attempt fix db_escape_string() invocation in sessions.php

This commit is contained in:
Andrew Dolgov 2013-03-21 21:42:11 +04:00
parent d4a5129a24
commit 0295919648
2 changed files with 8 additions and 4 deletions

View File

@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) {
}
}
function db_escape_string($s, $strip_tags = true) {
function db_escape_string($s, $strip_tags = true, $link = NULL) {
if ($strip_tags) $s = strip_tags($s);
if (DB_TYPE == "pgsql") {
return pg_escape_string($s);
if ($link) {
return pg_escape_string($link, $s);
} else {
return mysql_real_escape_string($s);
return pg_escape_string($s);
}
} else {
return mysql_real_escape_string($s, $link);
}
}

View File

@ -53,7 +53,7 @@
$expire = time() + $session_expire;
$data = db_escape_string(base64_encode($data), $session_connection);
$data = db_escape_string(base64_encode($data), false, $session_connection);
if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data',