diff options
author | Andrew Dolgov <[email protected]> | 2006-05-19 04:13:32 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2006-05-19 04:13:32 +0100 |
commit | 9a35e16d1e4a78666fcc186d92b989178a028791 (patch) | |
tree | 58679543be85064b77ffece019365f5936b85e47 | |
parent | 605f7d463dc68eccc02c77f989302d7b9035b456 (diff) |
sanitize input in label-editor subops
-rw-r--r-- | backend.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/backend.php b/backend.php index 4d855cead..bb4180449 100644 --- a/backend.php +++ b/backend.php @@ -2167,8 +2167,8 @@ if ($subop == "editSave") { - $regexp = db_escape_string($_GET["r"]); - $match = db_escape_string($_GET["m"]); + $regexp = db_escape_string(trim($_GET["r"])); + $match = db_escape_string(trim($_GET["m"])); $filter_id = db_escape_string($_GET["id"]); $feed_id = db_escape_string($_GET["fid"]); $action_id = db_escape_string($_GET["aid"]); @@ -2482,8 +2482,8 @@ if ($subop == "test") { - $expr = $_GET["expr"]; - $descr = $_GET["descr"]; + $expr = trim($_GET["expr"]); + $descr = trim($_GET["descr"]); print "<div id=\"infoBoxTitle\">Test label: $descr</div>"; @@ -2536,8 +2536,8 @@ if ($subop == "editSave") { - $sql_exp = $_GET["s"]; - $descr = $_GET["d"]; + $sql_exp = trim($_GET["s"]); + $descr = trim($_GET["d"]); $label_id = db_escape_string($_GET["id"]); // print "$sql_exp : $descr : $label_id"; |