mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 13:45:02 +00:00
Implement simple slugify function
I suspect I may have to fix a number of issues here.....
This commit is contained in:
parent
473e8e1fc9
commit
96546184dc
4 changed files with 14 additions and 4 deletions
|
@ -22,7 +22,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
|||
## Fixed
|
||||
- [security] Fixed some potential XSS attacks in the page editor
|
||||
- [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
|
||||
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the `action` GET parameter.
|
||||
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the `action` & `action=watchlist&return=blah` GET parameters.
|
||||
- Fixed a weird bug in the `stats-update` action causing warnings
|
||||
- search: Properly apply weightings of matches in page titles and tags
|
||||
- Improved error handling on first run where the PHP Zip extension is not installed
|
||||
|
|
|
@ -316,6 +316,16 @@ function makepathsafe($string)
|
|||
return $string;
|
||||
}
|
||||
|
||||
/**
|
||||
* Slugifies a given string such that it can only contain a-z0-9-_.
|
||||
* Also automatically makes it lowercase.
|
||||
* @param string $text The text to operate on.
|
||||
* @return string The slugified string.
|
||||
*/
|
||||
function slugify(string $text) : string {
|
||||
return preg_replace("/[^a-zA-Z0-9\-_]", "", $text);
|
||||
}
|
||||
|
||||
/**
|
||||
* Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
|
||||
* @package core
|
||||
|
|
|
@ -28,4 +28,4 @@ if($env->is_history_revision)
|
|||
else if(isset($pageindex->{$env->page}))
|
||||
$env->page_filename .= $pageindex->{$env->page}->filename;
|
||||
|
||||
$env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));
|
||||
$env->action = slugify($_GET["action"]);
|
||||
|
|
|
@ -5,7 +5,7 @@
|
|||
|
||||
register_module([
|
||||
"name" => "User watchlists",
|
||||
"version" => "0.1.3",
|
||||
"version" => "0.1.4",
|
||||
"author" => "Starbeamrainbowlabs",
|
||||
"description" => "Adds per-user watchlists. When a page on a user's watchlist is edited, a notification email is sent.",
|
||||
"id" => "feature-watchlist",
|
||||
|
@ -145,7 +145,7 @@ register_module([
|
|||
http_response_code(401);
|
||||
header("x-status: failed");
|
||||
header("x-problem: not-logged-in");
|
||||
exit(page_renderer::render_main("Not logged in - $settings->sitename", "<p>Only logged in users can have watchlists. Try <a href='?action=login&returnto=".rawurlencode("?action=watchlist-edit&do=$do&returnto=$returnto")."'>logging in</a>.</p>"));
|
||||
exit(page_renderer::render_main("Not logged in - $settings->sitename", "<p>Only logged in users can have watchlists. Try <a href='?action=login&returnto=".rawurlencode("?action=watchlist-edit&do=$do&returnto=".htmlentities($returnto))."'>logging in</a>.</p>"));
|
||||
}
|
||||
|
||||
if(empty($env->user_data->emailAddress)) {
|
||||
|
|
Loading…
Reference in a new issue