mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-04-20 22:37:24 -04:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1335 from Alkarex/guid-ascii-bug

Browse Source 
guid and urls should not contain low/high characters
This commit is contained in:
Alexandre Alapetite
2016-10-20 11:38:58 +02:00
committed by GitHub
parent 8a45743b90 7f2b0439ec
commit 9ffd56ea68
5 changed files with 19 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Controllers/feedController.php
View File

@@ -314,7 +314,7 @@ class FreshRSS_feed_Controller extends Minz_ActionController {
if (count($entries) > 0) {
$newGuids = array();
foreach ($entries as $entry) {
$newGuids[] = $entry->guid();
$newGuids[] = safe_ascii($entry->guid());
}
// For this feed, check existing GUIDs already in database.
$existingHashForGuids = $entryDAO->listHashForFeedGuids($feed->id(), $newGuids);

2
app/Controllers/importExportController.php
View File

@@ -362,7 +362,7 @@ class FreshRSS_importExport_Controller extends Minz_ActionController {
$newGuids = array();
foreach ($article_object['items'] as $item) {
$newGuids[] = $item['id'];
$newGuids[] = safe_ascii($item['id']);
}
// For this feed, check existing GUIDs already in database.
$existingHashForGuids = $this->entryDAO->listHashForFeedGuids($feed->id(), $newGuids);

4
app/Models/EntryDAO.php
View File

@@ -123,6 +123,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
}
$this->addEntryPrepared->bindParam(':id', $valuesTmp['id']);
$valuesTmp['guid'] = substr($valuesTmp['guid'], 0, 760);
$valuesTmp['guid'] = safe_ascii($valuesTmp['guid']);
$this->addEntryPrepared->bindParam(':guid', $valuesTmp['guid']);
$valuesTmp['title'] = substr($valuesTmp['title'], 0, 255);
$this->addEntryPrepared->bindParam(':title', $valuesTmp['title']);
@@ -130,6 +131,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$this->addEntryPrepared->bindParam(':author', $valuesTmp['author']);
$this->addEntryPrepared->bindParam(':content', $valuesTmp['content']);
$valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023);
$valuesTmp['link'] = safe_ascii($valuesTmp['link']);
$this->addEntryPrepared->bindParam(':link', $valuesTmp['link']);
$this->addEntryPrepared->bindParam(':date', $valuesTmp['date'], PDO::PARAM_INT);
$valuesTmp['lastSeen'] = time();
@@ -190,6 +192,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$this->updateEntryPrepared->bindParam(':author', $valuesTmp['author']);
$this->updateEntryPrepared->bindParam(':content', $valuesTmp['content']);
$valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023);
$valuesTmp['link'] = safe_ascii($valuesTmp['link']);
$this->updateEntryPrepared->bindParam(':link', $valuesTmp['link']);
$this->updateEntryPrepared->bindParam(':date', $valuesTmp['date'], PDO::PARAM_INT);
$valuesTmp['lastSeen'] = time();
@@ -689,6 +692,7 @@ class FreshRSS_EntryDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
if (count($guids) < 1) {
return array();
}
$guids = array_unique($guids);
$sql = 'SELECT guid, ' . $this->sqlHexEncode('hash') . ' AS hex_hash FROM `' . $this->prefix . 'entry` WHERE id_feed=? AND guid IN (' . str_repeat('?,', count($guids) - 1). '?)';
$stm = $this->bd->prepare($sql);
$values = array($id_feed);

10
app/Models/FeedDAO.php
View File

@@ -5,6 +5,9 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$sql = 'INSERT INTO `' . $this->prefix . 'feed` (url, category, name, website, description, `lastUpdate`, priority, `httpAuth`, error, keep_history, ttl) VALUES(?, ?, ?, ?, ?, ?, 10, ?, 0, -2, -2)';
$stm = $this->bd->prepare($sql);
$valuesTmp['url'] = safe_ascii($valuesTmp['url']);
$valuesTmp['website'] = safe_ascii($valuesTmp['website']);
$values = array(
substr($valuesTmp['url'], 0, 511),
$valuesTmp['category'],
@@ -55,6 +58,13 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
}
public function updateFeed($id, $valuesTmp) {
if (isset($valuesTmp['url'])) {
$valuesTmp['url'] = safe_ascii($valuesTmp['url']);
}
if (isset($valuesTmp['website'])) {
$valuesTmp['website'] = safe_ascii($valuesTmp['website']);
}
$set = '';
foreach ($valuesTmp as $key => $v) {
$set .= $key . '=?, ';

3
lib/lib_rss.php
View File

@@ -83,6 +83,9 @@ function checkUrl($url) {
}
}
function safe_ascii($text) {
return filter_var($text, FILTER_DEFAULT, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH);
}
/**
* Test if a given server address is publicly accessible.