bug 471 fixed: quote in tags

git-svn-id: http://piwigo.org/svn/trunk@1487 68402e56-0260-453c-a942-63ccdbb3a9ee
author: nikrou <nikrou@piwigo.org> 2006-07-21 13:44:22 +0000
committer: nikrou <nikrou@piwigo.org> 2006-07-21 13:44:22 +0000
commit: de1ff24582c161cab972cb455355c91ee3e8222a (patch)
tree: 8fe8c1e44e4f3df749513b59d8f31749e440a8b3 /admin/tags.php
parent: d44aa8a1ed1397ba6364ea3f75aeece4a7b61cb3 (diff)
1 files changed, 5 insertions, 12 deletions
diff --git a/admin/tags.php b/admin/tags.php
index 21000de98..95c6f7d77 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -149,20 +149,13 @@ DELETE
 
 if (isset($_POST['add']) and !empty($_POST['add_tag']))
 {
-  if (function_exists('mysql_real_escape_string'))
-  {
-    $tag_name = mysql_real_escape_string($_POST['add_tag']);
-  }
-  else
-  {
-    $tag_name = mysql_escape_string($_POST['add_tag']);
-  }
+  $tag_name = $_POST['add_tag'];
 
   // does the tag already exists?
   $query = '
 SELECT id
   FROM '.TAGS_TABLE.'
-  WHERE name = \''.$tag_name.'\'
+  WHERE name = \''.pwg_quotemeta($tag_name).'\'
 ;';
   $existing_tags = array_from_query($query, 'id');
 
@@ -173,7 +166,7 @@ SELECT id
       array('name', 'url_name'),
       array(
         array(
-          'name' => $tag_name,
+          'name' => pwg_quotemeta($tag_name),
           'url_name' => str2url($tag_name),
           )
         )
@@ -183,7 +176,7 @@ SELECT id
       $page['infos'],
       sprintf(
         l10n('Tag "%s" was added'),
-        $tag_name
+        pwg_stripslashes($tag_name)
         )
       );
   }
@@ -193,7 +186,7 @@ SELECT id
       $page['errors'],
       sprintf(
         l10n('Tag "%s" already exists'),
-        $tag_name
+        pwg_stripslashes($tag_name)
         )
       );
   }
author	nikrou <nikrou@piwigo.org>	2006-07-21 13:44:22 +0000
committer	nikrou <nikrou@piwigo.org>	2006-07-21 13:44:22 +0000
commit	de1ff24582c161cab972cb455355c91ee3e8222a (patch)
tree	8fe8c1e44e4f3df749513b59d8f31749e440a8b3 /admin/tags.php
parent	d44aa8a1ed1397ba6364ea3f75aeece4a7b61cb3 (diff)