sanitize article content when importing data from feed

2 files changed, 7 insertions, 11 deletions

diff --git a/include/functions.php b/include/functions.php
index f607cb3cc..a8f42d6d5 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2686,11 +2686,15 @@
 
 	}
 
-	function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
+	function sanitize($link, $str, $owner = false, $site_url = false) {
 		if (!$owner) $owner = $_SESSION["uid"];
 
 		$res = trim($str); if (!$res) return '';
 
+		# we don't support CDATA sections in articles, they break our own escaping
+		$res = preg_replace("/\[\[CDATA/", "", $res);
+		$res = preg_replace("/\]\]\>/", "", $res);
+
 		$config = array('safe' => 1, 'deny_attribute' => 'style');
 		$res = htmLawed($res, $config);
 
@@ -3626,13 +3630,6 @@
 		}
 	} // function encrypt_password
 
-	function sanitize_article_content($text) {
-		# we don't support CDATA sections in articles, they break our own escaping
-		$text = preg_replace("/\[\[CDATA/", "", $text);
-		$text = preg_replace("/\]\]\>/", "", $text);
-		return $text;
-	}
-
 	function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
 		$filters = array();
 
diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index 14fa5f348..af62a5041 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -770,9 +770,8 @@
 				}
 
 				# sanitize content
-
-				$entry_content = sanitize_article_content($entry_content);
-				$entry_title = sanitize_article_content($entry_title);
+				$entry_content = sanitize($link, $entry_content, $owner_uid, $site_url);
+				$entry_title = strip_tags($entry_title);
 
 				if ($debug_enabled) {
 					_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");