blallo/tt-rss
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

opml: add some data length limiting

Browse source
This commit is contained in:
Andrew Dolgov 2013-04-02 09:03:35 +04:00
parent 0671359f28
commit 129562e0b1
2 changed files with 9 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

14
classes/opml.php
View file

@ -253,13 +253,13 @@ class Opml extends Handler_Protected {
private function opml_import_feed($doc, $node, $cat_id, $owner_uid) {
$attrs = $node->attributes;
$feed_title = db_escape_string($this->link, $attrs->getNamedItem('text')->nodeValue);
if (!$feed_title) $feed_title = db_escape_string($this->link, $attrs->getNamedItem('title')->nodeValue);
$feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('text')->nodeValue, 0, 250));
if (!$feed_title) $feed_title = db_escape_string($this->link, mb_substr($attrs->getNamedItem('title')->nodeValue, 0, 250));
$feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlUrl')->nodeValue);
if (!$feed_url) $feed_url = db_escape_string($this->link, $attrs->getNamedItem('xmlURL')->nodeValue);
$feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlUrl')->nodeValue, 0, 250));
if (!$feed_url) $feed_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('xmlURL')->nodeValue, 0, 250));
$site_url = db_escape_string($this->link, $attrs->getNamedItem('htmlUrl')->nodeValue);
$site_url = db_escape_string($this->link, mb_substr($attrs->getNamedItem('htmlUrl')->nodeValue, 0, 250));
if ($feed_url && $feed_title) {
$result = db_query($this->link, "SELECT id FROM ttrss_feeds WHERE
@ -386,10 +386,10 @@ class Opml extends Handler_Protected {
$default_cat_id = (int) get_feed_category($this->link, 'Imported feeds', false);
if ($root_node) {
$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('text')->nodeValue);
$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('text')->nodeValue, 0, 250));
if (!$cat_title)
$cat_title = db_escape_string($this->link, $root_node->attributes->getNamedItem('title')->nodeValue);
$cat_title = db_escape_string($this->link, mb_substr($root_node->attributes->getNamedItem('title')->nodeValue, 0, 250));
if (!in_array($cat_title, array("tt-rss-filters", "tt-rss-labels", "tt-rss-prefs"))) {
$cat_id = get_feed_category($this->link, $cat_title, $parent_id);

2
include/functions.php
View file

@ -3406,6 +3406,8 @@
$parent_insert = "NULL";
}
$feed_cat = mb_substr($feed_cat, 0, 250);
$result = db_query($link,
"SELECT id FROM ttrss_feed_categories
WHERE $parent_qpart AND title = '$feed_cat' AND owner_uid = ".$_SESSION["uid"]);