diff --git a/htdocs/admin/external_rss.php b/htdocs/admin/external_rss.php
index d46f1897b71..9026ed1a474 100644
--- a/htdocs/admin/external_rss.php
+++ b/htdocs/admin/external_rss.php
@@ -296,9 +296,13 @@ if ($resql) {
$imageurl = $rssparser->getImageUrl();
$linkrss = $rssparser->getLink();
if (!preg_match('/^http/', $imageurl)) {
- $imageurl = $linkrss.$imageurl;
+ include_once DOL_DOCUMENT_ROOT.'/core/lib/images.lib.php';
+ if (image_format_supported($imageurl) >= 0) {
+ // If we are sure imageurl is a path to an image file, and if it does not start with http, we append root url to it.
+ $imageurl = $linkrss.$imageurl;
+ }
}
- if ($imageurl) {
+ if ($imageurl && preg_match('/^http', $imageurl)) {
print '
';
} else {
print $langs->trans("None");
diff --git a/htdocs/core/boxes/box_external_rss.php b/htdocs/core/boxes/box_external_rss.php
index 54f68c5e57f..8bc4943e50b 100644
--- a/htdocs/core/boxes/box_external_rss.php
+++ b/htdocs/core/boxes/box_external_rss.php
@@ -134,6 +134,9 @@ class box_external_rss extends ModeleBoxes
if (!$date && isset($item['pubdate'])) {
$date = $item['pubdate'];
}
+ if (!$date && isset($item['pubDate'])) {
+ $date = $item['pubDate'];
+ }
if (!$date && isset($item['dc']['date'])) {
$date = $item['dc']['date'];
}
@@ -183,22 +186,22 @@ class box_external_rss extends ModeleBoxes
'td' => 'class="left" width="16"',
'text' => img_picto('', 'rss'),
'url' => $href,
- 'tooltip' => $tooltip,
+ 'tooltip' => dol_escape_htmltag($tooltip),
'target' => 'newrss',
);
$this->info_box_contents[$line][1] = array(
'td' => 'class="tdoverflowmax300"',
- 'text' => $title,
+ 'text' => dol_escape_htmltag($title),
'url' => $href,
- 'tooltip' => $tooltip,
+ 'tooltip' => dol_escape_htmltag($tooltip),
'maxlength' => 0,
'target' => 'newrss',
);
$this->info_box_contents[$line][2] = array(
'td' => 'class="right nowrap"',
- 'text' => $date,
+ 'text' => dol_escape_htmltag($date),
);
}
}
diff --git a/htdocs/core/class/rssparser.class.php b/htdocs/core/class/rssparser.class.php
index d70876c5709..6992612592d 100644
--- a/htdocs/core/class/rssparser.class.php
+++ b/htdocs/core/class/rssparser.class.php
@@ -319,54 +319,54 @@ class RssParser
//var_dump($rss);
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
if (!empty($rss->channel->language)) {
- $this->_language = (string) $rss->channel->language;
+ $this->_language = sanitizeVal((string) $rss->channel->language);
}
if (!empty($rss->channel->generator)) {
- $this->_generator = (string) $rss->channel->generator;
+ $this->_generator = sanitizeVal((string) $rss->channel->generator);
}
if (!empty($rss->channel->copyright)) {
- $this->_copyright = (string) $rss->channel->copyright;
+ $this->_copyright = sanitizeVal((string) $rss->channel->copyright);
}
if (!empty($rss->channel->lastbuilddate)) {
- $this->_lastbuilddate = (string) $rss->channel->lastbuilddate;
+ $this->_lastbuilddate = sanitizeVal((string) $rss->channel->lastbuilddate);
}
if (!empty($rss->channel->image->url[0])) {
- $this->_imageurl = (string) $rss->channel->image->url[0];
+ $this->_imageurl = sanitizeVal((string) $rss->channel->image->url[0]);
}
if (!empty($rss->channel->link)) {
- $this->_link = (string) $rss->channel->link;
+ $this->_link = sanitizeVal((string) $rss->channel->link);
}
if (!empty($rss->channel->title)) {
- $this->_title = (string) $rss->channel->title;
+ $this->_title = sanitizeVal((string) $rss->channel->title);
}
if (!empty($rss->channel->description)) {
- $this->_description = (string) $rss->channel->description;
+ $this->_description = sanitizeVal((string) $rss->channel->description);
}
} else {
//var_dump($rss->channel);
if (!empty($rss->channel['language'])) {
- $this->_language = (string) $rss->channel['language'];
+ $this->_language = sanitizeVal((string) $rss->channel['language']);
}
if (!empty($rss->channel['generator'])) {
- $this->_generator = (string) $rss->channel['generator'];
+ $this->_generator = sanitizeVal((string) $rss->channel['generator']);
}
if (!empty($rss->channel['copyright'])) {
- $this->_copyright = (string) $rss->channel['copyright'];
+ $this->_copyright = sanitizeVal((string) $rss->channel['copyright']);
}
if (!empty($rss->channel['lastbuilddate'])) {
- $this->_lastbuilddate = (string) $rss->channel['lastbuilddate'];
+ $this->_lastbuilddate = sanitizeVal((string) $rss->channel['lastbuilddate']);
}
if (!empty($rss->image['url'])) {
- $this->_imageurl = (string) $rss->image['url'];
+ $this->_imageurl = sanitizeVal((string) $rss->image['url']);
}
if (!empty($rss->channel['link'])) {
- $this->_link = (string) $rss->channel['link'];
+ $this->_link = sanitizeVal((string) $rss->channel['link']);
}
if (!empty($rss->channel['title'])) {
- $this->_title = (string) $rss->channel['title'];
+ $this->_title = sanitizeVal((string) $rss->channel['title']);
}
if (!empty($rss->channel['description'])) {
- $this->_description = (string) $rss->channel['description'];
+ $this->_description = sanitizeVal((string) $rss->channel['description']);
}
}
@@ -380,40 +380,40 @@ class RssParser
//var_dump($rss);
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
if (!empty($rss->generator)) {
- $this->_generator = (string) $rss->generator;
+ $this->_generator = sanitizeVal((string) $rss->generator);
}
if (!empty($rss->lastbuilddate)) {
- $this->_lastbuilddate = (string) $rss->modified;
+ $this->_lastbuilddate = sanitizeVal((string) $rss->modified);
}
if (!empty($rss->link->href)) {
- $this->_link = (string) $rss->link->href;
+ $this->_link = sanitizeVal((string) $rss->link->href);
}
if (!empty($rss->title)) {
- $this->_title = (string) $rss->title;
+ $this->_title = sanitizeVal((string) $rss->title);
}
if (!empty($rss->description)) {
- $this->_description = (string) $rss->description;
+ $this->_description = sanitizeVal((string) $rss->description);
}
} else {
//if (!empty($rss->channel['rss_language'])) $this->_language = (string) $rss->channel['rss_language'];
if (!empty($rss->channel['generator'])) {
- $this->_generator = (string) $rss->channel['generator'];
+ $this->_generator = sanitizeVal((string) $rss->channel['generator']);
}
//if (!empty($rss->channel['rss_copyright'])) $this->_copyright = (string) $rss->channel['rss_copyright'];
if (!empty($rss->channel['modified'])) {
- $this->_lastbuilddate = (string) $rss->channel['modified'];
+ $this->_lastbuilddate = sanitizeVal((string) $rss->channel['modified']);
}
//if (!empty($rss->image['rss_url'])) $this->_imageurl = (string) $rss->image['rss_url'];
if (!empty($rss->channel['link'])) {
- $this->_link = (string) $rss->channel['link'];
+ $this->_link = sanitizeVal((string) $rss->channel['link']);
}
if (!empty($rss->channel['title'])) {
- $this->_title = (string) $rss->channel['title'];
+ $this->_title = sanitizeVal((string) $rss->channel['title']);
}
//if (!empty($rss->channel['rss_description'])) $this->_description = (string) $rss->channel['rss_description'];
if (!empty($rss->channel)) {
- $this->_imageurl = $this->getAtomImageUrl($rss->channel);
+ $this->_imageurl = sanitizeVal($this->getAtomImageUrl($rss->channel));
}
}
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
@@ -434,19 +434,19 @@ class RssParser
//var_dump($item);exit;
if ($rss->_format == 'rss') {
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
- $itemLink = (string) $item->link;
- $itemTitle = (string) $item->title;
- $itemDescription = (string) $item->description;
- $itemPubDate = (string) $item->pubDate;
+ $itemLink = sanitizeVal((string) $item->link);
+ $itemTitle = sanitizeVal((string) $item->title);
+ $itemDescription = sanitizeVal((string) $item->description);
+ $itemPubDate = sanitizeVal((string) $item->pubDate);
$itemId = '';
$itemAuthor = '';
} else {
- $itemLink = (string) $item['link'];
- $itemTitle = (string) $item['title'];
- $itemDescription = (string) $item['description'];
- $itemPubDate = (string) $item['pubdate'];
- $itemId = (string) $item['guid'];
- $itemAuthor = (string) $item['author'];
+ $itemLink = sanitizeVal((string) $item['link']);
+ $itemTitle = sanitizeVal((string) $item['title']);
+ $itemDescription = sanitizeVal((string) $item['description']);
+ $itemPubDate = sanitizeVal((string) $item['pubdate']);
+ $itemId = sanitizeVal((string) $item['guid']);
+ $itemAuthor = sanitizeVal((string) $item['author']);
}
// Loop on each category
@@ -458,19 +458,19 @@ class RssParser
}
} elseif ($rss->_format == 'atom') {
if (!empty($conf->global->EXTERNALRSS_USE_SIMPLEXML)) {
- $itemLink = (isset($item['link']) ? (string) $item['link'] : '');
- $itemTitle = (string) $item['title'];
- $itemDescription = $this->getAtomItemDescription($item);
- $itemPubDate = (string) $item['created'];
- $itemId = (string) $item['id'];
- $itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
+ $itemLink = (isset($item['link']) ? sanitizeVal((string) $item['link']) : '');
+ $itemTitle = sanitizeVal((string) $item['title']);
+ $itemDescription = sanitizeVal($this->getAtomItemDescription($item));
+ $itemPubDate = sanitizeVal((string) $item['created']);
+ $itemId = sanitizeVal((string) $item['id']);
+ $itemAuthor = sanitizeVal((string) ($item['author'] ? $item['author'] : $item['author_name']));
} else {
- $itemLink = (isset($item['link']) ? (string) $item['link'] : '');
- $itemTitle = (string) $item['title'];
- $itemDescription = $this->getAtomItemDescription($item);
- $itemPubDate = (string) $item['created'];
- $itemId = (string) $item['id'];
- $itemAuthor = (string) ($item['author'] ? $item['author'] : $item['author_name']);
+ $itemLink = (isset($item['link']) ? sanitizeVal((string) $item['link']) : '');
+ $itemTitle = sanitizeVal((string) $item['title']);
+ $itemDescription = sanitizeVal($this->getAtomItemDescription($item));
+ $itemPubDate = sanitizeVal((string) $item['created']);
+ $itemId = sanitizeVal((string) $item['id']);
+ $itemAuthor = sanitizeVal((string) ($item['author'] ? $item['author'] : $item['author_name']));
}
$itemCategory = array();
} else {
diff --git a/htdocs/core/lib/xcal.lib.php b/htdocs/core/lib/xcal.lib.php
index 45c7bf17793..1bf83410088 100644
--- a/htdocs/core/lib/xcal.lib.php
+++ b/htdocs/core/lib/xcal.lib.php
@@ -307,7 +307,7 @@ function build_calfile($format, $title, $desc, $events_array, $outputfile)
*/
function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filter = '', $url = '', $langcode = '')
{
- global $user, $conf, $langs;
+ global $user, $conf, $langs, $mysoc;
global $dolibarr_main_url_root;
dol_syslog("xcal.lib.php::build_rssfile Build rss file ".$outputfile." to format ".$format);
@@ -320,8 +320,6 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
$fichier = fopen($outputfile, "w");
if ($fichier) {
- $date = date("r");
-
// Print header
fwrite($fichier, 'charset_output.'"?>');
fwrite($fichier, "\n");
@@ -335,25 +333,25 @@ function build_rssfile($format, $title, $desc, $events_array, $outputfile, $filt
fwrite($fichier, "".$langcode."\n");
}
- /*
- fwrite($fichier, ""."\n".
- // "fr"."\n".
- "Dolibarr"."\n".
- "".$date.""."\n".
- "Dolibarr"."\n");
- */
+ // Define $urlwithroot
+ $urlwithouturlroot = preg_replace("/".preg_quote(DOL_URL_ROOT, "/")."$/i", "", trim($dolibarr_main_url_root));
+ $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
+ //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
+ // Url
if (empty($url)) {
- // Define $urlwithroot
- $urlwithouturlroot = preg_replace("/".preg_quote(DOL_URL_ROOT, "/")."$/i", "", trim($dolibarr_main_url_root));
- $urlwithroot = $urlwithouturlroot.DOL_URL_ROOT; // This is to use external domain name found into config file
- //$urlwithroot=DOL_MAIN_URL_ROOT; // This is to use same domain name than current
-
$url = $urlwithroot."/public/agenda/agendaexport.php?format=rss&exportkey=".urlencode($conf->global->MAIN_AGENDA_XCAL_EXPORTKEY);
}
-
fwrite($fichier, "\n");
+ // Image
+ if (!empty($mysoc->logo_squarred_small)) {
+ $urlimage = $urlwithroot.'/viewimage.php?cache=1&modulepart=mycompany&file='.urlencode($mysoc->logo_squarred_small);
+ if ($urlimage) {
+ fwrite($fichier, "'.$title.\n");
+ }
+ }
+
foreach ($events_array as $key => $event) {
$eventqualified = true;