From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Sat, 19 Feb 2011 13:55:36 +0000 (+0300)
Subject: db_escape_string: remove tags by default (refs #323)
X-Git-Tag: 1.5.2~37
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=c7a8deacd97242e33a1d4111ccd1da6810d28255;p=tt-rss.git

db_escape_string: remove tags by default (refs #323)
---

diff --git a/db.php b/db.php
index 844bd0e4..9b1ce5d8 100644
--- a/db.php
+++ b/db.php
@@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) {
 	}
 }
 
-function db_escape_string($s) {
+function db_escape_string($s, $strip_tags = true) {
+	if ($strip_tags) $s = strip_tags($s);
+
 	if (DB_TYPE == "pgsql") {	
 		return pg_escape_string($s);
 	} else {
diff --git a/functions.php b/functions.php
index 0a755936..16780fd1 100644
--- a/functions.php
+++ b/functions.php
@@ -954,7 +954,7 @@
 				$result = db_query($link, "SELECT id FROM	ttrss_entries 
 					WHERE guid = '$entry_guid'");
 
-				$entry_content = db_escape_string($entry_content);
+				$entry_content = db_escape_string($entry_content, true);
 
 				$content_hash = "SHA1:" . sha1(strip_tags($entry_content));