Mercurial Mercurial > repos > enano-1.1 / diff
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | comparison | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
includes/pageutils.php
changeset 81 d7fc25acd3f3
parent 78 4df25dfdde63
child 102 d807dcd7aed7 
--- a/includes/pageutils.php	Wed Aug 01 13:39:27 2007 -0400
+++ b/includes/pageutils.php	Sun Aug 05 15:58:50 2007 -0400
@@ -608,13 +608,14 @@
         
         // Action taken
         echo '<td class="'.$cls.'">';
+        // Some of these are sanitized at insert-time. Others follow the newer Enano policy of stripping HTML at runtime.
         if    ($r['action']=='prot')     echo 'Protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
         elseif($r['action']=='unprot')   echo 'Unprotected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
         elseif($r['action']=='semiprot') echo 'Semi-protected page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
-        elseif($r['action']=='rename')   echo 'Renamed page</td><td class="'.$cls.'">Old title: '.$r['edit_summary'];
+        elseif($r['action']=='rename')   echo 'Renamed page</td><td class="'.$cls.'">Old title: '.htmlspecialchars($r['edit_summary']);
         elseif($r['action']=='create')   echo 'Created page</td><td class="'.$cls.'">';
         elseif($r['action']=='delete')   echo 'Deleted page</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
-        elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.$r['edit_summary'];
+        elseif($r['action']=='reupload') echo 'Uploaded new file version</td><td class="'.$cls.'">Reason: '.htmlspecialchars($r['edit_summary']);
         echo '</td>';
         
         // Actions!
Enano CMS (1.1.x)