mirrors/rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2024-10-22 10:55:42 +03:00
Code Issues Projects Releases Packages Wiki Activity

fix: escape token for html context (#3966)

Browse source
This commit is contained in:
Dag 2024-02-09 07:27:16 +01:00 committed by GitHub
parent ae2eb2f1d1
commit 8a6798a227
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 25 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -104,6 +104,7 @@ server {
server_name example.com;
access_log /var/log/nginx/rss-bridge.access.log;
error_log /var/log/nginx/rss-bridge.error.log;
log_not_found off;
# Intentionally not setting a root folder here
@ -115,23 +116,22 @@ server {
alias /var/www/rss-bridge/static/;
}
# Pass off to php-fpm only when location is exactly /
# Pass off to php-fpm when location is exactly /
location = / {
root /var/www/rss-bridge/;
include snippets/fastcgi-php.conf;
fastcgi_read_timeout 45s;
fastcgi_pass unix:/run/php/rss-bridge.sock;
}
# Reduce spam
location = /favicon.ico {
access_log off;
log_not_found off;
}
# Reduce spam
location = /robots.txt {
access_log off;
log_not_found off;
}
}
```

6
bridges/AnnasArchiveBridge.php
View file

@ -126,7 +126,8 @@ class AnnasArchiveBridge extends BridgeAbstract
return;
}
foreach ($list->find('.w-full > .mb-4 > div > a') as $element) {
$elements = $list->find('.w-full > .mb-4 > div > a');
foreach ($elements as $element) {
$item = [];
$item['title'] = $element->find('h3', 0)->plaintext;
$item['author'] = $element->find('div.italic', 0)->plaintext;
@ -134,7 +135,8 @@ class AnnasArchiveBridge extends BridgeAbstract
$item['content'] = $element->plaintext;
$item['uid'] = $item['uri'];
if ($item_html = getSimpleHTMLDOMCached($item['uri'])) {
$item_html = getSimpleHTMLDOMCached($item['uri'], 86400 * 20);
if ($item_html) {
$item_html = defaultLinkTo($item_html, self::URI);
$item['content'] .= $item_html->find('main img', 0);
$item['content'] .= $item_html->find('main .mt-4', 0); // Summary

28
bridges/BookMyShowBridge.php
View file

@ -1218,14 +1218,15 @@ EOT;
$table = $this->generateEventDetailsTable($event);
$imgsrc = $event['BannerURL'];
$FShareURL = $event['FShareURL'];
return <<<EOT
<img title="Event Banner URL" src="$imgsrc"></img>
<br>
$table
<br>
More Details are available on the <a href="${event['FShareURL']}">BookMyShow website</a>.
EOT;
<img title="Event Banner URL" src="$imgsrc">
<br>
$table
<br>
More Details are available on the <a href="$FShareURL">BookMyShow website</a>.
EOT;
}
/**
@ -1292,14 +1293,15 @@ EOT;
$synopsis = preg_replace(self::SYNOPSIS_REGEX, '', $data['EventSynopsis']);
$eventTrailerURL = $data['EventTrailerURL'];
return <<<EOT
<img title="Movie Poster" src="$imgsrc"></img>
<div>$table</div>
<p>$innerHtml</p>
<p>${synopsis}</p>
More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available
<a href="${data['EventTrailerURL']}" title="Trailer URL">here</a>
EOT;
<img title="Movie Poster" src="$imgsrc"></img>
<div>$table</div>
<p>$innerHtml</p>
<p>$synopsis</p>
More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available
<a href="$eventTrailerURL" title="Trailer URL">here</a>
EOT;
}
/**

1
config/nginx.conf
View file

@ -13,6 +13,7 @@ server {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_read_timeout 45s;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
}
}

5
lib/BridgeCard.php
View file

@ -104,9 +104,8 @@ final class BridgeCard
<input type="hidden" name="bridge" value="{$bridgeClassName}" />
EOD;
if ($token) {
// todo: maybe escape the token?
$form .= sprintf('<input type="hidden" name="token" value="%s" />', $token);
if (Configuration::getConfig('authentication', 'token') && $token) {
$form .= sprintf('<input type="hidden" name="token" value="%s" />', e($token));
}
if (!empty($contextName)) {