diff options
author | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-11 16:05:37 +0100 |
---|---|---|
committer | Bernhard Posselt <dev@bernhard-posselt.com> | 2014-02-11 16:05:58 +0100 |
commit | 99af7d32d42d7b77bae4f7747c02db959f35d668 (patch) | |
tree | 97e9141c60fb21e7e38b785d0b278da7e31792ca /businesslayer | |
parent | d5eab3852c1c6629be6b29016e67e374d85f78ac (diff) |
fix XSS when importing articles, speed up update and adding of feeds by only purifying content that will be added to the db
Diffstat (limited to 'businesslayer')
-rw-r--r-- | businesslayer/feedbusinesslayer.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/businesslayer/feedbusinesslayer.php b/businesslayer/feedbusinesslayer.php index 58a4ed578..c9b993e5a 100644 --- a/businesslayer/feedbusinesslayer.php +++ b/businesslayer/feedbusinesslayer.php @@ -45,12 +45,14 @@ class FeedBusinessLayer extends BusinessLayer { private $timeFactory; private $autoPurgeMinimumInterval; private $enhancer; + private $purifier; public function __construct(FeedMapper $feedMapper, Fetcher $feedFetcher, ItemMapper $itemMapper, API $api, TimeFactory $timeFactory, $autoPurgeMinimumInterval, - Enhancer $enhancer){ + Enhancer $enhancer, + $purifier){ parent::__construct($feedMapper); $this->feedFetcher = $feedFetcher; $this->itemMapper = $itemMapper; @@ -58,6 +60,7 @@ class FeedBusinessLayer extends BusinessLayer { $this->timeFactory = $timeFactory; $this->autoPurgeMinimumInterval = $autoPurgeMinimumInterval; $this->enhancer = $enhancer; + $this->purifier = $purifier; } /** @@ -122,6 +125,7 @@ class FeedBusinessLayer extends BusinessLayer { } catch(DoesNotExistException $ex){ $unreadCount += 1; $item = $this->enhancer->enhance($item, $feed->getLink()); + $item->setBody($this->purifier->purify($item->getBody())); $this->itemMapper->insert($item); } } @@ -192,6 +196,7 @@ class FeedBusinessLayer extends BusinessLayer { } catch(DoesNotExistException $ex){ $item = $this->enhancer->enhance($item, $existingFeed->getLink()); + $item->setBody($this->purifier->purify($item->getBody())); $this->itemMapper->insert($item); } } @@ -294,6 +299,7 @@ class FeedBusinessLayer extends BusinessLayer { $existingItem->setStatus($item->getStatus()); $this->itemMapper->update($existingItem); } catch(DoesNotExistException $ex){ + $item->setBody($this->purifier->purify($item->getBody())); $this->itemMapper->insert($item); } } |