api: sanitize article content

This commit is contained in:
Andrew Dolgov 2012-10-29 16:01:41 +04:00
parent b3682750bb
commit db9e00e339
2 changed files with 10 additions and 3 deletions

View File

@ -187,6 +187,7 @@ class API extends Handler {
$include_attachments = (bool)db_escape_string($_REQUEST["include_attachments"]);
$since_id = (int)db_escape_string($_REQUEST["since_id"]);
$include_nested = (bool)db_escape_string($_REQUEST["include_nested"]);
$sanitize_content = true;
/* do not rely on params below */
@ -197,7 +198,7 @@ class API extends Handler {
$headlines = api_get_headlines($this->link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, false,
$include_attachments, $since_id, $search, $search_mode, $match_on,
$include_nested);
$include_nested, $sanitize_content);
print $this->wrap(self::STATUS_OK, $headlines);
} else {

View File

@ -4585,7 +4585,8 @@
function api_get_headlines($link, $feed_id, $limit, $offset,
$filter, $is_cat, $show_excerpt, $show_content, $view_mode, $order,
$include_attachments, $since_id,
$search = "", $search_mode = "", $match_on = "", $include_nested = false) {
$search = "", $search_mode = "", $match_on = "",
$include_nested = false, $sanitize_content = true) {
$qfh_ret = queryFeedHeadlines($link, $feed_id, $limit,
$view_mode, $is_cat, $search, $search_mode, $match_on,
@ -4629,7 +4630,12 @@
}
if ($show_content) {
$headline_row["content"] = $line["content_preview"];
if ($sanitize_content) {
$headline_row["content"] = sanitize($link,
$line["content_preview"], false, false, $line["site_url"]);
} else {
$headline_row["content"] = $line["content_preview"];
}
}
// unify label output to ease parsing