diff options
author | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
commit | 3972bf598195efba3e73ae1fef3faceabeb50308 (patch) | |
tree | 0e0d6e4570b9f9ba692ffae40b7d170e356c4ec7 /classes/pref/users.php | |
parent | 9d9432dab87e3887e4f482ac5afff1586530c692 (diff) |
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
Diffstat (limited to 'classes/pref/users.php')
-rw-r--r-- | classes/pref/users.php | 20 |
1 files changed, 10 insertions, 10 deletions
diff --git a/classes/pref/users.php b/classes/pref/users.php index d36ed29f7..fbba5e407 100644 --- a/classes/pref/users.php +++ b/classes/pref/users.php @@ -116,7 +116,7 @@ class Pref_Users extends Handler_Protected { header("Content-Type: text/xml"); - $id = db_escape_string($_REQUEST["id"]); + $id = db_escape_string($this->link, $_REQUEST["id"]); print "<dlg id=\"$method\">"; print "<title>".__('User Editor')."</title>"; @@ -199,11 +199,11 @@ class Pref_Users extends Handler_Protected { } function editSave() { - $login = db_escape_string(trim($_REQUEST["login"])); - $uid = db_escape_string($_REQUEST["id"]); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); + $uid = db_escape_string($this->link, $_REQUEST["id"]); $access_level = (int) $_REQUEST["access_level"]; - $email = db_escape_string(trim($_REQUEST["email"])); - $password = db_escape_string(trim($_REQUEST["password"])); + $email = db_escape_string($this->link, trim($_REQUEST["email"])); + $password = db_escape_string($this->link, trim($_REQUEST["password"])); if ($password) { $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); @@ -220,7 +220,7 @@ class Pref_Users extends Handler_Protected { } function remove() { - $ids = split(",", db_escape_string($_REQUEST["ids"])); + $ids = split(",", db_escape_string($this->link, $_REQUEST["ids"])); foreach ($ids as $id) { if ($id != $_SESSION["uid"] && $id != 1) { @@ -233,7 +233,7 @@ class Pref_Users extends Handler_Protected { function add() { - $login = db_escape_string(trim($_REQUEST["login"])); + $login = db_escape_string($this->link, trim($_REQUEST["login"])); $tmp_user_pwd = make_password(8); $salt = substr(bin2hex(get_random_bytes(125)), 0, 250); $pwd_hash = encrypt_password($tmp_user_pwd, $salt, true); @@ -272,7 +272,7 @@ class Pref_Users extends Handler_Protected { function resetPass() { - $uid = db_escape_string($_REQUEST["id"]); + $uid = db_escape_string($this->link, $_REQUEST["id"]); $result = db_query($this->link, "SELECT login,email FROM ttrss_users WHERE id = '$uid'"); @@ -353,7 +353,7 @@ class Pref_Users extends Handler_Protected { print "<div id=\"pref-user-toolbar\" dojoType=\"dijit.Toolbar\">"; - $user_search = db_escape_string($_REQUEST["search"]); + $user_search = db_escape_string($this->link, $_REQUEST["search"]); if (array_key_exists("search", $_REQUEST)) { $_SESSION["prefs_user_search"] = $user_search; @@ -368,7 +368,7 @@ class Pref_Users extends Handler_Protected { __('Search')."</button> </div>"; - $sort = db_escape_string($_REQUEST["sort"]); + $sort = db_escape_string($this->link, $_REQUEST["sort"]); if (!$sort || $sort == "undefined") { $sort = "login"; |