opml: add some data length limiting

diff --git a/classes/opml.php b/classes/opml.php
index 4c188de5e0b8d9e9bb3e068ca92b96fc44b2d8c3..7a49f757c12c474dbe238004c444717a8a3446f8 100644 (file)
--- a/classes/opml.php
+++ b/classes/opml.php
@@ -253,13 +253,13 @@ class Opml extends Handler_Protected {
        private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
                $attrs = $node->attributes;
 
-               $feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
-               if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
+               $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
+               if (!$feed_title) $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
 
-               $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
-               if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue);
+               $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
+               if (!$feed_url) $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
 
-               $site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue);
+               $site_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
 
                if ($feed_url && $feed_title) {
                        $result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
@@ -386,10 +386,10 @@ class Opml extends Handler_Protected {
                $default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
 
                if ($root_node) {
-                       $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue);
+                       $cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
 
                        if (!$cat_title)
-                               $cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue);
+                               $cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
 
                        if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
                                $cat_id = get_feed_category($this->link, $cat_title, $parent_id);

diff --git a/include/functions.php b/include/functions.php
index a559ed1daad3f253cc53fa4eb01d38b6e685a65f..d321dc2ed35c08ceabdd9f7404d936b90d741156 100644 (file)
--- a/include/functions.php
+++ b/include/functions.php
@@ -3406,6 +3406,8 @@
                        $parent_insert = "NULL";
                }
 
+               $feed_cat = mb_substr($feed_cat, 0, 250);
+
                $result = db_query($link,
                        "SELECT id FROM ttrss_feed_categories
                        WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);