diff options
| author | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
|---|---|---|
| committer | Bernhard Posselt <nukeawhale@gmail.com> | 2013-05-04 00:15:41 +0200 |
| commit | 10831dd274ff65d4852b47dbc398adae61845206 (patch) | |
| tree | 9f9397bb7433fd53bfacf88d8c8b3cf2ef50e27d /utility | |
| parent | 7b628a3e4d105f2e571d0fe142d59f201d6a10d0 (diff) | |
use html purifier for sanitation
Diffstat (limited to 'utility')
| -rw-r--r-- | utility/feedfetcher.php | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/utility/feedfetcher.php b/utility/feedfetcher.php index e153669ac..0083f1969 100644 --- a/utility/feedfetcher.php +++ b/utility/feedfetcher.php @@ -42,19 +42,22 @@ class FeedFetcher implements IFeedFetcher { private $faviconFetcher; private $simplePieFactory; private $time; + private $purifier; public function __construct(API $api, SimplePieAPIFactory $simplePieFactory, FaviconFetcher $faviconFetcher, TimeFactory $time, $cacheDirectory, - $cacheDuration){ + $cacheDuration, + $purifier){ $this->api = $api; $this->cacheDirectory = $cacheDirectory; $this->cacheDuration = $cacheDuration; $this->faviconFetcher = $faviconFetcher; $this->simplePieFactory = $simplePieFactory; $this->time = $time; + $this->purifier = $purifier; } @@ -116,7 +119,8 @@ class FeedFetcher implements IFeedFetcher { $item->setGuid($guid); $item->setGuidHash(md5($guid)); $item->setBody(str_replace('<a', '<a target="_blank"', - $simplePieItem->get_content())); + // escape XSS + $this->purifier->purify($simplePieItem->get_content()))); $item->setPubDate($simplePieItem->get_date('U')); $item->setLastModified($this->time->getTime()); |