banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

labels: PDO

Browse Source
master
Andrew Dolgov 7 years ago
parent c2418a559b
commit 21295a52aa
1 changed files with 98 additions and 90 deletions
Show Stats Download Patch File Download Diff File

188
classes/pref/labels.php
Unescape Escape View File

@ -8,80 +8,80 @@ class Pref_Labels extends Handler_Protected {
} }
function edit() { function edit() {
$label_id = $this->dbh->escape_string($_REQUEST['id']); $label_id = $_REQUEST['id'];
$result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE $sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]); id = ? AND owner_uid = ?");
$sth->execute([$label_id, $_SESSION['uid']]);
$line = $this->dbh->fetch_assoc($result); if ($line = $sth->fetch()) {
print_hidden("id", "$label_id"); print_hidden("id", "$label_id");
print_hidden("op", "pref-labels"); print_hidden("op", "pref-labels");
print_hidden("method", "save"); print_hidden("method", "save");
print "<div class=\"dlgSec\">".__("Caption")."</div>"; print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "<div class=\"dlgSecCont\">"; print "<div class=\"dlgSecCont\">";
$fg_color = $line['fg_color']; $fg_color = $line['fg_color'];
$bg_color = $line['bg_color']; $bg_color = $line['bg_color'];
print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>"; print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>";
print "<input style=\"font-size : 16px\" name=\"caption\" print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\" dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\" required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">"; value=\"".htmlspecialchars($line['caption'])."\">";
print "</div>"; print "</div>";
print "<div class=\"dlgSec\">" . __("Colors") . "</div>"; print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
print "<div class=\"dlgSecCont\">"; print "<div class=\"dlgSecCont\">";
print "<table cellspacing=\"0\">"; print "<table cellspacing=\"0\">";
print "<tr><td>".__("Foreground:")."</td><td>".__("Background:"). print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
"</td></tr>"; "</td></tr>";
print "<tr><td style='padding-right : 10px'>"; print "<tr><td style='padding-right : 10px'>";
print "<input dojoType=\"dijit.form.TextBox\" print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\" style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">"; name=\"fg_color\" value=\"$fg_color\">";
print "<input dojoType=\"dijit.form.TextBox\" print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\" style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">"; name=\"bg_color\" value=\"$bg_color\">";
print "<div dojoType=\"dijit.ColorPalette\"> print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\"> <script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color); dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color}); $('label-editor-indicator').setStyle({color: fg_color});
</script> </script>
</div>"; </div>";
print "</div>"; print "</div>";
print "</td><td>"; print "</td><td>";
print "<div dojoType=\"dijit.ColorPalette\"> print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\"> <script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color); dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color}); $('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script> </script>
</div>"; </div>";
print "</div>"; print "</div>";
print "</td></tr></table>"; print "</td></tr></table>";
print "</div>"; print "</div>";
# print "</form>"; # print "</form>";
print "<div class=\"dlgButtons\">"; print "<div class=\"dlgButtons\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
__('Save')."</button>"; __('Save')."</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>"; __('Cancel')."</button>";
print "</div>"; print "</div>";
}
return;
} }
function getlabeltree() { function getlabeltree() {
@ -90,12 +90,13 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels'); $root['name'] = __('Labels');
$root['items'] = array(); $root['items'] = array();
$result = $this->dbh->query("SELECT * $sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2 FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]." WHERE owner_uid = ?
ORDER BY caption"); ORDER BY caption");
$sth->execute([$_SESSION['uid']]);
while ($line = $this->dbh->fetch_assoc($result)) { while ($line = $sth->fetch()) {
$label = array(); $label = array();
$label['id'] = 'LABEL:' . $line['id']; $label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id']; $label['bare_id'] = $line['id'];
@ -118,84 +119,92 @@ class Pref_Labels extends Handler_Protected {
} }
function colorset() { function colorset() {
$kind = $this->dbh->escape_string($_REQUEST["kind"]); $kind = $_REQUEST["kind"];
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(',', $_REQUEST["ids"]);
$color = $this->dbh->escape_string($_REQUEST["color"]); $color = $_REQUEST["color"];
$fg = $this->dbh->escape_string($_REQUEST["fg"]); $fg = $_REQUEST["fg"];
$bg = $this->dbh->escape_string($_REQUEST["bg"]); $bg = $_REQUEST["bg"];
foreach ($ids as $id) { foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") { if ($kind == "fg" || $kind == "bg") {
$this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id' ${kind}_color = ? WHERE id = ?
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = ?");
$sth->execute([$color, $id, $_SESSION['uid']]);
} else { } else {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id' $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
AND owner_uid = " . $_SESSION["uid"]); fg_color = ?, bg_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
} }
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */ /* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
} }
return;
} }
function colorreset() { function colorreset() {
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) { foreach ($ids as $id) {
$this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id' fg_color = '', bg_color = '' WHERE id = ?
AND owner_uid = " . $_SESSION["uid"]); AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"])); $caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */ /* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = '' $sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]); WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
} }
} }
function save() { function save() {
$id = $this->dbh->escape_string($_REQUEST["id"]); $id = $_REQUEST["id"];
$caption = $this->dbh->escape_string(trim($_REQUEST["caption"])); $caption = trim($_REQUEST["caption"]);
$this->dbh->query("BEGIN"); $this->pdo->beginTransaction();
$result = $this->dbh->query("SELECT caption FROM ttrss_labels2 $sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]); WHERE id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) != 0) { if ($row = $sth->fetch()) {
$old_caption = $this->dbh->fetch_result($result, 0, "caption"); $old_caption = $row["caption"];
$result = $this->dbh->query("SELECT id FROM ttrss_labels2 $sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]); WHERE caption = ? AND owner_uid = ?");
$sth->execute([$caption, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) == 0) { if (!$sth->fetch()) {
if ($caption) { if ($caption) {
$result = $this->dbh->query("UPDATE ttrss_labels2 SET $sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND caption = ? WHERE id = ? AND
owner_uid = " . $_SESSION["uid"]); owner_uid = ?");
$sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */ /* Update filters that reference label being renamed */
$old_caption = $this->dbh->escape_string($old_caption); $sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
action_param = ? WHERE action_param = ?
$this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7 AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")"); AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
$sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"]; print $_REQUEST["value"];
} else { } else {
@ -206,14 +215,13 @@ class Pref_Labels extends Handler_Protected {
} }
} }
$this->dbh->query("COMMIT"); $this->pdo->commit();
return;
} }
function remove() { function remove() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"])); $ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) { foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]); Labels::remove($id, $_SESSION["uid"]);
@ -222,8 +230,8 @@ class Pref_Labels extends Handler_Protected {
} }
function add() { function add() {
$caption = $this->dbh->escape_string($_REQUEST["caption"]); $caption = $_REQUEST["caption"];
$output = $this->dbh->escape_string($_REQUEST["output"]); $output = $_REQUEST["output"];
if ($caption) { if ($caption) {

Write Preview
Loading…
Cancel
Save