api: sanitize article content
This commit is contained in:
parent
b3682750bb
commit
db9e00e339
|
@ -187,6 +187,7 @@ class API extends Handler {
|
||||||
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
|
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
|
||||||
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
|
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
|
||||||
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
|
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
|
||||||
|
$sanitize_content = true;
|
||||||
|
|
||||||
/* do not rely on params below */
|
/* do not rely on params below */
|
||||||
|
|
||||||
|
@ -197,7 +198,7 @@ class API extends Handler {
|
||||||
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
|
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
|
||||||
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
|
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
|
||||||
$include_attachments, $since_id, $search, $search_mode, $match_on,
|
$include_attachments, $since_id, $search, $search_mode, $match_on,
|
||||||
$include_nested);
|
$include_nested, $sanitize_content);
|
||||||
|
|
||||||
print $this->wrap(self::STATUS_OK, $headlines);
|
print $this->wrap(self::STATUS_OK, $headlines);
|
||||||
} else {
|
} else {
|
||||||
|
|
|
@ -4585,7 +4585,8 @@
|
||||||
function api_get_headlines($link, $feed_id, $limit, $offset,
|
function api_get_headlines($link, $feed_id, $limit, $offset,
|
||||||
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order,
|
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order,
|
||||||
$include_attachments, $since_id,
|
$include_attachments, $since_id,
|
||||||
$search = "", $search_mode = "", $match_on = "", $include_nested = false) {
|
$search = "", $search_mode = "", $match_on = "",
|
||||||
|
$include_nested = false, $sanitize_content = true) {
|
||||||
|
|
||||||
$qfh_ret = queryFeedHeadlines($link, $feed_id, $limit,
|
$qfh_ret = queryFeedHeadlines($link, $feed_id, $limit,
|
||||||
$view_mode, $is_cat, $search, $search_mode, $match_on,
|
$view_mode, $is_cat, $search, $search_mode, $match_on,
|
||||||
|
@ -4629,8 +4630,13 @@
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($show_content) {
|
if ($show_content) {
|
||||||
|
if ($sanitize_content) {
|
||||||
|
$headline_row["content"] = sanitize($link,
|
||||||
|
$line["content_preview"], false, false, $line["site_url"]);
|
||||||
|
} else {
|
||||||
$headline_row["content"] = $line["content_preview"];
|
$headline_row["content"] = $line["content_preview"];
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// unify label output to ease parsing
|
// unify label output to ease parsing
|
||||||
if ($labels["no-labels"] == 1) $labels = array();
|
if ($labels["no-labels"] == 1) $labels = array();
|
||||||
|
|
Loading…
Reference in New Issue