From e4befe6bf43318766bcfd5a610b26be0aa1f82f0 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 2 Dec 2017 15:47:28 +0300 Subject: [PATCH] fix label cache being double escaped on save remove some old-style escaping --- classes/article.php | 6 +++--- classes/labels.php | 2 +- include/functions.php | 10 ++++------ 3 files changed, 8 insertions(+), 10 deletions(-) diff --git a/classes/article.php b/classes/article.php index 50367c08d..869e746cf 100644 --- a/classes/article.php +++ b/classes/article.php @@ -976,12 +976,12 @@ class Article extends Handler_Protected { $label_cache = $row["label_cache"]; if ($label_cache) { - $label_cache = json_decode($label_cache, true); + $tmp = json_decode($label_cache, true); - if ($label_cache["no-labels"] == 1) + if (!$tmp || $tmp["no-labels"] == 1) return $rv; else - return $label_cache; + return $tmp; } } diff --git a/classes/labels.php b/classes/labels.php index 973732b99..4061de57e 100644 --- a/classes/labels.php +++ b/classes/labels.php @@ -62,7 +62,7 @@ class Labels if (!$labels) $labels = Article::get_article_labels($id); - $labels = db_escape_string(json_encode($labels)); + $labels = json_encode($labels); $sth = $pdo->prepare("UPDATE ttrss_user_entries SET label_cache = ? WHERE ref_id = ? AND owner_uid = ?"); diff --git a/include/functions.php b/include/functions.php index 6637bd5d1..459762d58 100644 --- a/include/functions.php +++ b/include/functions.php @@ -977,10 +977,6 @@ $error_code = 5; } - if (db_escape_string("testTEST") != "testTEST") { - $error_code = 12; - } - return array("code" => $error_code, "message" => $ERRORS[$error_code]); } @@ -2218,6 +2214,8 @@ function filter_to_sql($filter, $owner_uid) { $query = array(); + $pdo = Db::pdo(); + if (DB_TYPE == "pgsql") $reg_qpart = "~"; else @@ -2230,7 +2228,7 @@ if ($regexp_valid) { - $rule['reg_exp'] = db_escape_string($rule['reg_exp']); + $rule['reg_exp'] = $pdo->quote($rule['reg_exp']); switch ($rule["type"]) { case "title": @@ -2263,7 +2261,7 @@ if (isset($rule['inverse'])) $qpart = "NOT ($qpart)"; if (isset($rule["feed_id"]) && $rule["feed_id"] > 0) { - $qpart .= " AND feed_id = " . db_escape_string($rule["feed_id"]); + $qpart .= " AND feed_id = " . $pdo->quote($rule["feed_id"]); } if (isset($rule["cat_id"])) {