Пример #1
0
function add_channel($url, $folderid = 0, $title_ = null, $descr_ = null, $tags = null)
{
    if (!$url || strlen($url) <= 7) {
        return array(-2, "Invalid URL {$url}");
    }
    if (!is_numeric($folderid)) {
        return array(-2, "Invalid folderid {$folderid}");
    }
    $url = sanitize(str_replace('&amp;', '&', $url), RSS_SANITIZER_URL);
    $urlDB = rss_real_escape_string($url);
    //htmlentities($url);
    $res = rss_query("select count(*) as channel_exists from " . getTable("channels") . " where url='{$urlDB}'");
    list($channel_exists) = rss_fetch_row($res);
    if ($channel_exists > 0) {
        // fatal
        return array(-2, "Looks like you are already subscribed to this channel");
    }
    $res = rss_query("select 1+max(position) as np from " . getTable("channels"));
    list($np) = rss_fetch_row($res);
    if (!$np) {
        $np = "0";
    }
    // Here we go!
    //error_reporting(E_ALL);
    $old_level = error_reporting(E_ERROR);
    $rss = fetch_rss($url);
    error_reporting($old_level);
    if ($rss) {
        if ($title_) {
            $title = rss_real_escape_string($title_);
        } elseif (is_object($rss) && array_key_exists('title#', $rss->channel)) {
            if (array_key_exists('title', $rss->channel)) {
                $title = rss_real_escape_string($rss->channel['title']);
            } else {
                $title = " ";
            }
        } else {
            $title = "";
        }
        if (is_object($rss) && array_key_exists('link', $rss->channel)) {
            $siteurl = rss_real_escape_string(htmlentities($rss->channel['link']));
        } else {
            $siteurl = "";
        }
        $refreshinterval = 0;
        if (is_object($rss) && array_key_exists('syn', $rss->channel)) {
            $syn = $rss->channel['syn'];
            if (array_key_exists('updateperiod', $syn)) {
                if ("hourly" == $syn['updateperiod']) {
                    if (array_key_exists('updatefrequency', $syn)) {
                        $refreshinterval = 60 * $syn['updatefrequency'];
                    }
                }
            }
        }
        if ($descr_) {
            $descr = rss_real_escape_string($descr_);
        } elseif (is_object($rss) && array_key_exists('description', $rss->channel)) {
            $descr = rss_real_escape_string($rss->channel['description']);
        } else {
            $descr = "";
        }
        //lets see if this server has a favicon
        $icon = "";
        if (getConfig('rss.output.showfavicons')) {
            // if we got nothing so far, lets try to fall back to
            // favicons
            if ($icon == "" && $siteurl != "") {
                $match = get_host($siteurl, $host);
                $uri = "http://" . $host . "favicon.ico";
                if ($match && getContentType($uri, $contentType)) {
                    if (preg_match("/image\\/x-icon/", $contentType)) {
                        $icon = $uri;
                    }
                }
            }
        }
        $private = preg_match('|(https?://)([^:]+:[^@]+@)(.+)$|', $url);
        if ($title != "") {
            $title = strip_tags($title);
            $descr = strip_tags($descr);
            // add channel to root folder by default
            if (!$folderid) {
                $folderid = getRootFolder();
            }
            list($title, $urlDB, $siteurl, $folderid, $descr, $icon) = rss_plugin_hook('rss.plugins.feed.new', array($title, $urlDB, $siteurl, $folderid, $descr, $icon));
            $mode = RSS_MODE_UNREAD_STATE;
            if ($private) {
                $mode |= RSS_MODE_PRIVATE_STATE;
            }
            $sql = "insert into " . getTable("channels") . " (title, url, siteurl, parent, descr, dateadded, icon, position, mode, daterefreshed)" . " values ('{$title}', '{$urlDB}', '{$siteurl}', {$folderid}, '{$descr}', now(), '{$icon}', {$np}, {$mode}, '0000-00-00 00:00:00')";
            rss_query($sql);
            $newid = rss_insert_id();
            if ($icon && cacheFavicon($icon)) {
                rss_query("update " . getTable("channels") . " set icon='blob:" . $icon . "'" . " where id={$newid}");
            }
            if ($tags != "") {
                __exp__submitTag($newid, $tags, "'channel'");
            }
            if (false == empty($refreshinterval)) {
                setProperty($newid, 'rss.config.refreshinterval', $refreshinterval);
            }
            return array($newid, "");
        } else {
            // non-fatal, will look further
            return array(-1, "I'm sorry, I couldn't extract a valid RSS feed from <a href=\"{$url}\">{$url}</a>.");
        }
    } else {
        global $MAGPIE_ERROR;
        $retError = "I'm sorry, I couldn't retrieve <a href=\"{$url}\">{$url}</a>.";
        if ($MAGPIE_ERROR) {
            $retError .= "\n<br />{$MAGPIE_ERROR}\n";
        }
        // non-fatal, will look further
        return array(-1, $retError);
    }
}
Пример #2
0
/**
 * Performs all the feed-related admin actions
 */
function channel_admin()
{
    // Fix for #16: Admin (et al.) should not rely on l10n labels for actions:
    // Look for a meta-action first, which should be the (untranslated) *name* of
    // the (translated) action constant.
    // Fixme: should replace 'action's with a constant
    if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) {
        $__action__ = $_REQUEST[CST_ADMIN_METAACTION];
    } elseif (array_key_exists('action', $_REQUEST)) {
        $__action__ = $_REQUEST['action'];
    } else {
        $__action__ = "";
    }
    $ret__ = CST_ADMIN_DOMAIN_NONE;
    switch ($__action__) {
        case __('Add'):
        case 'ACT_ADMIN_ADD':
        case 'Add':
            $label = trim(sanitize($_REQUEST['new_channel'], RSS_SANITIZER_URL));
            $fid = trim(sanitize($_REQUEST['add_channel_to_folder'], RSS_SANITIZER_NUMERIC));
            list($flabel) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id={$fid}"));
            // handle "feed:" urls
            if (substr($label, 0, 5) == 'feed:') {
                if (substr($label, 0, 11) == "feed://http") {
                    $label = substr($label, 5);
                } else {
                    // handle feed://example.com/rss.xml urls
                    $label = "http:" . substr($label, 5);
                }
            }
            if ($label != 'http://' && substr($label, 0, 4) == "http") {
                $tags = @$_REQUEST['channel_tags'];
                $ret = add_channel($label, $fid, null, null, $tags);
                //var_dump($ret);
                if (is_array($ret) && $ret[0] > -1) {
                    update($ret[0]);
                    rss_invalidate_cache();
                    // feedback
                    $newCid = $ret[0];
                    rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . "&nbsp;[<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&amp;action=edit&amp;cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true);
                    $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                } elseif (is_array($ret) && $ret[0] > -2) {
                    // okay, something went wrong, maybe thats a html url after all?
                    // let's try and see if we can extract some feeds
                    $feeds = extractFeeds($label);
                    if (!is_array($feeds) || sizeof($feeds) == 0) {
                        rss_error($ret[1], RSS_ERROR_ERROR, true);
                        $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                    } else {
                        //one single feed in the html doc, add that
                        if (is_array($feeds) && sizeof($feeds) == 1 && array_key_exists('href', $feeds[0])) {
                            $ret = add_channel($feeds[0]['href'], $fid);
                            if (is_array($ret) && $ret[0] > -1) {
                                update($ret[0]);
                                rss_invalidate_cache();
                                // feedback
                                $newCid = $ret[0];
                                rss_error(sprintf(__('Adding %s to %s... '), htmlentities($label), "/{$flabel}") . __('OK') . "&nbsp;[<a href=\"" . getPath() . "admin/index.php?domain=" . CST_ADMIN_DOMAIN_CHANNEL . "&amp;action=edit&amp;cid={$newCid}\">" . __('edit') . "</a>]", RSS_ERROR_ERROR, true);
                                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                            } else {
                                // failure
                                rss_error($ret[1], RSS_ERROR_ERROR, true);
                                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                            }
                        } else {
                            // multiple feeds in the channel
                            echo "<form method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p>" . sprintf(__('The following feeds were found in <a href="%s">%s</a>, which one would you like to subscribe?'), $label, $label) . "</p>\n";
                            $cnt = 0;
                            while (list($id, $feedarr) = each($feeds)) {
                                // we need an URL
                                if (!array_key_exists('href', $feedarr)) {
                                    continue;
                                } else {
                                    $href = $feedarr['href'];
                                }
                                if (array_key_exists('type', $feedarr)) {
                                    $typeLbl = " [<a href=\"{$href}\">" . $feedarr['type'] . "</a>]";
                                }
                                $cnt++;
                                if (array_key_exists('title', $feedarr)) {
                                    $lbl = $feedarr['title'];
                                } elseif (array_key_exists('type', $feedarr)) {
                                    $lbl = $feedarr['type'];
                                    $typeLbl = "";
                                } elseif (array_key_exists('href', $feedarr)) {
                                    $lbl = $feedarr['href'];
                                } else {
                                    $lbl = "Resource {$cnt}";
                                }
                                echo "<p>\n\t<input class=\"indent\" type=\"radio\" id=\"fd_{$cnt}\" name=\"new_channel\" " . " value=\"{$href}\" />\n" . "\t<label for=\"fd_{$cnt}\">{$lbl} {$typeLbl}</label>\n" . "</p>\n";
                            }
                            echo "<p><input type=\"hidden\" name=\"add_channel_to_folder\" value=\"{$fid}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_METAACTION . "\" value=\"ACT_ADMIN_ADD\" />\n" . "<input type=\"submit\" class=\"indent\" name=\"action\" value=\"" . __('Add') . "\" />\n" . "</p>\n</form>\n\n";
                        }
                    }
                } elseif (is_array($ret)) {
                    rss_error($ret[1], RSS_ERROR_ERROR, true);
                    $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                } else {
                    rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true);
                    $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                }
            } else {
                rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $label), RSS_ERROR_ERROR, true);
                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            }
            break;
        case CST_ADMIN_EDIT_ACTION:
            $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
            channel_edit_form($id);
            break;
        case CST_ADMIN_DELETE_ACTION:
            $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
            if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
                $rs = rss_query("select distinct id from " . getTable("item") . " where cid={$id}");
                $ids = array();
                while (list($did) = rss_fetch_row($rs)) {
                    $ids[] = $did;
                }
                if (count($ids)) {
                    $sqldel = "delete from " . getTable('metatag') . " where fid in (" . implode(",", $ids) . ")";
                    rss_query($sqldel);
                }
                $sql = "delete from " . getTable("item") . " where cid={$id}";
                rss_query($sql);
                $sql = "delete from " . getTable("channels") . " where id={$id}";
                rss_query($sql);
                // Delete properties
                deleteProperty($id, 'rss.input.allowupdates');
                deleteProperty($id, 'rss.config.refreshinterval');
                deleteProperty($id, 'rss.config.refreshdate');
                // Invalidate cache
                rss_invalidate_cache();
                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) {
                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            } else {
                list($cname) = rss_fetch_row(rss_query("select title from " . getTable("channels") . " where id = {$id}"));
                echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">";
                printf(__("Are you sure you wish to delete '%s'?"), $cname);
                echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\" />\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\" />\n" . "<input type=\"hidden\" name=\"cid\" value=\"{$id}\" />\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_CHANNEL . "\" />\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\" />\n" . "</p>\n</form>\n";
            }
            break;
        case __('Import'):
        case 'ACT_ADMIN_IMPORT':
            if (array_key_exists('opml', $_POST) && strlen(trim($_POST['opml'])) > 7) {
                $url = trim(sanitize($_POST['opml'], RSS_SANITIZER_NO_SPACES));
            } elseif (array_key_exists('opmlfile', $_FILES) && $_FILES['opmlfile']['tmp_name']) {
                if (is_uploaded_file($_FILES['opmlfile']['tmp_name'])) {
                    $url = $_FILES['opmlfile']['tmp_name'];
                } else {
                    $url = '';
                }
            } else {
                $url = '';
            }
            if (!$url) {
                $ret__ = CST_ADMIN_DOMAIN_OPML;
                break;
            }
            if (array_key_exists('opml_import_option', $_POST)) {
                $import_opt = $_POST['opml_import_option'];
            } else {
                $import_opt = CST_ADMIN_OPML_IMPORT_MERGE;
            }
            if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) {
                $opmlfid = sanitize($_POST['opml_import_to_folder'], RSS_SANITIZER_NUMERIC);
            } else {
                $opmlfid = getRootFolder();
            }
            @set_time_limit(0);
            @ini_set('max_execution_time', 300);
            // Parse into and OPML object
            $opml = getOpml($url);
            if (sizeof($opml) > 0) {
                if ($import_opt == CST_ADMIN_OPML_IMPORT_WIPE) {
                    rss_query("delete from " . getTable("metatag"));
                    rss_query("delete from " . getTable("channels"));
                    rss_query("delete from " . getTable("item"));
                    rss_query("delete from " . getTable("folders") . " where id > 0");
                }
                if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) {
                    $fid = $opmlfid;
                    list($prev_folder) = rss_fetch_row(rss_query("select name from " . getTable('folders') . " where id= {$opmlfid} "));
                } else {
                    $prev_folder = __('Root');
                    $fid = 0;
                }
                echo "<div class=\"frame\" style=\"background-color:#eee;font-size:small\"><ul>\n";
                while (list($folder, $items) = each($opml)) {
                    if ($folder != $prev_folder && $import_opt != CST_ADMIN_OPML_IMPORT_FOLDER) {
                        $fid = create_folder(strip_tags($folder), false);
                        $prev_folder = strip_tags($folder);
                    }
                    for ($i = 0; $i < sizeof($opml[$folder]); $i++) {
                        $url_ = isset($opml[$folder][$i]['XMLURL']) ? trim($opml[$folder][$i]['XMLURL']) : null;
                        $title_ = isset($opml[$folder][$i]['TEXT']) ? trim($opml[$folder][$i]['TEXT']) : null;
                        // support for title attribute (optional)
                        $title_ = isset($opml[$folder][$i]['TITLE']) ? trim($opml[$folder][$i]['TITLE']) : $title_;
                        $descr_ = isset($opml[$folder][$i]['DESCRIPTION']) ? trim($opml[$folder][$i]['DESCRIPTION']) : null;
                        $cats_ = isset($opml[$folder][$i]['CATEGORY']) ? trim($opml[$folder][$i]['CATEGORY']) : "";
                        $t__ = strip_tags($title_);
                        $d__ = strip_tags($descr_);
                        $f__ = strip_tags($prev_folder);
                        $u__ = sanitize($url_, RSS_SANITIZER_URL);
                        $c__ = $cats_;
                        //preg_replace(ALLOWED_TAGS_REGEXP,' ',$cats_);
                        if ($u__) {
                            echo "<li><p>" . sprintf(__('Adding %s to %s... '), $t__, $f__);
                            flush();
                            list($retcde, $retmsg) = add_channel($u__, $fid, $t__, $d__);
                            if ($retcde && count($c__)) {
                                __exp__submitTag($retcde, utf8_encode($c__), "'channel'");
                            }
                            echo ($retcde < 0 ? $retmsg : " OK") . "</p></li>\n";
                            flush();
                        }
                    }
                }
                echo "</ul>\n<p><b>" . __('Updating') . "...</b></p>\n";
                echo "</div>\n";
                flush();
                //update all the feeds
                update("");
                rss_invalidate_cache();
            }
            $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            break;
        case CST_ADMIN_SUBMIT_EDIT:
            $cid = sanitize($_POST['cid'], RSS_SANITIZER_NUMERIC);
            rss_plugin_hook('rss.plugins.admin.feed.properties.submit', null);
            // TBD
            $title = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_name'])));
            $url = rss_real_escape_string($_POST['c_url']);
            $siteurl = rss_real_escape_string($_POST['c_siteurl']);
            $parent = rss_real_escape_string($_POST['c_parent']);
            $descr = strip_tags(rss_real_escape_string(real_strip_slashes($_POST['c_descr'])));
            $icon = rss_real_escape_string($_POST['c_icon']);
            $priv = array_key_exists('c_private', $_POST) && $_POST['c_private'] == '1';
            $tags = rss_real_escape_string($_POST['c_tags']);
            $old_priv = $_POST['old_priv'] == '1';
            // Feed Properties
            $prop_rss_input_allowupdates = rss_real_escape_string($_POST['prop_rss_input_allowupdates']);
            if ($prop_rss_input_allowupdates == 'default') {
                deleteProperty($cid, 'rss.input.allowupdates');
            } else {
                setProperty($cid, 'rss.input.allowupdates', 'feed', $prop_rss_input_allowupdates == 1);
            }
            deleteProperty($cid, 'rss.config.refreshinterval');
            $rss_config_refreshinterval = rss_real_escape_string($_POST['rss_config_refreshinterval']);
            if ($rss_config_refreshinterval > 60) {
                setProperty($cid, 'rss.config.refreshinterval', 'feed', $rss_config_refreshinterval);
            }
            if ($priv != $old_priv) {
                $mode = ", mode = mode ";
                if ($priv) {
                    $mode .= " | " . RSS_MODE_PRIVATE_STATE;
                    rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid={$cid}");
                } else {
                    $mode .= " & " . SET_MODE_PUBLIC_STATE;
                    rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid={$cid}");
                }
                rss_invalidate_cache();
            } else {
                $mode = "";
            }
            $del = array_key_exists('c_deleted', $_POST) && $_POST['c_deleted'] == '1';
            $old_del = $_POST['old_del'] == '1';
            if ($del != $old_del) {
                if ($mode == "") {
                    $mode = ", mode = mode ";
                }
                if ($del) {
                    $mode .= " | " . RSS_MODE_DELETED_STATE;
                } else {
                    $mode .= " & " . SET_MODE_AVAILABLE_STATE;
                }
            }
            if ($url == '' || substr($url, 0, 4) != "http") {
                rss_error(sprintf(__("I'm sorry, I don't think I can handle this URL: '%s'"), $url), RSS_ERROR_ERROR, true);
                $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
                break;
            }
            if ($icon && cacheFavicon($icon)) {
                $icon = 'blob:' . $icon;
            }
            $sql = "update " . getTable("channels") . " set title='{$title}', url='{$url}', siteurl='{$siteurl}', " . " parent={$parent}, descr='{$descr}', icon='{$icon}', " . " daterefreshed = 1, etag = '' " . " {$mode} where id={$cid}";
            rss_query($sql);
            __exp__submitTag($cid, utf8_decode($tags), "'channel'");
            rss_invalidate_cache();
            $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            break;
        case CST_ADMIN_MOVE_UP_ACTION:
        case CST_ADMIN_MOVE_DOWN_ACTION:
            $id = sanitize($_REQUEST['cid'], RSS_SANITIZER_NUMERIC);
            $res = rss_query("select parent,position from " . getTable("channels") . " where id={$id}");
            list($parent, $position) = rss_fetch_row($res);
            if ($_REQUEST['action'] == CST_ADMIN_MOVE_UP_ACTION) {
                $res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position<{$position} " . " order by abs({$position}-position) limit 1");
            } else {
                $res = rss_query("select id, position from " . getTable("channels") . " where parent={$parent} and id != {$id} and position>{$position} " . " order by abs({$position}-position) limit 1");
            }
            list($switch_with_id, $switch_with_position) = rss_fetch_row($res);
            //If this is already the first or last item in a folder we won't get any results from the query above
            if ($switch_with_position != "") {
                // right, lets!
                if ($switch_with_position != $position) {
                    rss_query("update " . getTable("channels") . " set position = {$switch_with_position} where id={$id}");
                    rss_query("update " . getTable("channels") . " set position = {$position} where id={$switch_with_id}");
                    rss_invalidate_cache();
                }
            }
            $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            break;
        case CST_ADMIN_MULTIEDIT:
            $ret__ = CST_ADMIN_DOMAIN_CHANNEL;
            $ids = array();
            foreach ($_REQUEST as $key => $val) {
                if (preg_match('/^fcb([0-9]+)$/', $key, $match)) {
                    if (($id = (int) $_REQUEST[$key]) > 0) {
                        $ids[] = $id;
                    }
                }
            }
            // no feed selected?
            if (count($ids) == 0) {
                break;
            } else {
                $sqlids = " (" . implode(',', $ids) . ")";
            }
            // MOVE TO FOLDER
            if (array_key_exists('me_move_to_folder', $_REQUEST)) {
                $fid = sanitize($_REQUEST['me_folder'], RSS_SANITIZER_NUMERIC);
                $sql = "update " . getTable('channels') . " set parent={$fid} where id in {$sqlids}";
                rss_query($sql);
                /// STATE
            } elseif (array_key_exists('me_state', $_REQUEST)) {
                $deprecated = array_key_exists('me_deprecated', $_REQUEST) ? $_REQUEST['me_deprecated'] : false;
                $private = array_key_exists('me_private', $_REQUEST) ? $_REQUEST['me_private'] : false;
                if ($private) {
                    rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_PRIVATE_STATE . " where id in {$sqlids}");
                    rss_query('update ' . getTable('item') . " set unread = unread | " . RSS_MODE_PRIVATE_STATE . " where cid in {$sqlids}");
                } else {
                    rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_PUBLIC_STATE . " where id in {$sqlids}");
                    rss_query('update ' . getTable('item') . " set unread = unread & " . SET_MODE_PUBLIC_STATE . " where cid in {$sqlids}");
                }
                if ($deprecated) {
                    rss_query('update ' . getTable('channels') . " set mode = mode | " . RSS_MODE_DELETED_STATE . " where id in {$sqlids}");
                } else {
                    rss_query('update ' . getTable('channels') . " set mode = mode & " . SET_MODE_AVAILABLE_STATE . " where id in {$sqlids}");
                }
                // DELETE
            } elseif (array_key_exists('me_delete', $_REQUEST)) {
                if (array_key_exists('me_do_delete', $_REQUEST) && $_REQUEST['me_do_delete'] == "1") {
                    $sql = "delete from " . getTable('channels') . " where id in {$sqlids}";
                    rss_query($sql);
                }
            } elseif (array_key_exists('me_set_categories', $_POST)) {
                $tags = utf8_decode(trim(rss_real_escape_string($_POST['me_categories'])));
                if ($tags) {
                    foreach ($ids as $id) {
                        __exp__submitTag($id, $tags, '"channel"');
                    }
                }
            }
            rss_invalidate_cache();
            break;
        case 'dump':
            // Make sure this is a POST
            if (!isset($_POST['dumpact'])) {
                die('Sorry, you can\'t access this via a GET');
            }
            $tbl = array('"', '&quot;');
            error_reporting(E_ALL);
            rss_require('schema.php');
            $tables = getExpectedTables();
            unset($tables['cache']);
            //$tables=array('channels','tag','config');
            $bfr = '';
            $bfr .= '<' . '?xml version="1.0" encoding="UTF-8"?' . '>' . "\n";
            $bfr .= '<dump prefix="' . getTable('') . '" date="' . date('r') . '">' . "\n";
            foreach ($tables as $table => $prefixed) {
                $rs = rss_query("select * from {$prefixed}");
                $bfr .= "<{$table}>\n";
                while ($row = rss_fetch_assoc($rs)) {
                    $r = "<row ";
                    foreach ($row as $key => $val) {
                        $val = htmlspecialchars($val);
                        $r .= " {$key}=\"{$val}\" ";
                    }
                    $r .= "/>\n";
                    $bfr .= $r;
                }
                $bfr .= "</{$table}>\n";
            }
            $bfr .= '</dump>' . "\n";
            $gzdata = gzencode($bfr, 9);
            // Delete the output buffer. This is probably a bad thing to do, if the ob'ing is turned off.
            // e.g. data was already sent to the brwoser.
            while (@ob_end_clean()) {
            }
            // Send the dump to the browser:
            header("Pragma: public");
            // required
            header("Expires: 0");
            header("Cache-Control: must-revalidate, post-check=0, pre-check=0");
            header("Connection: close");
            header("Content-Transfer-Encoding: binary");
            header("Content-Length: " . strlen($gzdata));
            header('Content-type: application/x-gzip');
            header('Content-disposition: inline; filename="gregarius.dump.' . date('MjSY') . '.xml.gz"');
            die($gzdata);
            break;
        default:
            break;
    }
    return $ret__;
}
Пример #3
0
function folder_admin()
{
    // Fix for #16: Admin (et al.) should not rely on l10n labels for actions:
    // Look for a meta-action first, which should be the (untranslated) *name* of
    // the (translated) action constant.
    // Fixme: should replace 'action's with a constant
    if (array_key_exists(CST_ADMIN_METAACTION, $_REQUEST)) {
        $__action__ = $_REQUEST[CST_ADMIN_METAACTION];
    } elseif (array_key_exists('action', $_REQUEST)) {
        $__action__ = $_REQUEST['action'];
    } else {
        $__action__ = "";
    }
    if (isset($_REQUEST['fid'])) {
        $fid = sanitize($_REQUEST['fid'], RSS_SANITIZER_NUMERIC);
    }
    $ret__ = CST_ADMIN_DOMAIN_FOLDER;
    switch ($__action__) {
        case CST_ADMIN_EDIT_ACTION:
            folder_edit($fid);
            $ret__ = CST_ADMIN_DOMAIN_NONE;
            break;
        case CST_ADMIN_DELETE_ACTION:
            if ($fid == 0) {
                rss_error(__("You can't delete the Root folder"), RSS_ERROR_ERROR, true);
                break;
            }
            if (array_key_exists(CST_ADMIN_CONFIRMED, $_POST) && $_POST[CST_ADMIN_CONFIRMED] == __('Yes')) {
                $sql = "delete from " . getTable("folders") . " where id={$fid}";
                rss_query($sql);
                $sql = "update " . getTable("channels") . " set parent=" . getRootFolder() . " where parent={$fid}";
                rss_query($sql);
                rss_invalidate_cache();
            } elseif (array_key_exists(CST_ADMIN_CONFIRMED, $_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == __('No')) {
                // nop;
            } else {
                list($fname) = rss_fetch_row(rss_query("select name from " . getTable("folders") . " where id = {$fid}"));
                echo "<form class=\"box\" method=\"post\" action=\"" . $_SERVER['PHP_SELF'] . "\">\n" . "<p class=\"error\">";
                printf(__("Are you sure you wish to delete '%s'?"), $fname);
                echo "</p>\n" . "<p><input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('No') . "\"/>\n" . "<input type=\"submit\" name=\"" . CST_ADMIN_CONFIRMED . "\" value=\"" . __('Yes') . "\"/>\n" . "<input type=\"hidden\" name=\"fid\" value=\"{$fid}\"/>\n" . "<input type=\"hidden\" name=\"" . CST_ADMIN_DOMAIN . "\" value=\"" . CST_ADMIN_DOMAIN_FOLDER . "\"/>\n" . "<input type=\"hidden\" name=\"action\" value=\"" . CST_ADMIN_DELETE_ACTION . "\"/>\n" . "</p>\n</form>\n";
                $ret__ = CST_ADMIN_DOMAIN_NONE;
            }
            break;
        case CST_ADMIN_SUBMIT_EDIT:
            // TBD
            $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_URL);
            $new_label = rss_real_escape_string($new_label);
            if (is_numeric($fid) && strlen($new_label) > 0) {
                $res = rss_query("select count(*) as cnt from " . getTable("folders") . " where binary name='{$new_label}'");
                list($cnt) = rss_fetch_row($res);
                if ($cnt > 0) {
                    rss_error(sprintf(__("You can't rename this item '%s' because such an item already exists."), $new_label), RSS_ERROR_ERROR, true);
                    break;
                }
                rss_query("update " . getTable("folders") . " set name='{$new_label}' where id={$fid}");
                rss_invalidate_cache();
            }
            break;
        case __('Add'):
        case 'ACT_ADMIN_ADD':
            $label = sanitize($_REQUEST['new_folder'], RSS_SANITIZER_URL);
            $new_label = rss_real_escape_string($new_label);
            assert(strlen($label) > 0);
            create_folder($label);
            break;
        case CST_ADMIN_MOVE_UP_ACTION:
        case CST_ADMIN_MOVE_DOWN_ACTION:
            if ($fid == 0) {
                return;
            }
            $res = rss_query("select position from " . getTable("folders") . " where id={$fid}");
            list($position) = rss_fetch_row($res);
            $sql = "select id, position from " . getTable("folders") . " where\tid != {$fid} order by abs({$position}-position) limit 2";
            $res = rss_query($sql);
            // Let's look for a lower/higher position than the one we got.
            $switch_with_position = $position;
            while (list($oid, $oposition) = rss_fetch_row($res)) {
                if ($switch_with_position == $position && ($_REQUEST['action'] == CST_ADMIN_MOVE_UP_ACTION && $oposition < $switch_with_position || $_REQUEST['action'] == CST_ADMIN_MOVE_DOWN_ACTION && $oposition > $switch_with_position)) {
                    $switch_with_position = $oposition;
                    $switch_with_id = $oid;
                }
            }
            // right, lets!
            if ($switch_with_position != $position) {
                rss_query("update " . getTable("folders") . " set position = {$switch_with_position} where id={$fid}");
                rss_query("update " . getTable("folders") . " set position = {$position} where id={$switch_with_id}");
                rss_invalidate_cache();
            }
            break;
        default:
            break;
    }
    return $ret__;
}