Ticker: template override not honored for description field...or is it?

salfter · August 13, 2021, 8:49pm

I have a news feed (https://www.reviewjournal.com/news/feed) I’d like to include on our screens. Within it, there are title and description fields for each article; the description is a short summary of the contents. I have the following template override defined for it:

<p id="news_title">[Title]</p>
<p id="news_desc">[Description]</p>

and this is the accompanying CSS:

#news_title {font-family: Arial, Verdana, sans-serif; font-size:48px; font-weight: bold; color: white}
#news_desc {font-family: Arial, Verdana, sans-serif; font-size:36px; color: white}

This works just fine for the title. The description, though, is left alone, which means it shows up in black with a ridiculously small font size. I tried using the default inline styles as well, with the same result: attempts to style the description element are ignored.

(I’m running a fresh install of v3.0.2…looking for something to replace our Concerto setup, as that appears to be unmaintained.)

Upon checking the “your topic is similar to…” list and finding that the inclusion of HTML within the description element of the R-J’s news feed is likely to blame, I set out to find a way to filter it…and I think I have a solution.

Log into the cms-web container (docker exec -it bash)
Create /var/www/cms/web/fix.php with the code block following this list.
Edit /etc/php7/php.ini; enable allow_url_fopen.
Exit the shell and reboot (or restart the cms-web container).
When configuring feeds, prepend “http://<your_domain>/fix.php?url=” to the feed URL.

.

<?php
if (PHP_SAPI=="cli")
    $url=$argv[1];
else
    $url=$_GET["url"];
$feed=new SimpleXmlElement(file_get_contents($url));
foreach ($feed->channel->item as $entry)
    $entry->description=str_replace("</p>","",str_replace("<p>","",$entry->description));
if (PHP_SAPI!="cli")
    header("Content-Type: application/rss+xml");
echo $feed->asXML();
?>

This script could also be deployed to another server to avoid monkeying around within the container, but this approach keeps everything in one place. Whether it’d survive an upgrade is unknown (probably not).

This script only gets rid of <p> tags; it doesn’t filter out all HTML. A feed with other included HTML might call for different tweaks.

dan · August 19, 2021, 9:54pm

There are a number of vunerabilities associated with allow_url_fopen which is why we don’t use it, and why its disabled in the containers. I wouldn’t recommend that as a solution.

If you wanted to run a pre-parser like you’ve done, then you could include the vendor autoloader and use a Guzzle client instead, which would be much safer. You could also put your script in the shared userscripts folder (which would survive an upgrade).

What I would say though is that we provide a “strip tags” option on the ticker configuration tab which should be capable of doing the same job - stripping out the p tags. It might be worth trying that to see if it meets your needs.

Thanks,
Dan