From: Andrew Dolgov Date: Sat, 19 May 2007 07:34:21 +0000 (+0100) Subject: use tagwall instead of strip_tags to sanitize RSS content X-Git-Tag: 1.2.11~14 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=f738aef16d978efd396bf45b25d0d522d86b46ba;p=tt-rss.git use tagwall instead of strip_tags to sanitize RSS content --- diff --git a/functions.php b/functions.php index 0336602e..5c098fa1 100644 --- a/functions.php +++ b/functions.php @@ -48,6 +48,12 @@ require_once "magpierss/rss_fetch.inc"; require_once 'magpierss/rss_utils.inc'; + include_once "tw/tw-config.php"; + include_once "tw/tw.php"; + include_once TW_SETUP . "paranoya.php"; + + $tw_parser = new twParser(); + function _debug($msg) { $ts = strftime("%H:%M:%S", time()); print "[$ts] $msg\n"; @@ -2650,11 +2656,39 @@ } } + // http://ru2.php.net/strip-tags + + function strip_tags_long($textstring, $allowed){ + while($textstring != strip_tags($textstring, $allowed)) + { + while (strlen($textstring) != 0) + { + if (strlen($textstring) > 1024) { + $otherlen = 1024; + } else { + $otherlen = strlen($textstring); + } + $temptext = strip_tags(substr($textstring,0,$otherlen), $allowed); + $safetext .= $temptext; + $textstring = substr_replace($textstring,'',0,$otherlen); + } + $textstring = $safetext; + } + return $textstring; + } + + function sanitize_rss($link, $str, $force_strip_tags = false) { $res = $str; if (get_pref($link, "STRIP_UNSAFE_TAGS") || $force_strip_tags) { - $res = strip_tags($res, "


"); + global $tw_parser; + global $tw_paranoya_setup; + + $res = $tw_parser->strip_tags($res, $tw_paranoya_setup); + +// $res = preg_replace("/\r\n|\n|\r/", "", $res); +// $res = strip_tags_long($res, "


"); } return $res;