diff options
| author |  Alexandre Alapetite <alexandre@alapetite.fr>
| 2019-11-11 19:48:45 +0100 |
|---|---|---|
| committer |  GitHub <noreply@github.com>
| 2019-11-11 19:48:45 +0100 |
| commit | bec75664293047267c8ab5dd6967d78bcdbbf8ff (patch) | |
| tree | c3974ba75d8c826cbcb13bdb57e0c8dafd2191a9 /app/Models/EntryDAO.php | |
| parent | 6fb60d470aaa3c1e62dc1a61f786abdd6e428106 (diff) | |
Sanitize UTF-8 before commiting entries (#2649)
Fix https://github.com/FreshRSS/FreshRSS/issues/2645
Diffstat (limited to 'app/Models/EntryDAO.php')
| -rw-r--r-- | app/Models/EntryDAO.php | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/app/Models/EntryDAO.php b/app/Models/EntryDAO.php index 99e99f463..d149cfd8b 100644 --- a/app/Models/EntryDAO.php +++ b/app/Models/EntryDAO.php @@ -99,9 +99,12 @@ SQL; $valuesTmp['guid'] = safe_ascii($valuesTmp['guid']); $this->addEntryPrepared->bindParam(':guid', $valuesTmp['guid']); $valuesTmp['title'] = mb_strcut($valuesTmp['title'], 0, 255, 'UTF-8'); + $valuesTmp['title'] = safe_utf8($valuesTmp['title']); $this->addEntryPrepared->bindParam(':title', $valuesTmp['title']); $valuesTmp['author'] = mb_strcut($valuesTmp['author'], 0, 255, 'UTF-8'); + $valuesTmp['author'] = safe_utf8($valuesTmp['author']); $this->addEntryPrepared->bindParam(':author', $valuesTmp['author']); + $valuesTmp['content'] = safe_utf8($valuesTmp['content']); $this->addEntryPrepared->bindParam(':content', $valuesTmp['content']); $valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023); $valuesTmp['link'] = safe_ascii($valuesTmp['link']); @@ -117,6 +120,7 @@ SQL; $this->addEntryPrepared->bindParam(':is_favorite', $valuesTmp['is_favorite'], PDO::PARAM_INT); $this->addEntryPrepared->bindParam(':id_feed', $valuesTmp['id_feed'], PDO::PARAM_INT); $valuesTmp['tags'] = mb_strcut($valuesTmp['tags'], 0, 1023, 'UTF-8'); + $valuesTmp['tags'] = safe_utf8($valuesTmp['tags']); $this->addEntryPrepared->bindParam(':tags', $valuesTmp['tags']); if ($this->hasNativeHex()) { @@ -186,11 +190,15 @@ SQL; } $valuesTmp['guid'] = substr($valuesTmp['guid'], 0, 760); + $valuesTmp['guid'] = safe_ascii($valuesTmp['guid']); $this->updateEntryPrepared->bindParam(':guid', $valuesTmp['guid']); $valuesTmp['title'] = mb_strcut($valuesTmp['title'], 0, 255, 'UTF-8'); + $valuesTmp['title'] = safe_utf8($valuesTmp['title']); $this->updateEntryPrepared->bindParam(':title', $valuesTmp['title']); $valuesTmp['author'] = mb_strcut($valuesTmp['author'], 0, 255, 'UTF-8'); + $valuesTmp['author'] = safe_utf8($valuesTmp['author']); $this->updateEntryPrepared->bindParam(':author', $valuesTmp['author']); + $valuesTmp['content'] = safe_utf8($valuesTmp['content']); $this->updateEntryPrepared->bindParam(':content', $valuesTmp['content']); $valuesTmp['link'] = substr($valuesTmp['link'], 0, 1023); $valuesTmp['link'] = safe_ascii($valuesTmp['link']); @@ -203,6 +211,7 @@ SQL; } $this->updateEntryPrepared->bindParam(':id_feed', $valuesTmp['id_feed'], PDO::PARAM_INT); $valuesTmp['tags'] = mb_strcut($valuesTmp['tags'], 0, 1023, 'UTF-8'); + $valuesTmp['tags'] = safe_utf8($valuesTmp['tags']); $this->updateEntryPrepared->bindParam(':tags', $valuesTmp['tags']); if ($this->hasNativeHex()) { |