diff options
Diffstat (limited to 'include')
-rw-r--r-- | include/functions.php | 13 | ||||
-rw-r--r-- | include/rssfuncs.php | 5 |
2 files changed, 7 insertions, 11 deletions
diff --git a/include/functions.php b/include/functions.php index f607cb3cc..a8f42d6d5 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2686,11 +2686,15 @@ } - function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { + function sanitize($link, $str, $owner = false, $site_url = false) { if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; + # we don't support CDATA sections in articles, they break our own escaping + $res = preg_replace("/\[\[CDATA/", "", $res); + $res = preg_replace("/\]\]\>/", "", $res); + $config = array('safe' => 1, 'deny_attribute' => 'style'); $res = htmLawed($res, $config); @@ -3626,13 +3630,6 @@ } } // function encrypt_password - function sanitize_article_content($text) { - # we don't support CDATA sections in articles, they break our own escaping - $text = preg_replace("/\[\[CDATA/", "", $text); - $text = preg_replace("/\]\]\>/", "", $text); - return $text; - } - function load_filters($link, $feed_id, $owner_uid, $action_id = false) { $filters = array(); diff --git a/include/rssfuncs.php b/include/rssfuncs.php index 14fa5f348..af62a5041 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -770,9 +770,8 @@ } # sanitize content - - $entry_content = sanitize_article_content($entry_content); - $entry_title = sanitize_article_content($entry_title); + $entry_content = sanitize($link, $entry_content, $owner_uid, $site_url); + $entry_title = strip_tags($entry_title); if ($debug_enabled) { _debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); |