diff options
Diffstat (limited to 'db')
-rw-r--r-- | db/feedmapper.php | 48 | ||||
-rw-r--r-- | db/item.php | 3 | ||||
-rw-r--r-- | db/itemmapper.php | 21 |
3 files changed, 42 insertions, 30 deletions
diff --git a/db/feedmapper.php b/db/feedmapper.php index ab55c6f1b..0d00057d3 100644 --- a/db/feedmapper.php +++ b/db/feedmapper.php @@ -30,18 +30,19 @@ class FeedMapper extends NewsMapper { 'FROM `*PREFIX*news_feeds` `feeds` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . - // WARNING: this is a desperate attempt at making this query work - // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // WARNING: this is a desperate attempt at making this query + // work because prepared statements dont work. This is a + // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . 'WHERE `feeds`.`id` = ? ' . 'AND `feeds`.`user_id` = ? ' . - 'GROUP BY `feeds`.`id`, `feeds`.`user_id`, `feeds`.`url_hash`,'. - '`feeds`.`url`, `feeds`.`title`, `feeds`.`link`,'. - '`feeds`.`favicon_link`, `feeds`.`added`, `feeds`.`articles_per_update`,'. - '`feeds`.`folder_id`, `feeds`.`prevent_update`, `feeds`.`deleted_at`'; + 'GROUP BY `feeds`.`id`, `feeds`.`user_id`, `feeds`.`url_hash`, '. + '`feeds`.`url`, `feeds`.`title`, `feeds`.`link`, '. + '`feeds`.`favicon_link`, `feeds`.`added`, ' . + '`feeds`.`articles_per_update`, `feeds`.`folder_id`, ' . + '`feeds`.`prevent_update`, `feeds`.`deleted_at`'; $params = [$id, $userId]; return $this->findEntity($sql, $params); @@ -55,9 +56,9 @@ class FeedMapper extends NewsMapper { 'ON `feeds`.`folder_id` = `folders`.`id` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . - // WARNING: this is a desperate attempt at making this query work - // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // WARNING: this is a desperate attempt at making this query + // work because prepared statements dont work. This is a + // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . @@ -68,8 +69,9 @@ class FeedMapper extends NewsMapper { 'AND `feeds`.`deleted_at` = 0 ' . 'GROUP BY `feeds`.`id`, `feeds`.`user_id`, `feeds`.`url_hash`,'. '`feeds`.`url`, `feeds`.`title`, `feeds`.`link`,'. - '`feeds`.`favicon_link`, `feeds`.`added`, `feeds`.`articles_per_update`,'. - '`feeds`.`folder_id`, `feeds`.`prevent_update`, `feeds`.`deleted_at`'; + '`feeds`.`favicon_link`, `feeds`.`added`, ' . + '`feeds`.`articles_per_update`, `feeds`.`folder_id`, ' . + '`feeds`.`prevent_update`, `feeds`.`deleted_at`'; $params = [$userId]; return $this->findEntities($sql, $params); @@ -83,9 +85,9 @@ class FeedMapper extends NewsMapper { 'ON `feeds`.`folder_id` = `folders`.`id` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . - // WARNING: this is a desperate attempt at making this query work - // because prepared statements don't work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // WARNING: this is a desperate attempt at making this query + // work because prepared statements dont work. This is a + // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . @@ -95,8 +97,9 @@ class FeedMapper extends NewsMapper { 'AND `feeds`.`deleted_at` = 0 ' . 'GROUP BY `feeds`.`id`, `feeds`.`user_id`, `feeds`.`url_hash`,'. '`feeds`.`url`, `feeds`.`title`, `feeds`.`link`,'. - '`feeds`.`favicon_link`, `feeds`.`added`, `feeds`.`articles_per_update`,'. - '`feeds`.`folder_id`, `feeds`.`prevent_update`, `feeds`.`deleted_at`'; + '`feeds`.`favicon_link`, `feeds`.`added`, ' . + '`feeds`.`articles_per_update`, `feeds`.`folder_id`, ' . + '`feeds`.`prevent_update`, `feeds`.`deleted_at`'; return $this->findEntities($sql); } @@ -107,9 +110,9 @@ class FeedMapper extends NewsMapper { 'FROM `*PREFIX*news_feeds` `feeds` ' . 'LEFT JOIN `*PREFIX*news_items` `items` ' . 'ON `feeds`.`id` = `items`.`feed_id` ' . - // WARNING: this is a desperate attempt at making this query work - // because prepared statements dont work. This is a possible - // SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. + // WARNING: this is a desperate attempt at making this query + // work because prepared statements dont work. This is a + // POSSIBLE SQL INJECTION RISK WHEN MODIFIED WITHOUT THOUGHT. // think twice when changing this 'AND (`items`.`status` & ' . StatusFlag::UNREAD . ') = ' . StatusFlag::UNREAD . ' ' . @@ -117,8 +120,9 @@ class FeedMapper extends NewsMapper { 'AND `feeds`.`user_id` = ? ' . 'GROUP BY `feeds`.`id`, `feeds`.`user_id`, `feeds`.`url_hash`,'. '`feeds`.`url`, `feeds`.`title`, `feeds`.`link`,'. - '`feeds`.`favicon_link`, `feeds`.`added`, `feeds`.`articles_per_update`,'. - '`feeds`.`folder_id`, `feeds`.`prevent_update`, `feeds`.`deleted_at`'; + '`feeds`.`favicon_link`, `feeds`.`added`, ' . + '`feeds`.`articles_per_update`, `feeds`.`folder_id`, ' . + '`feeds`.`prevent_update`, `feeds`.`deleted_at`'; $params = [$hash, $userId]; return $this->findEntity($sql, $params); diff --git a/db/item.php b/db/item.php index 5c353b058..8a8b19e59 100644 --- a/db/item.php +++ b/db/item.php @@ -209,7 +209,8 @@ class Item extends Entity implements IAPI, \JsonSerializable { public function setBody($body) { - // FIXME: this should not happen if the target="_blank" is already on the link + // FIXME: this should not happen if the target="_blank" is already + // on the link parent::setBody(str_replace('<a', '<a target="_blank"', $body)); } diff --git a/db/itemmapper.php b/db/itemmapper.php index 5923372b9..b1763ed6a 100644 --- a/db/itemmapper.php +++ b/db/itemmapper.php @@ -43,7 +43,8 @@ class ItemMapper extends NewsMapper { 'ORDER BY `items`.`id` ' . $ordering; } - private function makeSelectQueryStatus($prependTo, $status, $oldestFirst=false) { + private function makeSelectQueryStatus($prependTo, $status, + $oldestFirst=false) { // Hi this is Ray and you're watching Jack Ass // Now look closely: this is how we adults handle weird bugs in our // code: we take them variables and we cast the shit out of them @@ -171,11 +172,13 @@ class ItemMapper extends NewsMapper { } - public function findAllFeed($id, $limit, $offset, $status, $oldestFirst, $userId){ + public function findAllFeed($id, $limit, $offset, $status, $oldestFirst, + $userId){ $params = [$userId, $id]; $sql = 'AND `items`.`feed_id` = ? '; if($offset !== 0){ - $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; + $sql .= 'AND `items`.`id` ' . + $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); @@ -183,11 +186,13 @@ class ItemMapper extends NewsMapper { } - public function findAllFolder($id, $limit, $offset, $status, $oldestFirst, $userId){ + public function findAllFolder($id, $limit, $offset, $status, $oldestFirst, + $userId){ $params = [$userId, $id]; $sql = 'AND `feeds`.`folder_id` = ? '; if($offset !== 0){ - $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; + $sql .= 'AND `items`.`id` ' . + $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); @@ -199,7 +204,8 @@ class ItemMapper extends NewsMapper { $params = [$userId]; $sql = ''; if($offset !== 0){ - $sql .= 'AND `items`.`id` ' . $this->getOperator($oldestFirst) . ' ? '; + $sql .= 'AND `items`.`id` ' . + $this->getOperator($oldestFirst) . ' ? '; $params[] = $offset; } $sql = $this->makeSelectQueryStatus($sql, $status, $oldestFirst); @@ -262,7 +268,8 @@ class ItemMapper extends NewsMapper { public function getNewestItemId($userId) { - $sql = 'SELECT MAX(`items`.`id`) AS `max_id` FROM `*PREFIX*news_items` `items` '. + $sql = 'SELECT MAX(`items`.`id`) AS `max_id` ' . + 'FROM `*PREFIX*news_items` `items` '. 'JOIN `*PREFIX*news_feeds` `feeds` ' . 'ON `feeds`.`id` = `items`.`feed_id` '. 'AND `feeds`.`user_id` = ?'; |