diff --git a/db.php b/db.php index 844bd0e41..9b1ce5d84 100644 --- a/db.php +++ b/db.php @@ -41,7 +41,9 @@ function db_connect($host, $user, $pass, $db) { } } -function db_escape_string($s) { +function db_escape_string($s, $strip_tags = true) { + if ($strip_tags) $s = strip_tags($s); + if (DB_TYPE == "pgsql") { return pg_escape_string($s); } else { diff --git a/functions.php b/functions.php index 0a7559368..16780fd1f 100644 --- a/functions.php +++ b/functions.php @@ -954,7 +954,7 @@ $result = db_query($link, "SELECT id FROM ttrss_entries WHERE guid = '$entry_guid'"); - $entry_content = db_escape_string($entry_content); + $entry_content = db_escape_string($entry_content, true); $content_hash = "SHA1:" . sha1(strip_tags($entry_content));