From 963c22646b3e1bd544bd957bf34175b996bd6e53 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Tue, 3 Apr 2018 13:57:27 +0300
Subject: pass tsvector data as a named parameter on article update, remove
 escaping hacks

---
 classes/rssutils.php | 25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

(limited to 'classes/rssutils.php')

diff --git a/classes/rssutils.php b/classes/rssutils.php
index d125a5032..f06cb085e 100755
--- a/classes/rssutils.php
+++ b/classes/rssutils.php
@@ -978,18 +978,10 @@ class RSSUtils {
 
 					_debug("resulting RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled);
 
-					if (DB_TYPE == "pgsql") {
-						$tsvector_combined = mb_substr($entry_title . ' ' .
-							preg_replace('/[<\?\:]/', ' ', strip_tags($entry_content)),
-							0, 1000000);
-
-						$tsvector_qpart = "tsvector_combined = to_tsvector(".$pdo->quote($feed_language).", ".$pdo->quote($tsvector_combined)."),";
-
-					} else {
+					if (DB_TYPE == "pgsql")
+						$tsvector_qpart = "tsvector_combined = to_tsvector(:ts_lang, :ts_content),";
+					else
 						$tsvector_qpart = "";
-					}
-
-					//_debug($tsvector_qpart);
 
 					$sth = $pdo->prepare("UPDATE ttrss_entries
 						SET title = :title,
@@ -1003,7 +995,7 @@ class RSSUtils {
 							lang = :lang														
 						WHERE id = :id");
 
-					$sth->execute([":title" => $entry_title,
+					$params = [":title" => $entry_title,
 						":content" => "$entry_content",
 						":content_hash" => $entry_current_hash,
 						":updated" => $entry_timestamp_fmt,
@@ -1011,7 +1003,14 @@ class RSSUtils {
 						":plugin_data" => $entry_plugin_data,
 						":author" => "$entry_author",
 						":lang" => $entry_language,
-						":id" => $ref_id]);
+						":id" => $ref_id];
+
+					if (DB_TYPE == "pgsql") {
+						$params[":ts_lang"] = $feed_language;
+						$params[":ts_content"] = mb_substr(strip_tags($entry_title . " " . $entry_content), 0, 1000000);
+					}
+
+					$sth->execute($params);
 
 					// update aux data
 					$sth = $pdo->prepare("UPDATE ttrss_user_entries
-- 
cgit v1.2.3