Cuenta
- Descargar
- Desarrollar
- Entrar
- Forgot Account/Password
- Crear Cuenta
- Idioma
- Ayuda
Idioma
Ayuda

OSDN > Desarrollador >

haifun > Chamber > pukiwiki-fork > Commit

PukiWiki Fork
Fork

Fork origin: pukiwiki / pukiwiki

R/O
HTTP
SSH
HTTPS

Commit

Tags

No Tags

Commit MetaInfo

Revisión	6d67361a262d084e12118302669158032859fbeb (tree)
Tiempo	2002-06-22 18:31:43
Autor	masui <masui>
Commiter	masui

Log Message

Plugin Error: Load Denied: 1

fix < > & " quote

Cambiar Resumen

modified: func.php (diff)
modified: html.php (diff)
modified: pukiwiki.php (diff)

Diferencia incremental

--- a/func.php

+++ b/func.php

		@@ -1,6 +1,6 @@
1	1	<?
2	2	// PukiWiki - Yet another WikiWikiWeb clone.
3		-// $Id: func.php,v 1.1 2002/06/21 05:21:46 masui Exp $
	3	+// $Id: func.php,v 1.2 2002/06/22 09:31:43 masui Exp $
4	4	/////////////////////////////////////////////////
5	5
6	6	// 検索

		@@ -92,13 +92,13 @@ function do_search($word,$type="AND",$non_format=0)
92	92	$retvals = "<ul>\n" . join("\n",$retval) . "</ul>\n<br>\n";
93	93
94	94	if($type=="AND")
95		- $retvals.= str_replace('$1',$result_word,str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_andresult)));
	95	+ $retvals.= str_replace('$1',htmlspecialchars($result_word),str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_andresult)));
96	96	else
97		- $retvals.= str_replace('$1',$result_word,str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_orresult)));
	97	+ $retvals.= str_replace('$1',htmlspecialchars($result_word),str_replace('$2',count($retval),str_replace('$3',$cnt,$_msg_orresult)));
98	98
99	99	}
100	100	else
101		- $retvals .= str_replace('$1',$result_word,$_msg_notfoundresult);
	101	+ $retvals .= str_replace('$1',htmlspecialchars($result_word),$_msg_notfoundresult);
102	102	return $retvals;
103	103	}
104	104

--- a/html.php

+++ b/html.php

		@@ -1,6 +1,6 @@
1	1	<?
2	2	// PukiWiki - Yet another WikiWikiWeb clone.
3		-// $Id: html.php,v 1.3 2002/06/21 12:33:29 masui Exp $
	3	+// $Id: html.php,v 1.4 2002/06/22 09:31:43 masui Exp $
4	4	/////////////////////////////////////////////////
5	5
6	6	// 本文をページ名から出力

		@@ -229,7 +229,7 @@ function convert_html($string)
229	229
230	230	$longtaketime = getmicrotime() - $start_mtime;
231	231
232		- $str = preg_replace("/&((amp)\|(quot)\|(nbsp)\|(lt)\|(gt));/","&$1;",$str);
	232	+# $str = preg_replace("/&((amp)\|(quot)\|(nbsp)\|(lt)\|(gt));/","&$1;",$str);
233	233
234	234	return $str;
235	235	}

		@@ -593,17 +593,14 @@ function make_link($name)
593	593
594	594	if(preg_match("/^\[\[([^\]]+)\:((https?\|ftp\|news)([^\]]+))\]\]$/",$name,$match))
595	595	{
596		- $match[2] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[2]);
597	596	return "<a href=\"$match[2]\" target=\"$link_target\">$match[1]</a>";
598	597	}
599	598	else if(preg_match("/^\[((https?\|ftp\|news)([^\]\s]+))\s([^\]]+)\]$/",$name,$match))
600	599	{
601		- $match[1] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[1]);
602	600	return "<a href=\"$match[1]\" target=\"$link_target\">$match[4]</a>";
603	601	}
604	602	else if(preg_match("/^(https?\|ftp\|news).*?(\.gif\|\.png\|\.jpeg\|\.jpg)?$/",$name,$match))
605	603	{
606		- $name = str_replace($aryconv_htmlspecial,$aryconv_html,$name);
607	604	if($match[2])
608	605	return "<a href=\"$name\" target=\"$link_target\"><img src=\"$name\" border=\"0\"></a>";
609	606	else

		@@ -611,17 +608,13 @@ function make_link($name)
611	608	}
612	609	else if(preg_match("/^\[\[([^\]]+)\:([[:alnum:]\-_.]+@[[:alnum:]\-_]+\.[[:alnum:]\-_\.]+)\]\]/",$name,$match))
613	610	{
614		- $match[1] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[1]);
615		- $match[2] = str_replace($aryconv_htmlspecial,$aryconv_html,$match[2]);
616		-
617	611	return "<a href=\"mailto:$match[2]\">$match[1]</a>";
618	612	}
619	613	else if(preg_match("/^([[:alnum:]\-_]+@[[:alnum:]\-_]+\.[[:alnum:]\-_\.]+)/",$name))
620	614	{
621		- $name = str_replace($aryconv_htmlspecial,$aryconv_html,$name);
622	615	return "<a href=\"mailto:$name\">$page</a>";
623	616	}
624		- else if(preg_match("/^($InterWikiName)$/",str_replace($aryconv_htmlspecial,$aryconv_html,$name)))
	617	+ else if(preg_match("/^($InterWikiName)$/",$name))
625	618	{
626	619	$page = strip_bracket($page);
627	620	$percent_name = str_replace($aryconv_htmlspecial,$aryconv_html,$name);

		@@ -629,9 +622,9 @@ function make_link($name)
629	622
630	623	return "<a href=\"$script?$percent_name\" target=\"$interwiki_target\">$page</a>";
631	624	}
632		- else if(preg_match("/^($BracketName)\|($WikiName)$/",str_replace($aryconv_htmlspecial,$aryconv_html,$name)))
	625	+ else if(preg_match("/^($BracketName)\|($WikiName)$/",$name))
633	626	{
634		- if(preg_match("/^([^>]+)>([^>]+)$/",strip_bracket(str_replace($aryconv_htmlspecial,$aryconv_html,$name)),$match))
	627	+ if(preg_match("/^([^>]+)>([^>]+)$/",strip_bracket($name),$match))
635	628	{
636	629	$page = $match[1];
637	630	$name = $match[2];

		@@ -641,14 +634,14 @@ function make_link($name)
641	634	$name = "[[$name]]";
642	635	}
643	636
644		- if(preg_match("/^\[\[\.\/([^\]]*)\]\]/",str_replace($aryconv_htmlspecial,$aryconv_html,$name),$match))
	637	+ if(preg_match("/^\[\[\.\/([^\]]*)\]\]/",$name,$match))
645	638	{
646	639	if(!$match[1])
647	640	$name = $vars["page"];
648	641	else
649		- $name = "[[".strip_bracket($vars[page])."/$match[1]]]";
	642	+ $name = "[[".strip_bracket($vars["page"])."/$match[1]]]";
650	643	}
651		- else if(preg_match("/^\[\[\..\/([^\]]+)\]\]/",str_replace($aryconv_htmlspecial,$aryconv_html,$name),$match))
	644	+ else if(preg_match("/^\[\[\..\/([^\]]+)\]\]/",$name,$match))
652	645	{
653	646	for($i=0;$i<substr_count($name,"../");$i++)
654	647	$name = preg_replace("/(.+)\/([^\/]+)$/","$1",strip_bracket($vars["page"]));

--- a/pukiwiki.php

+++ b/pukiwiki.php

		@@ -26,7 +26,7 @@
26	26	// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
27	27	// GNU General Public License for more details.
28	28	//
29		-// $Id: pukiwiki.php,v 1.3 2002/06/21 12:33:29 masui Exp $
	29	+// $Id: pukiwiki.php,v 1.4 2002/06/22 09:31:43 masui Exp $
30	30	/////////////////////////////////////////////////
31	31
32	32

		@@ -400,10 +400,10 @@ else if(arg_check("diff"))
400	400	$title = str_replace('$1',strip_bracket($get["page"]),$_title_diff);
401	401	$page = str_replace('$1',make_search($get["page"]),$_title_diff);
402	402
403		- $diffdata = get_source($get["page"]);
	403	+ $diffdata = htmlspecialchars(join("",get_source($get["page"])));
404	404	$body .= "<font color=\"blue\">\n"
405	405	."<pre>\n"
406		- .join("",$diffdata)
	406	+ .$diffdata
407	407	."\n"
408	408	."</pre>\n"
409	409	."</font>\n";

		@@ -414,6 +414,7 @@ else if(arg_check("diff"))
414	414	$page = str_replace('$1',make_search($get["page"]),$_title_diff);
415	415
416	416	$diffdata = file(DIFF_DIR.encode($get["page"]).".txt");
	417	+ $diffdata = preg_replace("/&/","&",$diffdata);
417	418	$diffdata = preg_replace("/</","<",$diffdata);
418	419	$diffdata = preg_replace("/>/",">",$diffdata);
419	420	$diffdata = preg_replace("/^(\-)(.*)/","<font color=\"red\"> $2</font>",$diffdata);

		@@ -430,7 +431,7 @@ else if(arg_check("search"))
430	431	{
431	432	if($vars["word"])
432	433	{
433		- $title = $page = str_replace('$1',$vars["word"],$_title_result);
	434	+ $title = $page = str_replace('$1',htmlspecialchars($vars["word"]),$_title_result);
434	435	}
435	436	else
436	437	{

		@@ -446,7 +447,7 @@ else if(arg_check("search"))
446	447	else if($vars["type"]=="OR") $or_check = "checked";
447	448
448	449	$body .= "<form action=\"$script?cmd=search\" method=\"post\">\n"
449		- ."<input type=\"text\" name=\"word\" size=\"20\" value=\"".$vars["word"]."\">\n"
	450	+ ."<input type=\"text\" name=\"word\" size=\"20\" value=\"".htmlspecialchars($vars["word"])."\">\n"
450	451	."<input type=\"radio\" name=\"type\" value=\"AND\" $and_check>$_btn_and\n"
451	452	."<input type=\"radio\" name=\"type\" value=\"OR\" $or_check>$_btn_or\n"
452	453	." <input type=\"submit\" value=\"$_btn_search\">\n"

		@@ -515,7 +516,7 @@ else if($do_backup && arg_check("backup"))
515	516	$title = str_replace('$1',$pagename,$_title_backupdiff)."(No.$get[age])";
516	517	$page = str_replace('$1',make_search($get["page"]),$_title_backupdiff)."(No.$get[age])";
517	518
518		- $backupdata = @join("",get_backup($get[age]-1,encode($get["page"]).".txt"));
	519	+ $backupdata = htmlspecialchars(@join("",get_backup($get[age]-1,encode($get["page"]).".txt")));
519	520	$postdata = @join("",get_backup($get[age],encode($get["page"]).".txt"));
520	521	$diffdata = split("\n",do_diff($backupdata,$postdata));
521	522	}

		@@ -524,7 +525,7 @@ else if($do_backup && arg_check("backup"))
524	525	$title = str_replace('$1',$pagename,$_title_backupnowdiff)."(No.$get[age])";
525	526	$page = str_replace('$1',make_search($get["page"]),$_title_backupnowdiff)."(No.$get[age])";
526	527
527		- $backupdata = @join("",get_backup($get[age],encode($get["page"]).".txt"));
	528	+ $backupdata = htmlspecialchars(@join("",get_backup($get[age],encode($get["page"]).".txt")));
528	529	$postdata = @join("",get_source($get["page"]));
529	530	$diffdata = split("\n",do_diff($backupdata,$postdata));
530	531	}

		@@ -532,7 +533,7 @@ else if($do_backup && arg_check("backup"))
532	533	{
533	534	$title = str_replace('$1',$pagename,$_title_backupsource)."(No.$get[age])";
534	535	$page = str_replace('$1',make_search($get["page"]),$_title_backupsource)."(No.$get[age])";
535		- $backupdata = join("",get_backup($get[age],encode($get["page"]).".txt"));
	536	+ $backupdata = htmlspecialchars(join("",get_backup($get[age],encode($get["page"]).".txt")));
536	537
537	538	$body.="</ul>\n<pre>\n$backupdata</pre>\n";
538	539	}