Changeset 1649

Timestamp:

01/02/07 16:21:27 (21 months ago)

Author:

mbonetti

Message:

Probably a btter fix for #150

Location:

trunk/gregarius

Files:

• feed.php (modified) (2 diffs)
• util.php (modified) (1 diff)

trunk/gregarius/feed.php

@@ -66 +66 @@
         $sql .=" and not(mode & " . RSS_MODE_PRIVATE_STATE .") ";
     }
+
     // don't hide deprecated items becuase we want items of deprecated feeds to be accessible
     // $sql .= " and not(mode & " . RSS_MODE_DELETED_STATE . ") ";
@@ -141 +142 @@
     $iid = "";
     if ($cid != "" && array_key_exists('iid',$_REQUEST) && $_REQUEST['iid'] != "") {
-        $sqlid =  preg_replace("/[^A-Za-z0-9\.]/","%",$_REQUEST['iid']);
+        $sqlid =  preg_replace("/[_';]/","%",sanitize($_REQUEST['iid'],RSS_SANITIZER_SIMPLE_SQL|RSS_SANITIZER_NO_SPACES));
         $sql = "select id from " .getTable("item") ." i where i.title like '$sqlid' and i.cid=$cid";
         if ($m > 0 && $y > 0) {

trunk/gregarius/util.php

@@ -1157 +1157 @@
 
 function rss_uri($title, $sep='_') {
-    return utf8_uri_encode(preg_replace('#[\s&/\+\'"\?]#',$sep,$title));
+    return utf8_uri_encode(preg_replace('#[ \#%\s&/\+\'"\?]#',$sep,$title));
 }
 ?>