blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

feeds: handle escaping

Browse source
This commit is contained in:
Andrew Dolgov 2017-12-01 20:52:30 +03:00
parent c9b6ca8b70
commit 3623ebb1a1
1 changed files with 13 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
classes/feeds.php
View file

@ -1829,7 +1829,7 @@ class Feeds extends Handler_Protected {
}
if ($since_id) {
$since_id_part = "ttrss_entries.id > $since_id AND ";
$since_id_part = "ttrss_entries.id > ".$pdo->quote($since_id)." AND ";
} else {
$since_id_part = "";
}
@ -1869,7 +1869,7 @@ class Feeds extends Handler_Protected {
}
if ($limit > 0) {
$limit_query_part = "LIMIT " . $limit;
$limit_query_part = "LIMIT " . $pdo->quote($limit);
}
$allow_archived = false;
@ -1895,7 +1895,7 @@ class Feeds extends Handler_Protected {
implode(",", $subcats).")";
} else {
$query_strategy_part = "cat_id = '$feed'";
$query_strategy_part = "cat_id = " . $pdo->quote($feed);
}
} else {
@ -1905,7 +1905,7 @@ class Feeds extends Handler_Protected {
$vfeed_query_part = "ttrss_feeds.title AS feed_title,";
} else {
$query_strategy_part = "feed_id = '$feed'";
$query_strategy_part = "feed_id = " . $pdo->quote($feed);
}
} else if ($feed == 0 && !$cat_view) { // archive virtual feed
$query_strategy_part = "feed_id IS NULL";
@ -1960,7 +1960,7 @@ class Feeds extends Handler_Protected {
} else if ($feed == -3) { // fresh virtual feed
$query_strategy_part = "unread = true AND score >= 0";
$intl = get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
$intl = (int) get_pref("FRESH_ARTICLE_MAX_AGE", $owner_uid);
if (DB_TYPE == "pgsql") {
$query_strategy_part .= " AND date_entered > NOW() - INTERVAL '$intl hour' ";
@ -1976,7 +1976,7 @@ class Feeds extends Handler_Protected {
} else if ($feed <= LABEL_BASE_INDEX) { // labels
$label_id = Labels::feed_to_label_id($feed);
$query_strategy_part = "label_id = '$label_id' AND
$query_strategy_part = "label_id = ".$pdo->quote($label_id)." AND
ttrss_labels2.id = ttrss_user_labels2.label_id AND
ttrss_user_labels2.article_id = ref_id";
@ -2027,7 +2027,7 @@ class Feeds extends Handler_Protected {
$content_query_part = "content, ";
if ($limit_query_part) {
$offset_query_part = "OFFSET $offset";
$offset_query_part = "OFFSET " . $pdo->quote($offset);
} else {
$offset_query_part = "";
}
@ -2036,9 +2036,9 @@ class Feeds extends Handler_Protected {
// proper override_order applied above
if ($vfeed_query_part && !$ignore_vfeed_group && get_pref('VFEED_GROUP_BY_FEED', $owner_uid)) {
if (!$override_order) {
$order_by = "ttrss_feeds.title, $order_by";
$order_by = "ttrss_feeds.title, ".$pdo->quote($order_by);
} else {
$order_by = "ttrss_feeds.title, $override_order";
$order_by = "ttrss_feeds.title, ".$pdo->quote($override_order);
}
}
@ -2091,7 +2091,7 @@ class Feeds extends Handler_Protected {
$from_qpart
WHERE
$feed_check_qpart
ttrss_user_entries.owner_uid = '$owner_uid' AND
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$since_id_part
@ -2138,7 +2138,7 @@ class Feeds extends Handler_Protected {
$from_qpart
WHERE
$feed_check_qpart
ttrss_user_entries.owner_uid = '$owner_uid' AND
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
$search_query_part
$start_ts_query_part
$view_query_part
@ -2182,9 +2182,9 @@ class Feeds extends Handler_Protected {
FROM ttrss_entries, ttrss_user_entries, ttrss_tags
WHERE
ref_id = ttrss_entries.id AND
ttrss_user_entries.owner_uid = $owner_uid AND
ttrss_user_entries.owner_uid = ".$pdo->quote($owner_uid)." AND
post_int_id = int_id AND
tag_name = '$feed' AND
tag_name = ".$pdo->quote($feed)." AND
$view_query_part
$search_query_part
$query_strategy_part ORDER BY $order_by