diff options
| author | Andrew Dolgov <[email protected]> | 2007-05-19 15:09:16 +0100 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2007-05-19 15:09:16 +0100 |
| commit | 474390311fd646db88acfdbff7dcc7c57ac7249e (patch) | |
| tree | 67f57e9be22939a10581de2a5133a455b7513954 /modules/pref-labels.php | |
| parent | 83fe113a39e78e06654c76cd33b645a9247c7f64 (diff) | |
remove db_unescape_string() hack
Diffstat (limited to 'modules/pref-labels.php')
| -rw-r--r-- | modules/pref-labels.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/modules/pref-labels.php b/modules/pref-labels.php index 3f7b7f806..8d19d0287 100644 --- a/modules/pref-labels.php +++ b/modules/pref-labels.php @@ -21,8 +21,8 @@ $line = db_fetch_assoc($result); - $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"])); - $description = htmlspecialchars(db_unescape_string($line["description"])); + $sql_exp = htmlspecialchars($line["sql_exp"]); + $description = htmlspecialchars($line["description"]); print "<div id=\"infoBoxTitle\">Label editor</div>"; print "<div class=\"infoBoxContents\">"; @@ -78,8 +78,9 @@ if ($subop == "test") { - $expr = db_unescape_string(trim($_GET["expr"])); - $descr = db_unescape_string(trim($_GET["descr"])); + // no escaping here on purpose + $expr = trim($_GET["expr"]); + $descr = db_escape_string(trim($_GET["descr"])); if (!$expr) { print "<div>Error: SQL expression is blank.</div>"; @@ -260,9 +261,8 @@ print "<tr class=\"$class\" $this_row_id>"; - $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"])); - $line["description"] = htmlspecialchars( - db_unescape_string($line["description"])); + $line["sql_exp"] = htmlspecialchars($line["sql_exp"]); + $line["description"] = htmlspecialchars($line["description"]); if (!$line["description"]) $line["description"] = "[No caption]"; |