From f4df719502527597f6340be8016fd4b649cc1967 Mon Sep 17 00:00:00 2001
From: Dries Buytaert <dries@buytaert.net>
Date: Fri, 27 Jun 2003 17:48:20 +0000
Subject: - Reworked the CXX checking; now, _any_ user input will be checked
 and the request will be terminated when something suspicious is detected. 
 This will be logged in the watchdog.  With help from Marco.

- Fixed translation issue in the archive module.  Patch by Gerhard.

- Removed dead parameter from variable_get().  Patch by Chris Johnson.
Fixes bug #2111.

- Improved input checking of taxonomy module.  Patch by Gerhard.
Fixes bug #2112.
---
 modules/aggregator/aggregator.module | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

(limited to 'modules/aggregator/aggregator.module')

diff --git a/modules/aggregator/aggregator.module b/modules/aggregator/aggregator.module
index 78adefc7c..1d384e706 100644
--- a/modules/aggregator/aggregator.module
+++ b/modules/aggregator/aggregator.module
@@ -305,6 +305,9 @@ function import_refresh($feed) {
     }
     fclose($fp);
 
+    // filter the input data:
+    xss_check_input_data($data);
+
     // parse the data:
     $xml_parser = xml_parser_create();
     xml_set_element_handler($xml_parser, "import_element_start", "import_element_end");
@@ -320,14 +323,6 @@ function import_refresh($feed) {
     $tt = array_flip(get_html_translation_table(HTML_ENTITIES));
     $tt["&apos;"] = "'";
 
-    /*
-    ** Strip invalid tags and provide default values (if required):
-    */
-
-    foreach ($channel as $key => $value) {
-      $channel[$key] = node_filter(strtr(trim($value), $tt));
-    }
-
     db_query("UPDATE feed SET timestamp = %d, link = '%s', description = '%s' WHERE fid = %d", time(), $channel["LINK"], $channel["DESCRIPTION"], $feed["fid"]);
 
     /*
-- 
cgit v1.2.3