From 3972bf598195efba3e73ae1fef3faceabeb50308 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@fakecake.org>
Date: Fri, 22 Mar 2013 09:14:55 +0400
Subject: db_escape_string: specify link parameter for consistency; sessions:
 do not force-close db connection in _close()

---
 plugins/note/init.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'plugins/note/init.php')

diff --git a/plugins/note/init.php b/plugins/note/init.php
index 83db94248..7e8cfb57f 100644
--- a/plugins/note/init.php
+++ b/plugins/note/init.php
@@ -29,7 +29,7 @@ class Note extends Plugin {
 	}
 
 	function edit() {
-		$param = db_escape_string($_REQUEST['param']);
+		$param = db_escape_string($this->link, $_REQUEST['param']);
 
 		$result = db_query($this->link, "SELECT note FROM ttrss_user_entries WHERE
 			ref_id = '$param' AND owner_uid = " . $_SESSION['uid']);
@@ -58,8 +58,8 @@ class Note extends Plugin {
 	}
 
 	function setNote() {
-		$id = db_escape_string($_REQUEST["id"]);
-		$note = trim(strip_tags(db_escape_string($_REQUEST["note"])));
+		$id = db_escape_string($this->link, $_REQUEST["id"]);
+		$note = trim(strip_tags(db_escape_string($this->link, $_REQUEST["note"])));
 
 		db_query($this->link, "UPDATE ttrss_user_entries SET note = '$note'
 			WHERE ref_id = '$id' AND owner_uid = " . $_SESSION["uid"]);
-- 
cgit v1.2.3-54-g00ecf