]> git.wh0rd.org Git - tt-rss.git/commitdiff
rssutils: forbid question marks in tsvector data, PDO gets confused sometimes even...
authorAndrew Dolgov <noreply@fakecake.org>
Sun, 3 Dec 2017 07:10:01 +0000 (10:10 +0300)
committerAndrew Dolgov <noreply@fakecake.org>
Sun, 3 Dec 2017 07:10:01 +0000 (10:10 +0300)
classes/rssutils.php
update.php

index 696b8604cce4b88b4811af07bab363af99b62acb..98f494d706b84d675feab579607a9e853e1ad9ad 100644 (file)
@@ -973,29 +973,39 @@ class RSSUtils {
                                        _debug("resulting RID: $entry_ref_id, IID: $entry_int_id", $debug_enabled);
 
                                        if (DB_TYPE == "pgsql") {
-                                               $tsvector_combined = mb_substr($entry_title . ' ' . strip_tags(str_replace('<', ' <', $entry_content)),
+                                               $tsvector_combined = mb_substr($entry_title . ' ' .
+                                                       preg_replace('/[<\?\:]/', ' ', strip_tags($entry_content)),
                                                        0, 1000000);
 
-                                               $tsvector_qpart = "tsvector_combined = to_tsvector('$feed_language', ".$pdo->quote($tsvector_combined)."),";
+                                               $tsvector_qpart = "tsvector_combined = to_tsvector(".$pdo->quote($feed_language).", ".$pdo->quote($tsvector_combined)."),";
 
                                        } else {
                                                $tsvector_qpart = "";
                                        }
 
+                                       //_debug($tsvector_qpart);
+
                                        $sth = $pdo->prepare("UPDATE ttrss_entries
-                                               SET title = ?,
-                                                       content = ?,
-                                                       content_hash = ?,
-                                                       updated = ?,
+                                               SET title = :title,
                                                        $tsvector_qpart
-                                                       num_comments = ?,
-                                                       plugin_data = ?,
-                                                       author = ?,
-                                                       lang = ?
-                                               WHERE id = ?");
-
-                                       $sth->execute([$entry_title, $entry_content, $entry_current_hash, $entry_timestamp_fmt,
-                                               (int)$num_comments, $entry_plugin_data, $entry_author, $entry_language, $ref_id]);
+                                                       content = :content,
+                                                       content_hash = :content_hash,
+                                                       updated = :updated,
+                                                       num_comments = :num_comments,
+                                                       plugin_data = :plugin_data,
+                                                       author = :author,
+                                                       lang = :lang                                                                                                            
+                                               WHERE id = :id");
+
+                                       $sth->execute([":title" => $entry_title,
+                                               ":content" => $entry_content,
+                                               ":content_hash" => $entry_current_hash,
+                                               ":updated" => $entry_timestamp_fmt,
+                                               ":num_comments" => (int)$num_comments,
+                                               ":plugin_data" => $entry_plugin_data,
+                                               ":author" => $entry_author,
+                                               ":lang" => $entry_language,
+                                               ":id" => $ref_id]);
 
                                        // update aux data
                                        $sth = $pdo->prepare("UPDATE ttrss_user_entries
index 22dded6752bbae794a46777410fe07922689bf95..3116ab7815cc1a4521b005ed3d436a3015e1026d 100755 (executable)
                while (true) {
 
                        while ($line = $sth->fetch()) {
-                          $tsvector_combined = mb_substr($line['title'] . ' ' . strip_tags(str_replace('<', ' <', $line['content'])),
+                          $tsvector_combined = mb_substr($line['title'] . ' ' .
+                   preg_replace('/[<\?\:]/', ' ', strip_tags($line['content'])),
                                        0, 1000000);
 
                 $usth->execute([$tsvector_combined, $line['id']]);