From 029591964885e4a9010838cd9ae9824267dc63fc Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 21 Mar 2013 21:42:11 +0400 Subject: [PATCH] attempt fix db_escape_string() invocation in sessions.php --- include/db.php | 10 +++++++--- include/sessions.php | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/include/db.php b/include/db.php index f1a7af363..17437142b 100644 --- a/include/db.php +++ b/include/db.php @@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s, $strip_tags = true) { +function db_escape_string($s, $strip_tags = true, $link = NULL) { if ($strip_tags) $s = strip_tags($s); if (DB_TYPE == "pgsql") { - return pg_escape_string($s); + if ($link) { + return pg_escape_string($link, $s); + } else { + return pg_escape_string($s); + } } else { - return mysql_real_escape_string($s); + return mysql_real_escape_string($s, $link); } } diff --git a/include/sessions.php b/include/sessions.php index 2cef1d91b..7d9b19bd5 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -53,7 +53,7 @@ $expire = time() + $session_expire; - $data = db_escape_string(base64_encode($data), $session_connection); + $data = db_escape_string(base64_encode($data), false, $session_connection); if ($session_read) { $query = "UPDATE ttrss_sessions SET data='$data',