From 14b6c54b03f2164f568d25d6d54327117b149fa8 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sat, 19 May 2007 14:47:51 +0100
Subject: fix tag quote issues

---
 functions.php | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'functions.php')

diff --git a/functions.php b/functions.php
index 289ae3648..4b1fae84a 100644
--- a/functions.php
+++ b/functions.php
@@ -925,13 +925,9 @@
 						
 						foreach ($entry_tags as $tag) {
 
-							$tag = mb_strtolower($tag, 'utf-8');
+							$tag = sanitize_tag($tag);
 							$tag = db_escape_string($tag);
 
-							$tag = str_replace("+", " ", $tag);	
-							$tag = str_replace("\"", "", $tag);	
-							$tag = str_replace("technorati tag: ", "", $tag);
-
 							if (!tag_is_valid($tag)) continue;
 							
 							$result = db_query($link, "SELECT id FROM ttrss_tags		
@@ -942,8 +938,6 @@
 	
 							if ($result && db_num_rows($result) == 0) {
 								
-	//							print "tagging $entry_id as $tag<br>";
-	
 								db_query($link, "INSERT INTO ttrss_tags 
 									(owner_uid,tag_name,post_int_id)
 									VALUES ('$owner_uid','$tag', '$entry_int_id')");
@@ -3561,8 +3555,10 @@
 
 			while ($tmp_line = db_fetch_assoc($tmp_result)) {
 				$num_tags++;
-				$tag = $tmp_line["tag_name"];				
-				$tag_str = "<a href=\"javascript:viewfeed('$tag')\">$tag</a>, "; 
+				$tag = $tmp_line["tag_name"];
+				$tag_escaped = str_replace("'", "\\'", $tag);
+
+				$tag_str = "<a href=\"javascript:viewfeed('$tag_escaped')\">$tag</a>, ";
 				
 				if ($num_tags == 6) {
 					$tags_str .= "<a href=\"javascript:showBlockElement('allEntryTags')\">...</a>";
@@ -3988,4 +3984,15 @@
 		echo sprintf("<!-- CP[$n] %.4f seconds -->", $ts - $s);
 		return $ts;
 	}
+
+	function sanitize_tag($tag) {
+		$tag = trim($tag);
+
+		$tag = mb_strtolower($tag, 'utf-8');
+
+		$tag = str_replace("+", " ", $tag);	
+		$tag = str_replace("technorati tag: ", "", $tag);
+
+		return $tag;
+	}
 ?>
-- 
cgit v1.2.3