mirror of
https://github.com/sbrl/Pepperminty-Wiki.git
synced 2024-11-22 04:23:01 +00:00
Page renderer: Automatically run htmlentities() on all titles
This commit is contained in:
parent
e0f65c2e65
commit
f400da6dce
4 changed files with 7 additions and 2 deletions
|
@ -14,6 +14,8 @@ $env = new stdClass();
|
||||||
$env->action = $settings->defaultaction;
|
$env->action = $settings->defaultaction;
|
||||||
/** The page name requested by the remote client. @var string */
|
/** The page name requested by the remote client. @var string */
|
||||||
$env->page = "";
|
$env->page = "";
|
||||||
|
/** The page name, but run through htmlentities(), thus making it safe to display in an output document. */
|
||||||
|
$env->page_safe = "";
|
||||||
/** The filename that the page is stored in. @var string */
|
/** The filename that the page is stored in. @var string */
|
||||||
$env->page_filename = "";
|
$env->page_filename = "";
|
||||||
/** Whether we are looking at a history revision or not. @var boolean */
|
/** Whether we are looking at a history revision or not. @var boolean */
|
||||||
|
|
|
@ -205,7 +205,7 @@ class page_renderer
|
||||||
|
|
||||||
"{content}" => $content,
|
"{content}" => $content,
|
||||||
"{extra}" => "",
|
"{extra}" => "",
|
||||||
"{title}" => $title,
|
"{title}" => htmlentities($title),
|
||||||
];
|
];
|
||||||
|
|
||||||
// Pass the parts through the part processors
|
// Pass the parts through the part processors
|
||||||
|
|
|
@ -6,6 +6,7 @@
|
||||||
|
|
||||||
/// Finish setting up the environment object ///
|
/// Finish setting up the environment object ///
|
||||||
$env->page = $_GET["page"] ?? $_POST["page"];
|
$env->page = $_GET["page"] ?? $_POST["page"];
|
||||||
|
$env->page_safe = htmlentities($env->page);
|
||||||
if(isset($_GET["revision"]) and is_numeric($_GET["revision"]))
|
if(isset($_GET["revision"]) and is_numeric($_GET["revision"]))
|
||||||
{
|
{
|
||||||
// We have a revision number!
|
// We have a revision number!
|
||||||
|
|
|
@ -380,8 +380,10 @@ window.addEventListener("load", function(event) {
|
||||||
add_action("save", function() {
|
add_action("save", function() {
|
||||||
global $pageindex, $settings, $env, $save_preprocessors, $paths;
|
global $pageindex, $settings, $env, $save_preprocessors, $paths;
|
||||||
// Update the page name in the main environment, since the page name may be submitted via the POST form
|
// Update the page name in the main environment, since the page name may be submitted via the POST form
|
||||||
if(isset($_POST["page"]))
|
if(isset($_POST["page"])) {
|
||||||
$env->page = $_POST["page"];
|
$env->page = $_POST["page"];
|
||||||
|
$env->page_safe = htmlentities($env->page);
|
||||||
|
}
|
||||||
|
|
||||||
if(!$settings->editing)
|
if(!$settings->editing)
|
||||||
{
|
{
|
||||||
|
|
Loading…
Reference in a new issue