api: sanitize article content
This commit is contained in:
parent
b3682750bb
commit
db9e00e339
|
@ -187,6 +187,7 @@ class API extends Handler {
|
|||
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
|
||||
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
|
||||
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
|
||||
$sanitize_content = true;
|
||||
|
||||
/* do not rely on params below */
|
||||
|
||||
|
@ -197,7 +198,7 @@ class API extends Handler {
|
|||
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
|
||||
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
|
||||
$include_attachments, $since_id, $search, $search_mode, $match_on,
|
||||
$include_nested);
|
||||
$include_nested, $sanitize_content);
|
||||
|
||||
print $this->wrap(self::STATUS_OK, $headlines);
|
||||
} else {
|
||||
|
|
|
@ -4585,7 +4585,8 @@
|
|||
function api_get_headlines($link, $feed_id, $limit, $offset,
|
||||
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order,
|
||||
$include_attachments, $since_id,
|
||||
$search = "", $search_mode = "", $match_on = "", $include_nested = false) {
|
||||
$search = "", $search_mode = "", $match_on = "",
|
||||
$include_nested = false, $sanitize_content = true) {
|
||||
|
||||
$qfh_ret = queryFeedHeadlines($link, $feed_id, $limit,
|
||||
$view_mode, $is_cat, $search, $search_mode, $match_on,
|
||||
|
@ -4629,8 +4630,13 @@
|
|||
}
|
||||
|
||||
if ($show_content) {
|
||||
if ($sanitize_content) {
|
||||
$headline_row["content"] = sanitize($link,
|
||||
$line["content_preview"], false, false, $line["site_url"]);
|
||||
} else {
|
||||
$headline_row["content"] = $line["content_preview"];
|
||||
}
|
||||
}
|
||||
|
||||
// unify label output to ease parsing
|
||||
if ($labels["no-labels"] == 1) $labels = array();
|
||||
|
|
Loading…
Reference in New Issue