From e4befe6bf43318766bcfd5a610b26be0aa1f82f0 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <noreply@fakecake.org>
Date: Sat, 2 Dec 2017 15:47:28 +0300
Subject: [PATCH] fix label cache being double escaped on save remove some
 old-style escaping

---
 classes/article.php   |  6 +++---
 classes/labels.php    |  2 +-
 include/functions.php | 10 ++++------
 3 files changed, 8 insertions(+), 10 deletions(-)

diff --git a/classes/article.php b/classes/article.php
index 50367c08..869e746c 100644
--- a/classes/article.php
+++ b/classes/article.php
@@ -976,12 +976,12 @@ class Article extends Handler_Protected {
 			$label_cache = $row["label_cache"];
 
 			if ($label_cache) {
-				$label_cache = json_decode($label_cache, true);
+				$tmp = json_decode($label_cache, true);
 
-				if ($label_cache["no-labels"] == 1)
+				if (!$tmp || $tmp["no-labels"] == 1)
 					return $rv;
 				else
-					return $label_cache;
+					return $tmp;
 			}
 		}
 
diff --git a/classes/labels.php b/classes/labels.php
index 973732b9..4061de57 100644
--- a/classes/labels.php
+++ b/classes/labels.php
@@ -62,7 +62,7 @@ class Labels
 		if (!$labels)
 			$labels = Article::get_article_labels($id);
 
-		$labels = db_escape_string(json_encode($labels));
+		$labels = json_encode($labels);
 
 		$sth = $pdo->prepare("UPDATE ttrss_user_entries SET
 			label_cache = ? WHERE ref_id = ? AND owner_uid = ?");
diff --git a/include/functions.php b/include/functions.php
index 6637bd5d..459762d5 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -977,10 +977,6 @@
 			$error_code = 5;
 		}
 
-		if (db_escape_string("testTEST") != "testTEST") {
-			$error_code = 12;
-		}
-
 		return array("code" => $error_code, "message" => $ERRORS[$error_code]);
 	}
 
@@ -2218,6 +2214,8 @@
 	function filter_to_sql($filter, $owner_uid) {
 		$query = array();
 
+		$pdo = Db::pdo();
+
 		if (DB_TYPE == "pgsql")
 			$reg_qpart = "~";
 		else
@@ -2230,7 +2228,7 @@
 
 			if ($regexp_valid) {
 
-				$rule['reg_exp'] = db_escape_string($rule['reg_exp']);
+				$rule['reg_exp'] = $pdo->quote($rule['reg_exp']);
 
 				switch ($rule["type"]) {
 					case "title":
@@ -2263,7 +2261,7 @@
 				if (isset($rule['inverse'])) $qpart = "NOT ($qpart)";
 
 				if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) {
-					$qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]);
+					$qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]);
 				}
 
 				if (isset($rule["cat_id"])) {
-- 
2.39.2