From 474390311fd646db88acfdbff7dcc7c57ac7249e Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Sat, 19 May 2007 15:09:16 +0100
Subject: remove db_unescape_string() hack

---
 modules/pref-feeds.php   | 20 ++++++++++----------
 modules/pref-filters.php |  6 +++---
 modules/pref-labels.php  | 14 +++++++-------
 3 files changed, 20 insertions(+), 20 deletions(-)

(limited to 'modules')

diff --git a/modules/pref-feeds.php b/modules/pref-feeds.php
index ae5ab28ec..9ef88e8fa 100644
--- a/modules/pref-feeds.php
+++ b/modules/pref-feeds.php
@@ -101,7 +101,7 @@
 				$class = ($feedctr % 2) ? "even" : "odd";
 
 				print "<li class='$class' id=\"FBROW-".$details["id"]."\">$check_box".
-					"$feed_icon " . db_unescape_string($details["title"]) . 
+					"$feed_icon " . $details["title"] . 
 					"&nbsp;<span class='subscribers'>($subscribers)</span></li>";
 
 					++$feedctr;
@@ -130,8 +130,8 @@
 				"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
 					owner_uid = " . $_SESSION["uid"]);
 
-			$title = htmlspecialchars(db_unescape_string(db_fetch_result($result,
-				0, "title")));
+			$title = htmlspecialchars(db_fetch_result($result,
+				0, "title"));
 
 			$icon_file = ICONS_DIR . "/$feed_id.ico";
 	
@@ -159,8 +159,8 @@
 				name=\"title\" value=\"$title\"></td></tr>";
 
 			$feed_url = db_fetch_result($result, 0, "feed_url");
-			$feed_url = htmlspecialchars(db_unescape_string(db_fetch_result($result,
-				0, "feed_url")));
+			$feed_url = htmlspecialchars(db_fetch_result($result,
+				0, "feed_url"));
 				
 			print "<tr><td>".__('Feed URL:')."</td>";
 			print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event, feedEditSave)\"
@@ -259,13 +259,13 @@
 			
 			print "</td>";
 
-			$auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login"));
+			$auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login"));
 
 			print "<tr><td>".__('Login:')."</td>";
 			print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event, feedEditSave)\"
 				name=\"auth_login\" value=\"$auth_login\"></td></tr>";
 
-			$auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass"));
+			$auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass"));
 
 			print "<tr><td>".__('Password:')."</td>";
 			print "<td><input class=\"iedit\" type=\"password\" name=\"auth_pass\" 
@@ -652,7 +652,7 @@
 		
 					print "<tr class=\"$class\" $this_row_id>";
 		
-					$edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+					$edit_title = htmlspecialchars($line["title"]);
 		
 					if (!$edit_cat_id || $action != "edit") {
 		
@@ -880,8 +880,8 @@
 				$feed_id = $line["id"];
 				$cat_id = $line["cat_id"];
 
-				$edit_title = htmlspecialchars(db_unescape_string($line["title"]));
-				$edit_cat = htmlspecialchars(db_unescape_string($line["category"]));
+				$edit_title = htmlspecialchars($line["title"]);
+				$edit_cat = htmlspecialchars($line["category"]);
 
 				$hidden = sql_bool_to_bool($line["hidden"]);
 
diff --git a/modules/pref-filters.php b/modules/pref-filters.php
index 7445c0e0d..3c0f6129c 100644
--- a/modules/pref-filters.php
+++ b/modules/pref-filters.php
@@ -10,7 +10,7 @@
 			$result = db_query($link, 
 				"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
 
-			$reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp")));
+			$reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
 			$filter_type = db_fetch_result($result, 0, "filter_type");
 			$feed_id = db_fetch_result($result, 0, "feed_id");
 			$action_id = db_fetch_result($result, 0, "action_id");
@@ -285,11 +285,11 @@
 	
 				print "<tr class=\"$class\" $this_row_id>";
 	
-				$line["reg_exp"] = htmlspecialchars(db_unescape_string($line["reg_exp"]));
+				$line["reg_exp"] = htmlspecialchars($line["reg_exp"]);
 	
 				if (!$line["feed_title"]) $line["feed_title"] = __("All feeds");
 
-				$line["feed_title"] = htmlspecialchars(db_unescape_string($line["feed_title"]));
+				$line["feed_title"] = htmlspecialchars($line["feed_title"]);
 
 				print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"filter\");' 
 					type=\"checkbox\" id=\"FICHK-".$line["id"]."\"></td>";
diff --git a/modules/pref-labels.php b/modules/pref-labels.php
index 3f7b7f806..8d19d0287 100644
--- a/modules/pref-labels.php
+++ b/modules/pref-labels.php
@@ -21,8 +21,8 @@
 
 			$line = db_fetch_assoc($result);
 
-			$sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
-			$description = htmlspecialchars(db_unescape_string($line["description"]));
+			$sql_exp = htmlspecialchars($line["sql_exp"]);
+			$description = htmlspecialchars($line["description"]);
 
 			print "<div id=\"infoBoxTitle\">Label editor</div>";
 			print "<div class=\"infoBoxContents\">";
@@ -78,8 +78,9 @@
 
 		if ($subop == "test") {
 
-			$expr = db_unescape_string(trim($_GET["expr"]));
-			$descr = db_unescape_string(trim($_GET["descr"]));
+			// no escaping here on purpose
+			$expr = trim($_GET["expr"]);
+			$descr = db_escape_string(trim($_GET["descr"]));
 
 			if (!$expr) {
 				print "<div>Error: SQL expression is blank.</div>";
@@ -260,9 +261,8 @@
 	
 				print "<tr class=\"$class\" $this_row_id>";
 	
-				$line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
-				$line["description"] = htmlspecialchars(
-						db_unescape_string($line["description"]));
+				$line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
+				$line["description"] = htmlspecialchars($line["description"]);
 	
 				if (!$line["description"]) $line["description"] = "[No caption]";
 	
-- 
cgit v1.2.3