From 36f707b25ee04f3641c5d13290cc6297e28b1f47 Mon Sep 17 00:00:00 2001
From: Max Kostikov <max@kostikov.co>
Date: Wed, 6 Nov 2019 16:07:04 +0100
Subject: Sanitize title on Atom/RSS feed import

---
 include/feedutils.php | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'include')

diff --git a/include/feedutils.php b/include/feedutils.php
index 5e52828c3..e7fcad02a 100644
--- a/include/feedutils.php
+++ b/include/feedutils.php
@@ -436,6 +436,18 @@ function get_atom_elements($feed, $item) {
 
 	if($summary === $res['body'])
 		$summary = '';
+	else {
+        $res['title'] = bbcode($res['title'], [ 'tryoembed' => false ]);
+        $res['title'] = html2plain($res['title'], 0, true);
+        $res['title'] = html_entity_decode($res['title'], ENT_QUOTES, 'UTF-8');
+        $res['title'] = preg_replace("/https?\:\/\/[a-zA-Z0-9\:\/\-\?\&\;\.\=\_\~\#\%\$\!\+\,\@]+/", "", $res['title']);
+        while (strpos($res['title'], "\n") !== false)
+            $res['title'] = str_replace("\n", " ", $res['title']);
+        while (strpos($res['title'], "  ") !== false)
+            $res['title'] = str_replace("  ", " ", $res['title']);
+        $res['title'] = trim($res['title']);
+    }
+
 
 	if(($summary) && ((strpos($summary,'<') !== false) || (strpos($summary,'>') !== false))) {
 		$summary = purify_html($summary);
-- 
cgit v1.2.3