/** * Checks the db schema for the for all required tables, adds those which are missing. * Returns the number of added tables; */ function checkSchema() { $missing_tables = array(); $actual_tables = array(); $expected_tables = getExpectedTables(); $rs = rss_query("show tables", true, true); while (list($tbl) = rss_fetch_row($rs)) { $actual_tables[] = $tbl; } foreach ($expected_tables as $base => $tbl) { $exists = array_search($tbl, $actual_tables); if ($exists === FALSE || $exists === NULL) { $missing_tables[] = $base; } } $updated = 0; if (count($missing_tables) > 0) { $msg = (count($actual_tables) ? "Updating" : "Creating") . ' your database schema! This should be a one-time operation,' . ' if you see this message over and over again please import your database schema' . ' manually.'; rss_error($msg, RSS_ERROR_WARNING); foreach ($missing_tables as $table) { $updated += call_user_func("_init_{$table}"); } if ($updated == count($missing_tables)) { rss_error(__("Successfully created {$updated} of {$updated} database tables!"), RSS_ERROR_NOTICE); } else { rss_error(count($missing_tables) - $updated . " out of " . count($missing_tables) . " tables could not be created!", RSS_ERROR_ERROR); } } if ($updated) { rss_invalidate_cache(); } return $updated; }
function __exp__getSideContent($what) { ob_start(); switch ($what) { case 'FeedList': $f = new FeedList(false); $f->render(); break; case 'CatList': //rss_require('cls/taglist.php'); //$v = new TagList('channel'); rss_require('cls/categories.php'); $v = new CatList(); $v->render(); break; case 'TagList': rss_require('cls/taglist.php'); $t = new TagList('item'); $t->render(); break; } $c = ob_get_contents(); ob_end_clean(); rss_invalidate_cache(); return $what . "#@#" . $c; }
/** * Detect user's preferred language. * Losely based on http://grep.be/data/accept-to-gettext.inc */ function __detectUserLang() { if (getConfig('rss.output.lang.force') === true) { return getConfig('rss.output.lang'); // Language defined in the request (?lang=) } // Language overridden? if (defined('RSS_LANGUAGE_OVERRIDE')) { return constant('RSS_LANGUAGE_OVERRIDE'); } elseif (isset($_REQUEST['lang']) && preg_match('#^[a-z]{2}_?([A-Z]{2})?$#', $_REQUEST['lang']) && ($_REQUEST['lang'] == 'en' || file_exists(GREGARIUS_HOME . 'intl/' . $_REQUEST['lang']))) { $this->__setLocaleCookie($_REQUEST['lang']); rss_invalidate_cache(); return $_REQUEST['lang']; // Cookie } elseif (isset($_COOKIE[RSS_LOCALE_COOKIE])) { return trim($_COOKIE[RSS_LOCALE_COOKIE]); // HTTP_ACCEPT_LANGUAGE HTTP Argument } elseif (isset($_SERVER['HTTP_ACCEPT_LANGUAGE'])) { $alparts = @preg_split("/,/", $_SERVER['HTTP_ACCEPT_LANGUAGE']); foreach ($alparts as $part) { $part = trim($part); if (preg_match("/;/", $part)) { $lang = @preg_split("/;/", $part); $ll = $lang[0]; } else { $ll = $part; } if (preg_match('#^([a-z]{2})[\\-_]?([a-z]{2})?$#i', $ll, $pm)) { $ret = null; if (isset($pm[2]) && file_exists(GREGARIUS_HOME . 'intl/' . $pm[1] . "_" . strtoupper($pm[2]))) { // xx-yy -> xx_YY $ret = $pm[1] . "_" . strtoupper($pm[2]); } elseif (file_exists(GREGARIUS_HOME . 'intl/' . $pm[1])) { // xx -> xx $ret = $pm[1]; } elseif ($pm[1] == 'en') { // ugly: a better way would be to look up all the available locales // and match against that list $ret = 'en_US'; } if ($ret) { // remember the detected locale for a couple hours $this->__setLocaleCookie($ret); return $ret; } } } } // If everything fails, return the user selected language return getConfig('rss.output.lang'); }
function set_admin_pass($uname = null, $pass = null) { $sql = "select count(*) from " . getTable('users') . " where password != '' and ulevel >=99"; list($adminexists) = rss_fetch_row(rss_query($sql)); if ($adminexists) { die('Oops. Admin already exists!'); } if ($uname && $pass) { rss_query("update " . getTable('users') . " set uname='{$uname}', " . "password='******' where ulevel=99"); rss_invalidate_cache(); rss_redirect('admin/'); exit; } admin_header(); ?> <script type="text/javascript"> <!-- function on_submit_password_match() { pass=document.getElementById('password').value; pass2=document.getElementById('password2').value; if(pass !== pass2){ msg = '<?php echo __('Passwords do not match!'); ?> '; document.getElementById('admin_match_result').innerHTML = msg; document.getElementById('password').value = ''; document.getElementById('password2').value = ''; return false; }else{ document.getElementById('password2').value = ''; return loginHandler(); } } --> </script> <?php echo "\n<div id=\"channel_admin\" class=\"frame\">"; echo "<h2></h2>\n" . __('<p>No Administrator has been specified yet!</p><p>Please provide an Administrator username and password now!</p>'); echo "<form action=\"" . $_SERVER['PHP_SELF'] . "\" onsubmit=\"return on_submit_password_match();\" method=\"post\">\n" . "<fieldset style=\"width:400px;\">" . "<p><label style=\"display:block\" for=\"username\">" . __('Username') . ":</label>\n" . "<input type=\"text\" id=\"username\" name=\"username\" /></p>\n" . "<p><label style=\"display:block\" for=\"password\">" . __('Password') . ":</label>\n" . "<input type=\"password\" id=\"password\" name=\"password\" /></p>\n" . "<p><label style=\"display:block\" for=\"password2\">" . __('Password (again)') . ":</label>\n" . "<input type=\"password\" id=\"password2\" name=\"password2\" /></p>\n" . "<p><input type=\"submit\" value=\"" . __('OK') . "\" /></p>\n" . "<div style=\"display:inline;\" id=\"admin_match_result\"></div>\n" . "</fieldset>\n" . "</form>\n"; echo "</div>\n"; admin_footer(); exit; }
/** * Logs the user out. * - deletes the cookie * - removes the user's IP subnet from the list of valid subnets this * user is allowed to log in with a cookie. */ function logout() { if (array_key_exists(RSS_USER_COOKIE, $_COOKIE) || isset($_SESSION['mobile'])) { $subnet = preg_replace('#^([0-9]+\\.[0-9]+\\.[0-9]+)\\.[0-9]+$#', '\\1', $_SERVER['REMOTE_ADDR']); if (($idx = array_search($subnet, $this->_validIPs)) !== FALSE) { $cnt = count($this->_validIPs); unset($this->_validIPs[$idx]); $uname = trim($this->_uname); if ($uname && $cnt > count($this->_validIPs)) { $sql = "update " . getTable('users') . " set userips = '" . implode(' ', $this->_validIPs) . "'" . " where uname = '{$uname}' "; rss_query($sql); } } // get rid of the cookie unset($_COOKIE[RSS_USER_COOKIE]); setcookie(RSS_USER_COOKIE, "", -1, getPath()); if (isset($_SESSION['mobile'])) { unset($_SESSION['mobile']); } rss_invalidate_cache(); } }
function blGetItems($cid, $date, $markread) { if (hidePrivate()) { header('HTTP/1.x 401 Not Authorized'); exit; } if (!$cid) { header('HTTP/1.x 403 Forbidden'); exit; } $sql = "select i.title as ititle, i.description as idescr, c.title as ctitle, " . " c.descr as cdescr, c.url as curl, i.author as iauth, i.url as iurl, " . " unix_timestamp(ifnull(i.pubdate, i.added)) as idate ,i.id as iid" . " from " . getTable('item') . " i " . " inner join " . getTable('channels') . " c " . " on c.id = i.cid " . " where i.unread & " . RSS_MODE_UNREAD_STATE . " and c.id={$cid}"; if ($date) { $sql .= " and ifnull(i.pubdate, i.added) > {$date} "; } $rs = rss_query($sql); if (rss_num_rows($rs) == 0) { header('HTTP/1.x 304 Not Modified'); exit; } $ids = array(); header('Content-Type: text/xml; charset=utf-8'); $hdr = false; while ($row = rss_fetch_assoc($rs)) { if (!$hdr) { $hdr = true; echo "<" . "?xml version=\"1.0\"?" . ">\n" . "<rss version=\"2.0\"\n" . "xmlns:dc=\"http://purl.org/dc/elements/1.1/\"\n" . "xmlns:bloglines=\"http://www.bloglines.com/services/module\"\n" . "xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\">\n" . "<channel>\n" . "\t<title>" . htmlspecialchars($row['ctitle']) . "</title>\n" . "\t<link>" . htmlspecialchars($row['curl']) . "</link>\n" . "\t<description>" . htmlspecialchars($row['cdescr']) . "</description>\n" . "\t<language>en-us</language>\n" . "\t<webMaster>support@bloglines.com</webMaster>\n"; } $ids[] = $row['iid']; echo "\t<item>\n" . "\t\t<title>" . htmlspecialchars($row['ititle']) . "</title>\n" . "\t\t<dc:creator>" . htmlspecialchars($row['iauth']) . "</dc:creator>\n" . "\t\t<guid isPermaLink=\"true\">" . htmlspecialchars($row['iurl']) . "</guid>\n" . "\t\t<link>" . htmlspecialchars($row['iurl']) . "</link>\n" . "\t\t<description><![CDATA[" . $row['idescr'] . "]]></description>\n" . "\t\t<pubDate>" . date('D, j M Y H:i:s \\G\\M\\T', $row['idate']) . "</pubDate>\n" . "\t\t<bloglines:itemid>" . $row['iid'] . "</bloglines:itemid>\n" . "\t</item>\n"; } echo "</channel>\n</rss>\n"; if ($markread) { $sql = "update " . getTable('item') . " set unread = unread & " . SET_MODE_READ_STATE . " where id in (" . implode(',', $ids) . ")"; rss_query($sql); rss_invalidate_cache(); } }
function rss_plugins_set_item_state($itemId, $bit_mask, $set, $sqlwhere = "", $entire_db = false) { $retvalue = false; if ($itemId || $entire_db) { // Check to see if itemId is set or if we are allowed to fsck up the entire db // the bitmask has a one in the spot (field(s)) we want to change. if ($set) { // Set the value to the field to 1 $sql = "update " . getTable("item") . " set unread = unread | " . $bit_mask; } else { // set the value of the field to 0 $sql = "update " . getTable("item") . " set unread = unread & " . ~$bit_mask; } if ($itemId) { if (is_array($itemId)) { $sql .= " where id in (" . implode(',', $itemId) . ")"; } else { // assume it is a number or a string $sql .= " where id=" . $itemId; } } else { $sql .= " where 1"; } if ($sqlwhere) { $sql .= " and " . $sqlwhere; } $retvalue = rss_query($sql); rss_invalidate_cache(); } else { $retvalue = false; } return $retvalue; }
function theme_options() { if (!array_key_exists('theme', $_REQUEST) || array_key_exists('admin_theme_options_cancel_changes', $_REQUEST)) { themes(); return; } $theme = $_REQUEST['theme']; $theme_output = ""; if (preg_match('/([a-zA-Z0-9_\\/\\-]+)/', $theme, $matches)) { $theme = $matches[1]; // sanitize input $theme_info = getThemeInfo($theme); extract($theme_info); if (file_exists("../" . RSS_THEME_DIR . "/{$fsname}/config.php")) { ob_start(); rss_theme_options_rendered_buttons(false); rss_require(RSS_THEME_DIR . "/{$fsname}/config.php"); $theme_output = ob_get_contents(); ob_end_clean(); rss_invalidate_cache(); } if ($theme_output) { // Let us set up a form echo "<h2\n class=\"trigger\">" . __('Theme Options') . " " . TITLE_SEP . " " . $name . "</h2>\n" . "<div id=\"admin_theme_options\">\n"; echo "<form method=\"post\" "; if (rss_theme_options_form_class() !== null) { echo "class='" . rss_theme_options_form_class() . "' "; } echo "action=\"" . $_SERVER['PHP_SELF'] . "\">\n"; echo "<p><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_THEME_OPTIONS . "\" /></p>\n"; echo $theme_output; echo "<p><input type=\"hidden\" name=\"theme\" value=\"" . $theme . "\"/>\n"; echo "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CHANGES\"/>\n"; if (isset($_REQUEST['mediaparam'])) { $mediaparam = sanitize($_REQUEST['mediaparam'], RSS_SANITIZER_CHARACTERS); echo "<input type=\"hidden\" name=\"mediaparam\" value=\"{$mediaparam}\">\n"; } if (!rss_theme_options_rendered_buttons()) { echo "<input type=\"submit\" name=\"admin_theme_options_submit_changes\" value=\"" . __('Submit Changes') . "\" />\n"; echo "<input type=\"submit\" name=\"admin_theme_options_cancel_changes\"\n value=\"" . __('Cancel') . "\" />\n"; } echo "</p></form>\n"; echo "</div>"; } else { themes(); } } }
function plugin_options() { if (!array_key_exists('plugin_name', $_REQUEST) || array_key_exists('admin_plugin_options_cancel_changes', $_REQUEST)) { plugins(); return; } // TBD $plugin_filename = $_REQUEST['plugin_name']; $plugin_filename = str_replace("%2F", "/", $plugin_filename); $plugin_output = ""; if (preg_match('/([a-zA-Z0-9_\\/\\-]+).php/', $plugin_filename, $matches)) { $plugin_filename = $matches[1] . ".php"; // sanitize input $plugin_info = getPluginInfo($plugin_filename); if ($plugin_info && array_key_exists('configuration', $plugin_info)) { $plugin_config_func = $plugin_info['configuration']; ob_start(); rss_load_plugin($plugin_filename); if (function_exists($plugin_config_func)) { call_user_func($plugin_config_func); // Are you happy now? $plugin_output = ob_get_contents(); } ob_end_clean(); rss_invalidate_cache(); } if ($plugin_output) { // Let us set up a form echo "<h2\n class=\"trigger\">" . __('Plugin Options') . " " . TITLE_SEP . " " . $plugin_info['name'] . "</h2>\n" . "<div id=\"admin_plugin_options\">\n"; echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n"; echo "<p><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_PLUGIN_OPTIONS . "\" /></p>\n"; echo $plugin_output; echo "<p><input type=\"hidden\" name=\"plugin_name\" value=\"" . $plugin_filename . "\"/>\n"; echo "<p><input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CHANGES\"/>\n"; echo "<input type=\"submit\" name=\"admin_plugin_options_submit_changes\" value=\"" . __('Submit Changes') . "\" />\n"; echo "<input type=\"submit\" name=\"admin_plugin_options_cancel_changes\"\n value=\"" . __('Cancel') . "\" /></p></form>\n"; echo "</div>"; } else { plugins(); } } }
/** * Performs all the feed-related admin actions */ function channel_admin() { // Fix for #16: Admin (et al.) should not rely on l10n labels for actions: // Look for a meta-action first, which should be the (untranslated) *name* of // the (translated) action constant. // Fixme: should replace 'action's with a constant if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) { $__action__ = $_REQUEST[CST_ADMIN_METAACTION]; } elseif (array_key_exists('action', $_REQUEST)) { $__action__ = $_REQUEST['action']; } else { $__action__ = ""; } $ret__ = CST_ADMIN_DOMAIN_NONE; switch ($__action__) { case __('Add'): case 'ACT_ADMIN_ADD': case 'Add': $label = trim(sanitize($_REQUEST['new_channel'], RSS_SANITIZER_URL)); $fid = trim(sanitize($_REQUEST['add_channel_to_folder'], RSS_SANITIZER_NUMERIC)); list($flabel) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id={$fid}")); // handle "feed:" urls if (substr($label, 0, 5) == 'feed:') { if (substr($label, 0, 11) == "feed://http") { $label = substr($label, 5); } else { // handle feed://example.com/rss.xml urls $label = "http:" . substr($label, 5); } } if ($label != 'http://' && substr($label, 0, 4) == "http") { $tags = @$_REQUEST['channel_tags']; $ret = add_channel($label, $fid, null, null, $tags); //var_dump($ret); if (is_array($ret) && $ret[0] > -1) { update($ret[0]); rss_invalidate_cache(); // feedback $newCid = $ret[0]; rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . " [<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&action=edit&cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } elseif (is_array($ret) && $ret[0] > -2) { // okay, something went wrong, maybe thats a html url after all? // let's try and see if we can extract some feeds $feeds = extractFeeds($label); if (!is_array($feeds) || sizeof($feeds) == 0) { rss_error($ret[1], RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } else { //one single feed in the html doc, add that if (is_array($feeds) && sizeof($feeds) == 1 && array_key_exists('href', $feeds[0])) { $ret = add_channel($feeds[0]['href'], $fid); if (is_array($ret) && $ret[0] > -1) { update($ret[0]); rss_invalidate_cache(); // feedback $newCid = $ret[0]; rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . " [<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&action=edit&cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } else { // failure rss_error($ret[1], RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } } else { // multiple feeds in the channel echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p>" . sprintf(__('The following feeds were found in <a href="%s">%s</a>, which one would you like to subscribe?'), $label, $label) . "</p>\n"; $cnt = 0; while (list($id, $feedarr) = each($feeds)) { // we need an URL if (!array_key_exists('href', $feedarr)) { continue; } else { $href = $feedarr['href']; } if (array_key_exists('type', $feedarr)) { $typeLbl = " [<a href=\"{$href}\">" . $feedarr['type'] . "</a>]"; } $cnt++; if (array_key_exists('title', $feedarr)) { $lbl = $feedarr['title']; } elseif (array_key_exists('type', $feedarr)) { $lbl = $feedarr['type']; $typeLbl = ""; } elseif (array_key_exists('href', $feedarr)) { $lbl = $feedarr['href']; } else { $lbl = "Resource {$cnt}"; } echo "<p>\n\t<input class=\"indent\" type=\"radio\" id=\"fd_{$cnt}\" name=\"new_channel\" " . " value=\"{$href}\" />\n" . "\t<label for=\"fd_{$cnt}\">{$lbl} {$typeLbl}</label>\n" . "</p>\n"; } echo "<p><input type=\"hidden\" name=\"add_channel_to_folder\" value=\"{$fid}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_ADD\" />\n" . "<input type=\"submit\" class=\"indent\" name=\"action\" value=\"" . __('Add') . "\" />\n" . "</p>\n</form>\n\n"; } } } elseif (is_array($ret)) { rss_error($ret[1], RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } else { rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } } else { rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } break; case CST_ADMIN_EDIT_ACTION: $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC); channel_edit_form($id); break; case CST_ADMIN_DELETE_ACTION: $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC); if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) { $rs = rss_query("select distinct id from " . getTable("item") . " where cid={$id}"); $ids = array(); while (list($did) = rss_fetch_row($rs)) { $ids[] = $did; } if (count($ids)) { $sqldel = "delete from " . getTable('metatag') . " where fid in (" . implode(",", $ids) . ")"; rss_query($sqldel); } $sql = "delete from " . getTable("item") . " where cid={$id}"; rss_query($sql); $sql = "delete from " . getTable("channels") . " where id={$id}"; rss_query($sql); // Delete properties deleteProperty($id, 'rss.input.allowupdates'); deleteProperty($id, 'rss.config.refreshinterval'); deleteProperty($id, 'rss.config.refreshdate'); // Invalidate cache rss_invalidate_cache(); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) { $ret__ = CST_ADMIN_DOMAIN_CHANNEL; } else { list($cname) = rss_fetch_row(rss_query("select title from " . getTable("channels") . " where id = {$id}")); echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">"; printf(__("Are you sure you wish to delete '%s'?"), $cname); echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\" />\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\" />\n" . "<input type=\"hidden\" name=\"cid\" value=\"{$id}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\" />\n" . "</p>\n</form>\n"; } break; case __('Import'): case 'ACT_ADMIN_IMPORT': if (array_key_exists('opml', $_POST) && strlen(trim($_POST['opml'])) > 7) { $url = trim(sanitize($_POST['opml'], RSS_SANITIZER_NO_SPACES)); } elseif (array_key_exists('opmlfile', $_FILES) && $_FILES['opmlfile']['tmp_name']) { if (is_uploaded_file($_FILES['opmlfile']['tmp_name'])) { $url = $_FILES['opmlfile']['tmp_name']; } else { $url = ''; } } else { $url = ''; } if (!$url) { $ret__ = CST_ADMIN_DOMAIN_OPML; break; } if (array_key_exists('opml_import_option', $_POST)) { $import_opt = $_POST['opml_import_option']; } else { $import_opt = CST_ADMIN_OPML_IMPORT_MERGE; } if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) { $opmlfid = sanitize($_POST['opml_import_to_folder'], RSS_SANITIZER_NUMERIC); } else { $opmlfid = getRootFolder(); } @set_time_limit(0); @ini_set('max_execution_time', 300); // Parse into and OPML object $opml = getOpml($url); if (sizeof($opml) > 0) { if ($import_opt == CST_ADMIN_OPML_IMPORT_WIPE) { rss_query("delete from " . getTable("metatag")); rss_query("delete from " . getTable("channels")); rss_query("delete from " . getTable("item")); rss_query("delete from " . getTable("folders") . " where id > 0"); } if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) { $fid = $opmlfid; list($prev_folder) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id= {$opmlfid} ")); } else { $prev_folder = __('Root'); $fid = 0; } echo "<div class=\"frame\" style=\"background-color:#eee;font-size:small\"><ul>\n"; while (list($folder, $items) = each($opml)) { if ($folder != $prev_folder && $import_opt != CST_ADMIN_OPML_IMPORT_FOLDER) { $fid = create_folder(strip_tags($folder), false); $prev_folder = strip_tags($folder); } for ($i = 0; $i < sizeof($opml[$folder]); $i++) { $url_ = isset($opml[$folder][$i]['XMLURL']) ? trim($opml[$folder][$i]['XMLURL']) : null; $title_ = isset($opml[$folder][$i]['TEXT']) ? trim($opml[$folder][$i]['TEXT']) : null; // support for title attribute (optional) $title_ = isset($opml[$folder][$i]['TITLE']) ? trim($opml[$folder][$i]['TITLE']) : $title_; $descr_ = isset($opml[$folder][$i]['DESCRIPTION']) ? trim($opml[$folder][$i]['DESCRIPTION']) : null; $cats_ = isset($opml[$folder][$i]['CATEGORY']) ? trim($opml[$folder][$i]['CATEGORY']) : ""; $t__ = strip_tags($title_); $d__ = strip_tags($descr_); $f__ = strip_tags($prev_folder); $u__ = sanitize($url_, RSS_SANITIZER_URL); $c__ = $cats_; //preg_replace(ALLOWED_TAGS_REGEXP,' ',$cats_); if ($u__) { echo "<li><p>" . sprintf(__('Adding %s to %s... '), $t__, $f__); flush(); list($retcde, $retmsg) = add_channel($u__, $fid, $t__, $d__); if ($retcde && count($c__)) { __exp__submitTag($retcde, utf8_encode($c__), "'channel'"); } echo ($retcde < 0 ? $retmsg : " OK") . "</p></li>\n"; flush(); } } } echo "</ul>\n<p><b>" . __('Updating') . "...</b></p>\n"; echo "</div>\n"; flush(); //update all the feeds update(""); rss_invalidate_cache(); } $ret__ = CST_ADMIN_DOMAIN_CHANNEL; break; case CST_ADMIN_SUBMIT_EDIT: $cid = sanitize($_POST['cid'], RSS_SANITIZER_NUMERIC); rss_plugin_hook('rss.plugins.admin.feed.properties.submit', null); // TBD $title = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_name']))); $url = rss_real_escape_string($_POST['c_url']); $siteurl = rss_real_escape_string($_POST['c_siteurl']); $parent = rss_real_escape_string($_POST['c_parent']); $descr = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_descr']))); $icon = rss_real_escape_string($_POST['c_icon']); $priv = array_key_exists('c_private', $_POST) && $_POST['c_private'] == '1'; $tags = rss_real_escape_string($_POST['c_tags']); $old_priv = $_POST['old_priv'] == '1'; // Feed Properties $prop_rss_input_allowupdates = rss_real_escape_string($_POST['prop_rss_input_allowupdates']); if ($prop_rss_input_allowupdates == 'default') { deleteProperty($cid, 'rss.input.allowupdates'); } else { setProperty($cid, 'rss.input.allowupdates', 'feed', $prop_rss_input_allowupdates == 1); } deleteProperty($cid, 'rss.config.refreshinterval'); $rss_config_refreshinterval = rss_real_escape_string($_POST['rss_config_refreshinterval']); if ($rss_config_refreshinterval > 60) { setProperty($cid, 'rss.config.refreshinterval', 'feed', $rss_config_refreshinterval); } if ($priv != $old_priv) { $mode = ", mode = mode "; if ($priv) { $mode .= " | " . RSS_MODE_PRIVATE_STATE; rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid={$cid}"); } else { $mode .= " & " . SET_MODE_PUBLIC_STATE; rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid={$cid}"); } rss_invalidate_cache(); } else { $mode = ""; } $del = array_key_exists('c_deleted', $_POST) && $_POST['c_deleted'] == '1'; $old_del = $_POST['old_del'] == '1'; if ($del != $old_del) { if ($mode == "") { $mode = ", mode = mode "; } if ($del) { $mode .= " | " . RSS_MODE_DELETED_STATE; } else { $mode .= " & " . SET_MODE_AVAILABLE_STATE; } } if ($url == '' || substr($url, 0, 4) != "http") { rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $url), RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; break; } if ($icon && cacheFavicon($icon)) { $icon = 'blob:' . $icon; } $sql = "update " . getTable("channels") . " set title='{$title}', url='{$url}', siteurl='{$siteurl}', " . " parent={$parent}, descr='{$descr}', icon='{$icon}', " . " daterefreshed = 1, etag = '' " . " {$mode} where id={$cid}"; rss_query($sql); __exp__submitTag($cid, utf8_decode($tags), "'channel'"); rss_invalidate_cache(); $ret__ = CST_ADMIN_DOMAIN_CHANNEL; break; case CST_ADMIN_MOVE_UP_ACTION: case CST_ADMIN_MOVE_DOWN_ACTION: $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC); $res = rss_query("select parent,position from " . getTable("channels") . " where id={$id}"); list($parent, $position) = rss_fetch_row($res); if ($_REQUEST['action'] == CST_ADMIN_MOVE_UP_ACTION) { $res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position<{$position} " . " order by abs({$position}-position) limit 1"); } else { $res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position>{$position} " . " order by abs({$position}-position) limit 1"); } list($switch_with_id, $switch_with_position) = rss_fetch_row($res); //If this is already the first or last item in a folder we won't get any results from the query above if ($switch_with_position != "") { // right, lets! if ($switch_with_position != $position) { rss_query("update " . getTable("channels") . " set position = {$switch_with_position} where id={$id}"); rss_query("update " . getTable("channels") . " set position = {$position} where id={$switch_with_id}"); rss_invalidate_cache(); } } $ret__ = CST_ADMIN_DOMAIN_CHANNEL; break; case CST_ADMIN_MULTIEDIT: $ret__ = CST_ADMIN_DOMAIN_CHANNEL; $ids = array(); foreach ($_REQUEST as $key => $val) { if (preg_match('/^fcb([0-9]+)$/', $key, $match)) { if (($id = (int) $_REQUEST[$key]) > 0) { $ids[] = $id; } } } // no feed selected? if (count($ids) == 0) { break; } else { $sqlids = " (" . implode(',', $ids) . ")"; } // MOVE TO FOLDER if (array_key_exists('me_move_to_folder', $_REQUEST)) { $fid = sanitize($_REQUEST['me_folder'], RSS_SANITIZER_NUMERIC); $sql = "update " . getTable('channels') . " set parent={$fid} where id in {$sqlids}"; rss_query($sql); /// STATE } elseif (array_key_exists('me_state', $_REQUEST)) { $deprecated = array_key_exists('me_deprecated', $_REQUEST) ? $_REQUEST['me_deprecated'] : false; $private = array_key_exists('me_private', $_REQUEST) ? $_REQUEST['me_private'] : false; if ($private) { rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_PRIVATE_STATE . " where id in {$sqlids}"); rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid in {$sqlids}"); } else { rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_PUBLIC_STATE . " where id in {$sqlids}"); rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid in {$sqlids}"); } if ($deprecated) { rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_DELETED_STATE . " where id in {$sqlids}"); } else { rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_AVAILABLE_STATE . " where id in {$sqlids}"); } // DELETE } elseif (array_key_exists('me_delete', $_REQUEST)) { if (array_key_exists('me_do_delete', $_REQUEST) && $_REQUEST['me_do_delete'] == "1") { $sql = "delete from " . getTable('channels') . " where id in {$sqlids}"; rss_query($sql); } } elseif (array_key_exists('me_set_categories', $_POST)) { $tags = utf8_decode(trim(rss_real_escape_string($_POST['me_categories']))); if ($tags) { foreach ($ids as $id) { __exp__submitTag($id, $tags, '"channel"'); } } } rss_invalidate_cache(); break; case 'dump': // Make sure this is a POST if (!isset($_POST['dumpact'])) { die('Sorry, you can\'t access this via a GET'); } $tbl = array('"', '"'); error_reporting(E_ALL); rss_require('schema.php'); $tables = getExpectedTables(); unset($tables['cache']); //$tables=array('channels','tag','config'); $bfr = ''; $bfr .= '<' . '?xml version="1.0" encoding="UTF-8"?' . '>' . "\n"; $bfr .= '<dump prefix="' . getTable('') . '" date="' . date('r') . '">' . "\n"; foreach ($tables as $table => $prefixed) { $rs = rss_query("select * from {$prefixed}"); $bfr .= "<{$table}>\n"; while ($row = rss_fetch_assoc($rs)) { $r = "<row "; foreach ($row as $key => $val) { $val = htmlspecialchars($val); $r .= " {$key}=\"{$val}\" "; } $r .= "/>\n"; $bfr .= $r; } $bfr .= "</{$table}>\n"; } $bfr .= '</dump>' . "\n"; $gzdata = gzencode($bfr, 9); // Delete the output buffer. This is probably a bad thing to do, if the ob'ing is turned off. // e.g. data was already sent to the brwoser. while (@ob_end_clean()) { } // Send the dump to the browser: header("Pragma: public"); // required header("Expires: 0"); header("Cache-Control: must-revalidate, post-check=0, pre-check=0"); header("Connection: close"); header("Content-Transfer-Encoding: binary"); header("Content-Length: " . strlen($gzdata)); header('Content-type: application/x-gzip'); header('Content-disposition: inline; filename="gregarius.dump.' . date('MjSY') . '.xml.gz"'); die($gzdata); break; default: break; } return $ret__; }
function __priv__updateTags($fid, $tags, $type) { rss_query("delete from " . getTable('metatag') . " where fid={$fid} and ttype={$type}"); $ret = array(); foreach ($tags as $tag) { $ttag = trim($tag); if ($ttag == "" || in_array($ttag, $ret)) { continue; } $ttag = sanitize($ttag, RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL); rss_query("insert into " . getTable('tag') . " (tag) values ('{$ttag}')", false); $tid = 0; if (rss_is_sql_error(RSS_SQL_ERROR_DUPLICATE_ROW)) { list($tid) = rss_fetch_row(rss_query("select id from " . getTable('tag') . " where tag='{$ttag}'")); } else { $tid = rss_insert_id(); } if ($tid) { rss_query("insert into " . getTable('metatag') . " (fid,tid,ttype,tdate) values ({$fid},{$tid},{$type},now())"); if (rss_is_sql_error(RSS_SQL_ERROR_NO_ERROR)) { $ret[] = $ttag; } } } rss_invalidate_cache(); sort($ret); return $ret; }
function setProperty($ref_obj, $prop, $type, $value) { $val = @serialize($value); if (!$val) { return false; } $val = rss_real_escape_string($val); $res = rss_query('SELECT count(fk_ref_object_id) FROM ' . getTable('properties') . " WHERE fk_ref_object_id = '{$ref_obj}' AND proptype = '{$type}'" . " AND property = '{$prop}'"); list($cnt_rows) = rss_fetch_row($res); if ($cnt_rows) { rss_query('UPDATE ' . getTable('properties') . " SET value = '{$val}' WHERE fk_ref_object_id = '{$ref_obj}' AND proptype = '{$type}'" . " AND property = '{$prop}'"); } else { rss_query('insert into ' . getTable('properties') . '(fk_ref_object_id, proptype, property, value) values (' . "'{$ref_obj}','{$type}','{$prop}','{$val}'" . ')'); } $this->_populateProperties(); rss_invalidate_cache(); return true; }
function cleanUp($newIds, $ignorePrivate = false) { if (!hidePrivate() || $ignorePrivate) { if (count($newIds) > 0 && getConfig('rss.config.markreadonupdate')) { rss_query("update " . getTable("item") . " set unread = unread & " . SET_MODE_READ_STATE . " where unread & " . RSS_MODE_UNREAD_STATE . " and id not in (" . implode(",", $newIds) . ")"); } } setProperty('__meta__', 'meta.lastupdate', 'misc', time()); if (count($newIds) > 0) { rss_invalidate_cache(); } rss_plugin_hook('rss.plugins.updates.after', null); }
function config_admin() { $ret__ = CST_ADMIN_DOMAIN_CONFIG; if (isset($_REQUEST[CST_ADMIN_METAACTION])) { $action = $_REQUEST[CST_ADMIN_METAACTION]; } else { $action = $_REQUEST['action']; } switch ($action) { case CST_ADMIN_DEFAULT_ACTION: case 'CST_ADMIN_DEFAULT_ACTION': if (!array_key_exists('key', $_REQUEST)) { rss_error(__('Invalid config key specified.'), RSS_ERROR_ERROR, true); break; } $key = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL); $res = rss_query("select value_,default_,type_ from " . getTable('config') . " where key_='{$key}'"); list($value, $default, $type) = rss_fetch_row($res); $value = real_strip_slashes($value); $default = real_strip_slashes($default); if ($value == $default) { rss_error(__("The value for '{$key}' is the same as its default value!"), RSS_ERROR_ERROR, true); break; } if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) { rss_query("update " . getTable('config') . " set value_=default_ where key_='{$key}'"); rss_invalidate_cache(); } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) { //nop } else { echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n"; config_default_form($key, $type, $default, CST_ADMIN_DOMAIN_CONFIG); echo "</form>\n"; $ret = CST_ADMIN_DOMAIN_NONE; } break; case CST_ADMIN_EDIT_ACTION: case 'CST_ADMIN_EDIT_ACTION': $key_ = sanitize($_REQUEST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL); $res = rss_query("select * from " . getTable('config') . " where key_ ='{$key_}'"); list($key, $value, $default, $type, $desc, $export) = rss_fetch_row($res); echo "<div>\n"; echo "\n\n<h2>Edit '{$key}'</h2>\n"; echo "<form style=\"display:inline\" id=\"cfg\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n"; $onclickaction = null; config_edit_form($key, $value, $default, $type, $desc, $export, $onclickaction); echo "<p style=\"display:inline\">\n"; echo isset($preview) ? "<input type=\"submit\" name=\"action\" value=\"" . __('Preview') . "\"" . ($onclickaction ? " onclick=\"{$onclickaction}\"" : "") . " />\n" : ""; echo "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CHANGES\" />"; echo "<input type=\"submit\" name=\"action\" value=\"" . __('Submit Changes') . "\"" . ($onclickaction ? " onclick=\"{$onclickaction}\"" : "") . " /><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CONFIG . "\"/>\n</p></form>\n"; echo "<form style=\"display:inline\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p style=\"display:inline\">\n<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CONFIG . "\"/>\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_SUBMIT_CANCEL\" />" . "<input type=\"submit\" name=\"action\" value=\"" . __('Cancel') . "\"/></p></form>\n" . "\n\n</div>\n"; $ret__ = CST_ADMIN_DOMAIN_NONE; break; case __('Preview'): case 'ACT_ADMIN_PREVIEW_CHANGES': rss_error('fixme: preview not yet implemented', RSS_ERROR_ERROR, true); break; case __('Submit Changes'): case 'ACT_ADMIN_SUBMIT_CHANGES': $key = sanitize($_POST['key'], RSS_SANITIZER_NO_SPACES | RSS_SANITIZER_SIMPLE_SQL); $type = sanitize($_POST['type'], RSS_SANITIZER_CHARACTERS); $value = sanitize($_POST['value'], RSS_SANITIZER_SIMPLE_SQL); // sanitizine routines for values switch ($key) { case 'rss.output.title': $value = strip_tags($value); break; case 'rss.config.robotsmeta': $value = preg_replace('#[^a-zA-Z,\\s]#', '', $value); break; } switch ($key) { case 'rss.input.allowed': $ret = array(); $tmp = explode(' ', $value); foreach ($tmp as $key__) { if (preg_match('|^[a-zA-Z]+$|', $key__)) { $ret[$key__] = array(); } else { $tmp2 = array(); $attrs = explode(',', $key__); $key__ = array_shift($attrs); foreach ($attrs as $attr) { $tmp2[$attr] = 1; } $ret[$key__] = $tmp2; } } $sql = "update " . getTable('config') . " set value_='" . serialize($ret) . "' where key_='{$key}'"; break; case 'rss.output.lang': $langs = getLanguages(); $codes = array_keys($langs); $out_val = implode(',', $codes); $cntr = 0; $idx = "0"; foreach ($codes as $code) { if ($code == $value) { $idx = $cntr; } $cntr++; } $out_val .= ",{$idx}"; $sql = "update " . getTable('config') . " set value_='{$out_val}' where key_='{$key}'"; break; default: switch ($type) { case 'string': $sql = "update " . getTable('config') . " set value_='{$value}' where key_='{$key}'"; break; case 'num': if (!is_numeric($value)) { rss_error(__("Oops, I was expecting a numeric value, got '{$value}' instead!"), RSS_ERROR_ERROR, true); break; } $sql = "update " . getTable('config') . " set value_='{$value}' where key_='{$key}'"; break; case 'boolean': if ($value != __('True') && $value != __('False')) { rss_error(__("Oops, invalid value for {$key} : {$value}"), RSS_ERROR_ERROR, true); break; } $sql = "update " . getTable('config') . " set value_='" . ($value == __('True') ? 'true' : 'false') . "'" . " where key_='{$key}'"; break; case 'enum': $res = rss_query("select value_ from " . getTable('config') . " where key_='{$key}'"); list($oldvalue) = rss_fetch_row($res); if (strstr($oldvalue, $value) === FALSE) { rss_error(__("Oops, invalid value '{$value}' for this config key"), RSS_ERROR_ERROR, true); break; } $arr = explode(',', $oldvalue); $idx = array_pop($arr); $newkey = -1; foreach ($arr as $i => $val) { if ($val == $value) { $newkey = $i; } } reset($arr); if ($newkey > -1) { array_push($arr, $newkey); $sql = "update " . getTable('config') . " set value_='" . implode(',', $arr) . "'" . " where key_='{$key}'"; } else { rss_error(__("Oops, invalid value '{$value}' for this config key"), RSS_ERROR_ERROR, true); } break; default: rss_error(__('Ooops, unknown config type: ') . $type, RSS_ERROR_ERROR, true); //var_dump($_REQUEST); break; } } if (isset($sql)) { rss_query($sql); rss_invalidate_cache(); } break; default: break; } return $ret__; }
/** * performs pruning action */ function item_admin() { $ret__ = CST_ADMIN_DOMAIN_NONE; switch ($_REQUEST['action']) { case __('Delete'): $req = rss_query('select count(*) as cnt from ' . getTable('item') . " where not(unread & " . RSS_MODE_DELETED_STATE . ")"); list($cnt) = rss_fetch_row($req); $prune_older = sanitize($_REQUEST['prune_older'], RSS_SANITIZER_NUMERIC); if (array_key_exists('prune_older', $_REQUEST) && strlen($_REQUEST['prune_older']) && is_numeric($_REQUEST['prune_older'])) { switch ($_REQUEST['prune_period']) { case __('days'): $period = 'day'; break; case __('months'): $period = 'month'; break; case __('years'): $period = 'year'; break; default: rss_error(__('Invalid pruning period'), RSS_ERROR_ERROR, true); return CST_ADMIN_DOMAIN_ITEM; break; } $sql = " from " . getTable('item') . " i inner join " . getTable('channels') . " c on c.id=i.cid " . " where 1=1 "; if (array_key_exists('prune_channel', $_REQUEST)) { if (ALL_CHANNELS_ID != $_REQUEST['prune_channel']) { $sql .= " and c.id = " . $_REQUEST['prune_channel'] . ""; } } if ($prune_older > 0) { $prune_older_date = date("Y-m-d H:i:s", strtotime("-{$prune_older} {$period}")); $sql .= " and ifnull(i.pubdate, i.added) < '{$prune_older_date}'"; } if (!array_key_exists('prune_include_sticky', $_REQUEST) || $_REQUEST['prune_include_sticky'] != '1') { $sql .= " and not(unread & " . RSS_MODE_STICKY_STATE . ") "; } if (!array_key_exists('prune_include_flag', $_REQUEST) || $_REQUEST['prune_include_flag'] != '1') { $sql .= " and not(unread & " . RSS_MODE_FLAG_STATE . ") "; } if (!array_key_exists('prune_include_unread', $_REQUEST) || $_REQUEST['prune_include_unread'] != '1') { $sql .= " and not(unread & " . RSS_MODE_UNREAD_STATE . ") "; } if (array_key_exists('prune_exclude_tags', $_REQUEST) && trim($_REQUEST['prune_exclude_tags'])) { if (trim($_REQUEST['prune_exclude_tags']) == '*') { $tsql = " select distinct fid from " . getTable('metatag'); } else { $exclude_tags = explode(" ", $_REQUEST['prune_exclude_tags']); $trimmed_exclude_tags = array(); foreach ($exclude_tags as $etag) { if ($tetag = rss_real_escape_string(trim($etag))) { $trimmed_exclude_tags[] = $tetag; } } $tsql = " select distinct fid from " . getTable('metatag') . " m " . " inner join " . getTable('tag') . " t" . " on t.id = m.tid " . " where t.tag in ('" . implode("', '", $trimmed_exclude_tags) . "')"; } $tres = rss_query($tsql); $fids = array(); while (list($fid) = rss_fetch_row($tres)) { $fids[] = $fid; } if (count($fids)) { $sql .= " and i.id not in (" . implode(",", $fids) . ") "; } } if (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST)) { // Possible fix for #207: max out execution time // to avoid timeouts @set_time_limit(0); @ini_set('max_execution_time', 60 * 10); //echo "<pre>\n"; //delete the tags for these items $sqlids = "select distinct i.id,i.cid " . $sql . " order by i.cid, i.id desc"; $rs = rss_query($sqlids); $ids = array(); $cids = array(); //echo "to be deleted\n"; while (list($id, $cid) = rss_fetch_row($rs)) { $cids[$cid][] = $id; //echo "cid=$cid, $id\n"; } //echo "\n\n"; if (count($cids)) { // Righto. Lets check which of these ids still is in cache: $cacheIds = array(); // now, sort the ids to be deleted into two lists: in cache / to trash $in_cache = array(); $to_trash = array(); foreach ($cids as $cid => $ids) { $rsCache = rss_query("select itemsincache from " . getTable('channels') . " where id={$cid}"); list($idString) = rss_fetch_row($rsCache); if ($idString) { $cacheIds = unserialize($idString); } else { $cacheIds = array(); } foreach ($ids as $iid) { //echo "examining: $iid (cid $cid) ->"; if (array_search($iid, $cacheIds) !== FALSE) { $in_cache[] = $iid; //echo " in cache!\n"; } else { $to_trash[] = $iid; //echo " not in cache!\n"; } } } // cheers, we're set. Now delete the metatag links for *all* // items to be deleted if (count($ids)) { $sqldel = "delete from " . getTable('metatag') . " where fid in (" . implode(",", array_merge($in_cache, $to_trash)) . ")"; rss_query($sqldel); } // finally, delete the actual items if (count($to_trash)) { rss_query("delete from " . getTable('item') . " where id in (" . implode(", ", $to_trash) . ")"); } if (count($in_cache)) { rss_query("update " . getTable('item') . " set unread = unread | " . RSS_MODE_DELETED_STATE . ", description='' " . " where id in (" . implode(", ", $in_cache) . ")"); } rss_invalidate_cache(); } $ret__ = CST_ADMIN_DOMAIN_ITEM; } else { list($cnt_d) = rss_fetch_row(rss_query("select count(distinct(i.id)) as cnt " . $sql . " and not(i.unread & " . RSS_MODE_DELETED_STATE . ")")); rss_error(sprintf(__('Warning: you are about to delete %s items (of %s)'), $cnt_d, $cnt), RSS_ERROR_ERROR, true); echo "<form action=\"\" method=\"post\">\n" . "<p><input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_ITEM . "\" />\n" . "<input type=\"hidden\" name=\"prune_older\" value=\"" . $_REQUEST['prune_older'] . "\" />\n" . "<input type=\"hidden\" name=\"prune_period\" value=\"" . $_REQUEST['prune_period'] . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"1\" />\n" . "<input type=\"submit\" name=\"action\" value=\"" . __('Delete') . "\" />\n" . "<input type=\"submit\" name=\"action\" value=\"" . __('Cancel') . "\"/>\n" . "</p>\n" . "</form>\n"; } } else { rss_error(__('oops, no period specified'), RSS_ERROR_ERROR, true); $ret__ = CST_ADMIN_DOMAIN_ITEM; } break; default: $ret__ = CST_ADMIN_DOMAIN_ITEM; break; } return $ret__; }
$show_private = empty($_POST['chkPrivate']) ? 0 : $_POST['chkPrivate']; setcookie('chkPrivate', $show_private, time() + COOKIE_LIFESPAN, getPath()); } else { $show_private = empty($_COOKIE['chkPrivate']) ? 0 : $_COOKIE['chkPrivate']; } rss_user_set_show_private($show_private); if (array_key_exists('metaaction', $_POST) && $_POST['metaaction'] != "" && trim($_POST['metaaction']) == trim('ACT_MARK_READ') && isLoggedIn()) { $sql = "update " . getTable("item") . " set unread=unread & " . SET_MODE_READ_STATE . " where unread & " . RSS_MODE_UNREAD_STATE; if (hidePrivate()) { $sql .= " and not(unread & " . RSS_MODE_PRIVATE_STATE . ")"; } if (array_key_exists('markreadids', $_POST)) { $sql .= " and id in (" . rss_real_escape_string($_POST['markreadids']) . ")"; } rss_query($sql); rss_invalidate_cache(); } if (array_key_exists('update', $_REQUEST)) { update(""); } $cntTotalItems = getConfig('rss.output.frontpage.numitems'); rss_plugin_hook('rss.plugins.frontpage.beforeunread', null); $cntUnreadItems = unreadItems($show_what, $show_private); // Now we have to decide how many read items to display $cntReadItems = getConfig('rss.output.frontpage.numreaditems'); rss_plugin_hook('rss.plugins.frontpage.beforeread', null); if ($show_what == SHOW_UNREAD_ONLY) { if ($cntUnreadItems == 0 && $cntTotalItems) { // we showed no unread items // Should we show some uread items? if ($cntReadItems == -1) {
function tags() { // Fix for #16: Admin (et al.) should not rely on l10n labels for actions: // Look for a meta-action first, which should be the (untranslated) *name* of // the (translated) action constant. // Fixme: should replace 'action's with a constant if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) { $__action__ = $_REQUEST[CST_ADMIN_METAACTION]; } elseif (array_key_exists('action', $_REQUEST)) { $__action__ = $_REQUEST['action']; } else { $__action__ = ""; } if (isset($_REQUEST['id'])) { $tid = sanitize($_REQUEST['id'], RSS_SANITIZER_NUMERIC); } $ret__ = CST_ADMIN_DOMAIN_TAGS; switch ($__action__) { case CST_ADMIN_EDIT_ACTION: tag_edit($tid); $ret__ = CST_ADMIN_DOMAIN_NONE; break; case CST_ADMIN_DELETE_ACTION: if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) { $sql = "delete from " . getTable("tag") . " where id={$tid}"; rss_query($sql); $sql = "delete from " . getTable("metatag") . " where tid={$tid}"; rss_query($sql); rss_invalidate_cache(); } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) { // nop; } elseif (array_key_exists('me_delete', $_REQUEST)) { if (array_key_exists('me_do_delete', $_REQUEST) && "1" == $_REQUEST['me_do_delete']) { $ids = array(); foreach ($_REQUEST as $key => $val) { if (preg_match('/^tcb([0-9]+)$/', $key, $match)) { if (($id = (int) $_REQUEST[$key]) > 0) { $ids[] = $id; } } } if (count($ids) > 0) { $sql = "delete from " . getTable("tag") . " where id in (" . implode(',', $ids) . ")"; rss_query($sql); $sql = "delete from " . getTable("metatag") . " where tid in (" . implode(',', $ids) . ")"; rss_query($sql); rss_invalidate_cache(); } } } else { list($tname) = rss_fetch_row(rss_query("select tag from " . getTable("tag") . " where id = {$tid}")); echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">"; printf(__("Are you sure you wish to delete '%s'?"), $tname); echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\"/>\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\"/>\n" . "<input type=\"hidden\" name=\"id\" value=\"{$tid}\"/>\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_TAGS . "\"/>\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\"/>\n" . "</p>\n</form>\n"; $ret__ = CST_ADMIN_DOMAIN_NONE; } break; case CST_ADMIN_SUBMIT_EDIT: // TBD $new_label = preg_replace(ALLOWED_TAGS_REGEXP, '', $_REQUEST['t_name']); // also replace whitespaces $new_label = str_replace(' ', '', $new_label); if (is_numeric($tid) && strlen($new_label) > 0) { $res = rss_query("select count(*) as cnt from " . getTable("tag") . " where binary tag='" . rss_real_escape_string($new_label) . "'"); list($cnt) = rss_fetch_row($res); if ($cnt > 0) { rss_error(sprintf(__("You can't rename this item '%s' because such an item already exists."), $new_label), RSS_ERROR_ERROR, true); break; } rss_query("update " . getTable("tag") . " set tag='" . rss_real_escape_string($new_label) . "' where id={$tid}"); rss_invalidate_cache(); } break; default: break; } echo "<script type=\"text/javascript\">\n" . "//<!--\n" . "function cbtoggle() {\n" . "var c=document.getElementById('mastercb').checked;\n" . "var cs=document.getElementById('tagtable').getElementsByTagName('input');\n" . "for(i=0;i<cs.length;i++) {\n" . "if (cs[i].type == 'checkbox') cs[i].checked = c;\n" . "}\n" . "}\n" . "</script>\n"; echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<h2 class=\"trigger\">" . __('Tags') . "</h2>\n" . "<div id=\"admin_tags\" class=\"trigger\">" . "<table id=\"tagtable\">\n" . "<tr>\n" . "\t<th><input type=\"checkbox\" id=\"mastercb\" onclick=\"cbtoggle();\" /></th>\n" . "\t<th class=\"cntr\">" . __('Tags') . "</th>\n" . "\t<th>" . __('Action') . "</th>\n" . "</tr>\n"; $sql = sprintf("select id, tag from %s t left join %s m on (t.id = m.tid) where m.ttype = 'item'", getTable("tag"), getTable("metatag")); $res = rss_query($sql); $cntr = 0; while (list($id, $tag) = rss_fetch_row($res)) { $class_ = $cntr++ % 2 == 0 ? "even" : "odd"; echo "<tr class=\"{$class_}\">\n" . "\t<td><input type=\"checkbox\" name=\"tcb{$id}\" value=\"{$id}\" id=\"scb_{$id}\" /></td>\n" . "\t<td><label for=\"scb_{$id}\">" . htmlspecialchars($tag) . "</label></td>\n" . "\t<td><a href=\"" . $_SERVER['PHP_SELF'] . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_TAGS . "&action=" . CST_ADMIN_EDIT_ACTION . "&id={$id}\">" . __('edit') . "</a>\n" . "|<a href=\"" . $_SERVER['PHP_SELF'] . "?" . CST_ADMIN_DOMAIN . "=" . CST_ADMIN_DOMAIN_TAGS . "&action=" . CST_ADMIN_DELETE_ACTION . "&id={$id}\">" . __('delete') . "</a>\n" . "|<a href=\"" . getPath('tag/' . htmlspecialchars($tag)) . "\">" . __('view') . "</a>\n" . "</td>\n" . "</tr>\n"; } echo "</table>\n"; echo "<fieldset>\n" . "<legend>" . __('Selected') . "...</legend>\n" . "<p>\n" . "<input type=\"submit\" id=\"me_delete\" name=\"me_delete\" value=\"" . __('Delete') . "\" />\n" . "<input type=\"checkbox\" name=\"me_do_delete\" id=\"me_do_delete\" value=\"1\" />\n" . "<label for=\"me_do_delete\">" . __("I'm sure!") . "</label>\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_TAGS . "\" />\n" . "</fieldset>\n" . "</form>\n" . "</div>\n"; }
/** * Creates a folder with the given name. Does some sanity check, * creates the folder, then returns the */ function create_folder($label, $complainonerror = true) { $res = rss_query("select count(*) from " . getTable("folders") . " where name='" . rss_real_escape_string($label) . "'"); list($exists) = rss_fetch_row($res); if ($exists > 0 && $complainonerror) { rss_error(sprintf(__("Looks like you already have a folder called '%s'!"), $label), RSS_ERROR_ERROR, true); return; } elseif ($exists == 0) { $res = rss_query("select 1+max(position) as np from " . getTable("folders")); list($np) = rss_fetch_row($res); if (!$np) { $np = "0"; } rss_query("insert into " . getTable("folders") . " (name,position) values ('" . rss_real_escape_string($label) . "', {$np})"); rss_invalidate_cache(); } list($fid) = rss_fetch_row(rss_query("select id from " . getTable("folders") . " where name='" . rss_real_escape_string($label) . "'")); return $fid; }