Changeset 1275 for trunk/rss/admin/channels.php
- Timestamp:
- 02/14/06 09:51:16 (3 years ago)
- Files:
-
- 1 modified
-
trunk/rss/admin/channels.php (modified) (13 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/rss/admin/channels.php
r1234 r1275 209 209 210 210 echo "</form></div>\n\n\n"; 211 /*212 echo "<pre>\n";213 var_dump($_REQUEST);214 echo "</pre>\n";215 */216 211 } 217 212 … … 247 242 248 243 $label = trim($_REQUEST['new_channel']); 249 $fid = trim( rss_real_escape_string($_REQUEST['add_channel_to_folder']));244 $fid = trim(sanitize($_REQUEST['add_channel_to_folder'], RSS_SANITIZER_SIMPLE_SQL |ÊRSS_SANITIZER_NO_SPACES)); 250 245 list($flabel) = rss_fetch_row(rss_query( 251 246 "select name from " . getTable('folders') . " where id=$fid")); 252 247 253 248 // handle "feed:" urls … … 379 374 380 375 case CST_ADMIN_EDIT_ACTION: 381 $id = $_REQUEST['cid'];376 $id = sanitize($_REQUEST['cid'],RSS_SANITIZER_NUMERIC); 382 377 channel_edit_form($id); 383 378 break; … … 385 380 386 381 case CST_ADMIN_DELETE_ACTION: 387 $id = $_REQUEST['cid'];382 $id = sanitize($_REQUEST['cid'],RSS_SANITIZER_NUMERIC); 388 383 if (array_key_exists(CST_ADMIN_CONFIRMED,$_POST) && $_POST[CST_ADMIN_CONFIRMED] == LBL_ADMIN_YES) { 389 384 $rs = rss_query("select distinct id from " .getTable("item") . " where cid=$id"); … … 402 397 $sql = "delete from " . getTable("channels") ." where id=$id"; 403 398 rss_query($sql); 404 399 405 400 // Delete properties 406 401 deleteProperty($id,'rss.input.allowupdates'); 407 402 408 403 // Invalidate cache 409 404 rss_invalidate_cache(); 410 405 411 406 $ret__ = CST_ADMIN_DOMAIN_CHANNEL; 412 407 } … … 437 432 438 433 if (array_key_exists('opml',$_REQUEST) && strlen(trim($_REQUEST['opml'])) > 7) { 439 $url = trim( $_REQUEST['opml']);434 $url = trim( sanitize($_REQUEST['opml'],RSS_SANITIZER_NO_SPACES) ); 440 435 } 441 436 elseif (array_key_exists('opmlfile',$_FILES) && $_FILES['opmlfile']['tmp_name']) { … … 463 458 464 459 if ($import_opt == CST_ADMIN_OPML_IMPORT_FOLDER) { 465 $opmlfid = rss_real_escape_string($_REQUEST['opml_import_to_folder']);460 $opmlfid = sanitize($_REQUEST['opml_import_to_folder'], RSS_SANITIZER_NUMERIC); 466 461 } else { 467 462 $opmlfid = getRootFolder(); … … 537 532 538 533 case CST_ADMIN_SUBMIT_EDIT: 539 $cid = $_REQUEST['cid'];534 $cid = sanitize($_POST['cid'],RSS_SANITIZER_NUMERIC); 540 535 rss_plugin_hook('rss.plugins.admin.feed.properties.submit', null); 541 $title= rss_real_escape_string(real_strip_slashes($_REQUEST['c_name'])); 542 $url= rss_real_escape_string($_REQUEST['c_url']); 543 $siteurl= rss_real_escape_string($_REQUEST['c_siteurl']); 544 $parent= rss_real_escape_string($_REQUEST['c_parent']); 545 $descr= rss_real_escape_string(real_strip_slashes($_REQUEST['c_descr'])); 546 $icon = rss_real_escape_string($_REQUEST['c_icon']); 547 $priv = (array_key_exists('c_private',$_REQUEST) && $_REQUEST['c_private'] == '1'); 548 $tags = rss_real_escape_string($_REQUEST['c_tags']); 549 $old_priv = ($_REQUEST['old_priv'] == '1'); 550 551 536 // TBD 537 $title= rss_real_escape_string(real_strip_slashes($_POST['c_name'])); 538 $url= rss_real_escape_string($_POST['c_url']); 539 $siteurl= rss_real_escape_string($_POST['c_siteurl']); 540 $parent= rss_real_escape_string($_POST['c_parent']); 541 $descr= rss_real_escape_string(real_strip_slashes($_POST['c_descr'])); 542 $icon = rss_real_escape_string($_POST['c_icon']); 543 $priv = (array_key_exists('c_private',$_POST) && $_POST['c_private'] == '1'); 544 $tags = rss_real_escape_string($_POST['c_tags']); 545 $old_priv = ($_POST['old_priv'] == '1'); 546 547 552 548 // Feed Properties 553 $prop_rss_input_allowupdates = rss_real_escape_string($_ REQUEST['prop_rss_input_allowupdates']);549 $prop_rss_input_allowupdates = rss_real_escape_string($_POST['prop_rss_input_allowupdates']); 554 550 if ($prop_rss_input_allowupdates == 'default') { 555 551 deleteProperty($cid,'rss.input.allowupdates'); 556 552 } else { 557 558 } 559 560 553 setProperty($cid, 'rss.input.allowupdates' , 'feed', ($prop_rss_input_allowupdates == 1)); 554 } 555 556 561 557 if ($priv != $old_priv) { 562 558 $mode = ", mode = mode "; … … 579 575 } 580 576 581 $del = (array_key_exists('c_deleted',$_ REQUEST) && $_REQUEST['c_deleted'] == '1');582 $old_del = ($_ REQUEST['old_del'] == '1');577 $del = (array_key_exists('c_deleted',$_POST) && $_POST['c_deleted'] == '1'); 578 $old_del = ($_POST['old_del'] == '1'); 583 579 if ($del != $old_del) { 584 580 if ($mode == "") { … … 616 612 case CST_ADMIN_MOVE_UP_ACTION: 617 613 case CST_ADMIN_MOVE_DOWN_ACTION: 618 $id = $_REQUEST['cid'];614 $id = sanitize($_REQUEST['cid'],RSS_SANITIZER_NUMERIC); 619 615 $res = rss_query("select parent,position from " . getTable("channels") ." where id=$id"); 620 616 list($parent,$position) = rss_fetch_row($res); … … 673 669 // MOVE TO FOLDER 674 670 if (array_key_exists('me_move_to_folder',$_REQUEST)) { 675 $fid= $_REQUEST['me_folder'];671 $fid= sanitize($_REQUEST['me_folder'],RSS_SANITIZER_NUMERIC); 676 672 $sql = "update " .getTable('channels') . " set parent=$fid where id in $sqlids"; 677 673 rss_query($sql); … … 742 738 echo "<div>\n"; 743 739 echo "\n\n<h2>".LBL_ADMIN_CHANNEL_EDIT_CHANNEL." '$title'</h2>\n"; 744 740 745 741 echo "<form method=\"post\" action=\"" .$_SERVER['PHP_SELF'] ."#fa$cid\" id=\"channeledit\">\n"; 746 742 echo "<fieldset id=\"channeleditfs\">" 747 743 ."<p>"; 748 744 // Item name 749 745 echo "<label for=\"c_name\">". LBL_ADMIN_CHANNEL_NAME ."</label>\n" 750 746 ."<input type=\"text\" id=\"c_name\" name=\"c_name\" value=\"$title\" />" 751 747 ."<input type=\"hidden\" name=\"".CST_ADMIN_DOMAIN."\" value=\"". CST_ADMIN_DOMAIN_CHANNEL."\" />\n" 752 748 ."<input type=\"hidden\" name=\"action\" value=\"". CST_ADMIN_SUBMIT_EDIT ."\" />\n" 753 749 ."<input type=\"hidden\" name=\"cid\" value=\"$cid\" /></p>\n" 754 750 755 751 756 752 757 753 // RSS URL 758 754 ."<p><label for=\"c_url\">". LBL_ADMIN_CHANNEL_RSS_URL ."</label>\n" … … 832 828 833 829 rss_plugin_hook('rss.plugins.admin.feed.properties', $cid); 834 835 836 830 echo "</fieldset>\n"; 831 832 837 833 // Feed properties 838 834 echo "<fieldset id=\"channeleditpropfs\">"; 839 835 echo "<p>" 840 841 842 843 844 845 846 847 $rss_input_allowupdates_default_value = 848 849 850 851 852 853 854 855 856 857 858 859 860 861 862 863 864 865 866 867 868 869 870 871 872 873 874 875 836 ."<span style=\"float:left;\">Allow Gregarius to look for updates in existing items for this feed?</span>" 837 ."<span style=\"float:right;\">[<a href=\"index.php?domain=config&action=edit&key=rss.input.allowupdates&view=config\">Edit the global option</a>]</span>\n" 838 ." " 839 ."</p>"; 840 841 $rss_input_allowupdates_default_current = getProperty($cid,'rss.input.allowupdates'); 842 843 $rss_input_allowupdates_default_value = 844 $rss_input_allowupdates_default = ("Use global option (" . (getConfig('rss.input.allowupdates')?"Yes":"No") .")"); 845 846 echo "<p id=\"rss_input_allowupdates_options\">" 847 848 ."<input type=\"radio\" " 849 ."id=\"rss_input_allowupdates_yes\" " 850 ."name=\"prop_rss_input_allowupdates\" value=\"1\" " 851 .(($rss_input_allowupdates_default_current === true)?" checked=\"checked\" ":"") 852 ."/>\n" 853 ."<label for=\"rss_input_allowupdates_yes\">Yes</label>\n" 854 855 856 ."<input type=\"radio\" " 857 ."id=\"rss_input_allowupdates_no\" " 858 ."name=\"prop_rss_input_allowupdates\" value=\"0\" " 859 .(($rss_input_allowupdates_default_current === false)?" checked=\"checked\" ":"") 860 ."/>\n" 861 ."<label for=\"rss_input_allowupdates_no\">No</label>" 862 863 864 ."<input type=\"radio\" " 865 ."id=\"rss_input_allowupdates_default\" " 866 ."name=\"prop_rss_input_allowupdates\" value=\"default\" " 867 .(($rss_input_allowupdates_default_current === null)?" checked=\"checked\" ":"") 868 ."/>\n" 869 ."<label for=\"rss_input_allowupdates_default\">$rss_input_allowupdates_default</label>" 870 871 876 872 ."</p>\n"; 877 873 echo "</fieldset>\n"; 878 879 874 875 880 876 echo "<p style=\"clear:both; padding: 1em 0\"><input type=\"submit\" name=\"action_\" value=\"". LBL_ADMIN_SUBMIT_CHANGES ."\" /></p>"; 881 877 882 878 echo "</form></div>\n"; 883 879 }
