From b3682750bb59382681dafda3776e9e100e39d4e2 Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 29 Oct 2012 12:17:28 +0400 Subject: Revert "sanitize article content when importing data from feed" This reverts commit c7fe1b4e9e392e0b9ffa55151c43ea7e2e2ee709. Conflicts: include/functions.php include/rssfuncs.php --- include/functions.php | 9 ++++++++- include/rssfuncs.php | 4 ++-- 2 files changed, 10 insertions(+), 3 deletions(-) (limited to 'include') diff --git a/include/functions.php b/include/functions.php index 2994dd438..7a5211b5a 100644 --- a/include/functions.php +++ b/include/functions.php @@ -2686,7 +2686,7 @@ } - function sanitize($link, $str, $owner = false, $site_url = false) { + function sanitize($link, $str, $force_strip_tags = false, $owner = false, $site_url = false) { if (!$owner) $owner = $_SESSION["uid"]; $res = trim($str); if (!$res) return ''; @@ -3626,6 +3626,13 @@ } } // function encrypt_password + function sanitize_article_content($text) { + # we don't support CDATA sections in articles, they break our own escaping + $text = preg_replace("/\[\[CDATA/", "", $text); + $text = preg_replace("/\]\]\>/", "", $text); + return db_escape_string($text, false); + } + function load_filters($link, $feed_id, $owner_uid, $action_id = false) { $filters = array(); diff --git a/include/rssfuncs.php b/include/rssfuncs.php index e413743b6..fbe671ca4 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -770,8 +770,8 @@ } # sanitize content - $entry_content = db_escape_string(sanitize($link, $entry_content, $owner_uid, $site_url)); - $entry_title = db_escape_string(strip_tags($entry_title)); + $entry_content = sanitize_article_content($entry_content); + $entry_title = sanitize_article_content($entry_title); if ($debug_enabled) { _debug("update_rss_feed: done collecting data [TITLE:$entry_title]"); -- cgit v1.2.3-54-g00ecf