initialize_user_prefs: escape data on import

This commit is contained in:
Andrew Dolgov 2013-03-29 08:51:05 +04:00
parent 35581abf13
commit d296ba50d4
1 changed files with 3 additions and 0 deletions

View File

@ -548,6 +548,9 @@
if (array_search($line["pref_name"], $active_prefs) === FALSE) { if (array_search($line["pref_name"], $active_prefs) === FALSE) {
// print "adding " . $line["pref_name"] . "<br>"; // print "adding " . $line["pref_name"] . "<br>";
$line["def_value"] = db_escape_string($link, $line["def_value"]);
$line["pref_name"] = db_escape_string($link, $line["pref_name"]);
if (get_schema_version($link) < 63) { if (get_schema_version($link) < 63) {
db_query($link, "INSERT INTO ttrss_user_prefs db_query($link, "INSERT INTO ttrss_user_prefs
(owner_uid,pref_name,value) VALUES (owner_uid,pref_name,value) VALUES