banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

filters: cast score expression as integer on save to prevent misscoring

Browse Source
master
Andrew Dolgov 13 years ago
parent 90e71380ba
commit b6c1201c33
1 changed files with 60 additions and 52 deletions
Show Stats Download Patch File Download Diff File

112
modules/pref-filters.php
Unescape Escape View File

@ -9,7 +9,7 @@
$root['name'] = __('Filters'); $root['name'] = __('Filters');
$root['items'] = array(); $root['items'] = array();
$result = db_query($link, "SELECT $result = db_query($link, "SELECT
ttrss_filters.id AS id,reg_exp, ttrss_filters.id AS id,reg_exp,
ttrss_filter_types.name AS filter_type_name, ttrss_filter_types.name AS filter_type_name,
ttrss_filter_types.description AS filter_type_descr, ttrss_filter_types.description AS filter_type_descr,
@ -23,7 +23,7 @@
ttrss_feeds.title AS feed_title, ttrss_feeds.title AS feed_title,
ttrss_filter_actions.name AS action_name, ttrss_filter_actions.name AS action_name,
ttrss_filters.action_param AS action_param ttrss_filters.action_param AS action_param
FROM FROM
ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id) ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
WHERE WHERE
@ -39,41 +39,41 @@
while ($line = db_fetch_assoc($result)) { while ($line = db_fetch_assoc($result)) {
if ($cur_action_description != $line['action_description']) { if ($cur_action_description != $line['action_description']) {
if ($cat) if ($cat)
array_push($root['items'], $cat); array_push($root['items'], $cat);
$cat = array(); $cat = array();
$cat['id'] = 'ACTION:' . $line['action_id']; $cat['id'] = 'ACTION:' . $line['action_id'];
$cat['name'] = $line['action_description']; $cat['name'] = $line['action_description'];
$cat['items'] = array(); $cat['items'] = array();
$cur_action_description = $line['action_description']; $cur_action_description = $line['action_description'];
} }
if (array_search($line["action_name"], if (array_search($line["action_name"],
array("score", "tag", "label")) === false) { array("score", "tag", "label")) === false) {
$line["action_param"] = ''; $line["action_param"] = '';
} else { } else {
if ($line['action_name'] == 'label') { if ($line['action_name'] == 'label') {
$tmp_result = db_query($link, "SELECT fg_color, bg_color $tmp_result = db_query($link, "SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '". FROM ttrss_labels2 WHERE caption = '".
db_escape_string($line["action_param"])."' AND db_escape_string($line["action_param"])."' AND
owner_uid = " . $_SESSION["uid"]); owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($tmp_result) != 0) { if (db_num_rows($tmp_result) != 0) {
$fg_color = db_fetch_result($tmp_result, 0, "fg_color"); $fg_color = db_fetch_result($tmp_result, 0, "fg_color");
$bg_color = db_fetch_result($tmp_result, 0, "bg_color"); $bg_color = db_fetch_result($tmp_result, 0, "bg_color");
$tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param']; $tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
$line['action_param'] = $tmp; $line['action_param'] = $tmp;
} }
} }
} }
$filter = array(); $filter = array();
$filter['id'] = 'FILTER:' . $line['id']; $filter['id'] = 'FILTER:' . $line['id'];
$filter['bare_id'] = $line['id']; $filter['bare_id'] = $line['id'];
@ -83,13 +83,13 @@
$filter['param'] = $line['action_param']; $filter['param'] = $line['action_param'];
$filter['inverse'] = sql_bool_to_bool($line['inverse']); $filter['inverse'] = sql_bool_to_bool($line['inverse']);
$filter['checkbox'] = false; $filter['checkbox'] = false;
if ($line['feed_id']) if ($line['feed_id'])
$filter['feed'] = $line['feed_title']; $filter['feed'] = $line['feed_title'];
array_push($cat['items'], $filter); array_push($cat['items'], $filter);
} }
array_push($root['items'], $cat); array_push($root['items'], $cat);
} }
@ -106,7 +106,7 @@
$filter_id = db_escape_string($_REQUEST["id"]); $filter_id = db_escape_string($_REQUEST["id"]);
$result = db_query($link, $result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]); "SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp")); $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
@ -123,13 +123,13 @@
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">"; print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT id,description $result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description"); FROM ttrss_filter_types ORDER BY description");
$filter_types = array(); $filter_types = array();
while ($line = db_fetch_assoc($result)) { while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]); //array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = __($line["description"]); $filter_types[$line["id"]] = __($line["description"]);
@ -159,7 +159,7 @@
required=\"1\" required=\"1\"
name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">"; name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>"; print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">". print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
__('Check it')."</button>"; __('Check it')."</button>";
print "</span>"; print "</span>";
@ -182,15 +182,15 @@
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\" print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">"; onchange=\"filterDlgCheckAction(this)\">";
$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions $result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
ORDER BY name"); ORDER BY name");
while ($line = db_fetch_assoc($result)) { while ($line = db_fetch_assoc($result)) {
$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : ""; $is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"])); printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
} }
print "</select>"; print "</select>";
$param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none"; $param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
@ -206,8 +206,8 @@
$param_int_hidden = ($action_id == 7) ? "" : "display : none"; $param_int_hidden = ($action_id == 7) ? "" : "display : none";
print_label_select($link, "action_param_label", $action_param, print_label_select($link, "action_param_label", $action_param,
"style=\"$param_int_hidden\"" . "style=\"$param_int_hidden\"" .
'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"'); 'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
print "</span>"; print "</span>";
@ -271,9 +271,9 @@
$filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$filter_id = db_escape_string($_REQUEST["id"]); $filter_id = db_escape_string($_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]); $action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]); $action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]); $action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"])); $enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
@ -293,8 +293,12 @@
$action_param = $action_param_label; $action_param = $action_param_label;
} }
$result = db_query($link, "UPDATE ttrss_filters SET if ($action_id == 6) {
reg_exp = '$reg_exp', $action_param = (int) str_replace("+", "", $action_param);
}
$result = db_query($link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
feed_id = $feed_id, feed_id = $feed_id,
action_id = '$action_id', action_id = '$action_id',
filter_type = '$filter_type', filter_type = '$filter_type',
@ -306,7 +310,7 @@
} }
if ($subop == "remove") { if ($subop == "remove") {
if ($memcache) $memcache->flush(); if ($memcache) $memcache->flush();
$ids = split(",", db_escape_string($_REQUEST["ids"])); $ids = split(",", db_escape_string($_REQUEST["ids"]));
@ -324,9 +328,9 @@
$regexp = db_escape_string(trim($_REQUEST["reg_exp"])); $regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"])); $filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$feed_id = db_escape_string($_REQUEST["feed_id"]); $feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]); $action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]); $action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]); $action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"])); $inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway... # for the time being, no other filters use params anyway...
@ -347,11 +351,15 @@
$action_param = $action_param_label; $action_param = $action_param_label;
} }
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
$result = db_query($link, $result = db_query($link,
"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id, "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
action_id, action_param, inverse, filter_param) action_id, action_param, inverse, filter_param)
VALUES VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."', ('$regexp', '$filter_type','".$_SESSION["uid"]."',
$feed_id, '$action_id', '$action_param', $inverse, '$filter_param')"); $feed_id, '$action_id', '$action_param', $inverse, '$filter_param')");
if (db_affected_rows($link, $result) != 0) { if (db_affected_rows($link, $result) != 0) {
@ -369,7 +377,7 @@
$sort = "reg_exp"; $sort = "reg_exp";
} }
$result = db_query($link, "SELECT id,description $result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description"); FROM ttrss_filter_types ORDER BY description");
$filter_types = array(); $filter_types = array();
@ -387,7 +395,7 @@
} else { } else {
$filter_search = $_SESSION["prefs_filter_search"]; $filter_search = $_SESSION["prefs_filter_search"];
} }
print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">"; print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">"; print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">"; print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
@ -395,14 +403,14 @@
print "<div dojoType=\"dijit.form.DropDownButton\">". print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>"; "<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">"; print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\" print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>"; dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\" print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>"; dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>"; print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
__('Create filter')."</button> "; __('Create filter')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
__('Edit')."</button> "; __('Edit')."</button> ";
@ -412,7 +420,7 @@
if (defined('_ENABLE_FEED_DEBUGGING')) { if (defined('_ENABLE_FEED_DEBUGGING')) {
print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">". print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
__('Rescore articles')."</button> "; __('Rescore articles')."</button> ";
} }
print "</div>"; # toolbar print "</div>"; # toolbar
@ -423,14 +431,14 @@
<img src='images/indicator_tiny.gif'>". <img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>"; __("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\" print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
url=\"backend.php?op=pref-filters&subop=getfiltertree\"> url=\"backend.php?op=pref-filters&subop=getfiltertree\">
</div> </div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\" <div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\" query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\"> childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div> </div>
<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\" <div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
model=\"filterModel\" openOnClick=\"true\"> model=\"filterModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\"> <script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"filterlistLoading\"); Element.hide(\"filterlistLoading\");
@ -441,7 +449,7 @@
if (id.match('FILTER:')) { if (id.match('FILTER:')) {
editFilter(bare_id); editFilter(bare_id);
} }
</script> </script>
</div>"; </div>";

Write Preview
Loading…
Cancel
Save