public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-13 22:45:56 +00:00
Code Issues Releases Wiki Activity

Revert "sanitize article content when importing data from feed"

Browse Source 
This reverts commit c7fe1b4e9e.

Conflicts:
	include/functions.php
	include/rssfuncs.php
This commit is contained in:
Andrew Dolgov
2012-10-29 12:17:28 +04:00
parent d372d2bbab
commit b3682750bb
5 changed files with 17 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
classes/feeds.php
View File

@@ -628,8 +628,10 @@ class Feeds extends Handler_Protected {
} }
} }
# $feed_site_url = $line["site_url"]; $feed_site_url = $line["site_url"];
$article_content = $line["content_preview"];
$article_content = sanitize($this->link, $line["content_preview"],
false, false, $feed_site_url);
$reply['content'] .= "<div id=\"POSTNOTE-$id\">"; $reply['content'] .= "<div id=\"POSTNOTE-$id\">";
if ($line['note']) { if ($line['note']) {

4
classes/handler/public.php
View File

@@ -61,7 +61,7 @@ class Handler_Public extends Handler {
$tpl->setVariable('ARTICLE_EXCERPT', $tpl->setVariable('ARTICLE_EXCERPT',
truncate_string(strip_tags($line["content_preview"]), 100, '...'), true); truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);
$content = $line["content_preview"]; $content = sanitize($this->link, $line["content_preview"], false, $owner_uid);
if ($line['note']) { if ($line['note']) {
$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" . $content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
@@ -132,7 +132,7 @@ class Handler_Public extends Handler {
$article['link'] = $line['link']; $article['link'] = $line['link'];
$article['title'] = $line['title']; $article['title'] = $line['title'];
$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...'); $article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
$article['content'] = $line["content_preview"]; $article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
$article['updated'] = date('c', strtotime($line["updated"])); $article['updated'] = date('c', strtotime($line["updated"]));
if ($line['note']) $article['note'] = $line['note']; if ($line['note']) $article['note'] = $line['note'];

2
classes/rpc.php
View File

@@ -584,7 +584,7 @@ class RPC extends Handler_Protected {
FROM ttrss_entries, ttrss_user_entries FROM ttrss_entries, ttrss_user_entries
WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']); WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
$content = db_fetch_result($result, 0, "content"); $content = sanitize($this->link, db_fetch_result($result, 0, "content"));
$title = strip_tags(db_fetch_result($result, 0, "title")); $title = strip_tags(db_fetch_result($result, 0, "title"));
$article_url = htmlspecialchars(db_fetch_result($result, 0, "link")); $article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked")); $marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));

9
include/functions.php
View File

@@ -2686,7 +2686,7 @@
} }
function sanitize($link, $str, $owner = false, $site_url = false) { function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
if (!$owner) $owner = $_SESSION["uid"]; if (!$owner) $owner = $_SESSION["uid"];
$res = trim($str); if (!$res) return ''; $res = trim($str); if (!$res) return '';
@@ -3626,6 +3626,13 @@
} }
} // function encrypt_password } // function encrypt_password
function sanitize_article_content($text) {
# we don't support CDATA sections in articles, they break our own escaping
$text = preg_replace("/\[\[CDATA/", "", $text);
$text = preg_replace("/\]\]\>/", "", $text);
return db_escape_string($text, false);
}
function load_filters($link, $feed_id, $owner_uid, $action_id = false) { function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
$filters = array(); $filters = array();

4
include/rssfuncs.php
View File

@@ -770,8 +770,8 @@
} }
# sanitize content # sanitize content
$entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url)); $entry_content = sanitize_article_content($entry_content);
$entry_title = db_escape_string(strip_tags($entry_title)); $entry_title = sanitize_article_content($entry_title);
if ($debug_enabled) { if ($debug_enabled) {
_debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); _debug("update_rss_feed: done collecting data [TITLE:$entry_title]");