From 129562e0b169897cb4b6781a4b62f907c4902775 Mon Sep 17 00:00:00 2001
From: Andrew Dolgov <fox@madoka.volgo-balt.ru>
Date: Tue, 2 Apr 2013 09:03:35 +0400
Subject: [PATCH] opml: add some data length limiting

---
 classes/opml.php      | 14 +++++++-------
 include/functions.php |  2 ++
 2 files changed, 9 insertions(+), 7 deletions(-)

diff --git a/classes/opml.php b/classes/opml.php
index 4c188de5e..7a49f757c 100644
--- a/classes/opml.php
+++ b/classes/opml.php
@@ -253,13 +253,13 @@ class Opml extends Handler_Protected {
 	private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
 		$attrs = $node->attributes;
 
-		$feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
-		if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
+		$feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
+		if (!$feed_title) $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
 
-		$feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
-		if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue);
+		$feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
+		if (!$feed_url) $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
 
-		$site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue);
+		$site_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
 
 		if ($feed_url && $feed_title) {
 			$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
@@ -386,10 +386,10 @@ class Opml extends Handler_Protected {
 		$default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
 
 		if ($root_node) {
-			$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue);
+			$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
 
 			if (!$cat_title)
-				$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue);
+				$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
 
 			if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
 				$cat_id = get_feed_category($this->link, $cat_title, $parent_id);
diff --git a/include/functions.php b/include/functions.php
index a559ed1da..d321dc2ed 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -3406,6 +3406,8 @@
 			$parent_insert = "NULL";
 		}
 
+		$feed_cat = mb_substr($feed_cat, 0, 250);
+
 		$result = db_query($link,
 			"SELECT id FROM ttrss_feed_categories
 			WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);