diff options
| author | Andrew Dolgov <[email protected]> | 2009-10-19 23:29:45 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2009-10-19 23:29:45 +0400 |
| commit | 7a13338b4c9ee0f421a9e182e83cb2d8f458774e (patch) | |
| tree | 204a926e32095a8dd5334beb4eb271d55d5d063b /modules | |
| parent | 4e332844b4d546e939c54cbbdcff1a11840aa0e3 (diff) | |
fix proper escaping of label titles (closes #255)
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/backend-rpc.php | 6 | ||||
| -rw-r--r-- | modules/pref-labels.php | 2 |
2 files changed, 6 insertions, 2 deletions
diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php index 3e4a94340..1a65efc02 100644 --- a/modules/backend-rpc.php +++ b/modules/backend-rpc.php @@ -450,7 +450,8 @@ $ids = split(",", db_escape_string($_REQUEST["ids"])); $label_id = db_escape_string($_REQUEST["lid"]); - $label = label_find_caption($link, $label_id, $_SESSION["uid"]); + $label = db_escape_string(label_find_caption($link, $label_id, + $_SESSION["uid"])); print "<rpc-reply>"; print "<info-for-headlines>"; @@ -485,7 +486,8 @@ $ids = split(",", db_escape_string($_REQUEST["ids"])); $label_id = db_escape_string($_REQUEST["lid"]); - $label = label_find_caption($link, $label_id, $_SESSION["uid"]); + $label = db_escape_string(label_find_caption($link, $label_id, + $_SESSION["uid"])); print "<rpc-reply>"; diff --git a/modules/pref-labels.php b/modules/pref-labels.php index 336228801..02e5a2be9 100644 --- a/modules/pref-labels.php +++ b/modules/pref-labels.php @@ -61,6 +61,8 @@ /* Update filters that reference label being renamed */ + $old_caption = db_escape_string($old_caption); + db_query($link, "UPDATE ttrss_filters SET action_param = '$caption' WHERE action_param = '$old_caption' AND action_id = 7 |