Fixed single quotes escaping

matt-oakes · Dec 25, 2018 · 8b42c79 · 8b42c79
1 parent 08f785f
commit 8b42c79
Showing 1 changed file with 5 additions and 5 deletions.
diff --git a/src/lastfmapi/Lib/Cache.php b/src/lastfmapi/Lib/Cache.php
@@ -163,16 +163,16 @@ private function create_table()
     public function get($unique_vars)
     {
         if ($this->enabled == true) {
-            $query = "SELECT expires, body FROM cache WHERE unique_vars='" . htmlentities(serialize($unique_vars), ENT_COMPAT, 'UTF-8') . "' LIMIT 1";
+            $query = "SELECT expires, body FROM cache WHERE unique_vars='" . htmlentities(serialize($unique_vars), ENT_QUOTES, 'UTF-8') . "' LIMIT 1";
             if ($result = $this->db->query($query)) {
                 if ($result->size() > 0) {
                     $row = $result->fetch();
                     if ($row['expires'] < time()) {
                         $this->del($unique_vars);
                         return false;
                     } else {
-                        //print_r(unserialize(html_entity_decode($row['body'], ENT_COMPAT, 'UTF-8')));
-                        return unserialize(html_entity_decode($row['body'], ENT_COMPAT, 'UTF-8'));
+                        //print_r(unserialize(html_entity_decode($row['body'], ENT_QUOTES, 'UTF-8')));
+                        return unserialize(html_entity_decode($row['body'], ENT_QUOTES, 'UTF-8'));
                     }
                 } else {
                     return false;
@@ -197,7 +197,7 @@ public function set($unique_vars, $body)
     {
         if ($this->enabled == true) {
             $expire = time() + $this->config['cache_length'];
-            $query = "INSERT INTO cache (unique_vars, expires, body) VALUES ('" . htmlentities(serialize($unique_vars), ENT_COMPAT, 'UTF-8') . "', '" . $expire . "', \"" . htmlentities(serialize($body), ENT_COMPAT, 'UTF-8') . "\")";
+            $query = "INSERT INTO cache (unique_vars, expires, body) VALUES ('" . htmlentities(serialize($unique_vars), ENT_QUOTES, 'UTF-8') . "', '" . $expire . "', \"" . htmlentities(serialize($body), ENT_QUOTES, 'UTF-8') . "\")";
             if ($this->db->query($query)) {
                 return true;
             } else {
@@ -217,7 +217,7 @@ public function set($unique_vars, $body)
      */
     private function del($unique_vars)
     {
-        $query = "DELETE FROM cache WHERE unique_vars='" . htmlentities(serialize($unique_vars), ENT_COMPAT, 'UTF-8') . "'";
+        $query = "DELETE FROM cache WHERE unique_vars='" . htmlentities(serialize($unique_vars), ENT_QUOTES, 'UTF-8') . "'";
         if ($this->db->query($query)) {
             return true;
         } else {