public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-20 20:11:29 +00:00
Code Issues Releases Wiki Activity

fix url checking, param sanitizing in feed & cat editors, fix browser_has_opacity()

Browse Source
This commit is contained in:
Andrew Dolgov
2006-05-19 04:10:58 +01:00
parent caa53a7cb1
commit 605f7d463d
4 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
backend.php
View File

@@ -1603,14 +1603,14 @@
} }
if ($subop == "editSave") { if ($subop == "editSave") {
$feed_title = db_escape_string($_POST["t"]); $feed_title = db_escape_string(trim($_POST["t"]));
$feed_link = db_escape_string($_POST["l"]); $feed_link = db_escape_string(trim($_POST["l"]));
$upd_intl = db_escape_string($_POST["ui"]); $upd_intl = db_escape_string($_POST["ui"]);
$purge_intl = db_escape_string($_POST["pi"]); $purge_intl = db_escape_string($_POST["pi"]);
$feed_id = db_escape_string($_POST["id"]); $feed_id = db_escape_string($_POST["id"]);
$cat_id = db_escape_string($_POST["catid"]); $cat_id = db_escape_string($_POST["catid"]);
$auth_login = db_escape_string($_POST["login"]); $auth_login = db_escape_string(trim($_POST["login"]));
$auth_pass = db_escape_string($_POST["pass"]); $auth_pass = db_escape_string(trim($_POST["pass"]));
$parent_feed = db_escape_string($_POST["pfeed"]); $parent_feed = db_escape_string($_POST["pfeed"]);
$private = db_escape_string($_POST["is_pvt"]); $private = db_escape_string($_POST["is_pvt"]);
$rtl_content = db_escape_string($_POST["is_rtl"]); $rtl_content = db_escape_string($_POST["is_rtl"]);
@@ -1653,7 +1653,7 @@
} }
if ($subop == "saveCat") { if ($subop == "saveCat") {
$cat_title = db_escape_string($_GET["title"]); $cat_title = db_escape_string(trim($_GET["title"]));
$cat_id = db_escape_string($_GET["id"]); $cat_id = db_escape_string($_GET["id"]);
$result = db_query($link, "UPDATE ttrss_feed_categories SET $result = db_query($link, "UPDATE ttrss_feed_categories SET

6
functions.js
View File

@@ -1,7 +1,8 @@
var hotkeys_enabled = true; var hotkeys_enabled = true;
function browser_has_opacity() { function browser_has_opacity() {
return navigator.userAgent.match("Gecko") || navigator.userAgent.match("Opera"); return navigator.userAgent.match("Gecko") != null ||
navigator.userAgent.match("Opera") != null;
} }
function exception_error(location, e) { function exception_error(location, e) {
@@ -1054,3 +1055,6 @@ function toggleSubmitNotEmpty(e, submit_id) {
} }
} }
function isValidURL(s) {
return s.match("http://") != null || s.match("https://") != null;
}

8
prefs.js
View File

@@ -282,8 +282,7 @@ function addFeed() {
if (link.value.length == 0) { if (link.value.length == 0) {
alert("Error: No feed URL given."); alert("Error: No feed URL given.");
} else if (link.value.match("http://") == null && } else if (!isValidURL(link.value)) {
link.value.match("https://") == null) {
alert("Error: Invalid feed URL."); alert("Error: Invalid feed URL.");
} else { } else {
notify("Adding feed..."); notify("Adding feed...");
@@ -747,6 +746,11 @@ function feedEditSave() {
return; return;
} }
if (!isValidURL(link)) {
alert("Feed URL is invalid.");
return;
}
var auth_login = document.getElementById("iedit_login").value; var auth_login = document.getElementById("iedit_login").value;
var auth_pass = document.getElementById("iedit_pass").value; var auth_pass = document.getElementById("iedit_pass").value;

3
tt-rss.js
View File

@@ -538,8 +538,7 @@ function qafAdd() {
if (link.value.length == 0) { if (link.value.length == 0) {
alert("Error: No feed URL given."); alert("Error: No feed URL given.");
} else if (link.value.match("http://") == null && } else if (!isValidURL(link.value)) {
link.value.match("https://") == null) {
alert("Error: Invalid feed URL."); alert("Error: Invalid feed URL.");
} else { } else {
notify("Adding feed..."); notify("Adding feed...");