blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

attempt fix db_escape_string() invocation in sessions.php

Browse source
This commit is contained in:
Andrew Dolgov 2013-03-21 21:42:11 +04:00
parent d4a5129a24
commit 0295919648
2 changed files with 8 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
include/db.php
View file

@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) {
} }
} }
function db_escape_string($s, $strip_tags = true) { function db_escape_string($s, $strip_tags = true, $link = NULL) {
if ($strip_tags) $s = strip_tags($s); if ($strip_tags) $s = strip_tags($s);
if (DB_TYPE == "pgsql") { if (DB_TYPE == "pgsql") {
return pg_escape_string($s); if ($link) {
return pg_escape_string($link, $s);
} else {
return pg_escape_string($s);
}
} else { } else {
return mysql_real_escape_string($s); return mysql_real_escape_string($s, $link);
} }
} }

2
include/sessions.php
View file

@ -53,7 +53,7 @@
$expire = time() + $session_expire; $expire = time() + $session_expire;
$data = db_escape_string(base64_encode($data), $session_connection); $data = db_escape_string(base64_encode($data), false, $session_connection);
if ($session_read) { if ($session_read) {
$query = "UPDATE ttrss_sessions SET data='$data', $query = "UPDATE ttrss_sessions SET data='$data',