sanitize article content when importing data from feed
This commit is contained in:
parent
acccafe3da
commit
c7fe1b4e9e
|
@ -626,10 +626,8 @@ class Feeds extends Handler_Protected {
|
|||
}
|
||||
}
|
||||
|
||||
$feed_site_url = $line["site_url"];
|
||||
|
||||
$article_content = sanitize($this->link, $line["content_preview"],
|
||||
false, false, $feed_site_url);
|
||||
# $feed_site_url = $line["site_url"];
|
||||
$article_content = $line["content_preview"];
|
||||
|
||||
$reply['content'] .= "<div id=\"POSTNOTE-$id\">";
|
||||
if ($line['note']) {
|
||||
|
|
|
@ -61,7 +61,7 @@ class Handler_Public extends Handler {
|
|||
$tpl->setVariable('ARTICLE_EXCERPT',
|
||||
truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);
|
||||
|
||||
$content = sanitize($this->link, $line["content_preview"], false, $owner_uid);
|
||||
$content = $line["content_preview"];
|
||||
|
||||
if ($line['note']) {
|
||||
$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
|
||||
|
@ -132,7 +132,7 @@ class Handler_Public extends Handler {
|
|||
$article['link'] = $line['link'];
|
||||
$article['title'] = $line['title'];
|
||||
$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
|
||||
$article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
|
||||
$article['content'] = $line["content_preview"];
|
||||
$article['updated'] = date('c', strtotime($line["updated"]));
|
||||
|
||||
if ($line['note']) $article['note'] = $line['note'];
|
||||
|
|
|
@ -584,7 +584,7 @@ class RPC extends Handler_Protected {
|
|||
FROM ttrss_entries, ttrss_user_entries
|
||||
WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);
|
||||
|
||||
$content = sanitize($this->link, db_fetch_result($result, 0, "content"));
|
||||
$content = db_fetch_result($result, 0, "content");
|
||||
$title = strip_tags(db_fetch_result($result, 0, "title"));
|
||||
$article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
|
||||
$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));
|
||||
|
|
|
@ -2686,11 +2686,15 @@
|
|||
|
||||
}
|
||||
|
||||
function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
|
||||
function sanitize($link, $str, $owner = false, $site_url = false) {
|
||||
if (!$owner) $owner = $_SESSION["uid"];
|
||||
|
||||
$res = trim($str); if (!$res) return '';
|
||||
|
||||
# we don't support CDATA sections in articles, they break our own escaping
|
||||
$res = preg_replace("/\[\[CDATA/", "", $res);
|
||||
$res = preg_replace("/\]\]\>/", "", $res);
|
||||
|
||||
$config = array('safe' => 1, 'deny_attribute' => 'style');
|
||||
$res = htmLawed($res, $config);
|
||||
|
||||
|
@ -3626,13 +3630,6 @@
|
|||
}
|
||||
} // function encrypt_password
|
||||
|
||||
function sanitize_article_content($text) {
|
||||
# we don't support CDATA sections in articles, they break our own escaping
|
||||
$text = preg_replace("/\[\[CDATA/", "", $text);
|
||||
$text = preg_replace("/\]\]\>/", "", $text);
|
||||
return $text;
|
||||
}
|
||||
|
||||
function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
|
||||
$filters = array();
|
||||
|
||||
|
|
|
@ -770,9 +770,8 @@
|
|||
}
|
||||
|
||||
# sanitize content
|
||||
|
||||
$entry_content = sanitize_article_content($entry_content);
|
||||
$entry_title = sanitize_article_content($entry_title);
|
||||
$entry_content = sanitize($link, $entry_content, $owner_uid, $site_url);
|
||||
$entry_title = strip_tags($entry_title);
|
||||
|
||||
if ($debug_enabled) {
|
||||
_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");
|
||||
|
|
Loading…
Reference in New Issue