diff options
| author | Andrew Dolgov <fox@madoka.spb.ru> | 2006-03-27 04:14:35 +0100 |
|---|---|---|
| committer | Andrew Dolgov <fox@madoka.spb.ru> | 2006-03-27 04:14:35 +0100 |
| commit | 3c81ae1aecd6b57847065bd741fa9cd3613dc983 (patch) | |
| tree | 142172168862aef429572a6b1da0271459fff3ea | |
| parent | 8e3f7217a8e40bca23d7f4156b13c6afd6789582 (diff) | |
fix escaping in viewfeed
| -rw-r--r-- | backend.php | 12 |
1 files changed, 6 insertions, 6 deletions
diff --git a/backend.php b/backend.php index fef7e9d61..92f873914 100644 --- a/backend.php +++ b/backend.php @@ -1098,12 +1098,12 @@ if ($op == "viewfeed") { - $feed = $_GET["feed"]; - $skip = $_GET["skip"]; - $subop = $_GET["subop"]; - $view_mode = $_GET["view"]; - $limit = $_GET["limit"]; - $cat_view = $_GET["cat"]; + $feed = db_escape_string($_GET["feed"]); + $skip = db_escape_string($_GET["skip"]); + $subop = db_escape_string($_GET["subop"]); + $view_mode = db_escape_string($_GET["view"]); + $limit = db_escape_string($_GET["limit"]); + $cat_view = db_escape_string($_GET["cat"]); if (!$skip) $skip = 0; |