}
+ function iframe_whitelisted($entry) {
+ $whitelist = array("youtube.com", "youtu.be", "vimeo.com");
+
+ @$src = parse_url($entry->getAttribute("src"), PHP_URL_HOST);
+
+ if ($src) {
+ foreach ($whitelist as $w) {
+ if ($src == $w || $src == "www.$w")
+ return true;
+ }
+ }
+
+ return false;
+ }
+
function sanitize($str, $force_remove_images = false, $owner = false, $site_url = false, $highlight_words = false, $article_id = false) {
if (!$owner) $owner = $_SESSION["uid"];
$entries = $xpath->query('//iframe');
foreach ($entries as $entry) {
- $entry->setAttribute('sandbox', 'allow-scripts');
+ if (!iframe_whitelisted($entry)) {
+ $entry->setAttribute('sandbox', 'allow-scripts');
+ }
}
}
function getLastArticleId() {
- $result = db_query("SELECT MAX(ref_id) AS id FROM ttrss_user_entries
- WHERE owner_uid = " . $_SESSION["uid"]);
+ $result = db_query("SELECT ref_id AS id FROM ttrss_user_entries
+ WHERE owner_uid = " . $_SESSION["uid"] . " ORDER BY ref_id DESC LIMIT 1");
if (db_num_rows($result) == 1) {
return db_fetch_result($result, 0, "id");
curl_setopt($curl, CURLOPT_PROXY, _CURL_HTTP_PROXY);
}
- if ((OPENSSL_VERSION_NUMBER >= 0x0090808f) && (OPENSSL_VERSION_NUMBER < 0x10000000)) {
- curl_setopt($curl, CURLOPT_SSLVERSION, 3);
- }
-
$html = curl_exec($curl);
$status = curl_getinfo($curl);
if($status['http_code']!=200){
- // idiot site not allowing http get
+ // idiot site not allowing http head
if($status['http_code'] == 405) {
curl_close($curl);
return geturl($url, $depth +1, false);
return LABEL_BASE_INDEX - 1 + abs($feed);
}
- function format_libxml_error($error) {
- return T_sprintf("LibXML error %s at line %d (column %d): %s",
- $error->code, $error->line, $error->column,
- $error->message);
- }
?>