From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Thu, 21 Mar 2013 17:42:11 +0000 (+0400)
Subject: attempt fix db_escape_string() invocation in sessions.php
X-Git-Tag: 1.7.5~39
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=029591964885e4a9010838cd9ae9824267dc63fc;p=tt-rss.git

attempt fix db_escape_string() invocation in sessions.php
---

diff --git a/include/db.php b/include/db.php
index f1a7af36..17437142 100644
--- a/include/db.php
+++ b/include/db.php
@@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) {
 	}
 }
 
-function db_escape_string($s, $strip_tags = true) {
+function db_escape_string($s, $strip_tags = true, $link = NULL) {
 	if ($strip_tags) $s = strip_tags($s);
 
 	if (DB_TYPE == "pgsql") {
-		return pg_escape_string($s);
+		if ($link) {
+			return pg_escape_string($link, $s);
+		} else {
+			return pg_escape_string($s);
+		}
 	} else {
-		return mysql_real_escape_string($s);
+		return mysql_real_escape_string($s, $link);
 	}
 }
 
diff --git a/include/sessions.php b/include/sessions.php
index 2cef1d91..7d9b19bd 100644
--- a/include/sessions.php
+++ b/include/sessions.php
@@ -53,7 +53,7 @@
 
 		$expire = time() + $session_expire;
 
-		$data = db_escape_string(base64_encode($data), $session_connection);
+		$data = db_escape_string(base64_encode($data), false, $session_connection);
 
 		if ($session_read) {
 		 	$query = "UPDATE ttrss_sessions SET data='$data',