Commit 75cd221b authored by Sebastian Reichel's avatar Sebastian Reichel

Imported Upstream version 1.5.9

parent 0cc4dbf9
<?php
set_include_path(get_include_path() . PATH_SEPARATOR .
set_include_path(get_include_path() . PATH_SEPARATOR .
dirname(__FILE__) . "/include");
/* remove ill effects of magic quotes */
......@@ -20,6 +20,11 @@
$op = $_REQUEST["op"];
@$method = $_REQUEST['subop'] ? $_REQUEST['subop'] : $_REQUEST["method"];
if (!$method)
$method = 'index';
else
$method = strtolower($method);
/* Public calls compatibility shim */
$public_calls = array("globalUpdateFeeds", "rss", "getUnread", "getProfiles", "share",
......@@ -30,6 +35,8 @@
return;
}
@$csrf_token = $_REQUEST['csrf_token'];
require_once "functions.php";
require_once "sessions.php";
require_once "sanity_check.php";
......@@ -138,13 +145,17 @@
$handler = new $op($link, $_REQUEST);
if ($handler) {
if ($handler->before($method)) {
if ($method && method_exists($handler, $method)) {
$handler->$method();
} else if (method_exists($handler, 'index')) {
$handler->index();
if (validate_csrf($csrf_token) || $handler->csrf_ignore($method)) {
if ($handler->before($method)) {
if ($method && method_exists($handler, $method)) {
$handler->$method();
}
$handler->after();
return;
}
$handler->after();
} else {
header("Content-Type: text/plain");
print json_encode(array("error" => array("code" => 6)));
return;
}
}
......
......@@ -2,7 +2,7 @@
class API extends Handler {
const API_LEVEL = 1;
const API_LEVEL = 2;
const STATUS_OK = 0;
const STATUS_ERR = 1;
......@@ -170,9 +170,15 @@ class API extends Handler {
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
/* do not rely on params below */
$search = db_escape_string($_REQUEST["search"]);
$search_mode = db_escape_string($_REQUEST["search_mode"]);
$match_on = db_escape_string($_REQUEST["match_on"]);
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
$include_attachments, $since_id);
$include_attachments, $since_id, $search, $search_mode, $match_on);
print $this->wrap(self::STATUS_OK, $headlines);
} else {
......
<?php
class Article extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("redirect");
return array_search($method, $csrf_ignored) !== false;
}
function redirect() {
$id = db_escape_string($_REQUEST['id']);
......
......@@ -16,9 +16,29 @@ class Dlg extends Protected_Handler {
print "</dlg>";
}
function exportData() {
print "<p style='text-align : center' id='export_status_message'>You need to prepare exported data first by clicking the button below.</p>";
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"dijit.byId('dataExportDlg').prepare()\">".
__('Prepare data')."</button>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"dijit.byId('dataExportDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
function importOpml() {
header("Content-Type: text/html"); # required for iframe
print __("If you have imported labels and/or filters, you might need to reload preferences to see your new data.") . "</p>";
print "<div class=\"prefFeedOPMLHolder\">";
$owner_uid = $_SESSION["uid"];
......@@ -41,7 +61,6 @@ class Dlg extends Protected_Handler {
/* Handle OPML import by DOMXML/DOMDocument */
print "<ul class='nomarks'>";
print "<li>".__("Importing using DOMDocument.")."</li>";
require_once "opml.php";
opml_import_domdoc($this->link, $owner_uid);
print "</ul>";
......@@ -49,7 +68,7 @@ class Dlg extends Protected_Handler {
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
onclick=\"dijit.byId('opmlImportDlg').hide()\">".
onclick=\"dijit.byId('opmlImportDlg').execute()\">".
__('Close this window')."</button>";
print "</div>";
......@@ -417,6 +436,7 @@ class Dlg extends Protected_Handler {
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"quiet\" value=\"1\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"add\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
$result = db_query($this->link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
......@@ -461,8 +481,16 @@ class Dlg extends Protected_Handler {
print "<hr/>";
print __("in") . " ";
print "<span id='filterDlg_feeds'>";
print_feed_select($this->link, "feed_id", $active_feed_id,
'dojoType="dijit.form.FilteringSelect"');
print "</span>";
print "<span id='filterDlg_cats' style='display : none'>";
print_feed_cat_select($this->link, "cat_id", $active_cat_id,
'dojoType="dijit.form.FilteringSelect"');
print "</span>";
print "</div>";
......@@ -504,7 +532,11 @@ class Dlg extends Protected_Handler {
<label for=\"enabled\">".__('Enabled')."</label><hr/>";
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\">
<label for=\"inverse\">".__('Inverse match')."</label>";
<label for=\"inverse\">".__('Inverse match')."</label><hr/>";
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"cat_filter\" id=\"cat_filter\" onchange=\"filterDlgCheckCat(this)\">
<label for=\"cat_filter\">".__('Apply to category')."</label><hr/>";
print "</div>";
......@@ -922,5 +954,28 @@ class Dlg extends Protected_Handler {
return;
}
function dataImport() {
header("Content-Type: text/html"); # required for iframe
print "<div style='text-align : center'>";
if (is_file($_FILES['export_file']['tmp_name'])) {
perform_data_import($this->link, $_FILES['export_file']['tmp_name'], $_SESSION['uid']);
} else {
print "<p>" . T_sprintf("Could not upload file. You might need to adjust upload_max_filesize
in PHP.ini (current value = %s)", ini_get("upload_max_filesize")) . " or use CLI import tool.</p>";
}
print "<button dojoType=\"dijit.form.Button\"
onclick=\"dijit.byId('dataImportDlg').hide()\">".
__('Close this window')."</button>";
print "</div>";
}
}
?>
<?php
class Feeds extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index");
return array_search($method, $csrf_ignored) !== false;
}
private function feedlist_init_cat($cat_id, $hidden = false) {
$obj = array();
$cat_id = (int) $cat_id;
......@@ -178,9 +184,10 @@ class Feeds extends Protected_Handler {
catchupArticlesById($this->link, $ids, $cmode);
} */
//if ($method == "ForceUpdate" && $feed && is_numeric($feed) > 0) {
// update_rss_feed($this->link, $feed, true);
//}
if ($method == "ForceUpdate" && $feed && is_numeric($feed) > 0) {
include "rssfuncs.php";
update_rss_feed($this->link, $feed, true);
}
if ($method == "MarkAllRead") {
catchup_feed($this->link, $feed, $cat_view);
......@@ -628,7 +635,7 @@ class Feeds extends Protected_Handler {
$reply['content'] .= "&nbsp;";
$reply['content'] .= "<a target='_blank' href='" . htmlspecialchars($tmp_line['feed_url']) . "'>";
$reply['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.gif'></a>";
$reply['content'] .= "<img title='".__('Feed URL')."'class='tinyFeedIcon' src='images/pub_set.png'></a>";
$reply['content'] .= "</div>";
}
......
......@@ -8,6 +8,10 @@ class Handler {
$this->args = $args;
}
function csrf_ignore($method) {
return true;
}
function before() {
return true;
}
......
<?php
class Pref_Feeds extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index", "getfeedtree", "add", "editcats", "editfeed",
"savefeedorder");
return array_search($method, $csrf_ignored) !== false;
}
function batch_edit_cbox($elem, $label = false) {
print "<input type=\"checkbox\" title=\"".__("Check to enable field")."\"
onchange=\"dijit.byId('feedEditDlg').toggleField(this, '$elem', '$label')\">";
......@@ -441,12 +449,10 @@ class Pref_Feeds extends Protected_Handler {
$checked = "";
}
if (SIMPLEPIE_CACHE_IMAGES) {
print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
print "<hr/><input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
$checked>&nbsp;<label for=\"cache_images\">".
__('Cache images locally (SimplePie only)')."</label>";
}
__('Cache images locally')."</label>";
$mark_unread_on_update = sql_bool_to_bool(db_fetch_result($result, 0, "mark_unread_on_update"));
......@@ -648,16 +654,13 @@ class Pref_Feeds extends Protected_Handler {
print "&nbsp;"; $this->batch_edit_cbox("always_display_enclosures", "always_display_enclosures_l");
if (SIMPLEPIE_CACHE_IMAGES) {
print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"cache_images_l\"
for=\"cache_images\">".
__('Cache images locally')."</label>";
print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"cache_images\"
name=\"cache_images\"
dojoType=\"dijit.form.CheckBox\">&nbsp;<label class='insensitive' id=\"cache_images_l\"
for=\"cache_images\">".
__('Cache images locally')."</label>";
print "&nbsp;"; $this->batch_edit_cbox("cache_images", "cache_images_l");
}
print "&nbsp;"; $this->batch_edit_cbox("cache_images", "cache_images_l");
print "<br/><input disabled=\"1\" type=\"checkbox\" id=\"mark_unread_on_update\"
name=\"mark_unread_on_update\"
......@@ -734,11 +737,7 @@ class Pref_Feeds extends Protected_Handler {
$category_qpart_nocomma = "";
}
if (SIMPLEPIE_CACHE_IMAGES) {
$cache_images_qpart = "cache_images = $cache_images,";
} else {
$cache_images_qpart = "";
}
$cache_images_qpart = "cache_images = $cache_images,";
if (!$batch) {
......@@ -1400,47 +1399,68 @@ class Pref_Feeds extends Protected_Handler {
print "</div>"; # feeds pane
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('OPML')."\">";
print "<div dojoType=\"dijit.layout.AccordionPane\" title=\"".__('Import and export')."\">";
print "<p>" . __("Using OPML you can export and import your feeds and Tiny Tiny RSS settings.") . " ";
print "<h3>" . __("OPML") . "</h3>";
print "<span class=\"insensitive\">" . __("Note: Only main settings profile can be migrated using OPML.") . "</span>";
print "<p>" . __("Using OPML you can export and import your feeds, filters, labels and Tiny Tiny RSS settings.") . " ";
print "</p>";
print __("Only main settings profile can be migrated using OPML.") . "</p>";
print "<h3>" . __("Import") . "</h3>";
print "<br/><iframe id=\"upload_iframe\"
print "<iframe id=\"upload_iframe\"
name=\"upload_iframe\" onload=\"opmlImportComplete(this)\"
style=\"width: 400px; height: 100px; display: none;\"></iframe>";
print "<form name=\"opml_form\" style='display : block' target=\"upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
action=\"backend.php\">
<input id=\"opml_file\" name=\"opml_file\" type=\"file\">&nbsp;
<input type=\"hidden\" name=\"op\" value=\"dlg\">
<input type=\"hidden\" name=\"method\" value=\"importOpml\">
<button dojoType=\"dijit.form.Button\" onclick=\"return opmlImport();\" type=\"submit\">" .
__('Import') . "</button>";
__('Import my OPML') . "</button>";
print "<h3>" . __("Export") . "</h3>";
print "<hr>";
print "<p>" . __('Filename:') .
" <input type=\"text\" id=\"filename\" value=\"TinyTinyRSS.opml\" />&nbsp;" .
__('Include settings') . "<input type=\"checkbox\" id=\"settings\" CHECKED />" .
__('Include settings') . "<input type=\"checkbox\" id=\"settings\" checked=\"1\"/>";
"<button dojoType=\"dijit.form.Button\"
print "</p><button dojoType=\"dijit.form.Button\"
onclick=\"gotoExportOpml(document.opml_form.filename.value, document.opml_form.settings.checked)\" >" .
__('Export') . "</button></p></form>";
__('Export OPML') . "</button></p></form>";
print "<h3>" . __("Publish") . "</h3>";
print "<hr>";
print "<p>".__('Your OPML can be published publicly and can be subscribed by anyone who knows the URL below.') . " ";
print "<span class=\"insensitive\">" . __("Note: Published OPML does not include your Tiny Tiny RSS settings, feeds that require authentication or feeds hidden from Popular feeds.") . "</span>" . "</p>";
print __("Published OPML does not include your Tiny Tiny RSS settings, feeds that require authentication or feeds hidden from Popular feeds.") . "</p>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return displayDlg('pubOPMLUrl')\">".
__('Display URL')."</button> ";
__('Display published OPML URL')."</button> ";
print "<h3>" . __("Article archive") . "</h3>";
print "<p>" . __("You can export and import your Starred and Archived articles for safekeeping or when migrating between tt-rss instances.") . "</p>";
print "<button dojoType=\"dijit.form.Button\" onclick=\"return exportData()\">".
__('Export my data')."</button> ";
print "<hr>";
print "<iframe id=\"data_upload_iframe\"
name=\"data_upload_iframe\" onload=\"dataImportComplete(this)\"
style=\"width: 400px; height: 100px; display: none;\"></iframe>";
print "<form name=\"import_form\" style='display : block' target=\"data_upload_iframe\"
enctype=\"multipart/form-data\" method=\"POST\"
action=\"backend.php\">
<input id=\"export_file\" name=\"export_file\" type=\"file\">&nbsp;
<input type=\"hidden\" name=\"op\" value=\"dlg\">
<input type=\"hidden\" name=\"method\" value=\"dataimport\">
<button dojoType=\"dijit.form.Button\" onclick=\"return importData();\" type=\"submit\">" .
__('Import') . "</button>";
print "</div>"; # pane
......
<?php
class Pref_Filters extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index", "getfiltertree", "edit");
return array_search($method, $csrf_ignored) !== false;
}
function filter_test($filter_type, $reg_exp,
$action_id, $action_param, $filter_param, $inverse, $feed_id) {
$action_id, $action_param, $filter_param, $inverse, $feed_id, $cat_id,
$cat_filter) {
$result = db_query($this->link, "SELECT name FROM ttrss_filter_types WHERE
id = " . $filter_type);
......@@ -28,8 +35,8 @@ class Pref_Filters extends Protected_Handler {
$feed_title = getFeedTitle($this->link, $feed);
$qfh_ret = queryFeedHeadlines($this->link, $feed,
30, "", false, false, false,
$qfh_ret = queryFeedHeadlines($this->link, $cat_filter ? $cat_id : $feed,
30, "", $cat_filter, false, false,
false, "date_entered DESC", 0, $_SESSION["uid"], $filter);
$result = $qfh_ret[0];
......@@ -94,17 +101,21 @@ class Pref_Filters extends Protected_Handler {
ttrss_filter_types.description AS filter_type_descr,
enabled,
inverse,
cat_filter,
feed_id,
ttrss_filters.cat_id,
action_id,
filter_param,
filter_type,
ttrss_filter_actions.description AS action_description,
ttrss_feeds.title AS feed_title,
ttrss_feed_categories.title AS cat_title,
ttrss_filter_actions.name AS action_name,
ttrss_filters.action_param AS action_param
FROM
ttrss_filter_types,ttrss_filter_actions,ttrss_filters LEFT JOIN
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id)
ttrss_feeds ON (ttrss_filters.feed_id = ttrss_feeds.id) LEFT JOIN
ttrss_feed_categories ON (ttrss_filters.cat_id = ttrss_feed_categories.id)
WHERE
filter_type = ttrss_filter_types.id AND
ttrss_filter_actions.id = action_id AND
......@@ -163,7 +174,13 @@ class Pref_Filters extends Protected_Handler {
$filter['inverse'] = sql_bool_to_bool($line['inverse']);
$filter['checkbox'] = false;
if ($line['feed_id'])
if (sql_bool_to_bool($line['cat_filter']))
if ($line['cat_id'] != 0) {
$filter['feed'] = $line['cat_title'];
} else {
$filter['feed'] = __('Uncategorized');
}
else if ($line['feed_id'])
$filter['feed'] = $line['feed_title'];
array_push($cat['items'], $filter);
......@@ -191,18 +208,21 @@ class Pref_Filters extends Protected_Handler {
$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
$filter_type = db_fetch_result($result, 0, "filter_type");
$feed_id = db_fetch_result($result, 0, "feed_id");
$cat_id = db_fetch_result($result, 0, "cat_id");
$action_id = db_fetch_result($result, 0, "action_id");
$action_param = db_fetch_result($result, 0, "action_param");
$filter_param = db_fetch_result($result, 0, "filter_param");
$enabled = sql_bool_to_bool(db_fetch_result($result, 0, "enabled"));
$inverse = sql_bool_to_bool(db_fetch_result($result, 0, "inverse"));
$cat_filter = sql_bool_to_bool(db_fetch_result($result, 0, "cat_filter"));
print "<form id=\"filter_edit_form\" onsubmit='return false'>";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"pref-filters\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"id\" value=\"$filter_id\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"editSave\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"csrf_token\" value=\"".$_SESSION['csrf_token']."\">";
$result = db_query($this->link, "SELECT id,description
FROM ttrss_filter_types ORDER BY description");
......@@ -250,8 +270,21 @@ class Pref_Filters extends Protected_Handler {
print "<hr/>";
print __("in") . " ";
$hidden = $cat_filter ? "style='display:none'" : "";
print "<span id='filterDlg_feeds' $hidden>";
print_feed_select($this->link, "feed_id", $feed_id,
'dojoType="dijit.form.FilteringSelect"');
print "</span>";
$hidden = $cat_filter ? "" : "style='display:none'";
print "<span id='filterDlg_cats' $hidden>";
print_feed_cat_select($this->link, "cat_id", $cat_id,
'dojoType="dijit.form.FilteringSelect"');
print "</span>";
print "</div>";
......@@ -316,7 +349,16 @@ class Pref_Filters extends Protected_Handler {
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"inverse\" id=\"inverse\" $checked>
<label for=\"inverse\">".__('Inverse match')."</label>";
<label for=\"inverse\">".__('Inverse match')."</label><hr/>";
if ($cat_filter) {
$checked = "checked=\"1\"";
} else {
$checked = "";
}
print "<input dojoType=\"dijit.form.CheckBox\" type=\"checkbox\" name=\"cat_filter\" id=\"cat_filter\" onchange=\"filterDlgCheckCat(this)\" $checked>
<label for=\"cat_filter\">".__('Apply to category')."</label><hr/>";
print "</div>";
print "</div>";
......@@ -356,6 +398,8 @@ class Pref_Filters extends Protected_Handler {
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$enabled = checkbox_to_sql_bool(db_escape_string($_REQUEST["enabled"]));
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
$cat_filter = checkbox_to_sql_bool(db_escape_string($_REQUEST["cat_filter"]));
$cat_id = db_escape_string($_REQUEST['cat_id']);
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
......@@ -366,6 +410,12 @@ class Pref_Filters extends Protected_Handler {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
if (!$cat_id) {
$cat_id = 'NULL';
} else {
$cat_id = sprintf("'%d'", db_escape_string($cat_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
......@@ -381,10 +431,12 @@ class Pref_Filters extends Protected_Handler {
$result = db_query($this->link, "UPDATE ttrss_filters SET
reg_exp = '$reg_exp',
feed_id = $feed_id,
cat_id = $cat_id,
action_id = '$action_id',
filter_type = '$filter_type',
enabled = $enabled,
inverse = $inverse,
cat_filter = $cat_filter,
action_param = '$action_param',
filter_param = '$filter_param'
WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
......@@ -392,7 +444,8 @@ class Pref_Filters extends Protected_Handler {
$this->filter_test($filter_type, $reg_exp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
(int) $_REQUEST["feed_id"], (int) $_REQUEST['cat_id'],
sql_bool_to_bool($cat_filter));
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
......@@ -422,10 +475,12 @@ class Pref_Filters extends Protected_Handler {
$regexp = db_escape_string(trim($_REQUEST["reg_exp"]));
$filter_type = db_escape_string(trim($_REQUEST["filter_type"]));
$feed_id = db_escape_string($_REQUEST["feed_id"]);
$cat_id = db_escape_string($_REQUEST["cat_id"]);
$action_id = db_escape_string($_REQUEST["action_id"]);
$action_param = db_escape_string($_REQUEST["action_param"]);
$action_param_label = db_escape_string($_REQUEST["action_param_label"]);
$inverse = checkbox_to_sql_bool(db_escape_string($_REQUEST["inverse"]));
$cat_filter = checkbox_to_sql_bool(db_escape_string($_REQUEST["cat_filter"]));
# for the time being, no other filters use params anyway...
$filter_param = db_escape_string($_REQUEST["filter_date_modifier"]);
......@@ -438,6 +493,12 @@ class Pref_Filters extends Protected_Handler {
$feed_id = sprintf("'%s'", db_escape_string($feed_id));
}
if (!$cat_id) {
$cat_id = 'NULL';
} else {
$cat_id = sprintf("'%d'", db_escape_string($cat_id));
}
/* When processing 'assign label' filters, action_param_label dropbox
* overrides action_param */
......@@ -452,11 +513,11 @@ class Pref_Filters extends Protected_Handler {
if ($savemode != "test") {
$result = db_query($this->link,
"INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid,feed_id,
action_id, action_param, inverse, filter_param)
action_id, action_param, inverse, filter_param, cat_id, cat_filter)
VALUES
('$regexp', '$filter_type','".$_SESSION["uid"]."',
$feed_id, '$action_id', '$action_param', $inverse,
'$filter_param')");
'$filter_param', $cat_id, '$cat_filter')");
if (db_affected_rows($this->link, $result) != 0) {
print T_sprintf("Created filter <b>%s</b>", htmlspecialchars($regexp));
......@@ -466,7 +527,8 @@ class Pref_Filters extends Protected_Handler {
$this->filter_test($filter_type, $regexp,
$action_id, $action_param, $filter_param, sql_bool_to_bool($inverse),
(int) $_REQUEST["feed_id"]);
(int) $_REQUEST["feed_id"], (int) $_REQUEST['cat_id'],
sql_bool_to_bool($cat_filter));
print "<div align='center'>";
print "<button dojoType=\"dijit.form.Button\"
......
<?php
class Pref_Instances extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index", "edit");
return array_search($method, $csrf_ignored) !== false;
}
function before() {
if (parent::before()) {
if ($_SESSION["access_level"] < 10) {
......
<?php
class Pref_Labels extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index", "getlabeltree", "edit");
return array_search($method, $csrf_ignored) !== false;
}
function edit() {
$label_id = db_escape_string($_REQUEST['id']);
......
<?php
class Pref_Prefs extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("index");
return array_search($method, $csrf_ignored) !== false;
}
function changepassword() {
$old_pw = $_POST["old_password"];
......
<?php
class Pref_Users extends Protected_Handler {
function before() {
if (parent::before()) {
if ($_SESSION["access_level"] < 10) {
......@@ -12,6 +11,12 @@ class Pref_Users extends Protected_Handler {
return false;
}
function csrf_ignore($method) {
$csrf_ignored = array("index");
return array_search($method, $csrf_ignored) !== false;
}
function userdetails() {
header("Content-Type: text/xml");
......
......@@ -304,7 +304,7 @@ class Public_Handler extends Handler {
function globalUpdateFeeds() {
include "rssfuncs.php";
// Update all feeds needing a update.
update_daemon_common($this->link, 0, true, true);
update_daemon_common($this->link, 0, true, false);
}
}
?>
<?php
class RPC extends Protected_Handler {
function csrf_ignore($method) {
$csrf_ignored = array("sanitycheck", "buttonplugin", "exportget");
return array_search($method, $csrf_ignored) !== false;
}
function setprofile() {
$id = db_escape_string($_REQUEST["id"]);
......@@ -8,6 +14,89 @@ class RPC extends Protected_Handler {
$_SESSION["prefs_cache"] = array();
}
function exportget() {
$exportname = CACHE_DIR . "/export/" .