From: Andrew Dolgov <fox@bah.spb.su>
Date: Sat, 5 Aug 2006 12:07:21 +0000 (+0100)
Subject: sanitize title/comments/link too
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=183ad07bc2625534a7964f7ee75a7e6dd461b5c3;p=tt-rss.git

sanitize title/comments/link too
---

diff --git a/functions.php b/functions.php
index 133a8ccf..d1212499 100644
--- a/functions.php
+++ b/functions.php
@@ -531,11 +531,11 @@
 				}
 
 				# sanitize content
-				$entry_content = preg_replace('/<script.*?>/i', 
-					"<p class=\"scriptWarn\">", $entry_content);
-
-				$entry_content = preg_replace('/<\/script>/i', 
-					"</p>", $entry_content);
+				
+				$entry_content = sanitize_rss($entry_content);
+				$entry_title = sanitize_rss($entry_title);
+				$entry_link = sanitize_rss($entry_link);
+				$entry_comments = sanitize_rss($entry_comments);
 
 				db_query($link, "BEGIN");
 
@@ -2309,4 +2309,15 @@
 		}
 	}
 
+	function sanitize_rss($str) {
+		$res = "";
+
+		$res = preg_replace('/<script.*?>/i', 
+					"<p class=\"scriptWarn\">", $str);
+
+		$res = preg_replace('/<\/script>/i', 
+			"</p>", $res);
+
+		return $res;
+	}
 ?>