xml-import: fix escaping issues

This commit is contained in:
Andrew Dolgov 2005-11-30 09:28:53 +01:00
parent df08c5bb99
commit a654a595b8
2 changed files with 22 additions and 13 deletions

View File

@ -795,4 +795,12 @@
return date("Y/m/d"); return date("Y/m/d");
} }
} }
function sql_bool_to_string($s) {
if ($s == "t" || $s == "1") {
return "true";
} else {
return "false";
}
}
?> ?>

View File

@ -34,14 +34,15 @@
function import_article($link, $data) { function import_article($link, $data) {
print "Processing article " . $data["title"] . "<br>"; print "Processing article <b>".$data["title"].
"</b> (".$data["feed_title"].")<br>";
$owner_uid = $_SESSION["uid"]; $owner_uid = $_SESSION["uid"];
db_query($link, "BEGIN"); db_query($link, "BEGIN");
$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '". $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '".
$data["feed_url"] . "' AND owner_uid = '$owner_uid'"); db_escape_string($data["feed_url"]) . "' AND owner_uid = '$owner_uid'");
if (db_num_rows($result) == 0) { if (db_num_rows($result) == 0) {
return false; return false;
@ -56,14 +57,14 @@
print "Not found, adding base entry...<br>"; print "Not found, adding base entry...<br>";
$entry_title = $data["title"]; $entry_title = db_escape_string($data["title"]);
$entry_guid = $data["guid"]; $entry_guid = db_escape_string($data["guid"]);
$entry_link = $data["link"]; $entry_link = db_escape_string($data["link"]);
$updated = $data["updated"]; $updated = db_escape_string($data["updated"]);
$date_entered = $data["date_entered"]; $date_entered = db_escape_string($data["date_entered"]);
$entry_content = $data["content"]; $entry_content = db_escape_string($data["content"]);
$content_hash = "SHA1:" . sha1(strip_tags($entry_content)); $content_hash = "SHA1:" . sha1(strip_tags($entry_content));
$entry_comments = $data["comments"]; $entry_comments = db_escape_string($data["comments"]);
$result = db_query($link, $result = db_query($link,
"INSERT INTO ttrss_entries "INSERT INTO ttrss_entries
@ -103,9 +104,9 @@
if (db_num_rows($result) == 0) { if (db_num_rows($result) == 0) {
print "User table entry not found, creating...<br>"; print "User table entry not found, creating...<br>";
$unread = $data["unread"]; $unread = sql_bool_to_string(db_escape_string($data["unread"]));
$marked = $data["marked"]; $marked = sql_bool_to_string(db_escape_string($data["marked"]));
$last_read = $data["last_read"]; $last_read = db_escape_string($data["last_read"]);
if (!$last_read) { if (!$last_read) {
$last_read_qpart = 'NULL'; $last_read_qpart = 'NULL';
@ -116,7 +117,7 @@
$result = db_query($link, $result = db_query($link,
"INSERT INTO ttrss_user_entries "INSERT INTO ttrss_user_entries
(ref_id, owner_uid, feed_id, unread, marked, last_read) (ref_id, owner_uid, feed_id, unread, marked, last_read)
VALUES ('$entry_id', '$owner_uid', '$feed_id', '$unread', '$marked', VALUES ('$entry_id', '$owner_uid', '$feed_id', $unread, $marked,
$last_read_qpart)"); $last_read_qpart)");
} else { } else {