public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 19:05:55 +00:00
Code Issues Releases Wiki Activity

classes: use OO DB interface

Browse Source
This commit is contained in:
Andrew Dolgov
2013-04-17 20:12:14 +04:00
parent b4b45b4534
commit d9c85e0f11
17 changed files with 707 additions and 707 deletions
Download Patch File Download Diff File Expand all files Collapse all files

252
classes/pref/feeds.php
View File

@@ -15,11 +15,11 @@ class Pref_Feeds extends Handler_Protected {
}
function renamecat() {
$title = db_escape_string($_REQUEST['title']);
$id = db_escape_string($_REQUEST['id']);
$title = $this->dbh->escape_string($_REQUEST['title']);
$id = $this->dbh->escape_string($_REQUEST['id']);
if ($title) {
db_query("UPDATE ttrss_feed_categories SET
$this->dbh->query("UPDATE ttrss_feed_categories SET
title = '$title' WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
}
return;
@@ -41,10 +41,10 @@ class Pref_Feeds extends Handler_Protected {
$items = array();
$result = db_query("SELECT id, title FROM ttrss_feed_categories
$result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat = '$cat_id' ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
@@ -65,13 +65,13 @@ class Pref_Feeds extends Handler_Protected {
}
$feed_result = db_query("SELECT id, title, last_error,
$feed_result = $this->dbh->query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE cat_id = '$cat_id' AND owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) {
while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -154,10 +154,10 @@ class Pref_Feeds extends Handler_Protected {
$root['items'] = array_merge($root['items'], $cat['items']);
}
$result = db_query("SELECT * FROM
$result = $this->dbh->query("SELECT * FROM
ttrss_labels2 WHERE owner_uid = ".$_SESSION['uid']." ORDER by caption");
if (db_num_rows($result) > 0) {
if ($this->dbh->num_rows($result) > 0) {
if (get_pref('ENABLE_FEED_CATS')) {
$cat = $this->feedlist_init_cat(-2);
@@ -165,7 +165,7 @@ class Pref_Feeds extends Handler_Protected {
$cat['items'] = array();
}
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$label_id = label_to_feed_id($line['id']);
@@ -190,10 +190,10 @@ class Pref_Feeds extends Handler_Protected {
($_REQUEST['mode'] != 2 && !$search &&
get_pref('_PREFS_SHOW_EMPTY_CATS'));
$result = db_query("SELECT id, title FROM ttrss_feed_categories
$result = $this->dbh->query("SELECT id, title FROM ttrss_feed_categories
WHERE owner_uid = " . $_SESSION["uid"] . " AND parent_cat IS NULL ORDER BY order_id, title");
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$cat = array();
$cat['id'] = 'CAT:' . $line['id'];
$cat['bare_id'] = (int)$line['id'];
@@ -226,13 +226,13 @@ class Pref_Feeds extends Handler_Protected {
$cat['unread'] = 0;
$cat['child_unread'] = 0;
$feed_result = db_query("SELECT id, title,last_error,
$feed_result = $this->dbh->query("SELECT id, title,last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE cat_id IS NULL AND owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) {
while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -257,13 +257,13 @@ class Pref_Feeds extends Handler_Protected {
$root['param'] = vsprintf(_ngettext('(%d feed)', '(%d feeds)', count($cat['items'])), count($cat['items']));
} else {
$feed_result = db_query("SELECT id, title, last_error,
$feed_result = $this->dbh->query("SELECT id, title, last_error,
".SUBSTRING_FOR_DATE."(last_updated,1,19) AS last_updated
FROM ttrss_feeds
WHERE owner_uid = ".$_SESSION["uid"].
"$search_qpart ORDER BY order_id, title");
while ($feed_line = db_fetch_assoc($feed_result)) {
while ($feed_line = $this->dbh->fetch_assoc($feed_result)) {
$feed = array();
$feed['id'] = 'FEED:' . $feed_line['id'];
$feed['bare_id'] = (int)$feed_line['id'];
@@ -296,13 +296,13 @@ class Pref_Feeds extends Handler_Protected {
}
function catsortreset() {
db_query("UPDATE ttrss_feed_categories
$this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
function feedsortreset() {
db_query("UPDATE ttrss_feeds
$this->dbh->query("UPDATE ttrss_feeds
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
@@ -326,12 +326,12 @@ class Pref_Feeds extends Handler_Protected {
if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') {
$parent_bare_id = substr($parent_id, strpos($parent_id, ':')+1);
$parent_qpart = db_escape_string($parent_bare_id);
$parent_qpart = $this->dbh->escape_string($parent_bare_id);
} else {
$parent_qpart = 'NULL';
}
db_query("UPDATE ttrss_feed_categories
$this->dbh->query("UPDATE ttrss_feed_categories
SET parent_cat = $parent_qpart WHERE id = '$bare_item_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@@ -352,12 +352,12 @@ class Pref_Feeds extends Handler_Protected {
if (strpos($id, "FEED") === 0) {
$cat_id = ($item_id != "root") ?
db_escape_string($bare_item_id) : "NULL";
$this->dbh->escape_string($bare_item_id) : "NULL";
$cat_qpart = ($cat_id != 0) ? "cat_id = '$cat_id'" :
"cat_id = NULL";
db_query("UPDATE ttrss_feeds
$this->dbh->query("UPDATE ttrss_feeds
SET order_id = $order_id, $cat_qpart
WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
@@ -367,12 +367,12 @@ class Pref_Feeds extends Handler_Protected {
$nest_level+1);
if ($item_id != 'root') {
$parent_qpart = db_escape_string($bare_id);
$parent_qpart = $this->dbh->escape_string($bare_id);
} else {
$parent_qpart = 'NULL';
}
db_query("UPDATE ttrss_feed_categories
$this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = '$order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@@ -424,7 +424,7 @@ class Pref_Feeds extends Handler_Protected {
++$cat_order_id;
if ($bare_id > 0) {
db_query("UPDATE ttrss_feed_categories
$this->dbh->query("UPDATE ttrss_feed_categories
SET order_id = '$cat_order_id' WHERE id = '$bare_id' AND
owner_uid = " . $_SESSION["uid"]);
}
@@ -441,7 +441,7 @@ class Pref_Feeds extends Handler_Protected {
else
$cat_query = "cat_id = NULL";
db_query("UPDATE ttrss_feeds
$this->dbh->query("UPDATE ttrss_feeds
SET order_id = '$feed_order_id',
$cat_query
WHERE id = '$feed_id' AND
@@ -457,15 +457,15 @@ class Pref_Feeds extends Handler_Protected {
}
function removeicon() {
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
$result = db_query("SELECT id FROM ttrss_feeds
$result = $this->dbh->query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
if ($this->dbh->num_rows($result) != 0) {
@unlink(ICONS_DIR . "/$feed_id.ico");
db_query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
$this->dbh->query("UPDATE ttrss_feeds SET favicon_avg_color = NULL
where id = '$feed_id'");
}
@@ -491,24 +491,24 @@ class Pref_Feeds extends Handler_Protected {
}
$icon_file = $tmp_file;
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$feed_id = $this->dbh->escape_string($_REQUEST["feed_id"]);
if (is_file($icon_file) && $feed_id) {
if (filesize($icon_file) < 20000) {
$result = db_query("SELECT id FROM ttrss_feeds
$result = $this->dbh->query("SELECT id FROM ttrss_feeds
WHERE id = '$feed_id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
if ($this->dbh->num_rows($result) != 0) {
@unlink(ICONS_DIR . "/$feed_id.ico");
if (rename($icon_file, ICONS_DIR . "/$feed_id.ico")) {
require_once "colors.php";
$favicon_color = db_escape_string(
$favicon_color = $this->dbh->escape_string(
calculate_avg_color(ICONS_DIR . "/$feed_id.ico"));
db_query("UPDATE ttrss_feeds SET
$this->dbh->query("UPDATE ttrss_feeds SET
favicon_avg_color = '$favicon_color'
WHERE id = '$feed_id'");
@@ -536,16 +536,16 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
$feed_id = db_escape_string($_REQUEST["id"]);
$feed_id = $this->dbh->escape_string($_REQUEST["id"]);
$result = db_query(
$result = $this->dbh->query(
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
owner_uid = " . $_SESSION["uid"]);
$auth_pass_encrypted = sql_bool_to_bool(db_fetch_result($result, 0,
$auth_pass_encrypted = sql_bool_to_bool($this->dbh->fetch_result($result, 0,
"auth_pass_encrypted"));
$title = htmlspecialchars(db_fetch_result($result,
$title = htmlspecialchars($this->dbh->fetch_result($result,
0, "title"));
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$feed_id\">";
@@ -563,8 +563,8 @@ class Pref_Feeds extends Handler_Protected {
/* Feed URL */
$feed_url = db_fetch_result($result, 0, "feed_url");
$feed_url = htmlspecialchars(db_fetch_result($result,
$feed_url = $this->dbh->fetch_result($result, 0, "feed_url");
$feed_url = htmlspecialchars($this->dbh->fetch_result($result,
0, "feed_url"));
print "<hr/>";
@@ -575,7 +575,7 @@ class Pref_Feeds extends Handler_Protected {
regExp='^(http|https)://.*' style=\"width : 20em\"
name=\"feed_url\" value=\"$feed_url\">";
$last_error = db_fetch_result($result, 0, "last_error");
$last_error = $this->dbh->fetch_result($result, 0, "last_error");
if ($last_error) {
print "&nbsp;<span title=\"".htmlspecialchars($last_error)."\"
@@ -587,7 +587,7 @@ class Pref_Feeds extends Handler_Protected {
if (get_pref('ENABLE_FEED_CATS')) {
$cat_id = db_fetch_result($result, 0, "cat_id");
$cat_id = $this->dbh->fetch_result($result, 0, "cat_id");
print "<hr/>";
@@ -604,14 +604,14 @@ class Pref_Feeds extends Handler_Protected {
/* Update Interval */
$update_interval = db_fetch_result($result, 0, "update_interval");
$update_interval = $this->dbh->fetch_result($result, 0, "update_interval");
print_select_hash("update_interval", $update_interval, $update_intervals,
'dojoType="dijit.form.Select"');
/* Purge intl */
$purge_interval = db_fetch_result($result, 0, "purge_interval");
$purge_interval = $this->dbh->fetch_result($result, 0, "purge_interval");
print "<hr/>";
print __('Article purging:') . " ";
@@ -624,13 +624,13 @@ class Pref_Feeds extends Handler_Protected {
print "<div class=\"dlgSec\">".__("Authentication")."</div>";
print "<div class=\"dlgSecCont\">";
$auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login"));
$auth_login = htmlspecialchars($this->dbh->fetch_result($result, 0, "auth_login"));
print "<input dojoType=\"dijit.form.TextBox\" id=\"feedEditDlg_login\"
placeHolder=\"".__("Login")."\"
name=\"auth_login\" value=\"$auth_login\"><hr/>";
$auth_pass = db_fetch_result($result, 0, "auth_pass");
$auth_pass = $this->dbh->fetch_result($result, 0, "auth_pass");
if ($auth_pass_encrypted) {
require_once "crypt.php";
@@ -651,7 +651,7 @@ class Pref_Feeds extends Handler_Protected {
print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">";
$private = sql_bool_to_bool(db_fetch_result($result, 0, "private"));
$private = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "private"));
if ($private) {
$checked = "checked=\"1\"";
@@ -662,7 +662,7 @@ class Pref_Feeds extends Handler_Protected {
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"private\" id=\"private\"
$checked>&nbsp;<label for=\"private\">".__('Hide from Popular feeds')."</label>";
$include_in_digest = sql_bool_to_bool(db_fetch_result($result, 0, "include_in_digest"));
$include_in_digest = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "include_in_digest"));
if ($include_in_digest) {
$checked = "checked=\"1\"";
@@ -675,7 +675,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"include_in_digest\">".__('Include in e-mail digest')."</label>";
$always_display_enclosures = sql_bool_to_bool(db_fetch_result($result, 0, "always_display_enclosures"));
$always_display_enclosures = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "always_display_enclosures"));
if ($always_display_enclosures) {
$checked = "checked";
@@ -687,7 +687,7 @@ class Pref_Feeds extends Handler_Protected {
name=\"always_display_enclosures\"
$checked>&nbsp;<label for=\"always_display_enclosures\">".__('Always display image attachments')."</label>";
$hide_images = sql_bool_to_bool(db_fetch_result($result, 0, "hide_images"));
$hide_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "hide_images"));
if ($hide_images) {
$checked = "checked=\"1\"";
@@ -700,7 +700,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"hide_images\">".
__('Do not embed images')."</label>";
$cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images"));
$cache_images = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "cache_images"));
if ($cache_images) {
$checked = "checked=\"1\"";
@@ -713,7 +713,7 @@ class Pref_Feeds extends Handler_Protected {
$checked>&nbsp;<label for=\"cache_images\">".
__('Cache images locally')."</label>";
$mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update"));
$mark_unread_on_update = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "mark_unread_on_update"));
if ($mark_unread_on_update) {
$checked = "checked";
@@ -758,7 +758,7 @@ class Pref_Feeds extends Handler_Protected {
__('Unsubscribe')."</button>";
if (PUBSUBHUBBUB_ENABLED) {
$pubsub_state = db_fetch_result($result, 0, "pubsub_state");
$pubsub_state = $this->dbh->fetch_result($result, 0, "pubsub_state");
$pubsub_btn_disabled = ($pubsub_state == 2) ? "" : "disabled=\"1\"";
print "<button dojoType=\"dijit.form.Button\" id=\"pubsubReset_Btn\" $pubsub_btn_disabled
@@ -782,7 +782,7 @@ class Pref_Feeds extends Handler_Protected {
global $purge_intervals;
global $update_intervals;
$feed_ids = db_escape_string($_REQUEST["ids"]);
$feed_ids = $this->dbh->escape_string($_REQUEST["ids"]);
print_notice("Enable the options you wish to apply using checkboxes on the right:");
@@ -938,27 +938,27 @@ class Pref_Feeds extends Handler_Protected {
function editsaveops($batch) {
$feed_title = db_escape_string(trim($_POST["title"]));
$feed_link = db_escape_string(trim($_POST["feed_url"]));
$upd_intl = (int) db_escape_string($_POST["update_interval"]);
$purge_intl = (int) db_escape_string($_POST["purge_interval"]);
$feed_id = (int) db_escape_string($_POST["id"]); /* editSave */
$feed_ids = db_escape_string($_POST["ids"]); /* batchEditSave */
$cat_id = (int) db_escape_string($_POST["cat_id"]);
$auth_login = db_escape_string(trim($_POST["auth_login"]));
$feed_title = $this->dbh->escape_string(trim($_POST["title"]));
$feed_link = $this->dbh->escape_string(trim($_POST["feed_url"]));
$upd_intl = (int) $this->dbh->escape_string($_POST["update_interval"]);
$purge_intl = (int) $this->dbh->escape_string($_POST["purge_interval"]);
$feed_id = (int) $this->dbh->escape_string($_POST["id"]); /* editSave */
$feed_ids = $this->dbh->escape_string($_POST["ids"]); /* batchEditSave */
$cat_id = (int) $this->dbh->escape_string($_POST["cat_id"]);
$auth_login = $this->dbh->escape_string(trim($_POST["auth_login"]));
$auth_pass = trim($_POST["auth_pass"]);
$private = checkbox_to_sql_bool(db_escape_string($_POST["private"]));
$private = checkbox_to_sql_bool($this->dbh->escape_string($_POST["private"]));
$include_in_digest = checkbox_to_sql_bool(
db_escape_string($_POST["include_in_digest"]));
$this->dbh->escape_string($_POST["include_in_digest"]));
$cache_images = checkbox_to_sql_bool(
db_escape_string($_POST["cache_images"]));
$this->dbh->escape_string($_POST["cache_images"]));
$hide_images = checkbox_to_sql_bool(
db_escape_string($_POST["hide_images"]));
$this->dbh->escape_string($_POST["hide_images"]));
$always_display_enclosures = checkbox_to_sql_bool(
db_escape_string($_POST["always_display_enclosures"]));
$this->dbh->escape_string($_POST["always_display_enclosures"]));
$mark_unread_on_update = checkbox_to_sql_bool(
db_escape_string($_POST["mark_unread_on_update"]));
$this->dbh->escape_string($_POST["mark_unread_on_update"]));
if (strlen(FEED_CRYPT_KEY) > 0) {
require_once "crypt.php";
@@ -968,7 +968,7 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false';
}
$auth_pass = db_escape_string($auth_pass);
$auth_pass = $this->dbh->escape_string($auth_pass);
if (get_pref('ENABLE_FEED_CATS')) {
if ($cat_id && $cat_id != 0) {
@@ -985,7 +985,7 @@ class Pref_Feeds extends Handler_Protected {
if (!$batch) {
$result = db_query("UPDATE ttrss_feeds SET
$result = $this->dbh->query("UPDATE ttrss_feeds SET
$category_qpart
title = '$feed_title', feed_url = '$feed_link',
update_interval = '$upd_intl',
@@ -1010,7 +1010,7 @@ class Pref_Feeds extends Handler_Protected {
}
}
db_query("BEGIN");
$this->dbh->query("BEGIN");
foreach (array_keys($feed_data) as $k) {
@@ -1073,23 +1073,23 @@ class Pref_Feeds extends Handler_Protected {
}
if ($qpart) {
db_query(
$this->dbh->query(
"UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids)
AND owner_uid = " . $_SESSION["uid"]);
print "<br/>";
}
}
db_query("COMMIT");
$this->dbh->query("COMMIT");
}
return;
}
function resetPubSub() {
$ids = db_escape_string($_REQUEST["ids"]);
$ids = $this->dbh->escape_string($_REQUEST["ids"]);
db_query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
$this->dbh->query("UPDATE ttrss_feeds SET pubsub_state = 0 WHERE id IN ($ids)
AND owner_uid = " . $_SESSION["uid"]);
return;
@@ -1097,7 +1097,7 @@ class Pref_Feeds extends Handler_Protected {
function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
Pref_Feeds::remove_feed($id, $_SESSION["uid"]);
@@ -1107,20 +1107,20 @@ class Pref_Feeds extends Handler_Protected {
}
function clear() {
$id = db_escape_string($_REQUEST["id"]);
$id = $this->dbh->escape_string($_REQUEST["id"]);
$this->clear_feed_articles($id);
}
function rescore() {
require_once "rssfuncs.php";
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$filters = load_filters($id, $_SESSION["uid"], 6);
$result = db_query("SELECT
$result = $this->dbh->query("SELECT
title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM
@@ -1131,7 +1131,7 @@ class Pref_Feeds extends Handler_Protected {
$scores = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$tags = get_article_tags($line["ref_id"]);
@@ -1148,15 +1148,15 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) {
if ($s > 1000) {
db_query("UPDATE ttrss_user_entries SET score = '$s',
$this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else if ($s < -500) {
db_query("UPDATE ttrss_user_entries SET score = '$s',
$this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
unread = false WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else {
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE
$this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
}
}
@@ -1168,16 +1168,16 @@ class Pref_Feeds extends Handler_Protected {
function rescoreAll() {
$result = db_query(
$result = $this->dbh->query(
"SELECT id FROM ttrss_feeds WHERE owner_uid = " . $_SESSION['uid']);
while ($feed_line = db_fetch_assoc($result)) {
while ($feed_line = $this->dbh->fetch_assoc($result)) {
$id = $feed_line["id"];
$filters = load_filters($id, $_SESSION["uid"], 6);
$tmp_result = db_query("SELECT
$tmp_result = $this->dbh->query("SELECT
title, content, link, ref_id, author,".
SUBSTRING_FOR_DATE."(updated, 1, 19) AS updated
FROM
@@ -1188,7 +1188,7 @@ class Pref_Feeds extends Handler_Protected {
$scores = array();
while ($line = db_fetch_assoc($tmp_result)) {
while ($line = $this->dbh->fetch_assoc($tmp_result)) {
$tags = get_article_tags($line["ref_id"]);
@@ -1205,11 +1205,11 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($scores) as $s) {
if ($s > 1000) {
db_query("UPDATE ttrss_user_entries SET score = '$s',
$this->dbh->query("UPDATE ttrss_user_entries SET score = '$s',
marked = true WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
} else {
db_query("UPDATE ttrss_user_entries SET score = '$s' WHERE
$this->dbh->query("UPDATE ttrss_user_entries SET score = '$s' WHERE
ref_id IN (" . join(',', $scores[$s]) . ")");
}
}
@@ -1220,9 +1220,9 @@ class Pref_Feeds extends Handler_Protected {
}
function categorize() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$cat_id = db_escape_string($_REQUEST["cat_id"]);
$cat_id = $this->dbh->escape_string($_REQUEST["cat_id"]);
if ($cat_id == 0) {
$cat_id_qpart = 'NULL';
@@ -1230,28 +1230,28 @@ class Pref_Feeds extends Handler_Protected {
$cat_id_qpart = "'$cat_id'";
}
db_query("BEGIN");
$this->dbh->query("BEGIN");
foreach ($ids as $id) {
db_query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
$this->dbh->query("UPDATE ttrss_feeds SET cat_id = $cat_id_qpart
WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
db_query("COMMIT");
$this->dbh->query("COMMIT");
}
function removeCat() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$this->remove_feed_category($id, $_SESSION["uid"]);
}
}
function addCat() {
$feed_cat = db_escape_string(trim($_REQUEST["cat"]));
$feed_cat = $this->dbh->escape_string(trim($_REQUEST["cat"]));
add_feed_category($feed_cat);
}
@@ -1261,10 +1261,10 @@ class Pref_Feeds extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div id=\"pref-feeds-feeds\" dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Feeds')."\">";
$result = db_query("SELECT COUNT(id) AS num_errors
$result = $this->dbh->query("SELECT COUNT(id) AS num_errors
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
$num_errors = db_fetch_result($result, 0, "num_errors");
$num_errors = $this->dbh->fetch_result($result, 0, "num_errors");
if ($num_errors > 0) {
@@ -1279,13 +1279,13 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
$result = db_query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
$result = $this->dbh->query("SELECT COUNT(*) AS num_inactive FROM ttrss_feeds WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
ttrss_entries.id = ref_id AND
ttrss_user_entries.feed_id = ttrss_feeds.id) < $interval_qpart AND
ttrss_feeds.owner_uid = ".$_SESSION["uid"]);
$num_inactive = db_fetch_result($result, 0, "num_inactive");
$num_inactive = $this->dbh->fetch_result($result, 0, "num_inactive");
if ($num_inactive > 0) {
$inactive_button = "<button dojoType=\"dijit.form.Button\"
@@ -1293,7 +1293,7 @@ class Pref_Feeds extends Handler_Protected {
__("Inactive feeds") . "</button>";
}
$feed_search = db_escape_string($_REQUEST["search"]);
$feed_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_feed_search"] = $feed_search;
@@ -1567,7 +1567,7 @@ class Pref_Feeds extends Handler_Protected {
$interval_qpart = "DATE_SUB(NOW(), INTERVAL 3 MONTH)";
}
$result = db_query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
$result = $this->dbh->query("SELECT ttrss_feeds.title, ttrss_feeds.site_url,
ttrss_feeds.feed_url, ttrss_feeds.id, MAX(updated) AS last_article
FROM ttrss_feeds, ttrss_entries, ttrss_user_entries WHERE
(SELECT MAX(updated) FROM ttrss_entries, ttrss_user_entries WHERE
@@ -1598,7 +1598,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1;
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
$feed_id = $line["id"];
@@ -1648,7 +1648,7 @@ class Pref_Feeds extends Handler_Protected {
print "<h2>" . __("These feeds have not been updated because of errors:") .
"</h2>";
$result = db_query("SELECT id,title,feed_url,last_error,site_url
$result = $this->dbh->query("SELECT id,title,feed_url,last_error,site_url
FROM ttrss_feeds WHERE last_error != '' AND owner_uid = ".$_SESSION["uid"]);
print "<div dojoType=\"dijit.Toolbar\">";
@@ -1668,7 +1668,7 @@ class Pref_Feeds extends Handler_Protected {
$lnum = 1;
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
$feed_id = $line["id"];
@@ -1725,14 +1725,14 @@ class Pref_Feeds extends Handler_Protected {
private function clear_feed_articles($id) {
if ($id != 0) {
$result = db_query("DELETE FROM ttrss_user_entries
$result = $this->dbh->query("DELETE FROM ttrss_user_entries
WHERE feed_id = '$id' AND marked = false AND owner_uid = " . $_SESSION["uid"]);
} else {
$result = db_query("DELETE FROM ttrss_user_entries
$result = $this->dbh->query("DELETE FROM ttrss_user_entries
WHERE feed_id IS NULL AND marked = false AND owner_uid = " . $_SESSION["uid"]);
}
$result = db_query("DELETE FROM ttrss_entries WHERE
$result = $this->dbh->query("DELETE FROM ttrss_entries WHERE
(SELECT COUNT(int_id) FROM ttrss_user_entries WHERE ref_id = id) = 0");
ccache_update($id, $_SESSION['uid']);
@@ -1740,7 +1740,7 @@ class Pref_Feeds extends Handler_Protected {
private function remove_feed_category($id, $owner_uid) {
db_query("DELETE FROM ttrss_feed_categories
$this->dbh->query("DELETE FROM ttrss_feed_categories
WHERE id = '$id' AND owner_uid = $owner_uid");
ccache_remove($id, $owner_uid, true);
@@ -1855,17 +1855,17 @@ class Pref_Feeds extends Handler_Protected {
}
function batchAddFeeds() {
$cat_id = db_escape_string($_REQUEST['cat']);
$cat_id = $this->dbh->escape_string($_REQUEST['cat']);
$feeds = explode("\n", $_REQUEST['feeds']);
$login = db_escape_string($_REQUEST['login']);
$login = $this->dbh->escape_string($_REQUEST['login']);
$pass = trim($_REQUEST['pass']);
foreach ($feeds as $feed) {
$feed = db_escape_string(trim($feed));
$feed = $this->dbh->escape_string(trim($feed));
if (validate_feed_url($feed)) {
db_query("BEGIN");
$this->dbh->query("BEGIN");
if ($cat_id == "0" || !$cat_id) {
$cat_qpart = "NULL";
@@ -1873,7 +1873,7 @@ class Pref_Feeds extends Handler_Protected {
$cat_qpart = "'$cat_id'";
}
$result = db_query(
$result = $this->dbh->query(
"SELECT id FROM ttrss_feeds
WHERE feed_url = '$feed' AND owner_uid = ".$_SESSION["uid"]);
@@ -1885,17 +1885,17 @@ class Pref_Feeds extends Handler_Protected {
$auth_pass_encrypted = 'false';
}
$pass = db_escape_string($pass);
$pass = $this->dbh->escape_string($pass);
if (db_num_rows($result) == 0) {
$result = db_query(
if ($this->dbh->num_rows($result) == 0) {
$result = $this->dbh->query(
"INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,auth_login,auth_pass,update_method,auth_pass_encrypted)
VALUES ('".$_SESSION["uid"]."', '$feed',
'[Unknown]', $cat_qpart, '$login', '$pass', 0, $auth_pass_encrypted)");
}
db_query("COMMIT");
$this->dbh->query("COMMIT");
}
}
}
@@ -1910,8 +1910,8 @@ class Pref_Feeds extends Handler_Protected {
}
function regenFeedKey() {
$feed_id = db_escape_string($_REQUEST['id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
$feed_id = $this->dbh->escape_string($_REQUEST['id']);
$is_cat = $this->dbh->escape_string($_REQUEST['is_cat']) == "true";
$new_key = $this->update_feed_access_key($feed_id, $is_cat);
@@ -1924,14 +1924,14 @@ class Pref_Feeds extends Handler_Protected {
$sql_is_cat = bool_to_sql_bool($is_cat);
$result = db_query("SELECT access_key FROM ttrss_access_keys
$result = $this->dbh->query("SELECT access_key FROM ttrss_access_keys
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid);
if (db_num_rows($result) == 1) {
$key = db_escape_string(sha1(uniqid(rand(), true)));
if ($this->dbh->num_rows($result) == 1) {
$key = $this->dbh->escape_string(sha1(uniqid(rand(), true)));
db_query("UPDATE ttrss_access_keys SET access_key = '$key'
$this->dbh->query("UPDATE ttrss_access_keys SET access_key = '$key'
WHERE feed_id = '$feed_id' AND is_cat = $sql_is_cat
AND owner_uid = " . $owner_uid);
@@ -1944,7 +1944,7 @@ class Pref_Feeds extends Handler_Protected {
// Silent
function clearKeys() {
db_query("DELETE FROM ttrss_access_keys WHERE
$this->dbh->query("DELETE FROM ttrss_access_keys WHERE
owner_uid = " . $_SESSION["uid"]);
}

168
classes/pref/filters.php
View File

@@ -9,7 +9,7 @@ class Pref_Filters extends Handler_Protected {
}
function filtersortreset() {
db_query("UPDATE ttrss_filters2
$this->dbh->query("UPDATE ttrss_filters2
SET order_id = 0 WHERE owner_uid = " . $_SESSION["uid"]);
return;
}
@@ -31,7 +31,7 @@ class Pref_Filters extends Handler_Protected {
if ($filter_id > 0) {
db_query("UPDATE ttrss_filters2 SET
$this->dbh->query("UPDATE ttrss_filters2 SET
order_id = $index WHERE id = '$filter_id' AND
owner_uid = " .$_SESSION["uid"]);
@@ -49,16 +49,16 @@ class Pref_Filters extends Handler_Protected {
$filter["enabled"] = true;
$filter["match_any_rule"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"])));
checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"])));
$filter["inverse"] = sql_bool_to_bool(
checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])));
checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"])));
$filter["rules"] = array();
$result = db_query("SELECT id,name FROM ttrss_filter_types");
$result = $this->dbh->query("SELECT id,name FROM ttrss_filter_types");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$filter_types[$line["id"]] = $line["name"];
}
@@ -98,7 +98,7 @@ class Pref_Filters extends Handler_Protected {
print "<div class=\"filterTestHolder\">";
print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">";
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$entry_timestamp = strtotime($line["updated"]);
$entry_tags = get_article_tags($line["id"], $_SESSION["uid"]);
@@ -158,7 +158,7 @@ class Pref_Filters extends Handler_Protected {
$filter_search = $_SESSION["prefs_filter_search"];
$result = db_query("SELECT *,
$result = $this->dbh->query("SELECT *,
(SELECT action_param FROM ttrss_filters2_actions
WHERE filter_id = ttrss_filters2.id ORDER BY id LIMIT 1) AS action_param,
(SELECT action_id FROM ttrss_filters2_actions
@@ -176,7 +176,7 @@ class Pref_Filters extends Handler_Protected {
$folder = array();
$folder['items'] = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
/* if ($action_id != $line["action_id"]) {
if (count($folder['items']) > 0) {
@@ -194,10 +194,10 @@ class Pref_Filters extends Handler_Protected {
$match_ok = false;
if ($filter_search) {
$rules_result = db_query(
$rules_result = $this->dbh->query(
"SELECT reg_exp FROM ttrss_filters2_rules WHERE filter_id = ".$line["id"]);
while ($rule_line = db_fetch_assoc($rules_result)) {
while ($rule_line = $this->dbh->fetch_assoc($rules_result)) {
if (mb_strpos($rule_line['reg_exp'], $filter_search) !== false) {
$match_ok = true;
break;
@@ -206,13 +206,13 @@ class Pref_Filters extends Handler_Protected {
}
if ($line['action_id'] == 7) {
$label_result = db_query("SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".db_escape_string($line['action_param'])."' AND
$label_result = $this->dbh->query("SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".$this->dbh->escape_string($line['action_param'])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($label_result) > 0) {
$fg_color = db_fetch_result($label_result, 0, "fg_color");
$bg_color = db_fetch_result($label_result, 0, "bg_color");
if ($this->dbh->num_rows($label_result) > 0) {
$fg_color = $this->dbh->fetch_result($label_result, 0, "fg_color");
$bg_color = $this->dbh->fetch_result($label_result, 0, "bg_color");
$name[1] = "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-right : 4px'>&alpha;</span>" . $name[1];
}
@@ -248,15 +248,15 @@ class Pref_Filters extends Handler_Protected {
function edit() {
$filter_id = db_escape_string($_REQUEST["id"]);
$filter_id = $this->dbh->escape_string($_REQUEST["id"]);
$result = db_query(
$result = $this->dbh->query(
"SELECT * FROM ttrss_filters2 WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled"));
$match_any_rule = sql_bool_to_bool(db_fetch_result($result, 0, "match_any_rule"));
$inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse"));
$title = htmlspecialchars(db_fetch_result($result, 0, "title"));
$enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "enabled"));
$match_any_rule = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "match_any_rule"));
$inverse = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "inverse"));
$title = htmlspecialchars($this->dbh->fetch_result($result, 0, "title"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
@@ -294,10 +294,10 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Matches'>";
$rules_result = db_query("SELECT * FROM ttrss_filters2_rules
$rules_result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$filter_id' ORDER BY reg_exp, id");
while ($line = db_fetch_assoc($rules_result)) {
while ($line = $this->dbh->fetch_assoc($rules_result)) {
if (sql_bool_to_bool($line["cat_filter"])) {
$line["feed_id"] = "CAT:" . (int)$line["cat_id"];
}
@@ -342,10 +342,10 @@ class Pref_Filters extends Handler_Protected {
print "<ul id='filterDlg_Actions'>";
$actions_result = db_query("SELECT * FROM ttrss_filters2_actions
$actions_result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$filter_id' ORDER BY id");
while ($line = db_fetch_assoc($actions_result)) {
while ($line = $this->dbh->fetch_assoc($actions_result)) {
$line["action_param_label"] = $line["action_param"];
unset($line["filter_id"]);
@@ -427,9 +427,9 @@ class Pref_Filters extends Handler_Protected {
$feed = __("All feeds");
}
$result = db_query("SELECT description FROM ttrss_filter_types
$result = $this->dbh->query("SELECT description FROM ttrss_filter_types
WHERE id = ".(int)$rule["filter_type"]);
$filter_type = db_fetch_result($result, 0, "description");
$filter_type = $this->dbh->fetch_result($result, 0, "description");
return T_sprintf("%s on %s in %s %s", strip_tags($rule["reg_exp"]),
$filter_type, $feed, isset($rule["inverse"]) ? __("(inverse)") : "");
@@ -440,10 +440,10 @@ class Pref_Filters extends Handler_Protected {
}
private function getActionName($action) {
$result = db_query("SELECT description FROM
$result = $this->dbh->query("SELECT description FROM
ttrss_filter_actions WHERE id = " .(int)$action["action_id"]);
$title = __(db_fetch_result($result, 0, "description"));
$title = __($this->dbh->fetch_result($result, 0, "description"));
if ($action["action_id"] == 4 || $action["action_id"] == 6 ||
$action["action_id"] == 7)
@@ -463,13 +463,13 @@ class Pref_Filters extends Handler_Protected {
# print_r($_REQUEST);
$filter_id = db_escape_string($_REQUEST["id"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool(db_escape_string($_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
$title = db_escape_string($_REQUEST["title"]);
$filter_id = $this->dbh->escape_string($_REQUEST["id"]);
$enabled = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["enabled"]));
$match_any_rule = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["match_any_rule"]));
$inverse = checkbox_to_sql_bool($this->dbh->escape_string($_REQUEST["inverse"]));
$title = $this->dbh->escape_string($_REQUEST["title"]);
$result = db_query("UPDATE ttrss_filters2 SET enabled = $enabled,
$result = $this->dbh->query("UPDATE ttrss_filters2 SET enabled = $enabled,
match_any_rule = $match_any_rule,
inverse = $inverse,
title = '$title'
@@ -482,17 +482,17 @@ class Pref_Filters extends Handler_Protected {
function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
$this->dbh->query("DELETE FROM ttrss_filters2 WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
}
}
private function saveRulesAndActions($filter_id) {
db_query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
db_query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
$this->dbh->query("DELETE FROM ttrss_filters2_rules WHERE filter_id = '$filter_id'");
$this->dbh->query("DELETE FROM ttrss_filters2_actions WHERE filter_id = '$filter_id'");
if ($filter_id) {
/* create rules */
@@ -521,11 +521,11 @@ class Pref_Filters extends Handler_Protected {
foreach ($rules as $rule) {
if ($rule) {
$reg_exp = strip_tags(db_escape_string(trim($rule["reg_exp"])));
$reg_exp = strip_tags($this->dbh->escape_string(trim($rule["reg_exp"])));
$inverse = isset($rule["inverse"]) ? "true" : "false";
$filter_type = (int) db_escape_string(trim($rule["filter_type"]));
$feed_id = db_escape_string(trim($rule["feed_id"]));
$filter_type = (int) $this->dbh->escape_string(trim($rule["filter_type"]));
$feed_id = $this->dbh->escape_string(trim($rule["feed_id"]));
if (strpos($feed_id, "CAT:") === 0) {
@@ -546,16 +546,16 @@ class Pref_Filters extends Handler_Protected {
(filter_id, reg_exp,filter_type,feed_id,cat_id,cat_filter,inverse) VALUES
('$filter_id', '$reg_exp', '$filter_type', $feed_id, $cat_id, $cat_filter, $inverse)";
db_query($query);
$this->dbh->query($query);
}
}
foreach ($actions as $action) {
if ($action) {
$action_id = (int) db_escape_string($action["action_id"]);
$action_param = db_escape_string($action["action_param"]);
$action_param_label = db_escape_string($action["action_param_label"]);
$action_id = (int) $this->dbh->escape_string($action["action_id"]);
$action_param = $this->dbh->escape_string($action["action_param"]);
$action_param_label = $this->dbh->escape_string($action["action_param_label"]);
if ($action_id == 7) {
$action_param = $action_param_label;
@@ -569,7 +569,7 @@ class Pref_Filters extends Handler_Protected {
(filter_id, action_id, action_param) VALUES
('$filter_id', '$action_id', '$action_param')";
db_query($query);
$this->dbh->query($query);
}
}
}
@@ -586,35 +586,35 @@ class Pref_Filters extends Handler_Protected {
$enabled = checkbox_to_sql_bool($_REQUEST["enabled"]);
$match_any_rule = checkbox_to_sql_bool($_REQUEST["match_any_rule"]);
$title = db_escape_string($_REQUEST["title"]);
$title = $this->dbh->escape_string($_REQUEST["title"]);
db_query("BEGIN");
$this->dbh->query("BEGIN");
/* create base filter */
$result = db_query("INSERT INTO ttrss_filters2
$result = $this->dbh->query("INSERT INTO ttrss_filters2
(owner_uid, match_any_rule, enabled, title) VALUES
(".$_SESSION["uid"].",$match_any_rule,$enabled, '$title')");
$result = db_query("SELECT MAX(id) AS id FROM ttrss_filters2
$result = $this->dbh->query("SELECT MAX(id) AS id FROM ttrss_filters2
WHERE owner_uid = ".$_SESSION["uid"]);
$filter_id = db_fetch_result($result, 0, "id");
$filter_id = $this->dbh->fetch_result($result, 0, "id");
$this->saveRulesAndActions($filter_id);
db_query("COMMIT");
$this->dbh->query("COMMIT");
}
function index() {
$sort = db_escape_string($_REQUEST["sort"]);
$sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
$filter_search = db_escape_string($_REQUEST["search"]);
$filter_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@@ -626,7 +626,7 @@ class Pref_Filters extends Handler_Protected {
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
$filter_search = db_escape_string($_REQUEST["search"]);
$filter_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
@@ -832,12 +832,12 @@ class Pref_Filters extends Handler_Protected {
print "<form name='filter_new_rule_form' id='filter_new_rule_form'>";
$result = db_query("SELECT id,description
$result = $this->dbh->query("SELECT id,description
FROM ttrss_filter_types WHERE id != 5 ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$filter_types[$line["id"]] = __($line["description"]);
}
@@ -888,7 +888,7 @@ class Pref_Filters extends Handler_Protected {
$action = json_decode($_REQUEST["action"], true);
if ($action) {
$action_param = db_escape_string($action["action_param"]);
$action_param = $this->dbh->escape_string($action["action_param"]);
$action_id = (int)$action["action_id"];
} else {
$action_param = "";
@@ -904,10 +904,10 @@ class Pref_Filters extends Handler_Protected {
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
$result = db_query("SELECT id,description FROM ttrss_filter_actions
$result = $this->dbh->query("SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$is_selected = ($line["id"] == $action_id) ? "selected='1'" : "";
printf("<option $is_selected value='%d'>%s</option>", $line["id"], __($line["description"]));
}
@@ -953,28 +953,28 @@ class Pref_Filters extends Handler_Protected {
private function getFilterName($id) {
$result = db_query(
$result = $this->dbh->query(
"SELECT title,COUNT(DISTINCT r.id) AS num_rules,COUNT(DISTINCT a.id) AS num_actions
FROM ttrss_filters2 AS f LEFT JOIN ttrss_filters2_rules AS r
ON (r.filter_id = f.id)
LEFT JOIN ttrss_filters2_actions AS a
ON (a.filter_id = f.id) WHERE f.id = '$id' GROUP BY f.title");
$title = db_fetch_result($result, 0, "title");
$num_rules = db_fetch_result($result, 0, "num_rules");
$num_actions = db_fetch_result($result, 0, "num_actions");
$title = $this->dbh->fetch_result($result, 0, "title");
$num_rules = $this->dbh->fetch_result($result, 0, "num_rules");
$num_actions = $this->dbh->fetch_result($result, 0, "num_actions");
if (!$title) $title = __("[No caption]");
$title = sprintf(_ngettext("%s (%d rule)", "%s (%d rules)", $num_rules), $title, $num_rules);
$result = db_query(
$result = $this->dbh->query(
"SELECT * FROM ttrss_filters2_actions WHERE filter_id = '$id' ORDER BY id LIMIT 1");
$actions = "";
if (db_num_rows($result) > 0) {
$line = db_fetch_assoc($result);
if ($this->dbh->num_rows($result) > 0) {
$line = $this->dbh->fetch_assoc($result);
$actions = $this->getActionName($line);
$num_actions -= 1;
@@ -987,22 +987,22 @@ class Pref_Filters extends Handler_Protected {
}
function join() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
if (count($ids) > 1) {
$base_id = array_shift($ids);
$ids_str = join(",", $ids);
db_query("BEGIN");
db_query("UPDATE ttrss_filters2_rules
$this->dbh->query("BEGIN");
$this->dbh->query("UPDATE ttrss_filters2_rules
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query("UPDATE ttrss_filters2_actions
$this->dbh->query("UPDATE ttrss_filters2_actions
SET filter_id = '$base_id' WHERE filter_id IN ($ids_str)");
db_query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
db_query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
$this->dbh->query("DELETE FROM ttrss_filters2 WHERE id IN ($ids_str)");
$this->dbh->query("UPDATE ttrss_filters2 SET match_any_rule = true WHERE id = '$base_id'");
db_query("COMMIT");
$this->dbh->query("COMMIT");
$this->optimizeFilter($base_id);
@@ -1010,14 +1010,14 @@ class Pref_Filters extends Handler_Protected {
}
private function optimizeFilter($id) {
db_query("BEGIN");
$result = db_query("SELECT * FROM ttrss_filters2_actions
$this->dbh->query("BEGIN");
$result = $this->dbh->query("SELECT * FROM ttrss_filters2_actions
WHERE filter_id = '$id'");
$tmp = array();
$dupe_ids = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$id = $line["id"];
unset($line["id"]);
@@ -1030,17 +1030,17 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
db_query("DELETE FROM ttrss_filters2_actions
$this->dbh->query("DELETE FROM ttrss_filters2_actions
WHERE id IN ($ids_str)");
}
$result = db_query("SELECT * FROM ttrss_filters2_rules
$result = $this->dbh->query("SELECT * FROM ttrss_filters2_rules
WHERE filter_id = '$id'");
$tmp = array();
$dupe_ids = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$id = $line["id"];
unset($line["id"]);
@@ -1053,11 +1053,11 @@ class Pref_Filters extends Handler_Protected {
if (count($dupe_ids) > 0) {
$ids_str = join(",", $dupe_ids);
db_query("DELETE FROM ttrss_filters2_rules
$this->dbh->query("DELETE FROM ttrss_filters2_rules
WHERE id IN ($ids_str)");
}
db_query("COMMIT");
$this->dbh->query("COMMIT");
}
}
?>

70
classes/pref/labels.php
View File

@@ -8,12 +8,12 @@ class Pref_Labels extends Handler_Protected {
}
function edit() {
$label_id = db_escape_string($_REQUEST['id']);
$label_id = $this->dbh->escape_string($_REQUEST['id']);
$result = db_query("SELECT * FROM ttrss_labels2 WHERE
$result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$line = db_fetch_assoc($result);
$line = $this->dbh->fetch_assoc($result);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
@@ -90,12 +90,12 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels');
$root['items'] = array();
$result = db_query("SELECT *
$result = $this->dbh->query("SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
ORDER BY caption");
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
@@ -118,29 +118,29 @@ class Pref_Labels extends Handler_Protected {
}
function colorset() {
$kind = db_escape_string($_REQUEST["kind"]);
$ids = explode(',', db_escape_string($_REQUEST["ids"]));
$color = db_escape_string($_REQUEST["color"]);
$fg = db_escape_string($_REQUEST["fg"]);
$bg = db_escape_string($_REQUEST["bg"]);
$kind = $this->dbh->escape_string($_REQUEST["kind"]);
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$color = $this->dbh->escape_string($_REQUEST["color"]);
$fg = $this->dbh->escape_string($_REQUEST["fg"]);
$bg = $this->dbh->escape_string($_REQUEST["bg"]);
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
db_query("UPDATE ttrss_labels2 SET
$this->dbh->query("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query("UPDATE ttrss_labels2 SET
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"]));
$caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */
db_query("UPDATE ttrss_user_entries SET label_cache = ''
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
@@ -149,18 +149,18 @@ class Pref_Labels extends Handler_Protected {
}
function colorreset() {
$ids = explode(',', db_escape_string($_REQUEST["ids"]));
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query("UPDATE ttrss_labels2 SET
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$caption = db_escape_string(label_find_caption($id, $_SESSION["uid"]));
$caption = $this->dbh->escape_string(label_find_caption($id, $_SESSION["uid"]));
/* Remove cached data */
db_query("UPDATE ttrss_user_entries SET label_cache = ''
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
@@ -168,31 +168,31 @@ class Pref_Labels extends Handler_Protected {
function save() {
$id = db_escape_string($_REQUEST["id"]);
$caption = db_escape_string(trim($_REQUEST["caption"]));
$id = $this->dbh->escape_string($_REQUEST["id"]);
$caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
db_query("BEGIN");
$this->dbh->query("BEGIN");
$result = db_query("SELECT caption FROM ttrss_labels2
$result = $this->dbh->query("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$old_caption = db_fetch_result($result, 0, "caption");
if ($this->dbh->num_rows($result) != 0) {
$old_caption = $this->dbh->fetch_result($result, 0, "caption");
$result = db_query("SELECT id FROM ttrss_labels2
$result = $this->dbh->query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
if ($this->dbh->num_rows($result) == 0) {
if ($caption) {
$result = db_query("UPDATE ttrss_labels2 SET
$result = $this->dbh->query("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
/* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption);
$old_caption = $this->dbh->escape_string($old_caption);
db_query("UPDATE ttrss_filters2_actions SET
$this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
@@ -206,14 +206,14 @@ class Pref_Labels extends Handler_Protected {
}
}
db_query("COMMIT");
$this->dbh->query("COMMIT");
return;
}
function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove($id, $_SESSION["uid"]);
@@ -222,8 +222,8 @@ class Pref_Labels extends Handler_Protected {
}
function add() {
$caption = db_escape_string($_REQUEST["caption"]);
$output = db_escape_string($_REQUEST["output"]);
$caption = $this->dbh->escape_string($_REQUEST["caption"]);
$output = $this->dbh->escape_string($_REQUEST["output"]);
if ($caption) {
@@ -250,13 +250,13 @@ class Pref_Labels extends Handler_Protected {
function index() {
$sort = db_escape_string($_REQUEST["sort"]);
$sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
$label_search = db_escape_string($_REQUEST["search"]);
$label_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;

64
classes/pref/prefs.php
View File

@@ -103,13 +103,13 @@ class Pref_Prefs extends Handler_Protected {
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
$pref_name = $this->dbh->escape_string($pref_name);
$value = $this->dbh->escape_string($_POST[$pref_name]);
if ($pref_name == 'DIGEST_PREFERRED_TIME') {
if (get_pref('DIGEST_PREFERRED_TIME') != $value) {
db_query("UPDATE ttrss_users SET
$this->dbh->query("UPDATE ttrss_users SET
last_digest_sent = NULL WHERE id = " . $_SESSION['uid']);
}
@@ -138,13 +138,13 @@ class Pref_Prefs extends Handler_Protected {
function getHelp() {
$pref_name = db_escape_string($_REQUEST["pn"]);
$pref_name = $this->dbh->escape_string($_REQUEST["pn"]);
$result = db_query("SELECT help_text FROM ttrss_prefs
$result = $this->dbh->query("SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
if (db_num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text");
if ($this->dbh->num_rows($result) > 0) {
$help_text = $this->dbh->fetch_result($result, 0, "help_text");
print $help_text;
} else {
printf(__("Unknown option: %s"), $pref_name);
@@ -153,12 +153,12 @@ class Pref_Prefs extends Handler_Protected {
function changeemail() {
$email = db_escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]);
$email = $this->dbh->escape_string($_POST["email"]);
$full_name = $this->dbh->escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
db_query("UPDATE ttrss_users SET email = '$email',
$this->dbh->query("UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved.");
@@ -176,7 +176,7 @@ class Pref_Prefs extends Handler_Protected {
$profile_qpart = "profile IS NULL";
}
db_query("DELETE FROM ttrss_user_prefs
$this->dbh->query("DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs($_SESSION["uid"], $_SESSION["profile"]);
@@ -225,13 +225,13 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Personal data") . "</h2>";
$result = db_query("SELECT email,full_name,otp_enabled,
$result = $this->dbh->query("SELECT email,full_name,otp_enabled,
access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
$email = htmlspecialchars($this->dbh->fetch_result($result, 0, "email"));
$full_name = htmlspecialchars($this->dbh->fetch_result($result, 0, "full_name"));
$otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
@@ -242,7 +242,7 @@ class Pref_Prefs extends Handler_Protected {
if (!SINGLE_USER_MODE && !$_SESSION["hide_hello"]) {
$access_level = db_fetch_result($result, 0, "access_level");
$access_level = $this->dbh->fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
@@ -270,11 +270,11 @@ class Pref_Prefs extends Handler_Protected {
print "<h2>" . __("Password") . "</h2>";
$result = db_query("SELECT id FROM ttrss_users
$result = $this->dbh->query("SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
if ($this->dbh->num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
}
@@ -494,7 +494,7 @@ class Pref_Prefs extends Handler_Protected {
$access_query = 'true';
$result = db_query("SELECT DISTINCT
$result = $this->dbh->query("SELECT DISTINCT
ttrss_user_prefs.pref_name,value,type_name,
ttrss_prefs_sections.order_id,
def_value,section_id
@@ -513,7 +513,7 @@ class Pref_Prefs extends Handler_Protected {
$listed_boolean_prefs = array();
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
@@ -897,17 +897,17 @@ class Pref_Prefs extends Handler_Protected {
require_once "lib/otphp/lib/totp.php";
require_once "lib/phpqrcode/phpqrcode.php";
$result = db_query("SELECT login,salt,otp_enabled
$result = $this->dbh->query("SELECT login,salt,otp_enabled
FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
$base32 = new Base32();
$login = db_fetch_result($result, 0, "login");
$otp_enabled = sql_bool_to_bool(db_fetch_result($result, 0, "otp_enabled"));
$login = $this->dbh->fetch_result($result, 0, "login");
$otp_enabled = sql_bool_to_bool($this->dbh->fetch_result($result, 0, "otp_enabled"));
if (!$otp_enabled) {
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
$secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret);
print QRcode::png($topt->provisioning_uri($login));
}
@@ -926,19 +926,19 @@ class Pref_Prefs extends Handler_Protected {
if ($authenticator->check_password($_SESSION["uid"], $password)) {
$result = db_query("SELECT salt
$result = $this->dbh->query("SELECT salt
FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
$base32 = new Base32();
$secret = $base32->encode(sha1(db_fetch_result($result, 0, "salt")));
$secret = $base32->encode(sha1($this->dbh->fetch_result($result, 0, "salt")));
$topt = new \OTPHP\TOTP($secret);
$otp_check = $topt->now();
if ($otp == $otp_check) {
db_query("UPDATE ttrss_users SET otp_enabled = true WHERE
$this->dbh->query("UPDATE ttrss_users SET otp_enabled = true WHERE
id = " . $_SESSION["uid"]);
print "OK";
@@ -952,14 +952,14 @@ class Pref_Prefs extends Handler_Protected {
}
function otpdisable() {
$password = db_escape_string($_REQUEST["password"]);
$password = $this->dbh->escape_string($_REQUEST["password"]);
global $pluginhost;
$authenticator = $pluginhost->get_plugin($_SESSION["auth_module"]);
if ($authenticator->check_password($_SESSION["uid"], $password)) {
db_query("UPDATE ttrss_users SET otp_enabled = false WHERE
$this->dbh->query("UPDATE ttrss_users SET otp_enabled = false WHERE
id = " . $_SESSION["uid"]);
print "OK";
@@ -979,7 +979,7 @@ class Pref_Prefs extends Handler_Protected {
}
function clearplugindata() {
$name = db_escape_string($_REQUEST["name"]);
$name = $this->dbh->escape_string($_REQUEST["name"]);
global $pluginhost;
$pluginhost->clear_data($pluginhost->get_plugin($name));
@@ -1034,7 +1034,7 @@ class Pref_Prefs extends Handler_Protected {
print "</div>";
$result = db_query("SELECT title,id FROM ttrss_settings_profiles
$result = $this->dbh->query("SELECT title,id FROM ttrss_settings_profiles
WHERE owner_uid = ".$_SESSION["uid"]." ORDER BY title");
print "<div class=\"prefProfileHolder\">";
@@ -1065,7 +1065,7 @@ class Pref_Prefs extends Handler_Protected {
$lnum = 1;
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";

4
classes/pref/system.php
View File

@@ -24,7 +24,7 @@ class Pref_System extends Handler_Protected {
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Error Log')."\">";
$result = db_query("SELECT errno, errstr, filename, lineno,
$result = $this->dbh->query("SELECT errno, errstr, filename, lineno,
created_at, login FROM ttrss_error_log
LEFT JOIN ttrss_users ON (owner_uid = ttrss_users.id)
ORDER BY ttrss_error_log.id DESC
@@ -43,7 +43,7 @@ class Pref_System extends Handler_Protected {
<td width='5%'>".__("Date")."</td>
</tr>";
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
print "<tr class=\"errrow\">";
foreach ($line as $k => $v) {

76
classes/pref/users.php
View File

@@ -21,7 +21,7 @@ class Pref_Users extends Handler_Protected {
$uid = sprintf("%d", $_REQUEST["id"]);
$result = db_query("SELECT login,
$result = $this->dbh->query("SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries
@@ -30,33 +30,33 @@ class Pref_Users extends Handler_Protected {
FROM ttrss_users
WHERE id = '$uid'");
if (db_num_rows($result) == 0) {
if ($this->dbh->num_rows($result) == 0) {
print "<h1>".__('User not found')."</h1>";
return;
}
// print "<h1>User Details</h1>";
$login = db_fetch_result($result, 0, "login");
$login = $this->dbh->fetch_result($result, 0, "login");
print "<table width='100%'>";
$last_login = make_local_datetime(
db_fetch_result($result, 0, "last_login"), true);
$this->dbh->fetch_result($result, 0, "last_login"), true);
$created = make_local_datetime(
db_fetch_result($result, 0, "created"), true);
$this->dbh->fetch_result($result, 0, "created"), true);
$access_level = db_fetch_result($result, 0, "access_level");
$stored_articles = db_fetch_result($result, 0, "stored_articles");
$access_level = $this->dbh->fetch_result($result, 0, "access_level");
$stored_articles = $this->dbh->fetch_result($result, 0, "stored_articles");
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
$result = db_query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
$result = $this->dbh->query("SELECT COUNT(id) as num_feeds FROM ttrss_feeds
WHERE owner_uid = '$uid'");
$num_feeds = db_fetch_result($result, 0, "num_feeds");
$num_feeds = $this->dbh->fetch_result($result, 0, "num_feeds");
print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
@@ -64,14 +64,14 @@ class Pref_Users extends Handler_Protected {
print "<h1>".__('Subscribed feeds')."</h1>";
$result = db_query("SELECT id,title,site_url FROM ttrss_feeds
$result = $this->dbh->query("SELECT id,title,site_url FROM ttrss_feeds
WHERE owner_uid = '$uid' ORDER BY title");
print "<ul class=\"userFeedList\">";
$row_class = "odd";
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$icon_file = ICONS_URL."/".$line["id"].".ico";
@@ -87,7 +87,7 @@ class Pref_Users extends Handler_Protected {
}
if (db_num_rows($result) < $num_feeds) {
if ($this->dbh->num_rows($result) < $num_feeds) {
// FIXME - add link to show ALL subscribed feeds here somewhere
print "<li><img
class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
@@ -105,18 +105,18 @@ class Pref_Users extends Handler_Protected {
function edit() {
global $access_level_names;
$id = db_escape_string($_REQUEST["id"]);
$id = $this->dbh->escape_string($_REQUEST["id"]);
print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
$result = db_query("SELECT * FROM ttrss_users WHERE id = '$id'");
$result = $this->dbh->query("SELECT * FROM ttrss_users WHERE id = '$id'");
$login = db_fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level");
$email = db_fetch_result($result, 0, "email");
$login = $this->dbh->fetch_result($result, 0, "login");
$access_level = $this->dbh->fetch_result($result, 0, "access_level");
$email = $this->dbh->fetch_result($result, 0, "email");
$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
@@ -181,10 +181,10 @@ class Pref_Users extends Handler_Protected {
}
function editSave() {
$login = db_escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]);
$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
$uid = $this->dbh->escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string(trim($_REQUEST["email"]));
$email = $this->dbh->escape_string(trim($_REQUEST["email"]));
$password = $_REQUEST["password"];
if ($password) {
@@ -195,47 +195,47 @@ class Pref_Users extends Handler_Protected {
$pass_query_part = "";
}
db_query("UPDATE ttrss_users SET $pass_query_part login = '$login',
$this->dbh->query("UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email', otp_enabled = false
WHERE id = '$uid'");
}
function remove() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
db_query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query("DELETE FROM ttrss_users WHERE id = '$id'");
$this->dbh->query("DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
$this->dbh->query("DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
$this->dbh->query("DELETE FROM ttrss_users WHERE id = '$id'");
}
}
}
function add() {
$login = db_escape_string(trim($_REQUEST["login"]));
$login = $this->dbh->escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
$pwd_hash = encrypt_password($tmp_user_pwd, $salt, true);
$result = db_query("SELECT id FROM ttrss_users WHERE
$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) == 0) {
if ($this->dbh->num_rows($result) == 0) {
db_query("INSERT INTO ttrss_users
$this->dbh->query("INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created, salt)
VALUES ('$login', '$pwd_hash', 0, null, NOW(), '$salt')");
$result = db_query("SELECT id FROM ttrss_users WHERE
$result = $this->dbh->query("SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) {
if ($this->dbh->num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id");
$new_uid = $this->dbh->fetch_result($result, 0, "id");
print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd));
@@ -304,7 +304,7 @@ class Pref_Users extends Handler_Protected {
}
function resetPass() {
$uid = db_escape_string($_REQUEST["id"]);
$uid = $this->dbh->escape_string($_REQUEST["id"]);
Pref_Users::resetUserPassword($uid, true);
}
@@ -317,7 +317,7 @@ class Pref_Users extends Handler_Protected {
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
$user_search = db_escape_string($_REQUEST["search"]);
$user_search = $this->dbh->escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
@@ -332,7 +332,7 @@ class Pref_Users extends Handler_Protected {
__('Search')."</button>
</div>";
$sort = db_escape_string($_REQUEST["sort"]);
$sort = $this->dbh->escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
@@ -381,7 +381,7 @@ class Pref_Users extends Handler_Protected {
$user_search_query = "";
}
$result = db_query("SELECT
$result = $this->dbh->query("SELECT
id,login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
".SUBSTRING_FOR_DATE."(created,1,16) as created
@@ -392,7 +392,7 @@ class Pref_Users extends Handler_Protected {
id > 0
ORDER BY $sort");
if (db_num_rows($result) > 0) {
if ($this->dbh->num_rows($result) > 0) {
print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">";
@@ -406,7 +406,7 @@ class Pref_Users extends Handler_Protected {
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
while ($line = $this->dbh->fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";