]> git.wh0rd.org - tt-rss.git/commitdiff
git.wh0rd.org / tt-rss.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1696229)
escape data on OPML import (take 2)
authorAndrew Dolgov <fox@bah.spb.su>
Thu, 13 Oct 2005 01:05:47 +0000 (02:05 +0100)
committerAndrew Dolgov <fox@bah.spb.su>
Thu, 13 Oct 2005 01:05:47 +0000 (02:05 +0100)
db.php patch | blob | blame | history
opml.php patch | blob | blame | history

diff --git a/db.php b/db.php
index 5db48273cfca52e55717e552b889e7784fed0914..44187db0f3d1bcfdf8ce275b94bd60052b909db2 100644 (file)
--- a/db.php
+++ b/db.php
@@ -41,6 +41,16 @@ function db_escape_string($s) {
        }
 }
 
+/* I hate MySQL :( */
+
+function db_escape_string_2($s, $link) {
+       if (DB_TYPE == "pgsql") {       
+               return pg_escape_string($s);
+       } else {
+               return mysql_real_escape_string($s, $link);
+       }
+}
+
 function db_query($link, $query) {
        if (DB_TYPE == "pgsql") {
                $result = pg_query($link, $query);
diff --git a/opml.php b/opml.php
index e8c9c9b79f1a6488a8ef2ec318c95d1d3afd3c68..bcfa317001c9384004732e9452303284bc549e8f 100644 (file)
--- a/opml.php
+++ b/opml.php
@@ -46,12 +46,19 @@
                                }
                        }
 
+                       /* this is suboptimal */
+
+                       $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
+
+                       if (!$link) return;
+
+                       $title = db_escape_string_2($title, $link);
+                       $url = db_escape_string_2($url, $link);
+
                        if (!$title || !$url) return;
 
                        print "Feed <b>$title</b> ($url)... ";
 
-                       $link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME); 
-
                        $result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
                                title = '$title' OR feed_url = '$url'");
 
web-based news feed (RSS/Atom) reader and aggregator; see https://tt-rss.org/