From 4401bf04c38a1a631bd569689b20ad7fa065efa4 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sun, 20 Nov 2005 08:21:17 +0100 Subject: [PATCH] remove unneeded escaping in label/add --- backend.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/backend.php b/backend.php index a3b4f699..b8455b48 100644 --- a/backend.php +++ b/backend.php @@ -1202,7 +1202,7 @@ $regexp = db_escape_string(trim($_GET["regexp"])); $match = db_escape_string(trim($_GET["match"])); - + $result = db_query($link, "INSERT INTO ttrss_filters (reg_exp,filter_type,owner_uid) VALUES ('$regexp', (SELECT id FROM ttrss_filter_types WHERE @@ -1373,7 +1373,8 @@ if (!WEB_DEMO_MODE) { - $exp = db_escape_string(trim($_GET["exp"])); + // no escaping is done here on purpose + $exp = trim($_GET["exp"]); $result = db_query($link, "INSERT INTO ttrss_labels (sql_exp,description,owner_uid) -- 2.39.5