From 905c85813a24f02050421df8a7b1bf7ffbf4d987 Mon Sep 17 00:00:00 2001
From: Jacek Kowalski <Jacek@jacekk.info>
Date: Sat, 01 Nov 2014 23:52:41 +0000
Subject: [PATCH] [core] Zablokowanie przetwarzania XML External Entities

---
 modules/30_rss.php |   35 +++++++++++++++++++++++++----------
 1 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/modules/30_rss.php b/modules/30_rss.php
index 0293399..80f83e4 100644
--- a/modules/30_rss.php
+++ b/modules/30_rss.php
@@ -170,17 +170,32 @@
 			return FALSE;
 		}
 		
-		GGapi::putRichText(self::p($rss->channel->title), TRUE);
-		if($rss->channel->copyright) {
-			GGapi::putRichText("\n".self::p($rss->channel->copyright));
+		if($rss->entry) {
+			GGapi::putRichText(self::p($rss->title), TRUE);
+			
+			foreach($rss->entry as $item) {
+				GGapi::putRichText("\n\n".self::p($item->title), TRUE);
+				GGapi::putRichText("\n".self::p($item->summary, ($arg=='bash'))."\n".self::p($item->link['href']));
+			
+				if(GGapi::getLength() > 1700) {
+					return;
+				}
+			}
 		}
-		
-		foreach($rss->channel->item as $item) {
-			GGapi::putRichText("\n\n".self::p($item->title), TRUE);
-			GGapi::putRichText("\n".self::p($item->description, ($arg=='bash'))."\n".self::p($item->link));
-		
-			if(GGapi::getLength() > 1700) {
-				return;
+		else
+		{
+			GGapi::putRichText(self::p($rss->channel->title), TRUE);
+			if($rss->channel->copyright) {
+				GGapi::putRichText("\n".self::p($rss->channel->copyright));
+			}
+			
+			foreach($rss->channel->item as $item) {
+				GGapi::putRichText("\n\n".self::p($item->title), TRUE);
+				GGapi::putRichText("\n".self::p($item->description, ($arg=='bash'))."\n".self::p($item->link));
+			
+				if(GGapi::getLength() > 1700) {
+					return;
+				}
 			}
 		}
 	}

--
Gitblit v1.9.1