From d0000401adf5ea6ba3012e10e8d8d790ab7ecca2 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Tue, 22 Aug 2006 08:17:40 +0100
Subject: [PATCH] fix title/link quote escaping issue when subscribing from
 feed browser (thread 108)

---
 backend.php | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/backend.php b/backend.php
index 670ea4b5..10f4b438 100644
--- a/backend.php
+++ b/backend.php
@@ -1081,8 +1081,10 @@
 				$result = db_query($link, "SELECT feed_url,title FROM ttrss_feeds
 					WHERE id = '$id'");
 
-				$feed_url = db_fetch_result($result, 0, "feed_url");
-				$title = db_fetch_result($result, 0, "title");
+				$feed_url = db_escape_string(db_fetch_result($result, 0, "feed_url"));
+				$title = db_escape_string(db_fetch_result($result, 0, "title"));
+
+				$title_orig = db_fetch_result($result, 0, "title");
 
 				$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 					feed_url = '$feed_url' AND owner_uid = " . $_SESSION["uid"]);
@@ -1092,7 +1094,7 @@
 						"INSERT INTO ttrss_feeds (owner_uid,feed_url,title,cat_id) 
 						VALUES ('".$_SESSION["uid"]."', '$feed_url', '$title', NULL)");
 
-					array_push($subscribed, $title);
+					array_push($subscribed, $title_orig);
 				}
 			}
 
-- 
2.39.5