diff options
| author | Andrew Dolgov <[email protected]> | 2006-08-22 08:17:40 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2006-08-22 08:17:40 +0100 |
| commit | d0000401adf5ea6ba3012e10e8d8d790ab7ecca2 (patch) | |
| tree | 59913530ce83fc3264efa4bee6b520d734a67d30 /backend.php | |
| parent | e2a8a097bd2ffa7fbad4382d482e1c17844f7908 (diff) | |
fix title/link quote escaping issue when subscribing from feed browser (thread 108)
Diffstat (limited to 'backend.php')
| -rw-r--r-- | backend.php | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/backend.php b/backend.php index 670ea4b59..10f4b438c 100644 --- a/backend.php +++ b/backend.php @@ -1081,8 +1081,10 @@ $result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds WHERE id = '$id'"); - $feed_url = db_fetch_result($result, 0, "feed_url"); - $title = db_fetch_result($result, 0, "title"); + $feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url")); + $title = db_escape_string(db_fetch_result($result, 0, "title")); + + $title_orig = db_fetch_result($result, 0, "title"); $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]); @@ -1092,7 +1094,7 @@ "INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id) VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)"); - array_push($subscribed, $title); + array_push($subscribed, $title_orig); } } |