|
|
@@ -786,13 +786,12 @@
|
|
|
|
|
|
<div class="form-group">
|
|
|
<?php
|
|
|
- /** @var array<int,int|string> $curlParams */
|
|
|
- $curlParams = $this->feed->attributeArray('curl_params') ?? [];
|
|
|
+ $curlParams = FreshRSS_http_Util::sanitizeCurlParams($this->feed->attributeArray('curl_params') ?? []);
|
|
|
?>
|
|
|
<label class="group-name" for="curl_params_cookie"><?= _t('sub.feed.css_cookie') ?></label>
|
|
|
<div class="group-controls">
|
|
|
<input type="text" name="curl_params_cookie" id="curl_params_cookie" class="w100" value="<?=
|
|
|
- htmlspecialchars((string)($curlParams[CURLOPT_COOKIE] ?? ''), ENT_COMPAT, 'UTF-8')
|
|
|
+ htmlspecialchars(is_string($curlParams[CURLOPT_COOKIE] ?? null) ? $curlParams[CURLOPT_COOKIE] : '', ENT_COMPAT, 'UTF-8')
|
|
|
?>" placeholder="<?= _t('gen.short.blank_to_disable') ?>" />
|
|
|
<p class="help"><?= _i('help') ?> <?= _t('sub.feed.css_cookie_help') ?></p>
|
|
|
<label for="curl_params_cookiefile">
|
|
|
@@ -809,7 +808,7 @@
|
|
|
<label class="group-name" for="curl_params_redirects"><?= _t('sub.feed.max_http_redir') ?></label>
|
|
|
<div class="group-controls">
|
|
|
<input type="number" name="curl_params_redirects" id="curl_params_redirects" class="w50" min="-1" value="<?=
|
|
|
- !empty($curlParams[CURLOPT_MAXREDIRS]) ? $curlParams[CURLOPT_MAXREDIRS] : ''
|
|
|
+ is_int($curlParams[CURLOPT_MAXREDIRS] ?? null) ? $curlParams[CURLOPT_MAXREDIRS] : ''
|
|
|
?>" placeholder="<?= _t('gen.short.blank_to_disable') ?>" />
|
|
|
<p class="help"><?= _i('help') ?> <?= _t('sub.feed.max_http_redir_help') ?></p>
|
|
|
</div>
|
|
|
@@ -830,7 +829,7 @@
|
|
|
<label class="group-name" for="curl_params_useragent"><?= _t('sub.feed.useragent') ?></label>
|
|
|
<div class="group-controls">
|
|
|
<input type="text" name="curl_params_useragent" id="curl_params_useragent" class="w100" value="<?=
|
|
|
- htmlspecialchars((string)($curlParams[CURLOPT_USERAGENT] ?? ''), ENT_COMPAT, 'UTF-8')
|
|
|
+ htmlspecialchars(is_string($curlParams[CURLOPT_USERAGENT] ?? null) ? $curlParams[CURLOPT_USERAGENT] : '', ENT_COMPAT, 'UTF-8')
|
|
|
?>" placeholder="<?= _t('gen.short.by_default') ?>" />
|
|
|
<p class="help"><?= _i('help') ?> <?= _t('sub.feed.useragent_help') ?></p>
|
|
|
</div>
|
|
|
@@ -853,7 +852,7 @@
|
|
|
?>
|
|
|
</select>
|
|
|
<input type="text" name="curl_params" id="curl_params" value="<?=
|
|
|
- htmlspecialchars((string)($curlParams[CURLOPT_PROXY] ?? ''), ENT_COMPAT, 'UTF-8')
|
|
|
+ htmlspecialchars(is_string($curlParams[CURLOPT_PROXY] ?? null) ? $curlParams[CURLOPT_PROXY] : '', ENT_COMPAT, 'UTF-8')
|
|
|
?>" placeholder="<?= _t('gen.short.by_default') ?>" />
|
|
|
<p class="help"><?= _i('help') ?> <?= _t('sub.feed.proxy_help') ?></p>
|
|
|
</div>
|
|
|
@@ -864,7 +863,7 @@
|
|
|
<div class="group-controls">
|
|
|
<select class="number" name="curl_method" id="curl_method"><?php
|
|
|
$curl_method = 'GET';
|
|
|
- if ($this->feed->attributeArray('curl_params') !== null && !empty($this->feed->attributeArray('curl_params')[CURLOPT_POST])) {
|
|
|
+ if (!empty($curlParams[CURLOPT_POST])) {
|
|
|
$curl_method = 'POST';
|
|
|
}
|
|
|
foreach (['GET' => 'GET', 'POST' => 'POST'] as $k => $v) {
|
|
|
@@ -874,7 +873,7 @@
|
|
|
</select>
|
|
|
<div class="stick">
|
|
|
<?php
|
|
|
- $postFields = $this->feed->attributeArray('curl_params')[CURLOPT_POSTFIELDS] ?? '';
|
|
|
+ $postFields = $curlParams[CURLOPT_POSTFIELDS] ?? '';
|
|
|
if (!is_string($postFields)) {
|
|
|
$postFields = '';
|
|
|
}
|
|
|
@@ -909,14 +908,11 @@
|
|
|
<label class="group-name" for="http_headers"><?= _t('sub.feed.http_headers') ?></label>
|
|
|
<div class="group-controls">
|
|
|
<?php
|
|
|
- $httpHeaders = $this->feed->attributeArray('curl_params')[CURLOPT_HTTPHEADER] ?? [];
|
|
|
+ $httpHeaders = $curlParams[CURLOPT_HTTPHEADER] ?? [];
|
|
|
if (!is_array($httpHeaders)) {
|
|
|
$httpHeaders = [];
|
|
|
}
|
|
|
$httpHeaders = array_filter($httpHeaders, 'is_string');
|
|
|
- // Remove headers problematic for security
|
|
|
- $httpHeaders = array_filter($httpHeaders,
|
|
|
- fn(string $header) => !preg_match('/^(Remote-User|X-WebAuth-User)\\s*:/i', $header));
|
|
|
?>
|
|
|
<textarea class="w100" id="http_headers" name="http_headers" rows="3" spellcheck="false"><?php
|
|
|
foreach ($httpHeaders as $header) {
|