sanitize title/comments/link too
This commit is contained in:
Andrew Dolgov
parent
b1524dc605
commit
183ad07bc2
1 changed files with 16 additions and 5 deletions
|
|
@ -531,11 +531,11 @@
|
|||
}
|
||||
|
||||
# sanitize content
|
||||
$entry_content = preg_replace('/<script.*?>/i',
|
||||
"<p class=\"scriptWarn\">", $entry_content);
|
||||
|
||||
$entry_content = preg_replace('/<\/script>/i',
|
||||
"</p>", $entry_content);
|
||||
|
||||
$entry_content = sanitize_rss($entry_content);
|
||||
$entry_title = sanitize_rss($entry_title);
|
||||
$entry_link = sanitize_rss($entry_link);
|
||||
$entry_comments = sanitize_rss($entry_comments);
|
||||
|
||||
db_query($link, "BEGIN");
|
||||
|
||||
|
|
@ -2309,4 +2309,15 @@
|
|||
}
|
||||
}
|
||||
|
||||
function sanitize_rss($str) {
|
||||
$res = "";
|
||||
|
||||
$res = preg_replace('/<script.*?>/i',
|
||||
"<p class=\"scriptWarn\">", $str);
|
||||
|
||||
$res = preg_replace('/<\/script>/i',
|
||||
"</p>", $res);
|
||||
|
||||
return $res;
|
||||
}
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in a new issue