servers
/
ttrss
mirror of https://tt-rss.org/git/tt-rss.git
1
0
Fork 0
Code Issues Releases Wiki Activity

batch feed editor: 

- fix some field changes not applying because of DB type errors
 - rework to use bound vars instead of sql query concatenation
deprecate: checkbox_to_sql_bool(), bool_to_sql_bool()
This commit is contained in:
Andrew Dolgov 2022-12-30 19:07:15 +03:00
parent 2be8d58509
commit a16acd65fc
No known key found for this signature in database
GPG Key ID: 1A56B4FA25D4AF2A
2 changed files with 40 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

74
classes/pref/feeds.php
View File

@ -711,20 +711,14 @@ class Pref_Feeds extends Handler_Protected {
$feed_id = (int) clean($_POST["id"] ?? 0); /* editSave */ $feed_id = (int) clean($_POST["id"] ?? 0); /* editSave */
$feed_ids = explode(",", clean($_POST["ids"] ?? "")); /* batchEditSave */ $feed_ids = explode(",", clean($_POST["ids"] ?? "")); /* batchEditSave */
$cat_id = (int) clean($_POST["cat_id"] ?? 0); $cat_id = (int) clean($_POST["cat_id"] ?? 0);
$auth_login = clean($_POST["auth_login"]); $auth_login = clean($_POST["auth_login"] ?? "");
$auth_pass = clean($_POST["auth_pass"]); $auth_pass = clean($_POST["auth_pass"] ?? "");
$private = checkbox_to_sql_bool(clean($_POST["private"] ?? "")); $private = clean($_POST["private"] ?? "") == "on";
$include_in_digest = checkbox_to_sql_bool( $include_in_digest = clean($_POST["include_in_digest"] ?? "") == "on";
clean($_POST["include_in_digest"] ?? "")); $cache_images = clean($_POST["cache_images"] ?? "") == "on";
$cache_images = checkbox_to_sql_bool( $hide_images = clean($_POST["hide_images"] ?? "") == "on";
clean($_POST["cache_images"] ?? "")); $always_display_enclosures = clean($_POST["always_display_enclosures"] ?? "") == "on";
$hide_images = checkbox_to_sql_bool( $mark_unread_on_update = clean($_POST["mark_unread_on_update"] ?? "") == "on";
clean($_POST["hide_images"] ?? ""));
$always_display_enclosures = checkbox_to_sql_bool(
clean($_POST["always_display_enclosures"] ?? ""));
$mark_unread_on_update = checkbox_to_sql_bool(
clean($_POST["mark_unread_on_update"] ?? ""));
$feed_language = clean($_POST["feed_language"] ?? ""); $feed_language = clean($_POST["feed_language"] ?? "");
@ -779,71 +773,79 @@ class Pref_Feeds extends Handler_Protected {
foreach (array_keys($feed_data) as $k) { foreach (array_keys($feed_data) as $k) {
$qpart = ""; $qpart = "";
$qparams = [];
switch ($k) { switch ($k) {
case "title": case "title":
$qpart = "title = " . $this->pdo->quote($feed_title); $qpart = "title = ?";
$qparams = [$feed_title];
break; break;
case "feed_url": case "feed_url":
$qpart = "feed_url = " . $this->pdo->quote($feed_url); $qpart = "feed_url = ?";
$qparams = [$this->pdo->quote($feed_url)];
break; break;
case "update_interval": case "update_interval":
$qpart = "update_interval = " . $upd_intl; // made int above $qpart = "update_interval = ?";
$qparams = [$upd_intl];
break; break;
case "purge_interval": case "purge_interval":
$qpart = "purge_interval = " . $purge_intl; // made int above $qpart = "purge_interval = ?";
$qparams = [$purge_intl];
break; break;
case "auth_login": case "auth_login":
$qpart = "auth_login = " . $this->pdo->quote($auth_login); $qpart = "auth_login = ?";
$qparams = [$auth_login];
break; break;
case "auth_pass": case "auth_pass":
$qpart = "auth_pass =" . $this->pdo->quote($auth_pass). ", auth_pass_encrypted = false"; $qpart = "auth_pass = ?, auth_pass_encrypted = false";
$qparams = [$auth_pass];
break; break;
case "private": case "private":
$qpart = "private = " . $private; // made int above $qpart = "private = ?";
$qparams = [$private];
break; break;
case "include_in_digest": case "include_in_digest":
$qpart = "include_in_digest = " . $include_in_digest; // made int above $qpart = "include_in_digest = ?";
$qparams = [$include_in_digest];
break; break;
case "always_display_enclosures": case "always_display_enclosures":
$qpart = "always_display_enclosures = " . $always_display_enclosures; // made int above $qpart = "always_display_enclosures = ?";
$qparams = [$always_display_enclosures];
break; break;
case "mark_unread_on_update": case "mark_unread_on_update":
$qpart = "mark_unread_on_update = " . $mark_unread_on_update; // made int above $qpart = "mark_unread_on_update = ?";
$qparams = [$mark_unread_on_update];
break; break;
case "cache_images": case "cache_images":
$qpart = "cache_images = " . $cache_images; // made int above $qpart = "cache_images = ?";
$qparams = [$cache_images];
break; break;
case "hide_images": case "hide_images":
$qpart = "hide_images = " . $hide_images; // made int above $qpart = "hide_images = ?";
$qparams = [$hide_images];
break; break;
case "cat_id": case "cat_id":
if (get_pref(Prefs::ENABLE_FEED_CATS)) { if (get_pref(Prefs::ENABLE_FEED_CATS)) {
if ($cat_id) { $qpart = "cat_id = ?";
$qpart = "cat_id = " . $cat_id; // made int above $qparams = $cat_id ? [$cat_id] : [null];
} else {
$qpart = 'cat_id = NULL';
}
} else {
$qpart = "";
} }
break; break;
case "feed_language": case "feed_language":
$qpart = "feed_language = " . $this->pdo->quote($feed_language); $qpart = "feed_language = ?";
$qparams = [$this->pdo->quote($feed_language)];
break; break;
} }
@ -851,7 +853,7 @@ class Pref_Feeds extends Handler_Protected {
if ($qpart) { if ($qpart) {
$sth = $this->pdo->prepare("UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids_qmarks) $sth = $this->pdo->prepare("UPDATE ttrss_feeds SET $qpart WHERE id IN ($feed_ids_qmarks)
AND owner_uid = ?"); AND owner_uid = ?");
$sth->execute([...$feed_ids, $_SESSION['uid']]); $sth->execute([...$qparams, ...$feed_ids, $_SESSION['uid']]);
} }
} }

2
include/functions.php
View File

@ -357,6 +357,7 @@
return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer return $s && ($s !== "f" && $s !== "false"); //no-op for PDO, backwards compat for legacy layer
} }
/** @deprecated misleading name, seems to be pointless wrapper */
function bool_to_sql_bool(bool $s): int { function bool_to_sql_bool(bool $s): int {
return $s ? 1 : 0; return $s ? 1 : 0;
} }
@ -412,6 +413,7 @@
/** /**
* @param mixed $val * @param mixed $val
* @deprecated misleading name, seems to be a pointless wrapper
*/ */
function checkbox_to_sql_bool($val): int { function checkbox_to_sql_bool($val): int {
return ($val == "on") ? 1 : 0; return ($val == "on") ? 1 : 0;