mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-25 05:22:59 +00:00
Implement simple slugify function
I suspect I may have to fix a number of issues here.....
This commit is contained in:
parent
473e8e1fc9
commit
96546184dc
4 changed files with 14 additions and 4 deletions
|
@ -22,7 +22,7 @@ This file holds the changelog for Pepperminty Wiki. This is the master list of t
|
||||||
## Fixed
|
## Fixed
|
||||||
- [security] Fixed some potential XSS attacks in the page editor
|
- [security] Fixed some potential XSS attacks in the page editor
|
||||||
- [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
|
- [security] Fix stored XSS attack in the wiki name via the first run wizard [CVE-2021-38600](https://github.com/hmaverickadams/CVE-2021-38600); low severity since it requires the site secret to do the initial setup & said initial setup can only be performed once
|
||||||
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the `action` GET parameter.
|
- [security] Fix reflected XSS attack (arbitrary code execution in the user's browser) via the `action` & `action=watchlist&return=blah` GET parameters.
|
||||||
- Fixed a weird bug in the `stats-update` action causing warnings
|
- Fixed a weird bug in the `stats-update` action causing warnings
|
||||||
- search: Properly apply weightings of matches in page titles and tags
|
- search: Properly apply weightings of matches in page titles and tags
|
||||||
- Improved error handling on first run where the PHP Zip extension is not installed
|
- Improved error handling on first run where the PHP Zip extension is not installed
|
||||||
|
|
|
@ -316,6 +316,16 @@ function makepathsafe($string)
|
||||||
return $string;
|
return $string;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Slugifies a given string such that it can only contain a-z0-9-_.
|
||||||
|
* Also automatically makes it lowercase.
|
||||||
|
* @param string $text The text to operate on.
|
||||||
|
* @return string The slugified string.
|
||||||
|
*/
|
||||||
|
function slugify(string $text) : string {
|
||||||
|
return preg_replace("/[^a-zA-Z0-9\-_]", "", $text);
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
|
* Hides an email address from bots. Returns a fragment of HTML that contains the mangled email address.
|
||||||
* @package core
|
* @package core
|
||||||
|
|
|
@ -28,4 +28,4 @@ if($env->is_history_revision)
|
||||||
else if(isset($pageindex->{$env->page}))
|
else if(isset($pageindex->{$env->page}))
|
||||||
$env->page_filename .= $pageindex->{$env->page}->filename;
|
$env->page_filename .= $pageindex->{$env->page}->filename;
|
||||||
|
|
||||||
$env->action = preg_replace("/[^a-z0-9\-_]/", "", strtolower($_GET["action"]));
|
$env->action = slugify($_GET["action"]);
|
||||||
|
|
|
@ -5,7 +5,7 @@
|
||||||
|
|
||||||
register_module([
|
register_module([
|
||||||
"name" => "User watchlists",
|
"name" => "User watchlists",
|
||||||
"version" => "0.1.3",
|
"version" => "0.1.4",
|
||||||
"author" => "Starbeamrainbowlabs",
|
"author" => "Starbeamrainbowlabs",
|
||||||
"description" => "Adds per-user watchlists. When a page on a user's watchlist is edited, a notification email is sent.",
|
"description" => "Adds per-user watchlists. When a page on a user's watchlist is edited, a notification email is sent.",
|
||||||
"id" => "feature-watchlist",
|
"id" => "feature-watchlist",
|
||||||
|
@ -145,7 +145,7 @@ register_module([
|
||||||
http_response_code(401);
|
http_response_code(401);
|
||||||
header("x-status: failed");
|
header("x-status: failed");
|
||||||
header("x-problem: not-logged-in");
|
header("x-problem: not-logged-in");
|
||||||
exit(page_renderer::render_main("Not logged in - $settings->sitename", "<p>Only logged in users can have watchlists. Try <a href='?action=login&returnto=".rawurlencode("?action=watchlist-edit&do=$do&returnto=$returnto")."'>logging in</a>.</p>"));
|
exit(page_renderer::render_main("Not logged in - $settings->sitename", "<p>Only logged in users can have watchlists. Try <a href='?action=login&returnto=".rawurlencode("?action=watchlist-edit&do=$do&returnto=".htmlentities($returnto))."'>logging in</a>.</p>"));
|
||||||
}
|
}
|
||||||
|
|
||||||
if(empty($env->user_data->emailAddress)) {
|
if(empty($env->user_data->emailAddress)) {
|
||||||
|
|
Loading…
Reference in a new issue