From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Fri, 29 Mar 2013 04:51:05 +0000 (+0400)
Subject: initialize_user_prefs: escape data on import
X-Git-Tag: 1.7.6~181
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=d296ba50d4e7219bb153634e656cd9c841ba42cd;p=tt-rss.git

initialize_user_prefs: escape data on import
---

diff --git a/include/functions.php b/include/functions.php
index f611ec4f..951bf230 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -548,6 +548,9 @@
 			if (array_search($line["pref_name"], $active_prefs) === FALSE) {
 //				print "adding " . $line["pref_name"] . "<br>";
 
+				$line["def_value"] = db_escape_string($link, $line["def_value"]);
+				$line["pref_name"] = db_escape_string($link, $line["pref_name"]);
+
 				if (get_schema_version($link) < 63) {
 					db_query($link, "INSERT INTO ttrss_user_prefs
 						(owner_uid,pref_name,value) VALUES