diff --git a/functions.php b/functions.php
index f6783ff94..ba4b02344 100644
--- a/functions.php
+++ b/functions.php
@@ -386,8 +386,8 @@
$result = db_query($link, "SELECT update_interval,auth_login,auth_pass
FROM ttrss_feeds WHERE id = '$feed'");
- $auth_login = db_unescape_string(db_fetch_result($result, 0, "auth_login"));
- $auth_pass = db_unescape_string(db_fetch_result($result, 0, "auth_pass"));
+ $auth_login = db_fetch_result($result, 0, "auth_login");
+ $auth_pass = db_fetch_result($result, 0, "auth_pass");
$update_interval = db_fetch_result($result, 0, "update_interval");
@@ -2141,7 +2141,7 @@
$is_selected = "";
}
printf("",
- $line["id"], htmlspecialchars(db_unescape_string($line["title"])));
+ $line["id"], htmlspecialchars($line["title"]));
}
print "";
@@ -2170,7 +2170,7 @@
$is_selected = "";
}
printf("",
- $line["id"], htmlspecialchars(db_unescape_string($line["title"])));
+ $line["id"], htmlspecialchars($line["title"]));
}
print "";
@@ -2525,8 +2525,6 @@
$feed_title = "?";
}
- $feed_title = db_unescape_string($feed_title);
-
if ($feed < -10) error_reporting (0);
if (preg_match("/^-?[0-9][0-9]*$/", $feed) != false) {
@@ -2899,10 +2897,6 @@
}
}
- function escape_for_form($s) {
- return htmlspecialchars(db_unescape_string($s));
- }
-
function make_guid_from_title($title) {
return preg_replace("/[ \"\',.:;]/", "-",
mb_strtolower(strip_tags($title), 'utf-8'));
@@ -3121,7 +3115,7 @@
error_reporting (DEFAULT_ERROR_LEVEL);
printFeedEntry($label_id,
- $class, db_unescape_string($line["description"]),
+ $class, $line["description"],
$count, "images/label.png", $link);
}
@@ -3182,7 +3176,7 @@
while ($line = db_fetch_assoc($result)) {
- $feed = trim(db_unescape_string($line["title"]));
+ $feed = trim($line["title"]);
if (!$feed) $feed = "[Untitled]";
diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php
index ae5ab28ec..9ef88e8fa 100644
--- a/modules/pref-feeds.php
+++ b/modules/pref-feeds.php
@@ -101,7 +101,7 @@
$class = ($feedctr % 2) ? "even" : "odd";
print "
$check_box".
- "$feed_icon " . db_unescape_string($details["title"]) .
+ "$feed_icon " . $details["title"] .
" ($subscribers)";
++$feedctr;
@@ -130,8 +130,8 @@
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
owner_uid = " . $_SESSION["uid"]);
- $title = htmlspecialchars(db_unescape_string(db_fetch_result($result,
- 0, "title")));
+ $title = htmlspecialchars(db_fetch_result($result,
+ 0, "title"));
$icon_file = ICONS_DIR . "/$feed_id.ico";
@@ -159,8 +159,8 @@
name=\"title\" value=\"$title\">";
$feed_url = db_fetch_result($result, 0, "feed_url");
- $feed_url = htmlspecialchars(db_unescape_string(db_fetch_result($result,
- 0, "feed_url")));
+ $feed_url = htmlspecialchars(db_fetch_result($result,
+ 0, "feed_url"));
print "".__('Feed URL:')." | ";
print "";
- $auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login"));
+ $auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login"));
print " |
".__('Login:')." | ";
print " |
";
- $auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass"));
+ $auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass"));
print "".__('Password:')." | ";
print "";
- $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+ $edit_title = htmlspecialchars($line["title"]);
if (!$edit_cat_id || $action != "edit") {
@@ -880,8 +880,8 @@
$feed_id = $line["id"];
$cat_id = $line["cat_id"];
- $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
- $edit_cat = htmlspecialchars(db_unescape_string($line["category"]));
+ $edit_title = htmlspecialchars($line["title"]);
+ $edit_cat = htmlspecialchars($line["category"]);
$hidden = sql_bool_to_bool($line["hidden"]);
diff --git a/modules/pref-filters.php b/modules/pref-filters.php
index 7445c0e0d..3c0f6129c 100644
--- a/modules/pref-filters.php
+++ b/modules/pref-filters.php
@@ -10,7 +10,7 @@
$result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
- $reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp")));
+ $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
$filter_type = db_fetch_result($result, 0, "filter_type");
$feed_id = db_fetch_result($result, 0, "feed_id");
$action_id = db_fetch_result($result, 0, "action_id");
@@ -285,11 +285,11 @@
print " |
";
- $line["reg_exp"] = htmlspecialchars(db_unescape_string($line["reg_exp"]));
+ $line["reg_exp"] = htmlspecialchars($line["reg_exp"]);
if (!$line["feed_title"]) $line["feed_title"] = __("All feeds");
- $line["feed_title"] = htmlspecialchars(db_unescape_string($line["feed_title"]));
+ $line["feed_title"] = htmlspecialchars($line["feed_title"]);
print " | ";
diff --git a/modules/pref-labels.php b/modules/pref-labels.php
index 3f7b7f806..8d19d0287 100644
--- a/modules/pref-labels.php
+++ b/modules/pref-labels.php
@@ -21,8 +21,8 @@
$line = db_fetch_assoc($result);
- $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
- $description = htmlspecialchars(db_unescape_string($line["description"]));
+ $sql_exp = htmlspecialchars($line["sql_exp"]);
+ $description = htmlspecialchars($line["description"]);
print "Label editor
";
print "";
@@ -78,8 +78,9 @@
if ($subop == "test") {
- $expr = db_unescape_string(trim($_GET["expr"]));
- $descr = db_unescape_string(trim($_GET["descr"]));
+ // no escaping here on purpose
+ $expr = trim($_GET["expr"]);
+ $descr = db_escape_string(trim($_GET["descr"]));
if (!$expr) {
print "
Error: SQL expression is blank.
";
@@ -260,9 +261,8 @@
print "
";
- $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
- $line["description"] = htmlspecialchars(
- db_unescape_string($line["description"]));
+ $line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
+ $line["description"] = htmlspecialchars($line["description"]);
if (!$line["description"]) $line["description"] = "[No caption]";