Revert "sanitize article content when importing data from feed"

This reverts commit c7fe1b4e9e. Conflicts: include/functions.php include/rssfuncs.php
12 years ago · b3682750bb
parent d372d2bbab
commit b3682750bb
5 changed files with 17 additions and 8 deletions
--- a/classes/feeds.php
+++ b/classes/feeds.php
@ -628,8 +628,10 @@ class Feeds extends Handler_Protected {
 						}
 					}

-#					$feed_site_url = $line["site_url"];
-					$article_content = $line["content_preview"];
+					$feed_site_url = $line["site_url"];
+
+					$article_content = sanitize($this->link, $line["content_preview"],
+							false, false, $feed_site_url);

 					$reply['content'] .= "<div id=\"POSTNOTE-$id\">";
 					if ($line['note']) {
--- a/classes/handler/public.php
+++ b/classes/handler/public.php
@ -61,7 +61,7 @@ class Handler_Public extends Handler {
 				$tpl->setVariable('ARTICLE_EXCERPT',
 					truncate_string(strip_tags($line["content_preview"]), 100, '...'), true);

-				$content = $line["content_preview"];
+				$content = sanitize($this->link, $line["content_preview"], false, $owner_uid);

 				if ($line['note']) {
 					$content = "<div style=\"$note_style\">Article note: " . $line['note'] . "</div>" .
@ -132,7 +132,7 @@ class Handler_Public extends Handler {
 				$article['link']	= $line['link'];
 				$article['title'] = $line['title'];
 				$article['excerpt'] = truncate_string(strip_tags($line["content_preview"]), 100, '...');
-				$article['content'] = $line["content_preview"];
+				$article['content'] = sanitize($this->link, $line["content_preview"], false, $owner_uid);
 				$article['updated'] = date('c', strtotime($line["updated"]));

 				if ($line['note']) $article['note'] = $line['note'];
--- a/classes/rpc.php
+++ b/classes/rpc.php
@ -584,7 +584,7 @@ class RPC extends Handler_Protected {
 			FROM ttrss_entries, ttrss_user_entries
 			WHERE id = '$article_id' AND ref_id = id AND owner_uid = ".$_SESSION['uid']);

-		$content = db_fetch_result($result, 0, "content");
+		$content = sanitize($this->link, db_fetch_result($result, 0, "content"));
 		$title = strip_tags(db_fetch_result($result, 0, "title"));
 		$article_url = htmlspecialchars(db_fetch_result($result, 0, "link"));
 		$marked = sql_bool_to_bool(db_fetch_result($result, 0, "marked"));
--- a/include/functions.php
+++ b/include/functions.php
@ -2686,7 +2686,7 @@

 	}

-	function sanitize($link, $str, $owner = false, $site_url = false) {
+	function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
 		if (!$owner) $owner = $_SESSION["uid"];

 		$res = trim($str); if (!$res) return '';
@ -3626,6 +3626,13 @@
 		}
 	} // function encrypt_password

+	function sanitize_article_content($text) {
+		# we don't support CDATA sections in articles, they break our own escaping
+		$text = preg_replace("/\[\[CDATA/", "", $text);
+		$text = preg_replace("/\]\]\>/", "", $text);
+		return db_escape_string($text, false);
+	}
+
 	function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
 		$filters = array();

--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@ -770,8 +770,8 @@
 				}

 				# sanitize content
-				$entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url));
-				$entry_title = db_escape_string(strip_tags($entry_title));
+				$entry_content = sanitize_article_content($entry_content);
+				$entry_title = sanitize_article_content($entry_title);

 				if ($debug_enabled) {
 					_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");