public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 07:05:56 +00:00
Code Issues Releases Wiki Activity

fix proper escaping of label titles (closes #255)

Browse Source
This commit is contained in:
Andrew Dolgov
2009-10-19 23:29:45 +04:00
parent 4e332844b4
commit 7a13338b4c
2 changed files with 6 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
modules/backend-rpc.php
View File

@@ -450,7 +450,8 @@
$ids = split(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = label_find_caption($link, $label_id, $_SESSION["uid"]);
$label = db_escape_string(label_find_caption($link, $label_id,
$_SESSION["uid"]));
print "<rpc-reply>";
print "<info-for-headlines>";
@@ -485,7 +486,8 @@
$ids = split(",", db_escape_string($_REQUEST["ids"]));
$label_id = db_escape_string($_REQUEST["lid"]);
$label = label_find_caption($link, $label_id, $_SESSION["uid"]);
$label = db_escape_string(label_find_caption($link, $label_id,
$_SESSION["uid"]));
print "<rpc-reply>";

2
modules/pref-labels.php
View File

@@ -61,6 +61,8 @@
/* Update filters that reference label being renamed */
$old_caption = db_escape_string($old_caption);
db_query($link, "UPDATE ttrss_filters SET
action_param = '$caption' WHERE action_param = '$old_caption'
AND action_id = 7