pref-labels.php

Revision 2589, 9.6 kB (checked in by Andrew Dolgov <fox@madoka.spb.ru>, 4 months ago)
[project @ label editor: simple control to add common rules]

Line
1	<?php
2	// We need to accept raw SQL data in label queries, so not everything is escaped
3	// here, this is by design. If you don't like it, disable labels
4	// altogether with GLOBAL_ENABLE_LABELS = false
5
6	function module_pref_labels($link) {
7	if (!GLOBAL_ENABLE_LABELS) {
8
9	print __("Sorry, labels have been administratively disabled for this installation. Please contact instance owner or edit configuration file to enable this functionality.");
10	return;
11	}
12
13	$subop = $_GET["subop"];
14
15	if ($subop == "edit") {
16
17	$label_id = db_escape_string($_GET["id"]);
18
19	$result = db_query($link, "SELECT sql_exp,description FROM ttrss_labels WHERE
20	owner_uid = ".$_SESSION["uid"]." AND id = '$label_id' ORDER by description");
21
22	$line = db_fetch_assoc($result);
23
24	$sql_exp = htmlspecialchars($line["sql_exp"]);
25	$description = htmlspecialchars($line["description"]);
26
27	print "<div id=\"infoBoxTitle\">Label Editor</div>";
28	print "<div class=\"infoBoxContents\">";
29
30	print "<form id=\"label_edit_form\" onsubmit='return false'>";
31
32	print "<input type=\"hidden\" name=\"op\" value=\"pref-labels\">";
33	print "<input type=\"hidden\" name=\"id\" value=\"$label_id\">";
34	print "<input type=\"hidden\" name=\"subop\" value=\"editSave\">";
35
36	print "<div class=\"dlgSec\">".__("Caption")."</div>";
37
38	print "<div class=\"dlgSecCont\">";
39
40	print "<input onkeypress=\"return filterCR(event, labelEditSave)\"
41	onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
42	onchange=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
43	name=\"description\" size=\"30\" value=\"$description\">";
44	print "</div>";
45
46	print "<div class=\"dlgSec\">".__("Match SQL")."</div>";
47
48	print "<div class=\"dlgSecCont\">";
49
50	print "<textarea onkeyup=\"toggleSubmitNotEmpty(this, 'infobox_submit')\"
51	rows=\"6\" name=\"sql_exp\" class=\"labelSQL\" cols=\"50\">$sql_exp</textarea>";
52
53	print "<br/>";
54
55	print_label_dlg_common_examples();
56
57	print "</div>";
58
59	print "</form>";
60
61	print "<div style=\"display : none\" id=\"label_test_result\"></div>";
62
63	print "<div class=\"dlgButtons\">";
64
65	print "<div style='float : left'>";
66	print "<input type=\"submit\"
67	class=\"button\" onclick=\"return displayHelpInfobox(1)\"
68	value=\"".__('Help')."\"> ";
69	print "</div>";
70
71	$is_disabled = (strpos($_SERVER['HTTP_USER_AGENT'], 'Opera') !== FALSE) ? "disabled" : "";
72
73	print "<input $is_disabled type=\"submit\" onclick=\"return labelTest()\" value=\"Test\">
74	";
75
76	print "<input type=\"submit\"
77	id=\"infobox_submit\"
78	class=\"button\" onclick=\"return labelEditSave()\"
79	value=\"Save\"> ";
80
81	print "<input class=\"button\"
82	type=\"submit\" onclick=\"return labelEditCancel()\"
83	value=\"Cancel\">";
84
85	print "</div>";
86
87	return;
88	}
89
90	if ($subop == "test") {
91
92	// no escaping here on purpose
93	$expr = trim($_GET["expr"]);
94	$descr = db_escape_string(trim($_GET["descr"]));
95
96	$expr = str_replace(";", "", $expr);
97
98	if (!$expr) {
99	print "<p>".__("Error: SQL expression is blank.")."</p>";
100	return;
101	}
102
103	print "<div>";
104
105	error_reporting(0);
106
107
108	$result = db_query($link,
109	"SELECT count(ttrss_entries.id) AS num_matches
110	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
111	WHERE ($expr) AND
112	ttrss_user_entries.ref_id = ttrss_entries.id AND
113	ttrss_user_entries.feed_id = ttrss_feeds.id AND
114	ttrss_user_entries.owner_uid = " . $_SESSION["uid"], false);
115
116	error_reporting (DEFAULT_ERROR_LEVEL);
117
118	if (!$result) {
119	print "<div class=\"labelTestError\">" . db_last_error($link) . "</div>";
120	print "</div>";
121	return;
122	}
123
124	$num_matches = db_fetch_result($result, 0, "num_matches");;
125
126	if ($num_matches > 0) {
127
128	if ($num_matches > 10) {
129	$showing_msg = ", showing first 10";
130	}
131
132	print "<p>Query returned <b>$num_matches</b> matches$showing_msg:</p>";
133
134	$result = db_query($link,
135	"SELECT ttrss_entries.title,
136	(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
137	FROM ttrss_entries,ttrss_user_entries,ttrss_feeds
138	WHERE ($expr) AND
139	ttrss_user_entries.ref_id = ttrss_entries.id
140	AND ttrss_user_entries.feed_id = ttrss_feeds.id
141	AND ttrss_user_entries.owner_uid = " . $_SESSION["uid"] . "
142	ORDER BY date_entered LIMIT 10", false);
143
144	print "<ul class=\"labelTestResults\">";
145
146	$row_class = "even";
147
148	while ($line = db_fetch_assoc($result)) {
149	$row_class = toggleEvenOdd($row_class);
150
151	print "<li class=\"$row_class\">".$line["title"].
152	" <span class=\"insensitive\">(".$line["feed_title"].")</span></li>";
153	}
154	print "</ul>";
155
156	} else {
157	print "<p>Query didn't return any matches.</p>";
158	}
159
160	print "</div>";
161
162	return;
163	}
164
165	if ($subop == "editSave") {
166
167	$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
168	$descr = db_escape_string(trim($_GET["description"]));
169	$label_id = db_escape_string($_GET["id"]);
170
171	$sql_exp = str_replace(";", "", $sql_exp);
172
173	$result = db_query($link, "UPDATE ttrss_labels SET
174	sql_exp = '$sql_exp',
175	description = '$descr'
176	WHERE id = '$label_id'");
177
178	if (db_affected_rows($link, $result) != 0) {
179	print_notice(T_sprintf("Saved label <b>%s</b>", htmlspecialchars($descr)));
180	}
181
182	}
183
184	if ($subop == "remove") {
185
186	if (!WEB_DEMO_MODE) {
187
188	$ids = split(",", db_escape_string($_GET["ids"]));
189
190	foreach ($ids as $id) {
191	db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'");
192
193	}
194	}
195	}
196
197	if ($subop == "add") {
198
199	$sql_exp = db_escape_string(trim($_GET["sql_exp"]));
200	$description = db_escape_string($_GET["description"]);
201
202	$sql_exp = str_replace(";", "", $sql_exp);
203
204	if (!$sql_exp \|\| !$description) return;
205
206	$result = db_query($link,
207	"INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
208	VALUES ('$sql_exp', '$description', '".$_SESSION["uid"]."')");
209
210	if (db_affected_rows($link, $result) != 0) {
211	print T_sprintf("Created label <b>%s</b>", htmlspecialchars($description));
212	}
213
214	return;
215	}
216
217	set_pref($link, "_PREFS_ACTIVE_TAB", "labelConfig");
218
219	$sort = db_escape_string($_GET["sort"]);
220
221	if (!$sort \|\| $sort == "undefined") {
222	$sort = "description";
223	}
224
225	$label_search = db_escape_string($_GET["search"]);
226
227	if (array_key_exists("search", $_GET)) {
228	$_SESSION["prefs_label_search"] = $label_search;
229	} else {
230	$label_search = $_SESSION["prefs_label_search"];
231	}
232
233	print "<div class=\"feedEditSearch\">
234	<input id=\"label_search\" size=\"20\" type=\"search\"
235	onfocus=\"javascript:disableHotkeys();\"
236	onblur=\"javascript:enableHotkeys();\"
237	onchange=\"javascript:updateLabelList()\" value=\"$label_search\">
238	<input type=\"submit\" class=\"button\"
239	onclick=\"javascript:updateLabelList()\" value=\"".__('Search')."\">
240	<p><a class='helpLinkPic' href=\"javascript:displayHelpInfobox(1)\">
241	<img src='images/sign_quest.gif'></a></p>
242	</div>";
243
244	print "<div class=\"prefGenericAddBox\">";
245
246	print"<input type=\"submit\" class=\"button\"
247	id=\"label_create_btn\"
248	onclick=\"return displayDlg('quickAddLabel', false)\"
249	value=\"".__('Create label')."\"></div>";
250
251	if ($label_search) {
252	$label_search_query = "(sql_exp LIKE '%$label_search%' OR
253	description LIKE '%$label_search%') AND";
254	} else {
255	$label_search_query = "";
256	}
257
258	$result = db_query($link, "SELECT
259	id,sql_exp,description
260	FROM
261	ttrss_labels
262	WHERE
263	$label_search_query
264	owner_uid = ".$_SESSION["uid"]."
265	ORDER BY $sort");
266
267	// print "<div id=\"infoBoxShadow\"><div id=\"infoBox\">PLACEHOLDER</div></div>";
268
269	if (db_num_rows($result) != 0) {
270
271	print "<p><table width=\"100%\" cellspacing=\"0\"
272	class=\"prefLabelList\" id=\"prefLabelList\">";
273
274	print "<tr><td class=\"selectPrompt\" colspan=\"8\">
275	".__('Select:')."
276	<a href=\"javascript:selectPrefRows('label', true)\">".__('All')."</a>,
277	<a href=\"javascript:selectPrefRows('label', false)\">".__('None')."</a>
278	</td</tr>";
279
280	print "<tr class=\"title\">
281	<td width=\"5%\"> </td>
282	<td width=\"30%\"><a href=\"javascript:updateLabelList('description')\">".__('Caption')."</a></td>
283	<td width=\"\"><a href=\"javascript:updateLabelList('sql_exp')\">".__('SQL Expression')."</a>
284	</td>
285	</tr>";
286
287	$lnum = 0;
288
289	while ($line = db_fetch_assoc($result)) {
290
291	$class = ($lnum % 2) ? "even" : "odd";
292
293	$label_id = $line["id"];
294	$edit_label_id = $_GET["id"];
295
296	if ($subop == "edit" && $label_id != $edit_label_id) {
297	$class .= "Grayed";
298	$this_row_id = "";
299	} else {
300	$this_row_id = "id=\"LILRR-$label_id\"";
301	}
302
303	print "<tr class=\"$class\" $this_row_id>";
304
305	$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
306	$line["description"] = htmlspecialchars($line["description"]);
307
308	if (!$line["description"]) $line["description"] = __("[No caption]");
309
310	$onclick = "onclick='editLabel($label_id)' title='".__('Click to edit')."'";
311
312	print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"label\");'
313	type=\"checkbox\" id=\"LICHK-".$line["id"]."\"></td>";
314
315	print "<td $onclick>" . $line["description"] . "</td>";
316	print "<td $onclick>" . $line["sql_exp"] . "</td>";
317
318	print "</tr>";
319
320	++$lnum;
321	}
322
323	print "</table>";
324
325	print "<p id=\"labelOpToolbar\">";
326
327	print "<input type=\"submit\" class=\"button\" disabled=\"true\"
328	onclick=\"javascript:editSelectedLabel()\" value=\"".__('Edit')."\">
329	<input type=\"submit\" class=\"button\" disabled=\"true\"
330	onclick=\"javascript:removeSelectedLabels()\" value=\"".__('Remove')."\">";
331
332	} else {
333	print "<p>";
334	if (!$label_search) {
335	print __('No labels defined.');
336	} else {
337	print __('No matching labels found.');
338	}
339	print "</p>";
340
341	}
342	}
343	?>
344

Note: See TracBrowser for help on using the browser.

Tiny Tiny RSS

root/modules/pref-labels.php

Download in other formats: