banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge branch 'tiny-oop'

Browse Source
master
Andrew Dolgov 14 years ago
parent 43dd8898bd 80edb8b4d7
commit d043c0069e
46 changed files with 6394 additions and 6977 deletions
Show Stats Download Patch File Download Diff File

3
.settings/org.eclipse.core.resources.prefs
Unescape Escape View File

@ -1,3 +0,0 @@
#Sat Dec 10 20:32:32 MSK 2011
eclipse.preferences.version=1
encoding/functions.php=UTF-8

379
backend.php
Unescape Escape View File

@ -17,9 +17,20 @@
}
$op = $_REQUEST["op"];
@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
/* Public calls compatibility shim */
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
"fbexport", "logout", "pubsub");
if (array_search($op, $public_calls) !== false) {
header("Location: public.php?" . $_SERVER['QUERY_STRING']);
return;
}
require_once "functions.php";
if ($op != "share") require_once "sessions.php";
require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
@ -33,24 +44,9 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (!init_connection($link)) return;
init_connection($link);
$subop = $_REQUEST["subop"];
$mode = $_REQUEST["mode"];
if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
header("Content-Type: application/xml; charset=utf-8");
} else {
header("Content-Type: text/plain; charset=utf-8");
}
header("Content-Type: text/plain; charset=utf-8");
if (ENABLE_GZIP_OUTPUT) {
ob_start("ob_gzhandler");
@ -60,16 +56,10 @@
authenticate_user($link, "admin", null);
}
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
"fbexport", "logout", "pubsub");
if (array_search($op, $public_calls) !== false) {
handle_public_request($link, $op);
return;
// TODO remove and handle within Handlers
} else if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $_REQUEST['subop'] == 'add') {
if (!($_SESSION["uid"] && validate_session($link))) {
if ($op == 'pref-feeds' && $method == 'add') {
header("Content-Type: text/html");
login_sequence($link);
render_login_form($link);
@ -127,8 +117,6 @@
5 => __("Power User"),
10 => __("Administrator"));
$error = sanity_check($link);
if ($error['code'] != 0 && $op != "logout") {
@ -136,326 +124,33 @@
return;
}
switch($op) { // Select action according to $op value.
case "rpc":
require_once "modules/backend-rpc.php";
handle_rpc_request($link);
break; // rpc
case "feeds":
$subop = $_REQUEST["subop"];
$root = (bool)$_REQUEST["root"];
switch($subop) {
case "catchupAll":
db_query($link, "UPDATE ttrss_user_entries SET
last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);
ccache_zero_all($link, $_SESSION["uid"]);
break;
case "collapse":
$cat_id = db_escape_string($_REQUEST["cid"]);
$mode = (int) db_escape_string($_REQUEST['mode']);
toggle_collapse_cat($link, $cat_id, $mode);
return;
break;
}
if (!$root) {
print json_encode(outputFeedList($link));
} else {
$feeds = outputFeedList($link, false);
$root = array();
$root['id'] = 'root';
$root['name'] = __('Feeds');
$root['items'] = $feeds['items'];
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
}
break; // feeds
case "la":
$id = db_escape_string($_REQUEST['id']);
$result = db_query($link, "SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
LIMIT 1");
if (db_num_rows($result) == 1) {
$article_url = db_fetch_result($result, 0, 'link');
$article_url = str_replace("\n", "", $article_url);
header("Location: $article_url");
return;
} else {
print_error(__("Article not found."));
}
break;
case "view":
$id = db_escape_string($_REQUEST["id"]);
$cids = explode(",", db_escape_string($_REQUEST["cids"]));
$mode = db_escape_string($_REQUEST["mode"]);
$omode = db_escape_string($_REQUEST["omode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
$articles = array();
function __autoload($class) {
$file = "classes/".strtolower(basename($class)).".php";
if (file_exists($file)) {
require $file;
}
}
if ($mode == "") {
array_push($articles, format_article($link, $id, false));
} else if ($mode == "zoom") {
array_push($articles, format_article($link, $id, true, true));
} else if ($mode == "raw") {
if ($_REQUEST['html']) {
header("Content-Type: text/html");
print '<link rel="stylesheet" type="text/css" href="tt-rss.css"/>';
}
$op = str_replace("-", "_", $op);
$article = format_article($link, $id, false);
print $article['content'];
return;
}
catchupArticleById($link, $id, 0);
if (class_exists($op)) {
$handler = new $op($link, $_REQUEST);
if (!$_SESSION["bw_limit"]) {
foreach ($cids as $cid) {
if ($cid) {
array_push($articles, format_article($link, $cid, false, false));
}
if ($handler) {
if ($handler->before()) {
if ($method && method_exists($handler, $method)) {
$handler->$method();
} else if (method_exists($handler, 'index')) {
$handler->index();
}
}
print json_encode($articles);
break; // view
case "viewfeed":
$timing_info = getmicrotime();
$reply = array();
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$omode = db_escape_string($_REQUEST["omode"]);
$feed = db_escape_string($_REQUEST["feed"]);
$subop = db_escape_string($_REQUEST["subop"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$limit = (int) get_pref($link, "DEFAULT_ARTICLE_LIMIT");
@$cat_view = db_escape_string($_REQUEST["cat"]) == "true";
@$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
@$offset = db_escape_string($_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
$order_by = db_escape_string($_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed;
/* Feed -5 is a special case: it is used to display auxiliary information
* when there's nothing to load - e.g. no stuff in fresh feed */
if ($feed == -5) {
print json_encode(generate_dashboard_feed($link));
return;
}
$result = false;
if ($feed < -10) {
$label_feed = -11-$feed;
$result = db_query($link, "SELECT id FROM ttrss_labels2 WHERE
id = '$label_feed' AND owner_uid = " . $_SESSION['uid']);
} else if (!$cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} else if ($cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
}
if ($result && db_num_rows($result) == 0) {
print json_encode(generate_error_feed($link, __("Feed not found.")));
$handler->after();
return;
}
}
}
/* Updating a label ccache means recalculating all of the caches
* so for performance reasons we don't do that here */
if ($feed >= 0) {
ccache_update($link, $feed, $_SESSION["uid"], $cat_view);
}
set_pref($link, "_DEFAULT_VIEW_MODE", $view_mode);
set_pref($link, "_DEFAULT_VIEW_LIMIT", $limit);
set_pref($link, "_DEFAULT_VIEW_ORDER_BY", $order_by);
if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) {
db_query($link, "UPDATE ttrss_feeds SET last_viewed = NOW()
WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
}
$reply['headlines'] = array();
if (!$next_unread_feed)
$reply['headlines']['id'] = $feed;
else
$reply['headlines']['id'] = $next_unread_feed;
$reply['headlines']['is_cat'] = (bool) $cat_view;
$override_order = false;
if (get_pref($link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
$date_sort_field = "updated";
} else {
$date_sort_field = "date_entered";
}
switch ($order_by) {
case "date":
if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "$date_sort_field";
} else {
$override_order = "$date_sort_field DESC";
}
break;
case "title":
if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "title DESC, $date_sort_field";
} else {
$override_order = "title, $date_sort_field DESC";
}
break;
case "score":
if (get_pref($link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "score, $date_sort_field";
} else {
$override_order = "score DESC, $date_sort_field DESC";
}
break;
}
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info);
$ret = format_headlines_list($link, $feed, $subop,
$view_mode, $limit, $cat_view, $next_unread_feed, $offset,
$vgroup_last_feed, $override_order);
$topmost_article_ids = $ret[0];
$headlines_count = $ret[1];
$returned_feed = $ret[2];
$disable_cache = $ret[3];
$vgroup_last_feed = $ret[4];
// if ($_REQUEST["debug"]) print_r($ret);
$reply['headlines']['content'] =& $ret[5]['content'];
$reply['headlines']['toolbar'] =& $ret[5]['toolbar'];
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info);
$reply['headlines-info'] = array("count" => (int) $headlines_count,
"vgroup_last_feed" => $vgroup_last_feed,
"disable_cache" => (bool) $disable_cache);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info);
if (is_array($topmost_article_ids) && !get_pref($link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) {
$articles = array();
foreach ($topmost_article_ids as $id) {
array_push($articles, format_article($link, $id, false));
}
$reply['articles'] = $articles;
}
// if ($subop) {
// $reply['counters'] = getAllCounters($link, $omode, $feed);
// }
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info);
$reply['runtime-info'] = make_runtime_info($link);
print json_encode($reply);
break; // viewfeed
case "pref-feeds":
require_once "modules/pref-feeds.php";
module_pref_feeds($link);
break; // pref-feeds
case "pref-filters":
require_once "modules/pref-filters.php";
module_pref_filters($link);
break; // pref-filters
case "pref-labels":
require_once "modules/pref-labels.php";
module_pref_labels($link);
break; // pref-labels
case "pref-prefs":
require_once "modules/pref-prefs.php";
module_pref_prefs($link);
break; // pref-prefs
case "pref-users":
require_once "modules/pref-users.php";
module_pref_users($link);
break; // prefs-users
case "help":
require_once "modules/help.php";
module_help($link);
break; // help
case "dlg":
require_once "modules/popup-dialog.php";
module_popup_dialog($link);
break; // dlg
case "pref-instances":
require_once "modules/pref-instances.php";
module_pref_instances($link);
break; // pref-instances
case "digestTest":
print_r(prepare_headlines_digest($link, $_SESSION["uid"]));
break; // digestTest
case "digestSend":
send_headlines_digests($link);
break; // digestSend
case "loading":
header("Content-type: text/html");
print __("Loading, please wait...") . " " .
"<img src='images/indicator_tiny.gif'>";
break; // loading
default:
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
break; // fallback
} // Select action according to $op value.
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
// We close the connection to database.
db_close($link);

63
classes/article.php
Unescape Escape View File

@ -0,0 +1,63 @@
<?php
class Article extends Protected_Handler {
function redirect() {
$id = db_escape_string($_REQUEST['id']);
$result = db_query($this->link, "SELECT link FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND id = ref_id AND owner_uid = '".$_SESSION['uid']."'
LIMIT 1");
if (db_num_rows($result) == 1) {
$article_url = db_fetch_result($result, 0, 'link');
$article_url = str_replace("\n", "", $article_url);
header("Location: $article_url");
return;
} else {
print_error(__("Article not found."));
}
}
function view() {
$id = db_escape_string($_REQUEST["id"]);
$cids = explode(",", db_escape_string($_REQUEST["cids"]));
$mode = db_escape_string($_REQUEST["mode"]);
$omode = db_escape_string($_REQUEST["omode"]);
// in prefetch mode we only output requested cids, main article
// just gets marked as read (it already exists in client cache)
$articles = array();
if ($mode == "") {
array_push($articles, format_article($this->link, $id, false));
} else if ($mode == "zoom") {
array_push($articles, format_article($this->link, $id, true, true));
} else if ($mode == "raw") {
if ($_REQUEST['html']) {
header("Content-Type: text/html");
print '<link rel="stylesheet" type="text/css" href="tt-rss.css"/>';
}
$article = format_article($this->link, $id, false);
print $article['content'];
return;
}
catchupArticleById($this->link, $id, 0);
if (!$_SESSION["bw_limit"]) {
foreach ($cids as $cid) {
if ($cid) {
array_push($articles, format_article($this->link, $cid, false, false));
}
}
}
print json_encode($articles);
}
}

28
classes/backend.php
Unescape Escape View File

@ -0,0 +1,28 @@
<?php
class Backend extends Handler {
function loading() {
header("Content-type: text/html");
print __("Loading, please wait...") . " " .
"<img src='images/indicator_tiny.gif'>";
}
function digestSend() {
send_headlines_digests($this->link);
}
function help() {
$tid = (int) $_REQUEST["tid"];
if (file_exists("help/$tid.php")) {
include("help/$tid.php");
} else {
print "<p>".__("Help topic not found.")."</p>";
}
print "<div align='center'>
<button onclick=\"javascript:window.close()\">".
__('Close this window')."</button></div>";
}
}
?>

1089
classes/dlg.php
View File

File diff suppressed because it is too large Load Diff

187
classes/feeds.php
Unescape Escape View File

@ -0,0 +1,187 @@
<?php
class Feeds extends Protected_Handler {
function catchupAll() {
db_query($this->link, "UPDATE ttrss_user_entries SET
last_read = NOW(),unread = false WHERE owner_uid = " . $_SESSION["uid"]);
ccache_zero_all($this->link, $_SESSION["uid"]);
}
function collapse() {
$cat_id = db_escape_string($_REQUEST["cid"]);
$mode = (int) db_escape_string($_REQUEST['mode']);
toggle_collapse_cat($this->link, $cat_id, $mode);
}
function index() {
$root = (bool)$_REQUEST["root"];
if (!$root) {
print json_encode(outputFeedList($this->link));
} else {
$feeds = outputFeedList($this->link, false);
$root = array();
$root['id'] = 'root';
$root['name'] = __('Feeds');
$root['items'] = $feeds['items'];
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
}
}
function view() {
$timing_info = getmicrotime();
$reply = array();
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$omode = db_escape_string($_REQUEST["omode"]);
$feed = db_escape_string($_REQUEST["feed"]);
$method = db_escape_string($_REQUEST["m"]);
$view_mode = db_escape_string($_REQUEST["view_mode"]);
$limit = (int) get_pref($this->link, "DEFAULT_ARTICLE_LIMIT");
@$cat_view = db_escape_string($_REQUEST["cat"]) == "true";
@$next_unread_feed = db_escape_string($_REQUEST["nuf"]);
@$offset = db_escape_string($_REQUEST["skip"]);
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]);
$order_by = db_escape_string($_REQUEST["order_by"]);
if (is_numeric($feed)) $feed = (int) $feed;
/* Feed -5 is a special case: it is used to display auxiliary information
* when there's nothing to load - e.g. no stuff in fresh feed */
if ($feed == -5) {
print json_encode(generate_dashboard_feed($this->link));
return;
}
$result = false;
if ($feed < -10) {
$label_feed = -11-$feed;
$result = db_query($this->link, "SELECT id FROM ttrss_labels2 WHERE
id = '$label_feed' AND owner_uid = " . $_SESSION['uid']);
} else if (!$cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
} else if ($cat_view && is_numeric($feed) && $feed > 0) {
$result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE
id = '$feed' AND owner_uid = " . $_SESSION['uid']);
}
if ($result && db_num_rows($result) == 0) {
print json_encode(generate_error_feed($this->link, __("Feed not found.")));
return;
}
/* Updating a label ccache means recalculating all of the caches
* so for performance reasons we don't do that here */
if ($feed >= 0) {
ccache_update($this->link, $feed, $_SESSION["uid"], $cat_view);
}
set_pref($this->link, "_DEFAULT_VIEW_MODE", $view_mode);
set_pref($this->link, "_DEFAULT_VIEW_LIMIT", $limit);
set_pref($this->link, "_DEFAULT_VIEW_ORDER_BY", $order_by);
if (!$cat_view && preg_match("/^[0-9][0-9]*$/", $feed)) {
db_query($this->link, "UPDATE ttrss_feeds SET last_viewed = NOW()
WHERE id = '$feed' AND owner_uid = ".$_SESSION["uid"]);
}
$reply['headlines'] = array();
if (!$next_unread_feed)
$reply['headlines']['id'] = $feed;
else
$reply['headlines']['id'] = $next_unread_feed;
$reply['headlines']['is_cat'] = (bool) $cat_view;
$override_order = false;
if (get_pref($this->link, "SORT_HEADLINES_BY_FEED_DATE", $owner_uid)) {
$date_sort_field = "updated";
} else {
$date_sort_field = "date_entered";
}
switch ($order_by) {
case "date":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "$date_sort_field";
} else {
$override_order = "$date_sort_field DESC";
}
break;
case "title":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "title DESC, $date_sort_field";
} else {
$override_order = "title, $date_sort_field DESC";
}
break;
case "score":
if (get_pref($this->link, 'REVERSE_HEADLINES', $owner_uid)) {
$override_order = "score, $date_sort_field";
} else {
$override_order = "score DESC, $date_sort_field DESC";
}
break;
}
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("04", $timing_info);
$ret = format_headlines_list($this->link, $feed, $method,
$view_mode, $limit, $cat_view, $next_unread_feed, $offset,
$vgroup_last_feed, $override_order);
$topmost_article_ids = $ret[0];
$headlines_count = $ret[1];
$returned_feed = $ret[2];
$disable_cache = $ret[3];
$vgroup_last_feed = $ret[4];
$reply['headlines']['content'] =& $ret[5]['content'];
$reply['headlines']['toolbar'] =& $ret[5]['toolbar'];
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("05", $timing_info);
$reply['headlines-info'] = array("count" => (int) $headlines_count,
"vgroup_last_feed" => $vgroup_last_feed,
"disable_cache" => (bool) $disable_cache);
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("20", $timing_info);
if (is_array($topmost_article_ids) && !get_pref($this->link, 'COMBINED_DISPLAY_MODE') && !$_SESSION["bw_limit"]) {
$articles = array();
foreach ($topmost_article_ids as $id) {
array_push($articles, format_article($this->link, $id, false));
}
$reply['articles'] = $articles;
}
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("30", $timing_info);
$reply['runtime-info'] = make_runtime_info($this->link);
print json_encode($reply);
}
}
?>

19
classes/handler.php
Unescape Escape View File

@ -0,0 +1,19 @@
<?php
class Handler {
protected $link;
protected $args;
function __construct($link, $args) {
$this->link = $link;
$this->args = $args;
}
function before() {
return true;
}
function after() {
return true;
}
}
?>

1538
classes/pref_feeds.php
View File

File diff suppressed because it is too large Load Diff

570
classes/pref_filters.php
Unescape Escape View File

@ -0,0 +1,570 @@
<?php
class Pref_Filters extends Protected_Handler {
function filter_test($filter_type, $reg_exp,
$action_id, $action_param, $filter_param, $inverse, $feed_id) {
$result = db_query($this->link, "SELECT name FROM ttrss_filter_types WHERE
id = " . $filter_type);
$type_name = db_fetch_result($result, 0, "name");
$result = db_query($this->link, "SELECT name FROM ttrss_filter_actions WHERE
id = " . $action_id);
$action_name = db_fetch_result($result, 0, "name");
$filter["reg_exp"] = $reg_exp;
$filter["action"] = $action_name;
$filter["type"] = $type_name;
$filter["action_param"] = $action_param;
$filter["filter_param"] = $filter_param;
$filter["inverse"] = $inverse;
$filters[$type_name] = array($filter);
if ($feed_id)
$feed = $feed_id;
else
$feed = -4;
$feed_title = getFeedTitle($this->link, $feed);
$qfh_ret = queryFeedHeadlines($this->link, $feed,
30, "", false, false, false,
false, "date_entered DESC", 0, $_SESSION["uid"], $filter);
$result = $qfh_ret[0];
$articles = array();
$found = 0;
print __("Articles matching this filter:");
print "<div class=\"inactiveFeedHolder\">";
print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">";
while ($line = db_fetch_assoc($result)) {
$entry_timestamp = strtotime($line["updated"]);
$entry_tags = get_article_tags($this->link, $line["id"], $_SESSION["uid"]);
$content_preview = truncate_string(
strip_tags($line["content_preview"]), 100, '...');
if ($line["feed_title"])
$feed_title = $line["feed_title"];
print "<tr>";
print "<td width='5%' align='center'><input
dojoType=\"dijit.form.CheckBox\" checked=\"1\"
disabled=\"1\" type=\"checkbox\"></td>";
print "<td>";
print $line["title"];
print "&nbsp;(";
print "<b>" . $feed_title . "</b>";
print "):&nbsp;";
print "<span class=\"insensitive\">" . $content_preview . "</span>";
print " " . mb_substr($line["date_entered"], 0, 16);
print "</td></tr>";
$found++;
}
if ($found == 0) {
print "<tr><td align='center'>" .
__("No articles matching this filter has been found.") . "</td></tr>";
}
print "</table>";
print "</div>";
}
function getfiltertree() {
$root = array();
$root['id'] = 'root';
$root['name'] = __('Filters');
$root['items'] = array();
$result = db_query($this->link, "SELECT
ttrss_filters.id AS id,reg_exp,
ttrss_filter_types.name AS filter_type_name,
ttrss_filter_types.description AS filter_type_descr,
enabled,
inverse,
feed_id,
action_id,
filter_param,
filter_type,
ttrss_filter_actions.description AS action_description,
ttrss_feeds.title AS feed_title,
ttrss_filter_actions.name AS action_name,
ttrss_filters.action_param AS action_param
FROM
ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
WHERE
filter_type = ttrss_filter_types.id AND
ttrss_filter_actions.id = action_id AND
ttrss_filters.owner_uid = ".$_SESSION["uid"]."
ORDER by action_description, reg_exp");
$cat = false;
$cur_action_description = "";
if (db_num_rows($result) > 0) {
while ($line = db_fetch_assoc($result)) {
if ($cur_action_description != $line['action_description']) {
if ($cat)
array_push($root['items'], $cat);
$cat = array();
$cat['id'] = 'ACTION:' . $line['action_id'];
$cat['name'] = $line['action_description'];
$cat['items'] = array();
$cur_action_description = $line['action_description'];
}
if (array_search($line["action_name"],
array("score", "tag", "label")) === false) {
$line["action_param"] = '';
} else {
if ($line['action_name'] == 'label') {
$tmp_result = db_query($this->link, "SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".
db_escape_string($line["action_param"])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($tmp_result) != 0) {
$fg_color = db_fetch_result($tmp_result, 0, "fg_color");
$bg_color = db_fetch_result($tmp_result, 0, "bg_color");
$tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
$line['action_param'] = $tmp;
}
}
}
$filter = array();
$filter['id'] = 'FILTER:' . $line['id'];
$filter['bare_id'] = $line['id'];
$filter['name'] = $line['reg_exp'];
$filter['type'] = $line['filter_type'];
$filter['enabled'] = sql_bool_to_bool($line['enabled']);
$filter['param'] = $line['action_param'];
$filter['inverse'] = sql_bool_to_bool($line['inverse']);
$filter['checkbox'] = false;
if ($line['feed_id'])
$filter['feed'] = $line['feed_title'];
array_push($cat['items'], $filter);
}
array_push($root['items'], $cat);
}
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
return;
}
function edit() {
$filter_id = db_escape_string($_REQUEST["id"]);
$result = db_query($this->link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
$filter_type = db_fetch_result($result, 0, "filter_type");
$feed_id = db_fetch_result($result, 0, "feed_id");
$action_id = db_fetch_result($result, 0, "action_id");
$action_param = db_fetch_result($result, 0, "action_param");
$filter_param = db_fetch_result($result, 0, "filter_param");
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled"));
$inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
$result = db_query($this->link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = __($line["description"]);
}
print "<div class=\"dlgSec\">".__("Match")."</div>";
print "<div class=\"dlgSecCont\">";
if ($filter_type != 5) {
$date_ops_invisible = 'style="display : none"';
}
print "<span id=\"filterDlg_dateModBox\" $date_ops_invisible>";
print __("Date") . " ";
$filter_params = array(
"before" => __("before"),
"after" => __("after"));
print_select_hash("filter_date_modifier", $filter_param,
$filter_params, 'dojoType="dijit.form.Select"');
print "&nbsp;</span>";
print "<input dojoType=\"dijit.form.ValidationTextBox\"
required=\"1\"
name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
__('Check it')."</button>";
print "</span>";
print "<hr/> " . __("on field") . " ";
print_select_hash("filter_type", $filter_type, $filter_types,
'onchange="filterDlgCheckType(this)" dojoType="dijit.form.Select"');
print "<hr/>";
print __("in") . " ";
print_feed_select($this->link, "feed_id", $feed_id,
'dojoType="dijit.form.FilteringSelect"');
print "</div>";
print "<div class=\"dlgSec\">".__("Perform Action")."</div>";
print "<div class=\"dlgSecCont\">";
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
$result = db_query($this->link, "SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
while ($line = db_fetch_assoc($result)) {
$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
}
print "</select>";
$param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
print "<span id=\"filterDlg_paramBox\" style=\"$param_hidden\">";
print " " . __("with parameters:") . " ";
$param_int_hidden = ($action_id != 7) ? "" : "display : none";
print "<input style=\"$param_int_hidden\"
dojoType=\"dijit.form.TextBox\" id=\"filterDlg_actionParam\"
name=\"action_param\" value=\"$action_param\">";
$param_int_hidden = ($action_id == 7) ? "" : "display : none";
print_label_select($this->link, "action_param_label", $action_param,
"style=\"$param_int_hidden\"" .
'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
print "</span>";
print "&nbsp;"; // tiny layout hack
print "</div>";
print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">";
print "<div style=\"line-height : 100%\">";
if ($enabled) {
$checked = "checked=\"1\"";
} else {
$checked = "";
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
<label for=\"enabled\">".__('Enabled')."</label><hr/>";
if ($inverse) {
$checked = "checked=\"1\"";
} else {
$checked = "";
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse match')."</label>";
print "</div>";
print "</div>";
print "<div class=\"dlgButtons\">";
print "<div style=\"float : left\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
__('Remove')."</button>";
print "</div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
__('Test')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
__('Save')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
}
function editSave() {
global $memcache;
if ($memcache) $memcache->flush();
$savemode = db_escape_string($_REQUEST["savemode"]);
$reg_exp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$filter_id = db_escape_string($_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
if (!$feed_id) {
$feed_id = 'NULL';
} else {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
if ($savemode != "test") {
$result = db_query($this->link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
feed_id = $feed_id,
action_id = '$action_id',
filter_type = '$filter_type',
enabled = $enabled,
inverse = $inverse,
action_param = '$action_param',
filter_param = '$filter_param'
WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
} else {
$this->filter_test($filter_type, $reg_exp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('filterTestDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
}
function remove() {
if ($memcache) $memcache->flush();
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
}
}
function add() {
if ($memcache) $memcache->flush();
$savemode = db_escape_string($_REQUEST["savemode"]);
$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
if (!$regexp) return;
if (!$feed_id) {
$feed_id = 'NULL';
} else {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
if ($savemode != "test") {
$result = db_query($this->link,
"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
action_id, action_param, inverse, filter_param)
VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."',
$feed_id, '$action_id', '$action_param', $inverse,
'$filter_param')");
if (db_affected_rows($this->link, $result) != 0) {
print T_sprintf("Created filter <b>%s</b>", htmlspecialchars($regexp));
}
} else {
filter_test($this->link, $filter_type, $regexp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('filterTestDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
}
function index() {
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
$result = db_query($this->link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = $line["description"];
}
$filter_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
} else {
$filter_search = $_SESSION["prefs_filter_search"];
}
print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
__('Create filter')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
__('Edit')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
__('Remove')."</button> ";
if (defined('_ENABLE_FEED_DEBUGGING')) {
print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
__('Rescore articles')."</button> ";
}
print "</div>"; # toolbar
print "</div>"; # toolbar-frame
print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"filterlistLoading\">
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
url=\"backend.php?op=pref-filters&method=getfiltertree\">
</div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div>
<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
model=\"filterModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"filterlistLoading\");
</script>
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
var bare_id = id.substr(id.indexOf(':')+1);
if (id.match('FILTER:')) {
editFilter(bare_id);
}
</script>
</div>";
print "</div>"; #pane
print "</div>"; #container
}
}
?>

164
modules/pref-instances.php → classes/pref_instances.php
Unescape Escape View File

@ -1,117 +1,116 @@
<?php
function module_pref_instances($link) {
class Pref_Instances extends Protected_Handler {
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
print __("Your access level is insufficient to open this tab.");
return;
}
$subop = $_REQUEST['subop'];
if ($subop == "remove") {
$ids = db_escape_string($_REQUEST['ids']);
db_query($link, "DELETE FROM ttrss_linked_instances WHERE
id IN ($ids)");
return;
function before() {
if (parent::before()) {
if ($_SESSION["access_level"] < 10) {
print __("Your access level is insufficient to open this tab.");
return false;
}
return true;
}
return false;
}
if ($subop == "add") {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
function remove() {
$ids = db_escape_string($_REQUEST['ids']);
db_query($link, "BEGIN");
db_query($this->link, "DELETE FROM ttrss_linked_instances WHERE
id IN ($ids)");
}
$result = db_query($link, "SELECT id FROM ttrss_linked_instances
WHERE access_url = '$access_url'");
function add() {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
if (db_num_rows($result) == 0) {
db_query($link, "INSERT INTO ttrss_linked_instances
(access_url, access_key, last_connected, last_status_in, last_status_out)
VALUES
('$access_url', '$access_key', '1970-01-01', -1, -1)");
db_query($this->link, "BEGIN");
}
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
WHERE access_url = '$access_url'");
db_query($link, "COMMIT");
if (db_num_rows($result) == 0) {
db_query($this->link, "INSERT INTO ttrss_linked_instances
(access_url, access_key, last_connected, last_status_in, last_status_out)
VALUES
('$access_url', '$access_key', '1970-01-01', -1, -1)");
return;
}
if ($subop == "edit") {
db_query($this->link, "COMMIT");
}
$id = db_escape_string($_REQUEST["id"]);
function edit() {
$id = db_escape_string($_REQUEST["id"]);
$result = db_query($link, "SELECT * FROM ttrss_linked_instances WHERE
id = '$id'");
$result = db_query($this->link, "SELECT * FROM ttrss_linked_instances WHERE
id = '$id'");
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-instances\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-instances\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
print "<div class=\"dlgSec\">".__("Instance")."</div>";
print "<div class=\"dlgSec\">".__("Instance")."</div>";
print "<div class=\"dlgSecCont\">";
print "<div class=\"dlgSecCont\">";
/* URL */
/* URL */
$access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url"));
$access_url = htmlspecialchars(db_fetch_result($result, 0, "access_url"));
print __("URL:") . " ";
print __("URL:") . " ";
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Instance URL")."\"
regExp='^(http|https)://.*'
style=\"font-size : 16px; width: 20em\" name=\"access_url\"
value=\"$access_url\">";
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Instance URL")."\"
regExp='^(http|https)://.*'
style=\"font-size : 16px; width: 20em\" name=\"access_url\"
value=\"$access_url\">";
print "<hr/>";
print "<hr/>";
$access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key"));
$access_key = htmlspecialchars(db_fetch_result($result, 0, "access_key"));
/* Access key */
/* Access key */
print __("Access key:") . " ";
print __("Access key:") . " ";
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Access key")."\" regExp='\w{40}'
style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\"
value=\"$access_key\">";
print "<input dojoType=\"dijit.form.ValidationTextBox\" required=\"1\"
placeHolder=\"".__("Access key")."\" regExp='\w{40}'
style=\"width: 20em\" name=\"access_key\" id=\"instance_edit_key\"
value=\"$access_key\">";
print "<p class='insensitive'>" . __("Use one access key for both linked instances.");
print "<p class='insensitive'>" . __("Use one access key for both linked instances.");
print "</div>";
print "</div>";
print "<div class=\"dlgButtons\">
<div style='float : left'>
<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">".
__('Generate new key')."</button>
</div>
print "<div class=\"dlgButtons\">
<div style='float : left'>
<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('instanceEditDlg').execute()\">".
__('Save')."</button>
<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">".
__('Cancel')."</button></div>";
onclick=\"return dijit.byId('instanceEditDlg').regenKey()\">".
__('Generate new key')."</button>
</div>
<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('instanceEditDlg').execute()\">".
__('Save')."</button>
<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('instanceEditDlg').hide()\"\">".
__('Cancel')."</button></div>";
return;
}
}
if ($subop == "editSave") {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
function editSave() {
$id = db_escape_string($_REQUEST["id"]);
$access_url = db_escape_string($_REQUEST["access_url"]);
$access_key = db_escape_string($_REQUEST["access_key"]);
db_query($link, "UPDATE ttrss_linked_instances SET
access_key = '$access_key', access_url = '$access_url',
last_connected = '1970-01-01'
WHERE id = '$id'");
db_query($this->link, "UPDATE ttrss_linked_instances SET
access_key = '$access_key', access_url = '$access_url',
last_connected = '1970-01-01'
WHERE id = '$id'");
return;
}
}
function index() {
if (!function_exists('curl_init')) {
print "<div style='padding : 1em'>";
@ -145,7 +144,7 @@
print "</div>"; #toolbar
$result = db_query($link, "SELECT *,
$result = db_query($this->link, "SELECT *,
(SELECT COUNT(*) FROM ttrss_linked_feeds
WHERE instance_id = ttrss_linked_instances.id) AS num_feeds
FROM ttrss_linked_instances
@ -173,7 +172,7 @@
$id = $line['id'];
$this_row_id = "id=\"LIRR-$id\"";
$line["last_connected"] = make_local_datetime($link, $line["last_connected"], false);
$line["last_connected"] = make_local_datetime($this->link, $line["last_connected"], false);
print "<tr class=\"$class\" $this_row_id>";
@ -201,4 +200,5 @@
print "</div>"; #container
}
}
?>

320
classes/pref_labels.php
Unescape Escape View File

@ -0,0 +1,320 @@
<?php
class Pref_Labels extends Protected_Handler {
function edit() {
$label_id = db_escape_string($_REQUEST['id']);
$result = db_query($this->link, "SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$line = db_fetch_assoc($result);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"save\">";
print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "<div class=\"dlgSecCont\">";
$fg_color = $line['fg_color'];
$bg_color = $line['bg_color'];
print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>";
print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">";
print "</div>";
print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
print "<div class=\"dlgSecCont\">";
print "<table cellspacing=\"0\">";
print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
"</td></tr>";
print "<tr><td style='padding-right : 10px'>";
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">";
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">";
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color});
</script>
</div>";
print "</div>";
print "</td><td>";
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script>
</div>";
print "</div>";
print "</td></tr></table>";
print "</div>";
# print "</form>";
print "<div class=\"dlgButtons\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
__('Save')."</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
return;
}
function getlabeltree() {
$root = array();
$root['id'] = 'root';
$root['name'] = __('Labels');
$root['items'] = array();
$result = db_query($this->link, "SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
ORDER BY caption");
while ($line = db_fetch_assoc($result)) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
$label['name'] = $line['caption'];
$label['fg_color'] = $line['fg_color'];
$label['bg_color'] = $line['bg_color'];
$label['type'] = 'label';
$label['checkbox'] = false;
array_push($root['items'], $label);
}
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
return;
}
function colorset() {
$kind = db_escape_string($_REQUEST["kind"]);
$ids = split(',', db_escape_string($_REQUEST["ids"]));
$color = db_escape_string($_REQUEST["color"]);
$fg = db_escape_string($_REQUEST["fg"]);
$bg = db_escape_string($_REQUEST["bg"]);
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
db_query($this->link, "UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query($this->link, "UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
$caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
db_query($this->link, "UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
return;
}
function colorreset() {
$ids = split(',', db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($this->link, "UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$caption = db_escape_string(label_find_caption($this->link, $id, $_SESSION["uid"]));
/* Remove cached data */
db_query($this->link, "UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
}
function save() {
$id = db_escape_string($_REQUEST["id"]);
$caption = db_escape_string(trim($_REQUEST["caption"]));
db_query($this->link, "BEGIN");
$result = db_query($this->link, "SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$old_caption = db_fetch_result($result, 0, "caption");
$result = db_query($this->link, "SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
if ($caption) {
$result = db_query($this->link, "UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
/* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption);
db_query($this->link, "UPDATE ttrss_filters SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7
AND owner_uid = " . $_SESSION["uid"]);
print $_REQUEST["value"];
} else {
print $old_caption;
}
} else {
print $old_caption;
}
}
db_query($this->link, "COMMIT");
return;
}
function remove() {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove($this->link, $id, $_SESSION["uid"]);
}
}
function add() {
$caption = db_escape_string($_REQUEST["caption"]);
$output = db_escape_string($_REQUEST["output"]);
if ($caption) {
if (label_create($this->link, $caption)) {
if (!$output) {
print T_sprintf("Created label <b>%s</b>", htmlspecialchars($caption));
}
}
if ($output == "select") {
header("Content-Type: text/xml");
print "<rpc-reply><payload>";
print_label_select($this->link, "select_label",
$caption, "");
print "</payload></rpc-reply>";
}
}
return;
}
function index() {
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
$label_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;
} else {
$label_search = $_SESSION["prefs_label_search"];
}
print "<div id=\"pref-label-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-label-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-label-toolbar\" dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print"<button dojoType=\"dijit.form.Button\" onclick=\"return addLabel()\">".
__('Create label')."</button dojoType=\"dijit.form.Button\"> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedLabels()\">".
__('Remove')."</button dojoType=\"dijit.form.Button\"> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"labelColorReset()\">".
__('Clear colors')."</button dojoType=\"dijit.form.Button\">";
print "</div>"; #toolbar
print "</div>"; #pane
print "<div id=\"pref-label-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"labellistLoading\">
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"labelStore\"
url=\"backend.php?op=pref-labels&method=getlabeltree\">
</div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"labelModel\" store=\"labelStore\"
query=\"{id:'root'}\" rootId=\"root\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div>
<div dojoType=\"fox.PrefLabelTree\" id=\"labelTree\"
model=\"labelModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"labellistLoading\");
</script>
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
var bare_id = id.substr(id.indexOf(':')+1);
if (id.match('LABEL:')) {
editLabel(bare_id);
}
</script>
</div>";
print "</div>"; #pane
print "</div>"; #container
}
}
?>

493
classes/pref_prefs.php
Unescape Escape View File

@ -0,0 +1,493 @@
<?php
class Pref_Prefs extends Protected_Handler {
function changepassword() {
$old_pw = $_POST["old_password"];
$new_pw = $_POST["new_password"];
$con_pw = $_POST["confirm_password"];
if ($old_pw == "") {
print "ERROR: ".__("Old password cannot be blank.");
return;
}
if ($new_pw == "") {
print "ERROR: ".__("New password cannot be blank.");
return;
}
if ($new_pw != $con_pw) {
print "ERROR: ".__("Entered passwords do not match.");
return;
}
$old_pw_hash1 = encrypt_password($old_pw);
$old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
pwd_hash = '$old_pw_hash2')");
if (db_num_rows($result) == 1) {
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
WHERE id = '$active_uid'");
$_SESSION["pwd_hash"] = $new_pw_hash;
print __("Password has been changed.");
} else {
print "ERROR: ".__('Old password is incorrect.');
}
}
return;
}
function saveconfig() {
$_SESSION["prefs_cache"] = false;
$orig_theme = get_pref($this->link, "_THEME_ID");
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
set_pref($this->link, $pref_name, $value);
}
if ($orig_theme != get_pref($this->link, "_THEME_ID")) {
print "PREFS_THEME_CHANGED";
} else {
print __("The configuration was saved.");
}
}
function getHelp() {
$pref_name = db_escape_string($_REQUEST["pn"]);
$result = db_query($this->link, "SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
if (db_num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text");
print $help_text;
} else {
printf(__("Unknown option: %s"), $pref_name);
}
}
function changeemail() {
$email = db_escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
db_query($this->link, "UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved.");
return;
}
function resetconfig() {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
if ($_SESSION["profile"]) {
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
$profile_qpart = "profile IS NULL";
}
db_query($this->link, "DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
print "PREFS_THEME_CHANGED";
}
function index() {
global $access_level_names;
$prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD",
"STRIP_UNSAFE_TAGS");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
"BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
"SSL_CERT_SERIAL");
if (!SINGLE_USER_MODE) {
$_SESSION["prefs_op_result"] = "";
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
notify_progress('Saving data...', true);
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
notify_callback2(transport);
} });
}
</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
$result = db_query($this->link, "SELECT email,full_name,
access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
value=\"$full_name\"></td></tr>";
print "<tr><td width=\"40%\">".__('E-mail')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
if (!SINGLE_USER_MODE) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changeemail\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Save data")."</button>";
print "</form>";
print "</div>"; # pane
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
}
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
notify_progress('Changing password...', true);
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
notify('');
if (transport.responseText.indexOf('ERROR: ') == 0) {
notify_error(transport.responseText.replace('ERROR: ', ''));
} else {
notify_info(transport.responseText);
var warn = $('default_pass_warning');
if (warn) Element.hide(warn);
}
}});
this.reset();
}
</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">".__("Old password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
print "<tr><td width=\"40%\">".__("New password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
name=\"new_password\"></td></tr>";
print "<tr><td width=\"40%\">".__("Confirm password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"changepassword\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Change password")."</button>";
print "</form>";
print "</div>"; #pane
}
print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"".__('Preferences')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
console.log(dojo.objectToQuery(this.getValues()));
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
var msg = transport.responseText;
if (msg.match('PREFS_THEME_CHANGED')) {
window.location.reload();
} else {
notify_info(msg);
}
} });
}
</script>";
print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) {
print_notice("Some preferences are only available in default profile.");
}
if ($_SESSION["profile"]) {
initialize_user_prefs($this->link, $_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($this->link, $_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
$result = db_query($this->link, "SELECT
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value,section_id
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
WHERE type_id = ttrss_prefs_types.id AND
$profile_qpart AND
section_id = ttrss_prefs_sections.id AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
short_desc != '' AND
owner_uid = ".$_SESSION["uid"]."
ORDER BY section_id,short_desc");
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"],
$profile_blacklist)) {
continue;
}
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table>";
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
if ($line["section_id"] == 2) {
print "<tr><td width=\"40%\">".__("Select theme")."</td>";
$user_theme = get_pref($this->link, "_THEME_ID");
$themes = get_all_themes();
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
print "<option value='Default'>".__('Default')."</option>";
print "<option value='----------------' disabled=\"1\">--------</option>";
foreach ($themes as $t) {
$base = $t['base'];
$name = $t['name'];
if ($base == $user_theme) {
$selected = "selected=\"1\"";
} else {
$selected = "";
}
print "<option $selected value='$base'>$name</option>";
}
print "</select></td></tr>";
}
$lnum = 0;
}
print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
$help_text = $line["help_text"];
print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "USER_TIMEZONE") {
$timezones = explode("\n", file_get_contents("lib/timezones.txt"));
print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
} else if ($pref_name == "USER_STYLESHEET") {
print "<button dojoType=\"dijit.form.Button\"
onclick=\"customizeCSS()\">" . __('Customize') . "</button>";
} else if ($pref_name == "DEFAULT_ARTICLE_LIMIT") {
$limits = array(15, 30, 45, 60);
print_select($pref_name, $value, $limits,
'dojoType="dijit.form.Select"');
} else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault,
'dojoType="dijit.form.Select"');
} else if ($type_name == "bool") {
if ($value == "true") {
$value = __("Yes");
} else {
$value = __("No");
}
if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = __("Yes");
} else {
$disabled = "";
}
print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")),
$disabled);
} else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT',
'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = FORCE_ARTICLE_PURGE;
} else {
$disabled = "";
}
print "<input dojoType=\"dijit.form.ValidationTextBox\"
required=\"1\" $regexp $disabled
name=\"$pref_name\" value=\"$value\">";
} else if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\"
id=\"SSL_CERT_SERIAL\" readonly=\"1\"
name=\"$pref_name\" value=\"$value\">";
$cert_serial = htmlspecialchars(get_ssl_certificate_id());
$has_serial = ($cert_serial) ? "false" : "true";
print " <button dojoType=\"dijit.form.Button\" disabled=\"$has_serial\"
onclick=\"insertSSLserial('$cert_serial')\">" .
__('Register') . "</button>";
print " <button dojoType=\"dijit.form.Button\"
onclick=\"insertSSLserial('')\">" .
__('Clear') . "</button>";
} else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
print "<input dojoType=\"dijit.form.ValidationTextBox\"
$regexp
name=\"$pref_name\" value=\"$value\">";
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
print '</div>'; # inside pane
print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"saveconfig\">";
print "<button dojoType=\"dijit.form.Button\" type=\"submit\">".
__('Save configuration')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
__('Manage profiles')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
__('Reset to defaults')."</button>";
print '</div>'; # inner pane
print '</div>'; # border container
print "</form>";
print "</div>"; #pane
print "</div>"; #container
}
}
?>

483
classes/pref_users.php
Unescape Escape View File

@ -0,0 +1,483 @@
<?php
class Pref_Users extends Protected_Handler {
function before() {
if (parent::before()) {
if ($_SESSION["access_level"] < 10) {
print __("Your access level is insufficient to open this tab.");
return false;
}
return true;
}
return false;
}
function userdetails() {
header("Content-Type: text/xml");
print "<dlg>";
$uid = sprintf("%d", $_REQUEST["id"]);
print "<title>".__('User details')."</title>";
print "<content><![CDATA[";
$result = db_query($this->link, "SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries
WHERE owner_uid = id) AS stored_articles,
".SUBSTRING_FOR_DATE."(created,1,16) AS created
FROM ttrss_users
WHERE id = '$uid'");
if (db_num_rows($result) == 0) {
print "<h1>".__('User not found')."</h1>";
return;
}
// print "<h1>User Details</h1>";
$login = db_fetch_result($result, 0, "login");
print "<table width='100%'>";
$last_login = make_local_datetime($this->link,
db_fetch_result($result, 0, "last_login"), true);
$created = make_local_datetime($this->link,
db_fetch_result($result, 0, "created"), true);
$access_level = db_fetch_result($result, 0, "access_level");
$stored_articles = db_fetch_result($result, 0, "stored_articles");
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
$result = db_query($this->link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds
WHERE owner_uid = '$uid'");
$num_feeds = db_fetch_result($result, 0, "num_feeds");
print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
print "</table>";
print "<h1>".__('Subscribed feeds')."</h1>";
$result = db_query($this->link, "SELECT id,title,site_url FROM ttrss_feeds
WHERE owner_uid = '$uid' ORDER BY title");
print "<ul class=\"userFeedList\">";
$row_class = "odd";
while ($line = db_fetch_assoc($result)) {
$icon_file = ICONS_URL."/".$line["id"].".ico";
if (file_exists($icon_file) && filesize($icon_file) > 0) {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
} else {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
}
print "<li class=\"$row_class\">$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
$row_class = $row_class == "even" ? "odd" : "even";
}
if (db_num_rows($result) < $num_feeds) {
// FIXME - add link to show ALL subscribed feeds here somewhere
print "<li><img
class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
}
print "</ul>";
print "<div align='center'>
<button onclick=\"closeInfoBox()\">".__("Close this window").
"</button></div>";
print "]]></content></dlg>";
return;
}
function edit() {
global $access_level_names;
header("Content-Type: text/xml");
$id = db_escape_string($_REQUEST["id"]);
print "<dlg id=\"$method\">";
print "<title>".__('User Editor')."</title>";
print "<content><![CDATA[";
print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"method\" value=\"editSave\">";
$result = db_query($this->link, "SELECT * FROM ttrss_users WHERE id = '$id'");
$login = db_fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level");
$email = db_fetch_result($result, 0, "email");
$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
print "<div class=\"dlgSec\">".__("User")."</div>";
print "<div class=\"dlgSecCont\">";
if ($sel_disabled) {
print "<input type=\"hidden\" name=\"login\" value=\"$login\">";
print "<input size=\"30\" style=\"font-size : 16px\"
onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
value=\"$login\">";
} else {
print "<input size=\"30\" style=\"font-size : 16px\"
onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
name=\"login\" value=\"$login\">";
}
print "</div>";
print "<div class=\"dlgSec\">".__("Authentication")."</div>";
print "<div class=\"dlgSecCont\">";
print __('Access level: ') . " ";
if (!$sel_disabled) {
print_select_hash("access_level", $access_level, $access_level_names,
$sel_disabled);
} else {
print_select_hash("", $access_level, $access_level_names,
$sel_disabled);
print "<input type=\"hidden\" name=\"access_level\" value=\"$access_level\">";
}
print "<br/>";
print __('Change password to') .
" <input size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"
name=\"password\">";
print "</div>";
print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">";
print __('E-mail: ').
" <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"
value=\"$email\">";
print "</div>";
print "</table>";
print "</form>";
print "<div class=\"dlgButtons\">
<button onclick=\"return userEditSave()\">".
__('Save')."</button>
<button onclick=\"return userEditCancel()\">".
__('Cancel')."</button></div>";
print "]]></content></dlg>";
return;
}
function editSave() {
$login = db_escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string(trim($_REQUEST["email"]));
$password = db_escape_string(trim($_REQUEST["password"]));
if ($password) {
$pwd_hash = encrypt_password($password, $login);
$pass_query_part = "pwd_hash = '$pwd_hash', ";
} else {
$pass_query_part = "";
}
db_query($this->link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email' WHERE id = '$uid'");
}
function remove() {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
db_query($this->link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query($this->link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query($this->link, "DELETE FROM ttrss_users WHERE id = '$id'");
}
}
}
function add() {
$login = db_escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) == 0) {
db_query($this->link, "INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created)
VALUES ('$login', '$pwd_hash', 0, null, NOW())");
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id");
print format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd));
initialize_user($this->link, $new_uid);
} else {
print format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
}
} else {
print format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
}
}
function resetPass() {
$uid = db_escape_string($_REQUEST["id"]);
$result = db_query($this->link, "SELECT login,email
FROM ttrss_users WHERE id = '$uid'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
db_query($this->link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
WHERE id = '$uid'");
print T_sprintf("Changed password of user <b>%s</b>
to <b>%s</b>", $login, $tmp_user_pwd);
require_once 'lib/phpmailer/class.phpmailer.php';
if ($email) {
print " ";
print T_sprintf("Notifying <b>%s</b>.", $email);
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator;
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = DIGEST_FROM_ADDRESS;
$mail->FromName = DIGEST_FROM_NAME;
$mail->AddAddress($email, $login);
if (DIGEST_SMTP_HOST) {
$mail->Host = DIGEST_SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
$mail->Username = DIGEST_SMTP_LOGIN;
$mail->Password = DIGEST_SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = __("[tt-rss] Password change notification");
$mail->Body = $message;
$rc = $mail->Send();
if (!$rc) print_error($mail->ErrorInfo);
}
print "</div>";
}
function index() {
global $access_level_names;
print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
$user_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
} else {
$user_search = $_SESSION["prefs_user_search"];
}
print "<div style='float : right; padding-right : 4px;'>
<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
value=\"$user_search\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
__('Search')."</button>
</div>";
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
}
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";
print "
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
__('Details')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
__('Edit')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
__('Remove')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
__('Reset password')."</button dojoType=\"dijit.form.Button\">";
print "</div>"; #toolbar
print "</div>"; #pane
print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"sticky-status-msg\"></div>";
if ($user_search) {
$user_search = split(" ", $user_search);
$tokens = array();
foreach ($user_search as $token) {
$token = trim($token);
array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
}
$user_search_query = "(" . join($tokens, " AND ") . ") AND ";
} else {
$user_search_query = "";
}
$result = db_query($this->link, "SELECT
id,login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
".SUBSTRING_FOR_DATE."(created,1,16) as created
FROM
ttrss_users
WHERE
$user_search_query
id > 0
ORDER BY $sort");
if (db_num_rows($result) > 0) {
print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">";
print "<tr class=\"title\">
<td align='center' width=\"5%\">&nbsp;</td>
<td width=''><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
$uid = $line["id"];
print "<tr class=\"$class\" id=\"UMRR-$uid\">";
$line["login"] = htmlspecialchars($line["login"]);
$line["created"] = make_local_datetime($this->link, $line["created"], false);
$line["last_login"] = make_local_datetime($this->link, $line["last_login"], false);
print "<td align='center'><input onclick='toggleSelectRow(this);'
type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
print "<td $onclick>" . $line["login"] . "</td>";
if (!$line["email"]) $line["email"] = "&nbsp;";
print "<td $onclick>" . $access_level_names[$line["access_level"]] . "</td>";
print "<td $onclick>" . $line["created"] . "</td>";
print "<td $onclick>" . $line["last_login"] . "</td>";
print "</tr>";
++$lnum;
}
print "</table>";
} else {
print "<p>";
if (!$user_search) {
print_warning(__('No users defined.'));
} else {
print_warning(__('No matching users found.'));
}
print "</p>";
}
print "</div>"; #pane
print "</div>"; #container
}
}
?>

8
classes/protected_handler.php
Unescape Escape View File

@ -0,0 +1,8 @@
<?php
class Protected_Handler extends Handler {
function before() {
return parent::before() && $_SESSION['uid'];
}
}
?>

210
classes/public_handler.php
Unescape Escape View File

@ -0,0 +1,210 @@
<?php
class Public_Handler extends Handler {
function getUnread() {
$login = db_escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query($this->link, "SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id");
print getGlobalUnread($this->link, $uid);
if ($fresh) {
print ";";
print getFeedArticles($this->link, -3, false, true, $uid);
}
} else {
print "-1;User not found";
}
}
function getProfiles() {
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($this->link, $login, $password)) {
$result = db_query($this->link, "SELECT * FROM ttrss_settings_profiles
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
print "<select style='width: 100%' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) {
$id = $line["id"];
$title = $line["title"];
print "<option value='$id'>$title</option>";
}
print "</select>";
$_SESSION = array();
}
}
function pubsub() {
$mode = db_escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
return;
}
// TODO: implement hub_verifytoken checking
$result = db_query($this->link, "SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'");
if (db_num_rows($result) != 0) {
$check_feed_url = db_fetch_result($result, 0, "feed_url");
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") {
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if ($mode == "unsubscribe") {
db_query($this->link, "UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'");
print $_REQUEST['hub_challenge'];
return;
} else if (!$mode) {
// Received update ping, schedule feed update.
//update_rss_feed($this->link, $feed_id, true, true);
db_query($this->link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id'");
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
}
function logout() {
logout_user();
header("Location: index.php");
}
function fbexport() {
$access_key = db_escape_string($_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($this->link, "SELECT id FROM ttrss_linked_instances
WHERE access_key = '$access_key'");
if (db_num_rows($result) == 1) {
$instance_id = db_fetch_result($result, 0, "id");
$result = db_query($this->link, "SELECT feed_url, site_url, title, subscribers
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
$feeds = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds, $line);
}
db_query($this->link, "UPDATE ttrss_linked_instances SET
last_status_in = 1 WHERE id = '$instance_id'");
print json_encode(array("feeds" => $feeds));
} else {
print json_encode(array("error" => array("code" => 6)));
}
}
function share() {
$uuid = db_escape_string($_REQUEST["key"]);
$result = db_query($this->link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
if (db_num_rows($result) != 0) {
header("Content-Type: text/html");
$id = db_fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$_SESSION["uid"] = $owner_uid;
$article = format_article($this->link, $id, false, true);
$_SESSION["uid"] = "";
print_r($article['content']);
} else {
print "Article not found.";
}
}
function rss() {
header("Content-Type: text/xml; charset=utf-8");
$feed = db_escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string($_REQUEST["limit"]);
$search = db_escape_string($_REQUEST["q"]);
$match_on = db_escape_string($_REQUEST["m"]);
$search_mode = db_escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]);
if (SINGLE_USER_MODE) {
authenticate_user($this->link, "admin", null);
}
$owner_id = false;
if ($key) {
$result = db_query($this->link, "SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1)
$owner_id = db_fetch_result($result, 0, "owner_uid");
}
if ($owner_id) {
$_SESSION['uid'] = $owner_id;
generate_syndicated_feed($this->link, 0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode);
} else {
header('HTTP/1.1 403 Forbidden');
}
}
/* function globalUpdateFeeds() {
// Update all feeds needing a update.
update_daemon_common($this->link, 0, true, true);
} */
}
?>

792
classes/rpc.php
Unescape Escape View File

@ -0,0 +1,792 @@
<?php
class RPC extends Protected_Handler {
function setprofile() {
$id = db_escape_string($_REQUEST["id"]);
$_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array();
}
function remprofiles() {
$ids = explode(",", db_escape_string(trim($_REQUEST["ids"])));
foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) {
db_query($this->link, "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
}
}
}
// Silent
function addprofile() {
$title = db_escape_string(trim($_REQUEST["title"]));
if ($title) {
db_query($this->link, "BEGIN");
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query($this->link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)
VALUES ('$title', ".$_SESSION["uid"] .")");
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles WHERE
title = '$title'");
if (db_num_rows($result) != 0) {
$profile_id = db_fetch_result($result, 0, "id");
if ($profile_id) {
initialize_user_prefs($this->link, $_SESSION["uid"], $profile_id);
}
}
}
db_query($this->link, "COMMIT");
}
}
// Silent
function saveprofile() {
$id = db_escape_string($_REQUEST["id"]);
$title = db_escape_string(trim($_REQUEST["value"]));
if ($id == 0) {
print __("Default profile");
return;
}
if ($title) {
db_query($this->link, "BEGIN");
$result = db_query($this->link, "SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query($this->link, "UPDATE ttrss_settings_profiles
SET title = '$title' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
print $title;
} else {
$result = db_query($this->link, "SELECT title FROM ttrss_settings_profiles
WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
print db_fetch_result($result, 0, "title");
}
db_query($this->link, "COMMIT");
}
}
// Silent
function remarchive() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$result = db_query($this->link, "DELETE FROM ttrss_archived_feeds WHERE
(SELECT COUNT(*) FROM ttrss_user_entries
WHERE orig_feed_id = '$id') = 0 AND
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
$rc = db_affected_rows($this->link, $result);
}
}
function addfeed() {
$feed = db_escape_string($_REQUEST['feed']);
$cat = db_escape_string($_REQUEST['cat']);
$login = db_escape_string($_REQUEST['login']);
$pass = db_escape_string($_REQUEST['pass']);
$rc = subscribe_to_feed($this->link, $feed, $cat, $login, $pass);
print json_encode(array("result" => $rc));
}
function extractfeedurls() {
$urls = get_feeds_from_html($_REQUEST['url']);
print json_encode(array("urls" => $urls));
}
function togglepref() {
$key = db_escape_string($_REQUEST["key"]);
set_pref($this->link, $key, !get_pref($this->link, $key));
$value = get_pref($this->link, $key);
print json_encode(array("param" =>$key, "value" => $value));
}
function setpref() {
$value = str_replace("\n", "<br/>", $_REQUEST['value']);
$key = db_escape_string($_REQUEST["key"]);
$value = db_escape_string($value);
set_pref($this->link, $key, $value);
print json_encode(array("param" =>$key, "value" => $value));
}
function mark() {
$mark = $_REQUEST["mark"];
$id = db_escape_string($_REQUEST["id"]);
if ($mark == "1") {
$mark = "true";
} else {
$mark = "false";
}
$result = db_query($this->link, "UPDATE ttrss_user_entries SET marked = $mark
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function delete() {
$ids = db_escape_string($_REQUEST["ids"]);
$result = db_query($this->link, "DELETE FROM ttrss_user_entries
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function unarchive() {
$ids = db_escape_string($_REQUEST["ids"]);
$result = db_query($this->link, "UPDATE ttrss_user_entries
SET feed_id = orig_feed_id, orig_feed_id = NULL
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function archive() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
archive_article($this->link, $id, $_SESSION["uid"]);
}
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function publ() {
$pub = $_REQUEST["pub"];
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
if ($pub == "1") {
$pub = "true";
} else {
$pub = "false";
}
$result = db_query($this->link, "UPDATE ttrss_user_entries SET
published = $pub
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$pubsub_result = false;
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($this->link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
$pubsub_result = $p->publish_update($rss_link);
}
print json_encode(array("message" => "UPDATE_COUNTERS",
"pubsub_result" => $pubsub_result));
}
function getAllCounters() {
$last_article_id = (int) $_REQUEST["last_article_id"];
$reply = array();
if ($seq) $reply['seq'] = $seq;
if ($last_article_id != getLastArticleId($this->link)) {
$omode = $_REQUEST["omode"];
if ($omode != "T")
$reply['counters'] = getAllCounters($this->link, $omode);
else
$reply['counters'] = getGlobalCounters($this->link);
}
$reply['runtime-info'] = make_runtime_info($this->link);
print json_encode($reply);
}
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
function catchupSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById($this->link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function markSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
markArticlesById($this->link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function publishSelected() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
publishArticlesById($this->link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function sanityCheck() {
$_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true";
$reply = array();
$reply['error'] = sanity_check($this->link);
if ($reply['error']['code'] == 0) {
$reply['init-params'] = make_init_params($this->link);
$reply['runtime-info'] = make_runtime_info($this->link);
}
print json_encode($reply);
}
function setArticleTags() {
global $memcache;
$id = db_escape_string($_REQUEST["id"]);
$tags_str = db_escape_string($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
db_query($this->link, "BEGIN");
$result = db_query($this->link, "SELECT int_id FROM ttrss_user_entries WHERE
ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
if (db_num_rows($result) == 1) {
$tags_to_cache = array();
$int_id = db_fetch_result($result, 0, "int_id");
db_query($this->link, "DELETE FROM ttrss_tags WHERE
post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
foreach ($tags as $tag) {
$tag = sanitize_tag($tag);
if (!tag_is_valid($tag)) {
continue;
}
if (preg_match("/^[0-9]*$/", $tag)) {
continue;
}
// print "<!-- $id : $int_id : $tag -->";
if ($tag != '') {
db_query($this->link, "INSERT INTO ttrss_tags
(post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
}
array_push($tags_to_cache, $tag);
}
/* update tag cache */
sort($tags_to_cache);
$tags_str = join(",", $tags_to_cache);
db_query($this->link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
db_query($this->link, "COMMIT");
if ($memcache) {
$obj_id = md5("TAGS:".$_SESSION["uid"].":$id");
$memcache->delete($obj_id);
}
$tags = get_article_tags($this->link, $id);
$tags_str = format_tags_string($tags, $id);
$tags_str_full = join(", ", $tags);
if (!$tags_str_full) $tags_str_full = __("no tags");
print json_encode(array("tags_str" => array("id" => $id,
"content" => $tags_str, "content_full" => $tags_str_full)));
}
function regenOPMLKey() {
update_feed_access_key($this->link, 'OPML:Publish',
false, $_SESSION["uid"]);
$new_link = opml_publish_url($this->link);
print json_encode(array("link" => $new_link));
}
function completeTags() {
$search = db_escape_string($_REQUEST["search"]);
$result = db_query($this->link, "SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = '".$_SESSION["uid"]."' AND
tag_name LIKE '$search%' ORDER BY tag_name
LIMIT 10");
print "<ul>";
while ($line = db_fetch_assoc($result)) {
print "<li>" . $line["tag_name"] . "</li>";
}
print "</ul>";
}
function purge() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$days = sprintf("%d", $_REQUEST["days"]);
foreach ($ids as $id) {
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) == 1) {
purge_feed($this->link, $id, $days);
}
}
}
function getArticles() {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$articles = array();
foreach ($ids as $id) {
if ($id) {
array_push($articles, format_article($this->link, $id, 0, false));
}
}
print json_encode($articles);
}
function checkDate() {
$date = db_escape_string($_REQUEST["date"]);
$date_parsed = strtotime($date);
print json_encode(array("result" => (bool)$date_parsed,
"date" => date("c", $date_parsed)));
}
function assigntolabel() {
return labelops(true);
}
function removefromlabel() {
return labelops(false);
}
function labelops($assign) {
$reply = array();
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = db_escape_string(label_find_caption($this->link, $label_id,
$_SESSION["uid"]));
$reply["info-for-headlines"] = array();
if ($label) {
foreach ($ids as $id) {
if ($assign)
label_add_article($this->link, $id, $label, $_SESSION["uid"]);
else
label_remove_article($this->link, $id, $label, $_SESSION["uid"]);
$labels = get_article_labels($this->link, $id, $_SESSION["uid"]);
array_push($reply["info-for-headlines"],
array("id" => $id, "labels" => format_article_labels($labels, $id)));
}
}
$reply["message"] = "UPDATE_COUNTERS";
print json_encode($reply);
}
function updateFeedBrowser() {
$search = db_escape_string($_REQUEST["search"]);
$limit = db_escape_string($_REQUEST["limit"]);
$mode = (int) db_escape_string($_REQUEST["mode"]);
print json_encode(array("content" =>
make_feed_browser($this->link, $search, $limit, $mode),
"mode" => $mode));
}
// Silent
function massSubscribe() {
$payload = json_decode($_REQUEST["payload"], false);
$mode = $_REQUEST["mode"];
if (!$payload || !is_array($payload)) return;
if ($mode == 1) {
foreach ($payload as $feed) {
$title = db_escape_string($feed[0]);
$feed_url = db_escape_string($feed[1]);
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query($this->link, "INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '')");
}
}
} else if ($mode == 2) {
// feed archive
foreach ($payload as $id) {
$result = db_query($this->link, "SELECT * FROM ttrss_archived_feeds
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title"));
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query($this->link, "INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('$id','".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '$site_url')");
}
}
}
}
}
function digestgetcontents() {
$article_id = db_escape_string($_REQUEST['article_id']);
$result = db_query($this->link, "SELECT content,title,link,marked,published
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
$content = sanitize_rss($this->link, db_fetch_result($result, 0, "content"));
$title = strip_tags(db_fetch_result($result, 0, "title"));
$article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));
$published = sql_bool_to_bool(db_fetch_result($result, 0, "published"));
print json_encode(array("article" =>
array("id" => $article_id, "url" => $article_url,
"tags" => get_article_tags($this->link, $article_id),
"marked" => $marked, "published" => $published,
"title" => $title, "content" => $content)));
}
function digestupdate() {
$feed_id = db_escape_string($_REQUEST['feed_id']);
$offset = db_escape_string($_REQUEST['offset']);
$seq = db_escape_string($_REQUEST['seq']);
if (!$feed_id) $feed_id = -4;
if (!$offset) $offset = 0;
$reply = array();
$reply['seq'] = $seq;
$headlines = api_get_headlines($this->link, $feed_id, 30, $offset,
'', ($feed_id == -4), true, false, "unread", "updated DESC", 0, 0);
$reply['headlines'] = array();
$reply['headlines']['title'] = getFeedTitle($this->link, $feed_id);
$reply['headlines']['content'] = $headlines;
print json_encode($reply);
}
function digestinit() {
$tmp_feeds = api_get_feeds($this->link, -4, true, false, 0);
$feeds = array();
foreach ($tmp_feeds as $f) {
if ($f['id'] > 0 || $f['id'] == -4) array_push($feeds, $f);
}
print json_encode(array("feeds" => $feeds));
}
function catchupFeed() {
$feed_id = db_escape_string($_REQUEST['feed_id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
catchup_feed($this->link, $feed_id, $is_cat);
print json_encode(array("message" => "UPDATE_COUNTERS"));
}
function sendEmail() {
$secretkey = $_REQUEST['secretkey'];
require_once 'lib/phpmailer/class.phpmailer.php';
$reply = array();
if (DIGEST_ENABLE && $_SESSION['email_secretkey'] &&
$secretkey == $_SESSION['email_secretkey']) {
$_SESSION['email_secretkey'] = '';
$destination = $_REQUEST['destination'];
$subject = $_REQUEST['subject'];
$content = $_REQUEST['content'];
$replyto = strip_tags($_SESSION['email_replyto']);
$fromname = strip_tags($_SESSION['email_fromname']);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = $replyto;
$mail->FromName = $fromname;
$mail->AddAddress($destination);
if (DIGEST_SMTP_HOST) {
$mail->Host = DIGEST_SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
$mail->Username = DIGEST_SMTP_LOGIN;
$mail->Password = DIGEST_SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = $subject;
$mail->Body = $content;
$rc = $mail->Send();
if (!$rc) {
$reply['error'] = $mail->ErrorInfo;
} else {
save_email_address($this->link, db_escape_string($destination));
$reply['message'] = "UPDATE_COUNTERS";
}
} else {
$reply['error'] = "Not authorized.";
}
print json_encode($reply);
}
function completeEmails() {
$search = db_escape_string($_REQUEST["search"]);
print "<ul>";
foreach ($_SESSION['stored_emails'] as $email) {
if (strpos($email, $search) !== false) {
print "<li>$email</li>";
}
}
print "</ul>";
}
function quickAddCat() {
$cat = db_escape_string($_REQUEST["cat"]);
add_feed_category($this->link, $cat);
$result = db_query($this->link, "SELECT id FROM ttrss_feed_categories WHERE
title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 1) {
$id = db_fetch_result($result, 0, "id");
} else {
$id = 0;
}
print_feed_cat_select($this->link, "cat_id", $id);
}
function regenFeedKey() {
$feed_id = db_escape_string($_REQUEST['id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
$new_key = update_feed_access_key($this->link, $feed_id, $is_cat);
print json_encode(array("link" => $new_key));
}
// Silent
function clearKeys() {
db_query($this->link, "DELETE FROM ttrss_access_keys WHERE
owner_uid = " . $_SESSION["uid"]);
}
// Silent
function clearArticleKeys() {
db_query($this->link, "UPDATE ttrss_user_entries SET uuid = '' WHERE
owner_uid = " . $_SESSION["uid"]);
return;
}
function verifyRegexp() {
$reg_exp = $_REQUEST["reg_exp"];
$status = @preg_match("/$reg_exp/i", "TEST") !== false;
print json_encode(array("status" => $status));
}
// TODO: unify with digest-get-contents?
function cdmGetArticle() {
$ids = array(db_escape_string($_REQUEST["id"]));
$cids = explode(",", $_REQUEST["cids"]);
$ids = array_merge($ids, $cids);
$rv = array();
foreach ($ids as $id) {
$id = (int)$id;
$result = db_query($this->link, "SELECT content,
ttrss_feeds.site_url AS site_url FROM ttrss_user_entries, ttrss_feeds,
ttrss_entries
WHERE feed_id = ttrss_feeds.id AND ref_id = '$id' AND
ttrss_entries.id = ref_id AND
ttrss_user_entries.owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$line = db_fetch_assoc($result);
$article_content = sanitize_rss($this->link, $line["content"],
false, false, $line['site_url']);
array_push($rv,
array("id" => $id, "content" => $article_content));
}
}
print json_encode($rv);
}
function scheduleFeedUpdate() {
$feed_id = db_escape_string($_REQUEST["id"]);
$is_cat = db_escape_string($_REQUEST['is_cat']) == 'true';
$message = __("Your request could not be completed.");
if ($feed_id >= 0) {
if (!$is_cat) {
$message = __("Feed update has been scheduled.");
db_query($this->link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id' AND
owner_uid = ".$_SESSION["uid"]);
} else {
$message = __("Category update has been scheduled.");
if ($feed_id)
$cat_query = "cat_id = '$feed_id'";
else
$cat_query = "cat_id IS NULL";
db_query($this->link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE $cat_query AND
owner_uid = ".$_SESSION["uid"]);
}
} else {
$message = __("Can't update this kind of feed.");
}
print json_encode(array("message" => $message));
return;
}
function getTweetInfo() {
$id = db_escape_string($_REQUEST['id']);
$result = db_query($this->link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND ref_id = id AND owner_uid = " .$_SESSION['uid']);
if (db_num_rows($result) != 0) {
$title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')),
100, '...');
$article_link = db_fetch_result($result, 0, 'link');
}
print json_encode(array("title" => $title, "link" => $article_link,
"id" => $id));
}
function setNote() {
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note'
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$formatted_note = format_article_note($id, $note);
print json_encode(array("note" => $formatted_note,
"raw_length" => mb_strlen($note)));
}
function genHash() {
$hash = sha1(uniqid(rand(), true));
print json_encode(array("hash" => $hash));
}
}
?>

2
db-updater.php
Unescape Escape View File

@ -9,7 +9,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
login_sequence($link);
$owner_uid = $_SESSION["uid"];

1
debian/tt-rss-common.install vendored
Unescape Escape View File

@ -5,6 +5,7 @@ include usr/share/tt-rss/www/
*.xsl usr/share/tt-rss/www/
api usr/share/tt-rss/www
help usr/share/tt-rss/www/
classes usr/share/tt-rss/www/
images usr/share/tt-rss/www/
lib usr/share/tt-rss/www/
locale usr/share/tt-rss/www/

10
help/2.php
Unescape Escape View File

@ -1,10 +0,0 @@
<h1><?php echo __("Content filtering") ?></h1>
<p><?php echo __("Tiny Tiny RSS has support for filtering (or processing) articles. Filtering is done once, when new article is imported to the database from the newsfeed, specified field is matched against regular expression and some action is taken. Regular expression matching is case-insensitive.") ?></p>
<p><?php echo __("Supported actions are: filter (do not import) article, mark article as read, set starred, assign tag(s), and set score. Filters can be defined globally and for some specific feed.") ?></p>
<p><?php echo __("Multiple and inverse matching are supported. All matching filters are considered when article is being imported and all actions executed in sequence. Inverse matching reverts matching result, e.g. filter matching XYZZY in title with inverse flag will match all articles, except those containing string XYZZY in title.") ?></p>
<p><?php echo __("See also:")?> <a target="_blank" href="http://tt-rss.org/wiki/ContentFilters">ContentFilters (wiki)</a>

6
include/db.php
Unescape Escape View File

@ -53,7 +53,7 @@ function db_escape_string($s, $strip_tags = true) {
function db_query($link, $query, $die_on_error = true) {
//if ($_REQUEST["qlog"])
// error_log($_SESSION["uid"] . ":" . $_REQUEST["op"] . "/" . $_REQUEST["subop"] .
// error_log($_SESSION["uid"] . ":" . $_REQUEST["op"] . "/" . $_REQUEST["method"] .
// " $query\n", 3, "/tmp/ttrss-query.log");
if (DB_TYPE == "pgsql") {
@ -61,7 +61,7 @@ function db_query($link, $query, $die_on_error = true) {
if (!$result) {
$query = htmlspecialchars($query); // just in case
if ($die_on_error) {
die("Query <i>$query</i> failed [$result]: " . pg_last_error($link));
die("Query <i>$query</i> failed [$result]: " . ($link ? pg_last_error($link) : "No connection"));
}
}
return $result;
@ -70,7 +70,7 @@ function db_query($link, $query, $die_on_error = true) {
if (!$result) {
$query = htmlspecialchars($query);
if ($die_on_error) {
die("Query <i>$query</i> failed: " . mysql_error($link));
die("Query <i>$query</i> failed: " . ($link ? mysql_error($link) : "No connection"));
}
}
return $result;

327
include/functions.php
Unescape Escape View File

@ -4884,7 +4884,7 @@
}
function format_headlines_list($link, $feed, $subop, $view_mode, $limit, $cat_view,
function format_headlines_list($link, $feed, $method, $view_mode, $limit, $cat_view,
$next_unread_feed, $offset, $vgr_last_feed = false,
$override_order = false) {
@ -4897,22 +4897,22 @@
$topmost_article_ids = array();
if (!$offset) $offset = 0;
if ($subop == "undefined") $subop = "";
if ($method == "undefined") $method = "";
$subop_split = explode(":", $subop);
$method_split = explode(":", $method);
/* if ($subop == "CatchupSelected") {
/* if ($method == "CatchupSelected") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById($link, $ids, $cmode);
} */
if ($subop == "ForceUpdate" && $feed && is_numeric($feed) > 0) {
if ($method == "ForceUpdate" && $feed && is_numeric($feed) > 0) {
update_rss_feed($link, $feed, true);
}
if ($subop == "MarkAllRead") {
if ($method == "MarkAllRead") {
catchup_feed($link, $feed, $cat_view);
if (get_pref($link, 'ON_CATCHUP_SHOW_NEXT_FEED')) {
@ -4922,8 +4922,8 @@
}
}
if ($subop_split[0] == "MarkAllReadGR") {
catchup_feed($link, $subop_split[1], false);
if ($method_split[0] == "MarkAllReadGR") {
catchup_feed($link, $method_split[1], false);
}
// FIXME: might break tag display?
@ -4973,9 +4973,9 @@
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("H0", $timing_info);
// error_log("format_headlines_list: [" . $feed . "] subop [" . $subop . "]");
if( $search_mode == '' && $subop != '' ){
$search_mode = $subop;
// error_log("format_headlines_list: [" . $feed . "] method [" . $method . "]");
if( $search_mode == '' && $method != '' ){
$search_mode = $method;
}
// error_log("search_mode: " . $search_mode);
$qfh_ret = queryFeedHeadlines($link, $feed, $limit, $view_mode, $cat_view,
@ -5638,7 +5638,7 @@
//$url_path = ($_SERVER['HTTPS'] != "on" ? 'http://' : 'https://') . $_SERVER["HTTP_HOST"] . parse_url($_SERVER["REQUEST_URI"], PHP_URL_PATH);
$url_path = get_self_url_prefix() .
"/backend.php?op=pref-feeds&quiet=1&subop=add&feed_url=%s";
"/backend.php?op=pref-feeds&quiet=1&method=add&feed_url=%s";
return $url_path;
} // function add_feed_url
@ -5835,18 +5835,24 @@
}
function init_connection($link) {
if (DB_TYPE == "pgsql") {
pg_query($link, "set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
pg_query($link, "set datestyle = 'ISO, european'");
pg_query($link, "set TIME ZONE 0");
} else {
db_query($link, "SET time_zone = '+0:0'");
if ($link) {
if (DB_TYPE == "pgsql") {
pg_query($link, "set client_encoding = 'UTF-8'");
pg_set_client_encoding("UNICODE");
pg_query($link, "set datestyle = 'ISO, european'");
pg_query($link, "set TIME ZONE 0");
} else {
db_query($link, "SET time_zone = '+0:0'");
if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
db_query($link, "SET NAMES " . MYSQL_CHARSET);
// db_query($link, "SET CHARACTER SET " . MYSQL_CHARSET);
if (defined('MYSQL_CHARSET') && MYSQL_CHARSET) {
db_query($link, "SET NAMES " . MYSQL_CHARSET);
}
}
return true;
} else {
print "Unable to connect to database:" . db_last_error();
return false;
}
}
@ -7428,220 +7434,115 @@
}
}
function handle_public_request($link, $op) {
switch ($op) {
case "getUnread":
$login = db_escape_string($_REQUEST["login"]);
$fresh = $_REQUEST["fresh"] == "1";
$result = db_query($link, "SELECT id FROM ttrss_users WHERE login = '$login'");
if (db_num_rows($result) == 1) {
$uid = db_fetch_result($result, 0, "id");
print getGlobalUnread($link, $uid);
if ($fresh) {
print ";";
print getFeedArticles($link, -3, false, true, $uid);
}
} else {
print "-1;User not found";
}
break; // getUnread
case "getProfiles":
$login = db_escape_string($_REQUEST["login"]);
$password = db_escape_string($_REQUEST["password"]);
if (authenticate_user($link, $login, $password)) {
$result = db_query($link, "SELECT * FROM ttrss_settings_profiles
WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY title");
function make_feed_browser($link, $search, $limit, $mode = 1) {
print "<select style='width: 100%' name='profile'>";
print "<option value='0'>" . __("Default profile") . "</option>";
while ($line = db_fetch_assoc($result)) {
$id = $line["id"];
$title = $line["title"];
print "<option value='$id'>$title</option>";
}
print "</select>";
$_SESSION = array();
}
break; // getprofiles
case "pubsub":
$mode = db_escape_string($_REQUEST['hub_mode']);
$feed_id = (int) db_escape_string($_REQUEST['id']);
$feed_url = db_escape_string($_REQUEST['hub_topic']);
if (!PUBSUBHUBBUB_ENABLED) {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
return;
}
// TODO: implement hub_verifytoken checking
$owner_uid = $_SESSION["uid"];
$rv = '';
$result = db_query($link, "SELECT feed_url FROM ttrss_feeds
WHERE id = '$feed_id'");
if ($search) {
$search_qpart = "AND (UPPER(feed_url) LIKE UPPER('%$search%') OR
UPPER(title) LIKE UPPER('%$search%'))";
} else {
$search_qpart = "";
}
if ($mode == 1) {
/* $result = db_query($link, "SELECT feed_url, subscribers FROM
ttrss_feedbrowser_cache WHERE (SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = ttrss_feedbrowser_cache.feed_url
AND owner_uid = '$owner_uid') $search_qpart
ORDER BY subscribers DESC LIMIT $limit"); */
$result = db_query($link, "SELECT feed_url, site_url, title, SUM(subscribers) AS subscribers FROM
(SELECT feed_url, site_url, title, subscribers FROM ttrss_feedbrowser_cache UNION ALL
SELECT feed_url, site_url, title, subscribers FROM ttrss_linked_feeds) AS qqq
WHERE
(SELECT COUNT(id) = 0 FROM ttrss_feeds AS tf
WHERE tf.feed_url = qqq.feed_url
AND owner_uid = '$owner_uid') $search_qpart
GROUP BY feed_url, site_url, title ORDER BY subscribers DESC LIMIT $limit");
} else if ($mode == 2) {
$result = db_query($link, "SELECT *,
(SELECT COUNT(*) FROM ttrss_user_entries WHERE
orig_feed_id = ttrss_archived_feeds.id) AS articles_archived
FROM
ttrss_archived_feeds
WHERE
(SELECT COUNT(*) FROM ttrss_feeds
WHERE ttrss_feeds.feed_url = ttrss_archived_feeds.feed_url AND
owner_uid = '$owner_uid') = 0 AND
owner_uid = '$owner_uid' $search_qpart
ORDER BY id DESC LIMIT $limit");
}
$feedctr = 0;
if (db_num_rows($result) != 0) {
while ($line = db_fetch_assoc($result)) {
$check_feed_url = db_fetch_result($result, 0, "feed_url");
if ($mode == 1) {
if ($check_feed_url && ($check_feed_url == $feed_url || !$feed_url)) {
if ($mode == "subscribe") {
$feed_url = htmlspecialchars($line["feed_url"]);
$site_url = htmlspecialchars($line["site_url"]);
$subscribers = $line["subscribers"];
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 2
WHERE id = '$feed_id'");
$check_box = "<input onclick='toggleSelectListRow2(this)'
dojoType=\"dijit.form.CheckBox\"
type=\"checkbox\" \">";
print $_REQUEST['hub_challenge'];
return;
$class = ($feedctr % 2) ? "even" : "odd";
} else if ($mode == "unsubscribe") {
$site_url = "<a target=\"_blank\"
href=\"$site_url\">
<span class=\"fb_feedTitle\">".
htmlspecialchars($line["title"])."</span></a>";
db_query($link, "UPDATE ttrss_feeds SET pubsub_state = 0
WHERE id = '$feed_id'");
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
style='vertical-align : middle'></a>";
print $_REQUEST['hub_challenge'];
return;
$rv .= "<li>$check_box $feed_url $site_url".
"&nbsp;<span class='subscribers'>($subscribers)</span></li>";
} else if (!$mode) {
} else if ($mode == 2) {
$feed_url = htmlspecialchars($line["feed_url"]);
$site_url = htmlspecialchars($line["site_url"]);
$title = htmlspecialchars($line["title"]);
// Received update ping, schedule feed update.
//update_rss_feed($link, $feed_id, true, true);
$check_box = "<input onclick='toggleSelectListRow2(this)' dojoType=\"dijit.form.CheckBox\"
type=\"checkbox\">";
db_query($link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id'");
$class = ($feedctr % 2) ? "even" : "odd";
}
if ($line['articles_archived'] > 0) {
$archived = sprintf(__("%d archived articles"), $line['articles_archived']);
$archived = "&nbsp;<span class='subscribers'>($archived)</span>";
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
} else {
header('HTTP/1.0 404 Not Found');
echo "404 Not found";
}
break; // pubsub
case "logout":
logout_user();
header("Location: index.php");
break; // logout
case "fbexport":
$access_key = db_escape_string($_POST["key"]);
// TODO: rate limit checking using last_connected
$result = db_query($link, "SELECT id FROM ttrss_linked_instances
WHERE access_key = '$access_key'");
if (db_num_rows($result) == 1) {
$instance_id = db_fetch_result($result, 0, "id");
$result = db_query($link, "SELECT feed_url, site_url, title, subscribers
FROM ttrss_feedbrowser_cache ORDER BY subscribers DESC LIMIT 100");
$feeds = array();
while ($line = db_fetch_assoc($result)) {
array_push($feeds, $line);
$archived = '';
}
db_query($link, "UPDATE ttrss_linked_instances SET
last_status_in = 1 WHERE id = '$instance_id'");
print json_encode(array("feeds" => $feeds));
} else {
print json_encode(array("error" => array("code" => 6)));
}
break; // fbexport
$site_url = "<a target=\"_blank\"
href=\"$site_url\">
<span class=\"fb_feedTitle\">".
htmlspecialchars($line["title"])."</span></a>";
case "share":
$uuid = db_escape_string($_REQUEST["key"]);
$feed_url = "<a target=\"_blank\" class=\"fb_feedUrl\"
href=\"$feed_url\"><img src='images/feed-icon-12x12.png'
style='vertical-align : middle'></a>";
$result = db_query($link, "SELECT ref_id, owner_uid FROM ttrss_user_entries WHERE
uuid = '$uuid'");
if (db_num_rows($result) != 0) {
header("Content-Type: text/html");
$id = db_fetch_result($result, 0, "ref_id");
$owner_uid = db_fetch_result($result, 0, "owner_uid");
$_SESSION["uid"] = $owner_uid;
$article = format_article($link, $id, false, true);
$_SESSION["uid"] = "";
print_r($article['content']);
} else {
print "Article not found.";
$rv .= "<li id=\"FBROW-".$line["id"]."\">".
"$check_box $feed_url $site_url $archived</li>";
}
break;
case "rss":
$feed = db_escape_string($_REQUEST["id"]);
$key = db_escape_string($_REQUEST["key"]);
$is_cat = $_REQUEST["is_cat"] != false;
$limit = (int)db_escape_string($_REQUEST["limit"]);
$search = db_escape_string($_REQUEST["q"]);
$match_on = db_escape_string($_REQUEST["m"]);
$search_mode = db_escape_string($_REQUEST["smode"]);
$view_mode = db_escape_string($_REQUEST["view-mode"]);
if (SINGLE_USER_MODE) {
authenticate_user($link, "admin", null);
}
$owner_id = false;
if ($key) {
$result = db_query($link, "SELECT owner_uid FROM
ttrss_access_keys WHERE access_key = '$key' AND feed_id = '$feed'");
if (db_num_rows($result) == 1)
$owner_id = db_fetch_result($result, 0, "owner_uid");
}
if ($owner_id) {
$_SESSION['uid'] = $owner_id;
generate_syndicated_feed($link, 0, $feed, $is_cat, $limit,
$search, $search_mode, $match_on, $view_mode);
} else {
header('HTTP/1.1 403 Forbidden');
}
break; // rss
case "globalUpdateFeeds":
// Update all feeds needing a update.
update_daemon_common($link, 0, true, true);
break; // globalUpdateFeeds
default:
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
break; // fallback
++$feedctr;
}
if ($feedctr == 0) {
$rv .= "<li style=\"text-align : center\"><p>".__('No feeds found.')."</p></li>";
}
return $rv;
}
?>

2
index.php
Unescape Escape View File

@ -16,7 +16,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
login_sequence($link);

2
js/PrefFeedTree.js
Unescape Escape View File

@ -11,7 +11,7 @@ dojo.declare("fox.PrefFeedStore", dojo.data.ItemFileWriteStore, {
dojo.xhrPost({
url: "backend.php",
content: {op: "pref-feeds", subop: "savefeedorder",
content: {op: "pref-feeds", method: "savefeedorder",
payload: newFileContentString},
error: saveFailedCallback,
load: saveCompleteCallback});

26
js/digest.js
Unescape Escape View File

@ -26,7 +26,7 @@ function catchup_feed(feed_id, callback) {
if (feed_id < 0) is_cat = "true"; // KLUDGE
var query = "?op=rpc&subop=catchupFeed&feed_id=" +
var query = "?op=rpc&method=catchupFeed&feed_id=" +
feed_id + "&is_cat=" + is_cat;
new Ajax.Request("backend.php", {
@ -68,7 +68,7 @@ function catchup_visible_articles(callback) {
if (confirm(__("Mark %d displayed articles as read?").replace("%d", ids.length))) {
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=0&ids=" + param_escape(ids);
new Ajax.Request("backend.php", {
@ -88,7 +88,7 @@ function catchup_visible_articles(callback) {
function catchup_article(article_id, callback) {
try {
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=0&ids=" + article_id;
new Ajax.Request("backend.php", {
@ -169,7 +169,7 @@ function update(callback) {
window.clearTimeout(_update_timeout);
new Ajax.Request("backend.php", {
parameters: "?op=rpc&subop=digest-init",
parameters: "?op=rpc&method=digestinit",
onComplete: function(transport) {
fatal_error_check(transport);
parse_feeds(transport);
@ -220,7 +220,7 @@ function view(article_id) {
}, 500);
new Ajax.Request("backend.php", {
parameters: "?op=rpc&subop=digest-get-contents&article_id=" +
parameters: "?op=rpc&method=digestgetcontents&article_id=" +
article_id,
onComplete: function(transport) {
fatal_error_check(transport);
@ -315,14 +315,14 @@ function viewfeed(feed_id, offset, replace, no_effects, no_indicator, callback)
if (!offset) $("headlines").scrollTop = 0;
var query = "backend.php?op=rpc&subop=digest-update&feed_id=" +
var query = "backend.php?op=rpc&method=digestupdate&feed_id=" +
param_escape(feed_id) + "&offset=" + offset +
"&seq=" + _update_seq;
console.log(query);
var img = false;
if ($("F-" + feed_id)) {
img = $("F-" + feed_id).getElementsByTagName("IMG")[0];
@ -648,7 +648,7 @@ function parse_headlines(transport, replace, no_effects) {
function init_second_stage() {
try {
new Ajax.Request("backend.php", {
parameters: "backend.php?op=rpc&subop=digest-init",
parameters: "backend.php?op=rpc&method=digestinit",
onComplete: function(transport) {
parse_feeds(transport);
Element.hide("overlay");
@ -667,7 +667,7 @@ function init() {
dojo.require("dijit.Dialog");
new Ajax.Request("backend.php", {
parameters: "?op=rpc&subop=sanityCheck",
parameters: "?op=rpc&method=sanityCheck",
onComplete: function(transport) {
backend_sanity_check_callback(transport);
} });
@ -681,7 +681,7 @@ function toggle_mark(img, id) {
try {
var query = "?op=rpc&id=" + id + "&subop=mark";
var query = "?op=rpc&id=" + id + "&method=mark";
if (!img) return;
@ -710,7 +710,7 @@ function toggle_pub(img, id, note) {
try {
var query = "?op=rpc&id=" + id + "&subop=publ";
var query = "?op=rpc&id=" + id + "&method=publ";
if (note != undefined) {
query = query + "&note=" + param_escape(note);
@ -798,14 +798,14 @@ function update_title(unread) {
function tweet_article(id) {
try {
var query = "?op=rpc&subop=getTweetInfo&id=" + param_escape(id);
var query = "?op=rpc&method=getTweetInfo&id=" + param_escape(id);
console.log(query);
var d = new Date();
var ts = d.getTime();
var w = window.open('backend.php?op=loading', 'ttrss_tweet',
var w = window.open('backend.php?op=backend&method=loading', 'ttrss_tweet',
"status=0,toolbar=0,location=0,width=500,height=400,scrollbars=1,menubar=0");
new Ajax.Request("backend.php", {

20
js/feedlist.js
Unescape Escape View File

@ -48,14 +48,14 @@ function loadMoreHeadlines() {
}
function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
function viewfeed(feed, method, is_cat, offset, background, infscroll_req) {
try {
if (is_cat == undefined)
is_cat = false;
else
is_cat = !!is_cat;
if (subop == undefined) subop = '';
if (method == undefined) method = '';
if (offset == undefined) offset = 0;
if (background == undefined) background = false;
if (infscroll_req == undefined) infscroll_req = false;
@ -110,7 +110,7 @@ function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
_infscroll_disable = 0;
}
if (!offset && !subop && cached_headlines && !background) {
if (!offset && !method && cached_headlines && !background) {
try {
render_local_headlines(feed, is_cat, JSON.parse(cached_headlines));
return;
@ -119,7 +119,7 @@ function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
}
}
if (offset != 0 && !subop) {
if (offset != 0 && !method) {
var date = new Date();
var timestamp = Math.round(date.getTime() / 1000);
@ -138,8 +138,8 @@ function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
var toolbar_query = Form.serialize("main_toolbar_form");
var query = "?op=viewfeed&feed=" + feed + "&" +
toolbar_query + "&subop=" + param_escape(subop);
var query = "?op=feeds&method=view&feed=" + feed + "&" +
toolbar_query + "&m=" + param_escape(method);
if (!background) {
if (_search_query) {
@ -148,7 +148,7 @@ function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
_search_query = false;
}
if (subop == "MarkAllRead") {
if (method == "MarkAllRead") {
var show_next_feed = getInitParam("on_catchup_show_next_feed") == "1";
@ -162,7 +162,7 @@ function viewfeed(feed, subop, is_cat, offset, background, infscroll_req) {
render_local_headlines(nuf, false, JSON.parse(cached_nuf));
var catchup_query = "?op=rpc&subop=catchupFeed&feed_id=" +
var catchup_query = "?op=rpc&method=catchupFeed&feed_id=" +
feed + "&is_cat=" + is_cat;
console.log(catchup_query);
@ -246,7 +246,7 @@ function request_counters_real() {
try {
console.log("requesting counters...");
var query = "?op=rpc&subop=getAllCounters&seq=" + next_seq();
var query = "?op=rpc&method=getAllCounters&seq=" + next_seq();
query = query + "&omode=flc";
@ -487,7 +487,7 @@ function catchupFeed(feed, is_cat) {
return;
}
var catchup_query = "?op=rpc&subop=catchupFeed&feed_id=" +
var catchup_query = "?op=rpc&method=catchupFeed&feed_id=" +
feed + "&is_cat=" + is_cat;
notify_progress("Loading, please wait...", true);

38
js/functions.js
Unescape Escape View File

@ -411,7 +411,7 @@ function displayDlg(id, param, callback) {
notify_progress("Loading, please wait...", true);
var query = "?op=dlg&id=" +
var query = "?op=dlg&method=" +
param_escape(id) + "&param=" + param_escape(param);
new Ajax.Request("backend.php", {
@ -607,7 +607,7 @@ function filterDlgCheckDate() {
var reg_exp = dialog.attr('value').reg_exp;
var query = "?op=rpc&subop=checkDate&date=" + reg_exp;
var query = "?op=rpc&method=checkDate&date=" + reg_exp;
new Ajax.Request("backend.php", {
parameters: query,
@ -636,7 +636,7 @@ function explainError(code) {
function displayHelpInfobox(topic_id) {
var url = "backend.php?op=help&tid=" + param_escape(topic_id);
var url = "backend.php?op=backend&method=help&tid=" + param_escape(topic_id);
window.open(url, "ttrss_help",
"status=0,toolbar=0,location=0,width=450,height=500,scrollbars=1,menubar=0");
@ -756,7 +756,7 @@ function removeFeedIcon(id) {
try {
if (confirm(__("Remove stored feed icon?"))) {
var query = "backend.php?op=pref-feeds&subop=removeicon&feed_id=" + param_escape(id);
var query = "backend.php?op=pref-feeds&method=removeicon&feed_id=" + param_escape(id);
console.log(query);
@ -815,7 +815,7 @@ function addLabel(select, callback) {
return false;
}
var query = "?op=pref-labels&subop=add&caption=" +
var query = "?op=pref-labels&method=add&caption=" +
param_escape(caption);
if (select)
@ -846,7 +846,7 @@ function addLabel(select, callback) {
function quickAddFeed() {
try {
var query = "backend.php?op=dlg&id=quickAddFeed";
var query = "backend.php?op=dlg&method=quickAddFeed";
if (dijit.byId("feedAddDlg"))
dijit.byId("feedAddDlg").destroyRecursive();
@ -893,7 +893,7 @@ function quickAddFeed() {
notify_progress("Searching for feed urls...", true);
new Ajax.Request("backend.php", {
parameters: 'op=rpc&subop=extractfeedurls&url=' + param_escape(feed_url),
parameters: 'op=rpc&method=extractfeedurls&url=' + param_escape(feed_url),
onComplete: function(transport, dialog, feed_url) {
notify('');
@ -948,7 +948,7 @@ function quickAddFeed() {
function quickAddFilter() {
try {
var query = "backend.php?op=dlg&id=quickAddFilter";
var query = "backend.php?op=dlg&method=quickAddFilter";
if (dijit.byId("filterEditDlg"))
dijit.byId("filterEditDlg").destroyRecursive();
@ -978,7 +978,7 @@ function quickAddFilter() {
execute: function() {
if (this.validate()) {
var query = "?op=rpc&subop=verifyRegexp&reg_exp=" +
var query = "?op=rpc&method=verifyRegexp&reg_exp=" +
param_escape(dialog.attr('value').reg_exp);
notify_progress("Verifying regular expression...");
@ -1028,7 +1028,7 @@ function resetPubSub(feed_id, title) {
if (title == undefined || confirm(msg)) {
notify_progress("Loading, please wait...");
var query = "?op=pref-feeds&quiet=1&subop=resetPubSub&ids=" + feed_id;
var query = "?op=pref-feeds&quiet=1&method=resetPubSub&ids=" + feed_id;
new Ajax.Request("backend.php", {
parameters: query,
@ -1049,7 +1049,7 @@ function unsubscribeFeed(feed_id, title) {
if (title == undefined || confirm(msg)) {
notify_progress("Removing feed...");
var query = "?op=pref-feeds&quiet=1&subop=remove&ids=" + feed_id;
var query = "?op=pref-feeds&quiet=1&method=remove&ids=" + feed_id;
new Ajax.Request("backend.php", {
parameters: query,
@ -1155,7 +1155,7 @@ function quickAddCat(elem) {
if (cat) {
var query = "?op=rpc&subop=quickAddCat&cat=" + param_escape(cat);
var query = "?op=rpc&method=quickAddCat&cat=" + param_escape(cat);
notify_progress("Loading, please wait...", true);
@ -1188,7 +1188,7 @@ function genUrlChangeKey(feed, is_cat) {
notify_progress("Trying to change address...", true);
var query = "?op=rpc&subop=regenFeedKey&id=" + param_escape(feed) +
var query = "?op=rpc&method=regenFeedKey&id=" + param_escape(feed) +
"&is_cat=" + param_escape(is_cat);
new Ajax.Request("backend.php", {
@ -1368,7 +1368,7 @@ function editFeed(feed, event) {
if (feed <= 0)
return alert(__("You can't edit this kind of feed."));
var query = "backend.php?op=pref-feeds&subop=editfeed&id=" +
var query = "backend.php?op=pref-feeds&method=editfeed&id=" +
param_escape(feed);
console.log(query);
@ -1406,7 +1406,7 @@ function editFeed(feed, event) {
function feedBrowser() {
try {
var query = "backend.php?op=dlg&id=feedBrowser";
var query = "backend.php?op=dlg&method=feedBrowser";
if (dijit.byId("feedAddDlg"))
dijit.byId("feedAddDlg").hide();
@ -1464,7 +1464,7 @@ function feedBrowser() {
// we use dojo.toJson instead of JSON.stringify because
// it somehow escapes everything TWICE, at least in Chrome 9
var query = "?op=rpc&subop=massSubscribe&payload="+
var query = "?op=rpc&method=massSubscribe&payload="+
param_escape(dojo.toJson(selected)) + "&mode=" + param_escape(mode);
console.log(query);
@ -1524,7 +1524,7 @@ function feedBrowser() {
if (confirm(pr)) {
Element.show('feed_browser_spinner');
var query = "?op=rpc&subop=remarchived&ids=" +
var query = "?op=rpc&method=remarchived&ids=" +
param_escape(selected.toString());;
new Ajax.Request("backend.php", {
@ -1551,7 +1551,7 @@ function feedBrowser() {
function showFeedsWithErrors() {
try {
var query = "backend.php?op=dlg&id=feedsWithErrors";
var query = "backend.php?op=dlg&method=feedsWithErrors";
if (dijit.byId("errorFeedsDlg"))
dijit.byId("errorFeedsDlg").destroyRecursive();
@ -1574,7 +1574,7 @@ function showFeedsWithErrors() {
if (ok) {
notify_progress("Removing selected feeds...", true);
var query = "?op=pref-feeds&subop=remove&ids="+
var query = "?op=pref-feeds&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {

190
js/prefs.js
Unescape Escape View File

@ -5,62 +5,8 @@ var hotkey_prefix_pressed = false;
var seq = "";
function instancelist_callback2(transport) {
try {
dijit.byId('instanceConfigTab').attr('content', transport.responseText);
selectTab("instanceConfig", true);
notify("");
} catch (e) {
exception_error("instancelist_callback2", e);
}
}
function feedlist_callback2(transport) {
try {
dijit.byId('feedConfigTab').attr('content', transport.responseText);
selectTab("feedConfig", true);
notify("");
} catch (e) {
exception_error("feedlist_callback2", e);
}
}
function filterlist_callback2(transport) {
dijit.byId('filterConfigTab').attr('content', transport.responseText);
notify("");
}
function labellist_callback2(transport) {
try {
dijit.byId('labelConfigTab').attr('content', transport.responseText);
notify("");
} catch (e) {
exception_error("labellist_callback2", e);
}
}
function userlist_callback2(transport) {
try {
dijit.byId('userConfigTab').attr('content', transport.responseText);
notify("");
} catch (e) {
exception_error("userlist_callback2", e);
}
}
function prefslist_callback2(transport) {
try {
dijit.byId('genConfigTab').attr('content', transport.responseText);
notify("");
} catch (e) {
exception_error("prefslist_callback2", e);
}
}
function notify_callback2(transport) {
notify_info(transport.responseText);
function notify_callback2(transport, sticky) {
notify_info(transport.responseText, sticky);
}
function updateFeedList(sort_key) {
@ -72,7 +18,9 @@ function updateFeedList(sort_key) {
new Ajax.Request("backend.php", {
parameters: "?op=pref-feeds&search=" + param_escape(search),
onComplete: function(transport) {
feedlist_callback2(transport);
dijit.byId('feedConfigTab').attr('content', transport.responseText);
selectTab("feedConfig", true);
notify("");
} });
}
@ -80,14 +28,14 @@ function updateInstanceList(sort_key) {
new Ajax.Request("backend.php", {
parameters: "?op=pref-instances&sort=" + param_escape(sort_key),
onComplete: function(transport) {
instancelist_callback2(transport);
dijit.byId('instanceConfigTab').attr('content', transport.responseText);
selectTab("instanceConfig", true);
notify("");
} });
}
function updateUsersList(sort_key) {
try {
var user_search = $("user_search");
var search = "";
if (user_search) { search = user_search.value; }
@ -99,7 +47,9 @@ function updateUsersList(sort_key) {
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
userlist_callback2(transport);
dijit.byId('userConfigTab').attr('content', transport.responseText);
selectTab("userConfig", true)
notify("");
} });
} catch (e) {
@ -124,13 +74,14 @@ function addUser() {
notify_progress("Adding user...");
var query = "?op=pref-users&subop=add&login=" +
var query = "?op=pref-users&method=add&login=" +
param_escape(login);
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
userlist_callback2(transport);
notify_callback2(transport);
updateUsersList();
} });
} catch (e) {
@ -148,7 +99,7 @@ function editUser(id, event) {
selectTableRows('prefUserList', 'none');
selectTableRowById('UMRR-'+id, 'UMCHK-'+id, true);
var query = "?op=pref-users&subop=edit&id=" +
var query = "?op=pref-users&method=edit&id=" +
param_escape(id);
new Ajax.Request("backend.php", {
@ -173,7 +124,7 @@ function editUser(id, event) {
function editFilter(id) {
try {
var query = "backend.php?op=pref-filters&subop=edit&id=" + param_escape(id);
var query = "backend.php?op=pref-filters&method=edit&id=" + param_escape(id);
if (dijit.byId("filterEditDlg"))
dijit.byId("filterEditDlg").destroyRecursive();
@ -193,7 +144,7 @@ function editFilter(id) {
var id = this.attr('value').id;
var query = "?op=pref-filters&subop=remove&ids="+
var query = "?op=pref-filters&method=remove&ids="+
param_escape(id);
new Ajax.Request("backend.php", {
@ -224,7 +175,7 @@ function editFilter(id) {
execute: function() {
if (this.validate()) {
var query = "?op=rpc&subop=verifyRegexp&reg_exp=" +
var query = "?op=rpc&method=verifyRegexp&reg_exp=" +
param_escape(dialog.attr('value').reg_exp);
notify_progress("Verifying regular expression...");
@ -323,13 +274,13 @@ function removeSelectedLabels() {
if (ok) {
notify_progress("Removing selected labels...");
var query = "?op=pref-labels&subop=remove&ids="+
var query = "?op=pref-labels&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
labellist_callback2(transport);
updateLabelList();
} });
}
@ -353,13 +304,13 @@ function removeSelectedUsers() {
if (ok) {
notify_progress("Removing selected users...");
var query = "?op=pref-users&subop=remove&ids="+
var query = "?op=pref-users&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
userlist_callback2(transport);
updateUsersList();
} });
}
@ -388,7 +339,7 @@ function removeSelectedFilters() {
if (ok) {
notify_progress("Removing selected filters...");
var query = "?op=pref-filters&subop=remove&ids="+
var query = "?op=pref-filters&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -423,7 +374,7 @@ function removeSelectedFeeds() {
notify_progress("Unsubscribing from selected feeds...", true);
var query = "?op=pref-feeds&subop=remove&ids="+
var query = "?op=pref-feeds&method=remove&ids="+
param_escape(sel_rows.toString());
console.log(query);
@ -484,7 +435,7 @@ function purgeSelectedFeeds() {
if (pr != undefined) {
notify_progress("Purging selected feed...");
var query = "?op=rpc&subop=purge&ids="+
var query = "?op=rpc&method=purge&ids="+
param_escape(sel_rows.toString()) + "&days=" + pr;
console.log(query);
@ -530,7 +481,7 @@ function userEditSave() {
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
userlist_callback2(transport);
updateUsersList();
} });
} catch (e) {
@ -583,13 +534,13 @@ function resetSelectedUserPass() {
var id = rows[0];
var query = "?op=pref-users&subop=resetPass&id=" +
var query = "?op=pref-users&method=resetPass&id=" +
param_escape(id);
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
userlist_callback2(transport);
notify_info(transport.responseText);
} });
}
@ -619,7 +570,7 @@ function selectedUserDetails() {
var id = rows[0];
var query = "?op=pref-users&subop=user-details&id=" + id;
var query = "?op=pref-users&method=userdetails&id=" + id;
new Ajax.Request("backend.php", {
parameters: query,
@ -682,7 +633,7 @@ function editSelectedFeeds() {
notify_progress("Loading, please wait...");
var query = "backend.php?op=pref-feeds&subop=editfeeds&ids=" +
var query = "backend.php?op=pref-feeds&method=editfeeds&ids=" +
param_escape(rows.toString());
console.log(query);
@ -843,7 +794,8 @@ function updateFilterList() {
new Ajax.Request("backend.php", {
parameters: "?op=pref-filters",
onComplete: function(transport) {
filterlist_callback2(transport);
dijit.byId('filterConfigTab').attr('content', transport.responseText);
notify("");
} });
}
@ -851,7 +803,8 @@ function updateLabelList() {
new Ajax.Request("backend.php", {
parameters: "?op=pref-labels",
onComplete: function(transport) {
labellist_callback2(transport);
dijit.byId('labelConfigTab').attr('content', transport.responseText);
notify("");
} });
}
@ -859,11 +812,12 @@ function updatePrefsList() {
new Ajax.Request("backend.php", {
parameters: "?op=pref-prefs",
onComplete: function(transport) {
prefslist_callback2(transport);
dijit.byId('genConfigTab').attr('content', transport.responseText);
notify("");
} });
}
function selectTab(id, noupdate, subop) {
function selectTab(id, noupdate, method) {
try {
if (!noupdate) {
notify_progress("Loading, please wait...");
@ -905,10 +859,10 @@ function init_second_stage() {
if (tab) dijit.byId("pref-tabs").selectChild(tab);
}
var subop = getURLParam('subop');
var method = getURLParam('method');
if (subop == 'editFeed') {
var param = getURLParam('subopparam');
if (method == 'editFeed') {
var param = getURLParam('methodparam');
window.setTimeout('editFeed(' + param + ')', 100);
}
@ -938,7 +892,7 @@ function init() {
loading_set_progress(50);
new Ajax.Request("backend.php", {
parameters: {op: "rpc", subop: "sanityCheck"},
parameters: {op: "rpc", method: "sanityCheck"},
onComplete: function(transport) {
backend_sanity_check_callback(transport);
} });
@ -955,7 +909,7 @@ function validatePrefsReset() {
if (ok) {
query = "?op=pref-prefs&subop=reset-config";
query = "?op=pref-prefs&method=resetconfig";
console.log(query);
new Ajax.Request("backend.php", {
@ -1160,7 +1114,7 @@ function pref_hotkey_handler(e) {
function editFeedCats() {
try {
var query = "backend.php?op=pref-feeds&subop=editCats";
var query = "backend.php?op=pref-feeds&method=editCats";
if (dijit.byId("feedCatEditDlg"))
dijit.byId("feedCatEditDlg").destroyRecursive();
@ -1181,7 +1135,7 @@ function editFeedCats() {
if (ok) {
notify_progress("Removing selected categories...", true);
var query = "?op=pref-feeds&subop=editCats&action=remove&ids="+
var query = "?op=pref-feeds&method=editCats&action=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1202,7 +1156,7 @@ function editFeedCats() {
if (this.validate()) {
notify_progress("Creating category...");
var query = "?op=pref-feeds&subop=editCats&action=add&cat=" +
var query = "?op=pref-feeds&method=editCats&action=add&cat=" +
param_escape(this.attr('value').newcat);
new Ajax.Request("backend.php", {
@ -1229,7 +1183,7 @@ function editFeedCats() {
function showInactiveFeeds() {
try {
var query = "backend.php?op=dlg&id=inactiveFeeds";
var query = "backend.php?op=dlg&method=inactiveFeeds";
if (dijit.byId("inactiveFeedsDlg"))
dijit.byId("inactiveFeedsDlg").destroyRecursive();
@ -1252,7 +1206,7 @@ function showInactiveFeeds() {
if (ok) {
notify_progress("Removing selected feeds...", true);
var query = "?op=pref-feeds&subop=remove&ids="+
var query = "?op=pref-feeds&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1291,7 +1245,7 @@ function opmlRegenKey() {
notify_progress("Trying to change address...", true);
var query = "?op=rpc&subop=regenOPMLKey";
var query = "?op=rpc&method=regenOPMLKey";
new Ajax.Request("backend.php", {
parameters: query,
@ -1376,7 +1330,7 @@ function clearFeedArticles(feed_id) {
notify_progress("Clearing feed...");
var query = "?op=pref-feeds&quiet=1&subop=clear&id=" + feed_id;
var query = "?op=pref-feeds&quiet=1&method=clear&id=" + feed_id;
new Ajax.Request("backend.php", {
parameters: query,
@ -1399,7 +1353,7 @@ function rescoreSelectedFeeds() {
if (ok) {
notify_progress("Rescoring selected feeds...", true);
var query = "?op=pref-feeds&subop=rescore&quiet=1&ids="+
var query = "?op=pref-feeds&method=rescore&quiet=1&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1422,7 +1376,7 @@ function rescore_all_feeds() {
if (ok) {
notify_progress("Rescoring feeds...", true);
var query = "?op=pref-feeds&subop=rescoreAll&quiet=1";
var query = "?op=pref-feeds&method=rescoreAll&quiet=1";
new Ajax.Request("backend.php", {
parameters: query,
@ -1440,13 +1394,13 @@ function labelColorReset() {
var ok = confirm(__("Reset selected labels to default colors?"));
if (ok) {
var query = "?op=pref-labels&subop=color-reset&ids="+
var query = "?op=pref-labels&method=colorreset&ids="+
param_escape(labels.toString());
new Ajax.Request("backend.php", {
parameters: query,
onComplete: function(transport) {
labellist_callback2(transport);
updateLabelList();
} });
}
@ -1470,7 +1424,7 @@ function editProfiles() {
if (dijit.byId("profileEditDlg"))
dijit.byId("profileEditDlg").destroyRecursive();
var query = "backend.php?op=dlg&id=editPrefProfiles";
var query = "backend.php?op=dlg&method=editPrefProfiles";
dialog = new dijit.Dialog({
id: "profileEditDlg",
@ -1488,7 +1442,7 @@ function editProfiles() {
if (ok) {
notify_progress("Removing selected profiles...", true);
var query = "?op=rpc&subop=remprofiles&ids="+
var query = "?op=rpc&method=remprofiles&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1514,7 +1468,7 @@ function editProfiles() {
if (ok) {
notify_progress("Loading, please wait...");
var query = "?op=rpc&subop=setprofile&id="+
var query = "?op=rpc&method=setprofile&id="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1532,7 +1486,7 @@ function editProfiles() {
if (this.validate()) {
notify_progress("Creating profile...", true);
var query = "?op=rpc&subop=addprofile&title=" +
var query = "?op=rpc&method=addprofile&title=" +
param_escape(dialog.attr('value').newprofile);
new Ajax.Request("backend.php", {
@ -1567,7 +1521,7 @@ function activatePrefProfile() {
if (ok) {
notify_progress("Loading, please wait...");
var query = "?op=rpc&subop=setprofile&id="+
var query = "?op=rpc&method=setprofile&id="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {
@ -1591,7 +1545,7 @@ function clearFeedAccessKeys() {
if (ok) {
notify_progress("Clearing URLs...");
var query = "?op=rpc&subop=clearKeys";
var query = "?op=rpc&method=clearKeys";
new Ajax.Request("backend.php", {
parameters: query,
@ -1610,7 +1564,7 @@ function clearArticleAccessKeys() {
if (ok) {
notify_progress("Clearing URLs...");
var query = "?op=rpc&subop=clearArticleKeys";
var query = "?op=rpc&method=clearArticleKeys";
new Ajax.Request("backend.php", {
parameters: query,
@ -1626,7 +1580,7 @@ function resetFeedOrder() {
notify_progress("Loading, please wait...");
new Ajax.Request("backend.php", {
parameters: "?op=pref-feeds&subop=feedsortreset",
parameters: "?op=pref-feeds&method=feedsortreset",
onComplete: function(transport) {
updateFeedList();
} });
@ -1642,7 +1596,7 @@ function resetCatOrder() {
notify_progress("Loading, please wait...");
new Ajax.Request("backend.php", {
parameters: "?op=pref-feeds&subop=catsortreset",
parameters: "?op=pref-feeds&method=catsortreset",
onComplete: function(transport) {
updateFeedList();
} });
@ -1664,7 +1618,7 @@ function editCat(id, item, event) {
new Ajax.Request("backend.php", {
parameters: {
op: 'pref-feeds',
subop: 'renamecat',
method: 'renamecat',
id: id,
title: new_name,
},
@ -1680,7 +1634,7 @@ function editCat(id, item, event) {
function editLabel(id, event) {
try {
var query = "backend.php?op=pref-labels&subop=edit&id=" +
var query = "backend.php?op=pref-labels&method=edit&id=" +
param_escape(id);
if (dijit.byId("labelEditDlg"))
@ -1705,7 +1659,7 @@ function editLabel(id, event) {
color = bg;
}
var query = "?op=pref-labels&subop=color-set&kind="+kind+
var query = "?op=pref-labels&method=colorset&kind="+kind+
"&ids=" + param_escape(id) + "&fg=" + param_escape(fg) +
"&bg=" + param_escape(bg) + "&color=" + param_escape(color);
@ -1756,7 +1710,7 @@ function clearTwitterCredentials() {
if (ok) {
notify_progress("Clearing credentials...");
var query = "?op=pref-feeds&subop=remtwitterinfo";
var query = "?op=pref-feeds&method=remtwitterinfo";
new Ajax.Request("backend.php", {
parameters: query,
@ -1773,7 +1727,7 @@ function clearTwitterCredentials() {
function customizeCSS() {
try {
var query = "backend.php?op=dlg&id=customizeCSS";
var query = "backend.php?op=dlg&method=customizeCSS";
if (dijit.byId("cssEditDlg"))
dijit.byId("cssEditDlg").destroyRecursive();
@ -1815,7 +1769,7 @@ function getSelectedInstances() {
function addInstance() {
try {
var query = "backend.php?op=dlg&id=addInstance";
var query = "backend.php?op=dlg&method=addInstance";
if (dijit.byId("instanceAddDlg"))
dijit.byId("instanceAddDlg").destroyRecursive();
@ -1826,7 +1780,7 @@ function addInstance() {
style: "width: 600px",
regenKey: function() {
new Ajax.Request("backend.php", {
parameters: "?op=rpc&subop=genHash",
parameters: "?op=rpc&method=genHash",
onComplete: function(transport) {
var reply = JSON.parse(transport.responseText);
if (reply)
@ -1865,7 +1819,7 @@ function editInstance(id, event) {
selectTableRows('prefInstanceList', 'none');
selectTableRowById('LIRR-'+id, 'LICHK-'+id, true);
var query = "backend.php?op=pref-instances&subop=edit&id=" +
var query = "backend.php?op=pref-instances&method=edit&id=" +
param_escape(id);
if (dijit.byId("instanceEditDlg"))
@ -1877,7 +1831,7 @@ function editInstance(id, event) {
style: "width: 600px",
regenKey: function() {
new Ajax.Request("backend.php", {
parameters: "?op=rpc&subop=genHash",
parameters: "?op=rpc&method=genHash",
onComplete: function(transport) {
var reply = JSON.parse(transport.responseText);
if (reply)
@ -1927,7 +1881,7 @@ function removeSelectedInstances() {
if (ok) {
notify_progress("Removing selected instances...");
var query = "?op=pref-instances&subop=remove&ids="+
var query = "?op=pref-instances&method=remove&ids="+
param_escape(sel_rows.toString());
new Ajax.Request("backend.php", {

32
js/tt-rss.js
Unescape Escape View File

@ -82,7 +82,7 @@ function updateFeedList() {
var cat_id = id.substr(id.indexOf(":")+1);
new Ajax.Request("backend.php",
{ parameters: "backend.php?op=feeds&subop=collapse&cid=" +
{ parameters: "backend.php?op=feeds&method=collapse&cid=" +
param_escape(cat_id) + "&mode=0" } );
},
onClose: function (item, node) {
@ -90,7 +90,7 @@ function updateFeedList() {
var cat_id = id.substr(id.indexOf(":")+1);
new Ajax.Request("backend.php",
{ parameters: "backend.php?op=feeds&subop=collapse&cid=" +
{ parameters: "backend.php?op=feeds&method=collapse&cid=" +
param_escape(cat_id) + "&mode=1" } );
},
@ -148,7 +148,7 @@ function catchupAllFeeds() {
if (getInitParam("confirm_feed_catchup") != 1 || confirm(str)) {
var query_str = "backend.php?op=feeds&subop=catchupAll";
var query_str = "backend.php?op=feeds&method=catchupAll";
notify_progress("Marking all feeds as read...");
@ -165,10 +165,10 @@ function catchupAllFeeds() {
}
}
function viewCurrentFeed(subop) {
function viewCurrentFeed(method) {
if (getActiveFeedId() != undefined) {
viewfeed(getActiveFeedId(), subop, activeFeedIsCat());
viewfeed(getActiveFeedId(), method, activeFeedIsCat());
}
return false; // block unneeded form submits
}
@ -186,7 +186,7 @@ function timeout() {
window.clearTimeout(counter_timeout_id);
var query_str = "?op=rpc&subop=getAllCounters&seq=" + next_seq();
var query_str = "?op=rpc&method=getAllCounters&seq=" + next_seq();
var omode;
@ -222,7 +222,7 @@ function timeout() {
}
function search() {
var query = "backend.php?op=dlg&id=search&param=" +
var query = "backend.php?op=dlg&method=search&param=" +
param_escape(getActiveFeedId() + ":" + activeFeedIsCat());
if (dijit.byId("searchDlg"))
@ -302,7 +302,7 @@ function init() {
var hasAudio = !!((myAudioTag = document.createElement('audio')).canPlayType);
new Ajax.Request("backend.php", {
parameters: {op: "rpc", subop: "sanityCheck", hasAudio: hasAudio},
parameters: {op: "rpc", method: "sanityCheck", hasAudio: hasAudio},
onComplete: function(transport) {
backend_sanity_check_callback(transport);
} });
@ -436,7 +436,7 @@ function quickMenuGo(opid) {
dialog = new dijit.Dialog({
title: __("About..."),
style: "width: 400px",
href: "backend.php?op=dlg&id=about",
href: "backend.php?op=dlg&method=about",
});
dialog.show();
@ -454,7 +454,7 @@ function toggleDispRead() {
hideOrShowFeeds(hide);
var query = "?op=rpc&subop=setpref&key=HIDE_READ_FEEDS&value=" +
var query = "?op=rpc&method=setpref&key=HIDE_READ_FEEDS&value=" +
param_escape(hide);
setInitParam("hide_read_feeds", hide);
@ -555,7 +555,7 @@ function collapse_feedlist() {
dijit.byId("main").resize();
query = "?op=rpc&subop=setpref&key=_COLLAPSED_FEEDLIST&value=true";
query = "?op=rpc&method=setpref&key=_COLLAPSED_FEEDLIST&value=true";
new Ajax.Request("backend.php", { parameters: query });
} catch (e) {
@ -577,7 +577,7 @@ function viewLimitChanged() {
var pr = prompt(__("Assign score to article:"), score);
if (pr != undefined) {
var query = "?op=rpc&subop=setScore&id=" + id + "&score=" + pr;
var query = "?op=rpc&method=setScore&id=" + id + "&score=" + pr;
new Ajax.Request("backend.php", {
parameters: query,
@ -611,7 +611,7 @@ function rescoreCurrentFeed() {
if (confirm(pr)) {
notify_progress("Rescoring articles...");
var query = "?op=pref-feeds&subop=rescore&quiet=1&ids=" + actid;
var query = "?op=pref-feeds&method=rescore&quiet=1&ids=" + actid;
new Ajax.Request("backend.php", {
parameters: query,
@ -1024,7 +1024,7 @@ function inPreferences() {
function reverseHeadlineOrder() {
try {
var query_str = "?op=rpc&subop=togglepref&key=REVERSE_HEADLINES";
var query_str = "?op=rpc&method=togglepref&key=REVERSE_HEADLINES";
new Ajax.Request("backend.php", {
parameters: query_str,
@ -1049,7 +1049,7 @@ function scheduleFeedUpdate(id, is_cat) {
return;
}
var query = "?op=rpc&subop=scheduleFeedUpdate&id=" +
var query = "?op=rpc&method=scheduleFeedUpdate&id=" +
param_escape(id) +
"&is_cat=" + param_escape(is_cat);
@ -1078,7 +1078,7 @@ function scheduleFeedUpdate(id, is_cat) {
function newVersionDlg() {
try {
var query = "backend.php?op=dlg&id=newVersion";
var query = "backend.php?op=dlg&method=newVersion";
if (dijit.byId("newVersionDlg"))
dijit.byId("newVersionDlg").destroyRecursive();

52
js/viewfeed.js
Unescape Escape View File

@ -322,7 +322,7 @@ function view(id) {
hideAuxDlg();
var query = "?op=view&id=" + param_escape(id);
var query = "?op=article&method=view&id=" + param_escape(id);
var neighbor_ids = getRelativePostIds(id);
@ -406,7 +406,7 @@ function view(id) {
function toggleMark(id, client_only) {
try {
var query = "?op=rpc&id=" + id + "&subop=mark";
var query = "?op=rpc&id=" + id + "&method=mark";
var img = $("FMPIC-" + id);
@ -440,7 +440,7 @@ function toggleMark(id, client_only) {
function togglePub(id, client_only, no_effects, note) {
try {
var query = "?op=rpc&id=" + id + "&subop=publ";
var query = "?op=rpc&id=" + id + "&method=publ";
if (note != undefined) {
query = query + "&note=" + param_escape(note);
@ -601,7 +601,7 @@ function toggleUnread(id, cmode, effect) {
if (cmode == undefined) cmode = 2;
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=" + param_escape(cmode) + "&ids=" + param_escape(id);
// notify_progress("Loading, please wait...");
@ -629,7 +629,7 @@ function selectionRemoveLabel(id, ids) {
return;
}
var query = "?op=rpc&subop=removeFromLabel&ids=" +
var query = "?op=rpc&method=removeFromLabel&ids=" +
param_escape(ids.toString()) + "&lid=" + param_escape(id);
console.log(query);
@ -657,7 +657,7 @@ function selectionAssignLabel(id, ids) {
return;
}
var query = "?op=rpc&subop=assignToLabel&ids=" +
var query = "?op=rpc&method=assignToLabel&ids=" +
param_escape(ids.toString()) + "&lid=" + param_escape(id);
console.log(query);
@ -717,7 +717,7 @@ function selectionToggleUnread(set_state, callback, no_error) {
cmode = "0";
}
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=" + cmode + "&ids=" + param_escape(rows.toString());
notify_progress("Loading, please wait...");
@ -752,7 +752,7 @@ function selectionToggleMarked() {
if (rows.length > 0) {
var query = "?op=rpc&subop=markSelected&ids=" +
var query = "?op=rpc&method=markSelected&ids=" +
param_escape(rows.toString()) + "&cmode=2";
new Ajax.Request("backend.php", {
@ -784,7 +784,7 @@ function selectionTogglePublished() {
if (rows.length > 0) {
var query = "?op=rpc&subop=publishSelected&ids=" +
var query = "?op=rpc&method=publishSelected&ids=" +
param_escape(rows.toString()) + "&cmode=2";
new Ajax.Request("backend.php", {
@ -910,7 +910,7 @@ function deleteSelection() {
return;
}
query = "?op=rpc&subop=delete&ids=" + param_escape(rows);
query = "?op=rpc&method=delete&ids=" + param_escape(rows);
console.log(query);
@ -956,7 +956,7 @@ function archiveSelection() {
return;
}
query = "?op=rpc&subop="+op+"&ids=" + param_escape(rows);
query = "?op=rpc&method="+op+"&ids=" + param_escape(rows);
console.log(query);
@ -1006,7 +1006,7 @@ function catchupSelection() {
}
function editArticleTags(id) {
var query = "backend.php?op=dlg&id=editArticleTags&param=" + param_escape(id);
var query = "backend.php?op=dlg&method=editArticleTags&param=" + param_escape(id);
if (dijit.byId("editTagsDlg"))
dijit.byId("editTagsDlg").destroyRecursive();
@ -1052,7 +1052,7 @@ function editArticleTags(id) {
dojo.disconnect(tmph);
new Ajax.Autocompleter('tags_str', 'tags_choices',
"backend.php?op=rpc&subop=completeTags",
"backend.php?op=rpc&method=completeTags",
{ tokens: ',', paramName: "search" });
});
@ -1141,7 +1141,7 @@ function catchupBatchedArticles() {
try {
if (catchup_id_batch.length > 0 && !_infscroll_request_sent) {
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=0&ids=" + param_escape(catchup_id_batch.toString());
new Ajax.Request("backend.php", {
@ -1216,7 +1216,7 @@ function catchupRelativeToArticle(below, id) {
e.removeClassName("Unread");
}
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=0" + "&ids=" + param_escape(ids_to_mark.toString());
new Ajax.Request("backend.php", {
@ -1275,7 +1275,7 @@ function cdmExpandArticle(id) {
$("CWRAP-" + id).innerHTML = "<div class=\"insensitive\">" +
__("Loading, please wait...") + "</div>";
var query = "?op=rpc&subop=cdmGetArticle&id=" + param_escape(id);
var query = "?op=rpc&method=cdmGetArticle&id=" + param_escape(id);
var neighbor_ids = getRelativePostIds(id);
@ -1386,7 +1386,7 @@ function zoomToArticle(event, id) {
} else {
var query = "?op=rpc&subop=getArticles&ids=" + param_escape(id);
var query = "?op=rpc&method=getArticles&ids=" + param_escape(id);
notify_progress("Loading, please wait...", true);
@ -1514,7 +1514,7 @@ function emailArticle(id) {
if (dijit.byId("emailArticleDlg"))
dijit.byId("emailArticleDlg").destroyRecursive();
var query = "backend.php?op=dlg&id=emailArticle&param=" + param_escape(id);
var query = "backend.php?op=dlg&method=emailArticle&param=" + param_escape(id);
dialog = new dijit.Dialog({
id: "emailArticleDlg",
@ -1547,7 +1547,7 @@ function emailArticle(id) {
dojo.disconnect(tmph);
new Ajax.Autocompleter('emailArticleDlg_destination', 'emailArticleDlg_dst_choices',
"backend.php?op=rpc&subop=completeEmails",
"backend.php?op=rpc&method=completeEmails",
{ tokens: '', paramName: "search" });
});
@ -1558,7 +1558,7 @@ function emailArticle(id) {
document.forms['article_email_form'].destination.focus();
new Ajax.Autocompleter('destination', 'destination_choices',
"backend.php?op=rpc&subop=completeEmails",
"backend.php?op=rpc&method=completeEmails",
{ tokens: '', paramName: "search" });
}); */
@ -1685,7 +1685,7 @@ function cdmClicked(event, id) {
active_post_id = id;
var query = "?op=rpc&subop=catchupSelected" +
var query = "?op=rpc&method=catchupSelected" +
"&cmode=0&ids=" + param_escape(id);
new Ajax.Request("backend.php", {
@ -1770,7 +1770,7 @@ function getLastVisibleHeadlineId() {
function openArticleInNewWindow(id) {
toggleUnread(id, 0, false);
window.open("backend.php?op=la&id=" + id);
window.open("backend.php?op=article&method=redirect&id=" + id);
}
function isCdmMode() {
@ -1996,14 +1996,14 @@ function initHeadlinesMenu() {
function tweetArticle(id) {
try {
var query = "?op=rpc&subop=getTweetInfo&id=" + param_escape(id);
var query = "?op=rpc&method=getTweetInfo&id=" + param_escape(id);
console.log(query);
var d = new Date();
var ts = d.getTime();
var w = window.open('backend.php?op=loading', 'ttrss_tweet',
var w = window.open('backend.php?op=backend&method=loading', 'ttrss_tweet',
"status=0,toolbar=0,location=0,width=500,height=400,scrollbars=1,menubar=0");
new Ajax.Request("backend.php", {
@ -2028,7 +2028,7 @@ function tweetArticle(id) {
function editArticleNote(id) {
try {
var query = "backend.php?op=dlg&id=editArticleNote&param=" + param_escape(id);
var query = "backend.php?op=dlg&method=editArticleNote&param=" + param_escape(id);
if (dijit.byId("editNoteDlg"))
dijit.byId("editNoteDlg").destroyRecursive();
@ -2227,7 +2227,7 @@ function shareArticle(id) {
if (dijit.byId("shareArticleDlg"))
dijit.byId("shareArticleDlg").destroyRecursive();
var query = "backend.php?op=dlg&id=shareArticle&param=" + param_escape(id);
var query = "backend.php?op=dlg&method=shareArticle&param=" + param_escape(id);
dialog = new dijit.Dialog({
id: "shareArticleDlg",

911
modules/backend-rpc.php
Unescape Escape View File

@ -1,911 +0,0 @@
<?php
function handle_rpc_request($link) {
$subop = $_REQUEST["subop"];
$seq = (int) $_REQUEST["seq"];
// Silent
if ($subop == "setprofile") {
$id = db_escape_string($_REQUEST["id"]);
$_SESSION["profile"] = $id;
$_SESSION["prefs_cache"] = array();
return;
}
// Silent
if ($subop == "remprofiles") {
$ids = explode(",", db_escape_string(trim($_REQUEST["ids"])));
foreach ($ids as $id) {
if ($_SESSION["profile"] != $id) {
db_query($link, "DELETE FROM ttrss_settings_profiles WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
}
}
return;
}
// Silent
if ($subop == "addprofile") {
$title = db_escape_string(trim($_REQUEST["title"]));
if ($title) {
db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query($link, "INSERT INTO ttrss_settings_profiles (title, owner_uid)
VALUES ('$title', ".$_SESSION["uid"] .")");
$result = db_query($link, "SELECT id FROM ttrss_settings_profiles WHERE
title = '$title'");
if (db_num_rows($result) != 0) {
$profile_id = db_fetch_result($result, 0, "id");
if ($profile_id) {
initialize_user_prefs($link, $_SESSION["uid"], $profile_id);
}
}
}
db_query($link, "COMMIT");
}
return;
}
// Silent
if ($subop == "saveprofile") {
$id = db_escape_string($_REQUEST["id"]);
$title = db_escape_string(trim($_REQUEST["value"]));
if ($id == 0) {
print __("Default profile");
return;
}
if ($title) {
db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM ttrss_settings_profiles
WHERE title = '$title' AND owner_uid =" . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
db_query($link, "UPDATE ttrss_settings_profiles
SET title = '$title' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
print $title;
} else {
$result = db_query($link, "SELECT title FROM ttrss_settings_profiles
WHERE id = '$id' AND owner_uid =" . $_SESSION["uid"]);
print db_fetch_result($result, 0, "title");
}
db_query($link, "COMMIT");
}
return;
}
// Silent
if ($subop == "remarchive") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
$result = db_query($link, "DELETE FROM ttrss_archived_feeds WHERE
(SELECT COUNT(*) FROM ttrss_user_entries
WHERE orig_feed_id = '$id') = 0 AND
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
$rc = db_affected_rows($link, $result);
}
return;
}
if ($subop == "addfeed") {
$feed = db_escape_string($_REQUEST['feed']);
$cat = db_escape_string($_REQUEST['cat']);
$login = db_escape_string($_REQUEST['login']);
$pass = db_escape_string($_REQUEST['pass']);
$rc = subscribe_to_feed($link, $feed, $cat, $login, $pass);
print json_encode(array("result" => $rc));
return;
}
if ($subop == "extractfeedurls") {
$urls = get_feeds_from_html($_REQUEST['url']);
print json_encode(array("urls" => $urls));
return;
}
if ($subop == "togglepref") {
$key = db_escape_string($_REQUEST["key"]);
set_pref($link, $key, !get_pref($link, $key));
$value = get_pref($link, $key);
print json_encode(array("param" =>$key, "value" => $value));
return;
}
if ($subop == "setpref") {
$value = str_replace("\n", "<br/>", $_REQUEST['value']);
$key = db_escape_string($_REQUEST["key"]);
$value = db_escape_string($value);
set_pref($link, $key, $value);
print json_encode(array("param" =>$key, "value" => $value));
return;
}
if ($subop == "mark") {
$mark = $_REQUEST["mark"];
$id = db_escape_string($_REQUEST["id"]);
if ($mark == "1") {
$mark = "true";
} else {
$mark = "false";
}
$result = db_query($link, "UPDATE ttrss_user_entries SET marked = $mark
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "delete") {
$ids = db_escape_string($_REQUEST["ids"]);
$result = db_query($link, "DELETE FROM ttrss_user_entries
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "unarchive") {
$ids = db_escape_string($_REQUEST["ids"]);
$result = db_query($link, "UPDATE ttrss_user_entries
SET feed_id = orig_feed_id, orig_feed_id = NULL
WHERE ref_id IN ($ids) AND owner_uid = " . $_SESSION["uid"]);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "archive") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
archive_article($link, $id, $_SESSION["uid"]);
}
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "publ") {
$pub = $_REQUEST["pub"];
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
if ($pub == "1") {
$pub = "true";
} else {
$pub = "false";
}
$result = db_query($link, "UPDATE ttrss_user_entries SET
published = $pub
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$pubsub_result = false;
if (PUBSUBHUBBUB_HUB) {
$rss_link = get_self_url_prefix() .
"/public.php?op=rss&id=-2&key=" .
get_feed_access_key($link, -2, false);
$p = new Publisher(PUBSUBHUBBUB_HUB);
$pubsub_result = $p->publish_update($rss_link);
}
print json_encode(array("message" => "UPDATE_COUNTERS",
"pubsub_result" => $pubsub_result));
return;
}
// Silent
/* if ($subop == "update") {
$feed_id = db_escape_string($_REQUEST["feed"]);
update_rss_feed($link, $feed_id);
return;
} */
if ($subop == "updateAllFeeds" || $subop == "getAllCounters") {
$last_article_id = (int) $_REQUEST["last_article_id"];
$reply = array();
if ($seq) $reply['seq'] = $seq;
if ($last_article_id != getLastArticleId($link)) {
$omode = $_REQUEST["omode"];
if ($omode != "T")
$reply['counters'] = getAllCounters($link, $omode);
else
$reply['counters'] = getGlobalCounters($link);
}
$reply['runtime-info'] = make_runtime_info($link);
print json_encode($reply);
return;
}
/* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */
if ($subop == "catchupSelected") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
catchupArticlesById($link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "markSelected") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
markArticlesById($link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "publishSelected") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$cmode = sprintf("%d", $_REQUEST["cmode"]);
publishArticlesById($link, $ids, $cmode);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "sanityCheck") {
$_SESSION["hasAudio"] = $_REQUEST["hasAudio"] === "true";
$reply = array();
$reply['error'] = sanity_check($link);
if ($reply['error']['code'] == 0) {
$reply['init-params'] = make_init_params($link);
$reply['runtime-info'] = make_runtime_info($link);
}
print json_encode($reply);
return;
}
if ($subop == "setArticleTags") {
global $memcache;
$id = db_escape_string($_REQUEST["id"]);
$tags_str = db_escape_string($_REQUEST["tags_str"]);
$tags = array_unique(trim_array(explode(",", $tags_str)));
db_query($link, "BEGIN");
$result = db_query($link, "SELECT int_id FROM ttrss_user_entries WHERE
ref_id = '$id' AND owner_uid = '".$_SESSION["uid"]."' LIMIT 1");
if (db_num_rows($result) == 1) {
$tags_to_cache = array();
$int_id = db_fetch_result($result, 0, "int_id");
db_query($link, "DELETE FROM ttrss_tags WHERE
post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
foreach ($tags as $tag) {
$tag = sanitize_tag($tag);
if (!tag_is_valid($tag)) {
continue;
}
if (preg_match("/^[0-9]*$/", $tag)) {
continue;
}
// print "<!-- $id : $int_id : $tag -->";
if ($tag != '') {
db_query($link, "INSERT INTO ttrss_tags
(post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");
}
array_push($tags_to_cache, $tag);
}
/* update tag cache */
sort($tags_to_cache);
$tags_str = join(",", $tags_to_cache);
db_query($link, "UPDATE ttrss_user_entries
SET tag_cache = '$tags_str' WHERE ref_id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
db_query($link, "COMMIT");
if ($memcache) {
$obj_id = md5("TAGS:".$_SESSION["uid"].":$id");
$memcache->delete($obj_id);
}
$tags = get_article_tags($link, $id);
$tags_str = format_tags_string($tags, $id);
$tags_str_full = join(", ", $tags);
if (!$tags_str_full) $tags_str_full = __("no tags");
print json_encode(array("tags_str" => array("id" => $id,
"content" => $tags_str, "content_full" => $tags_str_full)));
return;
}
if ($subop == "regenOPMLKey") {
update_feed_access_key($link, 'OPML:Publish',
false, $_SESSION["uid"]);
$new_link = opml_publish_url($link);
print json_encode(array("link" => $new_link));
return;
}
if ($subop == "completeTags") {
$search = db_escape_string($_REQUEST["search"]);
$result = db_query($link, "SELECT DISTINCT tag_name FROM ttrss_tags
WHERE owner_uid = '".$_SESSION["uid"]."' AND
tag_name LIKE '$search%' ORDER BY tag_name
LIMIT 10");
print "<ul>";
while ($line = db_fetch_assoc($result)) {
print "<li>" . $line["tag_name"] . "</li>";
}
print "</ul>";
return;
}
if ($subop == "purge") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$days = sprintf("%d", $_REQUEST["days"]);
foreach ($ids as $id) {
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
id = '$id' AND owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) == 1) {
purge_feed($link, $id, $days);
}
}
return;
}
/* if ($subop == "setScore") {
$id = db_escape_string($_REQUEST["id"]);
$score = sprintf("%d", $_REQUEST["score"]);
$result = db_query($link, "UPDATE ttrss_user_entries SET score = '$score'
WHERE ref_id = '$id' AND owner_uid = ".$_SESSION["uid"]);
print "<rpc-reply><message>Acknowledged.</message></rpc-reply>";
return;
} */
if ($subop == "getArticles") {
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$articles = array();
foreach ($ids as $id) {
if ($id) {
array_push($articles, format_article($link, $id, 0, false));
}
}
print json_encode($articles);
return;
}
if ($subop == "checkDate") {
$date = db_escape_string($_REQUEST["date"]);
$date_parsed = strtotime($date);
print json_encode(array("result" => (bool)$date_parsed,
"date" => date("c", $date_parsed)));
return;
}
if ($subop == "assignToLabel" || $subop == "removeFromLabel") {
$reply = array();
$ids = explode(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = db_escape_string(label_find_caption($link, $label_id,
$_SESSION["uid"]));
$reply["info-for-headlines"] = array();
if ($label) {
foreach ($ids as $id) {
if ($subop == "assignToLabel")
label_add_article($link, $id, $label, $_SESSION["uid"]);
else
label_remove_article($link, $id, $label, $_SESSION["uid"]);
$labels = get_article_labels($link, $id, $_SESSION["uid"]);
array_push($reply["info-for-headlines"],
array("id" => $id, "labels" => format_article_labels($labels, $id)));
}
}
$reply["message"] = "UPDATE_COUNTERS";
print json_encode($reply);
return;
}
if ($subop == "updateFeedBrowser") {
$search = db_escape_string($_REQUEST["search"]);
$limit = db_escape_string($_REQUEST["limit"]);
$mode = (int) db_escape_string($_REQUEST["mode"]);
print json_encode(array("content" =>
make_feed_browser($link, $search, $limit, $mode),
"mode" => $mode));
return;
}
// Silent
if ($subop == "massSubscribe") {
$payload = json_decode($_REQUEST["payload"], false);
$mode = $_REQUEST["mode"];
if (!$payload || !is_array($payload)) return;
if ($mode == 1) {
foreach ($payload as $feed) {
$title = db_escape_string($feed[0]);
$feed_url = db_escape_string($feed[1]);
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query($link, "INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '')");
}
}
} else if ($mode == 2) {
// feed archive
foreach ($payload as $id) {
$result = db_query($link, "SELECT * FROM ttrss_archived_feeds
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title"));
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
$result = db_query($link, "INSERT INTO ttrss_feeds
(owner_uid,feed_url,title,cat_id,site_url)
VALUES ('$id','".$_SESSION["uid"]."',
'$feed_url', '$title', NULL, '$site_url')");
}
}
}
}
/* $ids = explode(",", db_escape_string($_REQUEST["ids"]));
$subscribed = array();
foreach ($ids as $id) {
if ($mode == 1) {
$result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
WHERE id = '$id'");
} else if ($mode == 2) {
$result = db_query($link, "SELECT * FROM ttrss_archived_feeds
WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$orig_id = db_escape_string(db_fetch_result($result, 0, "id"));
$site_url = db_escape_string(db_fetch_result($result, 0, "site_url"));
}
$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
$title = db_escape_string(db_fetch_result($result, 0, "title"));
$title_orig = db_fetch_result($result, 0, "title");
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
if ($mode == 1) {
$result = db_query($link,
"INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id)
VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
} else if ($mode == 2) {
$result = db_query($link,
"INSERT INTO ttrss_feeds (id,owner_uid,feed_url,title,cat_id,site_url)
VALUES ('$orig_id','".$_SESSION["uid"]."', '$feed_url', '$title', NULL, '$site_url')");
}
array_push($subscribed, $title_orig);
}
} */
return;
}
if ($subop == "digest-get-contents") {
$article_id = db_escape_string($_REQUEST['article_id']);
$result = db_query($link, "SELECT content,title,link,marked,published
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
$content = sanitize_rss($link, db_fetch_result($result, 0, "content"));
$title = strip_tags(db_fetch_result($result, 0, "title"));
$article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));
$published = sql_bool_to_bool(db_fetch_result($result, 0, "published"));
print json_encode(array("article" =>
array("id" => $article_id, "url" => $article_url,
"tags" => get_article_tags($link, $article_id),
"marked" => $marked, "published" => $published,
"title" => $title, "content" => $content)));
return;
}
if ($subop == "digest-update") {
$feed_id = db_escape_string($_REQUEST['feed_id']);
$offset = db_escape_string($_REQUEST['offset']);
$seq = db_escape_string($_REQUEST['seq']);
if (!$feed_id) $feed_id = -4;
if (!$offset) $offset = 0;
$reply = array();
$reply['seq'] = $seq;
$headlines = api_get_headlines($link, $feed_id, 30, $offset,
'', ($feed_id == -4), true, false, "unread", "updated DESC", 0, 0);
//function api_get_headlines($link, $feed_id, $limit, $offset,
// $filter, $is_cat, $show_excerpt, $show_content, $view_mode) {
$reply['headlines'] = array();
$reply['headlines']['title'] = getFeedTitle($link, $feed_id);
$reply['headlines']['content'] = $headlines;
print json_encode($reply);
return;
}
if ($subop == "digest-init") {
$tmp_feeds = api_get_feeds($link, -4, true, false, 0);
$feeds = array();
foreach ($tmp_feeds as $f) {
if ($f['id'] > 0 || $f['id'] == -4) array_push($feeds, $f);
}
print json_encode(array("feeds" => $feeds));
return;
}
if ($subop == "catchupFeed") {
$feed_id = db_escape_string($_REQUEST['feed_id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
catchup_feed($link, $feed_id, $is_cat);
print json_encode(array("message" => "UPDATE_COUNTERS"));
return;
}
if ($subop == "sendEmail") {
$secretkey = $_REQUEST['secretkey'];
require_once 'lib/phpmailer/class.phpmailer.php';
$reply = array();
if (DIGEST_ENABLE && $_SESSION['email_secretkey'] &&
$secretkey == $_SESSION['email_secretkey']) {
$_SESSION['email_secretkey'] = '';
$destination = $_REQUEST['destination'];
$subject = $_REQUEST['subject'];
$content = $_REQUEST['content'];
$replyto = strip_tags($_SESSION['email_replyto']);
$fromname = strip_tags($_SESSION['email_fromname']);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = $replyto;
$mail->FromName = $fromname;
$mail->AddAddress($destination);
if (DIGEST_SMTP_HOST) {
$mail->Host = DIGEST_SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
$mail->Username = DIGEST_SMTP_LOGIN;
$mail->Password = DIGEST_SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = $subject;
$mail->Body = $content;
$rc = $mail->Send();
if (!$rc) {
$reply['error'] = $mail->ErrorInfo;
} else {
save_email_address($link, db_escape_string($destination));
$reply['message'] = "UPDATE_COUNTERS";
}
} else {
$reply['error'] = "Not authorized.";
}
print json_encode($reply);
return;
}
if ($subop == "completeEmails") {
$search = db_escape_string($_REQUEST["search"]);
print "<ul>";
foreach ($_SESSION['stored_emails'] as $email) {
if (strpos($email, $search) !== false) {
print "<li>$email</li>";
}
}
print "</ul>";
return;
}
if ($subop == "quickAddCat") {
$cat = db_escape_string($_REQUEST["cat"]);
add_feed_category($link, $cat);
$result = db_query($link, "SELECT id FROM ttrss_feed_categories WHERE
title = '$cat' AND owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($result) == 1) {
$id = db_fetch_result($result, 0, "id");
} else {
$id = 0;
}
print_feed_cat_select($link, "cat_id", $id);
return;
}
if ($subop == "regenFeedKey") {
$feed_id = db_escape_string($_REQUEST['id']);
$is_cat = db_escape_string($_REQUEST['is_cat']) == "true";
$new_key = update_feed_access_key($link, $feed_id, $is_cat);
print json_encode(array("link" => $new_key));
return;
}
// Silent
if ($subop == "clearKeys") {
db_query($link, "DELETE FROM ttrss_access_keys WHERE
owner_uid = " . $_SESSION["uid"]);
return;
}
// Silent
if ($subop == "clearArticleKeys") {
db_query($link, "UPDATE ttrss_user_entries SET uuid = '' WHERE
owner_uid = " . $_SESSION["uid"]);
return;
}
if ($subop == "verifyRegexp") {
$reg_exp = $_REQUEST["reg_exp"];
$status = @preg_match("/$reg_exp/i", "TEST") !== false;
print json_encode(array("status" => $status));
return;
}
// TODO: unify with digest-get-contents?
if ($subop == "cdmGetArticle") {
$ids = array(db_escape_string($_REQUEST["id"]));
$cids = explode(",", $_REQUEST["cids"]);
$ids = array_merge($ids, $cids);
$rv = array();
foreach ($ids as $id) {
$id = (int)$id;
$result = db_query($link, "SELECT content,
ttrss_feeds.site_url AS site_url FROM ttrss_user_entries, ttrss_feeds,
ttrss_entries
WHERE feed_id = ttrss_feeds.id AND ref_id = '$id' AND
ttrss_entries.id = ref_id AND
ttrss_user_entries.owner_uid = ".$_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$line = db_fetch_assoc($result);
$article_content = sanitize_rss($link, $line["content"],
false, false, $line['site_url']);
array_push($rv,
array("id" => $id, "content" => $article_content));
}
}
print json_encode($rv);
return;
}
if ($subop == "scheduleFeedUpdate") {
$feed_id = db_escape_string($_REQUEST["id"]);
$is_cat = db_escape_string($_REQUEST['is_cat']) == 'true';
$message = __("Your request could not be completed.");
if ($feed_id >= 0) {
if (!$is_cat) {
$message = __("Feed update has been scheduled.");
db_query($link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE id = '$feed_id' AND
owner_uid = ".$_SESSION["uid"]);
} else {
$message = __("Category update has been scheduled.");
if ($feed_id)
$cat_query = "cat_id = '$feed_id'";
else
$cat_query = "cat_id IS NULL";
db_query($link, "UPDATE ttrss_feeds SET
last_update_started = '1970-01-01',
last_updated = '1970-01-01' WHERE $cat_query AND
owner_uid = ".$_SESSION["uid"]);
}
} else {
$message = __("Can't update this kind of feed.");
}
print json_encode(array("message" => $message));
return;
}
if ($subop == "getTweetInfo") {
$id = db_escape_string($_REQUEST['id']);
$result = db_query($link, "SELECT title, link
FROM ttrss_entries, ttrss_user_entries
WHERE id = '$id' AND ref_id = id AND owner_uid = " .$_SESSION['uid']);
if (db_num_rows($result) != 0) {
$title = truncate_string(strip_tags(db_fetch_result($result, 0, 'title')),
100, '...');
$article_link = db_fetch_result($result, 0, 'link');
}
print json_encode(array("title" => $title, "link" => $article_link,
"id" => $id));
return;
}
if ($subop == "setNote") {
$id = db_escape_string($_REQUEST["id"]);
$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
db_query($link, "UPDATE ttrss_user_entries SET note = '$note'
WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
$formatted_note = format_article_note($id, $note);
print json_encode(array("note" => $formatted_note,
"raw_length" => mb_strlen($note)));
return;
}
if ($subop == "genHash") {
$hash = sha1(uniqid(rand(), true));
print json_encode(array("hash" => $hash));
return;
}
print json_encode(array("error" => array("code" => 7,
"message" => "Unknown method: $subop")));
}
?>

27
modules/help.php
Unescape Escape View File

@ -1,27 +0,0 @@
<?php
function module_help($link) {
if (!$_REQUEST["noheaders"]) {
print "<html><head>
<title>".__('Help')."</title>
<link rel=\"stylesheet\" href=\"utility.css\" type=\"text/css\">
<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">
</head><body>";
}
$tid = sprintf("%d", $_REQUEST["tid"]);
if (file_exists("help/$tid.php")) {
include("help/$tid.php");
} else {
print "<p>".__("Help topic not found.")."</p>";
}
print "<div align='center'>
<button onclick=\"javascript:window.close()\">".
__('Close this window')."</button></div>";
if (!$_REQUEST["noheaders"]) {
print "</body></html>";
}
}
?>

166
modules/opml_domdoc.php
Unescape Escape View File

@ -1,166 +0,0 @@
<?php
function opml_import_domdoc($link, $owner_uid) {
if (is_file($_FILES['opml_file']['tmp_name'])) {
$doc = DOMDocument::load($_FILES['opml_file']['tmp_name']);
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = 'Imported feeds' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 1) {
$default_cat_id = db_fetch_result($result, 0, "id");
} else {
$default_cat_id = 0;
}
if ($doc) {
$body = $doc->getElementsByTagName('body');
$xpath = new DOMXpath($doc);
$query = "/opml/body//outline";
$outlines = $xpath->query($query);
foreach ($outlines as $outline) {
$feed_title = db_escape_string($outline->attributes->getNamedItem('text')->nodeValue);
if (!$feed_title) {
$feed_title = db_escape_string($outline->attributes->getNamedItem('title')->nodeValue);
}
$cat_title = db_escape_string($outline->attributes->getNamedItem('title')->nodeValue);
if (!$cat_title) {
$cat_title = db_escape_string($outline->attributes->getNamedItem('text')->nodeValue);
}
$feed_url = db_escape_string($outline->attributes->getNamedItem('xmlUrl')->nodeValue);
if (!$feed_url)
$feed_url = db_escape_string($outline->attributes->getNamedItem('xmlURL')->nodeValue);
$site_url = db_escape_string($outline->attributes->getNamedItem('htmlUrl')->nodeValue);
$pref_name = db_escape_string($outline->attributes->getNamedItem('pref-name')->nodeValue);
if ($cat_title && !$feed_url) {
if ($cat_title != "tt-rss-prefs") {
db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = '$cat_title' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 0) {
printf(__("<li>Adding category <b>%s</b>.</li>"), $cat_title);
db_query($link, "INSERT INTO ttrss_feed_categories
(title,owner_uid)
VALUES ('$cat_title', '$owner_uid')");
}
db_query($link, "COMMIT");
}
}
// print "$active_category : $feed_title : $feed_url<br>";
if ($pref_name) {
$parent_node = $outline->parentNode;
if ($parent_node && $parent_node->nodeName == "outline") {
$cat_check = $parent_node->attributes->getNamedItem('title')->nodeValue;
if ($cat_check == "tt-rss-prefs") {
$pref_value = db_escape_string($outline->attributes->getNamedItem('value')->nodeValue);
printf("<li>".
__("Setting preference key %s to %s")."</li>",
$pref_name, $pref_value);
set_pref($link, $pref_name, $pref_value);
}
}
}
if (!$feed_title || !$feed_url) continue;
db_query($link, "BEGIN");
$cat_id = null;
$parent_node = $outline->parentNode;
if ($parent_node && $parent_node->nodeName == "outline") {
$element_category = $parent_node->attributes->getNamedItem('title')->nodeValue;
if (!$element_category) $element_category = $parent_node->attributes->getNamedItem('text')->nodeValue;
} else {
$element_category = '';
}
if ($element_category) {
$element_category = db_escape_string($element_category);
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = '$element_category' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 1) {
$cat_id = db_fetch_result($result, 0, "id");
}
}
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url'
AND owner_uid = '$owner_uid'");
print "<li><a target='_blank' href='$site_url'><b>$feed_title</b></a></b>
(<a target='_blank' href=\"$feed_url\">rss</a>)&nbsp;";
if (db_num_rows($result) > 0) {
print __('is already imported.');
} else {
if ($cat_id) {
$add_query = "INSERT INTO ttrss_feeds
(title, feed_url, owner_uid, cat_id, site_url) VALUES
('$feed_title', '$feed_url', '$owner_uid',
'$cat_id', '$site_url')";
} else {
$add_query = "INSERT INTO ttrss_feeds
(title, feed_url, owner_uid, cat_id, site_url) VALUES
('$feed_title', '$feed_url', '$owner_uid', '$default_cat_id',
'$site_url')";
}
//print $add_query;
db_query($link, $add_query);
print __('OK');
}
print "</li>";
db_query($link, "COMMIT");
}
} else {
print_error(__('Error while parsing document.'));
}
} else {
print_error(__('Error: please upload OPML file.'));
}
}
?>

1122
modules/popup-dialog.php
View File

File diff suppressed because it is too large Load Diff

1685
modules/pref-feeds.php
View File

File diff suppressed because it is too large Load Diff

579
modules/pref-filters.php
Unescape Escape View File

@ -1,579 +0,0 @@
<?php
function filter_test($link, $filter_type, $reg_exp,
$action_id, $action_param, $filter_param, $inverse, $feed_id) {
$result = db_query($link, "SELECT name FROM ttrss_filter_types WHERE
id = " . $filter_type);
$type_name = db_fetch_result($result, 0, "name");
$result = db_query($link, "SELECT name FROM ttrss_filter_actions WHERE
id = " . $action_id);
$action_name = db_fetch_result($result, 0, "name");
$filter["reg_exp"] = $reg_exp;
$filter["action"] = $action_name;
$filter["type"] = $type_name;
$filter["action_param"] = $action_param;
$filter["filter_param"] = $filter_param;
$filter["inverse"] = $inverse;
$filters[$type_name] = array($filter);
if ($feed_id)
$feed = $feed_id;
else
$feed = -4;
$feed_title = getFeedTitle($link, $feed);
$qfh_ret = queryFeedHeadlines($link, $feed,
30, "", false, false, false,
false, "date_entered DESC", 0, $_SESSION["uid"], $filter);
$result = $qfh_ret[0];
$articles = array();
$found = 0;
print __("Articles matching this filter:");
print "<div class=\"inactiveFeedHolder\">";
print "<table width=\"100%\" cellspacing=\"0\" id=\"prefErrorFeedList\">";
while ($line = db_fetch_assoc($result)) {
$entry_timestamp = strtotime($line["updated"]);
$entry_tags = get_article_tags($link, $line["id"], $_SESSION["uid"]);
$content_preview = truncate_string(
strip_tags($line["content_preview"]), 100, '...');
if ($line["feed_title"])
$feed_title = $line["feed_title"];
print "<tr>";
print "<td width='5%' align='center'><input
dojoType=\"dijit.form.CheckBox\" checked=\"1\"
disabled=\"1\" type=\"checkbox\"></td>";
print "<td>";
print $line["title"];
print "&nbsp;(";
print "<b>" . $feed_title . "</b>";
print "):&nbsp;";
print "<span class=\"insensitive\">" . $content_preview . "</span>";
print " " . mb_substr($line["date_entered"], 0, 16);
print "</td></tr>";
$found++;
}
if ($found == 0) {
print "<tr><td align='center'>" .
__("No articles matching this filter has been found.") . "</td></tr>";
}
print "</table>";
print "</div>";
}
function module_pref_filters($link) {
$subop = $_REQUEST["subop"];
$quiet = $_REQUEST["quiet"];
if ($subop == "getfiltertree") {
$root = array();
$root['id'] = 'root';
$root['name'] = __('Filters');
$root['items'] = array();
$result = db_query($link, "SELECT
ttrss_filters.id AS id,reg_exp,
ttrss_filter_types.name AS filter_type_name,
ttrss_filter_types.description AS filter_type_descr,
enabled,
inverse,
feed_id,
action_id,
filter_param,
filter_type,
ttrss_filter_actions.description AS action_description,
ttrss_feeds.title AS feed_title,
ttrss_filter_actions.name AS action_name,
ttrss_filters.action_param AS action_param
FROM
ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
WHERE
filter_type = ttrss_filter_types.id AND
ttrss_filter_actions.id = action_id AND
ttrss_filters.owner_uid = ".$_SESSION["uid"]."
ORDER by action_description, reg_exp");
$cat = false;
$cur_action_description = "";
if (db_num_rows($result) > 0) {
while ($line = db_fetch_assoc($result)) {
if ($cur_action_description != $line['action_description']) {
if ($cat)
array_push($root['items'], $cat);
$cat = array();
$cat['id'] = 'ACTION:' . $line['action_id'];
$cat['name'] = $line['action_description'];
$cat['items'] = array();
$cur_action_description = $line['action_description'];
}
if (array_search($line["action_name"],
array("score", "tag", "label")) === false) {
$line["action_param"] = '';
} else {
if ($line['action_name'] == 'label') {
$tmp_result = db_query($link, "SELECT fg_color, bg_color
FROM ttrss_labels2 WHERE caption = '".
db_escape_string($line["action_param"])."' AND
owner_uid = " . $_SESSION["uid"]);
if (db_num_rows($tmp_result) != 0) {
$fg_color = db_fetch_result($tmp_result, 0, "fg_color");
$bg_color = db_fetch_result($tmp_result, 0, "bg_color");
$tmp = "<span class=\"labelColorIndicator\" style='color : $fg_color; background-color : $bg_color'>&alpha;</span> " . $line['action_param'];
$line['action_param'] = $tmp;
}
}
}
$filter = array();
$filter['id'] = 'FILTER:' . $line['id'];
$filter['bare_id'] = $line['id'];
$filter['name'] = $line['reg_exp'];
$filter['type'] = $line['filter_type'];
$filter['enabled'] = sql_bool_to_bool($line['enabled']);
$filter['param'] = $line['action_param'];
$filter['inverse'] = sql_bool_to_bool($line['inverse']);
$filter['checkbox'] = false;
if ($line['feed_id'])
$filter['feed'] = $line['feed_title'];
array_push($cat['items'], $filter);
}
array_push($root['items'], $cat);
}
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
return;
}
if ($subop == "edit") {
$filter_id = db_escape_string($_REQUEST["id"]);
$result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
$filter_type = db_fetch_result($result, 0, "filter_type");
$feed_id = db_fetch_result($result, 0, "feed_id");
$action_id = db_fetch_result($result, 0, "action_id");
$action_param = db_fetch_result($result, 0, "action_param");
$filter_param = db_fetch_result($result, 0, "filter_param");
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled"));
$inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = __($line["description"]);
}
print "<div class=\"dlgSec\">".__("Match")."</div>";
print "<div class=\"dlgSecCont\">";
if ($filter_type != 5) {
$date_ops_invisible = 'style="display : none"';
}
print "<span id=\"filterDlg_dateModBox\" $date_ops_invisible>";
print __("Date") . " ";
$filter_params = array(
"before" => __("before"),
"after" => __("after"));
print_select_hash("filter_date_modifier", $filter_param,
$filter_params, 'dojoType="dijit.form.Select"');
print "&nbsp;</span>";
print "<input dojoType=\"dijit.form.ValidationTextBox\"
required=\"1\"
name=\"reg_exp\" style=\"font-size : 16px;\" value=\"$reg_exp\">";
print "<span id=\"filterDlg_dateChkBox\" $date_ops_invisible>";
print "&nbsp;<button dojoType=\"dijit.form.Button\" onclick=\"return filterDlgCheckDate()\">".
__('Check it')."</button>";
print "</span>";
print "<hr/> " . __("on field") . " ";
print_select_hash("filter_type", $filter_type, $filter_types,
'onchange="filterDlgCheckType(this)" dojoType="dijit.form.Select"');
print "<hr/>";
print __("in") . " ";
print_feed_select($link, "feed_id", $feed_id,
'dojoType="dijit.form.FilteringSelect"');
print "</div>";
print "<div class=\"dlgSec\">".__("Perform Action")."</div>";
print "<div class=\"dlgSecCont\">";
print "<select name=\"action_id\" dojoType=\"dijit.form.Select\"
onchange=\"filterDlgCheckAction(this)\">";
$result = db_query($link, "SELECT id,description FROM ttrss_filter_actions
ORDER BY name");
while ($line = db_fetch_assoc($result)) {
$is_sel = ($line["id"] == $action_id) ? "selected=\"1\"" : "";
printf("<option value='%d' $is_sel>%s</option>", $line["id"], __($line["description"]));
}
print "</select>";
$param_hidden = ($action_id == 4 || $action_id == 6 || $action_id == 7) ? "" : "display : none";
print "<span id=\"filterDlg_paramBox\" style=\"$param_hidden\">";
print " " . __("with parameters:") . " ";
$param_int_hidden = ($action_id != 7) ? "" : "display : none";
print "<input style=\"$param_int_hidden\"
dojoType=\"dijit.form.TextBox\" id=\"filterDlg_actionParam\"
name=\"action_param\" value=\"$action_param\">";
$param_int_hidden = ($action_id == 7) ? "" : "display : none";
print_label_select($link, "action_param_label", $action_param,
"style=\"$param_int_hidden\"" .
'id="filterDlg_actionParamLabel" dojoType="dijit.form.Select"');
print "</span>";
print "&nbsp;"; // tiny layout hack
print "</div>";
print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">";
print "<div style=\"line-height : 100%\">";
if ($enabled) {
$checked = "checked=\"1\"";
} else {
$checked = "";
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"enabled\" id=\"enabled\" $checked>
<label for=\"enabled\">".__('Enabled')."</label><hr/>";
if ($inverse) {
$checked = "checked=\"1\"";
} else {
$checked = "";
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse match')."</label>";
print "</div>";
print "</div>";
print "<div class=\"dlgButtons\">";
print "<div style=\"float : left\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').removeFilter()\">".
__('Remove')."</button>";
print "</div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').test()\">".
__('Test')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').execute()\">".
__('Save')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return dijit.byId('filterEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
return;
}
if ($subop == "editSave") {
global $memcache;
if ($memcache) $memcache->flush();
$savemode = db_escape_string($_REQUEST["savemode"]);
$reg_exp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$filter_id = db_escape_string($_REQUEST["id"]);
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
if (!$feed_id) {
$feed_id = 'NULL';
} else {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
if ($savemode != "test") {
$result = db_query($link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
feed_id = $feed_id,
action_id = '$action_id',
filter_type = '$filter_type',
enabled = $enabled,
inverse = $inverse,
action_param = '$action_param',
filter_param = '$filter_param'
WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
} else {
filter_test($link, $filter_type, $reg_exp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('filterTestDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
return;
}
if ($subop == "remove") {
if ($memcache) $memcache->flush();
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
}
return;
}
if ($subop == "add") {
if ($memcache) $memcache->flush();
$savemode = db_escape_string($_REQUEST["savemode"]);
$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
if (!$regexp) return;
if (!$feed_id) {
$feed_id = 'NULL';
} else {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
if ($action_id == 7) {
$action_param = $action_param_label;
}
if ($action_id == 6) {
$action_param = (int) str_replace("+", "", $action_param);
}
if ($savemode != "test") {
$result = db_query($link,
"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
action_id, action_param, inverse, filter_param)
VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."',
$feed_id, '$action_id', '$action_param', $inverse,
'$filter_param')");
if (db_affected_rows($link, $result) != 0) {
print T_sprintf("Created filter <b>%s</b>", htmlspecialchars($regexp));
}
} else {
filter_test($link, $filter_type, $regexp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"return dijit.byId('filterTestDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
return;
}
if ($quiet) return;
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "reg_exp";
}
$result = db_query($link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
$filter_types = array();
while ($line = db_fetch_assoc($result)) {
//array_push($filter_types, $line["description"]);
$filter_types[$line["id"]] = $line["description"];
}
$filter_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_filter_search"] = $filter_search;
} else {
$filter_search = $_SESSION["prefs_filter_search"];
}
print "<div id=\"pref-filter-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-filter-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-filter-toolbar\" dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('filterTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return quickAddFilter()\">".
__('Create filter')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editSelectedFilter()\">".
__('Edit')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return removeSelectedFilters()\">".
__('Remove')."</button> ";
if (defined('_ENABLE_FEED_DEBUGGING')) {
print "<button dojoType=\"dijit.form.Button\" onclick=\"rescore_all_feeds()\">".
__('Rescore articles')."</button> ";
}
print "</div>"; # toolbar
print "</div>"; # toolbar-frame
print "<div id=\"pref-filter-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"filterlistLoading\">
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"filterStore\"
url=\"backend.php?op=pref-filters&subop=getfiltertree\">
</div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"filterModel\" store=\"filterStore\"
query=\"{id:'root'}\" rootId=\"root\" rootLabel=\"Feeds\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div>
<div dojoType=\"fox.PrefFilterTree\" id=\"filterTree\"
model=\"filterModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"filterlistLoading\");
</script>
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
var bare_id = id.substr(id.indexOf(':')+1);
if (id.match('FILTER:')) {
editFilter(bare_id);
}
</script>
</div>";
print "</div>"; #pane
print "</div>"; #container
}
?>

321
modules/pref-labels.php
Unescape Escape View File

@ -1,321 +0,0 @@
<?php
function module_pref_labels($link) {
$subop = $_REQUEST["subop"];
if ($subop == "edit") {
$label_id = db_escape_string($_REQUEST['id']);
$result = db_query($link, "SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$line = db_fetch_assoc($result);
# print "<form id=\"label_edit_form\" name=\"label_edit_form\"
# onsubmit=\"return false;\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$label_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-labels\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"save\">";
print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "<div class=\"dlgSecCont\">";
$fg_color = $line['fg_color'];
$bg_color = $line['bg_color'];
print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>";
print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">";
print "</div>";
print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
print "<div class=\"dlgSecCont\">";
print "<table cellspacing=\"0\">";
print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
"</td></tr>";
print "<tr><td style='padding-right : 10px'>";
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">";
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">";
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color});
</script>
</div>";
print "</div>";
print "</td><td>";
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script>
</div>";
print "</div>";
print "</td></tr></table>";
print "</div>";
# print "</form>";
print "<div class=\"dlgButtons\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
__('Save')."</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
return;
}
if ($subop == "getlabeltree") {
$root = array();
$root['id'] = 'root';
$root['name'] = __('Labels');
$root['items'] = array();
$result = db_query($link, "SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
ORDER BY caption");
while ($line = db_fetch_assoc($result)) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
$label['name'] = $line['caption'];
$label['fg_color'] = $line['fg_color'];
$label['bg_color'] = $line['bg_color'];
$label['type'] = 'label';
$label['checkbox'] = false;
array_push($root['items'], $label);
}
$fl = array();
$fl['identifier'] = 'id';
$fl['label'] = 'name';
$fl['items'] = array($root);
print json_encode($fl);
return;
}
if ($subop == "color-set") {
$kind = db_escape_string($_REQUEST["kind"]);
$ids = split(',', db_escape_string($_REQUEST["ids"]));
$color = db_escape_string($_REQUEST["color"]);
$fg = db_escape_string($_REQUEST["fg"]);
$bg = db_escape_string($_REQUEST["bg"]);
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
db_query($link, "UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
} else {
db_query($link, "UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
}
$caption = db_escape_string(label_find_caption($link, $id, $_SESSION["uid"]));
/* Remove cached data */
db_query($link, "UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
return;
}
if ($subop == "color-reset") {
$ids = split(',', db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
db_query($link, "UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$caption = db_escape_string(label_find_caption($link, $id, $_SESSION["uid"]));
/* Remove cached data */
db_query($link, "UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
}
}
if ($subop == "save") {
$id = db_escape_string($_REQUEST["id"]);
$caption = db_escape_string(trim($_REQUEST["caption"]));
db_query($link, "BEGIN");
$result = db_query($link, "SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) != 0) {
$old_caption = db_fetch_result($result, 0, "caption");
$result = db_query($link, "SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
if (db_num_rows($result) == 0) {
if ($caption) {
$result = db_query($link, "UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
/* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption);
db_query($link, "UPDATE ttrss_filters SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7
AND owner_uid = " . $_SESSION["uid"]);
print $_REQUEST["value"];
} else {
print $old_caption;
}
} else {
print $old_caption;
}
}
db_query($link, "COMMIT");
return;
}
if ($subop == "remove") {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
label_remove($link, $id, $_SESSION["uid"]);
}
}
if ($subop == "add") {
$caption = db_escape_string($_REQUEST["caption"]);
$output = db_escape_string($_REQUEST["output"]);
if ($caption) {
if (label_create($link, $caption)) {
if (!$output) {
print T_sprintf("Created label <b>%s</b>", htmlspecialchars($caption));
}
}
if ($output == "select") {
header("Content-Type: text/xml");
print "<rpc-reply><payload>";
print_label_select($link, "select_label",
$caption, "");
print "</payload></rpc-reply>";
}
}
return;
}
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "caption";
}
$label_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_label_search"] = $label_search;
} else {
$label_search = $_SESSION["prefs_label_search"];
}
print "<div id=\"pref-label-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-label-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-label-toolbar\" dojoType=\"dijit.Toolbar\">";
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(true)\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"dijit.byId('labelTree').model.setAllChecked(false)\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print"<button dojoType=\"dijit.form.Button\" onclick=\"return addLabel()\">".
__('Create label')."</button dojoType=\"dijit.form.Button\"> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"removeSelectedLabels()\">".
__('Remove')."</button dojoType=\"dijit.form.Button\"> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"labelColorReset()\">".
__('Clear colors')."</button dojoType=\"dijit.form.Button\">";
print "</div>"; #toolbar
print "</div>"; #pane
print "<div id=\"pref-label-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<div id=\"labellistLoading\">
<img src='images/indicator_tiny.gif'>".
__("Loading, please wait...")."</div>";
print "<div dojoType=\"dojo.data.ItemFileWriteStore\" jsId=\"labelStore\"
url=\"backend.php?op=pref-labels&subop=getlabeltree\">
</div>
<div dojoType=\"lib.CheckBoxStoreModel\" jsId=\"labelModel\" store=\"labelStore\"
query=\"{id:'root'}\" rootId=\"root\"
childrenAttrs=\"items\" checkboxStrict=\"false\" checkboxAll=\"false\">
</div>
<div dojoType=\"fox.PrefLabelTree\" id=\"labelTree\"
model=\"labelModel\" openOnClick=\"true\">
<script type=\"dojo/method\" event=\"onLoad\" args=\"item\">
Element.hide(\"labellistLoading\");
</script>
<script type=\"dojo/method\" event=\"onClick\" args=\"item\">
var id = String(item.id);
var bare_id = id.substr(id.indexOf(':')+1);
if (id.match('LABEL:')) {
editLabel(bare_id);
}
</script>
</div>";
print "</div>"; #pane
print "</div>"; #container
}
?>

512
modules/pref-prefs.php
Unescape Escape View File

@ -1,512 +0,0 @@
<?php
function module_pref_prefs($link) {
global $access_level_names;
$subop = $_REQUEST["subop"];
$prefs_blacklist = array("HIDE_READ_FEEDS", "FEEDS_SORT_BY_UNREAD",
"STRIP_UNSAFE_TAGS");
$profile_blacklist = array("ALLOW_DUPLICATE_POSTS", "PURGE_OLD_DAYS",
"PURGE_UNREAD_ARTICLES", "DIGEST_ENABLE", "DIGEST_CATCHUP",
"BLACKLISTED_TAGS", "ENABLE_API_ACCESS", "UPDATE_POST_ON_CHECKSUM_CHANGE",
"DEFAULT_UPDATE_INTERVAL", "USER_TIMEZONE", "SORT_HEADLINES_BY_FEED_DATE",
"SSL_CERT_SERIAL");
/* if (FORCE_ARTICLE_PURGE != 0) {
array_push($prefs_blacklist, "PURGE_OLD_DAYS");
array_push($prefs_blacklist, "PURGE_UNREAD_ARTICLES");
} */
if ($subop == "change-password") {
$old_pw = $_POST["old_password"];
$new_pw = $_POST["new_password"];
$con_pw = $_POST["confirm_password"];
if ($old_pw == "") {
print "ERROR: ".__("Old password cannot be blank.");
return;
}
if ($new_pw == "") {
print "ERROR: ".__("New password cannot be blank.");
return;
}
if ($new_pw != $con_pw) {
print "ERROR: ".__("Entered passwords do not match.");
return;
}
$old_pw_hash1 = encrypt_password($old_pw);
$old_pw_hash2 = encrypt_password($old_pw, $_SESSION["name"]);
$new_pw_hash = encrypt_password($new_pw, $_SESSION["name"]);
$active_uid = $_SESSION["uid"];
if ($old_pw && $new_pw) {
$login = db_escape_string($_SERVER['PHP_AUTH_USER']);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
id = '$active_uid' AND (pwd_hash = '$old_pw_hash1' OR
pwd_hash = '$old_pw_hash2')");
if (db_num_rows($result) == 1) {
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$new_pw_hash'
WHERE id = '$active_uid'");
$_SESSION["pwd_hash"] = $new_pw_hash;
print __("Password has been changed.");
} else {
print "ERROR: ".__('Old password is incorrect.');
}
}
return;
} else if ($subop == "save-config") {
# $_SESSION["prefs_op_result"] = "save-config";
$_SESSION["prefs_cache"] = false;
// print_r($_POST);
$orig_theme = get_pref($link, "_THEME_ID");
foreach (array_keys($_POST) as $pref_name) {
$pref_name = db_escape_string($pref_name);
$value = db_escape_string($_POST[$pref_name]);
set_pref($link, $pref_name, $value);
}
if ($orig_theme != get_pref($link, "_THEME_ID")) {
print "PREFS_THEME_CHANGED";
} else {
print __("The configuration was saved.");
}
return;
} else if ($subop == "getHelp") {
$pref_name = db_escape_string($_REQUEST["pn"]);
$result = db_query($link, "SELECT help_text FROM ttrss_prefs
WHERE pref_name = '$pref_name'");
if (db_num_rows($result) > 0) {
$help_text = db_fetch_result($result, 0, "help_text");
print $help_text;
} else {
printf(__("Unknown option: %s"), $pref_name);
}
} else if ($subop == "change-email") {
$email = db_escape_string($_POST["email"]);
$full_name = db_escape_string($_POST["full_name"]);
$active_uid = $_SESSION["uid"];
db_query($link, "UPDATE ttrss_users SET email = '$email',
full_name = '$full_name' WHERE id = '$active_uid'");
print __("Your personal data has been saved.");
return;
} else if ($subop == "reset-config") {
$_SESSION["prefs_op_result"] = "reset-to-defaults";
if ($_SESSION["profile"]) {
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
$profile_qpart = "profile IS NULL";
}
db_query($link, "DELETE FROM ttrss_user_prefs
WHERE $profile_qpart AND owner_uid = ".$_SESSION["uid"]);
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
print "PREFS_THEME_CHANGED";
// print __("The configuration was reset to defaults.");
return;
} else {
if (!SINGLE_USER_MODE) {
$_SESSION["prefs_op_result"] = "";
print "<div dojoType=\"dijit.layout.AccordionContainer\" region=\"center\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Personal data')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeUserdataForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
notify_progress('Saving data...', true);
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
notify_callback2(transport);
} });
}
</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
$result = db_query($link, "SELECT email,full_name,
access_level FROM ttrss_users
WHERE id = ".$_SESSION["uid"]);
$email = htmlspecialchars(db_fetch_result($result, 0, "email"));
$full_name = htmlspecialchars(db_fetch_result($result, 0, "full_name"));
print "<tr><td width=\"40%\">".__('Full name')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"full_name\" required=\"1\"
value=\"$full_name\"></td></tr>";
print "<tr><td width=\"40%\">".__('E-mail')."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" name=\"email\" required=\"1\" value=\"$email\"></td></tr>";
if (!SINGLE_USER_MODE) {
$access_level = db_fetch_result($result, 0, "access_level");
print "<tr><td width=\"40%\">".__('Access level')."</td>";
print "<td>" . $access_level_names[$access_level] . "</td></tr>";
}
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-email\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Save data")."</button>";
print "</form>";
print "</div>"; # pane
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Authentication')."\">";
$result = db_query($link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
= 'SHA1:5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8'");
if (db_num_rows($result) != 0) {
print format_warning(__("Your password is at default value, please change it."), "default_pass_warning");
}
print "<form dojoType=\"dijit.form.Form\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
notify_progress('Changing password...', true);
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
notify('');
if (transport.responseText.indexOf('ERROR: ') == 0) {
notify_error(transport.responseText.replace('ERROR: ', ''));
} else {
notify_info(transport.responseText);
var warn = $('default_pass_warning');
if (warn) Element.hide(warn);
}
}});
this.reset();
}
</script>";
print "<table width=\"100%\" class=\"prefPrefsList\">";
print "<tr><td width=\"40%\">".__("Old password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"old_password\"></td></tr>";
print "<tr><td width=\"40%\">".__("New password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\"
name=\"new_password\"></td></tr>";
print "<tr><td width=\"40%\">".__("Confirm password")."</td>";
print "<td class=\"prefValue\"><input dojoType=\"dijit.form.ValidationTextBox\" type=\"password\" required=\"1\" name=\"confirm_password\"></td></tr>";
print "</table>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"change-password\">";
print "<p><button dojoType=\"dijit.form.Button\" type=\"submit\">".
__("Change password")."</button>";
print "</form>";
print "</div>"; #pane
}
print "<div dojoType=\"dijit.layout.AccordionPane\" selected=\"true\" title=\"".__('Preferences')."\">";
print "<form dojoType=\"dijit.form.Form\" id=\"changeSettingsForm\">";
print "<script type=\"dojo/method\" event=\"onSubmit\" args=\"evt\">
evt.preventDefault();
if (this.validate()) {
console.log(dojo.objectToQuery(this.getValues()));
new Ajax.Request('backend.php', {
parameters: dojo.objectToQuery(this.getValues()),
onComplete: function(transport) {
var msg = transport.responseText;
if (msg.match('PREFS_THEME_CHANGED')) {
window.location.reload();
} else {
notify_info(msg);
}
} });
}
</script>";
print '<div dojoType="dijit.layout.BorderContainer" gutters="false">';
print '<div dojoType="dijit.layout.ContentPane" region="center" style="overflow-y : auto">';
if ($_SESSION["profile"]) {
print_notice("Some preferences are only available in default profile.");
}
if ($_SESSION["profile"]) {
initialize_user_prefs($link, $_SESSION["uid"], $_SESSION["profile"]);
$profile_qpart = "profile = '" . $_SESSION["profile"] . "'";
} else {
initialize_user_prefs($link, $_SESSION["uid"]);
$profile_qpart = "profile IS NULL";
}
$result = db_query($link, "SELECT
ttrss_user_prefs.pref_name,short_desc,help_text,value,type_name,
section_name,def_value,section_id
FROM ttrss_prefs,ttrss_prefs_types,ttrss_prefs_sections,ttrss_user_prefs
WHERE type_id = ttrss_prefs_types.id AND
$profile_qpart AND
section_id = ttrss_prefs_sections.id AND
ttrss_user_prefs.pref_name = ttrss_prefs.pref_name AND
short_desc != '' AND
owner_uid = ".$_SESSION["uid"]."
ORDER BY section_id,short_desc");
$lnum = 0;
$active_section = "";
while ($line = db_fetch_assoc($result)) {
if (in_array($line["pref_name"], $prefs_blacklist)) {
continue;
}
if ($_SESSION["profile"] && in_array($line["pref_name"],
$profile_blacklist)) {
continue;
}
if ($active_section != $line["section_name"]) {
if ($active_section != "") {
print "</table>";
}
print "<table width=\"100%\" class=\"prefPrefsList\">";
$active_section = $line["section_name"];
print "<tr><td colspan=\"3\"><h3>".__($active_section)."</h3></td></tr>";
if ($line["section_id"] == 2) {
print "<tr><td width=\"40%\">".__("Select theme")."</td>";
$user_theme = get_pref($link, "_THEME_ID");
$themes = get_all_themes();
print "<td><select name=\"_THEME_ID\" dojoType=\"dijit.form.Select\">";
print "<option value='Default'>".__('Default')."</option>";
print "<option value='----------------' disabled=\"1\">--------</option>";
foreach ($themes as $t) {
$base = $t['base'];
$name = $t['name'];
if ($base == $user_theme) {
$selected = "selected=\"1\"";
} else {
$selected = "";
}
print "<option $selected value='$base'>$name</option>";
}
print "</select></td></tr>";
}
// print "<tr class=\"title\">
// <td width=\"25%\">Option</td><td>Value</td></tr>";
$lnum = 0;
}
// $class = ($lnum % 2) ? "even" : "odd";
print "<tr>";
$type_name = $line["type_name"];
$pref_name = $line["pref_name"];
$value = $line["value"];
$def_value = $line["def_value"];
$help_text = $line["help_text"];
print "<td width=\"40%\" class=\"prefName\" id=\"$pref_name\">" . __($line["short_desc"]);
if ($help_text) print "<div class=\"prefHelp\">".__($help_text)."</div>";
print "</td>";
print "<td class=\"prefValue\">";
if ($pref_name == "USER_TIMEZONE") {
$timezones = explode("\n", file_get_contents("lib/timezones.txt"));
print_select($pref_name, $value, $timezones, 'dojoType="dijit.form.FilteringSelect"');
} else if ($pref_name == "USER_STYLESHEET") {
print "<button dojoType=\"dijit.form.Button\"
onclick=\"customizeCSS()\">" . __('Customize') . "</button>";
} else if ($pref_name == "DEFAULT_ARTICLE_LIMIT") {
$limits = array(15, 30, 45, 60);
print_select($pref_name, $value, $limits,
'dojoType="dijit.form.Select"');
} else if ($pref_name == "DEFAULT_UPDATE_INTERVAL") {
global $update_intervals_nodefault;
print_select_hash($pref_name, $value, $update_intervals_nodefault,
'dojoType="dijit.form.Select"');
} else if ($type_name == "bool") {
// print_select($pref_name, $value, array("true", "false"));
if ($value == "true") {
$value = __("Yes");
} else {
$value = __("No");
}
if ($pref_name == "PURGE_UNREAD_ARTICLES" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = __("Yes");
} else {
$disabled = "";
}
print_radio($pref_name, $value, __("Yes"), array(__("Yes"), __("No")),
$disabled);
} else if (array_search($pref_name, array('FRESH_ARTICLE_MAX_AGE', 'DEFAULT_ARTICLE_LIMIT',
'PURGE_OLD_DAYS', 'LONG_DATE_FORMAT', 'SHORT_DATE_FORMAT')) !== false) {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
if ($pref_name == "PURGE_OLD_DAYS" && FORCE_ARTICLE_PURGE != 0) {
$disabled = "disabled=\"1\"";
$value = FORCE_ARTICLE_PURGE;
} else {
$disabled = "";
}
print "<input dojoType=\"dijit.form.ValidationTextBox\"
required=\"1\" $regexp $disabled
name=\"$pref_name\" value=\"$value\">";
} else if ($pref_name == "SSL_CERT_SERIAL") {
print "<input dojoType=\"dijit.form.ValidationTextBox\"
id=\"SSL_CERT_SERIAL\" readonly=\"1\"
name=\"$pref_name\" value=\"$value\">";
$cert_serial = htmlspecialchars(get_ssl_certificate_id());
$has_serial = ($cert_serial) ? "false" : "true";
print " <button dojoType=\"dijit.form.Button\" disabled=\"$has_serial\"
onclick=\"insertSSLserial('$cert_serial')\">" .
__('Register') . "</button>";
print " <button dojoType=\"dijit.form.Button\"
onclick=\"insertSSLserial('')\">" .
__('Clear') . "</button>";
} else {
$regexp = ($type_name == 'integer') ? 'regexp="^\d*$"' : '';
print "<input dojoType=\"dijit.form.ValidationTextBox\"
$regexp
name=\"$pref_name\" value=\"$value\">";
}
print "</td>";
print "</tr>";
$lnum++;
}
print "</table>";
print '</div>'; # inside pane
print '<div dojoType="dijit.layout.ContentPane" region="bottom">';
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-prefs\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"subop\" value=\"save-config\">";
print "<button dojoType=\"dijit.form.Button\" type=\"submit\">".
__('Save configuration')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return editProfiles()\">".
__('Manage profiles')."</button> ";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return validatePrefsReset()\">".
__('Reset to defaults')."</button>";
print '</div>'; # inner pane
print '</div>'; # border container
print "</form>";
print "</div>"; #pane
print "</div>"; #container
}
}
?>

501
modules/pref-users.php
Unescape Escape View File

@ -1,501 +0,0 @@
<?php
function module_pref_users($link) {
global $access_level_names;
if (!SINGLE_USER_MODE && $_SESSION["access_level"] < 10) {
print __("Your access level is insufficient to open this tab.");
return;
}
$subop = $_REQUEST["subop"];
if ($subop == "user-details") {
header("Content-Type: text/xml");
print "<dlg id=\"$subop\">";
$uid = sprintf("%d", $_REQUEST["id"]);
print "<title>".__('User details')."</title>";
print "<content><![CDATA[";
$result = db_query($link, "SELECT login,
".SUBSTRING_FOR_DATE."(last_login,1,16) AS last_login,
access_level,
(SELECT COUNT(int_id) FROM ttrss_user_entries
WHERE owner_uid = id) AS stored_articles,
".SUBSTRING_FOR_DATE."(created,1,16) AS created
FROM ttrss_users
WHERE id = '$uid'");
if (db_num_rows($result) == 0) {
print "<h1>".__('User not found')."</h1>";
return;
}
// print "<h1>User Details</h1>";
$login = db_fetch_result($result, 0, "login");
print "<table width='100%'>";
$last_login = make_local_datetime($link,
db_fetch_result($result, 0, "last_login"), true);
$created = make_local_datetime($link,
db_fetch_result($result, 0, "created"), true);
$access_level = db_fetch_result($result, 0, "access_level");
$stored_articles = db_fetch_result($result, 0, "stored_articles");
print "<tr><td>".__('Registered')."</td><td>$created</td></tr>";
print "<tr><td>".__('Last logged in')."</td><td>$last_login</td></tr>";
$result = db_query($link, "SELECT COUNT(id) as num_feeds FROM ttrss_feeds
WHERE owner_uid = '$uid'");
$num_feeds = db_fetch_result($result, 0, "num_feeds");
print "<tr><td>".__('Subscribed feeds count')."</td><td>$num_feeds</td></tr>";
print "</table>";
print "<h1>".__('Subscribed feeds')."</h1>";
$result = db_query($link, "SELECT id,title,site_url FROM ttrss_feeds
WHERE owner_uid = '$uid' ORDER BY title");
print "<ul class=\"userFeedList\">";
$row_class = "odd";
while ($line = db_fetch_assoc($result)) {
$icon_file = ICONS_URL."/".$line["id"].".ico";
if (file_exists($icon_file) && filesize($icon_file) > 0) {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"$icon_file\">";
} else {
$feed_icon = "<img class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">";
}
print "<li class=\"$row_class\">$feed_icon&nbsp;<a href=\"".$line["site_url"]."\">".$line["title"]."</a></li>";
$row_class = $row_class == "even" ? "odd" : "even";
}
if (db_num_rows($result) < $num_feeds) {
// FIXME - add link to show ALL subscribed feeds here somewhere
print "<li><img
class=\"tinyFeedIcon\" src=\"images/blank_icon.gif\">&nbsp;...</li>";
}
print "</ul>";
print "<div align='center'>
<button onclick=\"closeInfoBox()\">".__("Close this window").
"</button></div>";
print "]]></content></dlg>";
return;
}
if ($subop == "edit") {
header("Content-Type: text/xml");
$id = db_escape_string($_REQUEST["id"]);
print "<dlg id=\"$subop\">";
print "<title>".__('User Editor')."</title>";
print "<content><![CDATA[";
print "<form id=\"user_edit_form\" onsubmit='return false'>";
print "<input type=\"hidden\" name=\"id\" value=\"$id\">";
print "<input type=\"hidden\" name=\"op\" value=\"pref-users\">";
print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
$result = db_query($link, "SELECT * FROM ttrss_users WHERE id = '$id'");
$login = db_fetch_result($result, 0, "login");
$access_level = db_fetch_result($result, 0, "access_level");
$email = db_fetch_result($result, 0, "email");
$sel_disabled = ($id == $_SESSION["uid"]) ? "disabled" : "";
print "<div class=\"dlgSec\">".__("User")."</div>";
print "<div class=\"dlgSecCont\">";
if ($sel_disabled) {
print "<input type=\"hidden\" name=\"login\" value=\"$login\">";
print "<input size=\"30\" style=\"font-size : 16px\"
onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
value=\"$login\">";
} else {
print "<input size=\"30\" style=\"font-size : 16px\"
onkeypress=\"return filterCR(event, userEditSave)\" $sel_disabled
name=\"login\" value=\"$login\">";
}
print "</div>";
print "<div class=\"dlgSec\">".__("Authentication")."</div>";
print "<div class=\"dlgSecCont\">";
print __('Access level: ') . " ";
if (!$sel_disabled) {
print_select_hash("access_level", $access_level, $access_level_names,
$sel_disabled);
} else {
print_select_hash("", $access_level, $access_level_names,
$sel_disabled);
print "<input type=\"hidden\" name=\"access_level\" value=\"$access_level\">";
}
print "<br/>";
print __('Change password to') .
" <input size=\"20\" onkeypress=\"return filterCR(event, userEditSave)\"
name=\"password\">";
print "</div>";
print "<div class=\"dlgSec\">".__("Options")."</div>";
print "<div class=\"dlgSecCont\">";
print __('E-mail: ').
" <input size=\"30\" name=\"email\" onkeypress=\"return filterCR(event, userEditSave)\"
value=\"$email\">";
print "</div>";
print "</table>";
print "</form>";
print "<div class=\"dlgButtons\">
<button onclick=\"return userEditSave()\">".
__('Save')."</button>
<button onclick=\"return userEditCancel()\">".
__('Cancel')."</button></div>";
print "]]></content></dlg>";
return;
}
if ($subop == "editSave") {
if ($_SESSION["access_level"] >= 10) {
$login = db_escape_string(trim($_REQUEST["login"]));
$uid = db_escape_string($_REQUEST["id"]);
$access_level = (int) $_REQUEST["access_level"];
$email = db_escape_string(trim($_REQUEST["email"]));
$password = db_escape_string(trim($_REQUEST["password"]));
if ($password) {
$pwd_hash = encrypt_password($password, $login);
$pass_query_part = "pwd_hash = '$pwd_hash', ";
$status_msg = format_notice(T_sprintf('Changed password of user <b>%s</b>.', $login));
} else {
$pass_query_part = "";
}
db_query($link, "UPDATE ttrss_users SET $pass_query_part login = '$login',
access_level = '$access_level', email = '$email' WHERE id = '$uid'");
}
} else if ($subop == "remove") {
if ($_SESSION["access_level"] >= 10) {
$ids = split(",", db_escape_string($_REQUEST["ids"]));
foreach ($ids as $id) {
if ($id != $_SESSION["uid"] && $id != 1) {
db_query($link, "DELETE FROM ttrss_tags WHERE owner_uid = '$id'");
db_query($link, "DELETE FROM ttrss_feeds WHERE owner_uid = '$id'");
db_query($link, "DELETE FROM ttrss_users WHERE id = '$id'");
}
}
}
} else if ($subop == "add") {
if ($_SESSION["access_level"] >= 10) {
$login = db_escape_string(trim($_REQUEST["login"]));
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
login = '$login'");
if (db_num_rows($result) == 0) {
db_query($link, "INSERT INTO ttrss_users
(login,pwd_hash,access_level,last_login,created)
VALUES ('$login', '$pwd_hash', 0, null, NOW())");
$result = db_query($link, "SELECT id FROM ttrss_users WHERE
login = '$login' AND pwd_hash = '$pwd_hash'");
if (db_num_rows($result) == 1) {
$new_uid = db_fetch_result($result, 0, "id");
$status_msg = format_notice(T_sprintf("Added user <b>%s</b> with password <b>%s</b>",
$login, $tmp_user_pwd));
initialize_user($link, $new_uid);
} else {
$status_msg = format_warning(T_sprintf("Could not create user <b>%s</b>", $login));
}
} else {
$status_msg = format_warning(T_sprintf("User <b>%s</b> already exists.", $login));
}
}
} else if ($subop == "resetPass") {
if ($_SESSION["access_level"] >= 10) {
$uid = db_escape_string($_REQUEST["id"]);
$result = db_query($link, "SELECT login,email
FROM ttrss_users WHERE id = '$uid'");
$login = db_fetch_result($result, 0, "login");
$email = db_fetch_result($result, 0, "email");
$tmp_user_pwd = make_password(8);
$pwd_hash = encrypt_password($tmp_user_pwd, $login);
db_query($link, "UPDATE ttrss_users SET pwd_hash = '$pwd_hash'
WHERE id = '$uid'");
$status_msg = format_notice(T_sprintf("Changed password of user <b>%s</b>
to <b>%s</b>", $login, $tmp_user_pwd));
require_once 'lib/phpmailer/class.phpmailer.php';
if ($email) {
$status_msg += format_notice(T_sprintf("Notifying <b>%s</b>.", $email));
require_once "lib/MiniTemplator.class.php";
$tpl = new MiniTemplator;
$tpl->readTemplateFromFile("templates/resetpass_template.txt");
$tpl->setVariable('LOGIN', $login);
$tpl->setVariable('NEWPASS', $tmp_user_pwd);
$tpl->addBlock('message');
$message = "";
$tpl->generateOutputToString($message);
$mail = new PHPMailer();
$mail->PluginDir = "lib/phpmailer/";
$mail->SetLanguage("en", "lib/phpmailer/language/");
$mail->CharSet = "UTF-8";
$mail->From = DIGEST_FROM_ADDRESS;
$mail->FromName = DIGEST_FROM_NAME;
$mail->AddAddress($email, $login);
if (DIGEST_SMTP_HOST) {
$mail->Host = DIGEST_SMTP_HOST;
$mail->Mailer = "smtp";
$mail->SMTPAuth = DIGEST_SMTP_LOGIN != '';
$mail->Username = DIGEST_SMTP_LOGIN;
$mail->Password = DIGEST_SMTP_PASSWORD;
}
$mail->IsHTML(false);
$mail->Subject = __("[tt-rss] Password change notification");
$mail->Body = $message;
$rc = $mail->Send();
if (!$rc) print_error($mail->ErrorInfo);
/* mail("$login <$email>", "Password reset notification",
"Hi, $login.\n".
"\n".
"Your password for this TT-RSS installation was reset by".
" an administrator.\n".
"\n".
"Your new password is $tmp_user_pwd, please remember".
" it for later reference.\n".
"\n".
"Sincerely, TT-RSS Mail Daemon.", "From: " . MAIL_FROM); */
}
print "</div>";
}
}
print "<div id=\"pref-user-wrap\" dojoType=\"dijit.layout.BorderContainer\" gutters=\"false\">";
print "<div id=\"pref-user-header\" dojoType=\"dijit.layout.ContentPane\" region=\"top\">";
print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">";
$user_search = db_escape_string($_REQUEST["search"]);
if (array_key_exists("search", $_REQUEST)) {
$_SESSION["prefs_user_search"] = $user_search;
} else {
$user_search = $_SESSION["prefs_user_search"];
}
print "<div style='float : right; padding-right : 4px;'>
<input dojoType=\"dijit.form.TextBox\" id=\"user_search\" size=\"20\" type=\"search\"
value=\"$user_search\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:updateUsersList()\">".
__('Search')."</button>
</div>";
$sort = db_escape_string($_REQUEST["sort"]);
if (!$sort || $sort == "undefined") {
$sort = "login";
}
print "<div dojoType=\"dijit.form.DropDownButton\">".
"<span>" . __('Select')."</span>";
print "<div dojoType=\"dijit.Menu\" style=\"display: none;\">";
print "<div onclick=\"selectTableRows('prefUserList', 'all')\"
dojoType=\"dijit.MenuItem\">".__('All')."</div>";
print "<div onclick=\"selectTableRows('prefUserList', 'none')\"
dojoType=\"dijit.MenuItem\">".__('None')."</div>";
print "</div></div>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"javascript:addUser()\">".__('Create user')."</button>";
print "
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:selectedUserDetails()\">".
__('Details')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:editSelectedUser()\">".
__('Edit')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:removeSelectedUsers()\">".
__('Remove')."</button dojoType=\"dijit.form.Button\">
<button dojoType=\"dijit.form.Button\" onclick=\"javascript:resetSelectedUserPass()\">".
__('Reset password')."</button dojoType=\"dijit.form.Button\">";
print "</div>"; #toolbar
print "</div>"; #pane
print "<div id=\"pref-user-content\" dojoType=\"dijit.layout.ContentPane\" region=\"center\">";
print "<p>$status_msg";
if ($user_search) {
$user_search = split(" ", $user_search);
$tokens = array();
foreach ($user_search as $token) {
$token = trim($token);
array_push($tokens, "(UPPER(login) LIKE UPPER('%$token%'))");
}
$user_search_query = "(" . join($tokens, " AND ") . ") AND ";
} else {
$user_search_query = "";
}
$result = db_query($link, "SELECT
id,login,access_level,email,
".SUBSTRING_FOR_DATE."(last_login,1,16) as last_login,
".SUBSTRING_FOR_DATE."(created,1,16) as created
FROM
ttrss_users
WHERE
$user_search_query
id > 0
ORDER BY $sort");
if (db_num_rows($result) > 0) {
print "<p><table width=\"100%\" cellspacing=\"0\"
class=\"prefUserList\" id=\"prefUserList\">";
print "<tr class=\"title\">
<td align='center' width=\"5%\">&nbsp;</td>
<td width=''><a href=\"#\" onclick=\"updateUsersList('login')\">".__('Login')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('access_level')\">".__('Access Level')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('created')\">".__('Registered')."</a></td>
<td width='20%'><a href=\"#\" onclick=\"updateUsersList('last_login')\">".__('Last login')."</a></td></tr>";
$lnum = 0;
while ($line = db_fetch_assoc($result)) {
$class = ($lnum % 2) ? "even" : "odd";
$uid = $line["id"];
$edit_uid = $_REQUEST["id"];
if ($subop == "edit" && $uid != $edit_uid) {
$class .= " Grayed";
$this_row_id = "";
} else {
$this_row_id = "id=\"UMRR-$uid\"";
}
print "<tr class=\"$class\" $this_row_id>";
$line["login"] = htmlspecialchars($line["login"]);
$line["created"] = make_local_datetime($link, $line["created"], false);
$line["last_login"] = make_local_datetime($link, $line["last_login"], false);
print "<td align='center'><input onclick='toggleSelectRow(this);'
type=\"checkbox\" id=\"UMCHK-$uid\"></td>";
$onclick = "onclick='editUser($uid, event)' title='".__('Click to edit')."'";
print "<td $onclick>" . $line["login"] . "</td>";
if (!$line["email"]) $line["email"] = "&nbsp;";
print "<td $onclick>" . $access_level_names[$line["access_level"]] . "</td>";
print "<td $onclick>" . $line["created"] . "</td>";
print "<td $onclick>" . $line["last_login"] . "</td>";
print "</tr>";
++$lnum;
}
print "</table>";
} else {
print "<p>";
if (!$user_search) {
print_warning(__('No users defined.'));
} else {
print_warning(__('No matching users found.'));
}
print "</p>";
}
print "</div>"; #pane
print "</div>"; #container
}
?>

168
opml.php
Unescape Escape View File

@ -10,7 +10,172 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
function opml_import_domdoc($link, $owner_uid) {
if (is_file($_FILES['opml_file']['tmp_name'])) {
$doc = DOMDocument::load($_FILES['opml_file']['tmp_name']);
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = 'Imported feeds' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 1) {
$default_cat_id = db_fetch_result($result, 0, "id");
} else {
$default_cat_id = 0;
}
if ($doc) {
$body = $doc->getElementsByTagName('body');
$xpath = new DOMXpath($doc);
$query = "/opml/body//outline";
$outlines = $xpath->query($query);
foreach ($outlines as $outline) {
$feed_title = db_escape_string($outline->attributes->getNamedItem('text')->nodeValue);
if (!$feed_title) {
$feed_title = db_escape_string($outline->attributes->getNamedItem('title')->nodeValue);
}
$cat_title = db_escape_string($outline->attributes->getNamedItem('title')->nodeValue);
if (!$cat_title) {
$cat_title = db_escape_string($outline->attributes->getNamedItem('text')->nodeValue);
}
$feed_url = db_escape_string($outline->attributes->getNamedItem('xmlUrl')->nodeValue);
if (!$feed_url)
$feed_url = db_escape_string($outline->attributes->getNamedItem('xmlURL')->nodeValue);
$site_url = db_escape_string($outline->attributes->getNamedItem('htmlUrl')->nodeValue);
$pref_name = db_escape_string($outline->attributes->getNamedItem('pref-name')->nodeValue);
if ($cat_title && !$feed_url) {
if ($cat_title != "tt-rss-prefs") {
db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = '$cat_title' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 0) {
printf(__("<li>Adding category <b>%s</b>.</li>"), $cat_title);
db_query($link, "INSERT INTO ttrss_feed_categories
(title,owner_uid)
VALUES ('$cat_title', '$owner_uid')");
}
db_query($link, "COMMIT");
}
}
// print "$active_category : $feed_title : $feed_url<br>";
if ($pref_name) {
$parent_node = $outline->parentNode;
if ($parent_node && $parent_node->nodeName == "outline") {
$cat_check = $parent_node->attributes->getNamedItem('title')->nodeValue;
if ($cat_check == "tt-rss-prefs") {
$pref_value = db_escape_string($outline->attributes->getNamedItem('value')->nodeValue);
printf("<li>".
__("Setting preference key %s to %s")."</li>",
$pref_name, $pref_value);
set_pref($link, $pref_name, $pref_value);
}
}
}
if (!$feed_title || !$feed_url) continue;
db_query($link, "BEGIN");
$cat_id = null;
$parent_node = $outline->parentNode;
if ($parent_node && $parent_node->nodeName == "outline") {
$element_category = $parent_node->attributes->getNamedItem('title')->nodeValue;
if (!$element_category) $element_category = $parent_node->attributes->getNamedItem('text')->nodeValue;
} else {
$element_category = '';
}
if ($element_category) {
$element_category = db_escape_string($element_category);
$result = db_query($link, "SELECT id FROM
ttrss_feed_categories WHERE title = '$element_category' AND
owner_uid = '$owner_uid' LIMIT 1");
if (db_num_rows($result) == 1) {
$cat_id = db_fetch_result($result, 0, "id");
}
}
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
feed_url = '$feed_url'
AND owner_uid = '$owner_uid'");
print "<li><a target='_blank' href='$site_url'><b>$feed_title</b></a></b>
(<a target='_blank' href=\"$feed_url\">rss</a>)&nbsp;";
if (db_num_rows($result) > 0) {
print __('is already imported.');
} else {
if ($cat_id) {
$add_query = "INSERT INTO ttrss_feeds
(title, feed_url, owner_uid, cat_id, site_url) VALUES
('$feed_title', '$feed_url', '$owner_uid',
'$cat_id', '$site_url')";
} else {
$add_query = "INSERT INTO ttrss_feeds
(title, feed_url, owner_uid, cat_id, site_url) VALUES
('$feed_title', '$feed_url', '$owner_uid', '$default_cat_id',
'$site_url')";
}
//print $add_query;
db_query($link, $add_query);
print __('OK');
}
print "</li>";
db_query($link, "COMMIT");
}
} else {
print_error(__('Error while parsing document.'));
}
} else {
print_error(__('Error: please upload OPML file.'));
}
}
function opml_export($link, $name, $owner_uid, $hide_private_feeds=false, $include_settings=true) {
if (!$_REQUEST["debug"]) {
@ -186,7 +351,6 @@
db_query($link, "COMMIT");
print "<p>".__("Importing OPML...")."</p>";
require_once "modules/opml_domdoc.php";
opml_import_domdoc($link, $owner_uid);
print "<br><form method=\"GET\" action=\"prefs.php\">

2
prefs.php
Unescape Escape View File

@ -10,7 +10,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
login_sequence($link);

48
public.php
Unescape Escape View File

@ -1,4 +1,6 @@
<?php
set_include_path(get_include_path() . PATH_SEPARATOR . "include");
/* remove ill effects of magic quotes */
if (get_magic_quotes_gpc()) {
@ -14,11 +16,8 @@
$_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
$op = $_REQUEST["op"];
require_once "functions.php";
if ($op != "share") require_once "sessions.php";
require_once "modules/backend-rpc.php";
require_once "sessions.php";
require_once "sanity_check.php";
require_once "config.php";
require_once "db.php";
@ -32,30 +31,37 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
if (!init_connection($link)) return;
if (ENABLE_GZIP_OUTPUT) {
ob_start("ob_gzhandler");
}
init_connection($link);
function __autoload($class) {
$file = "classes/".strtolower(basename($class)).".php";
if (file_exists($file)) {
require $file;
}
}
$subop = $_REQUEST["subop"];
$mode = $_REQUEST["mode"];
$method = $_REQUEST["op"];
if ((!$op || $op == "rss" || $op == "dlg") && !$_REQUEST["noxml"]) {
header("Content-Type: application/xml; charset=utf-8");
} else {
header("Content-Type: text/plain; charset=utf-8");
}
$handler = new Public_Handler($link, $_REQUEST);
if (ENABLE_GZIP_OUTPUT) {
ob_start("ob_gzhandler");
if ($handler) {
if ($handler->before()) {
if ($method && method_exists($handler, $method)) {
$handler->$method();
} else if (method_exists($handler, 'index')) {
$handler->index();
}
$handler->after();
return;
}
}
handle_public_request($link, $op);
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 7)));
// We close the connection to database.
db_close($link);

2
register.php
Unescape Escape View File

@ -18,7 +18,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
if ($_REQUEST["format"] == "feed") {
header("Content-Type: text/xml");

245
tests/FunctionsTest.php
Unescape Escape View File

@ -1,245 +0,0 @@
<?php
require_once dirname(__FILE__) . '/../functions.php';
/**
* Unit tests for functions.php
*
* @author Christian Weiske <cweiske@php.net>
*/
class FunctionsTest extends PHPUnit_Framework_TestCase
{
protected $tmpFile = null;
public function __construct()
{
$this->tmpFile = sys_get_temp_dir() . '/tt-rss-unittest.dat';
}
public function tearDown()
{
if (file_exists($this->tmpFile)) {
unlink($this->tmpFile);
}
}
/**
* Test fix_url with feed:// urls
*/
public function testFixUrlFeed()
{
$this->assertEquals('http://tt-rss.org/', fix_url('feed://tt-rss.org'));
$this->assertEquals('http://tt-rss.org/', fix_url('feed://tt-rss.org/'));
}
/**
* Test fix_url with non-http protocols
*/
public function testFixUrlProtocols()
{
$this->assertEquals('https://tt-rss.org/', fix_url('https://tt-rss.org'));
$this->assertEquals('ftp://tt-rss.org/', fix_url('ftp://tt-rss.org/'));
$this->assertEquals(
'reallylongprotocolisthat://tt-rss.org/',
fix_url('reallylongprotocolisthat://tt-rss.org')
);
}
/**
* Test fix_url with domain names only
*/
public function testFixUrlDomainOnly()
{
$this->assertEquals('http://tt-rss.org/', fix_url('tt-rss.org'));
$this->assertEquals('http://tt-rss.org/', fix_url('tt-rss.org/'));
$this->assertEquals('http://tt-rss.org/', fix_url('http://tt-rss.org'));
$this->assertEquals('http://tt-rss.org/', fix_url('http://tt-rss.org/'));
}
/**
* Test fix_url with domain + paths
*/
public function testFixUrlWithPaths()
{
$this->assertEquals('http://tt-rss.org/foo', fix_url('tt-rss.org/foo'));
$this->assertEquals(
'http://tt-rss.org/foo/bar/baz',
fix_url('tt-rss.org/foo/bar/baz')
);
$this->assertEquals(
'http://tt-rss.org/foo/bar/baz/',
fix_url('tt-rss.org/foo/bar/baz/')
);
}
/**
* Test url_is_html() on html with a doctype
*/
public function testUrlIsHtmlNormalHtmlWithDoctype()
{
file_put_contents(
$this->tmpFile, <<<HTM
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
file_put_contents(
$this->tmpFile, <<<HTM
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
}
/**
* Test url_is_html() on html with a doctype and xml header
*/
public function testUrlIsHtmlNormalHtmlWithDoctypeAndXml()
{
file_put_contents(
$this->tmpFile, <<<HTM
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
}
/**
* Test url_is_html() on html without a doctype
*/
public function testUrlIsHtmlNormalHtmlWithoutDoctype()
{
file_put_contents(
$this->tmpFile, <<<HTM
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
}
/**
* Test url_is_html() on UPPERCASE HTML
*/
public function testUrlIsHtmlNormalHtmlUppercase()
{
file_put_contents(
$this->tmpFile, <<<HTM
<HTML XMLNS="http://www.w3.org/1999/xhtml" XML:LANG="en">
<HEAD>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
file_put_contents(
$this->tmpFile, <<<HTM
<HTML>
<HEAD>
HTM
);
$this->assertTrue(url_is_html($this->tmpFile));
}
/**
* Test url_is_html() on atom
*/
public function testUrlIsHtmlAtom()
{
file_put_contents(
$this->tmpFile, <<<HTM
<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom">
<title>Christians Tagebuch</title>
HTM
);
$this->assertFalse(url_is_html($this->tmpFile));
}
/**
* Test url_is_html() on RSS
*/
public function testUrlIsHtmlRss()
{
file_put_contents(
$this->tmpFile, <<<HTM
<?xml version="1.0" encoding="UTF-8"?>
<?xml-stylesheet type="text/xsl" media="screen" href="/~d/styles/rss2full.xsl"?><?xml-stylesheet type="text/css" media="screen" href="http://feeds.feedburner.com/~d/styles/itemcontent.css"?><rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:feedburner="http://rssnamespace.org/feedburner/ext/1.0" version="2.0">
<channel>
<title><![CDATA[Planet-PEAR]]></title>
HTM
);
$this->assertFalse(url_is_html($this->tmpFile));
}
/**
* Test rewrite_relative_url() with a relative path
*/
public function testRewriteRelativeUrlRelative()
{
$this->assertEquals(
'http://tt-rss.org/foo/bar',
rewrite_relative_url('http://tt-rss.org', 'foo/bar')
);
$this->assertEquals(
'http://tt-rss.org/foo/bar',
rewrite_relative_url('http://tt-rss.org/', 'foo/bar')
);
$this->assertEquals(
'http://tt-rss.org/bar',
rewrite_relative_url('http://tt-rss.org/foo', 'bar')
);
$this->assertEquals(
'http://tt-rss.org/foo/bar',
rewrite_relative_url('http://tt-rss.org/foo/', 'bar')
);
$this->assertEquals(
'http://tt-rss.org/f/o/bar',
rewrite_relative_url('http://tt-rss.org/f/o/o', 'bar')
);
$this->assertEquals(
'http://tt-rss.org/f/o/o/bar',
rewrite_relative_url('http://tt-rss.org/f/o/o/', 'bar')
);
}
/**
* Test rewrite_relative_url() with an absolute path
*/
public function testRewriteRelativeUrlAbsolutePath()
{
$this->assertEquals(
'http://tt-rss.org/bar/',
rewrite_relative_url('http://tt-rss.org/foo/', '/bar/')
);
$this->assertEquals(
'http://tt-rss.org/bar/',
rewrite_relative_url('http://tt-rss.org/so/what/is/next', '/bar/')
);
$this->assertEquals(
'http://tt-rss.org/bar/',
rewrite_relative_url('http://tt-rss.org/so/what/is/next/', '/bar/')
);
}
/**
* Test rewrite_relative_url() with an absolute URL
*/
public function testRewriteRelativeUrlAbsoluteUrl()
{
$this->assertEquals(
'http://example.org/bar/',
rewrite_relative_url('http://tt-rss.org/foo/', 'http://example.org/bar/')
);
}
}
?>

2
twitter.php
Unescape Escape View File

@ -11,7 +11,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
init_connection($link);
if (!init_connection($link)) return;
login_sequence($link);
$owner_uid = $_SESSION["uid"];

8
update.php
Unescape Escape View File

@ -47,14 +47,6 @@
// Create a database connection.
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
init_connection($link);
if ($op == "-feeds") {

18
update_daemon2.php
Unescape Escape View File

@ -133,13 +133,7 @@
// It is unnecessary to start the fork loop if database is not ok.
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
if (!init_connection($link)) return;
db_close($link);
@ -190,15 +184,7 @@
$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
if (!$link) {
if (DB_TYPE == "mysql") {
print mysql_error();
}
// PG seems to display its own errors just fine by default.
return;
}
init_connection($link);
if (!init_connection($link)) return;
// We disable stamp file, since it is of no use in a multiprocess update.
// not really, tho for the time being -fox

Write Preview
Loading…
Cancel
Save