fix tag quote issues

This commit is contained in:
Andrew Dolgov 2007-05-19 14:47:51 +01:00
parent ce885e215e
commit 14b6c54b03
3 changed files with 26 additions and 11 deletions

View File

@ -925,13 +925,9 @@
foreach ($entry_tags as $tag) { foreach ($entry_tags as $tag) {
$tag = mb_strtolower($tag, 'utf-8'); $tag = sanitize_tag($tag);
$tag = db_escape_string($tag); $tag = db_escape_string($tag);
$tag = str_replace("+", " ", $tag);
$tag = str_replace("\"", "", $tag);
$tag = str_replace("technorati tag: ", "", $tag);
if (!tag_is_valid($tag)) continue; if (!tag_is_valid($tag)) continue;
$result = db_query($link, "SELECT id FROM ttrss_tags $result = db_query($link, "SELECT id FROM ttrss_tags
@ -942,8 +938,6 @@
if ($result && db_num_rows($result) == 0) { if ($result && db_num_rows($result) == 0) {
// print "tagging $entry_id as $tag<br>";
db_query($link, "INSERT INTO ttrss_tags db_query($link, "INSERT INTO ttrss_tags
(owner_uid,tag_name,post_int_id) (owner_uid,tag_name,post_int_id)
VALUES ('$owner_uid','$tag', '$entry_int_id')"); VALUES ('$owner_uid','$tag', '$entry_int_id')");
@ -3562,7 +3556,9 @@
while ($tmp_line = db_fetch_assoc($tmp_result)) { while ($tmp_line = db_fetch_assoc($tmp_result)) {
$num_tags++; $num_tags++;
$tag = $tmp_line["tag_name"]; $tag = $tmp_line["tag_name"];
$tag_str = "<a href=\"javascript:viewfeed('$tag')\">$tag</a>, "; $tag_escaped = str_replace("'", "\\'", $tag);
$tag_str = "<a href=\"javascript:viewfeed('$tag_escaped')\">$tag</a>, ";
if ($num_tags == 6) { if ($num_tags == 6) {
$tags_str .= "<a href=\"javascript:showBlockElement('allEntryTags')\">...</a>"; $tags_str .= "<a href=\"javascript:showBlockElement('allEntryTags')\">...</a>";
@ -3988,4 +3984,15 @@
echo sprintf("<!-- CP[$n] %.4f seconds -->", $ts - $s); echo sprintf("<!-- CP[$n] %.4f seconds -->", $ts - $s);
return $ts; return $ts;
} }
function sanitize_tag($tag) {
$tag = trim($tag);
$tag = mb_strtolower($tag, 'utf-8');
$tag = str_replace("+", " ", $tag);
$tag = str_replace("technorati tag: ", "", $tag);
return $tag;
}
?> ?>

View File

@ -202,7 +202,9 @@
} }
if ($subop == "setArticleTags") { if ($subop == "setArticleTags") {
$id = db_escape_string($_GET["id"]); $id = db_escape_string($_GET["id"]);
$tags_str = db_escape_string($_GET["tags_str"]); $tags_str = db_escape_string($_GET["tags_str"]);
$tags = array_unique(trim_array(split(",", $tags_str))); $tags = array_unique(trim_array(split(",", $tags_str)));
@ -220,7 +222,7 @@
post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'"); post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
foreach ($tags as $tag) { foreach ($tags as $tag) {
$tag = trim($tag); $tag = sanitize_tag($tag);
if (!tag_is_valid($tag)) { if (!tag_is_valid($tag)) {
continue; continue;
@ -230,6 +232,8 @@
continue; continue;
} }
// print "<!-- $tag -->";
if ($tag != '') { if ($tag != '') {
db_query($link, "INSERT INTO ttrss_tags db_query($link, "INSERT INTO ttrss_tags
(post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')"); (post_int_id, owner_uid, tag_name) VALUES ('$int_id', '".$_SESSION["uid"]."', '$tag')");

View File

@ -727,7 +727,11 @@ function editTagsSave() {
var query = Form.serialize("tag_edit_form"); var query = Form.serialize("tag_edit_form");
xmlhttp_rpc.open("GET", "backend.php?op=rpc&subop=setArticleTags&" + query, true); query = "backend.php?op=rpc&subop=setArticleTags&" + query;
debug(query);
xmlhttp_rpc.open("GET", query, true);
xmlhttp_rpc.onreadystatechange=tag_saved_callback; xmlhttp_rpc.onreadystatechange=tag_saved_callback;
xmlhttp_rpc.send(null); xmlhttp_rpc.send(null);