From 5897487f2f29cd3f29b538919c57988f118461e7 Mon Sep 17 00:00:00 2001 From: Alexandre Alapetite Date: Mon, 7 Nov 2022 08:34:12 +0100 Subject: Fix path_entries encoding (#4823) * Fix path_entries encoding #fix https://github.com/FreshRSS/FreshRSS/issues/4815 * Fix preview --- app/Controllers/feedController.php | 4 ++-- app/Models/Category.php | 1 + app/Models/Entry.php | 5 +++-- app/Models/Feed.php | 5 +++++ app/Services/ImportService.php | 2 +- app/views/helpers/export/opml.phtml | 2 +- 6 files changed, 13 insertions(+), 6 deletions(-) diff --git a/app/Controllers/feedController.php b/app/Controllers/feedController.php index 09b5ed88c..319faece8 100755 --- a/app/Controllers/feedController.php +++ b/app/Controllers/feedController.php @@ -934,13 +934,13 @@ class FreshRSS_feed_Controller extends FreshRSS_ActionController { } $attributes = $feed->attributes(); - $attributes['path_entries_filter'] = trim(Minz_Request::param('selector_filter', '')); + $attributes['path_entries_filter'] = trim(Minz_Request::param('selector_filter', '', true)); //Fetch & select content. try { $fullContent = FreshRSS_Entry::getContentByParsing( htmlspecialchars_decode($entry->link(), ENT_QUOTES), - $content_selector, + htmlspecialchars_decode($content_selector, ENT_QUOTES), $attributes ); diff --git a/app/Models/Category.php b/app/Models/Category.php index e5da764d3..c4ca12fd3 100644 --- a/app/Models/Category.php +++ b/app/Models/Category.php @@ -54,6 +54,7 @@ class FreshRSS_Category extends Minz_Model { public function kind(): int { return $this->kind; } + /** @return string HTML-encoded name of the category */ public function name(): string { return $this->name; } diff --git a/app/Models/Entry.php b/app/Models/Entry.php index 12cef68a5..47fcf3b4a 100644 --- a/app/Models/Entry.php +++ b/app/Models/Entry.php @@ -184,6 +184,7 @@ class FreshRSS_Entry extends Minz_Model { return null; } + /** @return string HTML-encoded link of the entry */ public function link(): string { return $this->link; } @@ -589,10 +590,10 @@ class FreshRSS_Entry extends Minz_Model { $this->content = $entry->content(); } else { try { - // l’article n’est pas en BDD, on va le chercher sur le site + // The article is not yet in the database, so let’s fetch it $fullContent = self::getContentByParsing( htmlspecialchars_decode($this->link(), ENT_QUOTES), - $feed->pathEntries(), + htmlspecialchars_decode($feed->pathEntries(), ENT_QUOTES), $feed->attributes() ); if ('' !== $fullContent) { diff --git a/app/Models/Feed.php b/app/Models/Feed.php index 32b22edf2..f24ec1884 100644 --- a/app/Models/Feed.php +++ b/app/Models/Feed.php @@ -145,6 +145,7 @@ class FreshRSS_Feed extends Minz_Model { public function name($raw = false): string { return $raw || $this->name != '' ? $this->name : preg_replace('%^https?://(www[.])?%i', '', $this->url); } + /** @return string HTML-encoded URL of the Web site of the feed */ public function website(): string { return $this->website; } @@ -157,6 +158,7 @@ class FreshRSS_Feed extends Minz_Model { public function priority(): int { return $this->priority; } + /** @return string HTML-encoded CSS selector */ public function pathEntries(): string { return $this->pathEntries; } @@ -192,6 +194,7 @@ class FreshRSS_Feed extends Minz_Model { return $this->ttl; } + /** @return mixed attribute (if $key is not blank) or array of attributes, not HTML-encoded */ public function attributes($key = '') { if ($key == '') { return $this->attributes; @@ -301,6 +304,7 @@ class FreshRSS_Feed extends Minz_Model { public function _priority($value) { $this->priority = intval($value); } + /** @param string $value HTML-encoded CSS selector */ public function _pathEntries(string $value) { $this->pathEntries = $value; } @@ -320,6 +324,7 @@ class FreshRSS_Feed extends Minz_Model { $this->mute = $value < self::TTL_DEFAULT; } + /** @param mixed $value Value, not HTML-encoded */ public function _attributes(string $key, $value) { if ($key == '') { if (is_string($value)) { diff --git a/app/Services/ImportService.php b/app/Services/ImportService.php index a4ef547ba..28286a753 100644 --- a/app/Services/ImportService.php +++ b/app/Services/ImportService.php @@ -165,7 +165,7 @@ class FreshRSS_Import_Service { foreach ($feed_elt as $key => $value) { if (is_array($value) && !empty($value['value']) && ($value['namespace'] ?? '') === FreshRSS_Export_Service::FRSS_NAMESPACE) { switch ($key) { - case 'cssFullContent': $feed->_pathEntries($value['value']); break; + case 'cssFullContent': $feed->_pathEntries(Minz_Helper::htmlspecialchars_utf8($value['value'])); break; case 'cssFullContentFilter': $feed->_attributes('path_entries_filter', $value['value']); break; case 'filtersActionRead': $feed->_filtersAction('read', preg_split('/[\n\r]+/', $value['value'])); break; case 'xPathItem': $xPathSettings['item'] = $value['value']; break; diff --git a/app/views/helpers/export/opml.phtml b/app/views/helpers/export/opml.phtml index 1ee030cdf..d97641fd2 100644 --- a/app/views/helpers/export/opml.phtml +++ b/app/views/helpers/export/opml.phtml @@ -40,7 +40,7 @@ function feedsToOutlines($feeds, $excludeMutedFeeds = false): array { $outline['frss:filtersActionRead'] = ['namespace' => FreshRSS_Export_Service::FRSS_NAMESPACE, 'value' => $filters]; } if ($feed->pathEntries() != '') { - $outline['frss:cssFullContent'] = ['namespace' => FreshRSS_Export_Service::FRSS_NAMESPACE, 'value' => $feed->pathEntries()]; + $outline['frss:cssFullContent'] = ['namespace' => FreshRSS_Export_Service::FRSS_NAMESPACE, 'value' => htmlspecialchars_decode($feed->pathEntries(), ENT_QUOTES)]; } if ($feed->attributes('path_entries_filter') != '') { $outline['frss:cssFullContentFilter'] = ['namespace' => FreshRSS_Export_Service::FRSS_NAMESPACE, 'value' => $feed->attributes('path_entries_filter')]; -- cgit v1.2.3