc-reply>";
|
||||
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
function module_help($link) {
|
||||
|
||||
if (!$_GET["noheaders"]) {
|
||||
if (!$_REQUEST["noheaders"]) {
|
||||
print "<html><head>
|
||||
<title>".__('Help')."</title>
|
||||
<link rel=\"stylesheet\" href=\"utility.css\" type=\"text/css\">
|
||||
@@ -9,7 +9,7 @@
|
||||
</head><body>";
|
||||
}
|
||||
|
||||
$tid = sprintf("%d", $_GET["tid"]);
|
||||
$tid = sprintf("%d", $_REQUEST["tid"]);
|
||||
|
||||
if (file_exists("help/$tid.php")) {
|
||||
include("help/$tid.php");
|
||||
@@ -21,7 +21,7 @@
|
||||
onclick=\"javascript:window.close()\"
|
||||
value=\"".__('Close this window')."\"></div>";
|
||||
|
||||
if (!$_GET["noheaders"]) {
|
||||
if (!$_REQUEST["noheaders"]) {
|
||||
print "</body></html>";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
function module_popup_dialog($link) {
|
||||
$id = $_GET["id"];
|
||||
$param = db_escape_string($_GET["param"]);
|
||||
$id = $_REQUEST["id"];
|
||||
$param = db_escape_string($_REQUEST["param"]);
|
||||
|
||||
if ($id == "explainError") {
|
||||
|
||||
@@ -142,9 +142,9 @@
|
||||
|
||||
print "<form id='search_form' onsubmit='return false'>";
|
||||
|
||||
#$active_feed_id = db_escape_string($_GET["param"]);
|
||||
#$active_feed_id = db_escape_string($_REQUEST["param"]);
|
||||
|
||||
$params = split(":", db_escape_string($_GET["param"]));
|
||||
$params = split(":", db_escape_string($_REQUEST["param"]));
|
||||
|
||||
$active_feed_id = sprintf("%d", $params[0]);
|
||||
$is_cat = $params[1] == "true";
|
||||
@@ -221,7 +221,7 @@
|
||||
|
||||
if ($id == "quickAddFilter") {
|
||||
|
||||
$active_feed_id = db_escape_string($_GET["param"]);
|
||||
$active_feed_id = db_escape_string($_REQUEST["param"]);
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('Create Filter')."</div>";
|
||||
print "<div class=\"infoBoxContents\">";
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
$quiet = $_REQUEST["quiet"];
|
||||
|
||||
if ($subop == "massSubscribe") {
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
$subscribed = array();
|
||||
|
||||
@@ -64,7 +64,7 @@
|
||||
|
||||
print "<div class=\"infoBoxContents\">";
|
||||
|
||||
$browser_search = db_escape_string($_GET["search"]);
|
||||
$browser_search = db_escape_string($_REQUEST["search"]);
|
||||
|
||||
//print "<p>".__("Showing top 25 registered feeds, sorted by popularity:")."</p>";
|
||||
|
||||
@@ -726,7 +726,7 @@
|
||||
|
||||
if ($subop == "remove") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
remove_feed($link, $id, $_SESSION["uid"]);
|
||||
@@ -734,12 +734,12 @@
|
||||
}
|
||||
|
||||
if ($subop == "clear") {
|
||||
$id = db_escape_string($_GET["id"]);
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
clear_feed_articles($link, $id);
|
||||
}
|
||||
|
||||
if ($subop == "rescore") {
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
|
||||
@@ -901,9 +901,9 @@
|
||||
|
||||
if (!WEB_DEMO_MODE) {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
$cat_id = db_escape_string($_GET["cat_id"]);
|
||||
$cat_id = db_escape_string($_REQUEST["cat_id"]);
|
||||
|
||||
if ($cat_id == 0) {
|
||||
$cat_id_qpart = 'NULL';
|
||||
@@ -938,7 +938,7 @@
|
||||
if ($action == "save") {
|
||||
|
||||
$cat_title = db_escape_string(trim($_REQUEST["value"]));
|
||||
$cat_id = db_escape_string($_GET["cid"]);
|
||||
$cat_id = db_escape_string($_REQUEST["cid"]);
|
||||
|
||||
db_query($link, "BEGIN");
|
||||
|
||||
@@ -977,7 +977,7 @@
|
||||
|
||||
if (!WEB_DEMO_MODE) {
|
||||
|
||||
$feed_cat = db_escape_string(trim($_GET["cat"]));
|
||||
$feed_cat = db_escape_string(trim($_REQUEST["cat"]));
|
||||
|
||||
$result = db_query($link,
|
||||
"SELECT id FROM ttrss_feed_categories
|
||||
@@ -1000,7 +1000,7 @@
|
||||
|
||||
if ($action == "remove") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
remove_feed_category($link, $id, $_SESSION["uid"]);
|
||||
@@ -1111,9 +1111,9 @@
|
||||
__('Some feeds have update errors (click for details)')."</a>");
|
||||
}
|
||||
|
||||
$feed_search = db_escape_string($_GET["search"]);
|
||||
$feed_search = db_escape_string($_REQUEST["search"]);
|
||||
|
||||
if (array_key_exists("search", $_GET)) {
|
||||
if (array_key_exists("search", $_REQUEST)) {
|
||||
$_SESSION["prefs_feed_search"] = $feed_search;
|
||||
} else {
|
||||
$feed_search = $_SESSION["prefs_feed_search"];
|
||||
@@ -1138,7 +1138,7 @@
|
||||
onclick=\"javascript:browseFeeds()\" value=\"".__('More Feeds')."\">";
|
||||
}
|
||||
|
||||
$feeds_sort = db_escape_string($_GET["sort"]);
|
||||
$feeds_sort = db_escape_string($_REQUEST["sort"]);
|
||||
|
||||
if (!$feeds_sort || $feeds_sort == "undefined") {
|
||||
$feeds_sort = $_SESSION["pref_sort_feeds"];
|
||||
@@ -1171,7 +1171,7 @@
|
||||
$show_last_article_checked = "";
|
||||
$show_last_article_qpart = "";
|
||||
|
||||
if ($_GET["slat"] == "true") {
|
||||
if ($_REQUEST["slat"] == "true") {
|
||||
$show_last_article_info = true;
|
||||
$show_last_article_checked = "checked";
|
||||
$show_last_article_qpart = ", (SELECT ".SUBSTRING_FOR_DATE."(MAX(updated),1,16) FROM ttrss_user_entries,
|
||||
|
||||
@@ -1,11 +1,11 @@
|
||||
<?php
|
||||
function module_pref_filters($link) {
|
||||
$subop = $_GET["subop"];
|
||||
$quiet = $_GET["quiet"];
|
||||
$subop = $_REQUEST["subop"];
|
||||
$quiet = $_REQUEST["quiet"];
|
||||
|
||||
if ($subop == "edit") {
|
||||
|
||||
$filter_id = db_escape_string($_GET["id"]);
|
||||
$filter_id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
$result = db_query($link,
|
||||
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
|
||||
@@ -173,18 +173,18 @@
|
||||
|
||||
if ($subop == "editSave") {
|
||||
|
||||
$reg_exp = db_escape_string(trim($_GET["reg_exp"]));
|
||||
$filter_type = db_escape_string(trim($_GET["filter_type"]));
|
||||
$filter_id = db_escape_string($_GET["id"]);
|
||||
$feed_id = db_escape_string($_GET["feed_id"]);
|
||||
$action_id = db_escape_string($_GET["action_id"]);
|
||||
$action_param = db_escape_string($_GET["action_param"]);
|
||||
$action_param_label = db_escape_string($_GET["action_param_label"]);
|
||||
$enabled = checkbox_to_sql_bool(db_escape_string($_GET["enabled"]));
|
||||
$inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"]));
|
||||
$reg_exp = db_escape_string(trim($_REQUEST["reg_exp"]));
|
||||
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
|
||||
$filter_id = db_escape_string($_REQUEST["id"]);
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$action_id = db_escape_string($_REQUEST["action_id"]);
|
||||
$action_param = db_escape_string($_REQUEST["action_param"]);
|
||||
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
|
||||
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
|
||||
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
|
||||
|
||||
# for the time being, no other filters use params anyway...
|
||||
$filter_param = db_escape_string($_GET["filter_date_modifier"]);
|
||||
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
|
||||
|
||||
if (!$feed_id) {
|
||||
$feed_id = 'NULL';
|
||||
@@ -218,7 +218,7 @@
|
||||
|
||||
if ($subop == "remove") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
|
||||
@@ -227,16 +227,16 @@
|
||||
|
||||
if ($subop == "add") {
|
||||
|
||||
$regexp = db_escape_string(trim($_GET["reg_exp"]));
|
||||
$filter_type = db_escape_string(trim($_GET["filter_type"]));
|
||||
$feed_id = db_escape_string($_GET["feed_id"]);
|
||||
$action_id = db_escape_string($_GET["action_id"]);
|
||||
$action_param = db_escape_string($_GET["action_param"]);
|
||||
$action_param_label = db_escape_string($_GET["action_param_label"]);
|
||||
$inverse = checkbox_to_sql_bool(db_escape_string($_GET["inverse"]));
|
||||
$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
|
||||
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
|
||||
$feed_id = db_escape_string($_REQUEST["feed_id"]);
|
||||
$action_id = db_escape_string($_REQUEST["action_id"]);
|
||||
$action_param = db_escape_string($_REQUEST["action_param"]);
|
||||
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
|
||||
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
|
||||
|
||||
# for the time being, no other filters use params anyway...
|
||||
$filter_param = db_escape_string($_GET["filter_date_modifier"]);
|
||||
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
|
||||
|
||||
if (!$regexp) return;
|
||||
|
||||
@@ -271,7 +271,7 @@
|
||||
|
||||
set_pref($link, "_PREFS_ACTIVE_TAB", "filterConfig");
|
||||
|
||||
$sort = db_escape_string($_GET["sort"]);
|
||||
$sort = db_escape_string($_REQUEST["sort"]);
|
||||
|
||||
if (!$sort || $sort == "undefined") {
|
||||
$sort = "reg_exp";
|
||||
@@ -290,9 +290,9 @@
|
||||
}
|
||||
|
||||
|
||||
$filter_search = db_escape_string($_GET["search"]);
|
||||
$filter_search = db_escape_string($_REQUEST["search"]);
|
||||
|
||||
if (array_key_exists("search", $_GET)) {
|
||||
if (array_key_exists("search", $_REQUEST)) {
|
||||
$_SESSION["prefs_filter_search"] = $filter_search;
|
||||
} else {
|
||||
$filter_search = $_SESSION["prefs_filter_search"];
|
||||
@@ -388,7 +388,7 @@
|
||||
$class = ($lnum % 2) ? "even" : "odd";
|
||||
|
||||
$filter_id = $line["id"];
|
||||
$edit_filter_id = $_GET["id"];
|
||||
$edit_filter_id = $_REQUEST["id"];
|
||||
|
||||
$enabled = sql_bool_to_bool($line["enabled"]);
|
||||
$inverse = sql_bool_to_bool($line["inverse"]);
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
<?php
|
||||
function module_pref_labels($link) {
|
||||
|
||||
$subop = $_GET["subop"];
|
||||
$subop = $_REQUEST["subop"];
|
||||
|
||||
if ($subop == "color-set") {
|
||||
$kind = db_escape_string($_REQUEST["kind"]);
|
||||
@@ -84,7 +84,7 @@
|
||||
|
||||
if ($subop == "remove") {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
label_remove($link, $id, $_SESSION["uid"]);
|
||||
@@ -94,7 +94,7 @@
|
||||
|
||||
if ($subop == "add") {
|
||||
|
||||
$caption = db_escape_string($_GET["caption"]);
|
||||
$caption = db_escape_string($_REQUEST["caption"]);
|
||||
|
||||
if ($caption) {
|
||||
|
||||
@@ -109,15 +109,15 @@
|
||||
|
||||
set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
|
||||
|
||||
$sort = db_escape_string($_GET["sort"]);
|
||||
$sort = db_escape_string($_REQUEST["sort"]);
|
||||
|
||||
if (!$sort || $sort == "undefined") {
|
||||
$sort = "caption";
|
||||
}
|
||||
|
||||
$label_search = db_escape_string($_GET["search"]);
|
||||
$label_search = db_escape_string($_REQUEST["search"]);
|
||||
|
||||
if (array_key_exists("search", $_GET)) {
|
||||
if (array_key_exists("search", $_REQUEST)) {
|
||||
$_SESSION["prefs_label_search"] = $label_search;
|
||||
} else {
|
||||
$label_search = $_SESSION["prefs_label_search"];
|
||||
|
||||
@@ -120,7 +120,7 @@
|
||||
|
||||
} else if ($subop == "getHelp") {
|
||||
|
||||
$pref_name = db_escape_string($_GET["pn"]);
|
||||
$pref_name = db_escape_string($_REQUEST["pn"]);
|
||||
|
||||
$result = db_query($link, "SELECT help_text FROM ttrss_prefs
|
||||
WHERE pref_name = '$pref_name'");
|
||||
|
||||
@@ -12,7 +12,7 @@
|
||||
|
||||
if ($subop == "user-details") {
|
||||
|
||||
$uid = sprintf("%d", $_GET["id"]);
|
||||
$uid = sprintf("%d", $_REQUEST["id"]);
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('User details')."</div>";
|
||||
|
||||
@@ -103,7 +103,7 @@
|
||||
|
||||
if ($subop == "edit") {
|
||||
|
||||
$id = db_escape_string($_GET["id"]);
|
||||
$id = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
print "<div id=\"infoBoxTitle\">".__('User Editor')."</div>";
|
||||
|
||||
@@ -213,7 +213,7 @@
|
||||
|
||||
if ($_SESSION["access_level"] >= 10) {
|
||||
|
||||
$ids = split(",", db_escape_string($_GET["ids"]));
|
||||
$ids = split(",", db_escape_string($_REQUEST["ids"]));
|
||||
|
||||
foreach ($ids as $id) {
|
||||
if ($id != $_SESSION["uid"]) {
|
||||
@@ -227,7 +227,7 @@
|
||||
|
||||
if ($_SESSION["access_level"] >= 10) {
|
||||
|
||||
$login = db_escape_string(trim($_GET["login"]));
|
||||
$login = db_escape_string(trim($_REQUEST["login"]));
|
||||
$tmp_user_pwd = make_password(8);
|
||||
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
|
||||
|
||||
@@ -266,7 +266,7 @@
|
||||
|
||||
if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) {
|
||||
|
||||
$uid = db_escape_string($_GET["id"]);
|
||||
$uid = db_escape_string($_REQUEST["id"]);
|
||||
|
||||
$result = db_query($link, "SELECT login,email
|
||||
FROM ttrss_users WHERE id = '$uid'");
|
||||
@@ -346,9 +346,9 @@
|
||||
|
||||
set_pref($link, "_PREFS_ACTIVE_TAB", "userConfig");
|
||||
|
||||
$user_search = db_escape_string($_GET["search"]);
|
||||
$user_search = db_escape_string($_REQUEST["search"]);
|
||||
|
||||
if (array_key_exists("search", $_GET)) {
|
||||
if (array_key_exists("search", $_REQUEST)) {
|
||||
$_SESSION["prefs_user_search"] = $user_search;
|
||||
} else {
|
||||
$user_search = $_SESSION["prefs_user_search"];
|
||||
@@ -363,7 +363,7 @@
|
||||
onclick=\"javascript:updateUsersList()\" value=\"".__('Search')."\">
|
||||
</div>";
|
||||
|
||||
$sort = db_escape_string($_GET["sort"]);
|
||||
$sort = db_escape_string($_REQUEST["sort"]);
|
||||
|
||||
if (!$sort || $sort == "undefined") {
|
||||
$sort = "login";
|
||||
@@ -427,7 +427,7 @@
|
||||
$class = ($lnum % 2) ? "even" : "odd";
|
||||
|
||||
$uid = $line["id"];
|
||||
$edit_uid = $_GET["id"];
|
||||
$edit_uid = $_REQUEST["id"];
|
||||
|
||||
if ($subop == "edit" && $uid != $edit_uid) {
|
||||
$class .= "Grayed";
|
||||
|
||||
Reference in New Issue
Block a user