banananetwork
/
tt-rss
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix item_id not being properly escaped in pref_feeds::process_category_order() (possible sql injection)

Browse Source
master
Andrew Dolgov 9 years ago
parent 7af2e79578
commit a5556c2471
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File

4
classes/pref/feeds.php
Unescape Escape View File

@ -324,7 +324,7 @@ class Pref_Feeds extends Handler_Protected {
if ($debug) _debug("$prefix C: $item_id P: $parent_id"); if ($debug) _debug("$prefix C: $item_id P: $parent_id");
$bare_item_id = substr($item_id, strpos($item_id, ':')+1); $bare_item_id = $this->dbh->escape_string(substr($item_id, strpos($item_id, ':')+1));
if ($item_id != 'root') { if ($item_id != 'root') {
if ($parent_id && $parent_id != 'root') { if ($parent_id && $parent_id != 'root') {
@ -346,7 +346,7 @@ class Pref_Feeds extends Handler_Protected {
if ($cat && is_array($cat)) { if ($cat && is_array($cat)) {
foreach ($cat as $item) { foreach ($cat as $item) {
$id = $item['_reference']; $id = $item['_reference'];
$bare_id = substr($id, strpos($id, ':')+1); $bare_id = $this->dbh->escape_string(substr($id, strpos($id, ':')+1));
if ($debug) _debug("$prefix [$order_id] $id/$bare_id"); if ($debug) _debug("$prefix [$order_id] $id/$bare_id");

Write Preview
Loading…
Cancel
Save