From: Andrew Dolgov Date: Sun, 16 Dec 2012 09:38:50 +0000 (+0400) Subject: update: feed escaping issue X-Git-Tag: 1.6.2~1 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=2bbd6994753d25e6118de3916e07336ef622b2b9;p=tt-rss.git update: feed escaping issue --- diff --git a/include/rssfuncs.php b/include/rssfuncs.php index 1b39efec..eaa975a5 100644 --- a/include/rssfuncs.php +++ b/include/rssfuncs.php @@ -631,7 +631,6 @@ print "\n"; } - $entry_content_unescaped = $entry_content; $entry_cached_content = ""; if ($use_simplepie) { @@ -675,10 +674,6 @@ $result = db_query($link, "SELECT id FROM ttrss_entries WHERE guid = '$entry_guid'"); - $entry_content = db_escape_string($entry_content, false); - - $entry_title = db_escape_string($entry_title); - $entry_link = db_escape_string($entry_link); $entry_comments = mb_substr(db_escape_string($entry_comments), 0, 250); $entry_author = mb_substr($entry_author, 0, 250); @@ -762,7 +757,7 @@ $entry_tags = null; preg_match_all("/([^<]+)<\/a>/i", - $entry_content_unescaped, $entry_tags); + $entry_content, $entry_tags); $entry_tags = $entry_tags[1]; @@ -804,6 +799,11 @@ $entry_author = $article["author"]; } + $entry_content = db_escape_string($entry_content, false); + $entry_title = db_escape_string($entry_title); + $entry_author = db_escape_string($entry_author); + $entry_link = db_escape_string($entry_link); + $content_hash = "SHA1:" . sha1(strip_tags($entry_content)); db_query($link, "BEGIN");