public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2026-01-04 22:09:15 +00:00
Code Issues Releases Wiki Activity

remove db_unescape_string() hack

Browse Source
This commit is contained in:
Andrew Dolgov
2007-05-19 15:09:16 +01:00
parent 83fe113a39
commit 474390311f
4 changed files with 26 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
modules/pref-labels.php
View File

@@ -21,8 +21,8 @@
$line = db_fetch_assoc($result);
$sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
$description = htmlspecialchars(db_unescape_string($line["description"]));
$sql_exp = htmlspecialchars($line["sql_exp"]);
$description = htmlspecialchars($line["description"]);
print "<div id=\"infoBoxTitle\">Label editor</div>";
print "<div class=\"infoBoxContents\">";
@@ -78,8 +78,9 @@
if ($subop == "test") {
$expr = db_unescape_string(trim($_GET["expr"]));
$descr = db_unescape_string(trim($_GET["descr"]));
// no escaping here on purpose
$expr = trim($_GET["expr"]);
$descr = db_escape_string(trim($_GET["descr"]));
if (!$expr) {
print "<div>Error: SQL expression is blank.</div>";
@@ -260,9 +261,8 @@
print "<tr class=\"$class\" $this_row_id>";
$line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
$line["description"] = htmlspecialchars(
db_unescape_string($line["description"]));
$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
$line["description"] = htmlspecialchars($line["description"]);
if (!$line["description"]) $line["description"] = "[No caption]";