fix label cache being double escaped on save

author Andrew Dolgov <noreply@fakecake.org>

Sat, 2 Dec 2017 12:47:28 +0000 (15:47 +0300)

committer Andrew Dolgov <noreply@fakecake.org>

Sat, 2 Dec 2017 12:47:53 +0000 (15:47 +0300)
author Andrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 12:47:28 +0000 (15:47 +0300)
committer Andrew Dolgov <noreply@fakecake.org>
Sat, 2 Dec 2017 12:47:53 +0000 (15:47 +0300)
diff --git a/classes/article.php b/classes/article.php

index 50367c08df432212d4913dfa22a5e1bb178bd162..869e746cf195d6df22f460181bfd98ce672e7f21 100644 (file)
--- a/classes/article.php
+++ b/classes/article.php
@@ -976,12 +976,12 @@ class Article extends Handler_Protected {
                         $label_cache = $row["label_cache"];
  
                         if ($label_cache) {
-                               $label_cache = json_decode($label_cache, true);
+                               $tmp = json_decode($label_cache, true);
  
-                               if ($label_cache["no-labels"] == 1)
+                               if (!$tmp || $tmp["no-labels"] == 1)
                                         return $rv;
                                 else
-                                       return $label_cache;
+                                       return $tmp;
                         }
                 }
  
diff --git a/classes/labels.php b/classes/labels.php

index 973732b991246559638950cf4114118e3f8a2272..4061de57e6c46fff2d378d91dba4d961c7819c60 100644 (file)
--- a/classes/labels.php
+++ b/classes/labels.php
@@ -62,7 +62,7 @@ class Labels
                 if (!$labels)
                         $labels = Article::get_article_labels($id);
  
-               $labels = db_escape_string(json_encode($labels));
+               $labels = json_encode($labels);
  
                 $sth = $pdo->prepare("UPDATE ttrss_user_entries SET
                         label_cache = ? WHERE ref_id = ? AND owner_uid = ?");
diff --git a/include/functions.php b/include/functions.php

index 6637bd5d1a1a1d253a508351a2434ee961ca5d39..459762d58ea7c4b2fac427f71aad0fc82abf23c1 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -977,10 +977,6 @@
                         $error_code = 5;
                 }
  
-               if (db_escape_string("testTEST") != "testTEST") {
-                       $error_code = 12;
-               }
-
                 return array("code" => $error_code, "message" => $ERRORS[$error_code]);
         }
  
@@ -2218,6 +2214,8 @@
         function filter_to_sql($filter, $owner_uid) {
                 $query = array();
  
+               $pdo = Db::pdo();
+
                 if (DB_TYPE == "pgsql")
                         $reg_qpart = "~";
                 else
@@ -2230,7 +2228,7 @@
  
                         if ($regexp_valid) {
  
-                               $rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+                               $rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
  
                                 switch ($rule["type"]) {
                                         case "title":
@@ -2263,7 +2261,7 @@
                                 if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
  
                                 if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
-                                       $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+                                       $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
                                 }
  
                                 if (isset($rule["cat_id"])) {
author	Andrew Dolgov <noreply@fakecake.org>
	Sat, 2 Dec 2017 12:47:28 +0000 (15:47 +0300)
committer	Andrew Dolgov <noreply@fakecake.org>
	Sat, 2 Dec 2017 12:47:53 +0000 (15:47 +0300)
classes/article.php		patch \| blob \| history
classes/labels.php		patch \| blob \| history
include/functions.php		patch \| blob \| history