From d296ba50d4e7219bb153634e656cd9c841ba42cd Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Fri, 29 Mar 2013 08:51:05 +0400
Subject: initialize_user_prefs: escape data on import

---
 include/functions.php | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'include')

diff --git a/include/functions.php b/include/functions.php
index f611ec4fe..951bf230f 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -548,6 +548,9 @@
 			if (array_search($line["pref_name"], $active_prefs) === FALSE) {
 //				print "adding " . $line["pref_name"] . "<br>";
 
+				$line["def_value"] = db_escape_string($link, $line["def_value"]);
+				$line["pref_name"] = db_escape_string($link, $line["pref_name"]);
+
 				if (get_schema_version($link) < 63) {
 					db_query($link, "INSERT INTO ttrss_user_prefs
 						(owner_uid,pref_name,value) VALUES
-- 
cgit v1.2.3