initialize_user_prefs: escape data on import

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)
diff --git a/include/functions.php b/include/functions.php

index f611ec4fef566e5af848e7c07da81b759dd75e6e..951bf230fff0f06fe4984feca329a6a3264e1e0b 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -548,6 +548,9 @@
                         if (array_search($line["pref_name"], $active_prefs) === FALSE) {
  //                             print "adding " . $line["pref_name"] . "<br>";
  
+                               $line["def_value"] = db_escape_string($link, $line["def_value"]);
+                               $line["pref_name"] = db_escape_string($link, $line["pref_name"]);
+
                                 if (get_schema_version($link) < 63) {
                                         db_query($link, "INSERT INTO ttrss_user_prefs
                                                 (owner_uid,pref_name,value) VALUES
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Fri, 29 Mar 2013 04:51:05 +0000 (08:51 +0400)