update: feed escaping issue

diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index 1b39efec1010f79a5dabefc9f0b0c743fc8436cf..eaa975a5af04f4b4f09cc8aca6cf732c3e5cf06f 100644 (file)
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -631,7 +631,6 @@
                                        print "\n";
                                }
 
-                               $entry_content_unescaped = $entry_content;
                                $entry_cached_content = "";
 
                                if ($use_simplepie) {
@@ -675,10 +674,6 @@
                                $result = db_query($link, "SELECT id FROM       ttrss_entries
                                        WHERE guid = '$entry_guid'");
 
-                               $entry_content = db_escape_string($entry_content, false);
-
-                               $entry_title = db_escape_string($entry_title);
-                               $entry_link = db_escape_string($entry_link);
                                $entry_comments = mb_substr(db_escape_string($entry_comments), 0, 250);
                                $entry_author = mb_substr($entry_author, 0, 250);
 
@@ -762,7 +757,7 @@
                                $entry_tags = null;
 
                                preg_match_all("/<a.*?rel=['\"]tag['\"].*?\>([^<]+)<\/a>/i",
-                                       $entry_content_unescaped, $entry_tags);
+                                       $entry_content, $entry_tags);
 
                                $entry_tags = $entry_tags[1];
 
@@ -804,6 +799,11 @@
                                        $entry_author = $article["author"];
                                }
 
+                               $entry_content = db_escape_string($entry_content, false);
+                               $entry_title = db_escape_string($entry_title);
+                               $entry_author = db_escape_string($entry_author);
+                               $entry_link = db_escape_string($entry_link);
+
                                $content_hash = "SHA1:" . sha1(strip_tags($entry_content));
 
                                db_query($link, "BEGIN");