[mythtv] MythWeb dataloss fix

Jay Merrifield fracmak at gmail.com
Sun Dec 5 04:39:10 UTC 2004


Ya, those are a bitch to figure out. I've found another problem, this
one in video_edit.php. Apparently single quotes ( ' ) aren't escaped
correctly in the update statement when you edit video information.
Here's the changes I've made

+  $plot = ereg_replace("'", "''", $_POST['plot']);
+  $director = ereg_replace("'", "''", $_POST['director']);
+  $title = ereg_replace("'", "''", $_POST['title']);
      //insert data into database
+      mysql_query("UPDATE videometadata SET
title='{$title}',director='{$director}',plot='{$plot}',rating='{$_POST['rating']}',inetref='{$_POST['inetref'\
]}',year='{$_POST['year']}',userrating='{$_POST['userrating']}',length='{$_POST['length']}'
WHERE intid='{$_POST['intid']}'");
-      mysql_query("UPDATE videometadata SET
title='{$_POST['title']}',director='{$_POST['director']}',plot='{$_POST['plot']}',rating='{$_POST['rating']}',inetref='{$_POST['inetref'\
]}',year='{$_POST['year']}',userrating='{$_POST['userrating']}',length='{$_POST['length']}'
WHERE intid='{$_POST['intid']}'");

Also, is there anyone special I need to contact to get these changes
committed? or is e-mailing this list enough?

Jay


On Fri, 03 Dec 2004 16:31:36 +0100, Steven
<mythmail at richardstraat.homedns.org> wrote:
> Jay Merrifield wrote:
> 
> 
> > Hey, I found a dataloss bug in mythweb that has an easy fix. The file
> > is settings_channels.php
> > -              .'videofilters='.escape($_POST['videofilters_'.$chanid]).','
> > +             .'videofilters='.escape($_POST['videofilter_'.$chanid]).','
> >
> > Jay
> >
> >
> 
> There is another little bug/problem there. If freqid for a channel is
> NULL and you press the Save button that is replaced with "" (empty string).
> And since NULL works and empty string for chanid gives you an error in
> myth when you want to tune the channel...
> 
> Took me some time to figure out why my video capture channel was't
> showing up anymore while browsing the channels in live-tv.
> 
> Steven
> 
>


More information about the mythtv-dev mailing list