From d7078d952a5dc1ecd875cb3c610d90f701c1b493 Mon Sep 17 00:00:00 2001
From: Graham Cole <chckens@sucs.org>
Date: Sat, 15 Nov 2008 19:18:54 +0000
Subject: [PATCH] check that feeds are at least readable before putting them
into database/planet
---
components/options.php | 10 +++++++++-
templates/options.tpl | 2 +-
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/components/options.php b/components/options.php
index d472426..bdaea2c 100644
--- a/components/options.php
+++ b/components/options.php
@@ -181,12 +181,18 @@ function changeBlogFeed($type, $feed, $syndicate) {
$syndicate = "f";
}
+ // try to read up to 100KB of the provided feed uri
+ if (@file_get_contents($feed,FALSE,null,0,100000) == FALSE) {
+ trigger_error("Unable to read from provided blog feed URL", E_USER_WARNING);
+ return FALSE;
+ }
+
if ($sucsDB->Execute("UPDATE members SET blogfeed=?,syndicateblog=? WHERE username=?",
array($feed, $syndicate, $session->username)) == FALSE) {
return FALSE;
}
- //fixme: ensure sanity(/validity?) of provided uris to avoid screwing up planet's config
+
include("planetconfig.php");
return TRUE;
}
@@ -269,6 +275,8 @@ if ($session->loggedin === TRUE) {
case 'changeblogfeed' :
if (changeBlogFeed($_POST['blogtype'], $_POST['bloguri'], $_POST['syndicateblog'])){
message_flash("Blog Feed Updated");
+ } else {
+ trigger_error("Blog Feed has not been updated", E_USER_NOTICE);
}
break;
case 'renew' :
diff --git a/templates/options.tpl b/templates/options.tpl
index b638d17..6195c51 100644
--- a/templates/options.tpl
+++ b/templates/options.tpl
@@ -186,7 +186,7 @@
{if $sucsblogger}
<input type="radio" name="blogtype" value="custom" {if not $sucsblogfeed}checked="checked"{/if} />
{/if}
- <input type="text" name="bloguri" id="bloguri" style="width:90%;" value="{$member.blogfeed}" />
+ <input type="text" name="bloguri" id="bloguri" style="width:90%;" {if $member.blogfeed}value="{$member.blogfeed}"{/if} />
</span>
</div>
<div class="row">
--
GitLab