mirror/FreshRSS
0
0
Fork 0
mirror of https://github.com/FreshRSS/FreshRSS.git synced 2026-05-13 17:53:56 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix sanitize feed description (#3222)

Browse Source 
* Fix sanitize feed description

#fix https://github.com/FreshRSS/FreshRSS/issues/3221

* Simplification
This commit is contained in:
Alexandre Alapetite
2020-10-11 13:32:23 +02:00
committed by GitHub
parent 191cda42e6
commit f33e261163
3 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app/Models/FeedDAO.php
View File

@@ -62,7 +62,7 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable {
$valuesTmp['category'],
mb_strcut(trim($valuesTmp['name']), 0, FreshRSS_DatabaseDAO::LENGTH_INDEX_UNICODE, 'UTF-8'),
substr($valuesTmp['website'], 0, 255),
mb_strcut($valuesTmp['description'], 0, 1023, 'UTF-8'),
sanitizeHTML($valuesTmp['description'], '', 1023),
$valuesTmp['lastUpdate'],
isset($valuesTmp['priority']) ? intval($valuesTmp['priority']) : FreshRSS_Feed::PRIORITY_MAIN_STREAM,
mb_strcut($valuesTmp['pathEntries'], 0, 511, 'UTF-8'),

2
app/views/helpers/feed/update.phtml
View File

@@ -7,7 +7,7 @@
<a href="<?= _url('stats', 'repartition', 'id', $this->feed->id()) ?>"><?= _i('stats') ?> <?= _t('sub.feed.stats') ?></a>
</div>
<p><?= $this->feed->description() ?></p>
<p><?= sanitizeHTML($this->feed->description()) ?></p>
<?php $nbEntries = $this->feed->nbEntries(); ?>

15
lib/lib_rss.php
View File

@@ -241,16 +241,25 @@ function customSimplePie($attributes = array()) {
return $simplePie;
}
function sanitizeHTML($data, $base = '') {
if (!is_string($data)) {
function sanitizeHTML($data, $base = '', $maxLength = false) {
if (!is_string($data) || ($maxLength !== false && $maxLength <= 0)) {
return '';
}
if ($maxLength !== false) {
$data = mb_strcut($data, 0, $maxLength, 'UTF-8');
}
static $simplePie = null;
if ($simplePie == null) {
$simplePie = customSimplePie();
$simplePie->init();
}
return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
$result = html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base));
if ($maxLength !== false && strlen($result) > $maxLength) {
//Sanitizing has made the result too long so try again shorter
$data = mb_strcut($result, 0, (2 * $maxLength) - strlen($result) - 2, 'UTF-8');
return sanitizeHTML($data, $base, $maxLength);
}
return $result;
}
/**