]> git.wh0rd.org Git - tt-rss.git/commitdiff
projects / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 605f7d4)
sanitize input in label-editor subops
authorAndrew Dolgov <fox@madoka.spb.ru>
Fri, 19 May 2006 03:13:32 +0000 (04:13 +0100)
committerAndrew Dolgov <fox@madoka.spb.ru>
Fri, 19 May 2006 03:13:32 +0000 (04:13 +0100)
backend.php patch | blob | history

diff --git a/backend.php b/backend.php
index 4d855ceadd20b9830b7f56cfe05e739659db639b..bb418044937bdffa97e74d80e223838377465daa 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -2167,8 +2167,8 @@
 
                if ($subop == "editSave") {
 
-                       $regexp = db_escape_string($_GET["r"]);
-                       $match = db_escape_string($_GET["m"]);
+                       $regexp = db_escape_string(trim($_GET["r"]));
+                       $match = db_escape_string(trim($_GET["m"]));
                        $filter_id = db_escape_string($_GET["id"]);
                        $feed_id = db_escape_string($_GET["fid"]);
                        $action_id = db_escape_string($_GET["aid"]); 
@@ -2482,8 +2482,8 @@
 
                if ($subop == "test") {
 
-                       $expr = $_GET["expr"];
-                       $descr = $_GET["descr"];
+                       $expr = trim($_GET["expr"]);
+                       $descr = trim($_GET["descr"]);
 
                        print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
 
@@ -2536,8 +2536,8 @@
 
                if ($subop == "editSave") {
 
-                       $sql_exp = $_GET["s"];
-                       $descr = $_GET["d"];
+                       $sql_exp = trim($_GET["s"]);
+                       $descr = trim($_GET["d"]);
                        $label_id = db_escape_string($_GET["id"]);
                        
 //                     print "$sql_exp : $descr : $label_id";
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/