Ticket #190 (closed defect: fixed)

Opened 9 months ago

Last modified 9 months ago

' in $entry_author makes "INSERT INTO ttrss_entries" fail, and aborts feed update

Reported by: trac-user Assigned to: fox
Priority: major Milestone: 1.2.20
Component: database Version: 1.2.19
Keywords: Cc:

Description

I read a feed whose author has a ' in his name (like "G d'A"), which messes up the SQL syntax. Once this fails, the update process aborts, keeping many feeds un-updated. The following hackish patch fixes it for me and might be an inspiration for you.

--- functions.php.orig Wed Feb 13 13:13:32 2008 +++ functions.php Wed Feb 13 13:14:48 2008 @@ -952,8 +952,13 @@

}

# sanitize content

+ +function escape_properly($str) { + return str_replace("'", "\\'", $str); +}

// $entry_content = sanitize_rss($entry_content);

+ $entry_author = escape_properly($entry_author);

if (defined('DAEMON_EXTENDED_DEBUG') $_GETxdebug?) {

_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");

Change History

02/13/08 15:26:40 changed by fox

  • status changed from new to assigned.
  • milestone set to 1.2.20.

02/13/08 15:30:22 changed by www-ttrss

  • status changed from assigned to closed.
  • resolution set to fixed.

(In [2279]) [project @ fix escaping of entry_author for simplepie (closes #190)]