From b6314c109dbfa134576beff9ed29254826e10223 Mon Sep 17 00:00:00 2001
From: Max Kostikov <max@kostikov.co>
Date: Thu, 7 Nov 2019 09:14:51 +0100
Subject: Sanitize title on Atom/RSS feed import

---
 include/feedutils.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'include/feedutils.php')

diff --git a/include/feedutils.php b/include/feedutils.php
index 5e52828c3..9f4d732bb 100644
--- a/include/feedutils.php
+++ b/include/feedutils.php
@@ -449,6 +449,18 @@ function get_atom_elements($feed, $item) {
 
 	if (title_is_body($res['title'], $res['body']))
 		$res['title'] = "";
+	else {
+	    $res['title'] = bbcode($res['title'], [ 'tryoembed' => false ]);
+	    $res['title'] = html2plain($res['title'], 0, true);
+	    $res['title'] = html_entity_decode($res['title'], ENT_QUOTES, 'UTF-8');
+	    $res['title'] = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $res['title']);
+	    while (strpos($res['title'], "\n") !== false)
+	        $res['title'] = str_replace("\n", " ", $res['title']);
+	    while (strpos($res['title'], "  ") !== false)
+	        $res['title'] = str_replace("  ", " ", $res['title']);
+	    $res['title'] = trim($res['title']);
+	}
+
 
 	if($res['plink'])
 		$base_url = implode('/', array_slice(explode('/',$res['plink']),0,3));
-- 
cgit v1.2.3