sanitize title/comments/link too
This commit is contained in:
parent
b1524dc605
commit
183ad07bc2
|
@ -531,11 +531,11 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
# sanitize content
|
# sanitize content
|
||||||
$entry_content = preg_replace('/<script.*?>/i',
|
|
||||||
"<p class=\"scriptWarn\">", $entry_content);
|
$entry_content = sanitize_rss($entry_content);
|
||||||
|
$entry_title = sanitize_rss($entry_title);
|
||||||
$entry_content = preg_replace('/<\/script>/i',
|
$entry_link = sanitize_rss($entry_link);
|
||||||
"</p>", $entry_content);
|
$entry_comments = sanitize_rss($entry_comments);
|
||||||
|
|
||||||
db_query($link, "BEGIN");
|
db_query($link, "BEGIN");
|
||||||
|
|
||||||
|
@ -2309,4 +2309,15 @@
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function sanitize_rss($str) {
|
||||||
|
$res = "";
|
||||||
|
|
||||||
|
$res = preg_replace('/<script.*?>/i',
|
||||||
|
"<p class=\"scriptWarn\">", $str);
|
||||||
|
|
||||||
|
$res = preg_replace('/<\/script>/i',
|
||||||
|
"</p>", $res);
|
||||||
|
|
||||||
|
return $res;
|
||||||
|
}
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in New Issue