diff options
author | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2017-12-03 23:35:38 +0300 |
commit | e6532439d68234d86176e4d967609d68dd564c1d (patch) | |
tree | 6b5336fc8ea97ab3ecb1db547189b63ae1cd6120 /classes/rssutils.php | |
parent | 7c6f7bb0aa50f42fd697fbe82dc9b8b5931a3a52 (diff) |
force strip_tags() on all user input unless explicitly allowed
Diffstat (limited to 'classes/rssutils.php')
-rw-r--r-- | classes/rssutils.php | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/classes/rssutils.php b/classes/rssutils.php index bd5991472..b5ff63d32 100644 --- a/classes/rssutils.php +++ b/classes/rssutils.php @@ -304,7 +304,7 @@ class RSSUtils { */ static function update_rss_feed($feed, $no_cache = false) { - $debug_enabled = defined('DAEMON_EXTENDED_DEBUG') || $_REQUEST['xdebug']; + $debug_enabled = defined('DAEMON_EXTENDED_DEBUG') || clean($_REQUEST['xdebug']); _debug_suppress(!$debug_enabled); _debug("start", $debug_enabled); @@ -591,7 +591,7 @@ class RSSUtils { foreach ($items as $item) { $pdo->beginTransaction(); - if ($_REQUEST['xdebug'] == 3) { + if (clean($_REQUEST['xdebug']) == 3) { print_r($item); } @@ -640,7 +640,7 @@ class RSSUtils { $entry_content = $item->get_content(); if (!$entry_content) $entry_content = $item->get_description(); - if ($_REQUEST["xdebug"] == 2) { + if (clean($_REQUEST["xdebug"]) == 2) { print "content: "; print htmlspecialchars($entry_content); print "\n"; @@ -749,7 +749,7 @@ class RSSUtils { $entry_plugin_data .= mb_strtolower(get_class($plugin)) . ","; } - if ($_REQUEST["xdebug"] == 2) { + if (clean($_REQUEST["xdebug"]) == 2) { print "processed content: "; print htmlspecialchars($article["content"]); print "\n"; |