From 605f7d463dc68eccc02c77f989302d7b9035b456 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.spb.ru>
Date: Fri, 19 May 2006 04:10:58 +0100
Subject: fix url checking, param sanitizing in feed & cat editors, fix
 browser_has_opacity()

---
 backend.php | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

(limited to 'backend.php')

diff --git a/backend.php b/backend.php
index d7567330e..4d855cead 100644
--- a/backend.php
+++ b/backend.php
@@ -1603,14 +1603,14 @@
 		}
 
 		if ($subop == "editSave") {
-			$feed_title = db_escape_string($_POST["t"]);
-			$feed_link = db_escape_string($_POST["l"]);
+			$feed_title = db_escape_string(trim($_POST["t"]));
+			$feed_link = db_escape_string(trim($_POST["l"]));
 			$upd_intl = db_escape_string($_POST["ui"]);
 			$purge_intl = db_escape_string($_POST["pi"]);
 			$feed_id = db_escape_string($_POST["id"]);
 			$cat_id = db_escape_string($_POST["catid"]);
-			$auth_login = db_escape_string($_POST["login"]);
-			$auth_pass = db_escape_string($_POST["pass"]);
+			$auth_login = db_escape_string(trim($_POST["login"]));
+			$auth_pass = db_escape_string(trim($_POST["pass"]));
 			$parent_feed = db_escape_string($_POST["pfeed"]);
 			$private = db_escape_string($_POST["is_pvt"]);
 			$rtl_content = db_escape_string($_POST["is_rtl"]);
@@ -1653,7 +1653,7 @@
 		}
 
 		if ($subop == "saveCat") {
-			$cat_title = db_escape_string($_GET["title"]);
+			$cat_title = db_escape_string(trim($_GET["title"]));
 			$cat_id = db_escape_string($_GET["id"]);
 
 			$result = db_query($link, "UPDATE ttrss_feed_categories SET
-- 
cgit v1.2.3-54-g00ecf