aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorGravatar Dag <me@dvikan.no> 2024-02-09 07:27:16 +0100
committerGravatar GitHub <noreply@github.com> 2024-02-09 07:27:16 +0100
commit8a6798a2276026ec8fe06b0056607a6e461cf330 (patch)
treece138be1321ecaefa34cd12f8951cfc84f9ce6e9
parentae2eb2f1d1af63a3068e18e9d85f92f360b60a34 (diff)
downloadrss-bridge-8a6798a2276026ec8fe06b0056607a6e461cf330.tar.gz
rss-bridge-8a6798a2276026ec8fe06b0056607a6e461cf330.tar.zst
rss-bridge-8a6798a2276026ec8fe06b0056607a6e461cf330.zip
fix: escape token for html context (#3966)
-rw-r--r--README.md6
-rw-r--r--bridges/AnnasArchiveBridge.php6
-rw-r--r--bridges/BookMyShowBridge.php28
-rw-r--r--config/nginx.conf1
-rw-r--r--lib/BridgeCard.php5
5 files changed, 25 insertions, 21 deletions
diff --git a/README.md b/README.md
index cadba3b9..f8d08058 100644
--- a/README.md
+++ b/README.md
@@ -104,6 +104,7 @@ server {
server_name example.com;
access_log /var/log/nginx/rss-bridge.access.log;
error_log /var/log/nginx/rss-bridge.error.log;
+ log_not_found off;
# Intentionally not setting a root folder here
@@ -115,23 +116,22 @@ server {
alias /var/www/rss-bridge/static/;
}
- # Pass off to php-fpm only when location is exactly /
+ # Pass off to php-fpm when location is exactly /
location = / {
root /var/www/rss-bridge/;
include snippets/fastcgi-php.conf;
+ fastcgi_read_timeout 45s;
fastcgi_pass unix:/run/php/rss-bridge.sock;
}
# Reduce spam
location = /favicon.ico {
access_log off;
- log_not_found off;
}
# Reduce spam
location = /robots.txt {
access_log off;
- log_not_found off;
}
}
```
diff --git a/bridges/AnnasArchiveBridge.php b/bridges/AnnasArchiveBridge.php
index e8a1e8c4..acb943b4 100644
--- a/bridges/AnnasArchiveBridge.php
+++ b/bridges/AnnasArchiveBridge.php
@@ -126,7 +126,8 @@ class AnnasArchiveBridge extends BridgeAbstract
return;
}
- foreach ($list->find('.w-full > .mb-4 > div > a') as $element) {
+ $elements = $list->find('.w-full > .mb-4 > div > a');
+ foreach ($elements as $element) {
$item = [];
$item['title'] = $element->find('h3', 0)->plaintext;
$item['author'] = $element->find('div.italic', 0)->plaintext;
@@ -134,7 +135,8 @@ class AnnasArchiveBridge extends BridgeAbstract
$item['content'] = $element->plaintext;
$item['uid'] = $item['uri'];
- if ($item_html = getSimpleHTMLDOMCached($item['uri'])) {
+ $item_html = getSimpleHTMLDOMCached($item['uri'], 86400 * 20);
+ if ($item_html) {
$item_html = defaultLinkTo($item_html, self::URI);
$item['content'] .= $item_html->find('main img', 0);
$item['content'] .= $item_html->find('main .mt-4', 0); // Summary
diff --git a/bridges/BookMyShowBridge.php b/bridges/BookMyShowBridge.php
index 7064df91..6ad02fe2 100644
--- a/bridges/BookMyShowBridge.php
+++ b/bridges/BookMyShowBridge.php
@@ -1218,14 +1218,15 @@ EOT;
$table = $this->generateEventDetailsTable($event);
$imgsrc = $event['BannerURL'];
+ $FShareURL = $event['FShareURL'];
return <<<EOT
- <img title="Event Banner URL" src="$imgsrc"></img>
- <br>
- $table
- <br>
- More Details are available on the <a href="${event['FShareURL']}">BookMyShow website</a>.
-EOT;
+ <img title="Event Banner URL" src="$imgsrc">
+ <br>
+ $table
+ <br>
+ More Details are available on the <a href="$FShareURL">BookMyShow website</a>.
+ EOT;
}
/**
@@ -1292,14 +1293,15 @@ EOT;
$synopsis = preg_replace(self::SYNOPSIS_REGEX, '', $data['EventSynopsis']);
+ $eventTrailerURL = $data['EventTrailerURL'];
return <<<EOT
- <img title="Movie Poster" src="$imgsrc"></img>
- <div>$table</div>
- <p>$innerHtml</p>
- <p>${synopsis}</p>
- More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available
- <a href="${data['EventTrailerURL']}" title="Trailer URL">here</a>
-EOT;
+ <img title="Movie Poster" src="$imgsrc"></img>
+ <div>$table</div>
+ <p>$innerHtml</p>
+ <p>$synopsis</p>
+ More Details are available on the <a href="$url">BookMyShow website</a> and a trailer is available
+ <a href="$eventTrailerURL" title="Trailer URL">here</a>
+ EOT;
}
/**
diff --git a/config/nginx.conf b/config/nginx.conf
index f0f189e7..c65f8e00 100644
--- a/config/nginx.conf
+++ b/config/nginx.conf
@@ -13,6 +13,7 @@ server {
location ~ \.php$ {
include snippets/fastcgi-php.conf;
+ fastcgi_read_timeout 45s;
fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
}
}
diff --git a/lib/BridgeCard.php b/lib/BridgeCard.php
index e5456f33..c4677b9d 100644
--- a/lib/BridgeCard.php
+++ b/lib/BridgeCard.php
@@ -104,9 +104,8 @@ final class BridgeCard
<input type="hidden" name="bridge" value="{$bridgeClassName}" />
EOD;
- if ($token) {
- // todo: maybe escape the token?
- $form .= sprintf('<input type="hidden" name="token" value="%s" />', $token);
+ if (Configuration::getConfig('authentication', 'token') && $token) {
+ $form .= sprintf('<input type="hidden" name="token" value="%s" />', e($token));
}
if (!empty($contextName)) {