From db9e00e3395437258536df6cc8320627f873202e Mon Sep 17 00:00:00 2001 From: Andrew Dolgov Date: Mon, 29 Oct 2012 16:01:41 +0400 Subject: [PATCH] api: sanitize article content --- classes/api.php | 3 ++- include/functions.php | 10 ++++++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/classes/api.php b/classes/api.php index 744e67ce..6e5ed4aa 100644 --- a/classes/api.php +++ b/classes/api.php @@ -187,6 +187,7 @@ class API extends Handler { $include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]); $since_id = (int)db_escape_string($_REQUEST["since_id"]); $include_nested = (bool)db_escape_string($_REQUEST["include_nested"]); + $sanitize_content = true; /* do not rely on params below */ @@ -197,7 +198,7 @@ class API extends Handler { $headlines = api_get_headlines($this->link, $feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, false, $include_attachments, $since_id, $search, $search_mode, $match_on, - $include_nested); + $include_nested, $sanitize_content); print $this->wrap(self::STATUS_OK, $headlines); } else { diff --git a/include/functions.php b/include/functions.php index 7a5211b5..263d9d8f 100644 --- a/include/functions.php +++ b/include/functions.php @@ -4585,7 +4585,8 @@ function api_get_headlines($link, $feed_id, $limit, $offset, $filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order, $include_attachments, $since_id, - $search = "", $search_mode = "", $match_on = "", $include_nested = false) { + $search = "", $search_mode = "", $match_on = "", + $include_nested = false, $sanitize_content = true) { $qfh_ret = queryFeedHeadlines($link, $feed_id, $limit, $view_mode, $is_cat, $search, $search_mode, $match_on, @@ -4629,7 +4630,12 @@ } if ($show_content) { - $headline_row["content"] = $line["content_preview"]; + if ($sanitize_content) { + $headline_row["content"] = sanitize($link, + $line["content_preview"], false, false, $line["site_url"]); + } else { + $headline_row["content"] = $line["content_preview"]; + } } // unify label output to ease parsing -- 2.39.5