diff options
author | Andrew Dolgov <[email protected]> | 2006-05-19 04:10:58 +0100 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2006-05-19 04:10:58 +0100 |
commit | 605f7d463dc68eccc02c77f989302d7b9035b456 (patch) | |
tree | fab10dabb99f901cd9a1444195220e6ca731a1f1 /backend.php | |
parent | caa53a7cb1fb1a52daf561209ea4aaceb4578bfc (diff) |
fix url checking, param sanitizing in feed & cat editors, fix browser_has_opacity()
Diffstat (limited to 'backend.php')
-rw-r--r-- | backend.php | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/backend.php b/backend.php index d7567330e..4d855cead 100644 --- a/backend.php +++ b/backend.php @@ -1603,14 +1603,14 @@ } if ($subop == "editSave") { - $feed_title = db_escape_string($_POST["t"]); - $feed_link = db_escape_string($_POST["l"]); + $feed_title = db_escape_string(trim($_POST["t"])); + $feed_link = db_escape_string(trim($_POST["l"])); $upd_intl = db_escape_string($_POST["ui"]); $purge_intl = db_escape_string($_POST["pi"]); $feed_id = db_escape_string($_POST["id"]); $cat_id = db_escape_string($_POST["catid"]); - $auth_login = db_escape_string($_POST["login"]); - $auth_pass = db_escape_string($_POST["pass"]); + $auth_login = db_escape_string(trim($_POST["login"])); + $auth_pass = db_escape_string(trim($_POST["pass"])); $parent_feed = db_escape_string($_POST["pfeed"]); $private = db_escape_string($_POST["is_pvt"]); $rtl_content = db_escape_string($_POST["is_rtl"]); @@ -1653,7 +1653,7 @@ } if ($subop == "saveCat") { - $cat_title = db_escape_string($_GET["title"]); + $cat_title = db_escape_string(trim($_GET["title"])); $cat_id = db_escape_string($_GET["id"]); $result = db_query($link, "UPDATE ttrss_feed_categories SET |