From 9a35e16d1e4a78666fcc186d92b989178a028791 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 19 May 2006 04:13:32 +0100 Subject: [PATCH] sanitize input in label-editor subops --- backend.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/backend.php b/backend.php index 4d855cead..bb4180449 100644 --- a/backend.php +++ b/backend.php @@ -2167,8 +2167,8 @@ if ($subop == "editSave") { - $regexp = db_escape_string($_GET["r"]); - $match = db_escape_string($_GET["m"]); + $regexp = db_escape_string(trim($_GET["r"])); + $match = db_escape_string(trim($_GET["m"])); $filter_id = db_escape_string($_GET["id"]); $feed_id = db_escape_string($_GET["fid"]); $action_id = db_escape_string($_GET["aid"]); @@ -2482,8 +2482,8 @@ if ($subop == "test") { - $expr = $_GET["expr"]; - $descr = $_GET["descr"]; + $expr = trim($_GET["expr"]); + $descr = trim($_GET["descr"]); print "
Test label: $descr
"; @@ -2536,8 +2536,8 @@ if ($subop == "editSave") { - $sql_exp = $_GET["s"]; - $descr = $_GET["d"]; + $sql_exp = trim($_GET["s"]); + $descr = trim($_GET["d"]); $label_id = db_escape_string($_GET["id"]); // print "$sql_exp : $descr : $label_id";