Merge branch 'feature/feedparser-tweaks' into 'master'

Disallow subscribing if feed content is invalid See merge request tt-rss/tt-rss!163
author: Andrew Dolgov <fox@fakecake.org> 2025-07-07 07:38:21 +0300
committer: Andrew Dolgov <fox@fakecake.org> 2025-07-07 07:38:21 +0300
commit: da4b886f085fdc77c5e6d4c2543578f7b1c2041a (patch)
tree: 87c3df624b1f3e71500b6109645d491faf310d6e /classes/Feeds.php
parent: 46e05583a991f2d3355cbd062d9932ccee1ea25a (diff)
parent: 0cd788220d9e261d5bb540dab05cf58b55d94109 (diff)
1 files changed, 6 insertions, 1 deletions
diff --git a/classes/Feeds.php b/classes/Feeds.php
index 1900b40f1..e76044060 100644
--- a/classes/Feeds.php
+++ b/classes/Feeds.php
@@ -999,7 +999,7 @@ class Feeds extends Handler_Protected {
 	 *     Here you should call extractfeedurls in rpc-backend
 	 *     to get all possible feeds.
 	 * 5 - Couldn't download the URL content.
-	 * 6 - currently unused
+	 * 6 - Feed parsing failure (invalid content)
 	 * 7 - Error while creating feed database entry.
 	 * 8 - Permission denied (ACCESS_LEVEL_READONLY).
 	 */
@@ -1059,6 +1059,11 @@ class Feeds extends Handler_Protected {
 			$url = key($feedUrls);
 		}
 
+		// Don't allow subscribing if the content is invalid
+		$fp = new FeedParser($contents);
+		if ($fp->error() || $fp->get_type() === FeedParser::FEED_UNKNOWN)
+			return ['code' => 6, 'message' => truncate_string(clean($contents), 250, '…')];
+
 		$feed = ORM::for_table('ttrss_feeds')
 			->where('feed_url', $url)
 			->where('owner_uid', $_SESSION['uid'])
author	Andrew Dolgov <fox@fakecake.org>	2025-07-07 07:38:21 +0300
committer	Andrew Dolgov <fox@fakecake.org>	2025-07-07 07:38:21 +0300
commit	da4b886f085fdc77c5e6d4c2543578f7b1c2041a (patch)
tree	87c3df624b1f3e71500b6109645d491faf310d6e /classes/Feeds.php
parent	46e05583a991f2d3355cbd062d9932ccee1ea25a (diff)
parent	0cd788220d9e261d5bb540dab05cf58b55d94109 (diff)