sanitize input in label-editor subops
This commit is contained in:
Andrew Dolgov
parent
605f7d463d
commit
9a35e16d1e
1 changed files with 6 additions and 6 deletions
12
backend.php
12
backend.php
|
|
@ -2167,8 +2167,8 @@
|
||||||
|
|
||||||
if ($subop == "editSave") {
|
if ($subop == "editSave") {
|
||||||
|
|
||||||
$regexp = db_escape_string($_GET["r"]);
|
$regexp = db_escape_string(trim($_GET["r"]));
|
||||||
$match = db_escape_string($_GET["m"]);
|
$match = db_escape_string(trim($_GET["m"]));
|
||||||
$filter_id = db_escape_string($_GET["id"]);
|
$filter_id = db_escape_string($_GET["id"]);
|
||||||
$feed_id = db_escape_string($_GET["fid"]);
|
$feed_id = db_escape_string($_GET["fid"]);
|
||||||
$action_id = db_escape_string($_GET["aid"]);
|
$action_id = db_escape_string($_GET["aid"]);
|
||||||
|
|
@ -2482,8 +2482,8 @@
|
||||||
|
|
||||||
if ($subop == "test") {
|
if ($subop == "test") {
|
||||||
|
|
||||||
$expr = $_GET["expr"];
|
$expr = trim($_GET["expr"]);
|
||||||
$descr = $_GET["descr"];
|
$descr = trim($_GET["descr"]);
|
||||||
|
|
||||||
print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
|
print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
|
||||||
|
|
||||||
|
|
@ -2536,8 +2536,8 @@
|
||||||
|
|
||||||
if ($subop == "editSave") {
|
if ($subop == "editSave") {
|
||||||
|
|
||||||
$sql_exp = $_GET["s"];
|
$sql_exp = trim($_GET["s"]);
|
||||||
$descr = $_GET["d"];
|
$descr = trim($_GET["d"]);
|
||||||
$label_id = db_escape_string($_GET["id"]);
|
$label_id = db_escape_string($_GET["id"]);
|
||||||
|
|
||||||
// print "$sql_exp : $descr : $label_id";
|
// print "$sql_exp : $descr : $label_id";
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue