From d0acd3927cbe4e0f7e4faccca7ef6dd68911ecd5 Mon Sep 17 00:00:00 2001 From: Victor Wagner Date: Fri, 4 Apr 2008 19:56:27 +0000 Subject: [PATCH] Fixed HTML escaping when _format set to text --- forum/forum | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/forum/forum b/forum/forum index 7cb882b..bc68545 100755 --- a/forum/forum +++ b/forum/forum @@ -262,7 +262,7 @@ sub show_error { print $cgi->header(-type=>'text/html',-charset=>'utf-8'); print "ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°", "

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°

", - $cgi->escapeHTML($msg),"

", + escapeHTML($msg),"

", "

"; } exit; @@ -1479,7 +1479,7 @@ sub delete_comment { my ($cgi,$forum,$topic,$id) = @_; my ($tree,$lockfd) = gettree($topic); my ($msg) = $tree->look_down(id => $id); - show_error("Ð Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑÐµÐ¼Ðµ Ð½ÐµÑ ÑÐµÐ¿Ð»Ð¸ÐºÐ¸ Ñ id=$id") if (!$msg); + show_error($forum,"Ð Ð´Ð°Ð½Ð½Ð¾Ð¹ ÑÐµÐ¼Ðµ Ð½ÐµÑ ÑÐµÐ¿Ð»Ð¸ÐºÐ¸ Ñ id=$id") if (!$msg); if (getrights($cgi,$forum) ne "moderator" && getrights($cgi,$forum) ne "admin") { my $author= $msg->look_down(_tag=>"input",name=>"author"); @@ -1910,7 +1910,7 @@ sub input2tree { } elsif ($format eq "text") { $text=~s/\r?\n\r?\n/<\/p>

/; $text=~s/\r?\n/
/; - $text = "

".$text."

"; + $text = "

".escapeHTML($text)."

"; } my $txtree = str2tree($text); for my $badtag @@ -1920,7 +1920,7 @@ sub input2tree { $element->delete() if defined $element; } } - # ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð½Ð° Ð½Ð°Ð»Ð¸ÑÐ¸Ðµ URL-Ð¾Ðº Ð½Ðµ Ð¾ÑÐ¾ÑÐ¼Ð»ÐµÐ½Ð½ÑÑ ÑÑÑÐ»ÐºÐ°Ð¼Ð¸. + # FIXME ÐÑÐ¾Ð²ÐµÑÑÐµÐ¼ Ð½Ð° Ð½Ð°Ð»Ð¸ÑÐ¸Ðµ URL-Ð¾Ðº Ð½Ðµ Ð¾ÑÐ¾ÑÐ¼Ð»ÐµÐ½Ð½ÑÑ ÑÑÑÐ»ÐºÐ°Ð¼Ð¸. return $txtree; } @@ -2065,3 +2065,10 @@ sub newlistelement { } } +sub escapeHTML { + local $_ = shift; + s/\&/&/g; + s/\/>/g; + return $_; +} -- 2.39.2

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°

ÐÑÐ¸Ð±ÐºÐ° ÐºÐ¾Ð½ÑÐ¸Ð³ÑÑÐ°ÑÐ¸Ð¸ ÑÐ¾ÑÑÐ¼Ð°