1 files changed, 31 insertions, 31 deletions

diff --git a/classes/api.php b/classes/api.php
index b9168cf93..3ec218671 100644
--- a/classes/api.php
+++ b/classes/api.php
@@ -47,7 +47,7 @@ class API extends Handler {
 	}
 
 	function login() {
-		$login = db_escape_string($_REQUEST["user"]);
+		$login = db_escape_string($this->link, $_REQUEST["user"]);
 		$password = $_REQUEST["password"];
 		$password_base64 = base64_decode($_REQUEST["password"]);
 
@@ -92,8 +92,8 @@ class API extends Handler {
 	}
 
 	function getUnread() {
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
-		$is_cat = db_escape_string($_REQUEST["is_cat"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
+		$is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
 
 		if ($feed_id) {
 			print $this->wrap(self::STATUS_OK, array("unread" => getFeedUnread($this->link, $feed_id, $is_cat)));
@@ -108,10 +108,10 @@ class API extends Handler {
 	}
 
 	function getFeeds() {
-		$cat_id = db_escape_string($_REQUEST["cat_id"]);
+		$cat_id = db_escape_string($this->link, $_REQUEST["cat_id"]);
 		$unread_only = sql_bool_to_bool($_REQUEST["unread_only"]);
-		$limit = (int) db_escape_string($_REQUEST["limit"]);
-		$offset = (int) db_escape_string($_REQUEST["offset"]);
+		$limit = (int) db_escape_string($this->link, $_REQUEST["limit"]);
+		$offset = (int) db_escape_string($this->link, $_REQUEST["offset"]);
 		$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 
 		$feeds = $this->api_get_feeds($this->link, $cat_id, $unread_only, $limit, $offset, $include_nested);
@@ -171,29 +171,29 @@ class API extends Handler {
 	}
 
 	function getHeadlines() {
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
 		if ($feed_id != "") {
 
-			$limit = (int)db_escape_string($_REQUEST["limit"]);
+			$limit = (int)db_escape_string($this->link, $_REQUEST["limit"]);
 
 			if (!$limit || $limit >= 60) $limit = 60;
 
-			$offset = (int)db_escape_string($_REQUEST["skip"]);
-			$filter = db_escape_string($_REQUEST["filter"]);
+			$offset = (int)db_escape_string($this->link, $_REQUEST["skip"]);
+			$filter = db_escape_string($this->link, $_REQUEST["filter"]);
 			$is_cat = sql_bool_to_bool($_REQUEST["is_cat"]);
 			$show_excerpt = sql_bool_to_bool($_REQUEST["show_excerpt"]);
 			$show_content = sql_bool_to_bool($_REQUEST["show_content"]);
 			/* all_articles, unread, adaptive, marked, updated */
-			$view_mode = db_escape_string($_REQUEST["view_mode"]);
+			$view_mode = db_escape_string($this->link, $_REQUEST["view_mode"]);
 			$include_attachments = sql_bool_to_bool($_REQUEST["include_attachments"]);
-			$since_id = (int)db_escape_string($_REQUEST["since_id"]);
+			$since_id = (int)db_escape_string($this->link, $_REQUEST["since_id"]);
 			$include_nested = sql_bool_to_bool($_REQUEST["include_nested"]);
 			$sanitize_content = true;
 
 			/* do not rely on params below */
 
-			$search = db_escape_string($_REQUEST["search"]);
-			$search_mode = db_escape_string($_REQUEST["search_mode"]);
+			$search = db_escape_string($this->link, $_REQUEST["search"]);
+			$search_mode = db_escape_string($this->link, $_REQUEST["search_mode"]);
 
 			$headlines = $this->api_get_headlines($this->link, $feed_id, $limit, $offset,
 				$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
@@ -207,10 +207,10 @@ class API extends Handler {
 	}
 
 	function updateArticle() {
-		$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
-		$mode = (int) db_escape_string($_REQUEST["mode"]);
-		$data = db_escape_string($_REQUEST["data"]);
-		$field_raw = (int)db_escape_string($_REQUEST["field"]);
+		$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
+		$mode = (int) db_escape_string($this->link, $_REQUEST["mode"]);
+		$data = db_escape_string($this->link, $_REQUEST["data"]);
+		$field_raw = (int)db_escape_string($this->link, $_REQUEST["field"]);
 
 		$field = "";
 		$set_to = "";
@@ -285,7 +285,7 @@ class API extends Handler {
 
 	function getArticle() {
 
-		$article_id = join(",", array_filter(explode(",", db_escape_string($_REQUEST["article_id"])), is_numeric));
+		$article_id = join(",", array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_id"])), is_numeric));
 
 		$query = "SELECT id,title,link,content,cached_content,feed_id,comments,int_id,
 			marked,unread,published,
@@ -348,7 +348,7 @@ class API extends Handler {
 	}
 
 	function updateFeed() {
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
 
 		update_rss_feed($this->link, $feed_id, true);
 
@@ -356,8 +356,8 @@ class API extends Handler {
 	}
 
 	function catchupFeed() {
-		$feed_id = db_escape_string($_REQUEST["feed_id"]);
-		$is_cat = db_escape_string($_REQUEST["is_cat"]);
+		$feed_id = db_escape_string($this->link, $_REQUEST["feed_id"]);
+		$is_cat = db_escape_string($this->link, $_REQUEST["is_cat"]);
 
 		catchup_feed($this->link, $feed_id, $is_cat);
 
@@ -365,13 +365,13 @@ class API extends Handler {
 	}
 
 	function getPref() {
-		$pref_name = db_escape_string($_REQUEST["pref_name"]);
+		$pref_name = db_escape_string($this->link, $_REQUEST["pref_name"]);
 
 		print $this->wrap(self::STATUS_OK, array("value" => get_pref($this->link, $pref_name)));
 	}
 
 	function getLabels() {
-		//$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
+		//$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
 
 		$article_id = (int)$_REQUEST['article_id'];
 
@@ -409,11 +409,11 @@ class API extends Handler {
 
 	function setArticleLabel() {
 
-		$article_ids = array_filter(explode(",", db_escape_string($_REQUEST["article_ids"])), is_numeric);
-		$label_id = (int) db_escape_string($_REQUEST['label_id']);
-		$assign = (bool) db_escape_string($_REQUEST['assign']) == "true";
+		$article_ids = array_filter(explode(",", db_escape_string($this->link, $_REQUEST["article_ids"])), is_numeric);
+		$label_id = (int) db_escape_string($this->link, $_REQUEST['label_id']);
+		$assign = (bool) db_escape_string($this->link, $_REQUEST['assign']) == "true";
 
-		$label = db_escape_string(label_find_caption($this->link,
+		$label = db_escape_string($this->link, label_find_caption($this->link,
 			$label_id, $_SESSION["uid"]));
 
 		$num_updated = 0;
@@ -442,9 +442,9 @@ class API extends Handler {
 	}
 
 	function shareToPublished() {
-		$title = db_escape_string(strip_tags($_REQUEST["title"]));
-		$url = db_escape_string(strip_tags($_REQUEST["url"]));
-		$content = db_escape_string(strip_tags($_REQUEST["content"]));
+		$title = db_escape_string($this->link, strip_tags($_REQUEST["title"]));
+		$url = db_escape_string($this->link, strip_tags($_REQUEST["url"]));
+		$content = db_escape_string($this->link, strip_tags($_REQUEST["content"]));
 
 		if (Article::create_published_article($this->link, $title, $url, $content, "", $_SESSION["uid"])) {
 			print $this->wrap(self::STATUS_OK, array("status" => 'OK'));