diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-11 16:05:37 +0100 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-11 16:05:58 +0100 |
commit | 99af7d32d42d7b77bae4f7747c02db959f35d668 (patch) | |
tree | 97e9141c60fb21e7e38b785d0b278da7e31792ca /articleenhancer | |
parent | d5eab3852c1c6629be6b29016e67e374d85f78ac (diff) |
fix XSS when importing articles, speed up update and adding of feeds by only purifying content that will be added to the db
Diffstat (limited to 'articleenhancer')
-rw-r--r-- | articleenhancer/xpatharticleenhancer.php | 11 |
1 files changed, 3 insertions, 8 deletions
diff --git a/articleenhancer/xpatharticleenhancer.php b/articleenhancer/xpatharticleenhancer.php index 0a2d6e56c..6cc11eb65 100644 --- a/articleenhancer/xpatharticleenhancer.php +++ b/articleenhancer/xpatharticleenhancer.php @@ -33,23 +33,19 @@ class XPathArticleEnhancer implements ArticleEnhancer { private $feedRegex; - private $purifier; private $fileFactory; private $maximumTimeout; /** - * @param $purifier the purifier object to clean the html which will be - * matched * @param SimplePieFileFactory a factory for getting a simple pie file instance * @param array $regexXPathPair an associative array containing regex to * match the url and the xpath that should be used for it to extract the * page * @param int $maximumTimeout maximum timeout in seconds, defaults to 10 sec */ - public function __construct($purifier, SimplePieFileFactory $fileFactory, + public function __construct(SimplePieFileFactory $fileFactory, array $regexXPathPair, $maximumTimeout=10){ - $this->purifier = $purifier; $this->regexXPathPair = $regexXPathPair; $this->fileFactory = $fileFactory; $this->maximumTimeout = $maximumTimeout; @@ -85,9 +81,8 @@ class XPathArticleEnhancer implements ArticleEnhancer { // convert all relative to absolute URLs $xpathResult = $this->substituteRelativeLinks($xpathResult, $item->getUrl()); - $sanitizedResult = $this->purifier->purify($xpathResult); - if( $sanitizedResult ) { - $item->setBody($sanitizedResult); + if( $xpathResult ) { + $item->setBody($xpathResult); } } } |