diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2020-10-11 13:32:23 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2020-10-11 13:32:23 +0200 |
| commit | f33e2611632bf6f28948a9351dbd4e981643e4cc (patch) | |
| tree | 68f7bbd9fd05a3b8947ef3015c24d831aa110532 | |
| parent | 191cda42e6b0fde9959b832d24b23ee0bf82c7ed (diff) | |
Fix sanitize feed description (#3222)
* Fix sanitize feed description
#fix https://github.com/FreshRSS/FreshRSS/issues/3221
* Simplification
| -rw-r--r-- | app/Models/FeedDAO.php | 2 | ||||
| -rw-r--r-- | app/views/helpers/feed/update.phtml | 2 | ||||
| -rw-r--r-- | lib/lib_rss.php | 15 |
3 files changed, 14 insertions, 5 deletions
diff --git a/app/Models/FeedDAO.php b/app/Models/FeedDAO.php index 61f93d0b7..2b2b3c0ec 100644 --- a/app/Models/FeedDAO.php +++ b/app/Models/FeedDAO.php @@ -62,7 +62,7 @@ class FreshRSS_FeedDAO extends Minz_ModelPdo implements FreshRSS_Searchable { $valuesTmp['category'], mb_strcut(trim($valuesTmp['name']), 0, FreshRSS_DatabaseDAO::LENGTH_INDEX_UNICODE, 'UTF-8'), substr($valuesTmp['website'], 0, 255), - mb_strcut($valuesTmp['description'], 0, 1023, 'UTF-8'), + sanitizeHTML($valuesTmp['description'], '', 1023), $valuesTmp['lastUpdate'], isset($valuesTmp['priority']) ? intval($valuesTmp['priority']) : FreshRSS_Feed::PRIORITY_MAIN_STREAM, mb_strcut($valuesTmp['pathEntries'], 0, 511, 'UTF-8'), diff --git a/app/views/helpers/feed/update.phtml b/app/views/helpers/feed/update.phtml index 7576b1fda..002298b06 100644 --- a/app/views/helpers/feed/update.phtml +++ b/app/views/helpers/feed/update.phtml @@ -7,7 +7,7 @@ <a href="<?= _url('stats', 'repartition', 'id', $this->feed->id()) ?>"><?= _i('stats') ?> <?= _t('sub.feed.stats') ?></a> </div> - <p><?= $this->feed->description() ?></p> + <p><?= sanitizeHTML($this->feed->description()) ?></p> <?php $nbEntries = $this->feed->nbEntries(); ?> diff --git a/lib/lib_rss.php b/lib/lib_rss.php index 5c0a8a2bf..64f12c633 100644 --- a/lib/lib_rss.php +++ b/lib/lib_rss.php @@ -241,16 +241,25 @@ function customSimplePie($attributes = array()) { return $simplePie; } -function sanitizeHTML($data, $base = '') { - if (!is_string($data)) { +function sanitizeHTML($data, $base = '', $maxLength = false) { + if (!is_string($data) || ($maxLength !== false && $maxLength <= 0)) { return ''; } + if ($maxLength !== false) { + $data = mb_strcut($data, 0, $maxLength, 'UTF-8'); + } static $simplePie = null; if ($simplePie == null) { $simplePie = customSimplePie(); $simplePie->init(); } - return html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base)); + $result = html_only_entity_decode($simplePie->sanitize->sanitize($data, SIMPLEPIE_CONSTRUCT_HTML, $base)); + if ($maxLength !== false && strlen($result) > $maxLength) { + //Sanitizing has made the result too long so try again shorter + $data = mb_strcut($result, 0, (2 * $maxLength) - strlen($result) - 2, 'UTF-8'); + return sanitizeHTML($data, $base, $maxLength); + } + return $result; } /** |