Changeset 1295 for trunk/rss/admin/folders.php
- Timestamp:
- 02/19/06 16:37:59 (3 years ago)
- Files:
-
- 1 modified
-
trunk/rss/admin/folders.php (modified) (6 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/rss/admin/folders.php
r1275 r1295 189 189 $sql = "update " . getTable("channels") ." set parent=" . getRootFolder() . " where parent=$fid"; 190 190 rss_query($sql); 191 rss_invalidate_cache(); 191 192 } 192 193 elseif (array_key_exists(CST_ADMIN_CONFIRMED,$_REQUEST) && $_REQUEST[CST_ADMIN_CONFIRMED] == LBL_ADMIN_NO) { … … 212 213 case CST_ADMIN_SUBMIT_EDIT: 213 214 // TBD 214 $new_label = rss_real_escape_string($_REQUEST['f_name']);215 $new_label = sanitize($_REQUEST['f_name'], RSS_SANITIZER_CHARACTERS_EXT); 215 216 if (is_numeric($fid) && strlen($new_label) > 0) { 216 217 … … 222 223 } 223 224 rss_query("update " .getTable("folders") ." set name='$new_label' where id=$fid"); 225 rss_invalidate_cache(); 224 226 } 225 227 break; … … 227 229 case LBL_ADMIN_ADD: 228 230 case 'LBL_ADMIN_ADD': 229 $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_ SIMPLE_SQL);231 $label=sanitize($_REQUEST['new_folder'],RSS_SANITIZER_CHARACTERS_EXT); 230 232 assert(strlen($label) > 0); 231 233 create_folder($label); … … 271 273 rss_query( "update " . getTable("folders") ." set position = $switch_with_position where id=$fid" ); 272 274 rss_query( "update " . getTable("folders") ." set position = $position where id=$switch_with_id" ); 275 rss_invalidate_cache(); 273 276 } 274 277 break; … … 303 306 } 304 307 rss_query("insert into " .getTable("folders") ." (name,position) values ('" . rss_real_escape_string($label) ."', $np)"); 308 rss_invalidate_cache(); 305 309 } 306 310
