0000734: bug on tags edition

git-svn-id: http://piwigo.org/svn/branches/branch-1_7@2092 68402e56-0260-453c-a942-63ccdbb3a9ee
author: patdenice <patdenice@piwigo.org> 2007-09-18 16:41:36 +0000
committer: patdenice <patdenice@piwigo.org> 2007-09-18 16:41:36 +0000
commit: b34b7c6b28a7d34488f4ca5947a618be10028b3d (patch)
tree: 53e4e14777f8c945f88327b4e525336550c7d58b
parent: 0a8cfa318a853943bc315d17c36cc4d7d6680f8b (diff)
1 files changed, 10 insertions, 3 deletions
diff --git a/admin/tags.php b/admin/tags.php
index 777281761..b3ef994b4 100644
--- a/admin/tags.php
+++ b/admin/tags.php
@@ -63,11 +63,11 @@ SELECT id, name
   {
     if (function_exists('mysql_real_escape_string'))
     {
-      $tag_name = mysql_real_escape_string($_POST['tag_name-'.$tag_id]);
+      $tag_name = mysql_real_escape_string(stripslashes($_POST['tag_name-'.$tag_id]));
     }
     else
     {
-      $tag_name = mysql_escape_string($_POST['tag_name-'.$tag_id]);
+      $tag_name = mysql_escape_string(stripslashes($_POST['tag_name-'.$tag_id]));
     }
 
     if ($tag_name != $current_name_of[$tag_id])
@@ -148,7 +148,14 @@ DELETE
 
 if (isset($_POST['add']) and !empty($_POST['add_tag']) and !is_adviser())
 {
-  $tag_name = $_POST['add_tag'];
+  if (function_exists('mysql_real_escape_string'))
+  {
+    $tag_name = mysql_real_escape_string(stripslashes($_POST['add_tag']));
+  }
+  else
+  {
+    $tag_name = mysql_escape_string(stripslashes($_POST['add_tag']));
+  }
 
   // does the tag already exists?
   $query = '
author	patdenice <patdenice@piwigo.org>	2007-09-18 16:41:36 +0000
committer	patdenice <patdenice@piwigo.org>	2007-09-18 16:41:36 +0000
commit	b34b7c6b28a7d34488f4ca5947a618be10028b3d (patch)
tree	53e4e14777f8c945f88327b4e525336550c7d58b
parent	0a8cfa318a853943bc315d17c36cc4d7d6680f8b (diff)