From: JustAMacUser <donotreply@example.org>
Date: Mon, 23 Nov 2015 19:25:04 +0000 (-0500)
Subject: Add optional (default: true), boolean "sanitize" parameter to API::getArticle() method.
X-Git-Tag: 16.3~93^2
X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=73c77ab0a5d4ac714abf09f9730b75556481bb88;p=tt-rss.git

Add optional (default: true), boolean "sanitize" parameter to API::getArticle() method.
---

diff --git a/classes/api.php b/classes/api.php
old mode 100755
new mode 100644
index dfe9ef6c..c3ea627f
--- a/classes/api.php
+++ b/classes/api.php
@@ -2,7 +2,7 @@
 
 class API extends Handler {
 
-	const API_LEVEL  = 12;
+	const API_LEVEL  = 13;
 
 	const STATUS_OK  = 0;
 	const STATUS_ERR = 1;
@@ -325,13 +325,17 @@ class API extends Handler {
 	function getArticle() {
 
 		$article_id = join(",", array_filter(explode(",", $this->dbh->escape_string($_REQUEST["article_id"])), is_numeric));
+		$sanitize_content = !isset($_REQUEST["sanitize"]) ||
+			sql_bool_to_bool($_REQUEST["sanitize"]);
 
 		if ($article_id) {
 
 			$query = "SELECT id,title,link,content,feed_id,comments,int_id,
 				marked,unread,published,score,note,lang,
 				".SUBSTRING_FOR_DATE."(updated,1,16) as updated,
-				author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title
+				author,(SELECT title FROM ttrss_feeds WHERE id = feed_id) AS feed_title,
+				(SELECT site_url FROM ttrss_feeds WHERE id = feed_id) AS site_url,
+				(SELECT hide_images FROM ttrss_feeds WHERE id = feed_id) AS hide_images
 				FROM ttrss_entries,ttrss_user_entries
 				WHERE	id IN ($article_id) AND ref_id = id AND owner_uid = " .
 					$_SESSION["uid"] ;
@@ -357,7 +361,6 @@ class API extends Handler {
 						"comments" => $line["comments"],
 						"author" => $line["author"],
 						"updated" => (int) strtotime($line["updated"]),
-						"content" => $line["content"],
 						"feed_id" => $line["feed_id"],
 						"attachments" => $attachments,
 						"score" => (int)$line["score"],
@@ -366,6 +369,15 @@ class API extends Handler {
 						"lang" => $line["lang"]
 					);
 
+					if ($sanitize_content) {
+						$article["content"] = sanitize(
+							$line["content"],
+							sql_bool_to_bool($line['hide_images']),
+							false, $line["site_url"], false, $line["id"]);
+					} else {
+						$article["content"] = $line["content"];
+					}
+
 					foreach (PluginHost::getInstance()->get_hooks(PluginHost::HOOK_RENDER_ARTICLE_API) as $p) {
 						$article = $p->hook_render_article_api(array("article" => $article));
 					}