public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2026-01-30 12:07:10 +00:00
Code Issues Releases Wiki Activity

db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()

Browse Source
This commit is contained in:
Andrew Dolgov
2013-03-22 09:14:55 +04:00
parent 9d9432dab8
commit 3972bf5981
40 changed files with 342 additions and 350 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
classes/dlg.php
View File

@@ -5,7 +5,7 @@ class Dlg extends Handler_Protected {
function before($method) {
if (parent::before($method)) {
header("Content-Type: text/xml; charset=utf-8");
$this->param = db_escape_string($_REQUEST["param"]);
$this->param = db_escape_string($this->link, $_REQUEST["param"]);
print "<dlg>";
return true;
}
@@ -302,7 +302,7 @@ class Dlg extends Handler_Protected {
function feedBrowser() {
if (defined('_DISABLE_FEED_BROWSER') && _DISABLE_FEED_BROWSER) return;
$browser_search = db_escape_string($_REQUEST["search"]);
$browser_search = db_escape_string($this->link, $_REQUEST["search"]);
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"op\" value=\"rpc\">";
print "<input dojoType=\"dijit.form.TextBox\" style=\"display : none\" name=\"method\" value=\"updateFeedBrowser\">";
@@ -350,7 +350,7 @@ class Dlg extends Handler_Protected {
}
function search() {
$this->params = explode(":", db_escape_string($_REQUEST["param"]), 2);
$this->params = explode(":", db_escape_string($this->link, $_REQUEST["param"]), 2);
$active_feed_id = sprintf("%d", $this->params[0]);
$is_cat = $this->params[1] != "false";
@@ -550,7 +550,7 @@ class Dlg extends Handler_Protected {
print "<content><![CDATA[";
$this->params = explode(":", $this->param, 3);
$feed_id = db_escape_string($this->params[0]);
$feed_id = db_escape_string($this->link, $this->params[0]);
$is_cat = (bool) $this->params[1];
$key = get_feed_access_key($this->link, $feed_id, $is_cat);