1 files changed, 28 insertions, 5 deletions

diff --git a/classes/article.php b/classes/article.php
index c23a1b820..67b1a4a05 100755
--- a/classes/article.php
+++ b/classes/article.php
@@ -306,9 +306,9 @@ class Article extends Handler_Protected {
 			$sth->execute([$int_id, $_SESSION['uid']]);
 
 			foreach ($tags as $tag) {
-				$tag = sanitize_tag($tag);
+				$tag = Article::sanitize_tag($tag);
 
-				if (!tag_is_valid($tag)) {
+				if (!Article::tag_is_valid($tag)) {
 					continue;
 				}
 
@@ -446,7 +446,7 @@ class Article extends Handler_Protected {
 			foreach ($result as $line) {
 
 				foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_ENCLOSURE_ENTRY) as $plugin) {
-					$line = $plugin->hook_enclosure_entry($line);
+					$line = $plugin->hook_enclosure_entry($line, $id);
 				}
 
 				$url = $line["content_url"];
@@ -673,10 +673,12 @@ class Article extends Handler_Protected {
 
 		$rv = array();
 
+		$cache = new DiskCache("images");
+
 		while ($line = $sth->fetch()) {
 
-			if (file_exists(CACHE_DIR . '/images/' . sha1($line["content_url"]))) {
-				$line["content_url"] = get_self_url_prefix() . '/public.php?op=cached_url&hash=' . sha1($line["content_url"]);
+			if ($cache->exists(sha1($line["content_url"]))) {
+				$line["content_url"] = $cache->getUrl(sha1($line["content_url"]));
 			}
 
 			array_push($rv, $line);
@@ -800,4 +802,25 @@ class Article extends Handler_Protected {
 		return $rv;
 	}
 
+	static function sanitize_tag($tag) {
+		$tag = trim($tag);
+
+		$tag = mb_strtolower($tag, 'utf-8');
+
+		$tag = preg_replace('/[,\'\"\+\>\<]/', "", $tag);
+
+		if (DB_TYPE == "mysql") {
+			$tag = preg_replace('/[\x{10000}-\x{10FFFF}]/u', "\xEF\xBF\xBD", $tag);
+		}
+
+		return $tag;
+	}
+
+	static function tag_is_valid($tag) {
+		if (!$tag || is_numeric($tag) || mb_strlen($tag) > 250)
+			return false;
+
+		return true;
+	}
+
 }