labels: PDO

This commit is contained in:
Andrew Dolgov 2017-12-02 12:45:33 +03:00
parent c2418a559b
commit 21295a52aa

View file

@ -8,80 +8,80 @@ class Pref_Labels extends Handler_Protected {
}
function edit() {
$label_id = $this->dbh->escape_string($_REQUEST['id']);
$label_id = $_REQUEST['id'];
$result = $this->dbh->query("SELECT * FROM ttrss_labels2 WHERE
id = '$label_id' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT * FROM ttrss_labels2 WHERE
id = ? AND owner_uid = ?");
$sth->execute([$label_id, $_SESSION['uid']]);
$line = $this->dbh->fetch_assoc($result);
if ($line = $sth->fetch()) {
print_hidden("id", "$label_id");
print_hidden("op", "pref-labels");
print_hidden("method", "save");
print_hidden("id", "$label_id");
print_hidden("op", "pref-labels");
print_hidden("method", "save");
print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "<div class=\"dlgSec\">".__("Caption")."</div>";
print "<div class=\"dlgSecCont\">";
print "<div class=\"dlgSecCont\">";
$fg_color = $line['fg_color'];
$bg_color = $line['bg_color'];
$fg_color = $line['fg_color'];
$bg_color = $line['bg_color'];
print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>";
print "<span class=\"labelColorIndicator\" id=\"label-editor-indicator\" style='color : $fg_color; background-color : $bg_color; margin-bottom : 4px; margin-right : 4px'>&alpha;</span>";
print "<input style=\"font-size : 16px\" name=\"caption\"
print "<input style=\"font-size : 16px\" name=\"caption\"
dojoType=\"dijit.form.ValidationTextBox\"
required=\"true\"
value=\"".htmlspecialchars($line['caption'])."\">";
print "</div>";
print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
print "<div class=\"dlgSecCont\">";
print "</div>";
print "<div class=\"dlgSec\">" . __("Colors") . "</div>";
print "<div class=\"dlgSecCont\">";
print "<table cellspacing=\"0\">";
print "<table cellspacing=\"0\">";
print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
"</td></tr>";
print "<tr><td>".__("Foreground:")."</td><td>".__("Background:").
"</td></tr>";
print "<tr><td style='padding-right : 10px'>";
print "<tr><td style='padding-right : 10px'>";
print "<input dojoType=\"dijit.form.TextBox\"
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_fgColor\"
name=\"fg_color\" value=\"$fg_color\">";
print "<input dojoType=\"dijit.form.TextBox\"
print "<input dojoType=\"dijit.form.TextBox\"
style=\"display : none\" id=\"labelEdit_bgColor\"
name=\"bg_color\" value=\"$bg_color\">";
print "<div dojoType=\"dijit.ColorPalette\">
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"fg_color\">
dijit.byId(\"labelEdit_fgColor\").attr('value', fg_color);
$('label-editor-indicator').setStyle({color: fg_color});
</script>
</div>";
print "</div>";
</div>";
print "</div>";
print "</td><td>";
print "</td><td>";
print "<div dojoType=\"dijit.ColorPalette\">
print "<div dojoType=\"dijit.ColorPalette\">
<script type=\"dojo/method\" event=\"onChange\" args=\"bg_color\">
dijit.byId(\"labelEdit_bgColor\").attr('value', bg_color);
$('label-editor-indicator').setStyle({backgroundColor: bg_color});
</script>
</div>";
print "</div>";
</div>";
print "</div>";
print "</td></tr></table>";
print "</div>";
print "</td></tr></table>";
print "</div>";
# print "</form>";
print "<div class=\"dlgButtons\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
__('Save')."</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
return;
print "<div class=\"dlgButtons\">";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').execute()\">".
__('Save')."</button>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"dijit.byId('labelEditDlg').hide()\">".
__('Cancel')."</button>";
print "</div>";
}
}
function getlabeltree() {
@ -90,12 +90,13 @@ class Pref_Labels extends Handler_Protected {
$root['name'] = __('Labels');
$root['items'] = array();
$result = $this->dbh->query("SELECT *
$sth = $this->pdo->prepare("SELECT *
FROM ttrss_labels2
WHERE owner_uid = ".$_SESSION["uid"]."
WHERE owner_uid = ?
ORDER BY caption");
$sth->execute([$_SESSION['uid']]);
while ($line = $this->dbh->fetch_assoc($result)) {
while ($line = $sth->fetch()) {
$label = array();
$label['id'] = 'LABEL:' . $line['id'];
$label['bare_id'] = $line['id'];
@ -118,84 +119,92 @@ class Pref_Labels extends Handler_Protected {
}
function colorset() {
$kind = $this->dbh->escape_string($_REQUEST["kind"]);
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$color = $this->dbh->escape_string($_REQUEST["color"]);
$fg = $this->dbh->escape_string($_REQUEST["fg"]);
$bg = $this->dbh->escape_string($_REQUEST["bg"]);
$kind = $_REQUEST["kind"];
$ids = explode(',', $_REQUEST["ids"]);
$color = $_REQUEST["color"];
$fg = $_REQUEST["fg"];
$bg = $_REQUEST["bg"];
foreach ($ids as $id) {
if ($kind == "fg" || $kind == "bg") {
$this->dbh->query("UPDATE ttrss_labels2 SET
${kind}_color = '$color' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
${kind}_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$color, $id, $_SESSION['uid']]);
} else {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '$fg', bg_color = '$bg' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = ?, bg_color = ? WHERE id = ?
AND owner_uid = ?");
$sth->execute([$fg, $bg, $id, $_SESSION['uid']]);
}
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
$caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
}
return;
}
function colorreset() {
$ids = explode(',', $this->dbh->escape_string($_REQUEST["ids"]));
$ids = explode(',', $_REQUEST["ids"]);
foreach ($ids as $id) {
$this->dbh->query("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = '$id'
AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
fg_color = '', bg_color = '' WHERE id = ?
AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
$caption = $this->dbh->escape_string(Labels::find_caption($id, $_SESSION["uid"]));
$caption = Labels::find_caption($id, $_SESSION["uid"]);
/* Remove cached data */
$this->dbh->query("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE '%$caption%' AND owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ''
WHERE label_cache LIKE ? AND owner_uid = ?");
$sth->execute(["%$caption%", $_SESSION['uid']]);
}
}
function save() {
$id = $this->dbh->escape_string($_REQUEST["id"]);
$caption = $this->dbh->escape_string(trim($_REQUEST["caption"]));
$id = $_REQUEST["id"];
$caption = trim($_REQUEST["caption"]);
$this->dbh->query("BEGIN");
$this->pdo->beginTransaction();
$result = $this->dbh->query("SELECT caption FROM ttrss_labels2
WHERE id = '$id' AND owner_uid = ". $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT caption FROM ttrss_labels2
WHERE id = ? AND owner_uid = ?");
$sth->execute([$id, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) != 0) {
$old_caption = $this->dbh->fetch_result($result, 0, "caption");
if ($row = $sth->fetch()) {
$old_caption = $row["caption"];
$result = $this->dbh->query("SELECT id FROM ttrss_labels2
WHERE caption = '$caption' AND owner_uid = ". $_SESSION["uid"]);
$sth = $this->pdo->prepare("SELECT id FROM ttrss_labels2
WHERE caption = ? AND owner_uid = ?");
$sth->execute([$caption, $_SESSION['uid']]);
if ($this->dbh->num_rows($result) == 0) {
if (!$sth->fetch()) {
if ($caption) {
$result = $this->dbh->query("UPDATE ttrss_labels2 SET
caption = '$caption' WHERE id = '$id' AND
owner_uid = " . $_SESSION["uid"]);
$sth = $this->pdo->prepare("UPDATE ttrss_labels2 SET
caption = ? WHERE id = ? AND
owner_uid = ?");
$sth->execute([$caption, $id, $_SESSION['uid']]);
/* Update filters that reference label being renamed */
$old_caption = $this->dbh->escape_string($old_caption);
$this->dbh->query("UPDATE ttrss_filters2_actions SET
action_param = '$caption' WHERE action_param = '$old_caption'
$sth = $this->pdo->prepare("UPDATE ttrss_filters2_actions SET
action_param = ? WHERE action_param = ?
AND action_id = 7
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ".$_SESSION["uid"].")");
AND filter_id IN (SELECT id FROM ttrss_filters2 WHERE owner_uid = ?)");
$sth->execute([$caption, $old_caption, $_SESSION['uid']]);
print $_REQUEST["value"];
} else {
@ -206,14 +215,13 @@ class Pref_Labels extends Handler_Protected {
}
}
$this->dbh->query("COMMIT");
$this->pdo->commit();
return;
}
function remove() {
$ids = explode(",", $this->dbh->escape_string($_REQUEST["ids"]));
$ids = explode(",", $_REQUEST["ids"]);
foreach ($ids as $id) {
Labels::remove($id, $_SESSION["uid"]);
@ -222,8 +230,8 @@ class Pref_Labels extends Handler_Protected {
}
function add() {
$caption = $this->dbh->escape_string($_REQUEST["caption"]);
$output = $this->dbh->escape_string($_REQUEST["output"]);
$caption = $_REQUEST["caption"];
$output = $_REQUEST["output"];
if ($caption) {