db_escape_string: remove tags by default (refs #323)

author Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)

committer Andrew Dolgov <fox@madoka.volgo-balt.ru>

Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)
author Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)
committer Andrew Dolgov <fox@madoka.volgo-balt.ru>
Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)
diff --git a/db.php b/db.php

index 844bd0e418355ecbb8553869d28e96722e22ee1b..9b1ce5d84cc2319230d6d467a37b9d1208523fc4 100644 (file)
--- a/db.php
+++ b/db.php
@@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) {
         }
  }
  
-function db_escape_string($s) {
+function db_escape_string($s, $strip_tags = true) {
+       if ($strip_tags) $s = strip_tags($s);
+
         if (DB_TYPE == "pgsql") {       
                 return pg_escape_string($s);
         } else {
diff --git a/functions.php b/functions.php

index 0a7559368033ba656235fbf67203d351e176601b..16780fd1fcb7fe0f0b89aa3566877274c6af5607 100644 (file)
--- a/functions.php
+++ b/functions.php
@@ -954,7 +954,7 @@
                                 $result = db_query($link, "SELECT id FROM       ttrss_entries 
                                         WHERE guid = '$entry_guid'");
  
-                               $entry_content = db_escape_string($entry_content);
+                               $entry_content = db_escape_string($entry_content, true);
  
                                 $content_hash = "SHA1:" . sha1(strip_tags($entry_content));
author	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)
committer	Andrew Dolgov <fox@madoka.volgo-balt.ru>
	Sat, 19 Feb 2011 13:55:36 +0000 (16:55 +0300)
db.php		patch \| blob \| blame \| history
functions.php		patch \| blob \| blame \| history