From 8b7395bb64506180f9b7a76b00948cd4f3cb9de3 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@bah.spb.su>
Date: Thu, 13 Oct 2005 02:05:47 +0100
Subject: escape data on OPML import (take 2)

---
 opml.php | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

(limited to 'opml.php')

diff --git a/opml.php b/opml.php
index e8c9c9b79..bcfa31700 100644
--- a/opml.php
+++ b/opml.php
@@ -46,12 +46,19 @@
 				}
 			}
 
+			/* this is suboptimal */
+
+			$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
+
+			if (!$link) return;
+
+			$title = db_escape_string_2($title, $link);
+			$url = db_escape_string_2($url, $link);
+
 			if (!$title || !$url) return;
 
 			print "Feed <b>$title</b> ($url)... ";
 
-			$link = db_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);	
-
 			$result = db_query($link, "SELECT id FROM ttrss_feeds WHERE
 				title = '$title' OR feed_url = '$url'");
 
-- 
cgit v1.2.3-54-g00ecf