Ana Sayfa Keşfet Yardım
Giriş Yap
LBP
/
FressRSS
şunun yansıması https://github.com/FreshRSS/FreshRSS.git
4
0
Çatalla 0
Dosyalar Sorunlar 0 Wiki
Kaynağa Gözat

Fix sanitize feed description (#3222)

* Fix sanitize feed description

#fix https://github.com/FreshRSS/FreshRSS/issues/3221

* Simplification
Alexandre Alapetite 5 yıl önce
ebeveyn
191cda42e6
işleme
f33e261163
3 değiştirilmiş dosya ile 14 ekleme ve 5 silme
Görünümü Böl Farklılık Durumunu Göster
  1. 1 1
      app/Models/FeedDAO.php
  2. 1 1
      app/views/helpers/feed/update.phtml
  3. 12 3
      lib/lib_rss.php

+ 1 - 1
app/Models/FeedDAO.php
Dosyayı Görüntüle 

@@ -62,7 +62,7 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
 
 			$valuesTmp['category'],
 
 			mb_strcut(trim($valuesTmp['name']), 0, FreshRSS_DatabaseDAO::LENGTH_INDEX_UNICODE, 'UTF-8'),
 
 			substr($valuesTmp['website'], 0, 255),
 
-			mb_strcut($valuesTmp['description'], 0, 1023, 'UTF-8'),
 
+			sanitizeHTML($valuesTmp['description'], '', 1023),
 
 			$valuesTmp['lastUpdate'],
 
 			isset($valuesTmp['priority']) ? intval($valuesTmp['priority']) : FreshRSS_Feed::PRIORITY_MAIN_STREAM,
 
 			mb_strcut($valuesTmp['pathEntries'], 0, 511, 'UTF-8'),

+ 1 - 1
app/views/helpers/feed/update.phtml
Dosyayı Görüntüle 

@@ -7,7 +7,7 @@
 
 		<a href="<?= _url('stats', 'repartition', 'id', $this->feed->id()) ?>"><?= _i('stats') ?> <?= _t('sub.feed.stats') ?></a>
 
 	</div>
 
 
-	<p><?= $this->feed->description() ?></p>
 
+	<p><?= sanitizeHTML($this->feed->description()) ?></p>
 
 
 	<?php $nbEntries = $this->feed->nbEntries(); ?>

+ 12 - 3
lib/lib_rss.php
Dosyayı Görüntüle 

@@ -241,16 +241,25 @@ function customSimplePie($attributes = array()) {
 
 	return $simplePie;
 
 }
 
 
-function sanitizeHTML($data, $base = '') {
 
-	if (!is_string($data)) {
 
+function sanitizeHTML($data, $base = '', $maxLength = false) {
 
+	if (!is_string($data) || ($maxLength !== false && $maxLength <= 0)) {
 
 		return '';
 
 	}
 
+	if ($maxLength !== false) {
 
+		$data = mb_strcut($data, 0, $maxLength, 'UTF-8');
 
+	}
 
 	static $simplePie = null;
 
 	if ($simplePie == null) {
 
 		$simplePie = customSimplePie();
 
 		$simplePie->init();
 
 	}
 
-	return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
 
+	$result = html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
 
+	if ($maxLength !== false && strlen($result) > $maxLength) {
 
+		//Sanitizing has made the result too long so try again shorter
 
+		$data = mb_strcut($result, 0, (2 * $maxLength) - strlen($result) - 2, 'UTF-8');
 
+		return sanitizeHTML($data, $base, $maxLength);
 
+	}
 
+	return $result;
 
 }
 
 
 /**