harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

disallow backslashes in wiki and wiki-page names

Browse Source
This commit is contained in:
zotlabs
2017-12-05 16:33:24 -08:00
parent d4acf41192
commit 8451ee20c9
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Zotlabs/Lib/NativeWikiPage.php
View File

@@ -68,6 +68,9 @@ class NativeWikiPage {
return array('content' => null, 'message' => 'Error reading wiki', 'success' => false); return array('content' => null, 'message' => 'Error reading wiki', 'success' => false);
} }
// backslashes won't work well in the javascript functions
$name = str_replace('\\','',$name);
// create an empty activity // create an empty activity
$arr = []; $arr = [];
@@ -351,6 +354,7 @@ class NativeWikiPage {
// fetch the most recently saved revision. // fetch the most recently saved revision.
$item = self::load_page($arr); $item = self::load_page($arr);
if(! $item) { if(! $item) {
return array('message' => t('Page not found'), 'success' => false); return array('message' => t('Page not found'), 'success' => false);
} }

18
Zotlabs/Module/Wiki.php
View File

@@ -430,11 +430,15 @@ class Wiki extends \Zotlabs\Web\Controller {
goaway('/' . argv(0) . '/' . $nick . '/'); goaway('/' . argv(0) . '/' . $nick . '/');
} }
$wiki = array(); $wiki = array();
// backslashes won't work well in the javascript functions
$name = str_replace('\\','',$_POST['wikiName']);
// Generate new wiki info from input name // Generate new wiki info from input name
$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0); $wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
$wiki['rawName'] = $_POST['wikiName']; $wiki['rawName'] = $name;
$wiki['htmlName'] = escape_tags($_POST['wikiName']); $wiki['htmlName'] = escape_tags($name);
$wiki['urlName'] = urlencode(urlencode($_POST['wikiName'])); $wiki['urlName'] = urlencode(urlencode($name));
$wiki['mimeType'] = $_POST['mimeType']; $wiki['mimeType'] = $_POST['mimeType'];
$wiki['typelock'] = $_POST['typelock']; $wiki['typelock'] = $_POST['typelock'];
@@ -555,7 +559,11 @@ class Wiki extends \Zotlabs\Web\Controller {
} }
$name = $_POST['pageName']; //Get new page name $name = $_POST['pageName']; //Get new page name
if(urlencode(escape_tags($_POST['pageName'])) === '') {
// backslashes won't work well in the javascript functions
$name = str_replace('\\','',$name);
if(urlencode(escape_tags($name)) === '') {
json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false)); json_return_and_die(array('message' => 'Error creating page. Invalid name.', 'success' => false));
} }
$page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id, $mimetype); $page = Zlib\NativeWikiPage::create_page($owner['channel_id'],$observer_hash, $name, $resource_id, $mimetype);
@@ -758,7 +766,7 @@ class Wiki extends \Zotlabs\Web\Controller {
if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) { if ((argc() === 4) && (argv(2) === 'rename') && (argv(3) === 'page')) {
$resource_id = $_POST['resource_id']; $resource_id = $_POST['resource_id'];
$pageUrlName = $_POST['oldName']; $pageUrlName = $_POST['oldName'];
$pageNewName = $_POST['newName']; $pageNewName = str_replace('\\','',$_POST['newName']);
if ($pageUrlName === 'Home') { if ($pageUrlName === 'Home') {
json_return_and_die(array('message' => 'Cannot rename Home','success' => false)); json_return_and_die(array('message' => 'Cannot rename Home','success' => false));
} }