diff --git a/modules/feature-search.php b/modules/feature-search.php index 8048046..40db3d7 100644 --- a/modules/feature-search.php +++ b/modules/feature-search.php @@ -5,7 +5,7 @@ register_module([ "name" => "Search", - "version" => "0.13.2", + "version" => "0.13.3", "author" => "Starbeamrainbowlabs", "description" => "Adds proper search functionality to Pepperminty Wiki using an inverted index to provide a full text search engine. If pages don't show up, then you might have hit a stop word. If not, try requesting the `invindex-rebuild` action to rebuild the inverted index from scratch.", "id" => "feature-search", @@ -198,11 +198,11 @@ register_module([ $query = $_GET["query"]; if(isset($pageindex->$query)) { - $content .= "There's a page on $settings->sitename called $query."; + $content .= "There's a page on $settings->sitename called ".htmlentities($query)."."; } else { - $content .= "There isn't a page called $query on $settings->sitename, but you "; + $content .= "There isn't a page called ".htmlentities($query)." on $settings->sitename, but you "; if((!$settings->anonedits && !$env->is_logged_in) || !$settings->editing) { $content .= "do not have permission to create it."; if(!$env->is_logged_in) { @@ -240,6 +240,7 @@ register_module([ $i = 0; // todo use $_GET["offset"] and $_GET["result-count"] or something foreach($results as $result) { + $pagename_display = htmlentities($result["pagename"]); $link = "?page=" . rawurlencode($result["pagename"]); $pagesource = file_get_contents($env->storage_prefix . $result["pagename"] . ".md"); @@ -260,17 +261,17 @@ register_module([ }*/ $tag_list = ""; - foreach($pageindex->{$result["pagename"]}->tags ?? [] as $tag) $tag_list .= "$tag"; + foreach($pageindex->{$result["pagename"]}->tags ?? [] as $tag) $tag_list .= "".htmlentities($tag).""; $tag_list .= "\n"; // Make redirect pages italics if(!empty($pageindex->{$result["pagename"]}->redirect)) - $result["pagename"] = "{$result["pagename"]}"; + $pagename_display = "$pagename_display"; // We add 1 to $i here to convert it from an index to a result // number as people expect it to start from 1 $content .= "
\n"; - $content .= "

" . $result["pagename"] . " $tag_list

\n"; + $content .= "

$pagename_display $tag_list

\n"; $content .= "

$context

\n"; $content .= "
\n"; @@ -365,7 +366,7 @@ register_module([ $result = ""; foreach($tokens as $token) { if(in_array(substr($token, 1), $stas_query["exclude"])) { - $result .= "" . substr($token, 1) . " "; + $result .= "" . htmlentities(substr($token, 1)) . " "; continue; } @@ -381,7 +382,7 @@ register_module([ } } if($term == null) { - $result .= "$token "; + $result .= "".htmlentities($token)." "; continue; } @@ -405,7 +406,7 @@ register_module([ } $title .= ", weight: {$term["weight"]}"; - $result .= "$token "; + $result .= "".htmlentities($token)." "; } exit(page_renderer::render_main("STAS Query Analysis - $settings->sitename", "

$settings->sitename understood your query to mean the following:

@@ -427,7 +428,7 @@ register_module([ */ add_action("opensearch-description", function () { global $settings; - $siteRoot = full_url() . "/index.php"; + $siteRoot = htmlentities(full_url() . "/index.php", ENT_XML1); if(!isset($_GET["debug"])) header("content-type: application/opensearchdescription+xml"); else @@ -478,6 +479,7 @@ register_module([ if(!in_array($type, ["json", "opensearch"])) { http_response_code(406); + header("content-type: text/plain"); exit("Error: The type '$type' is not one of the supported output types. Available values: json, opensearch. Default: json"); }