feeds: handle escaping
This commit is contained in:
parent
c9b6ca8b70
commit
3623ebb1a1
|
@ -1829,7 +1829,7 @@ class Feeds extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($since_id) {
|
if ($since_id) {
|
||||||
$since_id_part = "ttrss_entries.id > $since_id AND ";
|
$since_id_part = "ttrss_entries.id > ".$pdo->quote($since_id)." AND ";
|
||||||
} else {
|
} else {
|
||||||
$since_id_part = "";
|
$since_id_part = "";
|
||||||
}
|
}
|
||||||
|
@ -1869,7 +1869,7 @@ class Feeds extends Handler_Protected {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($limit > 0) {
|
if ($limit > 0) {
|
||||||
$limit_query_part = "LIMIT " . $limit;
|
$limit_query_part = "LIMIT " . $pdo->quote($limit);
|
||||||
}
|
}
|
||||||
|
|
||||||
$allow_archived = false;
|
$allow_archived = false;
|
||||||
|
@ -1895,7 +1895,7 @@ class Feeds extends Handler_Protected {
|
||||||
implode(",", $subcats).")";
|
implode(",", $subcats).")";
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$query_strategy_part = "cat_id = '$feed'";
|
$query_strategy_part = "cat_id = " . $pdo->quote($feed);
|
||||||
}
|
}
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
@ -1905,7 +1905,7 @@ class Feeds extends Handler_Protected {
|
||||||
$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
|
$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
$query_strategy_part = "feed_id = '$feed'";
|
$query_strategy_part = "feed_id = " . $pdo->quote($feed);
|
||||||
}
|
}
|
||||||
} else if ($feed == 0 && !$cat_view) { // archive virtual feed
|
} else if ($feed == 0 && !$cat_view) { // archive virtual feed
|
||||||
$query_strategy_part = "feed_id IS NULL";
|
$query_strategy_part = "feed_id IS NULL";
|
||||||
|
@ -1960,7 +1960,7 @@ class Feeds extends Handler_Protected {
|
||||||
} else if ($feed == -3) { // fresh virtual feed
|
} else if ($feed == -3) { // fresh virtual feed
|
||||||
$query_strategy_part = "unread = true AND score >= 0";
|
$query_strategy_part = "unread = true AND score >= 0";
|
||||||
|
|
||||||
$intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
|
$intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
|
||||||
|
|
||||||
if (DB_TYPE == "pgsql") {
|
if (DB_TYPE == "pgsql") {
|
||||||
$query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
|
$query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
|
||||||
|
@ -1976,7 +1976,7 @@ class Feeds extends Handler_Protected {
|
||||||
} else if ($feed <= LABEL_BASE_INDEX) { // labels
|
} else if ($feed <= LABEL_BASE_INDEX) { // labels
|
||||||
$label_id = Labels::feed_to_label_id($feed);
|
$label_id = Labels::feed_to_label_id($feed);
|
||||||
|
|
||||||
$query_strategy_part = "label_id = '$label_id' AND
|
$query_strategy_part = "label_id = ".$pdo->quote($label_id)." AND
|
||||||
ttrss_labels2.id = ttrss_user_labels2.label_id AND
|
ttrss_labels2.id = ttrss_user_labels2.label_id AND
|
||||||
ttrss_user_labels2.article_id = ref_id";
|
ttrss_user_labels2.article_id = ref_id";
|
||||||
|
|
||||||
|
@ -2027,7 +2027,7 @@ class Feeds extends Handler_Protected {
|
||||||
$content_query_part = "content, ";
|
$content_query_part = "content, ";
|
||||||
|
|
||||||
if ($limit_query_part) {
|
if ($limit_query_part) {
|
||||||
$offset_query_part = "OFFSET $offset";
|
$offset_query_part = "OFFSET " . $pdo->quote($offset);
|
||||||
} else {
|
} else {
|
||||||
$offset_query_part = "";
|
$offset_query_part = "";
|
||||||
}
|
}
|
||||||
|
@ -2036,9 +2036,9 @@ class Feeds extends Handler_Protected {
|
||||||
// proper override_order applied above
|
// proper override_order applied above
|
||||||
if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) {
|
if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) {
|
||||||
if (!$override_order) {
|
if (!$override_order) {
|
||||||
$order_by = "ttrss_feeds.title, $order_by";
|
$order_by = "ttrss_feeds.title, ".$pdo->quote($order_by);
|
||||||
} else {
|
} else {
|
||||||
$order_by = "ttrss_feeds.title, $override_order";
|
$order_by = "ttrss_feeds.title, ".$pdo->quote($override_order);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -2091,7 +2091,7 @@ class Feeds extends Handler_Protected {
|
||||||
$from_qpart
|
$from_qpart
|
||||||
WHERE
|
WHERE
|
||||||
$feed_check_qpart
|
$feed_check_qpart
|
||||||
ttrss_user_entries.owner_uid = '$owner_uid' AND
|
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
|
||||||
$search_query_part
|
$search_query_part
|
||||||
$start_ts_query_part
|
$start_ts_query_part
|
||||||
$since_id_part
|
$since_id_part
|
||||||
|
@ -2138,7 +2138,7 @@ class Feeds extends Handler_Protected {
|
||||||
$from_qpart
|
$from_qpart
|
||||||
WHERE
|
WHERE
|
||||||
$feed_check_qpart
|
$feed_check_qpart
|
||||||
ttrss_user_entries.owner_uid = '$owner_uid' AND
|
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
|
||||||
$search_query_part
|
$search_query_part
|
||||||
$start_ts_query_part
|
$start_ts_query_part
|
||||||
$view_query_part
|
$view_query_part
|
||||||
|
@ -2182,9 +2182,9 @@ class Feeds extends Handler_Protected {
|
||||||
FROM ttrss_entries, ttrss_user_entries, ttrss_tags
|
FROM ttrss_entries, ttrss_user_entries, ttrss_tags
|
||||||
WHERE
|
WHERE
|
||||||
ref_id = ttrss_entries.id AND
|
ref_id = ttrss_entries.id AND
|
||||||
ttrss_user_entries.owner_uid = $owner_uid AND
|
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
|
||||||
post_int_id = int_id AND
|
post_int_id = int_id AND
|
||||||
tag_name = '$feed' AND
|
tag_name = ".$pdo->quote($feed)." AND
|
||||||
$view_query_part
|
$view_query_part
|
||||||
$search_query_part
|
$search_query_part
|
||||||
$query_strategy_part ORDER BY $order_by
|
$query_strategy_part ORDER BY $order_by
|
||||||
|
|
Loading…
Reference in New Issue