harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Apply purify_html to page content before preview and save to prevent JavaScript code injection.

Browse Source
This commit is contained in:
Andrew Manning
2016-06-12 07:14:12 -04:00
parent 1789c3242a
commit 43055e0199
2 changed files with 4 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
include/wiki.php
View File

@@ -279,7 +279,7 @@ function wiki_page_history($arr) {
function wiki_save_page($arr) {
$pageUrlName = ((array_key_exists('pageUrlName',$arr)) ? $arr['pageUrlName'] : '');
$content = ((array_key_exists('content',$arr)) ? $arr['content'] : '');
$content = ((array_key_exists('content',$arr)) ? purify_html($arr['content']) : '');
$resource_id = ((array_key_exists('resource_id',$arr)) ? $arr['resource_id'] : '');
$w = wiki_get_wiki($resource_id);
if (!$w['path']) {