summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--backend.php15
-rw-r--r--db.php6
-rw-r--r--opml.php4
3 files changed, 17 insertions, 8 deletions
diff --git a/backend.php b/backend.php
index 419d1b98e..41b2c29db 100644
--- a/backend.php
+++ b/backend.php
@@ -806,15 +806,18 @@
}
print "<td align='center'>$feed_icon</td>";
+ $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+ $edit_link = htmlspecialchars(db_unescape_string($line["feed_url"]));
+
if (!$edit_feed_id || $subop != "edit") {
print "<td><input onclick='toggleSelectRow(this);'
type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>";
print "<td><a href=\"javascript:editFeed($feed_id);\">" .
- $line["title"] . "</td>";
+ $edit_title . "</td>";
print "<td><a href=\"javascript:editFeed($feed_id);\">" .
- $line["feed_url"] . "</td>";
+ $edit_link . "</td>";
if ($line["update_interval"] == "0")
$line["update_interval"] = "Default";
@@ -827,8 +830,8 @@
print "<td><input disabled=\"true\" type=\"checkbox\"
id=\"FRCHK-".$line["id"]."\"></td>";
- print "<td>".$line["title"]."</td>";
- print "<td>".$line["feed_url"]."</td>";
+ print "<td>$edit_title</td>";
+ print "<td>$edit_link</td>";
if ($line["update_interval"] == "0")
$line["update_interval"] = "Default";
@@ -839,8 +842,8 @@
print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
- print "<td><input id=\"iedit_title\" value=\"".$line["title"]."\"></td>";
- print "<td><input id=\"iedit_link\" value=\"".$line["feed_url"]."\"></td>";
+ print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
+ print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
print "<td><input id=\"iedit_updintl\" value=\"".$line["update_interval"]."\"></td>";
}
diff --git a/db.php b/db.php
index c72bbd9df..e4673f679 100644
--- a/db.php
+++ b/db.php
@@ -103,6 +103,12 @@ function db_fetch_result($result, $row, $param) {
}
}
+function db_unescape_string($str) {
+ $tmp = str_replace("\\\"", "\"", $str);
+ $tmp = str_replace("\\'", "'", $tmp);
+ return $tmp;
+}
+
function db_close($link) {
if (DB_TYPE == "pgsql") {
diff --git a/opml.php b/opml.php
index bcfa31700..2e87c037a 100644
--- a/opml.php
+++ b/opml.php
@@ -24,8 +24,8 @@
$result = db_query($link, "SELECT * FROM ttrss_feeds ORDER BY title");
while ($line = db_fetch_assoc($result)) {
- $title = $line["title"];
- $url = $line["feed_url"];
+ $title = htmlspecialchars($line["title"]);
+ $url = htmlspecialchars($line["feed_url"]);
print "<outline text=\"$title\" xmlUrl=\"$url\"/>";
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-04 21:18:40 +0000