mirrors/rss-bridge
1
0
Fork 0
mirror of https://github.com/RSS-Bridge/rss-bridge.git synced 2025-01-18 17:13:46 +03:00
Code Issues Projects Releases Packages Wiki Activity

fix: escape token for html context (#3966)

Browse source
This commit is contained in:
Dag 2024-02-09 07:27:16 +01:00 committed by GitHub
parent ae2eb2f1d1
commit 8a6798a227
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
5 changed files with 25 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -104,6 +104,7 @@ server {
server_name example.com; server_name example.com;
access_log /var/log/nginx/rss-bridge.access.log; access_log /var/log/nginx/rss-bridge.access.log;
error_log /var/log/nginx/rss-bridge.error.log; error_log /var/log/nginx/rss-bridge.error.log;
log_not_found off;
# Intentionally not setting a root folder here # Intentionally not setting a root folder here
@ -115,23 +116,22 @@ server {
alias /var/www/rss-bridge/static/; alias /var/www/rss-bridge/static/;
} }
# Pass off to php-fpm only when location is exactly / # Pass off to php-fpm when location is exactly /
location = / { location = / {
root /var/www/rss-bridge/; root /var/www/rss-bridge/;
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_read_timeout 45s;
fastcgi_pass unix:/run/php/rss-bridge.sock; fastcgi_pass unix:/run/php/rss-bridge.sock;
} }
# Reduce spam # Reduce spam
location = /favicon.ico { location = /favicon.ico {
access_log off; access_log off;
log_not_found off;
} }
# Reduce spam # Reduce spam
location = /robots.txt { location = /robots.txt {
access_log off; access_log off;
log_not_found off;
} }
} }
``` ```

6
bridges/AnnasArchiveBridge.php
View file

@ -126,7 +126,8 @@ class AnnasArchiveBridge extends BridgeAbstract
return; return;
} }
foreach ($list->find('.w-full > .mb-4 > div > a') as $element) { $elements = $list->find('.w-full > .mb-4 > div > a');
foreach ($elements as $element) {
$item = []; $item = [];
$item['title'] = $element->find('h3', 0)->plaintext; $item['title'] = $element->find('h3', 0)->plaintext;
$item['author'] = $element->find('div.italic', 0)->plaintext; $item['author'] = $element->find('div.italic', 0)->plaintext;
@ -134,7 +135,8 @@ class AnnasArchiveBridge extends BridgeAbstract
$item['content'] = $element->plaintext; $item['content'] = $element->plaintext;
$item['uid'] = $item['uri']; $item['uid'] = $item['uri'];
if ($item_html = getSimpleHTMLDOMCached($item['uri'])) { $item_html = getSimpleHTMLDOMCached($item['uri'], 86400 * 20);
if ($item_html) {
$item_html = defaultLinkTo($item_html, self::URI); $item_html = defaultLinkTo($item_html, self::URI);
$item['content'] .= $item_html->find('main img', 0); $item['content'] .= $item_html->find('main img', 0);
$item['content'] .= $item_html->find('main .mt-4', 0); // Summary $item['content'] .= $item_html->find('main .mt-4', 0); // Summary

28
bridges/BookMyShowBridge.php
View file

@ -1218,14 +1218,15 @@ EOT;
$table = $this->generateEventDetailsTable($event); $table = $this->generateEventDetailsTable($event);
$imgsrc = $event['BannerURL']; $imgsrc = $event['BannerURL'];
$FShareURL = $event['FShareURL'];
return <<<EOT return <<<EOT
<img title="Event Banner URL" src="$imgsrc"></img> <img title="Event Banner URL" src="$imgsrc">
<br> <br>
$table $table
<br> <br>
More Details are available on the <a href="${event['FShareURL']}">BookMyShow website</a>. More Details are available on the <a href="$FShareURL">BookMyShow website</a>.
EOT; EOT;
} }
/** /**
@ -1292,14 +1293,15 @@ EOT;
$synopsis = preg_replace(self::SYNOPSIS_REGEX, '', $data['EventSynopsis']); $synopsis = preg_replace(self::SYNOPSIS_REGEX, '', $data['EventSynopsis']);
$eventTrailerURL = $data['EventTrailerURL'];
return <<<EOT return <<<EOT
<img title="Movie Poster" src="$imgsrc"></img> <img title="Movie Poster" src="$imgsrc"></img>
<div>$table</div> <div>$table</div>
<p>$innerHtml</p> <p>$innerHtml</p>
<p>${synopsis}</p> <p>$synopsis</p>
More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available
<a href="${data['EventTrailerURL']}" title="Trailer URL">here</a> <a href="$eventTrailerURL" title="Trailer URL">here</a>
EOT; EOT;
} }
/** /**

1
config/nginx.conf
View file

@ -13,6 +13,7 @@ server {
location ~ \.php$ { location ~ \.php$ {
include snippets/fastcgi-php.conf; include snippets/fastcgi-php.conf;
fastcgi_read_timeout 45s;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock; fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
} }
} }

5
lib/BridgeCard.php
View file

@ -104,9 +104,8 @@ final class BridgeCard
<input type="hidden" name="bridge" value="{$bridgeClassName}" /> <input type="hidden" name="bridge" value="{$bridgeClassName}" />
EOD; EOD;
if ($token) { if (Configuration::getConfig('authentication', 'token') && $token) {
// todo: maybe escape the token? $form .= sprintf('<input type="hidden" name="token" value="%s" />', e($token));
$form .= sprintf('<input type="hidden" name="token" value="%s" />', $token);
} }
if (!empty($contextName)) { if (!empty($contextName)) {