From db9e00e3395437258536df6cc8320627f873202e Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 29 Oct 2012 16:01:41 +0400 Subject: api: sanitize article content --- classes/api.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'classes') diff --git a/classes/api.php b/classes/api.php index 744e67ce6..6e5ed4aa8 100644 --- a/classes/api.php +++ b/classes/api.php @@ -187,6 +187,7 @@ class API extends Handler { $include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]); $since_id = (int)db_escape_string($_REQUEST["since_id"]); $include_nested = (bool)db_escape_string($_REQUEST["include_nested"]); + $sanitize_content = true; /* do not rely on params below */ @@ -197,7 +198,7 @@ class API extends Handler { $headlines = api_get_headlines($this->link, $feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, false, $include_attachments, $since_id, $search, $search_mode, $match_on, - $include_nested); + $include_nested, $sanitize_content); print $this->wrap(self::STATUS_OK, $headlines); } else { -- cgit v1.2.3