mirrors/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/fox/tt-rss.git synced 2025-11-04 05:41:29 +01:00
Code Issues Projects Releases Wiki Activity

labels editor: fix quote-escaping

Browse Source
This commit is contained in:
Andrew Dolgov 2007-05-19 14:51:14 +01:00
parent 14b6c54b03
commit 5b10ad15e7
1 changed files with 2 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
modules/pref-labels.php
View File

@ -150,7 +150,7 @@
if ($subop == "editSave") { if ($subop == "editSave") {
$sql_exp = trim($_GET["sql_exp"]); $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
$descr = db_escape_string(trim($_GET["description"])); $descr = db_escape_string(trim($_GET["description"]));
$label_id = db_escape_string($_GET["id"]); $label_id = db_escape_string($_GET["id"]);
@ -180,8 +180,7 @@
if ($subop == "add") { if ($subop == "add") {
// no escaping is done here on purpose $sql_exp = db_escape_string(trim($_GET["sql_exp"]));
$sql_exp = trim($_GET["sql_exp"]);
$description = db_escape_string($_GET["description"]); $description = db_escape_string($_GET["description"]);
if (!$sql_exp || !$description) return; if (!$sql_exp || !$description) return;