From f738aef16d978efd396bf45b25d0d522d86b46ba Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Sat, 19 May 2007 08:34:21 +0100 Subject: [PATCH] use tagwall instead of strip_tags to sanitize RSS content --- functions.php | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/functions.php b/functions.php index 0336602e3..5c098fa10 100644 --- a/functions.php +++ b/functions.php @@ -48,6 +48,12 @@ require_once "magpierss/rss_fetch.inc"; require_once 'magpierss/rss_utils.inc'; + include_once "tw/tw-config.php"; + include_once "tw/tw.php"; + include_once TW_SETUP . "paranoya.php"; + + $tw_parser = new twParser(); + function _debug($msg) { $ts = strftime("%H:%M:%S", time()); print "[$ts] $msg\n"; @@ -2650,11 +2656,39 @@ } } + // http://ru2.php.net/strip-tags + + function strip_tags_long($textstring, $allowed){ + while($textstring != strip_tags($textstring, $allowed)) + { + while (strlen($textstring) != 0) + { + if (strlen($textstring) > 1024) { + $otherlen = 1024; + } else { + $otherlen = strlen($textstring); + } + $temptext = strip_tags(substr($textstring,0,$otherlen), $allowed); + $safetext .= $temptext; + $textstring = substr_replace($textstring,'',0,$otherlen); + } + $textstring = $safetext; + } + return $textstring; + } + + function sanitize_rss($link, $str, $force_strip_tags = false) { $res = $str; if (get_pref($link, "STRIP_UNSAFE_TAGS") || $force_strip_tags) { - $res = strip_tags($res, "


"); + global $tw_parser; + global $tw_paranoya_setup; + + $res = $tw_parser->strip_tags($res, $tw_paranoya_setup); + +// $res = preg_replace("/\r\n|\n|\r/", "", $res); +// $res = strip_tags_long($res, "


"); } return $res;