首頁 探索 說明
登入
LBP
/
FressRSS
镜像来自 https://github.com/FreshRSS/FreshRSS.git
4
0
複刻 0
檔案 問題管理 0 Wiki
瀏覽代碼

Compatibilité contenu HTML pour Feed->description

Implémente https://github.com/marienfressinaud/FreshRSS/issues/325
Alexandre Alapetite 12 年之前
父節點
f3a50c3ce8
當前提交
3dc50cbd66
共有 2 個文件被更改,包括 14 次插入6 次删除
分割檢視 顯示文件統計
  1. 1 1
      app/Controllers/configureController.php
  2. 13 5
      lib/lib_rss.php

+ 1 - 1
app/Controllers/configureController.php
查看文件 

@@ -94,7 +94,7 @@ class FreshRSS_configure_Controller extends Minz_ActionController {
 
 			} else {
 
 				if (Minz_Request::isPost () && $this->view->flux) {
 
 					$name = Minz_Request::param ('name', '');
 
-					$description = Minz_Request::param('description', '');
 
+					$description = sanitizeHTML(Minz_Request::param('description', '', true));
 
 					$website = Minz_Request::param('website', '');
 
 					$url = Minz_Request::param('url', '');
 
 					$hist = Minz_Request::param ('keep_history', 'no');

+ 13 - 5
lib/lib_rss.php
查看文件 

@@ -136,6 +136,14 @@ function html_only_entity_decode($text) {
 
 	return strtr($text, $htmlEntitiesOnly);
 
 }
 
 
+function sanitizeHTML($data) {
 
+	static $simplePie = null;
 
+	if ($simplePie == null) {
 
+		$simplePie = new SimplePie();
 
+	}
 
+	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_MAYBE_HTML));
 
+}
 
+
 
 function opml_import ($xml) {
 
 	$xml = html_only_entity_decode($xml);	//!\ Assume UTF-8
 
 
@@ -176,7 +184,7 @@ function opml_import ($xml) {
 
 				// alors qu'il existe déjà la catégorie X mais avec l'id Z
 
 				// Y ne sera pas ajouté et le flux non plus vu que l'id
 
 				// de sa catégorie n'exisera pas
 
-				$title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8');
 
+				$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8');
 
 				$catDAO = new FreshRSS_CategoryDAO ();
 
 				$cat = $catDAO->searchByName ($title);
 
 				if ($cat === false) {
 
@@ -221,22 +229,22 @@ function getFeedsOutline ($outline, $cat_id) {
 
 
 function getFeed ($outline, $cat_id) {
 
 	$url = (string) $outline['xmlUrl'];
 
-	$url = htmlspecialchars($url, ENT_QUOTES, 'UTF-8');
 
+	$url = htmlspecialchars($url, ENT_COMPAT, 'UTF-8');
 
 	$title = '';
 
 	if (isset ($outline['text'])) {
 
 		$title = (string) $outline['text'];
 
 	} elseif (isset ($outline['title'])) {
 
 		$title = (string) $outline['title'];
 
 	}
 
-	$title = htmlspecialchars($title, ENT_QUOTES, 'UTF-8');
 
+	$title = htmlspecialchars($title, ENT_COMPAT, 'UTF-8');
 
 	$feed = new FreshRSS_Feed ($url);
 
 	$feed->_category ($cat_id);
 
 	$feed->_name ($title);
 
 	if (isset($outline['htmlUrl'])) {
 
-		$feed->_website(htmlspecialchars((string)$outline['htmlUrl'], ENT_QUOTES, 'UTF-8'));
 
+		$feed->_website(htmlspecialchars((string)$outline['htmlUrl'], ENT_COMPAT, 'UTF-8'));
 
 	}
 
 	if (isset($outline['description'])) {
 
-		$feed->_description((string)$outline['description']);
 
+		$feed->_description(sanitizeHTML((string)$outline['description']));
 
 	}
 
 	return $feed;
 
 }