Implement custom escaping
This commit is contained in:
M.Dent
@@ -237,7 +237,8 @@ class Wiki extends Controller {
|
||||
|
||||
// /wiki/channel/wiki -> No page was specified, so redirect to Home.md
|
||||
|
||||
$wikiUrlName = urlencode(argv(2));
|
||||
//$wikiUrlName = urlencode(argv(2));
|
||||
$wikiUrlName = NativeWiki::name_encode(argv(2));
|
||||
goaway(z_root() . '/' . argv(0) . '/' . argv(1) . '/' . $wikiUrlName . '/Home');
|
||||
|
||||
case 4:
|
||||
@@ -246,7 +247,8 @@ class Wiki extends Controller {
|
||||
// GET /wiki/channel/wiki/page
|
||||
// Fetch the wiki info and determine observer permissions
|
||||
|
||||
$wikiUrlName = urldecode(argv(2));
|
||||
//$wikiUrlName = urldecode(argv(2));
|
||||
$wikiUrlName = NativeWiki::name_decode(argv(2));
|
||||
|
||||
$page_name = '';
|
||||
$ignore_language = false;
|
||||
@@ -262,7 +264,8 @@ class Wiki extends Controller {
|
||||
$page_name .= argv($x);
|
||||
}
|
||||
|
||||
$pageUrlName = urldecode($page_name);
|
||||
//$pageUrlName = urldecode($page_name);
|
||||
$pageUrlName = NativeWiki::name_decode($page_name);
|
||||
$langPageUrlName = urldecode(\App::$language . '/' . $page_name);
|
||||
|
||||
$w = NativeWiki::exists_by_name($owner['channel_id'], $wikiUrlName);
|
||||
@@ -289,8 +292,10 @@ class Wiki extends Controller {
|
||||
$wiki_editor = true;
|
||||
}
|
||||
|
||||
$wikiheaderName = urldecode($wikiUrlName);
|
||||
$wikiheaderPage = urldecode($pageUrlName);
|
||||
//$wikiheaderName = urldecode($wikiUrlName);
|
||||
$wikiheaderName = NativeWiki::name_decode($wikiUrlName);
|
||||
//$wikiheaderPage = urldecode($pageUrlName);
|
||||
$wikiheaderPage = NativeWiki::name_decode($pageUrlName);
|
||||
|
||||
$renamePage = (($wikiheaderPage === 'Home') ? '' : t('Rename page'));
|
||||
$sharePage = t('Share');
|
||||
@@ -360,13 +365,14 @@ class Wiki extends Controller {
|
||||
$currenttype = $types[$mimeType];
|
||||
|
||||
$placeholder = t('Short description of your changes (optional)');
|
||||
|
||||
|
||||
$zrl = urlencode( z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName );
|
||||
$o .= replace_macros(get_markup_template('wiki.tpl'),array(
|
||||
'$wikiheaderName' => $wikiheaderName,
|
||||
'$wikiheaderPage' => $wikiheaderPage,
|
||||
'$renamePage' => $renamePage,
|
||||
'$sharePage' => $sharePage,
|
||||
'$shareLink' => urlencode('#^[zrl=' . z_root() . '/wiki/' . argv(1) . '/' . $wikiUrlName . '/' . $pageUrlName . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]'),
|
||||
'$shareLink' => '#^[zrl=' . $zrl . ']' . '[ ' . $owner['channel_name'] . ' ] ' . $wikiheaderName . ' - ' . $wikiheaderPage . '[/zrl]',
|
||||
'$showPageControls' => $showPageControls,
|
||||
'$editOrSourceLabel' => (($showPageControls) ? t('Edit') : t('Source')),
|
||||
'$tools_label' => 'Page Tools',
|
||||
@@ -465,7 +471,8 @@ class Wiki extends Controller {
|
||||
$wiki['postVisible'] = ((intval($_POST['postVisible'])) ? 1 : 0);
|
||||
$wiki['rawName'] = $name;
|
||||
$wiki['htmlName'] = escape_tags($name);
|
||||
$wiki['urlName'] = urlencode(urlencode($name));
|
||||
//$wiki['urlName'] = urlencode(urlencode($name));
|
||||
$wiki['urlName'] = NativeWiki::name_encode($name);
|
||||
$wiki['mimeType'] = $_POST['mimeType'];
|
||||
$wiki['typelock'] = $_POST['typelock'];
|
||||
|
||||
@@ -514,7 +521,8 @@ class Wiki extends Controller {
|
||||
|
||||
$arr = [];
|
||||
|
||||
$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
|
||||
//$arr['urlName'] = urlencode(urlencode($_POST['origRawName']));
|
||||
$arr['urlName'] = NativeWiki::name_encode($_POST['origRawName']);
|
||||
|
||||
if($_POST['updateRawName'])
|
||||
$arr['updateRawName'] = $_POST['updateRawName'];
|
||||
@@ -525,7 +533,7 @@ class Wiki extends Controller {
|
||||
return; //not reached
|
||||
}
|
||||
|
||||
$wiki = NativeWiki::exists_by_name($owner['channel_id'], urldecode($arr['urlName']));
|
||||
$wiki = NativeWiki::exists_by_name($owner['channel_id'], $arr['urlName']);
|
||||
|
||||
if($wiki['resource_id']) {
|
||||
|
||||
@@ -590,7 +598,7 @@ class Wiki extends Controller {
|
||||
// backslashes won't work well in the javascript functions
|
||||
$name = str_replace('\\','',$name);
|
||||
|
||||
if(urlencode(escape_tags($name)) === '') {
|
||||
if(NativeWiki::name_encode(escape_tags($name)) === '') {
|
||||
json_return_and_die(array('message' => 'Error creating page. Invalid name (' . print_r($_POST,true) . ').', 'success' => false));
|
||||
}
|
||||
|
||||
@@ -798,7 +806,7 @@ class Wiki extends Controller {
|
||||
if ($pageUrlName === 'Home') {
|
||||
json_return_and_die(array('message' => 'Cannot rename Home','success' => false));
|
||||
}
|
||||
if(urlencode(escape_tags($pageNewName)) === '') {
|
||||
if(NativeWiki::encode_name(escape_tags($pageNewName)) === '') {
|
||||
json_return_and_die(array('message' => 'Error renaming page. Invalid name.', 'success' => false));
|
||||
}
|
||||
// Determine if observer has permission to rename pages
|
||||
@@ -814,7 +822,7 @@ class Wiki extends Controller {
|
||||
if($renamed['success']) {
|
||||
$commit = NativeWikiPage::commit(array(
|
||||
'channel_id' => $owner['channel_id'],
|
||||
'commit_msg' => 'Renamed ' . urldecode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
|
||||
'commit_msg' => 'Renamed ' . NativeWiki::name_decode($pageUrlName) . ' to ' . $renamed['page']['htmlName'],
|
||||
'resource_id' => $resource_id,
|
||||
'observer_hash' => $observer_hash,
|
||||
'pageUrlName' => $pageNewName
|
||||
|
||||
Reference in New Issue
Block a user