mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-21 16:13:00 +00:00
core | render_pagename, render_username: fix potential authenticated XSS attack
This commit is contained in:
parent
d977d594e6
commit
738715af43
1 changed files with 2 additions and 2 deletions
|
@ -679,7 +679,7 @@ function render_timestamp($timestamp, $absolute = false, $html = true) {
|
||||||
*/
|
*/
|
||||||
function render_pagename($rchange) {
|
function render_pagename($rchange) {
|
||||||
global $pageindex;
|
global $pageindex;
|
||||||
$pageDisplayName = $rchange->page;
|
$pageDisplayName = htmlentities($rchange->page);
|
||||||
if(isset($pageindex->$pageDisplayName) and !empty($pageindex->$pageDisplayName->redirect))
|
if(isset($pageindex->$pageDisplayName) and !empty($pageindex->$pageDisplayName->redirect))
|
||||||
$pageDisplayName = "<em>$pageDisplayName</em>";
|
$pageDisplayName = "<em>$pageDisplayName</em>";
|
||||||
$pageDisplayLink = "<a href='?page=" . rawurlencode($rchange->page) . "'>$pageDisplayName</a>";
|
$pageDisplayLink = "<a href='?page=" . rawurlencode($rchange->page) . "'>$pageDisplayName</a>";
|
||||||
|
@ -692,7 +692,7 @@ function render_pagename($rchange) {
|
||||||
* @return string HTML representing the given editor's name.
|
* @return string HTML representing the given editor's name.
|
||||||
*/
|
*/
|
||||||
function render_editor($editorName) {
|
function render_editor($editorName) {
|
||||||
return "<span class='editor'>✎ $editorName</span>";
|
return "<span class='editor'>✎ ".htmlentities($editorName)."</span>";
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|
Loading…
Reference in a new issue