aboutsummaryrefslogtreecommitdiffhomepage
path: root/inc
diff options
context:
space:
mode:
Diffstat (limited to 'inc')
-rwxr-xr-xinc/poche/Database.class.php4
-rwxr-xr-xinc/poche/Poche.class.php20
2 files changed, 16 insertions, 8 deletions
diff --git a/inc/poche/Database.class.php b/inc/poche/Database.class.php
index d1044a6e..036c9d1b 100755
--- a/inc/poche/Database.class.php
+++ b/inc/poche/Database.class.php
@@ -245,7 +245,7 @@ class Database {
245 $sql_limit = "LIMIT ".$limit." OFFSET 0"; 245 $sql_limit = "LIMIT ".$limit." OFFSET 0";
246 } 246 }
247 247
248 $sql = "SELECT * FROM entries WHERE (content = '' OR content IS NULL) AND user_id=? ORDER BY id " . $sql_limit; 248 $sql = "SELECT * FROM entries WHERE (content = '' OR content IS NULL) AND title LIKE 'Untitled - Import%' AND user_id=? ORDER BY id " . $sql_limit;
249 $query = $this->executeQuery($sql, array($user_id)); 249 $query = $this->executeQuery($sql, array($user_id));
250 $entries = $query->fetchAll(); 250 $entries = $query->fetchAll();
251 251
@@ -253,7 +253,7 @@ class Database {
253 } 253 }
254 254
255 public function retrieveUnfetchedEntriesCount($user_id) { 255 public function retrieveUnfetchedEntriesCount($user_id) {
256 $sql = "SELECT count(*) FROM entries WHERE (content = '' OR content IS NULL) AND user_id=?"; 256 $sql = "SELECT count(*) FROM entries WHERE (content = '' OR content IS NULL) AND title LIKE 'Untitled - Import%' AND user_id=?";
257 $query = $this->executeQuery($sql, array($user_id)); 257 $query = $this->executeQuery($sql, array($user_id));
258 list($count) = $query->fetch(); 258 list($count) = $query->fetch();
259 259
diff --git a/inc/poche/Poche.class.php b/inc/poche/Poche.class.php
index 3a4e78d6..811895dc 100755
--- a/inc/poche/Poche.class.php
+++ b/inc/poche/Poche.class.php
@@ -373,9 +373,7 @@ class Poche
373 $body = $content['rss']['channel']['item']['description']; 373 $body = $content['rss']['channel']['item']['description'];
374 374
375 // clean content from prevent xss attack 375 // clean content from prevent xss attack
376 $config = HTMLPurifier_Config::createDefault(); 376 $purifier = $this->getPurifier();
377 $config->set('Cache.SerializerPath', CACHE);
378 $purifier = new HTMLPurifier($config);
379 $title = $purifier->purify($title); 377 $title = $purifier->purify($title);
380 $body = $purifier->purify($body); 378 $body = $purifier->purify($body);
381 379
@@ -920,9 +918,7 @@ class Poche
920 Tools::logm('Fetching next batch of articles...'); 918 Tools::logm('Fetching next batch of articles...');
921 $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT); 919 $items = $this->store->retrieveUnfetchedEntries($this->user->getId(), IMPORT_LIMIT);
922 920
923 $config = HTMLPurifier_Config::createDefault(); 921 $purifier = $this->getPurifier();
924 $config->set('Cache.SerializerPath', CACHE);
925 $purifier = new HTMLPurifier($config);
926 922
927 foreach ($items as $item) { 923 foreach ($items as $item) {
928 $url = new Url(base64_encode($item['url'])); 924 $url = new Url(base64_encode($item['url']));
@@ -1064,4 +1060,16 @@ class Poche
1064 $this->messages->add('s', _('Cache deleted.')); 1060 $this->messages->add('s', _('Cache deleted.'));
1065 Tools::redirect(); 1061 Tools::redirect();
1066 } 1062 }
1063
1064 /**
1065 * return new purifier object with actual config
1066 */
1067 protected function getPurifier() {
1068 $config = HTMLPurifier_Config::createDefault();
1069 $config->set('Cache.SerializerPath', CACHE);
1070 $config->set('HTML.SafeIframe', true);
1071 $config->set('URI.SafeIframeRegexp', '%^(https?:)?//(www\.youtube(?:-nocookie)?\.com/embed/|player\.vimeo\.com/video/)%'); //allow YouTube and Vimeo$purifier = new HTMLPurifier($config);
1072
1073 return new HTMLPurifier($config);
1074 }
1067} 1075}