From d296ba50d4e7219bb153634e656cd9c841ba42cd Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Fri, 29 Mar 2013 08:51:05 +0400 Subject: [PATCH] initialize_user_prefs: escape data on import --- include/functions.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/functions.php b/include/functions.php index f611ec4f..951bf230 100644 --- a/include/functions.php +++ b/include/functions.php @@ -548,6 +548,9 @@ if (array_search($line["pref_name"], $active_prefs) === FALSE) { // print "adding " . $line["pref_name"] . "
"; + $line["def_value"] = db_escape_string($link, $line["def_value"]); + $line["pref_name"] = db_escape_string($link, $line["pref_name"]); + if (get_schema_version($link) < 63) { db_query($link, "INSERT INTO ttrss_user_prefs (owner_uid,pref_name,value) VALUES -- 2.39.5