mirror of https://tt-rss.org/git/tt-rss.git
fix url checking, param sanitizing in feed & cat editors, fix browser_has_opacity()
This commit is contained in:
Andrew Dolgov
parent
caa53a7cb1
commit
605f7d463d
10
backend.php
10
backend.php
|
|
@ -1603,14 +1603,14 @@
|
|||
}
|
||||
|
||||
if ($subop == "editSave") {
|
||||
$feed_title = db_escape_string($_POST["t"]);
|
||||
$feed_link = db_escape_string($_POST["l"]);
|
||||
$feed_title = db_escape_string(trim($_POST["t"]));
|
||||
$feed_link = db_escape_string(trim($_POST["l"]));
|
||||
$upd_intl = db_escape_string($_POST["ui"]);
|
||||
$purge_intl = db_escape_string($_POST["pi"]);
|
||||
$feed_id = db_escape_string($_POST["id"]);
|
||||
$cat_id = db_escape_string($_POST["catid"]);
|
||||
$auth_login = db_escape_string($_POST["login"]);
|
||||
$auth_pass = db_escape_string($_POST["pass"]);
|
||||
$auth_login = db_escape_string(trim($_POST["login"]));
|
||||
$auth_pass = db_escape_string(trim($_POST["pass"]));
|
||||
$parent_feed = db_escape_string($_POST["pfeed"]);
|
||||
$private = db_escape_string($_POST["is_pvt"]);
|
||||
$rtl_content = db_escape_string($_POST["is_rtl"]);
|
||||
|
|
@ -1653,7 +1653,7 @@
|
|||
}
|
||||
|
||||
if ($subop == "saveCat") {
|
||||
$cat_title = db_escape_string($_GET["title"]);
|
||||
$cat_title = db_escape_string(trim($_GET["title"]));
|
||||
$cat_id = db_escape_string($_GET["id"]);
|
||||
|
||||
$result = db_query($link, "UPDATE ttrss_feed_categories SET
|
||||
|
|
|
|||
|
|
@ -1,7 +1,8 @@
|
|||
var hotkeys_enabled = true;
|
||||
|
||||
function browser_has_opacity() {
|
||||
return navigator.userAgent.match("Gecko") || navigator.userAgent.match("Opera");
|
||||
return navigator.userAgent.match("Gecko") != null ||
|
||||
navigator.userAgent.match("Opera") != null;
|
||||
}
|
||||
|
||||
function exception_error(location, e) {
|
||||
|
|
@ -1054,3 +1055,6 @@ function toggleSubmitNotEmpty(e, submit_id) {
|
|||
}
|
||||
}
|
||||
|
||||
function isValidURL(s) {
|
||||
return s.match("http://") != null || s.match("https://") != null;
|
||||
}
|
||||
|
|
|
|||
8
prefs.js
8
prefs.js
|
|
@ -282,8 +282,7 @@ function addFeed() {
|
|||
|
||||
if (link.value.length == 0) {
|
||||
alert("Error: No feed URL given.");
|
||||
} else if (link.value.match("http://") == null &&
|
||||
link.value.match("https://") == null) {
|
||||
} else if (!isValidURL(link.value)) {
|
||||
alert("Error: Invalid feed URL.");
|
||||
} else {
|
||||
notify("Adding feed...");
|
||||
|
|
@ -746,6 +745,11 @@ function feedEditSave() {
|
|||
notify("Feed title cannot be blank.");
|
||||
return;
|
||||
}
|
||||
|
||||
if (!isValidURL(link)) {
|
||||
alert("Feed URL is invalid.");
|
||||
return;
|
||||
}
|
||||
|
||||
var auth_login = document.getElementById("iedit_login").value;
|
||||
var auth_pass = document.getElementById("iedit_pass").value;
|
||||
|
|
|
|||
|
|
@ -538,8 +538,7 @@ function qafAdd() {
|
|||
|
||||
if (link.value.length == 0) {
|
||||
alert("Error: No feed URL given.");
|
||||
} else if (link.value.match("http://") == null &&
|
||||
link.value.match("https://") == null) {
|
||||
} else if (!isValidURL(link.value)) {
|
||||
alert("Error: Invalid feed URL.");
|
||||
} else {
|
||||
notify("Adding feed...");
|
||||
|
|
|
|||
Loading…
Reference in New Issue