From 99af7d32d42d7b77bae4f7747c02db959f35d668 Mon Sep 17 00:00:00 2001 From: Bernhard Posselt Date: Tue, 11 Feb 2014 16:05:37 +0100 Subject: fix XSS when importing articles, speed up update and adding of feeds by only purifying content that will be added to the db --- articleenhancer/xpatharticleenhancer.php | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) (limited to 'articleenhancer') diff --git a/articleenhancer/xpatharticleenhancer.php b/articleenhancer/xpatharticleenhancer.php index 0a2d6e56c..6cc11eb65 100644 --- a/articleenhancer/xpatharticleenhancer.php +++ b/articleenhancer/xpatharticleenhancer.php @@ -33,23 +33,19 @@ class XPathArticleEnhancer implements ArticleEnhancer { private $feedRegex; - private $purifier; private $fileFactory; private $maximumTimeout; /** - * @param $purifier the purifier object to clean the html which will be - * matched * @param SimplePieFileFactory a factory for getting a simple pie file instance * @param array $regexXPathPair an associative array containing regex to * match the url and the xpath that should be used for it to extract the * page * @param int $maximumTimeout maximum timeout in seconds, defaults to 10 sec */ - public function __construct($purifier, SimplePieFileFactory $fileFactory, + public function __construct(SimplePieFileFactory $fileFactory, array $regexXPathPair, $maximumTimeout=10){ - $this->purifier = $purifier; $this->regexXPathPair = $regexXPathPair; $this->fileFactory = $fileFactory; $this->maximumTimeout = $maximumTimeout; @@ -85,9 +81,8 @@ class XPathArticleEnhancer implements ArticleEnhancer { // convert all relative to absolute URLs $xpathResult = $this->substituteRelativeLinks($xpathResult, $item->getUrl()); - $sanitizedResult = $this->purifier->purify($xpathResult); - if( $sanitizedResult ) { - $item->setBody($sanitizedResult); + if( $xpathResult ) { + $item->setBody($xpathResult); } } } -- cgit v1.2.3