From 99af7d32d42d7b77bae4f7747c02db959f35d668 Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Tue, 11 Feb 2014 16:05:37 +0100
Subject: fix XSS when importing articles, speed up update and adding of feeds
 by only purifying content that will be added to the db

---
 fetcher/feedfetcher.php | 15 ++++-----------
 1 file changed, 4 insertions(+), 11 deletions(-)

(limited to 'fetcher')

diff --git a/fetcher/feedfetcher.php b/fetcher/feedfetcher.php
index fc9f4eae6..aa1f94e5b 100644
--- a/fetcher/feedfetcher.php
+++ b/fetcher/feedfetcher.php
@@ -42,8 +42,7 @@ class FeedFetcher implements IFeedFetcher {
 	private $faviconFetcher;
 	private $simplePieFactory;
 	private $fetchTimeout;
-	private $time;
-	private $purifier;
+	private $time;	
 
 	public function __construct(API $api,
 				    SimplePieAPIFactory $simplePieFactory,
@@ -51,15 +50,13 @@ class FeedFetcher implements IFeedFetcher {
 				    TimeFactory $time,
 				    $cacheDirectory,
 				    $cacheDuration,
-				    $fetchTimeout,
-				    $purifier){
+				    $fetchTimeout){
 		$this->api = $api;
 		$this->cacheDirectory = $cacheDirectory;
 		$this->cacheDuration = $cacheDuration;
 		$this->faviconFetcher = $faviconFetcher;
 		$this->simplePieFactory = $simplePieFactory;
 		$this->time = $time;
-		$this->purifier = $purifier;
 		$this->fetchTimeout = $fetchTimeout;
 	}
 
@@ -143,12 +140,8 @@ class FeedFetcher implements IFeedFetcher {
 		$guid = $simplePieItem->get_id();
 		$item->setGuid($guid);
 
-		// links should always open in a new window
-		$item->setBody(
-			$this->purifier->purify(
-				$simplePieItem->get_content()
-			)
-		);
+		// purification is done in the businesslayer
+		$item->setBody($simplePieItem->get_content());  
 
 		// pubdate is not required. if not given use the current date
 		$date = $simplePieItem->get_date('U');
-- 
cgit v1.2.3