diff options
| author | Andrew Dolgov <[email protected]> | 2013-04-02 09:03:35 +0400 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2013-04-02 09:03:35 +0400 |
| commit | 129562e0b169897cb4b6781a4b62f907c4902775 (patch) | |
| tree | 9c7e628754e908565214254b68aaa57b897c0995 /classes/opml.php | |
| parent | 0671359f2831609123e9ddf8541db71f255fa5dc (diff) | |
opml: add some data length limiting
Diffstat (limited to 'classes/opml.php')
| -rw-r--r-- | classes/opml.php | 14 |
1 files changed, 7 insertions, 7 deletions
diff --git a/classes/opml.php b/classes/opml.php index 4c188de5e..7a49f757c 100644 --- a/classes/opml.php +++ b/classes/opml.php @@ -253,13 +253,13 @@ class Opml extends Handler_Protected { private function opml_import_feed($doc, $node, $cat_id, $owner_uid) { $attrs = $node->attributes; - $feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue); - if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue); + $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250)); + if (!$feed_title) $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250)); - $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue); - if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue); + $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250)); + if (!$feed_url) $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250)); - $site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue); + $site_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250)); if ($feed_url && $feed_title) { $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE @@ -386,10 +386,10 @@ class Opml extends Handler_Protected { $default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false); if ($root_node) { - $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue); + $cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250)); if (!$cat_title) - $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue); + $cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250)); if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) { $cat_id = get_feed_category($this->link, $cat_title, $parent_id); |