diff --git a/backend.php b/backend.php index 219a3760..aa2a1b3b 100644 --- a/backend.php +++ b/backend.php @@ -473,7 +473,7 @@ /* GET["cmode"] = 0 - mark as read, 1 - as unread, 2 - toggle */ if ($subop == "catchupSelected") { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); $cmode = sprintf("%d", $_GET["cmode"]); @@ -500,7 +500,7 @@ if ($subop == "markSelected") { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); $cmode = sprintf("%d", $_GET["cmode"]); @@ -811,9 +811,8 @@ } - $search = $_GET["search"]; - - $search_mode = $_GET["smode"]; + $search = db_escape_string($_GET["search"]); + $search_mode = db_escape_string($_GET["smode"]); if ($search) { $search_query_part = "(upper(title) LIKE upper('%$search%') @@ -1171,7 +1170,7 @@ $subop = $_GET["subop"]; if ($subop == "unread") { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "UPDATE ttrss_user_entries SET unread = true WHERE feed_id = '$id' AND owner_uid = ".$_SESSION["uid"]); @@ -1181,7 +1180,7 @@ } if ($subop == "read") { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "UPDATE ttrss_user_entries SET unread = false,last_read = NOW() WHERE @@ -1234,7 +1233,7 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_feeds @@ -1314,7 +1313,7 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { @@ -1341,6 +1340,33 @@ } } + if ($subop == "categorize") { + + if (!WEB_DEMO_MODE) { + + $ids = split(",", db_escape_string($_GET["ids"])); + + $cat_id = db_escape_string($_GET["cat_id"]); + + if ($cat_id == 0) { + $cat_id_qpart = 'NULL'; + } else { + $cat_id_qpart = "'$cat_id'"; + } + + db_query($link, "BEGIN"); + + foreach ($ids as $id) { + + db_query($link, "UPDATE ttrss_feeds SET cat_id = $cat_id_qpart + WHERE id = '$id' AND owner_uid = " . $_SESSION["uid"]); + } + + db_query($link, "COMMIT"); + } + + } + // print "

Edit Feeds

"; $result = db_query($link, "SELECT id,title,feed_url,last_error @@ -1364,10 +1390,30 @@ } - print "

-  
"; + $feed_search = db_escape_string($_GET["search"]); + + if (array_key_exists("search", $_GET)) { + $_SESSION["prefs_feed_search"] = $feed_search; + } else { + $feed_search = $_SESSION["prefs_feed_search"]; + } + + print " + +
+ + + + + +
"; $feeds_sort = db_escape_string($_GET["sort"]); @@ -1378,13 +1424,21 @@ $_SESSION["pref_sort_feeds"] = $feeds_sort; + if ($feed_search) { + $search_qpart = "UPPER(title) LIKE UPPER('%$feed_search%') AND"; + } else { + $search_qpart = ""; + } + $result = db_query($link, "SELECT id,title,feed_url,substring(last_updated,1,16) as last_updated, update_interval,purge_interval, (SELECT title FROM ttrss_feed_categories WHERE id = cat_id) AS category FROM - ttrss_feeds WHERE owner_uid = '".$_SESSION["uid"]."' + ttrss_feeds + WHERE + $search_qpart owner_uid = '".$_SESSION["uid"]."' ORDER by $feeds_sort,title"); if (db_num_rows($result) != 0) { @@ -1592,7 +1646,35 @@ onclick=\"javascript:editSelectedFeed()\" value=\"Edit\"> "; - + + if (get_pref($link, 'ENABLE_FEED_CATS')) { + + print "  "; + + $result = db_query($link, "SELECT title,id FROM ttrss_feed_categories + WHERE owner_uid = ".$_SESSION["uid"]." + ORDER BY title"); + + print ""; + + print " "; + + } + if (get_pref($link, 'ENABLE_PREFS_CATCHUP_UNCATCHUP')) { print " "; } @@ -1620,7 +1702,10 @@ // print "

Categories

"; print "
-    +
"; @@ -1760,7 +1845,7 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_filters WHERE id = '$id'"); @@ -1800,7 +1885,7 @@ } print "
-  "; +  "; print_select("fadd_match", "Title", $filter_types); @@ -2064,7 +2149,7 @@ if (!WEB_DEMO_MODE) { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_labels WHERE id = '$id'"); @@ -2688,7 +2773,7 @@ if (!WEB_DEMO_MODE && $_SESSION["access_level"] >= 10) { - $ids = split(",", $_GET["ids"]); + $ids = split(",", db_escape_string($_GET["ids"])); foreach ($ids as $id) { db_query($link, "DELETE FROM ttrss_users WHERE id = '$id' AND id != " . $_SESSION["uid"]); @@ -2748,7 +2833,7 @@ } print "
-  "; +  "; print"
"; diff --git a/prefs.js b/prefs.js index 59af58fd..421b06a6 100644 --- a/prefs.js +++ b/prefs.js @@ -171,8 +171,13 @@ function updateFeedList(sort_key) { p_notify("Loading, please wait..."); + var feed_search = document.getElementById("feed_search"); + var search = ""; + if (feed_search) { search = feed_search.value; } + xmlhttp.open("GET", "backend.php?op=pref-feeds" + - "&sort=" + param_escape(sort_key), true); + "&sort=" + param_escape(sort_key) + + "&search=" + param_escape(search), true); xmlhttp.onreadystatechange=feedlist_callback; xmlhttp.send(null); @@ -1171,3 +1176,32 @@ function closeInfoBox() { box.style.display = "none"; } } + +function categorizeSelectedFeeds() { + + if (!xmlhttp_ready(xmlhttp)) { + printLockingError(); + return + } + + var sel_rows = getSelectedFeeds(); + + var cat_sel = document.getElementById("sfeed_set_fcat"); + var cat_id = cat_sel[cat_sel.selectedIndex].id; + + if (sel_rows.length > 0) { + + notify("Changing category of selected feeds..."); + + xmlhttp.open("GET", "backend.php?op=pref-feeds&subop=categorize&ids="+ + param_escape(sel_rows.toString()) + "&cat_id=" + param_escape(cat_id), true); + xmlhttp.onreadystatechange=feedlist_callback; + xmlhttp.send(null); + + } else { + + notify("Please select some feeds first."); + + } + +} diff --git a/tt-rss.css b/tt-rss.css index 67970aff..6629f1ca 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -342,7 +342,7 @@ iframe { iframe.feedsFrame { width : 100%; - height : 90%; + height : 100%; margin : 0px; padding : 0px; } @@ -649,7 +649,7 @@ span.insensitive { color : gray; } -div.prefGenericAddBox { +.prefGenericAddBox { margin : 5px; }