xingcheng
/
FreshRSS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

guid and urls should not contain low/high characters

Browse Source 
It looks like SimplePie does not always filter everything
Having a character not in latin1 would create MySQL collate errors
pull/1335/head
Alexandre Alapetite 8 years ago
parent 8a45743b90
commit 1893fc61e0
4 changed files with 20 additions and 2 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      app/Controllers/feedController.php
  2. 4
      app/Controllers/importExportController.php
  3. 4
      app/Models/EntryDAO.php
  4. 10
      app/Models/FeedDAO.php

4
app/Controllers/feedController.php
Unescape View File

@ -314,7 +314,9 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
if (count($entries) > 0) {
$newGuids = array();
foreach ($entries as $entry) {
$newGuids[] = $entry->guid();
$guid = $entry->guid();
$guid = filter_var($guid, FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$newGuids[] = $guid;
}
// For this feed, check existing GUIDs already in database.
$existingHashForGuids = $entryDAO->listHashForFeedGuids($feed->id(), $newGuids);

4
app/Controllers/importExportController.php
Unescape View File

@ -362,7 +362,9 @@ class FreshRSS_importExport_Controller extends Minz_ActionController {
$newGuids = array();
foreach ($article_object['items'] as $item) {
$newGuids[] = $item['id'];
$guid = $item['id'];
$guid = filter_var($guid, FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$newGuids[] = $guid;
}
// For this feed, check existing GUIDs already in database.
$existingHashForGuids = $this->entryDAO->listHashForFeedGuids($feed->id(), $newGuids);

4
app/Models/EntryDAO.php
Unescape View File

@ -123,6 +123,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
}
$this->addEntryPrepared->bindParam(':id', $valuesTmp['id']);
$valuesTmp['guid'] = substr($valuesTmp['guid'], 0, 760);
$valuesTmp['guid'] = filter_var($valuesTmp['guid'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$this->addEntryPrepared->bindParam(':guid', $valuesTmp['guid']);
$valuesTmp['title'] = substr($valuesTmp['title'], 0, 255);
$this->addEntryPrepared->bindParam(':title', $valuesTmp['title']);
@ -130,6 +131,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$this->addEntryPrepared->bindParam(':author', $valuesTmp['author']);
$this->addEntryPrepared->bindParam(':content', $valuesTmp['content']);
$valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023);
$valuesTmp['link'] = filter_var($valuesTmp['link'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$this->addEntryPrepared->bindParam(':link', $valuesTmp['link']);
$this->addEntryPrepared->bindParam(':date', $valuesTmp['date'], PDO::PARAM_INT);
$valuesTmp['lastSeen'] = time();
@ -190,6 +192,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$this->updateEntryPrepared->bindParam(':author', $valuesTmp['author']);
$this->updateEntryPrepared->bindParam(':content', $valuesTmp['content']);
$valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023);
$valuesTmp['link'] = filter_var($valuesTmp['link'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$this->updateEntryPrepared->bindParam(':link', $valuesTmp['link']);
$this->updateEntryPrepared->bindParam(':date', $valuesTmp['date'], PDO::PARAM_INT);
$valuesTmp['lastSeen'] = time();
@ -689,6 +692,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
if (count($guids) < 1) {
return array();
}
$guids = array_unique($guids);
$sql = 'SELECT guid, ' . $this->sqlHexEncode('hash') . ' AS hex_hash FROM `' . $this->prefix . 'entry` WHERE id_feed=? AND guid IN (' . str_repeat('?,', count($guids) - 1). '?)';
$stm = $this->bd->prepare($sql);
$values = array($id_feed);

10
app/Models/FeedDAO.php
Unescape View File

@ -5,6 +5,9 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$sql = 'INSERT INTO `' . $this->prefix . 'feed` (url, category, name, website, description, `lastUpdate`, priority, `httpAuth`, error, keep_history, ttl) VALUES(?, ?, ?, ?, ?, ?, 10, ?, 0, -2, -2)';
$stm = $this->bd->prepare($sql);
$valuesTmp['url'] = filter_var($valuesTmp['url'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$valuesTmp['website'] = filter_var($valuesTmp['website'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
$values = array(
substr($valuesTmp['url'], 0, 511),
$valuesTmp['category'],
@ -55,6 +58,13 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
}
public function updateFeed($id, $valuesTmp) {
if (isset($valuesTmp['url'])) {
$valuesTmp['url'] = filter_var($valuesTmp['url'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
}
if (isset($valuesTmp['website'])) {
$valuesTmp['website'] = filter_var($valuesTmp['website'], FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
}
$set = '';
foreach ($valuesTmp as $key => $v) {
$set .= $key . '=?, ';

Write Preview
Loading…
Cancel
Save