sanitize input in label-editor subops

This commit is contained in:
Andrew Dolgov 2006-05-19 04:13:32 +01:00
parent 605f7d463d
commit 9a35e16d1e

View file

@ -2167,8 +2167,8 @@
if ($subop == "editSave") { if ($subop == "editSave") {
$regexp = db_escape_string($_GET["r"]); $regexp = db_escape_string(trim($_GET["r"]));
$match = db_escape_string($_GET["m"]); $match = db_escape_string(trim($_GET["m"]));
$filter_id = db_escape_string($_GET["id"]); $filter_id = db_escape_string($_GET["id"]);
$feed_id = db_escape_string($_GET["fid"]); $feed_id = db_escape_string($_GET["fid"]);
$action_id = db_escape_string($_GET["aid"]); $action_id = db_escape_string($_GET["aid"]);
@ -2482,8 +2482,8 @@
if ($subop == "test") { if ($subop == "test") {
$expr = $_GET["expr"]; $expr = trim($_GET["expr"]);
$descr = $_GET["descr"]; $descr = trim($_GET["descr"]);
print "<div id=\"infoBoxTitle\">Test label: $descr</div>"; print "<div id=\"infoBoxTitle\">Test label: $descr</div>";
@ -2536,8 +2536,8 @@
if ($subop == "editSave") { if ($subop == "editSave") {
$sql_exp = $_GET["s"]; $sql_exp = trim($_GET["s"]);
$descr = $_GET["d"]; $descr = trim($_GET["d"]);
$label_id = db_escape_string($_GET["id"]); $label_id = db_escape_string($_GET["id"]);
// print "$sql_exp : $descr : $label_id"; // print "$sql_exp : $descr : $label_id";