Revert "sanitize article content when importing data from feed"

This reverts commit c7fe1b4e9e392e0b9ffa55151c43ea7e2e2ee709.

Conflicts:
	include/functions.php
	include/rssfuncs.php

2 files changed, 10 insertions, 3 deletions

diff --git a/include/functions.php b/include/functions.php
index 2994dd438..7a5211b5a 100644
--- a/include/functions.php
+++ b/include/functions.php
@@ -2686,7 +2686,7 @@
 
 	}
 
-	function sanitize($link, $str, $owner = false, $site_url = false) {
+	function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) {
 		if (!$owner) $owner = $_SESSION["uid"];
 
 		$res = trim($str); if (!$res) return '';
@@ -3626,6 +3626,13 @@
 		}
 	} // function encrypt_password
 
+	function sanitize_article_content($text) {
+		# we don't support CDATA sections in articles, they break our own escaping
+		$text = preg_replace("/\[\[CDATA/", "", $text);
+		$text = preg_replace("/\]\]\>/", "", $text);
+		return db_escape_string($text, false);
+	}
+
 	function load_filters($link, $feed_id, $owner_uid, $action_id = false) {
 		$filters = array();
 
diff --git a/include/rssfuncs.php b/include/rssfuncs.php
index e413743b6..fbe671ca4 100644
--- a/include/rssfuncs.php
+++ b/include/rssfuncs.php
@@ -770,8 +770,8 @@
 				}
 
 				# sanitize content
-				$entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url));
-				$entry_title = db_escape_string(strip_tags($entry_title));
+				$entry_content = sanitize_article_content($entry_content);
+				$entry_title = sanitize_article_content($entry_title);
 
 				if ($debug_enabled) {
 					_debug("update_rss_feed: done collecting data [TITLE:$entry_title]");