1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-11-22 04:23:01 +00:00

Page renderer: Automatically run htmlentities() on all titles

This commit is contained in:
Starbeamrainbowlabs 2021-09-02 21:34:40 +01:00
parent e0f65c2e65
commit f400da6dce
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
4 changed files with 7 additions and 2 deletions

View file

@ -14,6 +14,8 @@ $env = new stdClass();
$env->action = $settings->defaultaction; $env->action = $settings->defaultaction;
/** The page name requested by the remote client. @var string */ /** The page name requested by the remote client. @var string */
$env->page = ""; $env->page = "";
/** The page name, but run through htmlentities(), thus making it safe to display in an output document. */
$env->page_safe = "";
/** The filename that the page is stored in. @var string */ /** The filename that the page is stored in. @var string */
$env->page_filename = ""; $env->page_filename = "";
/** Whether we are looking at a history revision or not. @var boolean */ /** Whether we are looking at a history revision or not. @var boolean */

View file

@ -205,7 +205,7 @@ class page_renderer
"{content}" => $content, "{content}" => $content,
"{extra}" => "", "{extra}" => "",
"{title}" => $title, "{title}" => htmlentities($title),
]; ];
// Pass the parts through the part processors // Pass the parts through the part processors

View file

@ -6,6 +6,7 @@
/// Finish setting up the environment object /// /// Finish setting up the environment object ///
$env->page = $_GET["page"] ?? $_POST["page"]; $env->page = $_GET["page"] ?? $_POST["page"];
$env->page_safe = htmlentities($env->page);
if(isset($_GET["revision"]) and is_numeric($_GET["revision"])) if(isset($_GET["revision"]) and is_numeric($_GET["revision"]))
{ {
// We have a revision number! // We have a revision number!

View file

@ -380,8 +380,10 @@ window.addEventListener("load", function(event) {
add_action("save", function() { add_action("save", function() {
global $pageindex, $settings, $env, $save_preprocessors, $paths; global $pageindex, $settings, $env, $save_preprocessors, $paths;
// Update the page name in the main environment, since the page name may be submitted via the POST form // Update the page name in the main environment, since the page name may be submitted via the POST form
if(isset($_POST["page"])) if(isset($_POST["page"])) {
$env->page = $_POST["page"]; $env->page = $_POST["page"];
$env->page_safe = htmlentities($env->page);
}
if(!$settings->editing) if(!$settings->editing)
{ {