diff options
| -rw-r--r-- | backend.php | 10 | ||||
| -rw-r--r-- | functions.js | 6 | ||||
| -rw-r--r-- | prefs.js | 8 | ||||
| -rw-r--r-- | tt-rss.js | 3 |
4 files changed, 17 insertions, 10 deletions
diff --git a/backend.php b/backend.php index d7567330e..4d855cead 100644 --- a/backend.php +++ b/backend.php @@ -1603,14 +1603,14 @@ } if ($subop == "editSave") { - $feed_title = db_escape_string($_POST["t"]); - $feed_link = db_escape_string($_POST["l"]); + $feed_title = db_escape_string(trim($_POST["t"])); + $feed_link = db_escape_string(trim($_POST["l"])); $upd_intl = db_escape_string($_POST["ui"]); $purge_intl = db_escape_string($_POST["pi"]); $feed_id = db_escape_string($_POST["id"]); $cat_id = db_escape_string($_POST["catid"]); - $auth_login = db_escape_string($_POST["login"]); - $auth_pass = db_escape_string($_POST["pass"]); + $auth_login = db_escape_string(trim($_POST["login"])); + $auth_pass = db_escape_string(trim($_POST["pass"])); $parent_feed = db_escape_string($_POST["pfeed"]); $private = db_escape_string($_POST["is_pvt"]); $rtl_content = db_escape_string($_POST["is_rtl"]); @@ -1653,7 +1653,7 @@ } if ($subop == "saveCat") { - $cat_title = db_escape_string($_GET["title"]); + $cat_title = db_escape_string(trim($_GET["title"])); $cat_id = db_escape_string($_GET["id"]); $result = db_query($link, "UPDATE ttrss_feed_categories SET diff --git a/functions.js b/functions.js index 3b5e64f70..817946c39 100644 --- a/functions.js +++ b/functions.js @@ -1,7 +1,8 @@ var hotkeys_enabled = true; function browser_has_opacity() { - return navigator.userAgent.match("Gecko") || navigator.userAgent.match("Opera"); + return navigator.userAgent.match("Gecko") != null || + navigator.userAgent.match("Opera") != null; } function exception_error(location, e) { @@ -1054,3 +1055,6 @@ function toggleSubmitNotEmpty(e, submit_id) { } } +function isValidURL(s) { + return s.match("http://") != null || s.match("https://") != null; +} @@ -282,8 +282,7 @@ function addFeed() { if (link.value.length == 0) { alert("Error: No feed URL given."); - } else if (link.value.match("http://") == null && - link.value.match("https://") == null) { + } else if (!isValidURL(link.value)) { alert("Error: Invalid feed URL."); } else { notify("Adding feed..."); @@ -746,6 +745,11 @@ function feedEditSave() { notify("Feed title cannot be blank."); return; } + + if (!isValidURL(link)) { + alert("Feed URL is invalid."); + return; + } var auth_login = document.getElementById("iedit_login").value; var auth_pass = document.getElementById("iedit_pass").value; @@ -538,8 +538,7 @@ function qafAdd() { if (link.value.length == 0) { alert("Error: No feed URL given."); - } else if (link.value.match("http://") == null && - link.value.match("https://") == null) { + } else if (!isValidURL(link.value)) { alert("Error: Invalid feed URL."); } else { notify("Adding feed..."); |