From 2c57df75ff04d6b170de6b6fc0509e5ddc05208e Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 1 Dec 2017 17:35:22 +0300 Subject: [PATCH] article: remove db_escape..() --- classes/article.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/classes/article.php b/classes/article.php index ff6157f6..50367c08 100644 --- a/classes/article.php +++ b/classes/article.php @@ -26,9 +26,9 @@ class Article extends Handler_Protected { } function view() { - $id = db_escape_string($_REQUEST["id"]); - $cids = explode(",", db_escape_string($_REQUEST["cids"])); - $mode = db_escape_string($_REQUEST["mode"]); + $id = $_REQUEST["id"]; + $cids = explode(",", $_REQUEST["cids"]); + $mode = $_REQUEST["mode"]; // in prefetch mode we only output requested cids, main article // just gets marked as read (it already exists in client cache) @@ -103,7 +103,7 @@ class Article extends Handler_Protected { if ($enable_share_anything) { $extracted_content = $af_readability->extract_content($url); - if ($extracted_content) $content = db_escape_string($extracted_content); + if ($extracted_content) $content = $extracted_content; } } } @@ -208,9 +208,9 @@ class Article extends Handler_Protected { print __("Tags for this article (separated by commas):")."
"; - $param = db_escape_string($_REQUEST['param']); + $param = $_REQUEST['param']; - $tags = Article::get_article_tags(db_escape_string($param)); + $tags = Article::get_article_tags($param); $tags_str = join(", ", $tags); @@ -271,9 +271,9 @@ class Article extends Handler_Protected { function setArticleTags() { - $id = db_escape_string($_REQUEST["id"]); + $id = $_REQUEST["id"]; - $tags_str = db_escape_string($_REQUEST["tags_str"]); + $tags_str = $_REQUEST["tags_str"]; $tags = array_unique(trim_array(explode(",", $tags_str))); $this->pdo->beginTransaction(); @@ -367,8 +367,8 @@ class Article extends Handler_Protected { private function labelops($assign) { $reply = array(); - $ids = explode(",", db_escape_string($_REQUEST["ids"])); - $label_id = db_escape_string($_REQUEST["lid"]); + $ids = explode(",", $_REQUEST["ids"]); + $label_id = $_REQUEST["lid"]; $label = db_escape_string(Labels::find_caption($label_id, $_SESSION["uid"])); @@ -783,7 +783,7 @@ class Article extends Handler_Protected { static function get_article_tags($id, $owner_uid = 0, $tag_cache = false) { - $a_id = db_escape_string($id); + $a_id = $id; if (!$owner_uid) $owner_uid = $_SESSION["uid"]; @@ -820,7 +820,7 @@ class Article extends Handler_Protected { /* update the cache */ - $tags_str = db_escape_string(join(",", $tags)); + $tags_str = join(",", $tags); $sth = $pdo->prepare("UPDATE ttrss_user_entries SET tag_cache = ? WHERE ref_id = ? -- 2.39.5