]> git.wh0rd.org Git - tt-rss.git/commitdiff
projects / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d4a5129)
attempt fix db_escape_string() invocation in sessions.php
authorAndrew Dolgov <fox@madoka.volgo-balt.ru>
Thu, 21 Mar 2013 17:42:11 +0000 (21:42 +0400)
committerAndrew Dolgov <fox@madoka.volgo-balt.ru>
Thu, 21 Mar 2013 17:42:11 +0000 (21:42 +0400)
include/db.php patch | blob | history
include/sessions.php patch | blob | history

diff --git a/include/db.php b/include/db.php
index f1a7af363c7b6192caa117633c03c97e20b29499..17437142b57f117203b5447c315c2d6c728c97d0 100644 (file)
--- a/include/db.php
+++ b/include/db.php
@@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) {
        }
 }
 
-function db_escape_string($s, $strip_tags = true) {
+function db_escape_string($s, $strip_tags = true, $link = NULL) {
        if ($strip_tags) $s = strip_tags($s);
 
        if (DB_TYPE == "pgsql") {
-               return pg_escape_string($s);
+               if ($link) {
+                       return pg_escape_string($link, $s);
+               } else {
+                       return pg_escape_string($s);
+               }
        } else {
-               return mysql_real_escape_string($s);
+               return mysql_real_escape_string($s, $link);
        }
 }
 
diff --git a/include/sessions.php b/include/sessions.php
index 2cef1d91b70ef48d194f542921d103b394b8555c..7d9b19bd569336f4a49352601152b9030735f24b 100644 (file)
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -53,7 +53,7 @@
 
                $expire = time() + $session_expire;
 
-               $data = db_escape_string(base64_encode($data), $session_connection);
+               $data = db_escape_string(base64_encode($data), false, $session_connection);
 
                if ($session_read) {
                        $query = "UPDATE ttrss_sessions SET data='$data',
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/