diff options
| author | Dries Buytaert <dries@buytaert.net> | 2006-02-22 10:13:42 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2006-02-22 10:13:42 +0000 |
| commit | c48278229b7e2ee31575b7d9f3fd30598346c941 (patch) | |
| tree | 69fa47fad63ff7c48d9ad9b2c91cdbc80591251c /modules/aggregator | |
| parent | 347a5bb5f642573fcc8567a4bbdca18ad50265f3 (diff) | |
| download | brdo-c48278229b7e2ee31575b7d9f3fd30598346c941.tar.gz brdo-c48278229b7e2ee31575b7d9f3fd30598346c941.tar.bz2 | |
- Patch #42068 by mfb et al: fixed problem with aggregator destroying certain links. Moved filtering to on output. (Today's critical bugfix #2.)
Diffstat (limited to 'modules/aggregator')
| -rw-r--r-- | modules/aggregator/aggregator.module | 20 |
1 files changed, 11 insertions, 9 deletions
diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index e598b403e..cf3eb7189 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -411,7 +411,7 @@ function aggregator_refresh($feed) { */ foreach ($channel as $key => $value) { - $channel[$key] = trim(strip_tags($value)); + $channel[$key] = trim($value); } /* @@ -523,10 +523,7 @@ function aggregator_parse_feed(&$data, $feed) { // Prepare the item: foreach ($item as $key => $value) { - $value = decode_entities(trim($value)); - $value = strip_tags($value, variable_get('aggregator_allowed_html_tags', '<a> <b> <br> <dd> <dl> <dt> <em> <i> <li> <ol> <p> <strong> <u> <ul>')); - $value = filter_xss($value); - $item[$key] = $value; + $item[$key] = trim($value); } /* @@ -1151,7 +1148,7 @@ function theme_aggregator_feed($feed) { $output = '<div class="feed-source">'; $output .= theme('feed_icon', $feed->url) ."\n"; $output .= $feed->image . ' <h3 class="feed-title"><a href="'. check_url($feed->link) .'">'. check_plain($feed->title) ."</a></h3>\n"; - $output .= '<div class="feed-description"><em>'. t('Description:') .'</em> '. filter_xss($feed->description) ."</div>\n"; + $output .= '<div class="feed-description"><em>'. t('Description:') .'</em> '. aggregator_filter_xss($feed->description) ."</div>\n"; $updated = t('%time ago', array('%time' => format_interval(time() - $feed->checked))); if (user_access('administer news feeds')) { @@ -1196,7 +1193,7 @@ function theme_aggregator_block_item($item, $feed = 0) { function theme_aggregator_summary_item($item) { $output = '<a href="'. check_url($item->link) .'">'. check_plain($item->title) .'</a> <span class="age">'. t('%age old', array('%age' => format_interval(time() - $item->timestamp))) .'</span>'; if ($item->feed_link) { - $output .= ', <span class="source"><a href="'. $item->feed_link .'">'. $item->feed_title .'</a></span>'; + $output .= ', <span class="source"><a href="'. check_url($item->feed_link) .'">'. check_plain($item->feed_title) .'</a></span>'; } return $output ."\n"; } @@ -1225,7 +1222,7 @@ function theme_aggregator_page_item($item) { $output .= "<div class=\"feed-item-meta\">$source <span class=\"feed-item-date\">$source_date</span></div>\n"; if ($item->description) { - $output .= '<div class="feed-item-body">'. filter_xss($item->description) ."</div>\n"; + $output .= '<div class="feed-item-body">'. aggregator_filter_xss($item->description) ."</div>\n"; } $result = db_query('SELECT c.title, c.cid FROM {aggregator_category_item} ci LEFT JOIN {aggregator_category} c ON ci.cid = c.cid WHERE ci.iid = %d ORDER BY c.title', $item->iid); @@ -1242,4 +1239,9 @@ function theme_aggregator_page_item($item) { return $output; } - +/** + * Safely render HTML content, as allowed. + */ +function aggregator_filter_xss($value) { + return filter_xss($value, preg_split('/\s+|<|>/', variable_get("aggregator_allowed_html_tags", '<a> <b> <br> <dd> <dl> <dt> <em> <i> <li> <ol> <p> <strong> <u> <ul>'), -1, PREG_SPLIT_NO_EMPTY)); +} |