function relatedTags($tags)
{
/* related tags */
$twhere = "";
foreach ($tags as $tag) {
$tag = rss_real_escape_string($tag);
$twhere .= "t.tag='{$tag}' or ";
}
$twhere .= "1=0";
$sql = "select fid,tid,m.tdate from " . getTable('metatag') . " m " . "inner join " . getTable('tag') . " t on t.id = m.tid where m.ttype = 'item'" . " and ({$twhere})";
//echo $sql;
$res = rss_query($sql);
$fids = array();
$ctid = -1;
while (list($fid, $tid) = rss_fetch_row($res)) {
$fids[] = $fid;
$tids[] = $tid;
}
$fids = array_unique($fids);
$tids = array_unique($tids);
$rtags = array();
if (count($fids)) {
$sql = "select t.tag, count(*) as cnt from " . getTable('metatag') . " m left join " . getTable('item') . " i on (m.fid=i.id) " . " inner join " . getTable('tag') . " t on (t.id = m.tid) " . " where m.fid in (" . implode(",", $fids) . ")" . " and t.id not in (" . implode(",", $tids) . ")";
if (hidePrivate()) {
$sql .= " and not(i.unread & " . RSS_MODE_PRIVATE_STATE . ") ";
}
$sql .= " group by t.tag order by cnt desc";
//echo $sql;
$res = rss_query($sql);
while (list($rtag, $cnt) = rss_fetch_row($res)) {
$rtags[$rtag] = $cnt;
}
}
return $rtags;
}
/**
* Constructor. Fills in the instance variables, escapes urls accordingly
*/
function FeedListItem($id, $title, $url, $siteurl, $name, $parent, $icon, $descr, $mode, $unreadCount)
{
$this->id = $id;
$this->title = $title;
$this->url = $url;
$this->publicUrl = preg_replace('|(https?://)([^:]+:[^@]+@)(.+)$|', '\\1\\3', $url);
$this->siteurl = $siteurl;
$this->name = $name;
$this->parent = $parent;
if (getConfig('rss.output.showfavicons') && $icon) {
if (substr($icon, 0, 5) == 'blob:') {
$this->icon = getPath() . "extlib/favicon.php?url=" . rss_real_escape_string(substr($icon, 5));
} else {
$this->icon = $icon;
}
} elseif (getConfig('rss.output.showfavicons')) {
$this->icon = getExternalThemeFile("media/noicon.png");
} else {
$this->icon = false;
}
$this->descr = $descr;
$this->mode = $mode;
if (getConfig('rss.output.usemodrewrite')) {
$this->rlink = getPath(rss_uri($title)) . "/";
} else {
$this->rlink = getPath() . "feed.php?channel={$id}";
}
if ($unreadCount > 0) {
$this->rdLbl = sprintf(__('<strong id="%s" style="%s">(%d unread)</strong>'), "cid{$id}", "", $unreadCount);
$this->class_ = "feed title unread";
} else {
$this->rdLbl = "";
$this->class_ = "feed title";
}
}
function dashboard()
{
$idtoken = _VERSION_ . "-" . md5($_SERVER["HTTP_HOST"]);
$magpieCacheAge = 60 * 60 * 24;
if (function_exists('apache_request_headers')) {
$hdrs = apache_request_headers();
if (isset($hdrs['Pragma']) && $hdrs['Pragma'] == 'no-cache' || isset($hdrs['Cache-Control']) && $hdrs['Cache-Control'] == 'no-cache') {
$magpieCacheAge = 0;
}
}
define('MAGPIE_FETCH_TIME_OUT', 2);
define('MAGPIE_CACHE_AGE', $magpieCacheAge);
$rs = rss_query("select id, title, position, url, obj, unix_timestamp(daterefreshed), itemcount " . " from " . getTable('dashboard') . " order by position asc");
$rss = array();
while (list($id, $title, $pos, $url, $obj, $ts, $cnt) = rss_fetch_row($rs)) {
if ($obj && time() - $ts < $magpieCacheAge) {
$rss[$title] = unserialize($obj);
} else {
$old_level = error_reporting(E_ERROR);
$rss[$title] = fetch_rss($url . $idtoken);
error_reporting($old_level);
if ($rss[$title] && is_object($rss[$title])) {
$rss[$title]->items = array_slice($rss[$title]->items, 0, $cnt);
rss_query('update ' . getTable('dashboard') . " set obj='" . rss_real_escape_string(serialize($rss[$title])) . "', " . " daterefreshed=now()\twhere id={$id}");
}
}
if ($rss[$title] && is_object($rss[$title])) {
if ($pos == 0) {
echo "\n\t\t\t\t\t\t\t<h2 style=\"margin-bottom: 0.5em\">{$title}</h2>\n\t\t\t\t\t\t\t<div id=\"db_main\">\n\t\t\t\t\t\t\t<ul>";
foreach ($rss[$title]->items as $item) {
echo "<li class=\"item unread\">\n" . "<h4><a href=\"" . $item['link'] . "\">" . $item['title'] . "</a></h4>\n" . "<h5>Posted: " . time_since(strtotime($item['pubdate'])) . " ago </h5>\n" . "<div class=\"content\">" . $item['content']['encoded'] . "</div>\n</li>\n";
}
echo "</ul></div>\n";
} else {
echo "<div class=\"frame db_side\">\n";
db_side($title, $rss[$title]);
echo "</div>";
}
}
}
}
/**
* Logs in a user given the username and password.
* If the user provided valid username and password,
* he is given a cookie and his IP address subnet is added
* to the list of valid IPs this user is allowed to log in
* via a cookie
*
* Returns true on a successful login, false otherwise.
*/
function login($uname, $pass)
{
$sql = "select uname,ulevel,userips from " . getTable('users') . "where uname='" . rss_real_escape_string($uname) . "' and password='******'";
list($uname, $ulevel, $userips) = rss_fetch_row(rss_query($sql));
if ($ulevel == '') {
$ulevel = RSS_USER_LEVEL_NOLEVEL;
return false;
} else {
// "push" the user IP into the list of logged-in IP subnets
$subnet = preg_replace('#^([0-9]+\\.[0-9]+\\.[0-9]+)\\.[0-9]+$#', '\\1', $_SERVER['REMOTE_ADDR']);
$this->_validIPs = explode(' ', $userips);
$this->_validIPs[] = $subnet;
$sql = "update " . getTable('users') . " set userips = '" . implode(' ', $this->_validIPs) . "'" . " where uname = '{$uname}' ";
rss_query($sql);
if ($this->_mobileSession) {
$this->setUserSession($uname, $pass);
} else {
$this->setUserCookie($uname, $pass);
}
rss_invalidate_cache();
return true;
}
return false;
}
function rss_plugins_delete_option($key)
{
if (!$key) {
return;
}
$pKey = "plugins." . rss_real_escape_string($key);
$ret = rss_query("delete from " . getTable("config") . " where key_='{$pKey}'");
configInvalidate();
return $ret;
}
$show_what = $_COOKIE[SHOW_WHAT];
}
if (array_key_exists('chkPrivate', $_POST)) {
$show_private = empty($_POST['chkPrivate']) ? 0 : $_POST['chkPrivate'];
setcookie('chkPrivate', $show_private, time() + COOKIE_LIFESPAN, getPath());
} else {
$show_private = empty($_COOKIE['chkPrivate']) ? 0 : $_COOKIE['chkPrivate'];
}
rss_user_set_show_private($show_private);
if (array_key_exists('metaaction', $_POST) && $_POST['metaaction'] != "" && trim($_POST['metaaction']) == trim('ACT_MARK_READ') && isLoggedIn()) {
$sql = "update " . getTable("item") . " set unread=unread & " . SET_MODE_READ_STATE . " where unread & " . RSS_MODE_UNREAD_STATE;
if (hidePrivate()) {
$sql .= " and not(unread & " . RSS_MODE_PRIVATE_STATE . ")";
}
if (array_key_exists('markreadids', $_POST)) {
$sql .= " and id in (" . rss_real_escape_string($_POST['markreadids']) . ")";
}
rss_query($sql);
rss_invalidate_cache();
}
if (array_key_exists('update', $_REQUEST)) {
update("");
}
$cntTotalItems = getConfig('rss.output.frontpage.numitems');
rss_plugin_hook('rss.plugins.frontpage.beforeunread', null);
$cntUnreadItems = unreadItems($show_what, $show_private);
// Now we have to decide how many read items to display
$cntReadItems = getConfig('rss.output.frontpage.numreaditems');
rss_plugin_hook('rss.plugins.frontpage.beforeread', null);
if ($show_what == SHOW_UNREAD_ONLY) {
if ($cntUnreadItems == 0 && $cntTotalItems) {
$d = (int) sanitize($_REQUEST['d'], RSS_SANITIZER_NUMERIC);
if ($d > 31) {
$d = date("d");
}
$iid = $cid = null;
}
// If we have no channel-id something went terribly wrong.
// Send a 404.
if ((!isset($cid) || $cid == "" || !getConfig('rss.output.usemodrewrite') && !is_numeric($cid)) && (!isset($cids) || !is_array($cids) || !count($cids)) && !isset($vfid) && ($d == 0 && $m == 0 && $y == 0)) {
rss_404();
exit;
}
//echo ("cid=".(isset($cid)?"$cid":"") . " fid=" . (isset($fid)?"$fid":""));
if (isLoggedIn() && array_key_exists('metaaction', $_REQUEST)) {
if (array_key_exists('markreadids', $_POST)) {
$IdsToMarkAsRead = explode(",", rss_real_escape_string($_POST['markreadids']));
//var_dump($IdsToMarkAsRead);
} else {
$IdsToMarkAsRead = array();
}
switch ($_REQUEST['metaaction']) {
case 'ACT_MARK_CHANNEL_READ':
/** mark channel as read **/
$sql = "update " . getTable("item") . " set unread = unread & " . SET_MODE_READ_STATE . " where cid={$cid}";
if (hidePrivate()) {
$sql .= " and not(unread & " . RSS_MODE_PRIVATE_STATE . ")";
}
if (count($IdsToMarkAsRead)) {
$sql .= " and id in (" . implode(',', $IdsToMarkAsRead) . ")";
}
rss_query($sql);
/**
* Performs all the feed-related admin actions
*/
function channel_admin()
{
// Fix for #16: Admin (et al.) should not rely on l10n labels for actions:
// Look for a meta-action first, which should be the (untranslated) *name* of
// the (translated) action constant.
// Fixme: should replace 'action's with a constant
if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) {
$__action__ = $_REQUEST[CST_ADMIN_METAACTION];
} elseif (array_key_exists('action', $_REQUEST)) {
$__action__ = $_REQUEST['action'];
} else {
$__action__ = "";
}
$ret__ = CST_ADMIN_DOMAIN_NONE;
switch ($__action__) {
case __('Add'):
case 'ACT_ADMIN_ADD':
case 'Add':
$label = trim(sanitize($_REQUEST['new_channel'], RSS_SANITIZER_URL));
$fid = trim(sanitize($_REQUEST['add_channel_to_folder'], RSS_SANITIZER_NUMERIC));
list($flabel) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id={$fid}"));
// handle "feed:" urls
if (substr($label, 0, 5) == 'feed:') {
if (substr($label, 0, 11) == "feed://http") {
$label = substr($label, 5);
} else {
// handle feed://example.com/rss.xml urls
$label = "http:" . substr($label, 5);
}
}
if ($label != 'http://' && substr($label, 0, 4) == "http") {
$tags = @$_REQUEST['channel_tags'];
$ret = add_channel($label, $fid, null, null, $tags);
//var_dump($ret);
if (is_array($ret) && $ret[0] > -1) {
update($ret[0]);
rss_invalidate_cache();
// feedback
$newCid = $ret[0];
rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . " [<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&action=edit&cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} elseif (is_array($ret) && $ret[0] > -2) {
// okay, something went wrong, maybe thats a html url after all?
// let's try and see if we can extract some feeds
$feeds = extractFeeds($label);
if (!is_array($feeds) || sizeof($feeds) == 0) {
rss_error($ret[1], RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} else {
//one single feed in the html doc, add that
if (is_array($feeds) && sizeof($feeds) == 1 && array_key_exists('href', $feeds[0])) {
$ret = add_channel($feeds[0]['href'], $fid);
if (is_array($ret) && $ret[0] > -1) {
update($ret[0]);
rss_invalidate_cache();
// feedback
$newCid = $ret[0];
rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . " [<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&action=edit&cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} else {
// failure
rss_error($ret[1], RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
}
} else {
// multiple feeds in the channel
echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p>" . sprintf(__('The following feeds were found in <a href="%s">%s</a>, which one would you like to subscribe?'), $label, $label) . "</p>\n";
$cnt = 0;
while (list($id, $feedarr) = each($feeds)) {
// we need an URL
if (!array_key_exists('href', $feedarr)) {
continue;
} else {
$href = $feedarr['href'];
}
if (array_key_exists('type', $feedarr)) {
$typeLbl = " [<a href=\"{$href}\">" . $feedarr['type'] . "</a>]";
}
$cnt++;
if (array_key_exists('title', $feedarr)) {
$lbl = $feedarr['title'];
} elseif (array_key_exists('type', $feedarr)) {
$lbl = $feedarr['type'];
$typeLbl = "";
} elseif (array_key_exists('href', $feedarr)) {
$lbl = $feedarr['href'];
} else {
$lbl = "Resource {$cnt}";
}
echo "<p>\n\t<input class=\"indent\" type=\"radio\" id=\"fd_{$cnt}\" name=\"new_channel\" " . " value=\"{$href}\" />\n" . "\t<label for=\"fd_{$cnt}\">{$lbl} {$typeLbl}</label>\n" . "</p>\n";
}
echo "<p><input type=\"hidden\" name=\"add_channel_to_folder\" value=\"{$fid}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_ADD\" />\n" . "<input type=\"submit\" class=\"indent\" name=\"action\" value=\"" . __('Add') . "\" />\n" . "</p>\n</form>\n\n";
}
}
} elseif (is_array($ret)) {
rss_error($ret[1], RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} else {
rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
}
} else {
rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
}
break;
case CST_ADMIN_EDIT_ACTION:
$id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
channel_edit_form($id);
break;
case CST_ADMIN_DELETE_ACTION:
$id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
$rs = rss_query("select distinct id from " . getTable("item") . " where cid={$id}");
$ids = array();
while (list($did) = rss_fetch_row($rs)) {
$ids[] = $did;
}
if (count($ids)) {
$sqldel = "delete from " . getTable('metatag') . " where fid in (" . implode(",", $ids) . ")";
rss_query($sqldel);
}
$sql = "delete from " . getTable("item") . " where cid={$id}";
rss_query($sql);
$sql = "delete from " . getTable("channels") . " where id={$id}";
rss_query($sql);
// Delete properties
deleteProperty($id, 'rss.input.allowupdates');
deleteProperty($id, 'rss.config.refreshinterval');
deleteProperty($id, 'rss.config.refreshdate');
// Invalidate cache
rss_invalidate_cache();
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) {
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
} else {
list($cname) = rss_fetch_row(rss_query("select title from " . getTable("channels") . " where id = {$id}"));
echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">";
printf(__("Are you sure you wish to delete '%s'?"), $cname);
echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\" />\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\" />\n" . "<input type=\"hidden\" name=\"cid\" value=\"{$id}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\" />\n" . "</p>\n</form>\n";
}
break;
case __('Import'):
case 'ACT_ADMIN_IMPORT':
if (array_key_exists('opml', $_POST) && strlen(trim($_POST['opml'])) > 7) {
$url = trim(sanitize($_POST['opml'], RSS_SANITIZER_NO_SPACES));
} elseif (array_key_exists('opmlfile', $_FILES) && $_FILES['opmlfile']['tmp_name']) {
if (is_uploaded_file($_FILES['opmlfile']['tmp_name'])) {
$url = $_FILES['opmlfile']['tmp_name'];
} else {
$url = '';
}
} else {
$url = '';
}
if (!$url) {
$ret__ = CST_ADMIN_DOMAIN_OPML;
break;
}
if (array_key_exists('opml_import_option', $_POST)) {
$import_opt = $_POST['opml_import_option'];
} else {
$import_opt = CST_ADMIN_OPML_IMPORT_MERGE;
}
if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) {
$opmlfid = sanitize($_POST['opml_import_to_folder'], RSS_SANITIZER_NUMERIC);
} else {
$opmlfid = getRootFolder();
}
@set_time_limit(0);
@ini_set('max_execution_time', 300);
// Parse into and OPML object
$opml = getOpml($url);
if (sizeof($opml) > 0) {
if ($import_opt == CST_ADMIN_OPML_IMPORT_WIPE) {
rss_query("delete from " . getTable("metatag"));
rss_query("delete from " . getTable("channels"));
rss_query("delete from " . getTable("item"));
rss_query("delete from " . getTable("folders") . " where id > 0");
}
if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) {
$fid = $opmlfid;
list($prev_folder) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id= {$opmlfid} "));
} else {
$prev_folder = __('Root');
$fid = 0;
}
echo "<div class=\"frame\" style=\"background-color:#eee;font-size:small\"><ul>\n";
while (list($folder, $items) = each($opml)) {
if ($folder != $prev_folder && $import_opt != CST_ADMIN_OPML_IMPORT_FOLDER) {
$fid = create_folder(strip_tags($folder), false);
$prev_folder = strip_tags($folder);
}
for ($i = 0; $i < sizeof($opml[$folder]); $i++) {
$url_ = isset($opml[$folder][$i]['XMLURL']) ? trim($opml[$folder][$i]['XMLURL']) : null;
$title_ = isset($opml[$folder][$i]['TEXT']) ? trim($opml[$folder][$i]['TEXT']) : null;
// support for title attribute (optional)
$title_ = isset($opml[$folder][$i]['TITLE']) ? trim($opml[$folder][$i]['TITLE']) : $title_;
$descr_ = isset($opml[$folder][$i]['DESCRIPTION']) ? trim($opml[$folder][$i]['DESCRIPTION']) : null;
$cats_ = isset($opml[$folder][$i]['CATEGORY']) ? trim($opml[$folder][$i]['CATEGORY']) : "";
$t__ = strip_tags($title_);
$d__ = strip_tags($descr_);
$f__ = strip_tags($prev_folder);
$u__ = sanitize($url_, RSS_SANITIZER_URL);
$c__ = $cats_;
//preg_replace(ALLOWED_TAGS_REGEXP,' ',$cats_);
if ($u__) {
echo "<li><p>" . sprintf(__('Adding %s to %s... '), $t__, $f__);
flush();
list($retcde, $retmsg) = add_channel($u__, $fid, $t__, $d__);
if ($retcde && count($c__)) {
__exp__submitTag($retcde, utf8_encode($c__), "'channel'");
}
echo ($retcde < 0 ? $retmsg : " OK") . "</p></li>\n";
flush();
}
}
}
echo "</ul>\n<p><b>" . __('Updating') . "...</b></p>\n";
echo "</div>\n";
flush();
//update all the feeds
update("");
rss_invalidate_cache();
}
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
break;
case CST_ADMIN_SUBMIT_EDIT:
$cid = sanitize($_POST['cid'], RSS_SANITIZER_NUMERIC);
rss_plugin_hook('rss.plugins.admin.feed.properties.submit', null);
// TBD
$title = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_name'])));
$url = rss_real_escape_string($_POST['c_url']);
$siteurl = rss_real_escape_string($_POST['c_siteurl']);
$parent = rss_real_escape_string($_POST['c_parent']);
$descr = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_descr'])));
$icon = rss_real_escape_string($_POST['c_icon']);
$priv = array_key_exists('c_private', $_POST) && $_POST['c_private'] == '1';
$tags = rss_real_escape_string($_POST['c_tags']);
$old_priv = $_POST['old_priv'] == '1';
// Feed Properties
$prop_rss_input_allowupdates = rss_real_escape_string($_POST['prop_rss_input_allowupdates']);
if ($prop_rss_input_allowupdates == 'default') {
deleteProperty($cid, 'rss.input.allowupdates');
} else {
setProperty($cid, 'rss.input.allowupdates', 'feed', $prop_rss_input_allowupdates == 1);
}
deleteProperty($cid, 'rss.config.refreshinterval');
$rss_config_refreshinterval = rss_real_escape_string($_POST['rss_config_refreshinterval']);
if ($rss_config_refreshinterval > 60) {
setProperty($cid, 'rss.config.refreshinterval', 'feed', $rss_config_refreshinterval);
}
if ($priv != $old_priv) {
$mode = ", mode = mode ";
if ($priv) {
$mode .= " | " . RSS_MODE_PRIVATE_STATE;
rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid={$cid}");
} else {
$mode .= " & " . SET_MODE_PUBLIC_STATE;
rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid={$cid}");
}
rss_invalidate_cache();
} else {
$mode = "";
}
$del = array_key_exists('c_deleted', $_POST) && $_POST['c_deleted'] == '1';
$old_del = $_POST['old_del'] == '1';
if ($del != $old_del) {
if ($mode == "") {
$mode = ", mode = mode ";
}
if ($del) {
$mode .= " | " . RSS_MODE_DELETED_STATE;
} else {
$mode .= " & " . SET_MODE_AVAILABLE_STATE;
}
}
if ($url == '' || substr($url, 0, 4) != "http") {
rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $url), RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
break;
}
if ($icon && cacheFavicon($icon)) {
$icon = 'blob:' . $icon;
}
$sql = "update " . getTable("channels") . " set title='{$title}', url='{$url}', siteurl='{$siteurl}', " . " parent={$parent}, descr='{$descr}', icon='{$icon}', " . " daterefreshed = 1, etag = '' " . " {$mode} where id={$cid}";
rss_query($sql);
__exp__submitTag($cid, utf8_decode($tags), "'channel'");
rss_invalidate_cache();
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
break;
case CST_ADMIN_MOVE_UP_ACTION:
case CST_ADMIN_MOVE_DOWN_ACTION:
$id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
$res = rss_query("select parent,position from " . getTable("channels") . " where id={$id}");
list($parent, $position) = rss_fetch_row($res);
if ($_REQUEST['action'] == CST_ADMIN_MOVE_UP_ACTION) {
$res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position<{$position} " . " order by abs({$position}-position) limit 1");
} else {
$res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position>{$position} " . " order by abs({$position}-position) limit 1");
}
list($switch_with_id, $switch_with_position) = rss_fetch_row($res);
//If this is already the first or last item in a folder we won't get any results from the query above
if ($switch_with_position != "") {
// right, lets!
if ($switch_with_position != $position) {
rss_query("update " . getTable("channels") . " set position = {$switch_with_position} where id={$id}");
rss_query("update " . getTable("channels") . " set position = {$position} where id={$switch_with_id}");
rss_invalidate_cache();
}
}
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
break;
case CST_ADMIN_MULTIEDIT:
$ret__ = CST_ADMIN_DOMAIN_CHANNEL;
$ids = array();
foreach ($_REQUEST as $key => $val) {
if (preg_match('/^fcb([0-9]+)$/', $key, $match)) {
if (($id = (int) $_REQUEST[$key]) > 0) {
$ids[] = $id;
}
}
}
// no feed selected?
if (count($ids) == 0) {
break;
} else {
$sqlids = " (" . implode(',', $ids) . ")";
}
// MOVE TO FOLDER
if (array_key_exists('me_move_to_folder', $_REQUEST)) {
$fid = sanitize($_REQUEST['me_folder'], RSS_SANITIZER_NUMERIC);
$sql = "update " . getTable('channels') . " set parent={$fid} where id in {$sqlids}";
rss_query($sql);
/// STATE
} elseif (array_key_exists('me_state', $_REQUEST)) {
$deprecated = array_key_exists('me_deprecated', $_REQUEST) ? $_REQUEST['me_deprecated'] : false;
$private = array_key_exists('me_private', $_REQUEST) ? $_REQUEST['me_private'] : false;
if ($private) {
rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_PRIVATE_STATE . " where id in {$sqlids}");
rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid in {$sqlids}");
} else {
rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_PUBLIC_STATE . " where id in {$sqlids}");
rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid in {$sqlids}");
}
if ($deprecated) {
rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_DELETED_STATE . " where id in {$sqlids}");
} else {
rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_AVAILABLE_STATE . " where id in {$sqlids}");
}
// DELETE
} elseif (array_key_exists('me_delete', $_REQUEST)) {
if (array_key_exists('me_do_delete', $_REQUEST) && $_REQUEST['me_do_delete'] == "1") {
$sql = "delete from " . getTable('channels') . " where id in {$sqlids}";
rss_query($sql);
}
} elseif (array_key_exists('me_set_categories', $_POST)) {
$tags = utf8_decode(trim(rss_real_escape_string($_POST['me_categories'])));
if ($tags) {
foreach ($ids as $id) {
__exp__submitTag($id, $tags, '"channel"');
}
}
}
rss_invalidate_cache();
break;
case 'dump':
// Make sure this is a POST
if (!isset($_POST['dumpact'])) {
die('Sorry, you can\'t access this via a GET');
}
$tbl = array('"', '"');
error_reporting(E_ALL);
rss_require('schema.php');
$tables = getExpectedTables();
unset($tables['cache']);
//$tables=array('channels','tag','config');
$bfr = '';
$bfr .= '<' . '?xml version="1.0" encoding="UTF-8"?' . '>' . "\n";
$bfr .= '<dump prefix="' . getTable('') . '" date="' . date('r') . '">' . "\n";
foreach ($tables as $table => $prefixed) {
$rs = rss_query("select * from {$prefixed}");
$bfr .= "<{$table}>\n";
while ($row = rss_fetch_assoc($rs)) {
$r = "<row ";
foreach ($row as $key => $val) {
$val = htmlspecialchars($val);
$r .= " {$key}=\"{$val}\" ";
}
$r .= "/>\n";
$bfr .= $r;
}
$bfr .= "</{$table}>\n";
}
$bfr .= '</dump>' . "\n";
$gzdata = gzencode($bfr, 9);
// Delete the output buffer. This is probably a bad thing to do, if the ob'ing is turned off.
// e.g. data was already sent to the brwoser.
while (@ob_end_clean()) {
}
// Send the dump to the browser:
header("Pragma: public");
// required
header("Expires: 0");
header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
header("Connection: close");
header("Content-Transfer-Encoding: binary");
header("Content-Length: " . strlen($gzdata));
header('Content-type: application/x-gzip');
header('Content-disposition: inline; filename="gregarius.dump.' . date('MjSY') . '.xml.gz"');
die($gzdata);
break;
default:
break;
}
return $ret__;
}
/**
* performs pruning action
*/
function item_admin()
{
$ret__ = CST_ADMIN_DOMAIN_NONE;
switch ($_REQUEST['action']) {
case __('Delete'):
$req = rss_query('select count(*) as cnt from ' . getTable('item') . " where not(unread & " . RSS_MODE_DELETED_STATE . ")");
list($cnt) = rss_fetch_row($req);
$prune_older = sanitize($_REQUEST['prune_older'], RSS_SANITIZER_NUMERIC);
if (array_key_exists('prune_older', $_REQUEST) && strlen($_REQUEST['prune_older']) && is_numeric($_REQUEST['prune_older'])) {
switch ($_REQUEST['prune_period']) {
case __('days'):
$period = 'day';
break;
case __('months'):
$period = 'month';
break;
case __('years'):
$period = 'year';
break;
default:
rss_error(__('Invalid pruning period'), RSS_ERROR_ERROR, true);
return CST_ADMIN_DOMAIN_ITEM;
break;
}
$sql = " from " . getTable('item') . " i inner join " . getTable('channels') . " c on c.id=i.cid " . " where 1=1 ";
if (array_key_exists('prune_channel', $_REQUEST)) {
if (ALL_CHANNELS_ID != $_REQUEST['prune_channel']) {
$sql .= " and c.id = " . $_REQUEST['prune_channel'] . "";
}
}
if ($prune_older > 0) {
$prune_older_date = date("Y-m-d H:i:s", strtotime("-{$prune_older} {$period}"));
$sql .= " and ifnull(i.pubdate, i.added) < '{$prune_older_date}'";
}
if (!array_key_exists('prune_include_sticky', $_REQUEST) || $_REQUEST['prune_include_sticky'] != '1') {
$sql .= " and not(unread & " . RSS_MODE_STICKY_STATE . ") ";
}
if (!array_key_exists('prune_include_flag', $_REQUEST) || $_REQUEST['prune_include_flag'] != '1') {
$sql .= " and not(unread & " . RSS_MODE_FLAG_STATE . ") ";
}
if (!array_key_exists('prune_include_unread', $_REQUEST) || $_REQUEST['prune_include_unread'] != '1') {
$sql .= " and not(unread & " . RSS_MODE_UNREAD_STATE . ") ";
}
if (array_key_exists('prune_exclude_tags', $_REQUEST) && trim($_REQUEST['prune_exclude_tags'])) {
if (trim($_REQUEST['prune_exclude_tags']) == '*') {
$tsql = " select distinct fid from " . getTable('metatag');
} else {
$exclude_tags = explode(" ", $_REQUEST['prune_exclude_tags']);
$trimmed_exclude_tags = array();
foreach ($exclude_tags as $etag) {
if ($tetag = rss_real_escape_string(trim($etag))) {
$trimmed_exclude_tags[] = $tetag;
}
}
$tsql = " select distinct fid from " . getTable('metatag') . " m " . " inner join " . getTable('tag') . " t" . " on t.id = m.tid " . " where t.tag in ('" . implode("', '", $trimmed_exclude_tags) . "')";
}
$tres = rss_query($tsql);
$fids = array();
while (list($fid) = rss_fetch_row($tres)) {
$fids[] = $fid;
}
if (count($fids)) {
$sql .= " and i.id not in (" . implode(",", $fids) . ") ";
}
}
if (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST)) {
// Possible fix for #207: max out execution time
// to avoid timeouts
@set_time_limit(0);
@ini_set('max_execution_time', 60 * 10);
//echo "<pre>\n";
//delete the tags for these items
$sqlids = "select distinct i.id,i.cid " . $sql . " order by i.cid, i.id desc";
$rs = rss_query($sqlids);
$ids = array();
$cids = array();
//echo "to be deleted\n";
while (list($id, $cid) = rss_fetch_row($rs)) {
$cids[$cid][] = $id;
//echo "cid=$cid, $id\n";
}
//echo "\n\n";
if (count($cids)) {
// Righto. Lets check which of these ids still is in cache:
$cacheIds = array();
// now, sort the ids to be deleted into two lists: in cache / to trash
$in_cache = array();
$to_trash = array();
foreach ($cids as $cid => $ids) {
$rsCache = rss_query("select itemsincache from " . getTable('channels') . " where id={$cid}");
list($idString) = rss_fetch_row($rsCache);
if ($idString) {
$cacheIds = unserialize($idString);
} else {
$cacheIds = array();
}
foreach ($ids as $iid) {
//echo "examining: $iid (cid $cid) ->";
if (array_search($iid, $cacheIds) !== FALSE) {
$in_cache[] = $iid;
//echo " in cache!\n";
} else {
$to_trash[] = $iid;
//echo " not in cache!\n";
}
}
}
// cheers, we're set. Now delete the metatag links for *all*
// items to be deleted
if (count($ids)) {
$sqldel = "delete from " . getTable('metatag') . " where fid in (" . implode(",", array_merge($in_cache, $to_trash)) . ")";
rss_query($sqldel);
}
// finally, delete the actual items
if (count($to_trash)) {
rss_query("delete from " . getTable('item') . " where id in (" . implode(", ", $to_trash) . ")");
}
if (count($in_cache)) {
rss_query("update " . getTable('item') . " set unread = unread | " . RSS_MODE_DELETED_STATE . ", description='' " . " where id in (" . implode(", ", $in_cache) . ")");
}
rss_invalidate_cache();
}
$ret__ = CST_ADMIN_DOMAIN_ITEM;
} else {
list($cnt_d) = rss_fetch_row(rss_query("select count(distinct(i.id)) as cnt " . $sql . " and not(i.unread & " . RSS_MODE_DELETED_STATE . ")"));
rss_error(sprintf(__('Warning: you are about to delete %s items (of %s)'), $cnt_d, $cnt), RSS_ERROR_ERROR, true);
echo "<form action=\"\" method=\"post\">\n" . "<p><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_ITEM . "\" />\n" . "<input type=\"hidden\" name=\"prune_older\" value=\"" . $_REQUEST['prune_older'] . "\" />\n" . "<input type=\"hidden\" name=\"prune_period\" value=\"" . $_REQUEST['prune_period'] . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"1\" />\n" . "<input type=\"submit\" name=\"action\" value=\"" . __('Delete') . "\" />\n" . "<input type=\"submit\" name=\"action\" value=\"" . __('Cancel') . "\"/>\n" . "</p>\n" . "</form>\n";
}
} else {
rss_error(__('oops, no period specified'), RSS_ERROR_ERROR, true);
$ret__ = CST_ADMIN_DOMAIN_ITEM;
}
break;
default:
$ret__ = CST_ADMIN_DOMAIN_ITEM;
break;
}
return $ret__;
}
/**
* Feed constructor
*/
function Feed($title, $cid, $icon)
{
$this->rss =& $GLOBALS['rss'];
$this->title = rss_htmlspecialchars($title);
$this->cid = $cid;
if (substr($icon, 0, 5) == 'blob:') {
$this->iconUrl = getPath() . "extlib/favicon.php?url=" . rss_real_escape_string(substr($icon, 5));
} else {
$this->iconUrl = $icon;
}
//$this->escapedTitle = preg_replace("/[^A-Za-z0-9\.]/", "_", $title);
$this->escapedTitle = rss_uri($title);
}
function sanitize($input, $rules = 0)
{
$ret = $input;
if ($rules & RSS_SANITIZER_SIMPLE_SQL) {
$ret = rss_real_escape_string($ret);
}
if ($rules & RSS_SANITIZER_NO_SPACES) {
$ret = preg_replace('#\\s#', '', $ret);
// also strip out SQL comments
$ret = preg_replace('#/\\*.*\\*/#', '', $ret);
}
if ($rules & RSS_SANITIZER_NUMERIC) {
$ret = preg_replace('#[^0-9\\.-]#', '', $ret);
}
if ($rules & RSS_SANITIZER_CHARACTERS) {
$ret = preg_replace('#[^a-zA-Z]#', '', $ret);
}
if ($rules & RSS_SANITIZER_CHARACTERS_EXT) {
$ret = preg_replace('#[^a-zA-Z_]#', '', $ret);
}
if ($rules & RSS_SANITIZER_WORDS) {
$ret = preg_replace('#[^a-zA-Z0-9\\-\\._]#', '', $ret);
}
if ($rules & RSS_SANITIZER_URL) {
// filter out "unsafe" characters: {,},|,\,^,<,>
$ret = preg_replace('#[{}\\|\\\\^<>]#', '', $ret);
}
return $ret;
}
function DebugFeed($fid)
{
$this->fid = (int) rss_real_escape_string($fid);
}
function setProperty($ref_obj, $prop, $type, $value)
{
$val = @serialize($value);
if (!$val) {
return false;
}
$val = rss_real_escape_string($val);
$res = rss_query('SELECT count(fk_ref_object_id) FROM ' . getTable('properties') . " WHERE fk_ref_object_id = '{$ref_obj}' AND proptype = '{$type}'" . " AND property = '{$prop}'");
list($cnt_rows) = rss_fetch_row($res);
if ($cnt_rows) {
rss_query('UPDATE ' . getTable('properties') . " SET value = '{$val}' WHERE fk_ref_object_id = '{$ref_obj}' AND proptype = '{$type}'" . " AND property = '{$prop}'");
} else {
rss_query('insert into ' . getTable('properties') . '(fk_ref_object_id, proptype, property, value) values (' . "'{$ref_obj}','{$type}','{$prop}','{$val}'" . ')');
}
$this->_populateProperties();
rss_invalidate_cache();
return true;
}
# published by the Free Software Foundation; either version 2 of the License,
# or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for
# more details.
#
# You should have received a copy of the GNU General Public License along
# with this program; if not, write to the Free Software Foundation, Inc.,
# 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA or visit
# http://www.gnu.org/licenses/gpl.html
#
###############################################################################
# E-mail: mbonetti at gmail dot com
# Web page: http://gregarius.net/
###############################################################################
require_once '../core.php';
// Cache expires after 24 hours
rss_bootstrap(true, '', 24);
if (!isset($_GET['url'])) {
exit;
}
$sql = "select data from " . getTable('cache') . " where cachetype='icon' and cachekey='" . rss_real_escape_string($_GET['url']) . "'";
list($blob) = rss_fetch_row(rss_query($sql));
if (!$blob) {
exit;
} else {
header('Content-Type: image/x-icon');
echo $blob;
}
function setDefaults($key)
{
rss_error('inserting some default config values...', RSS_ERROR_NOTICE);
$defaults = array("rss.output.encoding" => array("UTF-8", "UTF-8", "string", "Output encoding for the PHP XML parser.", "MAGPIE_OUTPUT_ENCODING"), "rss.output.itemsinchannelview" => array("10", "10", "num", "Number of read items shown on for a single channel.", NULL), "rss.output.showfavicons" => array("true", "true", "boolean", "Display the favicon for the channels that have one. Due to a IE bug, some icons do not render correctly. You can either change the URL to the icon in the admin screen, or turn the display of favicons off globally here.", NULL), "rss.output.usemodrewrite" => array("true", "true", "boolean", "Make use of apache's mod_rewrite module to return sexy urls. Turn this off if your host doesn't allow you to change this apache setting.", NULL), "rss.config.dateformat" => array("F jS, Y, g:ia T", "F jS, Y, g:ia T", "string", "Format to use when displaying dates. See here for help on the format: http://php.net/date Note that direct access to a given feed's month and day archives more or less depends on the fact that this date format contains the \"F\" (Month) and \"jS\" (day) elements in this form. So feel free to change the order of the elements, but better leave those two tokens in :)", NULL), "rss.meta.debug" => array("false", "false", "boolean", " When in debug mode some extra debug info is shown and the error reporting is a bit more verbose.", NULL), "rss.output.compression" => array("true", "true", "boolean", "This variable turns output compression on and off. Output compression is handled by most browsers.", NULL), "rss.output.channelcollapse" => array("true", "true", "boolean", "Allow collapsing of channels on the main page. ", NULL), "rss.output.channelcollapsedefault" => array("false", "false", "boolean", "Collapse the channels on the main page by default", NULL), "rss.output.usepermalinks" => array("true", "true", "boolean", "Display a permalink icon and allow linking a given item directly.", NULL), "rss.config.markreadonupdate" => array("false", "false", "boolean", "Mark all old unread feeds as read when updating if new unread feeds are found.", NULL), "rss.output.lang" => array("en_US,zh_CN,de,da,es,fr,he,it,ja,pt_BR,pt,ru,sv,0", "en_US,zh_CN,de,da,es,fr,he,it,ja,pt_BR,pt,ru,sv,0", "enum", "Language pack to use.", NULL), "rss.output.lang.force" => array("false", "false", 'boolean', "When false, Gregarius will negotiate the display language with the browser and will fall back to the language defined in rss.output.lang if the negotiation fails. When true, Gregarius won't negotiate and will always use the language defined in rss.output.lang.", NULL), "rss.config.absoluteordering" => array("true", "true", "boolean", "Allow feeds and folders to be ordered by their order in the admin section. If this option is set to false, channels and folders will be organized alphabetically by their titles.", NULL), "rss.config.robotsmeta" => array("noindex,follow", "noindex,follow", "string", "How should spiders crawl us? (see http://www.robotstxt.org/wc/meta-user.html for more info).", NULL), "rss.config.serverpush" => array("true", "true", "boolean", "Use the server push method when updating your feeds in the browser. The browsers that support this (Mozilla and Opera) will be autodetected. Turn this option off if you do not use one of these browsers or if you would like to use the Ajax update method", NULL), "rss.config.refreshafter" => array("45", "45", "num", "If this option is set the feeds will be updated after keeping the browser open for x minutes. Please respect the feed providers by not setting this value to anything lower than thirty minutes. Set this variable to 0 turn this option off.", NULL), "rss.input.allowed" => array('a:21:{s:1:"a";a:2:{s:4:"href";i:1;s:5:"title";i:1;}s:1:"b";a:0:{}s:10:"blockquote";a:0:{}s:2:"br";a:0:{}s:4:"code";a:0:{}s:3:"del";a:0:{}s:2:"em";a:0:{}s:1:"i";a:0:{}s:3:"img";a:2:{s:3:"src";i:1;s:3:"alt";i:1;}s:3:"ins";a:0:{}s:2:"li";a:0:{}s:2:"ol";a:0:{}s:1:"p";a:0:{}s:3:"pre";a:0:{}s:3:"sup";a:0:{}s:5:"table";a:0:{}s:2:"td";a:0:{}s:2:"th";a:0:{}s:2:"tr";a:0:{}s:2:"tt";a:0:{}s:2:"ul";a:0:{}}', 'a:21:{s:1:"a";a:2:{s:4:"href";i:1;s:5:"title";i:1;}s:1:"b";a:0:{}s:10:"blockquote";a:0:{}s:2:"br";a:0:{}s:4:"code";a:0:{}s:3:"del";a:0:{}s:2:"em";a:0:{}s:1:"i";a:0:{}s:3:"img";a:2:{s:3:"src";i:1;s:3:"alt";i:1;}s:3:"ins";a:0:{}s:2:"li";a:0:{}s:2:"ol";a:0:{}s:1:"p";a:0:{}s:3:"pre";a:0:{}s:3:"sup";a:0:{}s:5:"table";a:0:{}s:2:"td";a:0:{}s:2:"th";a:0:{}s:2:"tr";a:0:{}s:2:"tt";a:0:{}s:2:"ul";a:0:{}}', "array", "This variable controls input filtering. HTML tags and their attributes, which are not in this list, get filtered out when new RSS items are imported.", NULL), "rss.output.showfeedmeta" => array('false', 'false', 'boolean', 'Display meta-information (like a web- and rss/rdf/xml url) about each feed in the feed side-column.', NULL), "rss.output.frontpage.numitems" => array("100", "100", "num", "Maximum number of items displayed on the main page. Set this variable to 0 to show no items on the main page.", NULL), "rss.output.frontpage.mixeditems" => array('true', 'true', 'boolean', 'Show read items along with unread items on the front page?', NULL), "rss.output.frontpage.numreaditems" => array(-1, -1, 'num', 'If there are no unread items then how many items to show on the frontpage. Set this to -1 if you want it to be the same as rss.output.numitemsonmainpage', NULL), "rss.output.theme" => array('default', 'default', 'string', 'The theme to use. Download more themes from the <a href="http://themes.gregarius.net/">Gregarius Themes Repository</a>.', NULL), "rss.output.cachecontrol" => array('false', 'false', 'boolean', 'If true, Gregarius will negotiate with the browser and check whether it should get a fresh document or not.', NULL), "rss.config.plugins" => array('a:2:{i:0;s:13:"urlfilter.php";i:1;s:18:"roundedcorners.php";}', 'a:2:{i:0;s:13:"urlfilter.php";i:1;s:18:"roundedcorners.php";}', 'array', 'Plugins are third-party scripts that offer extended functionalities. More plugins can be found at the <a href="http://plugins.gregarius.net/">Plugin Repository</a>.', NULL), "rss.input.allowupdates" => array('true', 'true', 'boolean', 'Allow Gregarius to see if new items are updates of existing items.', NULL), "rss.output.titleunreadcnt" => array('false', 'false', 'boolean', 'Display unread count in the document title.', NULL), "rss.config.tzoffset" => array('0', '0', 'num', 'Timezone offset, in hours, between your local time and server time. Valid range: "-12" through "12"', NULL), "rss.config.feedgrouping" => array('false', 'false', 'boolean', "When true, Gregarius groups unread items per feed and sorts the feeds according to the <code>rss.config.absoluteordering</code> configuration switch. When false, unread items are not grouped by feed, but are sorted by date instead.", NULL), "rss.config.datedesc.unread" => array('true', 'true', 'boolean', "When true, Gregarius displays newer <strong>unread</strong> items first. If false, Gregarius will display older unread items first.", NULL), "rss.config.datedesc.read" => array('true', 'true', 'boolean', "When true, Gregarius displays newer <strong>read</strong> items first. If false, Gregarius will display older read items first.", NULL), "rss.config.autologout" => array('false', 'false', 'boolean', 'When true, Gregarius will automatically remove the "admin cookie" when the browser window is closed, effectively logging you out.', NULL), "rss.config.publictagging" => array('false', 'false', 'boolean', 'When true, every visitor to your Gregarius site will be allowed to tag items, when false only the Administrator (you) is allowed to tag.', NULL), "rss.config.rating" => array('true', 'true', 'boolean', 'Enable the item rating system.', NULL), "rss.output.barefrontpage" => array('false', 'false', 'boolean', 'Suppress the output of any read item on the front page.', NULL), "rss.output.title" => array('Gregarius', 'Gregarius', 'string', 'Sets the title of this feedreader.', NULL), "rss.config.ajaxparallelsize" => array('3', '3', 'num', 'Sets the number of feeds to update in parallel. Remember to set rss.config.serverpush to false.', NULL), "rss.config.ajaxbatchsize" => array('3', '3', 'num', 'Sets the number of feeds in a batch when using the ajax updater. Remember to set rss.config.serverpush to false.', NULL), "rss.config.defaultdashboard" => array('true', 'true', 'boolean', 'If the first page seen when entering the admin section should be the dashboard', NULL), "rss.config.deadthreshhold" => array('24', '24', 'num', 'Sets the threshold for when a feed is marked as dead, in hours', NULL), "rss.search.maxitems" => array(500, 500, 'num', 'Sets the maximum number of items returned on a search', NULL), "rss.config.restrictrefresh" => array("false", "false", "boolean", "Restrict refresh to command line only (eg php -f update.php). Useful for busy sites with multiple users.", NULL), "rss.output.minimalchannellist" => array('false', 'false', 'boolean', 'Exclude folders and channels without unread items in channel list?', NULL));
// just send in all config entry again, ignore duplicate row errors
$atLeastOneIn = false;
foreach ($defaults as $k => $vs) {
list($v, $d, $t, $ds, $e) = $vs;
$ds = rss_real_escape_string($ds);
$e = rss_real_escape_string($e);
rss_query_wrapper('insert into ' . getTable('config') . "(key_,value_,default_,type_,desc_,export_) VALUES (" . "'{$k}','{$v}','{$d}','{$t}','{$ds}'," . ($e ? "'{$e}'" : "null") . ")", false, true);
if (rss_is_sql_error(RSS_SQL_ERROR_NO_ERROR)) {
$atLeastOneIn = true;
}
}
return $atLeastOneIn;
}
function tags()
{
// Fix for #16: Admin (et al.) should not rely on l10n labels for actions:
// Look for a meta-action first, which should be the (untranslated) *name* of
// the (translated) action constant.
// Fixme: should replace 'action's with a constant
if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) {
$__action__ = $_REQUEST[CST_ADMIN_METAACTION];
} elseif (array_key_exists('action', $_REQUEST)) {
$__action__ = $_REQUEST['action'];
} else {
$__action__ = "";
}
if (isset($_REQUEST['id'])) {
$tid = sanitize($_REQUEST['id'], RSS_SANITIZER_NUMERIC);
}
$ret__ = CST_ADMIN_DOMAIN_TAGS;
switch ($__action__) {
case CST_ADMIN_EDIT_ACTION:
tag_edit($tid);
$ret__ = CST_ADMIN_DOMAIN_NONE;
break;
case CST_ADMIN_DELETE_ACTION:
if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
$sql = "delete from " . getTable("tag") . " where id={$tid}";
rss_query($sql);
$sql = "delete from " . getTable("metatag") . " where tid={$tid}";
rss_query($sql);
rss_invalidate_cache();
} elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) {
// nop;
} elseif (array_key_exists('me_delete', $_REQUEST)) {
if (array_key_exists('me_do_delete', $_REQUEST) && "1" == $_REQUEST['me_do_delete']) {
$ids = array();
foreach ($_REQUEST as $key => $val) {
if (preg_match('/^tcb([0-9]+)$/', $key, $match)) {
if (($id = (int) $_REQUEST[$key]) > 0) {
$ids[] = $id;
}
}
}
if (count($ids) > 0) {
$sql = "delete from " . getTable("tag") . " where id in (" . implode(',', $ids) . ")";
rss_query($sql);
$sql = "delete from " . getTable("metatag") . " where tid in (" . implode(',', $ids) . ")";
rss_query($sql);
rss_invalidate_cache();
}
}
} else {
list($tname) = rss_fetch_row(rss_query("select tag from " . getTable("tag") . " where id = {$tid}"));
echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">";
printf(__("Are you sure you wish to delete '%s'?"), $tname);
echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\"/>\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\"/>\n" . "<input type=\"hidden\" name=\"id\" value=\"{$tid}\"/>\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_TAGS . "\"/>\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\"/>\n" . "</p>\n</form>\n";
$ret__ = CST_ADMIN_DOMAIN_NONE;
}
break;
case CST_ADMIN_SUBMIT_EDIT:
// TBD
$new_label = preg_replace(ALLOWED_TAGS_REGEXP, '', $_REQUEST['t_name']);
// also replace whitespaces
$new_label = str_replace(' ', '', $new_label);
if (is_numeric($tid) && strlen($new_label) > 0) {
$res = rss_query("select count(*) as cnt from " . getTable("tag") . " where binary tag='" . rss_real_escape_string($new_label) . "'");
list($cnt) = rss_fetch_row($res);
if ($cnt > 0) {
rss_error(sprintf(__("You can't rename this item '%s' because such an item already exists."), $new_label), RSS_ERROR_ERROR, true);
break;
}
rss_query("update " . getTable("tag") . " set tag='" . rss_real_escape_string($new_label) . "' where id={$tid}");
rss_invalidate_cache();
}
break;
default:
break;
}
echo "<script type=\"text/javascript\">\n" . "//<!--\n" . "function cbtoggle() {\n" . "var c=document.getElementById('mastercb').checked;\n" . "var cs=document.getElementById('tagtable').getElementsByTagName('input');\n" . "for(i=0;i<cs.length;i++) {\n" . "if (cs[i].type == 'checkbox') cs[i].checked = c;\n" . "}\n" . "}\n" . "</script>\n";
echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<h2 class=\"trigger\">" . __('Tags') . "</h2>\n" . "<div id=\"admin_tags\" class=\"trigger\">" . "<table id=\"tagtable\">\n" . "<tr>\n" . "\t<th><input type=\"checkbox\" id=\"mastercb\" onclick=\"cbtoggle();\" /></th>\n" . "\t<th class=\"cntr\">" . __('Tags') . "</th>\n" . "\t<th>" . __('Action') . "</th>\n" . "</tr>\n";
$sql = sprintf("select id, tag from %s t left join %s m on (t.id = m.tid) where m.ttype = 'item'", getTable("tag"), getTable("metatag"));
$res = rss_query($sql);
$cntr = 0;
while (list($id, $tag) = rss_fetch_row($res)) {
$class_ = $cntr++ % 2 == 0 ? "even" : "odd";
echo "<tr class=\"{$class_}\">\n" . "\t<td><input type=\"checkbox\" name=\"tcb{$id}\" value=\"{$id}\" id=\"scb_{$id}\" /></td>\n" . "\t<td><label for=\"scb_{$id}\">" . htmlspecialchars($tag) . "</label></td>\n" . "\t<td><a href=\"" . $_SERVER['PHP_SELF'] . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_TAGS . "&action=" . CST_ADMIN_EDIT_ACTION . "&id={$id}\">" . __('edit') . "</a>\n" . "|<a href=\"" . $_SERVER['PHP_SELF'] . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_TAGS . "&action=" . CST_ADMIN_DELETE_ACTION . "&id={$id}\">" . __('delete') . "</a>\n" . "|<a href=\"" . getPath('tag/' . htmlspecialchars($tag)) . "\">" . __('view') . "</a>\n" . "</td>\n" . "</tr>\n";
}
echo "</table>\n";
echo "<fieldset>\n" . "<legend>" . __('Selected') . "...</legend>\n" . "<p>\n" . "<input type=\"submit\" id=\"me_delete\" name=\"me_delete\" value=\"" . __('Delete') . "\" />\n" . "<input type=\"checkbox\" name=\"me_do_delete\" id=\"me_do_delete\" value=\"1\" />\n" . "<label for=\"me_do_delete\">" . __("I'm sure!") . "</label>\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_TAGS . "\" />\n" . "</fieldset>\n" . "</form>\n" . "</div>\n";
}
/**
* Creates a folder with the given name. Does some sanity check,
* creates the folder, then returns the
*/
function create_folder($label, $complainonerror = true)
{
$res = rss_query("select count(*) from " . getTable("folders") . " where name='" . rss_real_escape_string($label) . "'");
list($exists) = rss_fetch_row($res);
if ($exists > 0 && $complainonerror) {
rss_error(sprintf(__("Looks like you already have a folder called '%s'!"), $label), RSS_ERROR_ERROR, true);
return;
} elseif ($exists == 0) {
$res = rss_query("select 1+max(position) as np from " . getTable("folders"));
list($np) = rss_fetch_row($res);
if (!$np) {
$np = "0";
}
rss_query("insert into " . getTable("folders") . " (name,position) values ('" . rss_real_escape_string($label) . "', {$np})");
rss_invalidate_cache();
}
list($fid) = rss_fetch_row(rss_query("select id from " . getTable("folders") . " where name='" . rss_real_escape_string($label) . "'"));
return $fid;
}
