remove unneeded escaping in label/add

author Andrew Dolgov <fox@bah.spb.su>

Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)
diff --git a/backend.php b/backend.php

index a3b4f6993e691a051fe471369f0fe156d7ea86e0..b8455b485fd648e478cd15fbb839058a71bd6c4f 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -1202,7 +1202,7 @@
  
                                 $regexp = db_escape_string(trim($_GET["regexp"]));
                                 $match = db_escape_string(trim($_GET["match"]));
-                                       
+
                                 $result = db_query($link,
                                         "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid) VALUES 
                                                 ('$regexp', (SELECT id FROM ttrss_filter_types WHERE
@@ -1373,7 +1373,8 @@
                 
                         if (!WEB_DEMO_MODE) {
  
-                               $exp = db_escape_string(trim($_GET["exp"]));
+                               // no escaping is done here on purpose
+                               $exp = trim($_GET["exp"]);
                                         
                                 $result = db_query($link,
                                         "INSERT INTO ttrss_labels (sql_exp,description,owner_uid)
author	Andrew Dolgov <fox@bah.spb.su>
	Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sun, 20 Nov 2005 07:21:17 +0000 (08:21 +0100)