diff options
| author | Dries Buytaert <dries@buytaert.net> | 2003-06-27 17:48:20 +0000 |
|---|---|---|
| committer | Dries Buytaert <dries@buytaert.net> | 2003-06-27 17:48:20 +0000 |
| commit | f4df719502527597f6340be8016fd4b649cc1967 (patch) | |
| tree | ce9ece43874885689942c5288fb7e1927c02e620 /modules/aggregator | |
| parent | 2323e5723395dd9c793b301650b69bdd0a37e273 (diff) | |
| download | brdo-f4df719502527597f6340be8016fd4b649cc1967.tar.gz brdo-f4df719502527597f6340be8016fd4b649cc1967.tar.bz2 | |
- Reworked the CXX checking; now, _any_ user input will be checked
and the request will be terminated when something suspicious is
detected. This will be logged in the watchdog. With help from Marco.
- Fixed translation issue in the archive module. Patch by Gerhard.
- Removed dead parameter from variable_get(). Patch by Chris Johnson.
Fixes bug #2111.
- Improved input checking of taxonomy module. Patch by Gerhard.
Fixes bug #2112.
Diffstat (limited to 'modules/aggregator')
| -rw-r--r-- | modules/aggregator/aggregator.module | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module index 78adefc7c..1d384e706 100644 --- a/modules/aggregator/aggregator.module +++ b/modules/aggregator/aggregator.module @@ -305,6 +305,9 @@ function import_refresh($feed) { } fclose($fp); + // filter the input data: + xss_check_input_data($data); + // parse the data: $xml_parser = xml_parser_create(); xml_set_element_handler($xml_parser, "import_element_start", "import_element_end"); @@ -320,14 +323,6 @@ function import_refresh($feed) { $tt = array_flip(get_html_translation_table(HTML_ENTITIES)); $tt["'"] = "'"; - /* - ** Strip invalid tags and provide default values (if required): - */ - - foreach ($channel as $key => $value) { - $channel[$key] = node_filter(strtr(trim($value), $tt)); - } - db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]); /* |