check that feeds are at least readable before putting them into database/planet

d7078d95 · Graham Cole · 079556ea · d7078d95 · d7078d95
Commit d7078d95 authored 16 years ago by Graham Cole
--- a/components/options.php
+++ b/components/options.php
@@ -181,12 +181,18 @@ function changeBlogFeed($type, $feed, $syndicate) {
 		$syndicate = "f";
 	}

+	// try to read up to 100KB of the provided feed uri
+	if (@file_get_contents($feed,FALSE,null,0,100000) == FALSE) {
+		trigger_error("Unable to read from provided blog feed URL", E_USER_WARNING);
+		return FALSE;
+	}
+
 	if ($sucsDB->Execute("UPDATE members SET blogfeed=?,syndicateblog=? WHERE username=?", 
 		array($feed, $syndicate, $session->username)) == FALSE) {
 		return FALSE;
 		}	

-	//fixme: ensure sanity(/validity?) of provided uris to avoid screwing up planet's config
+
 	include("planetconfig.php"); 
 	return TRUE;
 }
@@ -269,6 +275,8 @@ if ($session->loggedin === TRUE) {
 			case 'changeblogfeed' :
 				if (changeBlogFeed($_POST['blogtype'], $_POST['bloguri'], $_POST['syndicateblog'])){
 					message_flash("Blog Feed Updated");
+				} else {
+					trigger_error("Blog Feed has not been updated", E_USER_NOTICE);
 				}
 				break;
 			case 'renew' :

--- a/templates/options.tpl
+++ b/templates/options.tpl
@@ -186,7 +186,7 @@
 		{if $sucsblogger} 
 			<input type="radio" name="blogtype" value="custom" {if not $sucsblogfeed}checked="checked"{/if} />
 		{/if}
-			<input type="text" name="bloguri" id="bloguri" style="width:90%;" value="{$member.blogfeed}" />
+			<input type="text" name="bloguri" id="bloguri" style="width:90%;" {if $member.blogfeed}value="{$member.blogfeed}"{/if} />
 		</span>
 	</div>
 	<div class="row">