diff options
| author | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2013-03-22 09:14:55 +0400 |
| commit | 3972bf598195efba3e73ae1fef3faceabeb50308 (patch) | |
| tree | 0e0d6e4570b9f9ba692ffae40b7d170e356c4ec7 /include | |
| parent | 9d9432dab87e3887e4f482ac5afff1586530c692 (diff) | |
db_escape_string: specify link parameter for consistency; sessions: do not force-close db connection in _close()
Diffstat (limited to 'include')
| -rw-r--r-- | include/db-prefs.php | 6 | ||||
| -rw-r--r-- | include/db.php | 14 | ||||
| -rw-r--r-- | include/functions.php | 18 | ||||
| -rw-r--r-- | include/labels.php | 2 | ||||
| -rw-r--r-- | include/rssfuncs.php | 54 | ||||
| -rw-r--r-- | include/sessions.php | 4 |
6 files changed, 45 insertions, 53 deletions
diff --git a/include/db-prefs.php b/include/db-prefs.php index 641e9d1dd..f6a78939b 100644 --- a/include/db-prefs.php +++ b/include/db-prefs.php @@ -44,7 +44,7 @@ function get_pref($link, $pref_name, $user_id = false, $die_on_error = false) { - $pref_name = db_escape_string($pref_name); + $pref_name = db_escape_string($link, $pref_name); $prefs_cache = true; $profile = false; @@ -115,8 +115,8 @@ } function set_pref($link, $pref_name, $value, $user_id = false, $strip_tags = true) { - $pref_name = db_escape_string($pref_name); - $value = db_escape_string($value, $strip_tags); + $pref_name = db_escape_string($link, $pref_name); + $value = db_escape_string($link, $value, $strip_tags); if (!$user_id) { $user_id = $_SESSION["uid"]; diff --git a/include/db.php b/include/db.php index 0f4bf3708..0479df6a9 100644 --- a/include/db.php +++ b/include/db.php @@ -41,21 +41,13 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s, $strip_tags = true, $link = NULL) { +function db_escape_string($link, $s, $strip_tags = true) { if ($strip_tags) $s = strip_tags($s); if (DB_TYPE == "pgsql") { - if ($link) { - return pg_escape_string($link, $s); - } else { - return pg_escape_string($s); - } + return pg_escape_string($link, $s); } else { - if ($link) { - return mysql_real_escape_string($s, $link); - } else { - return mysql_real_escape_string($s); - } + return mysql_real_escape_string($s, $link); } } diff --git a/include/functions.php b/include/functions.php index 5d5550059..17fe18546 100644 --- a/include/functions.php +++ b/include/functions.php @@ -516,7 +516,7 @@ function initialize_user_prefs($link, $uid, $profile = false) { - $uid = db_escape_string($uid); + $uid = db_escape_string($link, $uid); if (!$profile) { $profile = "NULL"; @@ -911,7 +911,7 @@ } } - if (db_escape_string("testTEST") != "testTEST") { + if (db_escape_string($link, "testTEST") != "testTEST") { $error_code = 12; } @@ -1086,7 +1086,7 @@ } else { // tag db_query($link, "BEGIN"); - $tag_name = db_escape_string($feed); + $tag_name = db_escape_string($link, $feed); $result = db_query($link, "SELECT post_int_id FROM ttrss_tags WHERE tag_name = '$tag_name' AND owner_uid = $owner_uid"); @@ -1283,7 +1283,7 @@ return 0; } else if ($feed != "0" && $n_feed == 0) { - $feed = db_escape_string($feed); + $feed = db_escape_string($link, $feed); $result = db_query($link, "SELECT SUM((SELECT COUNT(int_id) FROM ttrss_user_entries,ttrss_entries WHERE int_id = post_int_id @@ -2744,7 +2744,7 @@ function get_article_tags($link, $id, $owner_uid = 0, $tag_cache = false) { - $a_id = db_escape_string($id); + $a_id = db_escape_string($link, $id); if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -2779,7 +2779,7 @@ /* update the cache */ - $tags_str = db_escape_string(join(",", $tags)); + $tags_str = db_escape_string($link, join(",", $tags)); db_query($link, "UPDATE ttrss_user_entries SET tag_cache = '$tags_str' WHERE ref_id = '$id' @@ -3511,7 +3511,7 @@ if (db_num_rows($result) == 1) { return db_fetch_result($result, 0, "access_key"); } else { - $key = db_escape_string(sha1(uniqid(rand(), true))); + $key = db_escape_string($link, sha1(uniqid(rand(), true))); $result = db_query($link, "INSERT INTO ttrss_access_keys (access_key, feed_id, is_cat, owner_uid) @@ -3865,7 +3865,7 @@ if ($regexp_valid) { - $rule['reg_exp'] = db_escape_string($rule['reg_exp']); + $rule['reg_exp'] = db_escape_string($link, $rule['reg_exp']); switch ($rule["type"]) { case "title": @@ -3896,7 +3896,7 @@ } if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) { - $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]); + $qpart .= " AND feed_id = " . db_escape_string($link, $rule["feed_id"]); } if (isset($rule["cat_id"])) { diff --git a/include/labels.php b/include/labels.php index da7e3f97b..e45a38622 100644 --- a/include/labels.php +++ b/include/labels.php @@ -88,7 +88,7 @@ if (!$labels) $labels = get_article_labels($link, $id); - $labels = db_escape_string(json_encode($labels)); + $labels = db_escape_string($link, json_encode($labels)); db_query($link, "UPDATE ttrss_user_entries SET label_cache = '$labels' WHERE ref_id = '$id' AND owner_uid = '$owner_uid'"); diff --git a/include/rssfuncs.php b/include/rssfuncs.php index df1d16986..55c0baa4f 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -18,10 +18,10 @@ $count = 0; while ($line = db_fetch_assoc($result)) { - $subscribers = db_escape_string($line["subscribers"]); - $feed_url = db_escape_string($line["feed_url"]); - $title = db_escape_string($line["title"]); - $site_url = db_escape_string($line["site_url"]); + $subscribers = db_escape_string($link, $line["subscribers"]); + $feed_url = db_escape_string($link, $line["feed_url"]); + $title = db_escape_string($link, $line["title"]); + $site_url = db_escape_string($link, $line["site_url"]); $tmp_result = db_query($link, "SELECT subscribers FROM ttrss_feedbrowser_cache WHERE feed_url = '$feed_url'"); @@ -200,7 +200,7 @@ $cache_images = sql_bool_to_bool(db_fetch_result($result, 0, "cache_images")); $fetch_url = db_fetch_result($result, 0, "feed_url"); - $feed = db_escape_string($feed); + $feed = db_escape_string($link, $feed); /* if ($auth_login && $auth_pass ){ $url_parts = array(); @@ -238,7 +238,7 @@ _debug("update_rss_feed: unable to fetch: $fetch_last_error"); } - $error_escaped = db_escape_string($fetch_last_error); + $error_escaped = db_escape_string($link, $fetch_last_error); db_query($link, "UPDATE ttrss_feeds SET last_error = '$error_escaped', @@ -287,7 +287,7 @@ // print_r($rss); - $feed = db_escape_string($feed); + $feed = db_escape_string($link, $feed); if (!$rss->error()) { @@ -318,7 +318,7 @@ $owner_uid = db_fetch_result($result, 0, "owner_uid"); - $site_url = db_escape_string(mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245)); + $site_url = db_escape_string($link, mb_substr(rewrite_relative_url($fetch_url, $rss->get_link()), 0, 245)); if ($debug_enabled) { _debug("update_rss_feed: checking favicon..."); @@ -333,7 +333,7 @@ if (!$registered_title || $registered_title == "[Unknown]") { - $feed_title = db_escape_string($rss->get_title()); + $feed_title = db_escape_string($link, $rss->get_title()); if ($debug_enabled) { _debug("update_rss_feed: registering title: $feed_title"); @@ -475,13 +475,13 @@ $entry_author = $entry_author_item->get_name(); if (!$entry_author) $entry_author = $entry_author_item->get_email(); - $entry_author = db_escape_string($entry_author); + $entry_author = db_escape_string($link, $entry_author); } - $entry_guid = db_escape_string(mb_substr($entry_guid, 0, 245)); + $entry_guid = db_escape_string($link, mb_substr($entry_guid, 0, 245)); - $entry_comments = db_escape_string(mb_substr($entry_comments, 0, 245)); - $entry_author = db_escape_string(mb_substr($entry_author, 0, 245)); + $entry_comments = db_escape_string($link, mb_substr($entry_comments, 0, 245)); + $entry_author = db_escape_string($link, mb_substr($entry_author, 0, 245)); $num_comments = $item->get_item_tags('http://purl.org/rss/1.0/modules/slash/', 'comments'); @@ -539,7 +539,7 @@ // FIXME not sure if owner_uid is a good idea here, we may have a base entry without user entry (?) $result = db_query($link, "SELECT plugin_data,title,content,link,tag_cache,author FROM ttrss_entries, ttrss_user_entries - WHERE ref_id = id AND guid = '".db_escape_string($entry_guid)."' AND owner_uid = $owner_uid"); + WHERE ref_id = id AND guid = '".db_escape_string($link, $entry_guid)."' AND owner_uid = $owner_uid"); if (db_num_rows($result) != 0) { $entry_plugin_data = db_fetch_result($result, 0, "plugin_data"); @@ -568,11 +568,11 @@ } $entry_tags = $article["tags"]; - $entry_guid = db_escape_string($entry_guid); - $entry_title = db_escape_string($article["title"]); - $entry_author = db_escape_string($article["author"]); - $entry_link = db_escape_string($article["link"]); - $entry_plugin_data = db_escape_string($article["plugin_data"]); + $entry_guid = db_escape_string($link, $entry_guid); + $entry_title = db_escape_string($link, $article["title"]); + $entry_author = db_escape_string($link, $article["author"]); + $entry_link = db_escape_string($link, $article["link"]); + $entry_plugin_data = db_escape_string($link, $article["plugin_data"]); $entry_content = $article["content"]; // escaped below @@ -583,7 +583,7 @@ if ($cache_images && is_writable(CACHE_DIR . '/images')) cache_images($entry_content, $site_url, $debug_enabled); - $entry_content = db_escape_string($entry_content, false); + $entry_content = db_escape_string($link, $entry_content, false); $content_hash = "SHA1:" . sha1($entry_content); @@ -829,7 +829,7 @@ $update_insignificant = false; } - if (db_escape_string($orig_title) != $entry_title) { + if (db_escape_string($link, $orig_title) != $entry_title) { $post_needs_update = true; $update_insignificant = false; } @@ -896,9 +896,9 @@ db_query($link, "BEGIN"); foreach ($enclosures as $enc) { - $enc_url = db_escape_string($enc[0]); - $enc_type = db_escape_string($enc[1]); - $enc_dur = db_escape_string($enc[2]); + $enc_url = db_escape_string($link, $enc[0]); + $enc_type = db_escape_string($link, $enc[1]); + $enc_dur = db_escape_string($link, $enc[2]); $result = db_query($link, "SELECT id FROM ttrss_enclosures WHERE content_url = '$enc_url' AND post_id = '$entry_ref_id'"); @@ -959,7 +959,7 @@ foreach ($filtered_tags as $tag) { $tag = sanitize_tag($tag); - $tag = db_escape_string($tag); + $tag = db_escape_string($link, $tag); if (!tag_is_valid($tag)) continue; @@ -981,7 +981,7 @@ $tags_to_cache = array_unique($tags_to_cache); - $tags_str = db_escape_string(join(",", $tags_to_cache)); + $tags_str = db_escape_string($link, join(",", $tags_to_cache)); db_query($link, "UPDATE ttrss_user_entries SET tag_cache = '$tags_str' WHERE ref_id = '$entry_ref_id' @@ -1031,7 +1031,7 @@ } else { - $error_msg = db_escape_string(mb_substr($rss->error(), 0, 245)); + $error_msg = db_escape_string($link, mb_substr($rss->error(), 0, 245)); if ($debug_enabled) { _debug("update_rss_feed: error fetching feed: $error_msg"); diff --git a/include/sessions.php b/include/sessions.php index 92e346afe..3355ec49e 100644 --- a/include/sessions.php +++ b/include/sessions.php @@ -53,7 +53,7 @@ $expire = time() + $session_expire; - $data = db_escape_string(base64_encode($data), false, $session_connection); + $data = db_escape_string($session_connection, base64_encode($data), false); if ($session_read) { $query = "UPDATE ttrss_sessions SET data='$data', @@ -71,7 +71,7 @@ global $session_connection; - db_close($session_connection); + //db_close($session_connection); return true; } |