attempt fix db_escape_string() invocation in sessions.php

12 years ago · 0295919648
parent d4a5129a24
commit 0295919648
2 changed files with 8 additions and 4 deletions
--- a/include/db.php
+++ b/include/db.php
@ -41,13 +41,17 @@ function db_connect($host, $user, $pass, $db) {
 	}
 }

-function db_escape_string($s, $strip_tags = true) {
+function db_escape_string($s, $strip_tags = true, $link = NULL) {
 	if ($strip_tags) $s = strip_tags($s);

 	if (DB_TYPE == "pgsql") {
-		return pg_escape_string($s);
+		if ($link) {
+			return pg_escape_string($link, $s);
+		} else {
+			return pg_escape_string($s);
+		}
 	} else {
-		return mysql_real_escape_string($s);
+		return mysql_real_escape_string($s, $link);
 	}
 }

--- a/include/sessions.php
+++ b/include/sessions.php
@ -53,7 +53,7 @@

 		$expire = time() + $session_expire;

-		$data = db_escape_string(base64_encode($data), $session_connection);
+		$data = db_escape_string(base64_encode($data), false, $session_connection);

 		if ($session_read) {
 		 	$query = "UPDATE ttrss_sessions SET data='$data',