From a262b161f99cdc5cadb6571941c324f53bb3543e Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Thu, 21 Sep 2006 04:55:02 +0100 Subject: [PATCH] disable html objects in article content, breaks layout --- backend.php | 6 ++++-- functions.php | 11 +++++++++++ tt-rss.css | 6 ++++++ 3 files changed, 21 insertions(+), 2 deletions(-) diff --git a/backend.php b/backend.php index e4329a26c..ebbf33a68 100644 --- a/backend.php +++ b/backend.php @@ -650,6 +650,8 @@ $line["content"] = preg_replace("/href=/i", "target=\"_new\" href=", $line["content"]); } + $line["content"] = sanitize_rss($line["content"]); + print $line["content"] . ""; print ""; @@ -1335,13 +1337,13 @@ print ""; - $auth_login = db_fetch_result($result, 0, "auth_login"); + $auth_login = escape_for_form(db_fetch_result($result, 0, "auth_login")); print "Login:"; print ""; - $auth_pass = db_fetch_result($result, 0, "auth_pass"); + $auth_pass = escape_for_form(db_fetch_result($result, 0, "auth_pass")); print "Password:"; print "/i', "

", $res); + $res = preg_replace('/.*?<\/object>/i', + "

(Disabled html object + - flash or other embedded content)

", $str); + + $res = preg_replace('/<\/object>/i', + "

", $res); + return $res; } @@ -2637,4 +2644,8 @@ } } + function escape_for_form($s) { + return htmlspecialchars(db_unescape_string($s)); + } + ?> diff --git a/tt-rss.css b/tt-rss.css index 5f771fe6e..ec4b51320 100644 --- a/tt-rss.css +++ b/tt-rss.css @@ -1172,6 +1172,12 @@ span.debugTS { font-weight : bold; } +.objectWarn { + color : gray; + padding : 3px; + font-style: italic; +} + table.loginForm2 { padding : 1em; }