xingcheng
/
FreshRSS
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix sanitize feed description (#3222)

Browse Source 
* Fix sanitize feed description

#fix https://github.com/FreshRSS/FreshRSS/issues/3221

* Simplification
pull/3226/head
Alexandre Alapetite 4 years ago committed by GitHub
parent 191cda42e6
commit f33e261163
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 14 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      app/Models/FeedDAO.php
  2. 2
      app/views/helpers/feed/update.phtml
  3. 15
      lib/lib_rss.php

2
app/Models/FeedDAO.php
Unescape View File

@ -62,7 +62,7 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$valuesTmp['category'],
mb_strcut(trim($valuesTmp['name']), 0, FreshRSS_DatabaseDAO::LENGTH_INDEX_UNICODE, 'UTF-8'),
substr($valuesTmp['website'], 0, 255),
mb_strcut($valuesTmp['description'], 0, 1023, 'UTF-8'),
sanitizeHTML($valuesTmp['description'], '', 1023),
$valuesTmp['lastUpdate'],
isset($valuesTmp['priority']) ? intval($valuesTmp['priority']) : FreshRSS_Feed::PRIORITY_MAIN_STREAM,
mb_strcut($valuesTmp['pathEntries'], 0, 511, 'UTF-8'),

2
app/views/helpers/feed/update.phtml
Unescape View File

@ -7,7 +7,7 @@
<a href="<?= _url('stats', 'repartition', 'id', $this->feed->id()) ?>"><?= _i('stats') ?> <?= _t('sub.feed.stats') ?></a>
</div>
<p><?= $this->feed->description() ?></p>
<p><?= sanitizeHTML($this->feed->description()) ?></p>
<?php $nbEntries = $this->feed->nbEntries(); ?>

15
lib/lib_rss.php
Unescape View File

@ -241,16 +241,25 @@ function customSimplePie($attributes = array()) {
return $simplePie;
}
function sanitizeHTML($data, $base = '') {
if (!is_string($data)) {
function sanitizeHTML($data, $base = '', $maxLength = false) {
if (!is_string($data) || ($maxLength !== false && $maxLength <= 0)) {
return '';
}
if ($maxLength !== false) {
$data = mb_strcut($data, 0, $maxLength, 'UTF-8');
}
static $simplePie = null;
if ($simplePie == null) {
$simplePie = customSimplePie();
$simplePie->init();
}
return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
$result = html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
if ($maxLength !== false && strlen($result) > $maxLength) {
//Sanitizing has made the result too long so try again shorter
$data = mb_strcut($result, 0, (2 * $maxLength) - strlen($result) - 2, 'UTF-8');
return sanitizeHTML($data, $base, $maxLength);
}
return $result;
}
/**

Write Preview
Loading…
Cancel
Save