xml-import: fix escaping issues

author: Andrew Dolgov <[email protected]> 2005-11-30 09:28:53 +0100
committer: Andrew Dolgov <[email protected]> 2005-11-30 09:28:53 +0100
commit: a654a595b8642b62a18af16248fc0c44d9a8ea46 (patch)
tree: 0a3e5e7742d1dec6c4b80028cda2a07be006a332 /xml-import.php
parent: df08c5bb99c664e756cb6a2e1f3062d1421a2c47 (diff)
1 files changed, 14 insertions, 13 deletions
diff --git a/xml-import.php b/xml-import.php
index 5ba27f1ae..dee462368 100644
--- a/xml-import.php
+++ b/xml-import.php
@@ -34,14 +34,15 @@
 
 	function import_article($link, $data) {
 
-		print "Processing article " . $data["title"] . "<br>";
+		print "Processing article <b>".$data["title"].
+		"</b> (".$data["feed_title"].")<br>";
 
 		$owner_uid = $_SESSION["uid"];
 
 		db_query($link, "BEGIN");
 
 		$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE feed_url = '".
-			$data["feed_url"] . "' AND owner_uid = '$owner_uid'");
+			db_escape_string($data["feed_url"]) . "' AND owner_uid = '$owner_uid'");
 
 		if (db_num_rows($result) == 0) {
 			return false;
@@ -56,14 +57,14 @@
 
 			print "Not found, adding base entry...<br>";
 
-			$entry_title = $data["title"];
-			$entry_guid = $data["guid"];
-			$entry_link = $data["link"];
-			$updated = $data["updated"];
-			$date_entered = $data["date_entered"];
-			$entry_content = $data["content"];
+			$entry_title = db_escape_string($data["title"]);
+			$entry_guid = db_escape_string($data["guid"]);
+			$entry_link = db_escape_string($data["link"]);
+			$updated = db_escape_string($data["updated"]);
+			$date_entered = db_escape_string($data["date_entered"]);
+			$entry_content = db_escape_string($data["content"]);
 			$content_hash = "SHA1:" . sha1(strip_tags($entry_content));
-			$entry_comments = $data["comments"];
+			$entry_comments = db_escape_string($data["comments"]);
 
 			$result = db_query($link,
 				"INSERT INTO ttrss_entries 
@@ -103,9 +104,9 @@
 		if (db_num_rows($result) == 0) {
 			print "User table entry not found, creating...<br>";
 
-			$unread = $data["unread"];
-			$marked = $data["marked"];
-			$last_read = $data["last_read"];
+			$unread = sql_bool_to_string(db_escape_string($data["unread"]));
+			$marked = sql_bool_to_string(db_escape_string($data["marked"]));
+			$last_read = db_escape_string($data["last_read"]);
 
 			if (!$last_read) {
 				$last_read_qpart = 'NULL';
@@ -116,7 +117,7 @@
 			$result = db_query($link,
 				"INSERT INTO ttrss_user_entries 
 					(ref_id, owner_uid, feed_id, unread, marked, last_read) 
-				VALUES ('$entry_id', '$owner_uid', '$feed_id', '$unread', '$marked',
+				VALUES ('$entry_id', '$owner_uid', '$feed_id', $unread, $marked,
 					$last_read_qpart)");
 
 		} else {
author	Andrew Dolgov <[email protected]>	2005-11-30 09:28:53 +0100
committer	Andrew Dolgov <[email protected]>	2005-11-30 09:28:53 +0100
commit	a654a595b8642b62a18af16248fc0c44d9a8ea46 (patch)
tree	0a3e5e7742d1dec6c4b80028cda2a07be006a332 /xml-import.php
parent	df08c5bb99c664e756cb6a2e1f3062d1421a2c47 (diff)