diff --git a/src/includes/api/ListsController.php b/src/includes/api/ListsController.php index 44eec47..98ae2f2 100644 --- a/src/includes/api/ListsController.php +++ b/src/includes/api/ListsController.php @@ -215,11 +215,9 @@ class ListsController extends ApiController { $db = DBConnection::instance(); $t = array(); $t['total'] = 0; - $name = str_replace( - array('"',"'",'<','>','&'), - array('','','','',''), - trim($this->req->jsonBody['name'] ?? '') - ); + $name = trim($this->req->jsonBody['name'] ?? ''); + if ($name == '') + return $t; $db->dq("UPDATE {$db->prefix}lists SET name=?,d_edited=? WHERE id=$id", array($name, time()) ); $t['total'] = $db->affected(); $r = $db->sqa("SELECT * FROM {$db->prefix}lists WHERE id=$id"); diff --git a/src/includes/class.dbcore.php b/src/includes/class.dbcore.php index eafd8f1..942a58c 100644 --- a/src/includes/class.dbcore.php +++ b/src/includes/class.dbcore.php @@ -175,7 +175,7 @@ class DBCore function createListWithName(string $name): ?int { $db = DBConnection::instance(); - $name = str_replace( ['"',"'",'<','>','&'], '', trim($name) ); + $name = trim($name); if ($name == '') { return null; }