fix tag quote issues

diff --git a/functions.php b/functions.php
index 289ae3648acd63c00c9111117754a2de6bfe7f82..4b1fae84aeef5b5eb1d385aceff2d4ba8f6b99db 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -925,13 +925,9 @@
                                                
                                                foreach ($entry_tags as $tag) {
 
-                                                       $tag = mb_strtolower($tag, 'utf-8');
+                                                       $tag = sanitize_tag($tag);
                                                        $tag = db_escape_string($tag);
 
-                                                       $tag = str_replace("+", " ", $tag);     
-                                                       $tag = str_replace("\"", "", $tag);     
-                                                       $tag = str_replace("technorati tag: ", "", $tag);
-
                                                        if (!tag_is_valid($tag)) continue;
                                                        
                                                        $result = db_query($link, "SELECT id FROM ttrss_tags            
@@ -942,8 +938,6 @@
        
                                                        if ($result && db_num_rows($result) == 0) {
                                                                
-       //                                                      print "tagging $entry_id as $tag<br>";
-       
                                                                db_query($link, "INSERT INTO ttrss_tags 
                                                                        (owner_uid,tag_name,post_int_id)
                                                                        VALUES ('$owner_uid','$tag', '$entry_int_id')");
@@ -3561,8 +3555,10 @@
 
                        while ($tmp_line = db_fetch_assoc($tmp_result)) {
                                $num_tags++;
-                               $tag = $tmp_line["tag_name"];                           
-                               $tag_str = "<a href=\"javascript:viewfeed('$tag')\">$tag</a>, "; 
+                               $tag = $tmp_line["tag_name"];
+                               $tag_escaped = str_replace("'", "\\'", $tag);
+
+                               $tag_str = "<a href=\"javascript:viewfeed('$tag_escaped')\">$tag</a>, ";
                                
                                if ($num_tags == 6) {
                                        $tags_str .= "<a href=\"javascript:showBlockElement('allEntryTags')\">...</a>";
@@ -3988,4 +3984,15 @@
                echo sprintf("<!-- CP[$n] %.4f seconds -->", $ts - $s);
                return $ts;
        }
+
+       function sanitize_tag($tag) {
+               $tag = trim($tag);
+
+               $tag = mb_strtolower($tag, 'utf-8');
+
+               $tag = str_replace("+", " ", $tag);     
+               $tag = str_replace("technorati tag: ", "", $tag);
+
+               return $tag;
+       }
 ?>

diff --git a/modules/backend-rpc.php b/modules/backend-rpc.php
index 425a855fcab5449c133fa82b0bc8ae390fafaf22..e70b75524a2b477cb08d97352aeeb6c4485909e7 100644 (file)
--- a/modules/backend-rpc.php
+++ b/modules/backend-rpc.php
@@ -202,7 +202,9 @@
                }
 
                if ($subop == "setArticleTags") {
+
                        $id = db_escape_string($_GET["id"]);
+
                        $tags_str = db_escape_string($_GET["tags_str"]);
 
                        $tags = array_unique(trim_array(split(",", $tags_str)));
@@ -220,7 +222,7 @@
                                        post_int_id = $int_id AND owner_uid = '".$_SESSION["uid"]."'");
 
                                foreach ($tags as $tag) {
-                                       $tag = trim($tag);
+                                       $tag = sanitize_tag($tag);      
 
                                        if (!tag_is_valid($tag)) {
                                                continue;
@@ -229,6 +231,8 @@
                                        if (preg_match("/^[0-9]*$/", $tag)) {
                                                continue;
                                        }
+
+//                                     print "<!-- $tag -->";
                                        
                                        if ($tag != '') {
                                                db_query($link, "INSERT INTO ttrss_tags 

diff --git a/viewfeed.js b/viewfeed.js
index 604af1bae02c020a114787ca3933c0a83fbf27d7..18264eb63d17bb5d76fa71a788df8eb6cea82879 100644 (file)
--- a/viewfeed.js
+++ b/viewfeed.js
@@ -727,7 +727,11 @@ function editTagsSave() {
 
        var query = Form.serialize("tag_edit_form");
 
-       xmlhttp_rpc.open("GET", "backend.php?op=rpc&subop=setArticleTags&" + query, true);                      
+       query = "backend.php?op=rpc&subop=setArticleTags&" + query;
+
+       debug(query);
+
+       xmlhttp_rpc.open("GET", query, true);                   
        xmlhttp_rpc.onreadystatechange=tag_saved_callback;
        xmlhttp_rpc.send(null);