blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

sanitize input in label-editor subops

Browse source
This commit is contained in:
Andrew Dolgov 2006-05-19 04:13:32 +01:00
parent 605f7d463d
commit 9a35e16d1e
1 changed files with 6 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
backend.php
View file

@ -2167,8 +2167,8 @@
if ($subop == "editSave") {
$regexp = db_escape_string($_GET["r"]);
$match = db_escape_string($_GET["m"]);
$regexp = db_escape_string(trim($_GET["r"]));
$match = db_escape_string(trim($_GET["m"]));
$filter_id = db_escape_string($_GET["id"]);
$feed_id = db_escape_string($_GET["fid"]);
$action_id = db_escape_string($_GET["aid"]);
@ -2482,8 +2482,8 @@
if ($subop == "test") {
$expr = $_GET["expr"];
$descr = $_GET["descr"];
$expr = trim($_GET["expr"]);
$descr = trim($_GET["descr"]);
print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
@ -2536,8 +2536,8 @@
if ($subop == "editSave") {
$sql_exp = $_GET["s"];
$descr = $_GET["d"];
$sql_exp = trim($_GET["s"]);
$descr = trim($_GET["d"]);
$label_id = db_escape_string($_GET["id"]);
// print "$sql_exp : $descr : $label_id";