/[pub]/suikawiki/script/wiki.cgi

Diff of /suikawiki/script/wiki.cgi

Parent Directory | Revision Log | View Patch Patch

-revision 1.23 by wakaba,
Sun Aug 18 04:14:35 2002 UTC
+revision 1.24 by wakaba,
Fri Aug 30 04:31:11 2002 UTC
 Line 274 
 sub do_index {
      print qq(<ul>);
      foreach my $page (sort keys %database) {
          if (&is_editable($page)) {
-             print qq(<li><a href="$url_cgi?@{[&encode($page)]}">$page</a>@{[&escape(&get_subjectline($page))]}</li>);
+             print qq(<li><a href="$url_cgi?@{[&encode($page)]}">@{[&escape($page)]}</a>@{[&escape(&get_subjectline($page))]}</li>);
              # print qq(<li>@{[&get_info($page, $info_IsFrozen)]}</li>);
              # print qq(<li>@{[0 + &is_frozen($page)]}</li>);
          }
 Line 343 
 sub do_search {
      my $word = $form{mymsg};
      &print_header($SearchPage);
      &print_searchform(&escape($word));
-     print get_search_result ($word, -output_not_found => 1);
+     print scalar get_search_result ($word, -output_not_found => 1);
-     print "foo";
      &print_footer($SearchPage);
  }
-Line 359 
 sub get_search_result ($;%) {
+Line 358 
 sub get_search_result ($;%) {
          || index ($page, $word) > 0
          || index ($word, $page) > 0
         ) {
-       $r .= qq(<li><a href ="$url_cgi?@{[&escape(&encode($page))]}">@{[&escape($page)]}</a>@{[&escape(&get_subjectline($page))]}</li>);
+       $r .= qq(<li><a href ="$url_cgi?@{[&encode($page)]}">@{[&escape($page)]}</a>@{[&escape(&get_subjectline($page))]}</li>);
        $counter++;
      }
    }
-Line 410 
 sub print_header {
+Line 409 
 sub print_header {
        print qq{Refresh: 0; url="$option{-goto}"\n};
      }
      my $cookedpage = &encode($page);
+     my $escapedpage = &escape($page);
      print <<"EOD";
  Content-type: text/html; charset=$charset
  Content-Language: $lang
 Line 420 
 Content-Style-Type: text/css
      "http://www.w3.org/TR/html4/loose.dtd">
  <html lang="$lang">
  <head>
-     <title>@{[&escape($page.' '.&get_subjectline($page))]}</title>
+     <title>$escapedpage @{[&escape(&get_subjectline($page))]}</title>
      <link rel="index" href="$url_cgi?$IndexPage">
-     <link rev="made" href="mailto:$modifier_mail">
+     <link rev="made" href="mailto:@{[&escape($modifier_mail)]}">
-     <link rel="stylesheet" type="text/css" href="$url_stylesheet">
+     <link rel="stylesheet" type="text/css" href="@{[&escape($url_stylesheet)]}">
  </head>
  <body class="$bodyclass">
  EOD
 Line 549 
 sub text_to_html {
      push(@result, "<p>");
      foreach (@txt) {
          chomp;
-         # Walrus mod (6) start
-         #if ($saved[0] eq '</html>') {
-         #    if (/<\/html>/i) { splice(@saved); }
-         #    else { push (@result, &html_to_ignored_html($_)); }
-         #} elsif (/^<html>/i and &is_ignore_html($form{mypage})) {
-         #    push(@result, splice(@saved));
-         #    push(@saved, '</html>');
-         #} els
          if (/^\*\*\*\*\*(.*)/) {
              push(@toc, qq(-- <a href="#i$tocnum">@{[&escape($1)]}</a>\n));
              push(@result, splice(@saved), qq(<h6 id="i$tocnum">) . &inline($1) . '</h6>');
-Line 729 
 sub make_link {
+Line 721 
 sub make_link {
  #               $remoteurl =~ s/\b(euc|sjis|ykwk|asis)\(\$1\)/&interwiki_convert($1, $localname)/e;      # Walrus del (4)
                  $remoteurl =~ s/\b(euc|sjis|ykwk|asis|isbn)\(\$1\)/&interwiki_convert($1, $localname)/e; # Walrus add (4)
  #               return qq(<a href="$remoteurl">$chunk</a>); # Walrus del (3)
-                 return qq(<a href="$remoteurl">$name</a>);  # Walrus add (3)
+                 return qq(<a href="$remoteurl">@{[&escape($name)]}</a>);  # Walrus add (3)
              } else {
  #               return $chunk;                              # Walrus del (3)
-                 return $name;                               # Walrus add (3)
+                 return &escape($name);                               # Walrus add (3)
              }
          } elsif ($database{$chunk}) {
              my $subject = &escape(&get_subjectline($chunk, delimiter => ''));
  #           return qq(<a title="$subject" href="$url_cgi?$cookedchunk">$chunk</a>);  # Walrus del (3)
-             return qq(<a title="$subject" href="$url_cgi?$cookedchunk">$name</a>);   # Walrus add (3)
+             return qq(<a title="$subject" href="$url_cgi?$cookedchunk">@{[&escape($name)]}</a>);   # Walrus add (3)
          } elsif ($page_command{$chunk}) {
  #           return qq(<a title="$chunk" href="$url_cgi?$cookedchunk">$chunk</a>);    # Walrus del (3)
-             return qq(<a title="$chunk" href="$url_cgi?$cookedchunk" class="wiki">$name</a>);     # Walrus add (3)
+             return qq(<a title="$chunk" href="$url_cgi?$cookedchunk" class="wiki">@{[&escape($name)]}</a>);     # Walrus add (3)
          } else {
-             return qq(<a title="$resource{editthispage}" href="$url_cgi?mycmd=edit;mypage=$cookedchunk" class="wiki">$name<span class="mark">$editchar</span></a>);
+             return qq(<a title="$resource{editthispage}" href="$url_cgi?mycmd=edit;mypage=$cookedchunk" class="wiki">@{[&escape($name)]}<span class="mark">$editchar</span></a>);
          }
      }
  }
- # Walrus add (6) start
- sub is_ignore_html {
-     my ($pagename) = @_;
-     foreach (@ignore_html_page) {
-         return 1 if ($pagename eq $_);
-     }
-     return 0;
- }
- # Walrus add (6) end
- # Walrus add (6) start
- sub html_to_ignored_html {
-     my $str = shift(@_);
-     my $text_regex        = q{[^<]*};
-     my $tag_regex_        = q{[^"'<>]*(?:"[^"]*"[^"'<>]*|'[^']*'[^"'<>]*)*(?:>|(?=<)|$(?!\n))}; #'}}}}
-     my $comment_tag_regex = '<!(?:--[^-]*-(?:[^-]+-)*?-(?:[^>-]*(?:-[^>-]+)*?)??)*(?:>|$(?!\n)|--.*$)';
-     my $tag_regex         = qq{$comment_tag_regex|<$tag_regex_};
-     my $ignored           = join('|', @ignore_html_tags);
-     my $result = '';
-     while ($str =~ /($text_regex)($tag_regex)?/gso) {
-       last if $1 eq '' and $2 eq '';
-       $result .= $1;
-       my $tag_tmp = $2;
-       $result .= ($tag_tmp =~ /^<\/?($ignored)(?![0-9A-Za-z])/i) ? $tag_tmp : &escape($tag_tmp);
-       if ($tag_tmp =~ /^<(XMP|PLAINTEXT|SCRIPT)(?![0-9A-Za-z])/i) {
-         $str =~ /(.*?)(?:<\/$1(?![0-9A-Za-z])$tag_regex_|$)/gsi;
-         $result .= &escape($1);
-       }
-     }
-     return $result;
- }
- # Walrus add (6) end
  sub print_message {
      my ($msg) = @_;
      print qq(<p><strong>$msg</strong></p>);
-Line 976 
 sub print_editform {
+Line 935 
 sub print_editform {
      }
      my $edit = $mode{admin} ? 'adminedit' : 'edit';
+     my $escapedmypage = &escape($form{mypage});
+     my $escapedmypassword = &escape($form{mypassword});
      print <<"EOD";
  <form action="$url_cgi" method="post">
-     @{[ $mode{admin} ? qq($resource{frozenpassword} <input type="password" name="mypassword" value="$form{mypassword}" size="10"><br>) : "" ]}
+     @{[ $mode{admin} ? qq($resource{frozenpassword} <input type="password" name="mypassword" value="$escapedmypassword" size="10"><br>) : "" ]}
      <input type="hidden" name="myLastModified" value="$lastmodified">
-     <input type="hidden" name="mypage" value="@{[&escape($form{mypage})]}">
+     <input type="hidden" name="mypage" value="$escapedmypage">
      <textarea cols="$cols" rows="$rows" name="mymsg" wrap="off" tabindex="1">$mymsg</textarea><br>
  @{[
      $mode{admin} ?

 Legend:



Removed from v.1.23
 


changed lines


 
Added in v.1.24
 Legend:



Removed from v.1.23
 


changed lines


 
Added in v.1.24
-Removed from v.1.23
+Added in v.1.24

admin@suikawiki.org	ViewVC Help
Powered by ViewVC 1.1.24