Revisión | 6d67361a262d084e12118302669158032859fbeb (tree) |
---|---|
Tiempo | 2002-06-22 18:31:43 |
Autor | masui <masui> |
Commiter | masui |
fix < > & " quote
@@ -1,6 +1,6 @@ | ||
1 | 1 | <? |
2 | 2 | // PukiWiki - Yet another WikiWikiWeb clone. |
3 | -// $Id: func.php,v 1.1 2002/06/21 05:21:46 masui Exp $ | |
3 | +// $Id: func.php,v 1.2 2002/06/22 09:31:43 masui Exp $ | |
4 | 4 | ///////////////////////////////////////////////// |
5 | 5 | |
6 | 6 | // 検索 |
@@ -92,13 +92,13 @@ function do_search($word,$type="AND",$non_format=0) | ||
92 | 92 | $retvals = "<ul>\n" . join("\n",$retval) . "</ul>\n<br>\n"; |
93 | 93 | |
94 | 94 | if($type=="AND") |
95 | - $retvals.= str_replace('$1',$result_word,str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_andresult))); | |
95 | + $retvals.= str_replace('$1',htmlspecialchars($result_word),str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_andresult))); | |
96 | 96 | else |
97 | - $retvals.= str_replace('$1',$result_word,str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_orresult))); | |
97 | + $retvals.= str_replace('$1',htmlspecialchars($result_word),str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_orresult))); | |
98 | 98 | |
99 | 99 | } |
100 | 100 | else |
101 | - $retvals .= str_replace('$1',$result_word,$_msg_notfoundresult); | |
101 | + $retvals .= str_replace('$1',htmlspecialchars($result_word),$_msg_notfoundresult); | |
102 | 102 | return $retvals; |
103 | 103 | } |
104 | 104 |
@@ -1,6 +1,6 @@ | ||
1 | 1 | <? |
2 | 2 | // PukiWiki - Yet another WikiWikiWeb clone. |
3 | -// $Id: html.php,v 1.3 2002/06/21 12:33:29 masui Exp $ | |
3 | +// $Id: html.php,v 1.4 2002/06/22 09:31:43 masui Exp $ | |
4 | 4 | ///////////////////////////////////////////////// |
5 | 5 | |
6 | 6 | // 本文をページ名から出力 |
@@ -229,7 +229,7 @@ function convert_html($string) | ||
229 | 229 | |
230 | 230 | $longtaketime = getmicrotime() - $start_mtime; |
231 | 231 | |
232 | - $str = preg_replace("/&((amp)|(quot)|(nbsp)|(lt)|(gt));/","&$1;",$str); | |
232 | +# $str = preg_replace("/&((amp)|(quot)|(nbsp)|(lt)|(gt));/","&$1;",$str); | |
233 | 233 | |
234 | 234 | return $str; |
235 | 235 | } |
@@ -593,17 +593,14 @@ function make_link($name) | ||
593 | 593 | |
594 | 594 | if(preg_match("/^\[\[([^\]]+)\:((https?|ftp|news)([^\]]+))\]\]$/",$name,$match)) |
595 | 595 | { |
596 | - $match[2] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[2]); | |
597 | 596 | return "<a href=\"$match[2]\" target=\"$link_target\">$match[1]</a>"; |
598 | 597 | } |
599 | 598 | else if(preg_match("/^\[((https?|ftp|news)([^\]\s]+))\s([^\]]+)\]$/",$name,$match)) |
600 | 599 | { |
601 | - $match[1] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[1]); | |
602 | 600 | return "<a href=\"$match[1]\" target=\"$link_target\">$match[4]</a>"; |
603 | 601 | } |
604 | 602 | else if(preg_match("/^(https?|ftp|news).*?(\.gif|\.png|\.jpeg|\.jpg)?$/",$name,$match)) |
605 | 603 | { |
606 | - $name = str_replace($aryconv_htmlspecial,$aryconv_html,$name); | |
607 | 604 | if($match[2]) |
608 | 605 | return "<a href=\"$name\" target=\"$link_target\"><img src=\"$name\" border=\"0\"></a>"; |
609 | 606 | else |
@@ -611,17 +608,13 @@ function make_link($name) | ||
611 | 608 | } |
612 | 609 | else if(preg_match("/^\[\[([^\]]+)\:([[:alnum:]\-_.]+@[[:alnum:]\-_]+\.[[:alnum:]\-_\.]+)\]\]/",$name,$match)) |
613 | 610 | { |
614 | - $match[1] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[1]); | |
615 | - $match[2] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[2]); | |
616 | - | |
617 | 611 | return "<a href=\"mailto:$match[2]\">$match[1]</a>"; |
618 | 612 | } |
619 | 613 | else if(preg_match("/^([[:alnum:]\-_]+@[[:alnum:]\-_]+\.[[:alnum:]\-_\.]+)/",$name)) |
620 | 614 | { |
621 | - $name = str_replace($aryconv_htmlspecial,$aryconv_html,$name); | |
622 | 615 | return "<a href=\"mailto:$name\">$page</a>"; |
623 | 616 | } |
624 | - else if(preg_match("/^($InterWikiName)$/",str_replace($aryconv_htmlspecial,$aryconv_html,$name))) | |
617 | + else if(preg_match("/^($InterWikiName)$/",$name)) | |
625 | 618 | { |
626 | 619 | $page = strip_bracket($page); |
627 | 620 | $percent_name = str_replace($aryconv_htmlspecial,$aryconv_html,$name); |
@@ -629,9 +622,9 @@ function make_link($name) | ||
629 | 622 | |
630 | 623 | return "<a href=\"$script?$percent_name\" target=\"$interwiki_target\">$page</a>"; |
631 | 624 | } |
632 | - else if(preg_match("/^($BracketName)|($WikiName)$/",str_replace($aryconv_htmlspecial,$aryconv_html,$name))) | |
625 | + else if(preg_match("/^($BracketName)|($WikiName)$/",$name)) | |
633 | 626 | { |
634 | - if(preg_match("/^([^>]+)>([^>]+)$/",strip_bracket(str_replace($aryconv_htmlspecial,$aryconv_html,$name)),$match)) | |
627 | + if(preg_match("/^([^>]+)>([^>]+)$/",strip_bracket($name),$match)) | |
635 | 628 | { |
636 | 629 | $page = $match[1]; |
637 | 630 | $name = $match[2]; |
@@ -641,14 +634,14 @@ function make_link($name) | ||
641 | 634 | $name = "[[$name]]"; |
642 | 635 | } |
643 | 636 | |
644 | - if(preg_match("/^\[\[\.\/([^\]]*)\]\]/",str_replace($aryconv_htmlspecial,$aryconv_html,$name),$match)) | |
637 | + if(preg_match("/^\[\[\.\/([^\]]*)\]\]/",$name,$match)) | |
645 | 638 | { |
646 | 639 | if(!$match[1]) |
647 | 640 | $name = $vars["page"]; |
648 | 641 | else |
649 | - $name = "[[".strip_bracket($vars[page])."/$match[1]]]"; | |
642 | + $name = "[[".strip_bracket($vars["page"])."/$match[1]]]"; | |
650 | 643 | } |
651 | - else if(preg_match("/^\[\[\..\/([^\]]+)\]\]/",str_replace($aryconv_htmlspecial,$aryconv_html,$name),$match)) | |
644 | + else if(preg_match("/^\[\[\..\/([^\]]+)\]\]/",$name,$match)) | |
652 | 645 | { |
653 | 646 | for($i=0;$i<substr_count($name,"../");$i++) |
654 | 647 | $name = preg_replace("/(.+)\/([^\/]+)$/","$1",strip_bracket($vars["page"])); |
@@ -26,7 +26,7 @@ | ||
26 | 26 | // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
27 | 27 | // GNU General Public License for more details. |
28 | 28 | // |
29 | -// $Id: pukiwiki.php,v 1.3 2002/06/21 12:33:29 masui Exp $ | |
29 | +// $Id: pukiwiki.php,v 1.4 2002/06/22 09:31:43 masui Exp $ | |
30 | 30 | ///////////////////////////////////////////////// |
31 | 31 | |
32 | 32 |
@@ -400,10 +400,10 @@ else if(arg_check("diff")) | ||
400 | 400 | $title = str_replace('$1',strip_bracket($get["page"]),$_title_diff); |
401 | 401 | $page = str_replace('$1',make_search($get["page"]),$_title_diff); |
402 | 402 | |
403 | - $diffdata = get_source($get["page"]); | |
403 | + $diffdata = htmlspecialchars(join("",get_source($get["page"]))); | |
404 | 404 | $body .= "<font color=\"blue\">\n" |
405 | 405 | ."<pre>\n" |
406 | - .join("",$diffdata) | |
406 | + .$diffdata | |
407 | 407 | ."\n" |
408 | 408 | ."</pre>\n" |
409 | 409 | ."</font>\n"; |
@@ -414,6 +414,7 @@ else if(arg_check("diff")) | ||
414 | 414 | $page = str_replace('$1',make_search($get["page"]),$_title_diff); |
415 | 415 | |
416 | 416 | $diffdata = file(DIFF_DIR.encode($get["page"]).".txt"); |
417 | + $diffdata = preg_replace("/&/","&",$diffdata); | |
417 | 418 | $diffdata = preg_replace("/</","<",$diffdata); |
418 | 419 | $diffdata = preg_replace("/>/",">",$diffdata); |
419 | 420 | $diffdata = preg_replace("/^(\-)(.*)/","<font color=\"red\"> $2</font>",$diffdata); |
@@ -430,7 +431,7 @@ else if(arg_check("search")) | ||
430 | 431 | { |
431 | 432 | if($vars["word"]) |
432 | 433 | { |
433 | - $title = $page = str_replace('$1',$vars["word"],$_title_result); | |
434 | + $title = $page = str_replace('$1',htmlspecialchars($vars["word"]),$_title_result); | |
434 | 435 | } |
435 | 436 | else |
436 | 437 | { |
@@ -446,7 +447,7 @@ else if(arg_check("search")) | ||
446 | 447 | else if($vars["type"]=="OR") $or_check = "checked"; |
447 | 448 | |
448 | 449 | $body .= "<form action=\"$script?cmd=search\" method=\"post\">\n" |
449 | - ."<input type=\"text\" name=\"word\" size=\"20\" value=\"".$vars["word"]."\">\n" | |
450 | + ."<input type=\"text\" name=\"word\" size=\"20\" value=\"".htmlspecialchars($vars["word"])."\">\n" | |
450 | 451 | ."<input type=\"radio\" name=\"type\" value=\"AND\" $and_check>$_btn_and\n" |
451 | 452 | ."<input type=\"radio\" name=\"type\" value=\"OR\" $or_check>$_btn_or\n" |
452 | 453 | ." <input type=\"submit\" value=\"$_btn_search\">\n" |
@@ -515,7 +516,7 @@ else if($do_backup && arg_check("backup")) | ||
515 | 516 | $title = str_replace('$1',$pagename,$_title_backupdiff)."(No.$get[age])"; |
516 | 517 | $page = str_replace('$1',make_search($get["page"]),$_title_backupdiff)."(No.$get[age])"; |
517 | 518 | |
518 | - $backupdata = @join("",get_backup($get[age]-1,encode($get["page"]).".txt")); | |
519 | + $backupdata = htmlspecialchars(@join("",get_backup($get[age]-1,encode($get["page"]).".txt"))); | |
519 | 520 | $postdata = @join("",get_backup($get[age],encode($get["page"]).".txt")); |
520 | 521 | $diffdata = split("\n",do_diff($backupdata,$postdata)); |
521 | 522 | } |
@@ -524,7 +525,7 @@ else if($do_backup && arg_check("backup")) | ||
524 | 525 | $title = str_replace('$1',$pagename,$_title_backupnowdiff)."(No.$get[age])"; |
525 | 526 | $page = str_replace('$1',make_search($get["page"]),$_title_backupnowdiff)."(No.$get[age])"; |
526 | 527 | |
527 | - $backupdata = @join("",get_backup($get[age],encode($get["page"]).".txt")); | |
528 | + $backupdata = htmlspecialchars(@join("",get_backup($get[age],encode($get["page"]).".txt"))); | |
528 | 529 | $postdata = @join("",get_source($get["page"])); |
529 | 530 | $diffdata = split("\n",do_diff($backupdata,$postdata)); |
530 | 531 | } |
@@ -532,7 +533,7 @@ else if($do_backup && arg_check("backup")) | ||
532 | 533 | { |
533 | 534 | $title = str_replace('$1',$pagename,$_title_backupsource)."(No.$get[age])"; |
534 | 535 | $page = str_replace('$1',make_search($get["page"]),$_title_backupsource)."(No.$get[age])"; |
535 | - $backupdata = join("",get_backup($get[age],encode($get["page"]).".txt")); | |
536 | + $backupdata = htmlspecialchars(join("",get_backup($get[age],encode($get["page"]).".txt"))); | |
536 | 537 | |
537 | 538 | $body.="</ul>\n<pre>\n$backupdata</pre>\n"; |
538 | 539 | } |