fix url checking, param sanitizing in feed & cat editors, fix browser_has_opacity()

author: Andrew Dolgov <[email protected]> 2006-05-19 04:10:58 +0100
committer: Andrew Dolgov <[email protected]> 2006-05-19 04:10:58 +0100
commit: 605f7d463dc68eccc02c77f989302d7b9035b456 (patch)
tree: fab10dabb99f901cd9a1444195220e6ca731a1f1 /backend.php
parent: caa53a7cb1fb1a52daf561209ea4aaceb4578bfc (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/backend.php b/backend.php
index d7567330e..4d855cead 100644
--- a/backend.php
+++ b/backend.php
@@ -1603,14 +1603,14 @@
 		}
 
 		if ($subop == "editSave") {
-			$feed_title = db_escape_string($_POST["t"]);
-			$feed_link = db_escape_string($_POST["l"]);
+			$feed_title = db_escape_string(trim($_POST["t"]));
+			$feed_link = db_escape_string(trim($_POST["l"]));
 			$upd_intl = db_escape_string($_POST["ui"]);
 			$purge_intl = db_escape_string($_POST["pi"]);
 			$feed_id = db_escape_string($_POST["id"]);
 			$cat_id = db_escape_string($_POST["catid"]);
-			$auth_login = db_escape_string($_POST["login"]);
-			$auth_pass = db_escape_string($_POST["pass"]);
+			$auth_login = db_escape_string(trim($_POST["login"]));
+			$auth_pass = db_escape_string(trim($_POST["pass"]));
 			$parent_feed = db_escape_string($_POST["pfeed"]);
 			$private = db_escape_string($_POST["is_pvt"]);
 			$rtl_content = db_escape_string($_POST["is_rtl"]);
@@ -1653,7 +1653,7 @@
 		}
 
 		if ($subop == "saveCat") {
-			$cat_title = db_escape_string($_GET["title"]);
+			$cat_title = db_escape_string(trim($_GET["title"]));
 			$cat_id = db_escape_string($_GET["id"]);
 
 			$result = db_query($link, "UPDATE ttrss_feed_categories SET
author	Andrew Dolgov <[email protected]>	2006-05-19 04:10:58 +0100
committer	Andrew Dolgov <[email protected]>	2006-05-19 04:10:58 +0100
commit	605f7d463dc68eccc02c77f989302d7b9035b456 (patch)
tree	fab10dabb99f901cd9a1444195220e6ca731a1f1 /backend.php
parent	caa53a7cb1fb1a52daf561209ea4aaceb4578bfc (diff)