fix some brackets issues in feed editor

author Andrew Dolgov <fox@bah.spb.su>

Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)

committer Andrew Dolgov <fox@bah.spb.su>

Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)
author Andrew Dolgov <fox@bah.spb.su>
Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)
committer Andrew Dolgov <fox@bah.spb.su>
Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)
diff --git a/backend.php b/backend.php

index 419d1b98e6ec289a6407aceb82cf7b74acadf3ce..41b2c29db905c81ffd78f2c1caeb8f177f357486 100644 (file)
--- a/backend.php
+++ b/backend.php
@@ -806,15 +806,18 @@
                         }
                         print "<td align='center'>$feed_icon</td>";             
  
+                       $edit_title = htmlspecialchars(db_unescape_string($line["title"]));
+                       $edit_link = htmlspecialchars(db_unescape_string($line["feed_url"]));
+
                         if (!$edit_feed_id || $subop != "edit") {
  
                                 print "<td><input onclick='toggleSelectRow(this);' 
                                 type=\"checkbox\" id=\"FRCHK-".$line["id"]."\"></td>";
  
                                 print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
-                                       $line["title"] . "</td>";               
+                                       $edit_title . "</td>";          
                                 print "<td><a href=\"javascript:editFeed($feed_id);\">" . 
-                                       $line["feed_url"] . "</td>";            
+                                       $edit_link . "</td>";           
  
                                 if ($line["update_interval"] == "0")
                                         $line["update_interval"] = "Default";
@@ -827,8 +830,8 @@
                                 print "<td><input disabled=\"true\" type=\"checkbox\" 
                                         id=\"FRCHK-".$line["id"]."\"></td>";
  
-                               print "<td>".$line["title"]."</td>";            
-                               print "<td>".$line["feed_url"]."</td>";         
+                               print "<td>$edit_title</td>";           
+                               print "<td>$edit_link</td>";            
  
                                 if ($line["update_interval"] == "0")
                                         $line["update_interval"] = "Default";
@@ -839,8 +842,8 @@
  
                                 print "<td><input disabled=\"true\" type=\"checkbox\"></td>";
  
-                               print "<td><input id=\"iedit_title\" value=\"".$line["title"]."\"></td>";
-                               print "<td><input id=\"iedit_link\" value=\"".$line["feed_url"]."\"></td>";
+                               print "<td><input id=\"iedit_title\" value=\"$edit_title\"></td>";
+                               print "<td><input id=\"iedit_link\" value=\"$edit_link\"></td>";
                                 print "<td><input id=\"iedit_updintl\" value=\"".$line["update_interval"]."\"></td>";
                                         
                         }
diff --git a/db.php b/db.php

index c72bbd9dfab89ac7f78bcfc3a8c6007ab1dc52a7..e4673f679c4ed476531ee76ef93c08f73a981ab8 100644 (file)
--- a/db.php
+++ b/db.php
@@ -103,6 +103,12 @@ function db_fetch_result($result, $row, $param) {
         }
  }
  
+function db_unescape_string($str) {
+       $tmp = str_replace("\\\"", "\"", $str);
+       $tmp = str_replace("\\'", "'", $tmp);
+       return $tmp;
+}
+
  function db_close($link) {
         if (DB_TYPE == "pgsql") {
  
diff --git a/opml.php b/opml.php

index bcfa317001c9384004732e9452303284bc549e8f..2e87c037a7aad4e000e4e915b87cd93912f2084f 100644 (file)
--- a/opml.php
+++ b/opml.php
@@ -24,8 +24,8 @@
                 $result = db_query($link, "SELECT * FROM ttrss_feeds ORDER BY title");
  
                 while ($line = db_fetch_assoc($result)) {
-                       $title = $line["title"];
-                       $url = $line["feed_url"];
+                       $title = htmlspecialchars($line["title"]);
+                       $url = htmlspecialchars($line["feed_url"]);
  
                         print "<outline text=\"$title\" xmlUrl=\"$url\"/>";
                 }
author	Andrew Dolgov <fox@bah.spb.su>
	Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)
committer	Andrew Dolgov <fox@bah.spb.su>
	Sun, 16 Oct 2005 14:48:33 +0000 (15:48 +0100)
backend.php		patch \| blob \| blame \| history
db.php		patch \| blob \| blame \| history
opml.php		patch \| blob \| blame \| history