valvin
/
ttrss
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feeds: remove escaping

This commit is contained in:
Andrew Dolgov 2017-12-01 20:26:51 +03:00
parent b5791f11c5
commit c9b6ca8b70
1 changed files with 13 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
classes/feeds.php
View File

@ -39,7 +39,7 @@ class Feeds extends Handler_Protected {
$search_q = ""; $search_q = "";
} }
$reply .= "<span class=\"holder\">"; $reply = "<span class=\"holder\">";
$rss_link = htmlspecialchars(get_self_url_prefix() . $rss_link = htmlspecialchars(get_self_url_prefix() .
"/public.php?op=rss&id=$feed_id$cat_q$search_q"); "/public.php?op=rss&id=$feed_id$cat_q$search_q");
@ -233,8 +233,8 @@ class Feeds extends Handler_Protected {
} }
} }
@$search = db_escape_string($_REQUEST["query"]); @$search = $_REQUEST["query"];
@$search_language = db_escape_string($_REQUEST["search_language"]); // PGSQL only @$search_language = $_REQUEST["search_language"]; // PGSQL only
if ($search) { if ($search) {
$disable_cache = true; $disable_cache = true;
@ -833,16 +833,16 @@ class Feeds extends Handler_Protected {
if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info); if ($_REQUEST["debug"]) $timing_info = print_checkpoint("0", $timing_info);
$feed = db_escape_string($_REQUEST["feed"]); $feed = $_REQUEST["feed"];
$method = db_escape_string($_REQUEST["m"]); $method = $_REQUEST["m"];
$view_mode = db_escape_string($_REQUEST["view_mode"]); $view_mode = $_REQUEST["view_mode"];
$limit = 30; $limit = 30;
@$cat_view = $_REQUEST["cat"] == "true"; @$cat_view = $_REQUEST["cat"] == "true";
@$next_unread_feed = db_escape_string($_REQUEST["nuf"]); @$next_unread_feed = $_REQUEST["nuf"];
@$offset = db_escape_string($_REQUEST["skip"]); @$offset = $_REQUEST["skip"];
@$vgroup_last_feed = db_escape_string($_REQUEST["vgrlf"]); @$vgroup_last_feed = $_REQUEST["vgrlf"];
$order_by = db_escape_string($_REQUEST["order_by"]); $order_by = $_REQUEST["order_by"];
$check_first_id = db_escape_string($_REQUEST["fid"]); $check_first_id = $_REQUEST["fid"];
if (is_numeric($feed)) $feed = (int) $feed; if (is_numeric($feed)) $feed = (int) $feed;
@ -1105,7 +1105,7 @@ class Feeds extends Handler_Protected {
function feedBrowser() { function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return; if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$browser_search = db_escape_string($_REQUEST["search"]); $browser_search = $_REQUEST["search"];
print_hidden("op", "rpc"); print_hidden("op", "rpc");
print_hidden("method", "updateFeedBrowser"); print_hidden("method", "updateFeedBrowser");
@ -1151,7 +1151,7 @@ class Feeds extends Handler_Protected {
} }
function search() { function search() {
$this->params = explode(":", db_escape_string($_REQUEST["param"]), 2); $this->params = explode(":", $_REQUEST["param"], 2);
$active_feed_id = sprintf("%d", $this->params[0]); $active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false"; $is_cat = $this->params[1] != "false";