From: Andrew Dolgov Date: Sat, 19 Feb 2011 13:55:36 +0000 (+0300) Subject: db_escape_string: remove tags by default (refs #323) X-Git-Tag: 1.5.2~37 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=c7a8deacd97242e33a1d4111ccd1da6810d28255;p=tt-rss.git db_escape_string: remove tags by default (refs #323) --- diff --git a/db.php b/db.php index 844bd0e4..9b1ce5d8 100644 --- a/db.php +++ b/db.php @@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s) { +function db_escape_string($s, $strip_tags = true) { + if ($strip_tags) $s = strip_tags($s); + if (DB_TYPE == "pgsql") { return pg_escape_string($s); } else { diff --git a/functions.php b/functions.php index 0a755936..16780fd1 100644 --- a/functions.php +++ b/functions.php @@ -954,7 +954,7 @@ $result = db_query($link, "SELECT id FROM ttrss_entries WHERE guid = '$entry_guid'"); - $entry_content = db_escape_string($entry_content); + $entry_content = db_escape_string($entry_content, true); $content_hash = "SHA1:" . sha1(strip_tags($entry_content));