diff options
author | Andrew Dolgov <[email protected]> | 2013-03-21 21:42:11 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-03-21 21:42:11 +0400 |
commit | 029591964885e4a9010838cd9ae9824267dc63fc (patch) | |
tree | 23209632538f30e087dd968912e4e9e790ef7b73 | |
parent | d4a5129a24d00efb773bbf4f7e39cd53072aaa46 (diff) |
attempt fix db_escape_string() invocation in sessions.php
-rw-r--r-- | include/db.php | 10 | ||||
-rw-r--r-- | include/sessions.php | 2 |
2 files changed, 8 insertions, 4 deletions
diff --git a/include/db.php b/include/db.php index f1a7af363..17437142b 100644 --- a/include/db.php +++ b/include/db.php @@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s, $strip_tags = true) { +function db_escape_string($s, $strip_tags = true, $link = NULL) { if ($strip_tags) $s = strip_tags($s); if (DB_TYPE == "pgsql") { - return pg_escape_string($s); + if ($link) { + return pg_escape_string($link, $s); + } else { + return pg_escape_string($s); + } } else { - return mysql_real_escape_string($s); + return mysql_real_escape_string($s, $link); } } diff --git a/include/sessions.php b/include/sessions.php index 2cef1d91b..7d9b19bd5 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -53,7 +53,7 @@ $expire = time() + $session_expire; - $data = db_escape_string(base64_encode($data), $session_connection); + $data = db_escape_string(base64_encode($data), false, $session_connection); if ($session_read) { $query = "UPDATE ttrss_sessions SET data='$data', |