filters: cast score expression as integer on save to prevent misscoring

master
Andrew Dolgov 14 years ago
parent 90e71380ba
commit b6c1201c33

@ -9,7 +9,7 @@
$root['name'] = __('Filters');
$root['items'] = array();
$result = db_query($link, "SELECT
$result = db_query($link, "SELECT
ttrss_filters.id AS id,reg_exp,
ttrss_filter_types.name AS filter_type_name,
ttrss_filter_types.description AS filter_type_descr,
@ -23,7 +23,7 @@
ttrss_feeds.title AS feed_title,
ttrss_filter_actions.name AS action_name,
ttrss_filters.action_param AS action_param
FROM
FROM
ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
WHERE
@ -39,41 +39,41 @@
while ($line = db_fetch_assoc($result)) {
if ($cur_action_description != $line['action_description']) {
if ($cat)
array_push($root['items'], $cat);
$cat = array();
$cat['id'] = 'ACTION:' . $line['action_id'];
$cat['name'] = $line['action_description'];
$cat['items'] = array();
$cur_action_description = $line['action_description'];
}
if (array_search($line["action_name"],
if (array_search($line["action_name"],
array("score", "tag", "label")) === false) {
$line["action_param"] = '';
} else {
if ($line['action_name'] == 'label') {
$tmp_result = db_query($link, "SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".
db_escape_string($line["action_param"])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($tmp_result) != 0) {
$fg_color = db_fetch_result($tmp_result, 0, "fg_color");
$bg_color = db_fetch_result($tmp_result, 0, "bg_color");
$tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
$line['action_param'] = $tmp;
}
}
}
$filter = array();
$filter['id'] = 'FILTER:' . $line['id'];
$filter['bare_id'] = $line['id'];
@ -83,13 +83,13 @@
$filter['param'] = $line['action_param'];
$filter['inverse'] = sql_bool_to_bool($line['inverse']);
$filter['checkbox'] = false;
if ($line['feed_id'])
$filter['feed'] = $line['feed_title'];
$filter['feed'] = $line['feed_title'];
array_push($cat['items'], $filter);
}
array_push($root['items'], $cat);
}
@ -106,7 +106,7 @@
$filter_id = db_escape_string($_REQUEST["id"]);
$result = db_query($link,
$result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
@ -123,13 +123,13 @@
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT id,description
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = __($line["description"]);
@ -159,7 +159,7 @@
required=\"1\"
name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
__('Check it')."</button>";
print "</span>";
@ -182,15 +182,15 @@
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
while ($line = db_fetch_assoc($result)) {
$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
}
print "</select>";
$param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
@ -206,8 +206,8 @@
$param_int_hidden = ($action_id == 7) ? "" : "display : none";
print_label_select($link, "action_param_label", $action_param,
"style=\"$param_int_hidden\"" .
print_label_select($link, "action_param_label", $action_param,
"style=\"$param_int_hidden\"" .
'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
print "</span>";
@ -271,9 +271,9 @@
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$filter_id = db_escape_string($_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
@ -293,8 +293,12 @@
$action_param = $action_param_label;
}
$result = db_query($link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
$result = db_query($link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
feed_id = $feed_id,
action_id = '$action_id',
filter_type = '$filter_type',
@ -306,7 +310,7 @@
}
if ($subop == "remove") {
if ($memcache) $memcache->flush();
$ids = split(",", db_escape_string($_REQUEST["ids"]));
@ -324,9 +328,9 @@
$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway...
@ -347,11 +351,15 @@
$action_param = $action_param_label;
}
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
$result = db_query($link,
"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
action_id, action_param, inverse, filter_param)
VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."',
action_id, action_param, inverse, filter_param)
VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."',
$feed_id, '$action_id', '$action_param', $inverse, '$filter_param')");
if (db_affected_rows($link, $result) != 0) {
@ -369,7 +377,7 @@
$sort = "reg_exp";
}
$result = db_query($link, "SELECT id,description
$result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
@ -387,7 +395,7 @@
} else {
$filter_search = $_SESSION["prefs_filter_search"];
}
print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
@ -395,14 +403,14 @@
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
__('Create filter')."</button> ";
__('Create filter')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
__('Edit')."</button> ";
@ -412,7 +420,7 @@
if (defined('_ENABLE_FEED_DEBUGGING')) {
print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
__('Rescore articles')."</button> ";
__('Rescore articles')."</button> ";
}
print "</div>"; # toolbar
@ -423,14 +431,14 @@
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
url=\"backend.php?op=pref-filters&subop=getfiltertree\">
</div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div>
<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
model=\"filterModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"filterlistLoading\");
@ -441,7 +449,7 @@
if (id.match('FILTER:')) {
editFilter(bare_id);
}
}
</script>
</div>";

Loading…
Cancel
Save