public/tt-rss
1
0
Fork 0
mirror of https://git.tt-rss.org/git/tt-rss.git synced 2025-12-27 20:11:29 +00:00
Code Issues Releases Wiki Activity

sanitize article content when importing data from feed

Browse Source
This commit is contained in:
Andrew Dolgov
2012-10-28 12:44:10 +04:00
parent acccafe3da
commit c7fe1b4e9e
5 changed files with 12 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
include/functions.php
View File

@@ -2686,11 +2686,15 @@
}
function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
function sanitize($link, $str, $owner = false, $site_url = false) {
if (!$owner) $owner = $_SESSION["uid"];
$res = trim($str); if (!$res) return '';
# we don't support CDATA sections in articles, they break our own escaping
$res = preg_replace("/\[\[CDATA/", "", $res);
$res = preg_replace("/\]\]\>/", "", $res);
$config = array('safe' => 1, 'deny_attribute' => 'style');
$res = htmLawed($res, $config);
@@ -3626,13 +3630,6 @@
}
} // function encrypt_password
function sanitize_article_content($text) {
# we don't support CDATA sections in articles, they break our own escaping
$text = preg_replace("/\[\[CDATA/", "", $text);
$text = preg_replace("/\]\]\>/", "", $text);
return $text;
}
function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
$filters = array();

5
include/rssfuncs.php
View File

@@ -770,9 +770,8 @@
}
# sanitize content
$entry_content = sanitize_article_content($entry_content);
$entry_title = sanitize_article_content($entry_title);
$entry_content = sanitize($link, $entry_content, $owner_uid, $site_url);
$entry_title = strip_tags($entry_title);
if ($debug_enabled) {
_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");