$result = db_query($link, "SELECT update_interval,auth_login,auth_pass
FROM ttrss_feeds WHERE id = '$feed'");
- $auth_login = db_unescape_string(db_fetch_result($result, 0, "auth_login"));
- $auth_pass = db_unescape_string(db_fetch_result($result, 0, "auth_pass"));
+ $auth_login = db_fetch_result($result, 0, "auth_login");
+ $auth_pass = db_fetch_result($result, 0, "auth_pass");
$update_interval = db_fetch_result($result, 0, "update_interval");
$is_selected = "";
}
printf("<option $is_selected value='%d'>%s</option>",
- $line["id"], htmlspecialchars(db_unescape_string($line["title"])));
+ $line["id"], htmlspecialchars($line["title"]));
}
print "</select>";
$is_selected = "";
}
printf("<option $is_selected value='%d'>%s</option>",
- $line["id"], htmlspecialchars(db_unescape_string($line["title"])));
+ $line["id"], htmlspecialchars($line["title"]));
}
print "</select>";
$feed_title = "?";
}
- $feed_title = db_unescape_string($feed_title);
-
if ($feed < -10) error_reporting (0);
if (preg_match("/^-?[0-9][0-9]*$/", $feed) != false) {
}
}
- function escape_for_form($s) {
- return htmlspecialchars(db_unescape_string($s));
- }
-
function make_guid_from_title($title) {
return preg_replace("/[ \"\',.:;]/", "-",
mb_strtolower(strip_tags($title), 'utf-8'));
error_reporting (DEFAULT_ERROR_LEVEL);
printFeedEntry($label_id,
- $class, db_unescape_string($line["description"]),
+ $class, $line["description"],
$count, "images/label.png", $link);
}
while ($line = db_fetch_assoc($result)) {
- $feed = trim(db_unescape_string($line["title"]));
+ $feed = trim($line["title"]);
if (!$feed) $feed = "[Untitled]";
$class = ($feedctr % 2) ? "even" : "odd";
print "<li class='$class' id=\"FBROW-".$details["id"]."\">$check_box".
- "$feed_icon " . db_unescape_string($details["title"]) .
+ "$feed_icon " . $details["title"] .
" <span class='subscribers'>($subscribers)</span></li>";
++$feedctr;
"SELECT * FROM ttrss_feeds WHERE id = '$feed_id' AND
owner_uid = " . $_SESSION["uid"]);
- $title = htmlspecialchars(db_unescape_string(db_fetch_result($result,
- 0, "title")));
+ $title = htmlspecialchars(db_fetch_result($result,
+ 0, "title"));
$icon_file = ICONS_DIR . "/$feed_id.ico";
name=\"title\" value=\"$title\"></td></tr>";
$feed_url = db_fetch_result($result, 0, "feed_url");
- $feed_url = htmlspecialchars(db_unescape_string(db_fetch_result($result,
- 0, "feed_url")));
+ $feed_url = htmlspecialchars(db_fetch_result($result,
+ 0, "feed_url"));
print "<tr><td>".__('Feed URL:')."</td>";
print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event, feedEditSave)\"
print "</td>";
- $auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login"));
+ $auth_login = htmlspecialchars(db_fetch_result($result, 0, "auth_login"));
print "<tr><td>".__('Login:')."</td>";
print "<td><input class=\"iedit\" onkeypress=\"return filterCR(event, feedEditSave)\"
name=\"auth_login\" value=\"$auth_login\"></td></tr>";
- $auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass"));
+ $auth_pass = htmlspecialchars(db_fetch_result($result, 0, "auth_pass"));
print "<tr><td>".__('Password:')."</td>";
print "<td><input class=\"iedit\" type=\"password\" name=\"auth_pass\"
print "<tr class=\"$class\" $this_row_id>";
- $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+ $edit_title = htmlspecialchars($line["title"]);
if (!$edit_cat_id || $action != "edit") {
$feed_id = $line["id"];
$cat_id = $line["cat_id"];
- $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
- $edit_cat = htmlspecialchars(db_unescape_string($line["category"]));
+ $edit_title = htmlspecialchars($line["title"]);
+ $edit_cat = htmlspecialchars($line["category"]);
$hidden = sql_bool_to_bool($line["hidden"]);
$result = db_query($link,
"SELECT * FROM ttrss_filters WHERE id = '$filter_id' AND owner_uid = " . $_SESSION["uid"]);
- $reg_exp = htmlspecialchars(db_unescape_string(db_fetch_result($result, 0, "reg_exp")));
+ $reg_exp = htmlspecialchars(db_fetch_result($result, 0, "reg_exp"));
$filter_type = db_fetch_result($result, 0, "filter_type");
$feed_id = db_fetch_result($result, 0, "feed_id");
$action_id = db_fetch_result($result, 0, "action_id");
print "<tr class=\"$class\" $this_row_id>";
- $line["reg_exp"] = htmlspecialchars(db_unescape_string($line["reg_exp"]));
+ $line["reg_exp"] = htmlspecialchars($line["reg_exp"]);
if (!$line["feed_title"]) $line["feed_title"] = __("All feeds");
- $line["feed_title"] = htmlspecialchars(db_unescape_string($line["feed_title"]));
+ $line["feed_title"] = htmlspecialchars($line["feed_title"]);
print "<td align='center'><input onclick='toggleSelectPrefRow(this, \"filter\");'
type=\"checkbox\" id=\"FICHK-".$line["id"]."\"></td>";
$line = db_fetch_assoc($result);
- $sql_exp = htmlspecialchars(db_unescape_string($line["sql_exp"]));
- $description = htmlspecialchars(db_unescape_string($line["description"]));
+ $sql_exp = htmlspecialchars($line["sql_exp"]);
+ $description = htmlspecialchars($line["description"]);
print "<div id=\"infoBoxTitle\">Label editor</div>";
print "<div class=\"infoBoxContents\">";
if ($subop == "test") {
- $expr = db_unescape_string(trim($_GET["expr"]));
- $descr = db_unescape_string(trim($_GET["descr"]));
+ // no escaping here on purpose
+ $expr = trim($_GET["expr"]);
+ $descr = db_escape_string(trim($_GET["descr"]));
if (!$expr) {
print "<div>Error: SQL expression is blank.</div>";
print "<tr class=\"$class\" $this_row_id>";
- $line["sql_exp"] = htmlspecialchars(db_unescape_string($line["sql_exp"]));
- $line["description"] = htmlspecialchars(
- db_unescape_string($line["description"]));
+ $line["sql_exp"] = htmlspecialchars($line["sql_exp"]);
+ $line["description"] = htmlspecialchars($line["description"]);
if (!$line["description"]) $line["description"] = "[No caption]";
projects / tt-rss.git / commitdiff