diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2025-08-11 00:52:09 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2025-08-11 00:52:09 +0200 |
| commit | eaf69f591f8cf71319060c97da1aeddcd3a853cf (patch) | |
| tree | 041c88a481e3cac38b7709ada3356c3a2d3cfd39 | |
| parent | 2b85a50ed72982ab0c0f9ef98c7ed1e15f21bf5f (diff) | |
SimplePie Fix regex backtrack limit in clean_hash() (#7813)
https://github.com/FreshRSS/simplepie/pull/48
and merge upstream https://github.com/FreshRSS/simplepie/pull/49
fix https://github.com/FreshRSS/FreshRSS/issues/7807
We had a risk of hitting `Backtrack limit was exhausted` in case of open XML comment `<!--` not closed and followed by a very long document.
Fixed by:
* Limiting the max length of the comment
* Stopping at an apparent end of CDATA section `]]>` as it is likely an error
It does not matter much if there are rare cases when the regex does not work perfectly, as it is only used for a cache hint.
| -rw-r--r-- | lib/composer.json | 2 | ||||
| -rw-r--r-- | lib/simplepie/simplepie/phpstan.dist.neon (renamed from lib/simplepie/simplepie/phpstan.neon.dist) | 0 | ||||
| -rw-r--r-- | lib/simplepie/simplepie/src/SimplePie.php | 2 |
3 files changed, 2 insertions, 2 deletions
diff --git a/lib/composer.json b/lib/composer.json index 8c62f66ee..b0b4dd1cf 100644 --- a/lib/composer.json +++ b/lib/composer.json @@ -14,7 +14,7 @@ "marienfressinaud/lib_opml": "0.5.1", "phpgt/cssxpath": "v1.3.0", "phpmailer/phpmailer": "6.10.0", - "simplepie/simplepie": "dev-freshrss#3cdee69fde431e6b461b87413177a791c2018098" + "simplepie/simplepie": "dev-freshrss#dcaa720d3d8bc8202333f569c4cddb4a407dc213" }, "config": { "sort-packages": true, diff --git a/lib/simplepie/simplepie/phpstan.neon.dist b/lib/simplepie/simplepie/phpstan.dist.neon index da1d19fc6..da1d19fc6 100644 --- a/lib/simplepie/simplepie/phpstan.neon.dist +++ b/lib/simplepie/simplepie/phpstan.dist.neon diff --git a/lib/simplepie/simplepie/src/SimplePie.php b/lib/simplepie/simplepie/src/SimplePie.php index b351b1215..47886305b 100644 --- a/lib/simplepie/simplepie/src/SimplePie.php +++ b/lib/simplepie/simplepie/src/SimplePie.php @@ -1695,7 +1695,7 @@ class SimplePie [ '#<(lastBuildDate|pubDate|updated|feedDate|dc:date|slash:comments)>[^<]+</\\1>#', '#<(media:starRating|media:statistics) [^/<>]+/>#', - '#<!--.+?-->#s', + '#<!--.{,8192}?(-->|(?=]]>))#s', // XML comments up to a max length and stops at apparent end of CDATA section ], '', $stream_data |