diff options
author | Andrew Dolgov <[email protected]> | 2012-10-29 12:17:28 +0400 |
---|---|---|
committer | Andrew Dolgov <[email protected]> | 2012-10-29 12:17:28 +0400 |
commit | b3682750bb59382681dafda3776e9e100e39d4e2 (patch) | |
tree | 2d70070d32d9105c4818e37c9b7f0dab25ae1355 /include | |
parent | d372d2bbab49c3056eab01cab4b6ec3271544657 (diff) |
Revert "sanitize article content when importing data from feed"
This reverts commit c7fe1b4e9e392e0b9ffa55151c43ea7e2e2ee709.
Conflicts:
include/functions.php
include/rssfuncs.php
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 9 | ||||
-rw-r--r-- | include/rssfuncs.php | 4 |
2 files changed, 10 insertions, 3 deletions
diff --git a/include/functions.php b/include/functions.php index 2994dd438..7a5211b5a 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2686,7 +2686,7 @@ } - function sanitize($link, $str, $owner = false, $site_url = false) { + function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; @@ -3626,6 +3626,13 @@ } } // function encrypt_password + function sanitize_article_content($text) { + # we don't support CDATA sections in articles, they break our own escaping + $text = preg_replace("/\[\[CDATA/", "", $text); + $text = preg_replace("/\]\]\>/", "", $text); + return db_escape_string($text, false); + } + function load_filters($link, $feed_id, $owner_uid, $action_id = false) { $filters = array(); diff --git a/include/rssfuncs.php b/include/rssfuncs.php index e413743b6..fbe671ca4 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -770,8 +770,8 @@ } # sanitize content - $entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url)); - $entry_title = db_escape_string(strip_tags($entry_title)); + $entry_content = sanitize_article_content($entry_content); + $entry_title = sanitize_article_content($entry_title); if ($debug_enabled) { _debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); |