mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-12-22 01:35:02 +00:00
Page renderer: Automatically run htmlentities() on all titles
This commit is contained in:
parent
e0f65c2e65
commit
f400da6dce
4 changed files with 7 additions and 2 deletions
|
@ -14,6 +14,8 @@ $env = new stdClass();
|
|||
$env->action = $settings->defaultaction;
|
||||
/** The page name requested by the remote client. @var string */
|
||||
$env->page = "";
|
||||
/** The page name, but run through htmlentities(), thus making it safe to display in an output document. */
|
||||
$env->page_safe = "";
|
||||
/** The filename that the page is stored in. @var string */
|
||||
$env->page_filename = "";
|
||||
/** Whether we are looking at a history revision or not. @var boolean */
|
||||
|
|
|
@ -205,7 +205,7 @@ class page_renderer
|
|||
|
||||
"{content}" => $content,
|
||||
"{extra}" => "",
|
||||
"{title}" => $title,
|
||||
"{title}" => htmlentities($title),
|
||||
];
|
||||
|
||||
// Pass the parts through the part processors
|
||||
|
|
|
@ -6,6 +6,7 @@
|
|||
|
||||
/// Finish setting up the environment object ///
|
||||
$env->page = $_GET["page"] ?? $_POST["page"];
|
||||
$env->page_safe = htmlentities($env->page);
|
||||
if(isset($_GET["revision"]) and is_numeric($_GET["revision"]))
|
||||
{
|
||||
// We have a revision number!
|
||||
|
|
|
@ -380,8 +380,10 @@ window.addEventListener("load", function(event) {
|
|||
add_action("save", function() {
|
||||
global $pageindex, $settings, $env, $save_preprocessors, $paths;
|
||||
// Update the page name in the main environment, since the page name may be submitted via the POST form
|
||||
if(isset($_POST["page"]))
|
||||
if(isset($_POST["page"])) {
|
||||
$env->page = $_POST["page"];
|
||||
$env->page_safe = htmlentities($env->page);
|
||||
}
|
||||
|
||||
if(!$settings->editing)
|
||||
{
|
||||
|
|
Loading…
Reference in a new issue