valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix proper escaping of label titles (closes #255)

This commit is contained in:
Andrew Dolgov 2009-10-19 23:29:45 +04:00
parent 4e332844b4
commit 7a13338b4c
2 changed files with 6 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
modules/backend-rpc.php
View File

@ -450,7 +450,8 @@
$ids = split(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = label_find_caption($link, $label_id, $_SESSION["uid"]);
$label = db_escape_string(label_find_caption($link, $label_id,
$_SESSION["uid"]));
print "<rpc-reply>";
print "<info-for-headlines>";
@ -485,7 +486,8 @@
$ids = split(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = label_find_caption($link, $label_id, $_SESSION["uid"]);
$label = db_escape_string(label_find_caption($link, $label_id,
$_SESSION["uid"]));
print "<rpc-reply>";

2
modules/pref-labels.php
View File

@ -61,6 +61,8 @@
/* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption);
db_query($link, "UPDATE ttrss_filters SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7