diff options
author | Andrew Dolgov <[email protected]> | 2005-10-16 15:48:33 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2005-10-16 15:48:33 +0100 |
commit | 6e0584e9308e0dc0049d2d59d2b0c86f619720b0 (patch) | |
tree | c9246576eaadd36836e41a7a6bdaad4b14072779 | |
parent | b5aa95e736af7bfa586abf013c7a3d5b2dac1f7e (diff) |
fix some brackets issues in feed editor
-rw-r--r-- | backend.php | 15 | ||||
-rw-r--r-- | db.php | 6 | ||||
-rw-r--r-- | opml.php | 4 |
3 files changed, 17 insertions, 8 deletions
diff --git a/backend.php b/backend.php index 419d1b98e..41b2c29db 100644 --- a/backend.php +++ b/backend.php @@ -806,15 +806,18 @@ } print "<td align='center'>$feed_icon</td>"; + $edit_title = htmlspecialchars(db_unescape_string($line["title"])); + $edit_link = htmlspecialchars(db_unescape_string($line["feed_url"])); + if (!$edit_feed_id || $subop != "edit") { print "<td><input onclick='toggleSelectRow(this);' type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>"; print "<td><a href=\"javascript:editFeed($feed_id);\">" . - $line["title"] . "</td>"; + $edit_title . "</td>"; print "<td><a href=\"javascript:editFeed($feed_id);\">" . - $line["feed_url"] . "</td>"; + $edit_link . "</td>"; if ($line["update_interval"] == "0") $line["update_interval"] = "Default"; @@ -827,8 +830,8 @@ print "<td><input disabled=\"true\" type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>"; - print "<td>".$line["title"]."</td>"; - print "<td>".$line["feed_url"]."</td>"; + print "<td>$edit_title</td>"; + print "<td>$edit_link</td>"; if ($line["update_interval"] == "0") $line["update_interval"] = "Default"; @@ -839,8 +842,8 @@ print "<td><input disabled=\"true\" type=\"checkbox\"></td>"; - print "<td><input id=\"iedit_title\" value=\"".$line["title"]."\"></td>"; - print "<td><input id=\"iedit_link\" value=\"".$line["feed_url"]."\"></td>"; + print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>"; + print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>"; print "<td><input id=\"iedit_updintl\" value=\"".$line["update_interval"]."\"></td>"; } @@ -103,6 +103,12 @@ function db_fetch_result($result, $row, $param) { } } +function db_unescape_string($str) { + $tmp = str_replace("\\\"", "\"", $str); + $tmp = str_replace("\\'", "'", $tmp); + return $tmp; +} + function db_close($link) { if (DB_TYPE == "pgsql") { @@ -24,8 +24,8 @@ $result = db_query($link, "SELECT * FROM ttrss_feeds ORDER BY title"); while ($line = db_fetch_assoc($result)) { - $title = $line["title"]; - $url = $line["feed_url"]; + $title = htmlspecialchars($line["title"]); + $url = htmlspecialchars($line["feed_url"]); print "<outline text=\"$title\" xmlUrl=\"$url\"/>"; } |