Changeset 1649 for trunk/gregarius/feed.php
- Timestamp:
- 01/02/07 16:21:27 (23 months ago)
- Files:
-
- 1 modified
-
trunk/gregarius/feed.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/gregarius/feed.php
r1648 r1649 66 66 $sql .=" and not(mode & " . RSS_MODE_PRIVATE_STATE .") "; 67 67 } 68 68 69 // don't hide deprecated items becuase we want items of deprecated feeds to be accessible 69 70 // $sql .= " and not(mode & " . RSS_MODE_DELETED_STATE . ") "; … … 141 142 $iid = ""; 142 143 if ($cid != "" && array_key_exists('iid',$_REQUEST) && $_REQUEST['iid'] != "") { 143 $sqlid = preg_replace("/[ ^A-Za-z0-9\.]/","%",$_REQUEST['iid']);144 $sqlid = preg_replace("/[_';]/","%",sanitize($_REQUEST['iid'],RSS_SANITIZER_SIMPLE_SQL|RSS_SANITIZER_NO_SPACES)); 144 145 $sql = "select id from " .getTable("item") ." i where i.title like '$sqlid' and i.cid=$cid"; 145 146 if ($m > 0 && $y > 0) {
