- Removed valid_input_check().
Dries Buytaert
parent
2917261693
commit
0f6067fc84
|
|
@ -524,10 +524,10 @@ function aggregator_parse_feed(&$data, $feed) {
|
|||
foreach ($item as $key => $value) {
|
||||
$value = decode_entities(trim($value));
|
||||
$value = strip_tags($value, variable_get('aggregator_allowed_html_tags', '<a> <b> <br> <dd> <dl> <dt> <em> <i> <li> <ol> <p> <strong> <u> <ul>'));
|
||||
$value = preg_replace('/\Wstyle\s*=[^>]+?>/i', '>', $value);
|
||||
$value = preg_replace('/\Won[a-z]+\s*=[^>]+?>/i', '>', $value);
|
||||
$value = filter_xss($value);
|
||||
$item[$key] = $value;
|
||||
}
|
||||
|
||||
/*
|
||||
** Resolve the item's title. If no title is found, we use
|
||||
** up to 40 characters of the description ending at a word
|
||||
|
|
@ -601,12 +601,7 @@ function aggregator_parse_feed(&$data, $feed) {
|
|||
$entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND title = '%s'", $feed['fid'], $title));
|
||||
}
|
||||
|
||||
if (!valid_input_data($item['DESCRIPTION'])) {
|
||||
drupal_set_message(t('The RSS feed from %site seems to be broken, because of suspicious input data.', array('%site' => theme('placeholder', $feed['title']))), 'error');
|
||||
}
|
||||
else {
|
||||
aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION']));
|
||||
}
|
||||
aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION']));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -524,10 +524,10 @@ function aggregator_parse_feed(&$data, $feed) {
|
|||
foreach ($item as $key => $value) {
|
||||
$value = decode_entities(trim($value));
|
||||
$value = strip_tags($value, variable_get('aggregator_allowed_html_tags', '<a> <b> <br> <dd> <dl> <dt> <em> <i> <li> <ol> <p> <strong> <u> <ul>'));
|
||||
$value = preg_replace('/\Wstyle\s*=[^>]+?>/i', '>', $value);
|
||||
$value = preg_replace('/\Won[a-z]+\s*=[^>]+?>/i', '>', $value);
|
||||
$value = filter_xss($value);
|
||||
$item[$key] = $value;
|
||||
}
|
||||
|
||||
/*
|
||||
** Resolve the item's title. If no title is found, we use
|
||||
** up to 40 characters of the description ending at a word
|
||||
|
|
@ -601,12 +601,7 @@ function aggregator_parse_feed(&$data, $feed) {
|
|||
$entry = db_fetch_object(db_query("SELECT iid FROM {aggregator_item} WHERE fid = %d AND title = '%s'", $feed['fid'], $title));
|
||||
}
|
||||
|
||||
if (!valid_input_data($item['DESCRIPTION'])) {
|
||||
drupal_set_message(t('The RSS feed from %site seems to be broken, because of suspicious input data.', array('%site' => theme('placeholder', $feed['title']))), 'error');
|
||||
}
|
||||
else {
|
||||
aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION']));
|
||||
}
|
||||
aggregator_save_item(array('iid' => $entry->iid, 'fid' => $feed['fid'], 'timestamp' => $timestamp, 'title' => $title, 'link' => $link, 'author' => $item['AUTHOR'], 'description' => $item['DESCRIPTION']));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ function upload_settings() {
|
|||
function upload_download() {
|
||||
foreach ($_SESSION['file_uploads'] as $file) {
|
||||
if ($file->_filename == $_GET['q']) {
|
||||
file_transfer($file->filepath, array('Content-Type: '. $file->filemime, 'Content-Length: '. $file->filesize));
|
||||
file_transfer($file->filepath, array('Content-Type: '. mime_header_encode($file->filemime), 'Content-Length: '. $file->filesize));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -134,9 +134,10 @@ function upload_file_download($file) {
|
|||
$result = db_query(db_rewrite_sql("SELECT f.nid, f.* FROM {files} f WHERE filepath = '%s'", 'f'), $file);
|
||||
if ($file = db_fetch_object($result)) {
|
||||
$name = mime_header_encode($file->filename);
|
||||
$type = mime_header_encode($file->filemime);
|
||||
// Serve images and text inline for the browser to display rather than download.
|
||||
$disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
|
||||
return array('Content-Type: '. $file->filemime .'; name='. $name,
|
||||
return array('Content-Type: '. $type .'; name='. $name,
|
||||
'Content-Length: '. $file->filesize,
|
||||
'Content-Disposition: '. $disposition .'; filename='. $name);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -123,7 +123,7 @@ function upload_settings() {
|
|||
function upload_download() {
|
||||
foreach ($_SESSION['file_uploads'] as $file) {
|
||||
if ($file->_filename == $_GET['q']) {
|
||||
file_transfer($file->filepath, array('Content-Type: '. $file->filemime, 'Content-Length: '. $file->filesize));
|
||||
file_transfer($file->filepath, array('Content-Type: '. mime_header_encode($file->filemime), 'Content-Length: '. $file->filesize));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -134,9 +134,10 @@ function upload_file_download($file) {
|
|||
$result = db_query(db_rewrite_sql("SELECT f.nid, f.* FROM {files} f WHERE filepath = '%s'", 'f'), $file);
|
||||
if ($file = db_fetch_object($result)) {
|
||||
$name = mime_header_encode($file->filename);
|
||||
$type = mime_header_encode($file->filemime);
|
||||
// Serve images and text inline for the browser to display rather than download.
|
||||
$disposition = ereg('^(text/|image/)', $file->filemime) ? 'inline' : 'attachment';
|
||||
return array('Content-Type: '. $file->filemime .'; name='. $name,
|
||||
return array('Content-Type: '. $type .'; name='. $name,
|
||||
'Content-Length: '. $file->filesize,
|
||||
'Content-Disposition: '. $disposition .'; filename='. $name);
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue